2018-05-24

Privacy Notice

For Public Use
For Connectum Customers information.

Definition:
Connectum – Connectum Limited.
GDPR – General Data Protection Regulation.
UK – United Kingdom
FCA – Financial Conduct Authority
EEA – European Economic Area
HM – Her Majesty
UK – United Kingdom
FPA – Fraud Prevention Agency

This document is to inform you how Connectum looking after your personal information. And includes what you give us about yourself, what we got about you from other sources, if appropriate permission to search your personal information has been granted by you or we had to do so in accordance with UK Law and/or UK Regulations as FCA regulated Financial company.
This document states how we follow the rules and you right in accordance with GDPR.

Updating this Privacy Policy
We reserve the right to amend or update this Privacy Policy at any time and in response to changes in the Data Protection legislation. We will notify you of any changes we consider to be significant, but it is important that you come back from time to time to check for any updates and to ensure that you are happy with them.

Who we are?
We are Connectum Limited, FCA authorised and regulated, UK based company.
Address: 16 High Holborn, Office 408, London, WC1V 6BX, UK.
For the purpose of the Data Protection legislation, we are the Data Controller of your personal data. This means that we are responsible for deciding how we use your information.

Data Protection Officer (“DPO”)
We have a dedicated Data Protection Officer. Should you wish to exercise any of your rights under the Data Protection legislation, or have any questions relating to this Privacy Policy, please direct your enquiry to the Data Protection Officer, 16 High Holborn, Office 408, London, WC1V 6BX, UK or email dpo@connectum.eu

Personal information
Personal information is information about you from which you can be identified. Dependent on which service you receive from us; we will process different types of information about you.  We will not process any personal information about you that we do not actually need in order to provide our services to you.

We promise you:
• Keep your private data safe and private;
• Not to sell your private data.
As well as our Promise, the Law protects your privacy.
Data Protection law states that we can use personal information only if we have a reason to do so, including sharing personal information outside Connectum.
Such reasons are stated by law:
• To fulfil an agreement/contract we have with you;
• Due our legal duty;
• Our Legitimated interest;
• When you give such permission.

Little explanation.
A legitimate interest - is a business or commercial reason to use personal data. It does not mean that it can go unfairly or against what is best or right for you. We will inform you, if we rely on our legitimate interest.

Complete list of ways and reasons we use your personal data, including types of information and combinations of such.

We use your information for Reason Legitimation
• To manage our relationship with you or your business
• To communicate with you about our products and services
• Your consent
• Fulfilling contracts
• Our legitimate interests
• Our legal duty
• Keeping our records up to date
• Seeking your consent when we need it to contact you
• Being efficient about how we fulfil our legal and contractual duties
• To manage how we work with other companies that provide services to us and our customers
• To develop new ways to meet our customers' needs and to grow our business
• Fulfilling contracts
• Our legitimate interests
• Our legal duty
• Developing products and services, and what we charge for them
• Being efficient about how we fulfil our legal and contractual duties
• To deliver of our products and services
• To make and manage customer payments
• To manage fees, charges and interest due on customer accounts
• To collect and recover money that is owed to us
• Fulfilling contracts
• Our legitimate interests
• Our legal duty
• Being efficient about how we fulfil our legal and contractual duties
• Complying with rules and guidance from regulators
• To detect, investigate, report, and seek to prevent financial crime
• To manage risk for us and our customers
• To obey laws and regulations that apply to us
• To respond to complaints and seek to resolve them
• Fulfilling contracts
• Our legitimate interests
• Our legal duty
• Developing and improving how we deal with financial crime, as well as doing our legal duties in this respect
• Complying with rules and guidance from regulators
• Being efficient about how we fulfil our legal and contractual duties
• To run our business in an efficient and proper way.
This includes managing our financial position, business capability, planning, adding and
testing systems and processes, managing communications, corporate governance, and audit
• Our legitimate interests
• Our legal duty
• Complying with rules and guidance from regulators
• Being efficient about how we fulfil our legal and contractual duties
• To exercise our rights set out in agreements or contracts •Fulfilling contracts

