2 Types of data we collect and use
3 Providing your personal data
4 Using your personal data: the legal basis and purposes
5 Sharing of your personal data
6.1 Contacting us by email
6.2 Using your personal data for direct marketing
6.3 Monitoring of communications
6.4 Data retention periods
6.5 Your rights under applicable data protection law
6.6 Data anonymisation and aggregation
6.7 International transfers
6.8 Changes to this statement
6.10 Legal statement about this statement
6.11 Contacting us about our statement
6.12 Customer responsibility
At Kompozable (the “Kompozable”, “we”, “us”), we are committed to keeping your personal data safe and complying with our obligations under applicable data protection laws.
This privacy statement (the “Statement”) describes the types of personal data we may collect about you, how we may use that information and with whom we may share it in relation to providing you with our products and services and in relation to our website (www.kompozable.com). It also describes the measures we take to protect the security of your personal data and how you can reach us to answer any questions you may have about our privacy practices. You may also receive other supplemental privacy statements from us if you request additional products or services.
In this Statement, “you” and “your” means: (i) each employee, contractor, guarantor or authorised representative of a business customer (including brokers); (ii) any individual who receives products and services from us; (iii) any individual who accesses www.kompozable.com.
We are the controller for the purposes of applicable privacy laws, including the General Data Protection Regulation 2016/679.
If you have any queries relating to our use of your personal data or any other data protection related questions, please contact our Data Protection Officer (DPO) on firstname.lastname@example.org.
Your personal data is data which by itself or with other data available to us can be used to identify you.
The types of personal data we collect and use will depend on what you are doing on the website and what products and services you receive from us. We’ll use your personal data for some or all of the reasons set out in this Statement.
If you become a customer, we’ll also use it to manage the account, policy or service you’ve applied for. Examples of the personal data we use in relation to our website and in order to provide you products and services may include:
- Full name and personal details including contact information (e.g. home address and address history, email address, home and mobile telephone numbers);
- Date of birth and/or age (e.g. to make sure that you are eligible to apply for a product or service);
- Financial details (e.g. salary and details of other income, and details of accounts held with other providers if you apply for a product or service with us);
- Records of products and services you’ve obtained or applied for, how you use them and the relevant technology used to access or manage them (e.g. mobile phone location data, IP address, MAC address);
- Information from credit reference or fraud prevention agencies, electoral roll, court records of debt judgements and bankruptcies and other publicly available sources as well as information on any financial associates you may have if you apply for a product or service with us;
- Education and employment details/employment status for credit and fraud prevention purposes if you apply for a product or service with us; and
- Personal data about other named individuals as required. Where you provide the personal data of others you must have their authority to provide their personal data to us and share this Statement and any related data protection statement with them beforehand together with details of what you’ve agreed on their behalf.
We’ll tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, if you fail to provide the requested personal data, we may be unable to process or respond to your application, query or service.
We’ll process your personal data:
- As necessary to perform your contract with you for the relevant account, policy or service, including to:
- take steps at your request prior to entering into it;
- decide whether to enter into it;
- manage and perform that contract;
- update our records; and
- contact you about your account (including to recover debt).
- As necessary for our own legitimate interests or those of other persons and organisations, for example:
- for good governance, accounting, and managing and auditing our business operations;
- to search at credit reference agencies at your home and business address;
- to monitor emails, calls, other communications, and activities on your account; and
- for market research, analysis and developing statistics.
- As necessary to comply with our legal obligations, including:
- to respond to you when you exercise your rights under data protection law and make requests;
- to comply with legal and regulatory requirements and related disclosures;
- to establish and defend our legal rights;
- for activities relating to the prevention, detection and investigation of crime;
- to verify your identity, make credit, fraud prevention and anti-money laundering checks; and
- to monitor emails, calls, other communications, and activities on your account.
