Autarky Capital Privacy Notice

About Us

Autarky Capital Sukuk Plc (Autarky) acts as a specialist property lender operating in the niche short term finance market. Autarky has issued this Privacy Notice to describe how we handle personal information that we hold about customers (collectively referred to as “you”). Autarky is the Controller of your personal information.

If you require any further information or wish to contact us or our Data Protection Officer at any time our contact details are:

Address: 4 Cable Court, Pittman Way, Preston, PR2 9YW

Collecting data – when you, or someone acting on your behalf, make contact.

By phone – We may use call number identification to recognise who is calling us and to have a short term record of calls received. We may record some calls for training, monitoring and record keeping purposes. We will capture information that you give us for our records in order to deal with your enquiry and process it in accordance with our processing basis as set out below.

By email – If you send us an email that is not encrypted any personal data within it may be at risk. We will capture and process the information in the email for our legitimate interest and legal purposes as set out below. When we send emails we encrypt some emails or their content in order to protect personal data.

By post – When we receive an enquiry or a paper application it will contain personal information for applicant(s) and possibly other parties in connection with the property(ies).

By App – Automatically from you via your devices when you use the Autarky Capital App.

By on-line web form – When you input and submits information on our enquiry form.

Providing information to us on other people including via brokers

In providing information to us about other people you warrant that you have their permission to give us their data and that you have provided them with our privacy notice so that they are aware of the basis on which we will process their information. We store information provided to us in both electronic and paper based systems.

Parties we may obtain information from

We may obtain information from:

·         You, someone acting on your behalf or someone associated with you such as your spouse, any joint mortgage holders, or other financial associates

·         Your employer and past employers (if required)

·         People who introduce you to us

·         Your professional advisers

We may also obtain information about you from other providers such as:

·         credit reference agencies (see below),

·         fraud prevention and search agencies,

·         via google and other websearch tools,

·         social media,

·         other providers of public information services such as land registry.

We only do this when we are considering whether or not to offer you a loan or manage any loan offered, or consider you for a job.

Data we may collect

·         your name, address, telephone numbers, email address(s), date of birth, place of birth, nationality, tax/residency status, passport, employment, banking and financial details including those of any business that you run;

·         people connected with you such as your spouse, any joint mortgage holders, or other financial associates

·         demographic and lifestyle information;

·         information we receive when making a decision about you, your loan or your application for such a loan; 

·         information that you provide by completing forms that we provide to you or you give us;

·         details of the loan(s) you have and have had with us and all transactions;

·         details of when you contact us and when we contact you (e.g. copies of any correspondence and recordings of telephone calls);

·         details of how you applied for your loan, together with any other information (including where obtained from third parties) which we reasonably need to operate your loan, make decisions about you or fulfil our regulatory obligations;

·         your preferences;

·         your technology;

·         your profile;

·         references in the case of staff;

·         your criminal convictions and the results of any checks we are required by law or regulations to undertake.

Sensitive Data

We may capture sensitive data about you with regards to your or a related persons health if you advise of an issue that we may need to take into account in dealing with your loan or dealing with you as an member of staff. We will ask you for your consent to hold this information but may retain this information where it would be in your best interests for us to do so or in order to protect us from a claim.

Basis of processing data and who we share your data with

We will hold and process your data for the performance of a contract and our legitimate interests in order to:

·         Determine whether or not to offer a loan

·         Manage any loan advanced through to redemption

·         Manage any relationship with intermediaries including a record of introductions, payments made and other relevant information appropriate to managing the relationship

·         Manage the relationship with funders or anyone applying to become a funder and to maintain appropriate records relevant to that relationship

·         To manage business relationships with our professional advisers, contractors and third party providers

·         To consider any application for a job, including CV’s, and whether to progress it

·         Share information where necessary with funders, our professional advisers, contractors and third party providers and anyone who may wish to acquire all or any part of our business

·         Share information with other companies in the same group and associated companies

·         Carry out checks with fraud prevention and credit agencies and tracing agencies if required (see below)

·         Share information with your intermediary about your application or the performance of your loan

·         Share information with any recruitment agency or search provider about your job application

·         Manage staff performance and employment obligations

·         Undertake analysis, produce models, statistics, reports and forecasts

·         investigate and respond to complaints, disputes and where necessary to bring or defend legal claims

We will hold and process your data for legal purposes in order to:

·         Meet our legal obligations

·         Help identify you and meet our anti-money laundering obligations

·         Supply information to any government body, regulatory authority, law enforcement agency as required and to credit and fraud prevention agencies

We will hold and process your data by consent for marketing purposes in order to keep you informed of:

·         Our products and services and those of any group or related company

·         Information contained in any newsletter we may issue

·         Products and services of any selected third parties where you have agreed to this

We may use a third party provider to issue this information to you but will not share your information with any other third party for marketing purposes.