For processing special categories of personal data

• Substantial public interest • Using criminal records data to help prevent, detect, and prosecute unlawful acts and fraudulent behaviour
• Responding to regulatory requirements • Showing whether we have assessed your situation in the right way
• Passing information to the regulator as needed to allow investigation into whether we have acted in the right way
• Legal claims • Using any special categories of data as needed to establish, exercise or defend legal claims
• Consent • Telling you that we need your consent to process special categories of personal data, when that is what we rely on for doing so

Groups of Personal Information
This explains what all the different types of personal information mean, that are covered by data protection law.
We use many different kinds of personal information. They are grouped together like this. The groups are all listed here so that you can see what we may know about you, even if we simply get it from seeing which shops you buy things in. We don’t use all this data in the same way. Some of it is useful for marketing, or for providing services to you. But some of it is private and sensitive and we treat it that way.

Type of personal information Description
Financial Your financial position, status and history
Contact Your name, where you live and how to contact you
Socio-Demographic This includes details about your work or profession, nationality, education and where you fit into general social or income groupings
Transactional Details about payments to and from your accounts with us, and insurance claims you make
Contractual Details about the products or services we provide to you
Locational Data we get about where you are. This may come from your mobile phone or the place where you connect a computer to the internet. It can also include shops where you buy something with your card
Behavioural Details about how you use products and services from us and other organisations
Technical Details on the devices and technology you use
Communications What we learn about you from letters and emails you write to us and conversations between us
Open Data and Public Records Details about you that are in public records, such as the Electoral Register, and information about you that is openly available on the internet
Usage Data Other data about how you use our products and services
Documentary Data Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence or birth certificate
Special types of data The law and other regulations treat some types of personal information as special. We will only collect and use these types of data if the law allows us to do so:
• Racial or ethnic origin
• Religious, political or philosophical beliefs
• Trade union membership
• Genetic and bio-metric data
• Health data
• Lifestyle information, including data related to sex life or sexual orientation
• Criminal records of convictions and offences
• Allegations of criminal offencesYou can read how we may use special types of data in the table 'How the law protects you'
Consents Any permissions, consents or preferences that you give us. This includes things like how you want us to contact you, whether you get paper statements, or prefer large-print formats
National Identifier A number or code given to you by a government to identify who you are, such as a National Insurance number or social security number, or Tax Identification Number (TIN)

Where we collect personal information from
This section lists all the places where we get data that counts as part of your personal information.

We may collect personal information about you (or your business) from any of these sources:

Data you give to us
• When you apply for our products and services.
• When you talk to us on the phone or in branch, including recorded calls and notes we make.
• When you use our websites, mobile device apps, web chat or online banking.
• In emails and letters.
• Any claims or other documents.
• In financial reviews and interviews.
• In customer surveys.
• If you take part in our competitions or promotions.

Data we collect when you use our services 
This covers two things: details about how and where you access our services, and account activity that is shown on your statement.
• Payment and transaction data. This includes the amount, frequency, type, location, origin and recipients.
• Profile and usage data.
This includes the security details you create and use to connect to our services. It also includes your settings. We also gather data from the devices you use (such as computers and mobile phones) to connect to our internet, mobile and telephone banking services. We also use cookies and other internet tracking software to collect data while you are using our website or online banking.

Data from outside organisations
• Credit card providers like Visa and Mastercard
• Credit reference agencies
• Insurers
• Retailers
• Comparison websites
• Social networks
• Fraud prevention agencies
• Other financial services companies (to help prevent, detect and prosecute unlawful acts and fraudulent behaviour)
• Employers
• Payroll service providers
• Public information sources such as the Electoral Register or Companies House
• Agents, suppliers, sub-contractors and advisers.
These can be types of firm we use to help us run accounts and services. They can also be specialist companies who advise us on ways to develop and improve our business.
• Market researchers (who combine data from many sources to produce market trend reports and advice.)
• Government and law enforcement agencies

How long we keep your personal information
We will only keep your data for as long as is necessary to provide our products and services to you and/or to fulfil our legal and regulatory obligations.

