All employees of the Company are subject to the pre-employment checks such as references and may be subject to credit scoring, SIA licence and DBS checks. These checks are conducted due to the nature of risk associated with the type of business that we operate and that we operate within a highly regulated industry.
We use your information to enable you to register your interest with us and, once your registration is complete, for the administration of your account, to contact you, to update our records about you, and to respond to and process your queries and requests. All personal information is checked against an independent system that reviews the electoral register and other databases to validate your identity. All data that we collect is held on servers located within the EEA and are kept secure and personal and sensitive data is only accessed by authorised personnel.
NoteMachine Group use your personal information so that we can provide you with products and services which you use, may be relevant, similar products or services which we think may be of interest to you (if you have opted in to receive such information) and to meet our contractual obligations to you. This may include information concerning promotions or offers which could benefit you. We also use your information to notify you about changes or developments relating to our products and services that you use. We might contact you by mail, telephone, email, or text unless you have asked us not to. If you are a registered customer, we may also display personalised advertising to you when you use our online account service and mobile app. You can change your preferences at any time by calling us, writing to us, contacting your local branch or by updating them online. If you do opt out, you may still see some generic, non-personalised advertising when you are using our online services. We will not provide information about you to companies outside our Group to use for their own marketing purposes unless you have given us your consent to do so.
'Profiling’ is the use of personal information to predict an individual’s behaviour, such as their performance at work, economic situation, personal preferences, interests, reliability, behaviour, location or movements etc. We may use your personal data to carry out marketing analysis, for example we look at what you have viewed on our sites and apps and what products and services you have bought to better understand what your interests and preferences are, and to improve our marketing (if you have opted in to receive such information) by making it more relevant to your interests and preferences. For statistical purposes such as analysing the performance of our sites and apps and to understand how visitors use them and where they are used.
We may share your information with other members of the NoteMachine group of companies where we need to do so to provide you with any of the products or services you have requested or where you have asked us to do so.
We may share your information with anyone (for example, an agent) who you have told us or who we are otherwise aware is acting on your behalf, or who introduces you to us, or who you have asked us to contact.
NoteMachine Group and our products and services are subject to The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, The Criminal Finances Act 2017 and regulation by HM Revenue and Customs. Some of our products and services are also subject to regulation by the Financial Conduct Authority ("FCA"). We may be required by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, The Finances Act 2017, by HM Revenue & Customs, by the FCA or other regulatory bodies, by the Police or other law enforcement agencies (for example, in connection with criminal prosecutions, money laundering or fraud investigations), by order of a court or otherwise by law to use your information in the detection, prevention or prosecution of crime, tax evasion, fraud or audit purposes.
We may share your information with credit control or debt collection agencies, for example, if you owe us money and we engage their services to recover it from you.
If we decide we want to sell our business or receive an offer to buy our business we may have to share your information with a prospective purchaser and their legal, financial or other advisers. In these circumstances, we will take appropriate steps to ensure that your information is properly protected.
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless explicitly requested by you. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. You may sometimes ask us about, or we may sometimes ask you if you are interested in, products or services which we are unable to provide but which someone else we know (“NoteMachine Group contact”) may be able to provide (for example, travel or financial services). We will never pass your information to a NoteMachine Group contact unless you have asked us to do so. Please note that we are not responsible for and cannot be liable to you for any products or services of any NoteMachine Group contact or any acts or omissions of any NoteMachine Group contact. Your information will be passed to third parties for the purpose of validating identity and for the completion of credit references and DBS checks for employees of NoteMachine Group of companies.
We are required to handle information which we hold about you that is capable of identifying you (either alone or with any other information we may hold about you) in accordance with the Data Protection Act 2018 (“the Act”), which regulates the use of “personal data” in the United Kingdom. You have the right under the Act to ask us in writing (Subject Access Request) for details concerning the "personal data" we hold about you, including a description of that data, the purposes for which it is being used and to whom that data has been or may be disclosed. We may charge you an administration fee for providing additional copies of information and depending on the volume requested. You have the right to object to direct marketing (including profiling) by contacting the Data Protection Officer (details can be found in the ‘How to Contact Us’ section of this policy), but we would only market to you if you have opted in to receive information on our products and services. The personal and sensitive information that we hold should be accurate and kept up to date. Please keep us informed of any changes to your information and please be assured that you can delete or correct any information either by visiting your registration online, by email or writing to the Data Protection Officer (details can be found in the ‘How to Contact Us’ section of this policy).
NoteMachine Group will retain your details for as long as they are needed for the relevant purposes listed under the ‘How we use your data’ and the ‘Data Sharing’ section of this notice. The Company may also retain certain records for other legitimate reasons (including after your relationship with the Company has ended), for example to resolve any potential disputes, cross-check against future applications and to comply with other reporting, legislative and retention obligations. When your personal information is no longer needed as defined by our Retention Policy it will be permanently deleted from our databases.
The nature of our products and services means that we may need to share your information with people or businesses based in countries outside of the United Kingdom. All countries in the European Economic Area (EEA), which includes the UK, have similar standards of legal protection for your personal information. We may run your accounts and provide other services from centres outside the EEA (such as the USA and India) that do not have a similar standard of data protection laws to the UK. If so, we will require your personal information to be protected to at least UK standards. We may process payments through other financial institutions such as banks and the worldwide payments system operated by the SWIFT organisation if, for example, you make a CHAPS payment or a foreign payment. Those external organisations may process and store your personal information abroad and may have to disclose it to foreign authorities to help them in their fight against crime and terrorism. The countries to which we may need to send your information would normally be obvious to you. For example, if you have instructed us in connection with a purchase of a property in France then we will usually be dealing with people or businesses based in France (which may include banks, lawyers and estate agents) that are connected with the purchase in order to fulfil our contractual obligations to you. In many instances we will be dealing with people or businesses which you have asked us to deal with or who you already know or who already know you. If these are based outside the EEA, your personal information may not be protected to standards similar to those in the UK.
We use industry-standard products to protect your personal data held on our servers and ensure that any third parties, with whom we share your information, has the same level of protection.
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act) and we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.
Whilst we currently use some automated systems that are designed to assist us in identifying individuals for employment and transacting purposes we ensure that any automated decision is always reviewed by the business and arbitrated with human intervention.
This policy replaces all previous versions and is correct as of September 2019. We reserve the right to change the policy at any time. You should check our website periodically for any changes which may affect you.
If you are unhappy with any response to a Subject Access Request or to how you believe your data is being handled by the Company after we have tried to resolve your concerns then you have the right to take your complaint to the relevant supervisory body. You can find out more about the Act and your rights by visiting the website of the Information Commissioner at https://ico.org.uk. The Information Commissioner's Office can also be contacted by telephone on 0303 123 1113.
© NoteMachine Group | Registered in England & Wales
Registered Office: Russell House, Elvicta Business Park, Crickhowell, Powys, NP8 1DF NoteMachine UK Ltd – Registered No: 01359357
Eurochange Ltd – Registered No: 2519424
NM Mortgages Ltd – Registered No: 05336870
TestLink – Registered No: 02598460
This policy was approved by the Board of Directors and is issued on a version controlled basis under the signature of the Chief Executive Officer (CEO).