We may also gather information on our marketing in order to understand and measure the effectiveness of it and to make improvements as a result.

Retaining information

We will retain information for our legitimate interests and legal purposes as follows:

·         Loans advanced – up to 6 years after the loan has redeemed but may be longer where legal action has been taken or is pending

·         Enquiries and applications for loans not advanced – up to 6 months from the date the enquiry or application is marked not proceeded with – may be longer where a fraudulent application is made. We may also need to keep any anti-money laundering information gathered for a period of up to 5 years

·         Intermediaries – up to 6 years from the end of our relationship

·         Professional advisers, contractors and third party advisers – up to 6 years from the end of our relationship

·         Staff records – up to 5 years from the time of termination of employment or final actions, e.g. tribunals. unless there are ongoing legal actions or other issues such as criminal activity

Where you have consented to marketing we will retain your contact information for marketing purposes until such time as consent is withdrawn.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.

Checking with Credit Reference Agencies

When we carry out checks with Credit Reference Agencies (CRA) we supply information to them on based on the details you provide. We provide information to you on this before we carry out the search. The credit agencies have their own basis on which they process your data and you can view their privacy notice here:

Callcredit www.callcredit.co.uk/crain

Equifax www.equifax.co.uk/crain.html

Experian www.experian.co.uk/crain/index.html

We may also carry out checks with them in order to identify you and for fraud prevention purposes.

Please ask us if you require details of the CRAs or any other agencies we may pass your information to and who we receive information from about you.

Fraud Prevention Agencies

We may need to confirm your identity before we provide products or services to you or your business.

Once you have become our customer, we share your personal information as needed to help detect money-laundering and fraud risks. We use Fraud Prevention Agencies (FPAs) to help us with this.

Both we and FPAs can only use your personal information if we have a good reason to do so. It must be needed either for us to obey the law or regulations, or for a ‘legitimate interest’.

We use the information to:

·         Confirm identities.

·         Help prevent money laundering and fraud.

·         Fulfil any contracts you or your business has with us.

We or an FPA may allow law enforcement agencies to access your personal information. This is to support their duty to detect, investigate, prevent and prosecute crime.

FPAs can keep personal data for different lengths of time. They can keep your data for up to six years if they find a risk of money-laundering or fraud.

Below are examples of the personal data that is used:

·         Name.

·         Date of birth.

·         Residential address.

·         History of where you have lived.

·         Contact details, such as email addresses and phone numbers.

·         Financial data.

·         Data relating to your or your business’ products or services.

·         Employment details.

·         Data that identifies computers or other devices you use to connect to the internet. This includes your Internet Protocol (IP) address.

We and FPAs may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you or your business. Either of these could indicate a possible risk of fraud or money-laundering.

If we or an FPA decide there is a risk of fraud, we may stop activity on the accounts or block access to them. FPAs will also keep a record of the risk that you or your business may pose.

This may result in other organisations refusing to provide you with products or services, or to employ you.

FPAs may send personal information to countries outside the European Economic Area (“EEA’). When they do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include following international frameworks for making data sharing secure

Where we store your data

All information is generally retained within the EEA.

We will only send your data outside the European Economic Area (‘EEA’) to:

·         Follow your instructions.

·         Comply with a legal duty.

·         Work with our agents, advisers and third party service providers who we use to help run your accounts and services.

If we do transfer information to our agents or advisers outside the EEA, we will make sure it is protected in the same way as if it was being used within the EEA. We will use one of these safeguards:

·         Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.

·         Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.

·         Transfer it to organisations that are part of EU-US Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to those used within the EEA.

You can find out more about data protection on the Information Commissioners website: https://ico.org.uk/ 

Cookies and similar tracking technology

We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal information about you. For further information about the types of cookies we use, why, and how you can control Cookies, please see our Cookie Notice.

Your rights

You have the right as an individual to request details on the information we hold on you and to ask us to correct any information which may be inaccurate. To exercise your right please contact us and ask for a Data Subject Access Request form.

You are also able to exercise your right to be forgotten. This does not mean we will have to automatically delete all information held on you as we may still need to keep appropriate information in order to meet our legal obligations and for our legitimate interests.

There are other rights which, due to the basis on which we process data, you may not always be able to exercise. These include:

·         To restrict processing of your data

·         To provide your data in a portable format

·         To object to the processing of your data

You might also wish to complain about the way in which we have processed your data.

To exercise your rights or to make a complaint please contact us:

Email: info@autarkycapital.co.uk.

Post:  4 Cable Court, Pittman Way, Preston, PR2 9YW

You also have the right to make a complaint to the Information Commissioners Office. You can make a complaint to them via their website https://ico.org.uk/make-a-complaint/ or by calling them on 0303 123 1113.

Changes to this privacy notice

We may review our privacy notice from time to time.