Privacy Notice

Summary

Most of what we do as a lender involves collecting and using the personal information of our customers.

We want you to be confident that we will keep this information secure and use it both lawfully and ethically, always respecting your privacy.

We also have specific legal responsibilities to protect your privacy. This includes letting you know what personal information we collect about you, what we use it for and on what basis. We always need a good reason for collecting and using your personal information and we have a duty to explain to you your rights in relation to that information. You have the right to know what information we hold about you and to have a copy of it, and you can ask us to change or sometimes delete it.

This privacy notice explains how we use your personal information. It describes what we do (or what we may do) from the moment you ask for a service from us through to providing and billing for that service. It also explains when and how we can use your information for marketing.

We have provided further details below, focusing on those items that we think are likely to be of most interest to you. As well as covering processing for business purposes, we give you information on circumstances in which we may have to, or can choose to, share your information.

Our privacy policy

We want you to understand why we need to collect personal information, how we use that information and to feel confident we’ll protect it.

We’ve tried to set this out as simply as possible.

It applies to the products and services we provide you. It applies to our individual and sole trader customers but doesn’t apply to the information we hold about companies or organisations.

It also applies even if you’re not one of our customers and you interact with us, such as by generally enquiring about our services or otherwise providing your personal information to us.

If you need to give us personal information about someone else in relation to our products and services, the privacy policy will also apply. And if we need the permission of the other person to use that information, we’ll ask you to check they are OK with this.

What’s not included?

This policy doesn’t apply to information about our employees or shareholders.

When applying for finance from SDKA Ltd you will have given your information to other individuals and/or organisations. This privacy policy doesn’t apply to how those other individuals and/or organisations use your personal information. You should review their privacy policies before giving them your personal information.

Who are we?

SDKA Ltd is a lender providing bridging finance solutions.

Changes to this policy?

We review our privacy notice regularly. We’ll tell you if we change the policies, as set out in the section on how we will tell you about changes to the notice below.

Accessing and updating how we use your information

If you want to access or update your information you can do so by:

  • writing to SDKA Ltd, 21 Daylesford Crescent, Cheadle, Cheshire, SK8 1LQ
  • by telephoning us on 07966 089472 or
  • by email to kunal@sdkaltd.com where we will try to resolve your concern at the earliest time possible.

Once we’ve looked at your request, we’ll let you know when you can expect to hear from us.

We’ll always try to help you with your request, but we can refuse if we believe doing so would have a negative effect on others or the law prevents us. And even though we must complete your request free of charge, we can reject requests if:

  • they’re repetitive;
  • you don’t have the right to ask for the information; or
  • the requests made are excessive

If that’s the case, we’ll explain why we believe we don’t have to fulfil the request.

Want a copy of the information we hold about you?

If you want a copy of the information, we hold about you please request this by:

  • writing to SDKA Ltd, 21 Daylesford Crescent, Cheadle, Cheshire, SK8 1LQ
  • by telephoning us on 07966 089472 or
  • by email to kunal@sdkaltd.com where we will try to resolve your concern at the earliest time possible.

We aim to respond to you within 30 days but it could take longer (up to a further two months) if it’s a complicated request or we get a lot of requests at once.

We’ll reply electronically unless you ask us to send the information by post.

Concerned about what we’re doing with your personal information?

You can ask us to correct, complete, delete or stop using any personal information we hold about you by:

  • writing to SDKA Ltd, 21 Daylesford Crescent, Cheadle, Cheshire, SK8 1LQ
  • by telephoning us on 07966 089472 or
  • by email to kunal@sdkaltd.com where we will try to resolve your concern at the earliest time possible.

In some cases, we might decide to keep information, even if you ask us not to. This could be for legal or regulatory reasons, so that we can keep providing our products and services, or for another legitimate reason. We’ll always tell you why we keep the information.

We aim to provide our products and services in a way that protects information and respects your request. Because of this, when you delete or change (or ask us to delete or change) your information from our systems, we might not do so straight away from our back-up systems or copies on our active servers. And we may need to keep some information to fulfil your request (for example, keeping your email address to make sure it’s not on any contact lists).

Where we can, we’ll confirm any changes. For example, we may check a change of address against the Postal Address File, or we might ask you to confirm it.

