The new General Data Protection Regulation (GDPR) becomes effective on 25th May 2018, and all organisations that process personal data must ensure to be compliant with the regulations and principles.
We must make sure that:
WHO ARE WE?
Magna Money offers highly tailored funding options to the business community. Our highly experienced and nation-wide “money mavens” provide the funding needed today, but work in collaboration with businesses and their goals, for years to come.
WHAT DATA DO WE COLLECT?
Personal data refers to any data that can be used to identify a natural person and we only process personal information that is required for us to carry out our business dealings for the customer.
Depending on your relationship with us and the services we are providing, we may collect a combination of the information detailed below (please note this list is not exhaustive):
We process relevant and required information regarding your company and employees to accurately provide services to you. The types of information listed above will only be obtained if it is directly applicable to your situation and services requested from us. To enquire about any personal information we may retain about yourself, you can email us at; email@example.com.
To ensure smooth business running, we hold a small amount of supplier information. This information will be held identifying contact individuals within your business, including but not limited to:
Bank details or other preferred method for payment to compensate services rendered for a reasonable time after the transaction. This may include but is not limited to; invoices, contracts and emails regarding details of services used by Magna Money Limited.
HOW DO WE COLLECT YOUR DATA?
The data we hold is legitimately gained either through direct contact with the customer to ensure accurate and relevant information is given with full consent of the individual or company or through a 3rd party. For any 3rd parties that we use to gather information (such as lead generation) we ensure to only use GDPR compliant companies and will not hold any data that has not been scrutinised as such. This way we collect data include but are not limited to:
WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR DATA?
We hope you will agree that we have your best interests at heart when you provide your data and we will ensure your data is kept safe. GDPR states that we are required to let you know under which legal basis your data is processed. We are using Legitimate Interest as our legal basis for processing.
Legitimate Interest – Article 6(1)(f) details:
“processing is necessary for the purpose of the legitimate interest pursued by the controller or by the third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data”
We want to make sure that we provide you with the best possible service so we hold data on you and contacts within your business that we may need to speak to. In addition, we also log details of conversations, emails sent and received, meetings and other business communication.
In order to ensure prompt payment for services you have provided we will need to hold certain information on you and your business so that payments can be made within the required timescales.
For all the above we feel this data is necessary for our legitimate interest as Financial Services Business to provide a comprehensive service to our clients and employees.
WHY DO WE COLLECT YOUR DATA?
Our core business activity is to provide clients with financial advice and accountancy services. To accomplish this, we gather personal information regarding the contact at the business including; full name, position within business, email address, phone contact details and other information freely given by the contact.
HOW DO WE USE YOUR DATA?
In order to provide the best service to clients, your data may be used in one or more of the following ways:
WHO DO WE SHARE YOUR DATA WITH?
In some circumstances, we may need to share your details with a 3rd party for us to be able to provide you with our services. This would include:
HOW DO WE SAFEGUARD YOUR DATA?
Your data is of the utmost importance to us and as such we ensure all relevant security is in place to keep your data safe and protected from any potential threats.
For more information on how we do this, please refer to our Data Protection Policy.
However, if you think we have not taken care of your data or if it has been misused, our contact information can be found at the end of this document
HOW LONG DO WE KEEP YOUR DATA FOR?
We retain your information as long as the information is required and pertinent. This would either fall under our legitimate business interest of an on-going business relationship or for legal obligations.
The following information has a legal requirement to be kept for a predetermined amount of time, regardless of active services retained with us:
GDPR provides the following rights.
THE RIGHT TO BE INFORMED
You have the right to be informed about the collection and use of your personal data and you must be provided with certain information including; the purpose for processing your personal data, our retention periods for the data and who it will be shared with. All this information is provided by means of this Privacy Notice.
THE RIGHT OF ACCESS
You have the right to access your personal data and any supplementary information. This is known as a Data Subject Access Request (DSAR) and when received by our designated Data Controller, we are legally required to provide this information within one month. This information will be provided free of charge unless we feel the request is manifestly unfounded or excessive, particularly if it is repetitive. A fee may also be charged if further copies of the same information are requested.
THE RIGHT TO RECTIFICATION
You have the right to have any inaccurate personal data rectified if incomplete or incorrect. You can request this to be done verbally or in writing and we have one calendar month to respond once this has been passed to the designated Data Controller. There is no fee attached to this request however, if we feel the request is manifestly unfounded or excessive, particularly if it is repetitive – we can charge a fee or refuse the request. If either of these apply, we will provide you with our reasons for such action.
THE RIGHT TO ERASURE
This is also known as the right to be forgotten. You have the right to have your personal data erased if:
If we process your data for one of the following reasons, the right to erasure does not apply:
THE RIGHT TO RESTRICT PROCESSING
You have the right to restrict the processing of your data in certain circumstances. When processing is restricted we may store enough information to ensure future restriction is respected. We will stop processing data if:
We can only continue to process your data when the above has been resolved and we will inform you before any restriction is lifted. If your data is restricted it can only be retained if:
THE RIGHT TO DATA PORTABILITY
You have the right to transfer your details across different services. This right only applies if:
THE RIGHT TO OBJECT
You can object to the processing of your data when it is processed under one of the following reasons:
Within 1 month of notification of this request, we must stop processing your data unless:
If your data has been shared with a third party and you request one of your “rights” listed above we will notify them and act upon the requirements of your request unless this is not possible or involves disproportionate effect.
As a business, and to comply with Article 6 of GDPR, we have agreed that the legal basis for processing your data will be (depending on your relationship with us) either “Legitimate Interest” or “Contract”. As well as complying to the GDPR in relation to direct marketing we must comply by The Privacy and Electronic Communications Regulations (PECR).
However, in certain circumstances, we are required to have your consent to perform certain activities. This consent can be given in the form of an opt-in or soft opt-in option.
We must ensure your consent is; freely given, you understand what you are consenting to and are able to opt-out and back in at any time.
You can opt in or out verbally during any client meeting. If you have opted in and wish to opt out you can click in the link provided in one of our marketing emails or contact us using the methods listed below.
If you need to contact us for any reason regarding your data, our details are:
62-66 Deansgate, Manchester, M3 2EN
0333 222 444 5
Please title any post and/or email “In relation to GDPR” to ensure it is passed to the correct person. Emails or calls made to other Magna Money Limited employees outside of these methods may not promptly reach the Data Controller to issue a response.
Providing bespoke, collaborative and expert funding advisory to business owners throughout the United Kingdom