WHO ARE WE?
James Carter t/a Independent James (Independent James) is committed to maintaining, protecting and respecting your privacy. You can visit our website without telling us who you are or revealing any information about yourself.
THE DATA CONTROLLER:
Further information can be obtained by contacting us. (See the “How to Contact Us” section below.)
WHAT THIS POLICY COVERS:
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. If you do not agree with the terms of this policy, please do not use www.independentjames.com.
INFORMATION WE MAY COLLECT FROM YOU
Information you give us.
You may give us information about you by filling in forms on this website or that we have given to you to fill in (which may be part of your agreement with us) or by corresponding with us via phone, email, facsimile or otherwise. This includes information you provide when you register to use our site, log in to a service, subscribe to a service by us and when you report an issue with our site. The information you give us may include:
• your name;
• email address;
• phone number;
• date of birth;
• family information;
• financial information, including income and expenditure;
• information about your existing assets such as property and investments;
• information about your existing mortgage and/or insurance products;
• credit card information; and
• any further personal information required as part of a product or service application or which you share through the website.
The information we collect may also include ‘special categories of data’ as defined by the data protection legislation, which is considered to be more sensitive and so is subject to additional levels of protection under the data protection legislation. This includes:
• Physical and mental health;
• racial and ethnic origin;
• sexual orientation;
• any vulnerability; and
• lifestyle information.
Data relating to criminal convictions or offences is also subject to additional levels of protection. Information we collect about you.
Each time you visit our site we may automatically collect the following information:
• technical information including the internet protocol (IP) address used to connect your computer to the internet, your log-in information, browser type and version, browser plug-in types and versions, time zone setting, operating system and platform; and
• information about your visit, including the Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); items you searched for; page response times; download errors, length of time spent on pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page and any phone number used to call us.
Information we receive from other sources.
We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies, criminal records check agencies). We receive personal data from these third parties from time to time. We may combine this information with information you give to us and information we collect about you. We may use this information and combined information for the purposes set out above (depending on the types of information we receive). Where we obtain this information from a third party it is their responsibility to make sure they explain that they will be sharing personal data with us and, where necessary, ask permission before sharing that information with us.
Monitoring and recording communications.
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention and compliance with our obligations under applicable legislation.
Personal information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
• give consent on his/her behalf to the processing of his/her personal data;
• receive on his/her behalf any data protection notices; and
• give consent to the processing of his/her personal data which may include all of the information listed above.
You might find it helpful to show them this Data Privacy Statement and if they have any concerns then please contact us.
3. HOW WE USE YOUR INFORMATION
We use information which you have given to us and we have collected and hold about you in the following ways:
• to carry out our obligations arising from any contracts entered into between you and Independent James and to provide you with the information, products and services that you request from us;
• to comply with our legal obligations to carry out identity and anti-money laundering checks;
• to provide you with information about other products and services that we offer that are similar to those that you have already purchased or enquired about;
• to provide you, or permit selected third parties to provide you with information about products or services we feel may interest you;
• to notify you about changes to our service; and
• to ensure that content from our site is presented in the most effective manner for you and for your computer.
• to administer our site and for internal operations including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to improve our site to ensure that content is presented in the most effective manner for you and your computer;
• as part of our efforts to keep our site safe and secure;
4. IDENTITY AND ANTI-MONEY LAUNDERING CHECKING
We may do an identity and/or credit check on you:
• so that we can verify your identity,
• to prevent and detect fraud and money laundering
Our search will not be recorded on the files of the credit reference agency.
If you provide false or inaccurate information to us and we suspect fraud, we will record this.
If you want to see your identity check and/or credit file, please contact us using the contact Information in Section 12 below and we will provide you with the details of the agencies which we use so that you can contact them directly to obtain the relevant information.
5. DISCLOSURE OF YOUR INFORMATION
We may share your personal information with:
• our agents and service providers (including custodians);
• credit reference agents—see “Credit Checking” section above;
• suppliers and sub-contractors for the performance of any contract we enter into with them or you;
• analytics and search engine providers that assist us in the improvement and optimisation of our site;
• law enforcement agencies in connection with any investigation to help prevent unlawful activity;
• financial institutions and other similar organisations that we deal with in the course of the services we offer; and
• auditors or contractors or other advisers auditing, assisting with or advising on any of our business purposes.
When we share your information with third parties they will process your information either as a data controller or as our data processor and this will depend on the purpose of our sharing the personal data. We will only share your personal data in compliance with the applicable data protection legislation.
