Autarky Capital Privacy Notice
About Us
Autarky
Capital Sukuk Plc (Autarky) acts as a specialist property lender operating in
the niche short term finance market. Autarky has issued this Privacy Notice to
describe how we handle personal information that we hold about customers
(collectively referred to as “you”). Autarky is the Controller of your personal
information.
If you
require any further information or wish to contact us or our Data Protection
Officer at any time our contact details are:
Address: 4
Cable Court, Pittman Way, Preston, PR2 9YW
Collecting data – when you, or someone acting on
your behalf, make contact.
By phone – We may use call number identification to recognise who is calling us and
to have a short term record of calls received. We may record some calls for
training, monitoring and record keeping purposes. We will capture information
that you give us for our records in order to deal with your enquiry and process
it in accordance with our processing basis as set out below.
By email – If you send us an email that is not encrypted any personal data within
it may be at risk. We will capture and process the information in the email for
our legitimate interest and legal purposes as set out below. When we send
emails we encrypt some emails or their content in order to protect personal
data.
By post – When we
receive an enquiry or a paper application it will contain personal information
for applicant(s) and possibly other parties in connection with the
property(ies).
By App – Automatically from you via your devices when you
use the Autarky Capital App.
By
on-line web form – When
you input and submits information on our enquiry form.
Providing information to us on other people
including via brokers
In providing
information to us about other people you warrant that you have their permission
to give us their data and that you have provided them with our privacy notice
so that they are aware of the basis on which we will process their information.
We store information provided to us in both electronic and paper based systems.
Parties we may obtain information from
We may
obtain information from:
·
You,
someone acting on your behalf or someone associated with you such as your
spouse, any joint mortgage holders, or other financial associates
·
Your
employer and past employers (if required)
·
People
who introduce you to us
·
Your
professional advisers
We may also
obtain information about you from other providers such as:
·
credit
reference agencies (see below),
·
fraud
prevention and search agencies,
·
via
google and other websearch tools,
·
social
media,
·
other
providers of public information services such as land registry.
We only
do this when we are considering whether or not to offer you a loan or manage
any loan offered, or consider you for a job.
Data we
may collect
·
your name, address, telephone numbers, email address(s), date of birth,
place of birth, nationality, tax/residency status, passport, employment,
banking and financial details including those of any business that you run;
·
people
connected with you such as your spouse, any joint
mortgage holders, or other financial associates
·
demographic and lifestyle information;
·
information we receive when making a decision about you, your loan or
your application for such a loan;
·
information that you provide by completing forms that we provide to you
or you give us;
·
details of the loan(s) you have and have had with us and all
transactions;
·
details of when you contact us and when we contact you (e.g. copies of
any correspondence and recordings of telephone calls);
·
details of how you applied for your loan, together with any other
information (including where obtained from third parties) which we reasonably
need to operate your loan, make decisions about you or fulfil our regulatory
obligations;
·
your preferences;
·
your technology;
·
your profile;
·
references in the case of staff;
·
your
criminal convictions and the results of any checks we are required by law or
regulations to undertake.
Sensitive Data
We may
capture sensitive data about you with regards to your or a related persons
health if you advise of an issue that we may need to take into account in
dealing with your loan or dealing with you as an member of staff. We will ask
you for your consent to hold this information but may retain this information
where it would be in your best interests for us to do so or in order to protect
us from a claim.
Basis of processing data and who we share your data
with
We will
hold and process your data for the performance of a contract and our
legitimate interests in order to:
·
Determine
whether or not to offer a loan
·
Manage
any loan advanced through to redemption
·
Manage
any relationship with intermediaries including a record of introductions,
payments made and other relevant information appropriate to managing the
relationship
·
Manage
the relationship with funders or anyone applying to become a funder and to
maintain appropriate records relevant to that relationship
·
To manage
business relationships with our professional advisers, contractors and third
party providers
·
To
consider any application for a job, including CV’s, and whether to progress it
·
Share
information where necessary with funders, our professional advisers,
contractors and third party providers and anyone who may wish to acquire all or
any part of our business
·
Share
information with other companies in the same group and associated companies
·
Carry out
checks with fraud prevention and credit agencies and tracing agencies if
required (see below)
·
Share
information with your intermediary about your application or the performance of
your loan
·
Share
information with any recruitment agency or search provider about your job
application
·
Manage
staff performance and employment obligations
·
Undertake analysis, produce
models, statistics, reports and forecasts
·
investigate
and respond to complaints, disputes and where necessary to bring or defend
legal claims
We will
hold and process your data for legal
purposes in order to:
·
Meet our
legal obligations
·
Help
identify you and meet our anti-money laundering obligations
·
Supply
information to any government body, regulatory authority, law enforcement
agency as required and to credit and fraud prevention agencies
We will
hold and process your data by consent
for marketing purposes in order to keep you informed of:
·
Our
products and services and those of any group or related company
·
Information
contained in any newsletter we may issue
·
Products
and services of any selected third parties where you have agreed to this
We may
use a third party provider to issue this information to you but will not share
your information with any other third party for marketing purposes.
We may
also gather information on our marketing in order to understand and measure the
effectiveness of it and to make improvements as a result.
