Privacy Statement

1.Background

This privacy notice lets you know what happens to any data that you give to us, or any that we may collect from or about you and your business. It applies to all products and services, and instances where we collect your personal data.

This privacy notice applies to personal information and data processed by Total Projects Ltd.

Changes to this privacy notice

We may change this privacy notice from time to time by updating this document in order to reflect changes in the law and/or our privacy practices. We encourage you to check this privacy notice for changes whenever you visit our website – www.totalprojectsltd.co.uk

We have a dedicated data protection officer (“DPO”). You can contact our DPO using the details below or by writing to the above address, marking it for the attention of the DPO or going to the Contact Us section on our website.


2. What kinds of personal information about you and/or your business do we process?

Personal information and data that we’ll process in connection with all of our services, if relevant, includes:

  • Personal/contact details, such as title, full name, contact details such as email address, phone number and site address and any historical contact details
  • Records of your contact with us such as phone numbers, emails, tickets logged via our online ticketing system, IP addresses
  • Services you hold with us, as well as have been interested in and have held and the associated payment methods used
  • The usage of our products and services such as call data, internet usage and other applicable data acquired through using our services
  • Marketing to you including history of those communications
  • Information we obtained from third parties, including referees and any associated companies
  • Personal information which we obtain from Credit Reference Agencies including public (for example, defaults, CCJs) and shared credit history, financial situation and financial history
  • Financial details about your business, such as your account details, payment method(s)

3. What is the source of your personal information/business data?

We’ll collect personal information and data from the following general sources:

  • From you directly
  • Information generated about you and your business when you use our services
  • Business partners (for example, financial services institutions, insurers), account beneficiaries, or others who are a part of providing your products and services or operating our business
  • From other sources such as Credit Reference Agencies, other lenders, HMRC, DWP, publicly available directories and information (for example, telephone directory, social media, internet, news articles), other organisations to assist in prevention and detection of crime, police and law enforcement agencies

4. What do we use your personal/business data for?

We use your data, including any of the personal data listed in section 1 above, for the following purposes:

  • Assessing an application for a service, including considering whether or not to offer you the service, the price, the risk of doing so, availability of payment method and the terms
  • Managing services relating to that service, or application for one
  • Updating your records
  • Managing any aspect of the product or service
  • To make automated decisions on whether to offer you the service, or the price, payment method, risk or terms of it
  • To perform and/or test the performance of, our services and internal processes
  • To improve the operation of our business and that of our business partners
  • To follow guidance and best practice under the change to rules of governmental and regulatory bodies
  • For management and auditing of our business operations including accounting
  • To carry out checks at Credit Reference Agencies pre-application, at application, and periodically after that
  • To monitor and to keep records of our communications with you and our staff (see below)
  • To administer our good governance requirements such as internal reporting and compliance obligations or administration processes
  • For market research and analysis and developing statistics
  • For direct marketing communications and related profiling to help us to offer you relevant products and service, including deciding whether or not to offer you certain products and service. We’ll send marketing to you by email, phone, post, social media and digital channels. Offers may relate to any of our products and services as well as to any other offers and advice we think may be of interest
  • To comply with legal and regulatory obligations, requirements and guidance
  • To share information, as needed, with business partners (such as our service providers), account beneficiaries, service providers or as part of providing and administering our products and services or operating our business

5. What are the legal grounds for our processing of your data (including when we share it with others)?

We rely on the following legal bases to use your data:

