This notice provides you with important information concerning personal data the Companies may collect, retain and process relating to clients of the Companies. The Company seeks to be transparent in respect to personal data and is committed to meeting its data protection obligations. This notice aims to assist in this matter.
Name and Contact Details of Data Controller
Goldholme group of companies is the Data Controller. Tim Miller is responsible for the Data Controller’s data protection compliance. He can be contacted at firstname.lastname@example.org and on 01476 550191
Use of personal data:
We will use your personal and company data:
- As necessary to perform our contract with you
- To take steps at your request
- To decide whether or not to enter into an agreement
- To manage and perform our contract with you
- To update our records
- To contact you about your account or debt for your own legitimate interests or those of other persons and organisations etc.
- For good governance, accounting, managing and business, including auditing
- To search at Credit Reference Agencies
- To insure any credit risk, as required
We will use your data:
- As necessary to comply with a legal obligation
- When you exercise your rights under data protection law and make requests
- For compliance with legal and regulatory requirements and related disclosures
- For establishing and defence of legal rights
- For activities relating to the prevention, detection and investigation of crime
- To verify your or your companies identity based on your consent
- When you request us to disclose your personal data to others, such as those handling of a claim on your behalf
- When asking us to provide credit references to third parties
Sharing your personal data
Subject to applicable data protection law, we may share your personal data with:
- The Goldholme group of companies
- Sub-contractors and other persons who help us to provide our services
- Companies and other persons providing services to us
- Our legal and professional advisers
- Credit reference agencies, debt collection agencies
- Other organisations who use shared databases for affordability checks
- Courts to comply with legal requirements
- In an emergency to protect you or your companies interests
- To protect the security or integrity of our business
- To other parties such as builders merchants, factorers, underwriters etc.
- When or if we sell our business or restructure
- Anyone else where we have consent
Credit reference checks
If you have applied for credit, then in order to proceed and process your application, including any future increase in your credit, we will perform credit identity checks on you or your company/business with one or more credit rating agencies. To do this we will supply your personal or company data to the credit agency. When we carry out such a search, it will leave a footprint on your credit file.
We will use your home address, business address, telephone landline, telephone mobile, email address or social media to contact you according to your preferences.
The acceptance of a credit account along with the credit limit are notified by email or by written letter.
Applications for credit are accepted on a physical form. This data is shared with the credit reference agency and Lloyds Bank, our credit risk insurers.
The account application forms are not scanned to computer or retained electronically. They may be physically filed at our Head Office.
The types of data we collect whether or not you become a customer may include:
- Your full name, address, business name and address, contact details such as telephone and mobile numbers, your email address, your fax number, your address history
- Certain financial details of your business or company
- Any credit facilities provided to you by our company
- Records of any trading history between you/your company and Goldholme group of companies
- Information from credit rating specialists or fraud prevention services
- These may reveal bankruptcies, court case history etc.
We will tell you if providing personal data is optional.
Purpose of Processing
The Company needs to collect, retain and process or use personal data to ensure you we manage and meet our obligations. Legal Basis of Processing
The processing of personal data is necessary:
- for compliance with a legal obligation to which the Company is subject.
- for the purposes of the legitimate interests pursued by the Company, such as properly managing the performance of our working relationship and to maintain relevant records.
Who has Access to Personal Data
Your personal data will only be disclosed where appropriate to authorised individuals within our Company.
It may be that your personal data will be transferred outside the European Economic Area (EEA) through the use of cloud storage or similar technology. In such circumstances data will only be transferred to organisations which are covered by an adequacy decision by the EU Commission.
As a data subject you have the following rights:
- You can request from the Company access to and a copy of your data;
- You can request the Company to correct or erase personal data;
- You can request a restriction of processing of your personal data; and
- You can object to processing of your personal data.
If you wish to exercise any of the above rights you should contact the Data Controller identified above.
In addition, you have the right to lodge a complaint about data protection with the Information Commissioner’s Office.
No automated decision making is used in respect of any personal data.
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Data may be retained on computer hardware/software, the cloud, data storage facilities or in physical form. Copy invoices are retained for 6 years with our archive system, in accordance with regulatory requirements.