Retaining information
We will
retain information for our legitimate interests and legal purposes as follows:
·
Loans
advanced – up to 6 years after the loan has redeemed but may be longer where
legal action has been taken or is pending
·
Enquiries
and applications for loans not advanced – up to 6 months from the date the
enquiry or application is marked not proceeded with – may be longer where a
fraudulent application is made. We may also need to keep any anti-money
laundering information gathered for a period of up to 5 years
·
Intermediaries
– up to 6 years from the end of our relationship
·
Professional
advisers, contractors and third party advisers – up to 6 years from the end of
our relationship
·
Staff
records – up to 5 years from the time of termination of employment or final
actions, e.g. tribunals. unless there are ongoing legal actions or other issues
such as criminal activity
Where you have consented to marketing we will
retain your contact information for marketing purposes until such time as
consent is withdrawn.
If you
have questions about or need further information concerning the legal basis on
which we collect and use your personal information, please contact us using the
contact details provided under the “How to contact us” heading below.
Checking with Credit Reference Agencies
When we
carry out checks with Credit Reference Agencies (CRA) we supply information to
them on based on the details you provide. We provide information to you on this
before we carry out the search. The credit agencies have their own basis on
which they process your data and you can view their privacy notice here:
Callcredit www.callcredit.co.uk/crain
Equifax www.equifax.co.uk/crain.html
Experian www.experian.co.uk/crain/index.html
We may
also carry out checks with them in order to identify you and for fraud
prevention purposes.
Please
ask us if you require details of the CRAs or any other agencies we may pass
your information to and who we receive information from about you.
Fraud
Prevention Agencies
We may
need to confirm your identity before we provide products or services to you or
your business.
Once you
have become our customer, we share your personal information as needed to help
detect money-laundering and fraud risks. We use Fraud Prevention Agencies
(FPAs) to help us with this.
Both we
and FPAs can only use your personal information if we have a good reason to do
so. It must be needed either for us to obey the law or regulations, or for a
‘legitimate interest’.
We use
the information to:
·
Confirm
identities.
·
Help
prevent money laundering and fraud.
·
Fulfil
any contracts you or your business has with us.
We or an
FPA may allow law enforcement agencies to access your personal information.
This is to support their duty to detect, investigate, prevent and prosecute
crime.
FPAs can
keep personal data for different lengths of time. They can keep your data for
up to six years if they find a risk of money-laundering or fraud.
Below are
examples of the personal data that is used:
·
Name.
·
Date of
birth.
·
Residential
address.
·
History
of where you have lived.
·
Contact
details, such as email addresses and phone numbers.
·
Financial
data.
·
Data
relating to your or your business’ products or services.
·
Employment
details.
·
Data that
identifies computers or other devices you use to connect to the internet. This
includes your Internet Protocol (IP) address.
We and
FPAs may process your personal information in systems that look for fraud by
studying patterns in the data. We may find that an account is being used in
ways that fraudsters work. Or we may notice that an account is being used in a
way that is unusual for you or your business. Either of these could indicate a
possible risk of fraud or money-laundering.
If we or
an FPA decide there is a risk of fraud, we may stop activity on the accounts or
block access to them. FPAs will also keep a record of the risk that you or your
business may pose.
This may
result in other organisations refusing to provide you with products or
services, or to employ you.
FPAs may
send personal information to countries outside the European Economic Area
(“EEA’). When they do, there will be a contract in place to make sure the
recipient protects the data to the same standard as the EEA. This may include
following international frameworks for making data sharing secure
Where we store your data
All
information is generally retained within the EEA.
We will
only send your data outside the European Economic Area (‘EEA’) to:
·
Follow
your instructions.
·
Comply
with a legal duty.
·
Work with
our agents, advisers and third party service providers who we use to help run
your accounts and services.
If we do
transfer information to our agents or advisers outside the EEA, we will make
sure it is protected in the same way as if it was being used within the EEA. We
will use one of these safeguards:
·
Transfer
it to a non-EEA country with privacy laws that give the same protection as the
EEA.
·
Put in
place a contract with the recipient that means they must protect it to the same
standards as the EEA.
·
Transfer
it to organisations that are part of EU-US Privacy Shield. This is a framework
that sets privacy standards for data sent between the US and EU countries. It
makes sure those standards are similar to those used within the EEA.
You can
find out more about data protection on the Information Commissioners website: https://ico.org.uk/
Cookies and similar tracking technology
We use
cookies and similar tracking technology (collectively, “Cookies”) to collect
and use personal information about you. For further information about the types
of cookies we use, why, and how you can control Cookies, please see our Cookie
Notice.
Your rights
You have
the right as an individual to request details on the information we hold on you
and to ask us to correct any information which may be inaccurate. To exercise
your right please contact us and ask for a Data Subject Access Request form.
You are
also able to exercise your right to be forgotten. This does not mean we will
have to automatically delete all information held on you as we may still need
to keep appropriate information in order to meet our legal obligations and for
our legitimate interests.
There are
other rights which, due to the basis on which we process data, you may not
always be able to exercise. These include:
·
To
restrict processing of your data
·
To
provide your data in a portable format
·
To object
to the processing of your data
You might
also wish to complain about the way in which we have processed your data.
To
exercise your rights or to make a complaint please contact us:
Email: info@autarkycapital.co.uk.
Post: 4 Cable Court, Pittman Way, Preston, PR2 9YW
You also
have the right to make a complaint to the Information Commissioners Office. You
can make a complaint to them via their website https://ico.org.uk/make-a-complaint/ or by calling them on 0303 123 1113.
Changes to this privacy notice
We may
review our privacy notice from time to time.