If we’ve asked for your permission to provide a service, you can withdraw that permission at any time. It’ll take us up to 30 days to do that. And it only applies to how we use your personal information in the future, not what we’ve done in the past.

Moving to another provider and want to take your personal information?

If we provide you with products and services, or you’ve said we can use your information, you can ask us to move, copy or transfer the information you have given us. You can ask us to do this by:

  • writing to SDKA Ltd, 21 Daylesford Crescent, Cheadle, Cheshire, SK8 1LQ
  • by telephoning us on 07966 089472 or
  • by email to kunal@sdkaltd.com where we will try to resolve your concern at the earliest time possible.

We’ll send your personal information electronically. And we’ll do our best to send it in another format if needed.

We’ll always try to help you with your request. But we can refuse if sharing the information would have a negative effect on others, for example because it includes personal information about someone else, or the law prevents us from doing so.

It will normally take us up to one month to get back to you but could take longer (up to a further two months) if it’s a complicated request or we get a lot of requests at once.

What information we collect and what we use it for

The personal information we collect depends on the products and services you have and how you use them. We’ve explained the different ways we use your personal information below.

To provide you with products and services

We’ll use your personal information to provide finance based upon information provided to us in your application. It is important that you provide us with accurate and relevant information.

For us to be able to provide suitable finance, personal data will be processed, both manually and by electronic means. The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering a contract.

“Processing” includes obtaining, recording or holding information or data, transferring it to other companies associated with us, lenders or statutory, governmental or regulatory bodies for legitimate purposes including, where relevant, to solicitors and/or other debt collection agencies for debt collection purposes and carrying out operations on the information or data.

To provide services to you we may be required to pass your personal information to parties located outside of the European Economic Area (EEA) in countries that do not have Data Protection Laws equivalent to those in the UK. Where this is the case, we will take reasonable steps to ensure the privacy of your information.

If we need to transfer your personal information to another organisation for processing in countries that aren’t listed as ‘adequate’ by the European Commission, we’ll only do so if we have model contracts or other appropriate safeguards (protection) in place.

We may also contact you or pass your details to other companies associated with us to contact you (including by telephone) to provide you with associated services, such as property valuations.

You may be assured that we and any company associated with us will treat all personal data and sensitive personal data as confidential and will not process it other than for a legitimate purpose. Steps will be taken to ensure that the information is accurate, kept up to date and not kept for longer than is necessary. Measures will also be taken to safeguard against unauthorised or unlawful processing and accidental loss or destruction or damage to the data.

We use this information to carry out our service and provide products or services to you. If you don’t give us the correct information or ask us to delete it, we might not be able to provide you with the product or service you ordered from us.

Because it is in our legitimate interests as a business to use your information

We’ll use your personal information if we consider it is in our legitimate business interests so that we can operate as an efficient and effective business. For example:

1.     To create aggregated and anonymised data

We may use your personal information to create aggregated and anonymised information. Nobody can identify you from that information and we’ll use it to:

  • continuously improve and develop our products and services for our customers and run management and corporate reporting, research and analytics; and
  • detect and prevent fraud.

We may use the following when generating the information:

  • Your gender, address and date of birth
  • Information about what service you sought from us
  • If your application for finance does not proceed, information on why it did not
  • Information from associate organisations on how and when finance, if taken, was drawn and repaid.

We have a legitimate interest in generating insights that will help us operate our business.

2.     To develop our business and build a better understanding of what our customers want

This means we’ll:

  • maintain, develop and test our application process, products and services, to provide you with a better service;
  • train our people and associates to provide you with products and services (but we make the information anonymous beforehand wherever possible);
  • make and defend claims to protect our business interests; and

We use the following information to do this.

  • Your contact details.
  • Your financial information.
  • Your communications with us, including emails, webchats and phone calls (and any recordings made).
  • Details of the products and services you’ve bought and how you use them.

If we use this information for market research, training, testing, defend or bring claims, development purposes, we do so because it is in our legitimate business interests of running an efficient and effective business which can adapt to meet our customers’ needs.

3.     To run credit and fraud prevention checks

Before we provide you with a product or service, we’ll use personal information you have given us together with information we have collected from other organisations such as Companies House, HM Land Registry and AML and Credit Checking Agencies.

Details of the personal information that will be used include your name, address, date of birth, contact details, financial information and employment details. Whether or not you become one of our customers your information can be held by us and the organisations we share it with for up to six years.