  1. Where it is needed to provide you with our products or services, such as:
    a) Assessing an application for a product or service you hold with us, including consider whether or not to offer you the product, the price, the payment methods available and the conditions to attach
    b) Managing products and services you hold with us, or an application for one
    c) Updating your records, to contact you about your account and doing this for recovering debt (where appropriate)
    d) Sharing your personal information with business partners and services providers when you apply for a product to help manage your product or service
    e) All stages and activities relevant to managing the product or service including enquiry, application, administration, support and management of accounts
  2. Where it is in our legitimate interests to do so, such as:
    a) Managing your products and services relating to that, updating your records, tracing your whereabouts to contact you about your account
    b) To perform and/or test the performance of, our products, services and internal processes
    c) To follow guidance and recommended best practice of government and regulatory bodies
    d) For management and audit of our business operations including accounting
    e) To carry out searches at Credit Reference Agencies pre-application, at the application stage, and periodically after that. Where you have been introduced to us by a Third party or other intermediary they may do these searches on our behalf
    f) To carry out monitoring and to keep records of our communications with you and our staff (see below)
    g) To administer our good governance requirements and those of other members of our Company, such as internal reporting and compliance obligations or administration required for processes
    h) For market research and analysis and developing statistics
    i) For direct marketing communications and related profiling to help us to offer you relevant products and services, including deciding whether or not to offer you certain products and service. We will send marketing to you by email, phone, post and social media and digital channels (for example, using Facebook Custom Audiences and Google Custom Match
    j) Where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations
  3. To comply with our legal obligations
  4. With your consent or explicit consent:
    1. For some direct marketing communications
    2. For some of our profiling and other automated decision making
    3. To carry out any work instructed by you in order to provide and support services under contract and in accordance with our terms and conditions.

6. When do we share your data with other organisations?

We may share information with the following third parties for the purposes listed above:

  • Service providers
  • Business partners, account beneficiaries, or others who are a part of providing your products and services or operating our business
  • Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office and under the Financial Services Compensation Scheme
  • Other organisations and businesses who provide services to us such as debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions
  • Credit Reference Agencies (see below)
  • Market research organisations who help us to develop and improve our products and services

7. How and when can you withdraw your consent?

Where we’re relying upon your consent to process data, you can withdraw this at any time in writing by contacting us using the details below.


8. Is your data transferred outside the UK or the EEA?

We’re based in the UK but sometimes your personal information may be transferred outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.


9. How do we share your information with credit reference agencies?

To process your application, we’ll perform credit and identity checks on your business with one or more credit reference agencies (CRAs). Where you take credit services from us we may also make periodic searches at CRAs to manage your account with us. To do this we’ll supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history.

We’ll use this information to:

  • Assess your creditworthiness and whether you can afford to take the service
  • Verify the accuracy of the data you have provided to us
  • Manage your account(s)
  • Assess payment methods available to you
  • Trace and recover debts

10. What should you do if your personal information changes?

You should tell us so that we can update our records, you can do so by using the details in the Contact Us section of our website. We’ll then update your records if we can.


11. Do you have to provide your personal/business information to us?

We’re unable to provide you with our services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.


12. Do we do any monitoring involving processing of your personal information?

In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.

We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.


13. For how long is your data retained by us?

Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations and services
  • For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
  • Retention periods in line with legal and regulatory requirements or guidance.

For cloud services and other such services where we backup your data we will hold the data for a period no longer than 4 weeks, unless otherwise contractually agreed to or explicit permission is granted.

You can withdraw consent at any time in writing if you no longer want us to retain your data.


14. What are your rights under data protection laws?

Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.

  • The right to be informed about the processing of your personal information
  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • The right to object to processing of your personal information
  • The right to restrict processing of your personal information
  • The right to have your personal information erased (the “right to be forgotten”)
  • The right to request access to your personal information and to obtain information about how we process it
  • The right to move, copy or transfer your personal information (“data portability”)
  • Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you

You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/. You can contact us using the details below.


15. Your right to object

You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by going to the Contact us section of our website to exercise these rights.


16. What are your marketing preferences and what do they mean?

We may use your address, phone numbers, email address and social media or digital channels (for example, Facebook, Google and message facilities in other platforms) to contact you according to your marketing preferences. You can stop our marketing at any time by contacting us using the details below or by following the instructions in the communication.


Contact Us

If you have any questions about this privacy notice, or if you wish to exercise your rights or contact the DPO, you can contact us by going to the Contact us section of our website. Alternatively, you can write to the below mentioned address and mark it for the attention of the DPO.

Total Projects Ltd

99, Innovation Centre, Park drive, Milton Park,  Abingdon, Oxon.  OX14 4RY

Tel: +44 (0)1235 841535  

 

Please click the link below for a printer-friendly version of this statement.

PrivacyStatement