- Based on your consent, for example:
- when you request us to disclose your personal data to other people or organisations such as a company handling a claim on your behalf, or otherwise agree to disclosures;
- to send you marketing communications where we’ve asked for your consent to do so.
You are free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you.
Subject to applicable data protection law we may share your personal data with:
- other parts of Kompozable specifically in relation to providing you with your product or service;
- third parties and other persons who help us provide our products and services;
- companies and other persons providing services to us;
- our legal and other professional advisors, including our lawyers and auditors;
- fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at: https://www.cifas.org.uk/fpn
- law enforcement bodies;
- government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators e.g. the Prudential Regulatory Authority, the Financial Conduct Authority, the Information Commissioner’s Office);
- courts, to comply with legal requirements, and for the administration of justice;
- and anyone else where we have your consent or as required by law.
When you contact us, we may need to collect some personal details like your name, address and phone numbers. Email isn’t 100% secure so you shouldn’t send personal data such as your account information using normal email. Please consider another method, such as calling us, if you need to share personal data.
Emails are stored on our standard internal contact systems which are secure and can’t be accessed by external parties. We store this information to identify trends, and for the purposes set out in the monitoring of communications section as necessary to comply with any legal obligations and for our legitimate interests. For more information on the criteria we use to determine our retention periods, see below.
We will only use your information for marketing purposes if we have your consent to do so. If you do give your consent but later change your mind, please use the unsubscribe link within the email, or contact us, and we’ll remove you from future campaigns.
Subject to applicable laws, we may monitor and record your calls and emails in relation to your dealings with us. We do this for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications systems and procedures, to check for obscene or profane content, for quality control and staff training, and when we need to see a record of what’s been said. If you take out an account or service with us, we may also monitor activities on your account/service where necessary for these reasons and this is justified by our legitimate interests or our legal obligations.
The following criteria are used to determine data retention periods for your personal data, for both customers and non-customers:
- Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries (e.g. if your application is unsuccessful) or for a sensible period in order for us to reply to any queries you raise;
- Retention in case of claims. We’ll retain your personal data for as long as you might legally bring claims against us; and
- Retention in accordance with legal and regulatory requirements. We’ll retain your personal data after your account, policy or service has been closed or has otherwise come to an end based on our legal and regulatory requirements.
Your rights are as follows (noting that these rights don’t apply in all circumstances):
- The right to be informed about our processing of your personal data;
- The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
- The right to object to processing of your personal data;
- The right to restrict processing of your personal data;
- The right to have your personal data erased (the “right to be forgotten”);
- The right to request access to your personal data and information about how we process it;
- The right to move, copy or transfer your personal data (“data portability”); and
- Rights in relation to automated decision-making including profiling.
You have the right to complain to the Information Commissioner’s Office (ICO). We are registered with the ICO (registration: ZB217337) for data protection purposes. The ICO has enforcement powers and can investigate compliance with data protection law: ico.org.uk.
For more details on all the above you can contact our DPO on email@example.com.
Your personal data may be converted into statistical or aggregated data which can’t be used to identify you, then used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described above.
In some instances, your personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an ‘international framework’ of protection. For more information on the safeguards we apply to protection your personal data in the event it is transferred outside of the UK and the European Economic Area please contact us at firstname.lastname@example.org.
We’ll notify you if there are any material changes to this Statement if required by applicable law or where we intend to process your personal data for a new purpose before we start that new processing activity.
- collect information that will help us understand visitors’ browsing habits on our website;
- compile statistical reports on website activity, e.g. number of visitors and the pages they visit;
- temporarily store any information which you may enter in tools, such as calculators or demonstrations on our website; and
- in some cases, remember information about you when you visit our website.
This Statement is not designed to form a legally binding contract between Kompozable and users of our website.
Contact us by emailing our DPO at email@example.com if you have any questions about this Statement or our privacy practices.
It is your responsibility to ensure that your computer is virus protected. We cannot accept responsibility for any loss you may suffer as a result of accessing and downloading information from this site.