We use this information to manage our credit risk and prevent and detect fraud and money laundering. We’ll also use these organisations to confirm your identity. We might also share the information with other organisations. We do this because it’s in our, and the organisations’, legitimate interests to prevent fraud and money laundering, and to check identities, to protect our business and to keep to laws that apply to us.

If you give us false or inaccurate information which we identify as fraudulent, we’ll pass that on to fraud prevention agencies. We might also share it with law enforcement agencies, as may the agencies we have shared the information with.

If we, or a fraud prevention agency, decide that you are a fraud or money laundering risk, we may refuse to provide the services or financing you have asked for, or we may stop providing existing services to you.

The credit reference and fraud prevention agencies will keep a record of any fraud or money laundering risk and this may result in other organisations refusing to provide services, financing or employment to you. If you have any questions about this, please contact us using the details below.

We will also write to the owner of the property you offer as security, as detailed at HM Land Registry, to confirm that they are either selling the property or are in the process of seeking to obtain finance secured against it. This is part of our fraud prevention process and it protects us, you, and the legal owners of the property.

In the case where you are not the registered owner of the property because you are intending to purchase it, we will not share any of your details with the legal owner of the property. However, they may be able to determine your involvement with us.

If you tell us you’re associated with someone else, we’ll link your records together. So you must make sure you have their agreement to share information about them. The agencies we share the information with may also link your records together and these links will stay on your and their files – unless you or your partner successfully asks the agency to break that link.

4.     To meet our legal and regulatory obligations

We might have to release personal information about you to meet our legal and regulatory obligations.

To satisfy law enforcement agency investigations

Under investigatory powers legislation, we might have to share personal information about you to government and law-enforcement agencies, such as the police, to help detect and stop crime, prosecute offenders and protect national security. They might ask for the following details.

  • Your contact This includes your name, gender, address, phone number, date of birth, email address, needed to confirm your identity and your communications with us.
  • Your communications with us, such as calls and emails.
  • Your payment and financial information.
  • Details of the products and services you sought.

The balance between privacy and investigatory powers is challenging. We share your personal information when the law says we must, but we have strong oversight of what we do and get expert advice to make sure we’re doing the right thing to protect your right to privacy.

We’ll also share personal information about you where we must legally share it with another person. That might be when a law says we must share that information or because of a court order.

In limited circumstances, we may also share your information with other public authorities, even if we do not have to. However, we would need to be satisfied that a request for information is lawful and proportionate (in other words, appropriate to the request). And we would need appropriate assurances about security and how the information is used and how long it is kept.

Finally, the section above describes the situations in which your personal information is shared to other organisations, government bodies and law-enforcement agencies. When we share your information with other organisations we’ll make sure it’s protected, as far as is reasonably possible.

If we need to transfer your personal information to another organisation for processing in countries that aren’t listed as ‘adequate’ by the European Commission, we’ll only do so if we have model contracts or other appropriate safeguards (protection) in place.

If there’s a change (or expected change) in who owns us or any of our assets, we might share personal information to the new (or prospective) owner. If we do, they’ll have to keep it confidential.

Open Banking

This section of our Privacy Policy relates to Open Banking and should be read in conjunction with the other clauses in our Privacy Policy. In the event of conflict with any other clauses, this clause shall prevail.

What is Open Banking?

Open Banking is the secure way of providing access to your bank or building society account to providers who are registered for this purpose. Registered providers and participating banks and building societies are listed under the Open Banking Directory.

Open Banking was set up by the UK Government to encourage more competition and innovation in the financial services sector.

As a forward-thinking lender, we support the use of Open Banking as it allows us to process loan applications efficiently, securely and in our consumer’s best interests.

By permitting access to your bank or building society account information we’re able to make a better lending decision as we’ll be able to verify your income, outgoings, and other matters in order to assess what loan terms would be suitable for you based upon what you can reasonably afford to repay.

Further information about Open Banking is available from www.openbanking.org.uk.

How will my personal data be shared and used for the purposes of Open Banking?

