Payment Protection Scotland is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
Payment Protection Scotland may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25/05/2018 and is subject to regular review.
If you have any queries about the policy, please get in touch with us using email@example.com or write to us at the address below and we will do our best to answer your questions.
Data Protection Officer
Payment Protection Scotland
Suit G15 Citibase
3 Dover Wynd
Strathclyde Business Park
What is Personal data?
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
What we collect
We may collect the following information:
- Personal Information; name, address, D.O.B, marital status
- Contact information including telephone number and email address
- Financial Data – loan agreement numbers, bank account and payment details
- Regulatory Data – complaint information, call recordings
- Special Category Personal Information - this includes health and vulnerability related data that you may voluntarily share with us during the fulfilment of our services to you. We will always ask for your explicit consent to record and share Special Category Data.
We need to collect this information for us to provide you with a service, to answer enquires about our services and to maintain our records. In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- To contact you regarding a claim and only ever in response to a request by you
- To provide our access to our services for you
- Contact third parties on your behalf, with your specific instruction;
- Send you email notifications which you have specifically requested;
- To contact you via email or telephone for market research reasons
- For audits, regulatory purposes, legal obligations, and compliance with industry standards
- Perform other administrative and operational purposes including the testing of systems
- We will not under any circumstances sell or share your data with third party marketing companies without your consent.
- Internal record keeping.
- We may use the information to improve our products and services.
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
How we collect your personal data
There are several ways that we can collect your personal information including: -
- When you provide it to us as part of your claim: –
- Collected automatically as you browse our website
- Provided by a 3rd party if an existing customer refers you to us and we contact you at your request
We will always have a legal basis for processing your personal data and we have carefully assessed our reasons for doing so. Our legal basis for processing your information is most commonly in line with our contractual obligations to fulfil the services and products you request from us. As a Regulated company we may be audited and are therefore held to high standards for the services and products we offer. As part of any regulatory audit we may be legally obligated to process your personal data.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
How long will we keep your information for:-
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available and you can request more details of that by contacting our Data Protection Office.
By law we have to keep certain information about our customers and this data will be held solely and securely for those legal purposes.
Your rights as a Data Subject
1. Right to information
This right provides the data subject with the ability to ask a company for information about what personal data (about him or her) is being processed and the rationale for such processing. For example, a customer may ask for the list of processors with whom his or her personal data is shared.
2. Right to access
This right provides the data subject with the ability to get access to his or her personal data that is being processed. This request provides the right for data subjects to see or view their own personal data, as well as to request copies of the personal data.
3. Right to rectification
This right provides the data subject with the ability to ask for modifications to his or her personal data in case the data subject believes that this personal data is not up to date or accurate.
4. Right to withdraw consent
This right provides the data subject with the ability to withdraw a previously given consent for processing of their personal data for a purpose. The request would then require the company to stop the processing of the personal data that was based on the consent provided earlier.
5. Right to object
This right provides the data subject with the ability to object to the processing of their personal data. Normally, this would be the same as the right to withdraw consent, if consent was appropriately requested and no processing other than legitimate purposes is being conducted. However, a specific scenario would be when a customer asks that his or her personal data should not be processed for certain purposes while a legal dispute is ongoing in court.
6. Right to object to automated processing
This right provides the data subject with the ability to object to a decision based on automated processing. Using this right, a customer may ask for his or her request (for instance, a loan request) to be reviewed manually, because he or she believes that automated processing of his or her loan may not consider the unique situation of the customer.
7. Right to be forgotten
Also known as right to erasure, this right provides the data subject with the ability to ask for the deletion of their data. This will generally apply to situations where a customer relationship has ended. It is important to note that this is not an absolute right, and depends on your retention schedule and retention period in line with other applicable laws.
8. Right for data portability
This right provides the data subject with the ability to ask for transfer of his or her personal data. As part of such request, the data subject may ask for his or her personal data to be provided back (to him or her) or transferred to another controller. When doing so, the personal data must be provided or transferred in a machine-readable electronic format.