A list of our selected third parties with whom we may share your information is available by you the data subject contacting us in writing to the Data Protection Officer, James Carter t/a Independent James, 2nd Floor, 14 Clerkenwell Green, London, EC1R 0DP.
6. WHERE WE STORE YOUR PERSONAL DATA
All information you provide to us is stored on our secure servers located in the United Kingdom.
7. TRANSFERS OF YOUR INFORMATION OUT OF THE EEA
We will not transfer your personal data outside of the European Economic Area. However, product providers and lenders may administer your policy, any existing policies you may have with them and provide other services, from centres in countries outside Europe (such as India and the USA). Such countries do not have the same data protection laws as the United Kingdom or the EEA. However, they are required to put into place a European Commission approved contract that that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
What we do.
We will use technical and organisational measures to safeguard your personal data, for example:
• access to your account is controlled by a password and user name; and
• we store your personal data on secure servers.
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see “How to Contact Us” section below).
What you can do.
If you want detailed information on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
9. YOUR RIGHTS
You have legal rights under data protection regulation in relation to your personal data. These are set out under the below headings:
• Right to ask us to stop contacting you with direct marketing
• Right to request a copy of your information
• Right to correct any mistakes in your information
• Right to request we cease processing your information
• Right to request deletion of your information
• Right to request a transfer of your information
We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information or change your details where we know we are dealing with the right individual.
We will not ask for a fee, unless we think your request is unfounded, repetitive or excessive, or your request is complex or for multiple copies of the same information. Where a fee is necessary, we will inform you before proceeding with your request.
We aim to respond to all valid requests within one month. It may however take us longer if the request is particularly complicated or you have made several requests. We will always let you know if we think a response will take longer than one month. To speed up our response, we may ask you to provide more detail about what you want to receive or are concerned about.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.
Right to request a copy of your information.
You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or it, please contact the Data Protection Officer, at firstname.lastname@example.org or in writing to the Data Protection Officer, James Carter t/a Independent James, 2nd Floor, 14 Clerkenwell Green, London, EC1R 0DP and let us know the information you want a copy of, including any account or reference numbers, if you have them.
Right to correct any mistakes in your information.
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please contact the Data Protection Officer, at email@example.com or in writing to the Data Protection Officer, James Carter t/a Independent James, 2nd Floor, 14 Clerkenwell Green, London, EC1R 0DP and let us know the information that is incorrect and the information you want it replaced with.
Right to request we cease processing your information.
You may request that we cease processing your personal data. If you make such a request, we shall retain only the amount of personal data pertaining you that is necessary to ensure that no further processing of your personal data takes place.
Right to request deletion of your information.
You can ask us to erase all your personal data (also known as the “right to be forgotten”) in the following circumstances:
• it is no longer necessary for us to hold that Personal Data with respect to the purpose for which it was originally collected or processed;
• you wish to withdraw your consent to us holding and processing your personal data;
• you object to us holding and processing your personal data (and there is no overriding legitimate interest to allow us to continue doing so);
• the personal data has been processed unlawfully; or
• the personal data needs to be erased in order for us to comply with a particular legal obligation.
Unless we have legitimate grounds to decline to erase your personal data, for example where we need to keep using your personal data in order to comply with our legal obligation or where we need to use your personal data to establish, exercise or defend legal claims, all requests for erasure shall be complied with.
Right to request a transfer of your information
You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller (e.g. another company).
You may only exercise this right where we use your personal data in order to perform a contract with you, or where we asked for your consent to use your personal data. This right does not apply to any personal data which we hold or process outside automated means.
10. FOR HOW LONG DO WE KEEP YOUR DATA
We only keep your information for so long as it is necessary to fulfil the purpose for which it was collected which in most circumstances would be for so long as you have a valid account with us. There are regulatory and legislative requirements which oblige us to keep certain data for longer, and in order to comply with those regulatory requirements we keep that data for seven years. In very limited circumstances, we may be required to keep some specific information for longer, but we regularly review our retention obligations to ensure we don’t keep personal information longer than we are legally obliged to.
Once we have completed the service requested and contracted by you, you or we have closed your account, and where applicable the regulatory or legislative retention period has expired, we will delete the information.
12. HOW TO CONTACT US
13. OTHER WEBSITES
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
If you have any complaints about the way in which we collect, store and use your information, and these have not been addressed by contacting us first, you can contact the supervisory authority in the United Kingdom, the Information Commissioner’s Office: https://ico.org.uk/concerns.