By proceeding with your loan application you expressly consent to us sharing your personal, contact and loan application details (“the Shared Personal Data”) with our registered Open Banking partner, Perfect Data Solutions Limited (“PDS”) who are also a credit reference agency. During your loan application we shall safely and securely direct you to PDS’s secure portal (“the Portal”) for the purposes of granting PDS access to your bank or building society account information (“Transaction Information”). As soon as your Transaction Information is received it shall be reported back to us in the form of a completed search in order that we may continue to process your loan application (“the Permitted Purpose”). Further information about PDS including their registered provider and regulatory status is available from lendingmetrics.com

Is Open Banking secure?

PDS are registered under the Open Banking Directory as an account information service provider and are also regulated by the Financial Conduct Authority as a payment services firm under number 802599. Any data you submit via the Portal will be encrypted and its usage tracked as part of set Open Banking data security standards.

We are responsible for the secure transmission of any Shared Personal Data to PDS, for safely directing you to the Portal and for the safe receipt and usage of your Transaction Information.

You will not be required to share your banking password or log in details with either us or PDS.

Once you have given your explicit consent to share your bank account information on the Portal you will be directed to your own bank or building society’s login page where you will enter in your own login details directly.

Save as set out above or elsewhere in this Privacy Policy, we are not responsible for your direct data transmissions with PDS or with your own bank or building society.

How will my Shared Personal Data and Transaction Information be used?

PDS shall, subject to their own terms and conditions and privacy policy, and, if your bank or building society is registered to provide access under the Open Banking Directory, obtain your Transaction Information and submit this back to us for the Permitted Purpose. By way of example, the Transaction Information that we shall receive is likely to include information relating to your income, outgoings and credit worthiness.

PDS shall be entitled to re-access your Transaction Information for up to 90 days from the date of your original search result in order to refresh the search results, obtain a snapshot of your data or gather additional data.

PDS shall hold the Shared Personal Data and the Transaction Information they receive and retain according to their own terms and conditions and privacy policy, available on the Portal, which you will be required to read and consent to once directed there.

As PDS are also a credit reference agency they may also share and keep a record of your Shared Personal Data and Transaction Information.

Will you use my Transaction Information data for any other purpose?

The Transaction Information we receive about you will only be used for the Permitted Purpose.

We do not sell or share Transaction Information with any third party. Save as set out above the information contained in the rest of this Privacy Policy deals with how we collate, use, transfer, store, delete and other terms applicable to your personal data including Shared Personal Data and Transaction Information.

Do I have to provide you with my consent to proceed?

Where your bank or building society have already permitted access to your Transaction Information you shall need to contact them directly in order to withdraw your consent under their particular Open Banking terms and conditions.

Are any of my other rights under this Privacy Policy affected?

Your individual data protection and privacy rights including the right to access, correct, delete, object, restrict, withdraw consent, request transfer and/or make a complaint, continue to apply to relevant personal data we control or process and are dealt with elsewhere in this Privacy Policy.

Under Open Banking as your personal data is shared by your bank or building society and accessed by PDS you may also be able to exercise your individual data protection and privacy rights against either of them pursuant to their own terms and conditions and privacy policies.

Protecting your information and how long we keep it

How do we protect your personal information?

We have strict security measures to protect your personal information. We check your identity when you get in touch with us, and we follow our security procedures and apply suitable technical measures to protect your information.

How long do we keep your personal information?

We’ll keep:

  • Cases not proceeding, cancelled, declined before completion – 6 years after the date of cancellation.
  • Ongoing cases – 6 years from repayment in full date.
  • Repaid cases – 6 years after repayment in full date.
  • Cases reported to Authorities as suspicious – 6 years from date of reporting.

In other cases, we’ll store personal information for the periods needed for the purposes for which the information was collected or for which it is to be further processed. And sometimes we’ll keep it for longer if we need to by law. Otherwise we delete it.

How to contact us and further details

Got a question about how we use your information?

You can get in touch with our data protection officer by writing to the address below.

FAO: The Data Protection Officer SDKA Ltd

21 Daylesford Crescent Cheadle

SK8 1LQ

If you want to make a complaint on how we have handled your personal information, please contact our data protection officer who will investigate the matter and report back to you. If you are still not satisfied after our response or believe we are not using your personal information in line with the law, you also have the right to complain to the data-protection regulator in the country where you live or work. For the UK, that’s the Information Commissioner – https://ico.org.uk/

How will we tell you about changes to the policy?

Our privacy policy might change from time to time. We will communicate changes to all existing customers via email.