If you choose not to give personal information
You can choose not to give us personal information.
We may need to collect personal information by law, or to enter into or fulfil a contract we have with you.
If you choose not to give us this personal information, it may delay or prevent us from fulfilling our contract with you, or doing what we must do by law. It could mean that we cancel a product or service you have with us.
We sometimes ask for information that is useful, but not required by law or a contract. We will make this clear when we ask for it. You do not have to give us these extra details and it won't affect the products or services you have with us.

Cookies

Way how the cookie will be used:
A small piece of data, like a random code, will be stored on your device as file or files. And will be accessed time to time during website visit. This file or files will be automatically removed by your browser, after leaving our website or closing the browser – this option is depending on browser you use.

Reason of cookie usage:
1) for Website Language settings - to keep same language during surfing website.
2) 3rd Party service cookie: Google analytics - to analyse non personalized customer behaviour (country website accessed from, pages visited, etc.)
Connectum may apply user authentication technologies, including with the help of tokens like cookies.

This is not person specific authentication but rather is of general nature. Connectum does not keep track of Users’ separate activities on website,
similarly does not disclose or forward information about Users to a third party.
Without prejudice to the foregoing, information mentioned above can be forwarded to competent state authorities in accordance with the applicable laws.
User is always free to deny usage of Cookie by disabling such function on its web browser (functionality of website maybe reduced) or do not use the website.
If you continue without setting your browser settings on cookie deny, we assume that you are happy to receive all cookies from Connectum website.

How to complain
Please let us know if you are unhappy with how we have used your personal information.
You also have the right to complain to the regulator, and to lodge an appeal if you are not happy with the outcome of a complaint.
In the UK this is the Information Commissioner’s Office.
Find out on their website how to report a concern.

How to withdraw your consent
This section explains what to do if you no longer want us to hold or use your personal information.
You can withdraw your consent at any time. Please contact us if you want to do so.
This will only affect the way we use information when our reason for doing so is that we have your consent. See the section 'Your Rights' about more generally restricting use of your information.
If you withdraw your consent, we may not be able to provide certain products or services to you. If this is so, we will tell you.

Letting us know if your personal information is incorrect
You have the right to question any information we have about you that you think is incorrect. We’ll take reasonable steps to check this for you and correct it.
If you want to do this, please write to us or call us.
Calls may be monitored or recorded.

How to get a copy of your personal information
This section tells you where to write to us to get a copy of your personal information, and how to ask for a digital file you can use yourself or share easily with others. You can do this through online banking or by writing to us.
You can get a copy of all the personal information we hold about you by writing to us.

When you want to share your data with outside companies
You also have the right to get certain personal information from us as a digital file, so you can keep and use it yourself, and give it to other organisations if you choose to.
If you wish, we will provide it to you in an electronic format that can be easily re-used, or you can ask us to pass it on to other organisations for you. If you want to do this, please contact us.

Your rights
You can object to us keeping or using your personal information. This is known as the ‘right to object’.
You can also ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to erasure’ or the ‘right to be forgotten’.
There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it.
We may sometimes be able to restrict the use of your data. This means that it can only be used for certain things, such as legal claims or to exercise legal rights.
You can ask us to restrict the use of your personal information if:
• It is not accurate;
• It has been used unlawfully but you don’t want us to delete it;
• It is not relevant any more, but you want us to keep it for use in legal claims;
• You have already asked us to stop using your data but you are waiting for us to tell you if we are allowed to keep on using it.
If we do restrict your information in this way, we will not use or share it in other ways while it is restricted.
If you want to object to how we use your data, or ask us to delete it or restrict how we use it or, please contact us.

How personal information is used
We may share your personal information with outside organisations such as credit card providers, insurers or tax authorities. This is to obey rules that apply to us. Here we list all the types of organisation that we may share your personal information with.

Authorities
This means official bodies that include:
• Central and local government
• HM Revenue & Customs, regulators and other tax authorities
• UK Financial Services Compensation Scheme and other deposit guarantee schemes
• Law enforcement and fraud prevention agencies.

Banking and financial services
Outside companies we work with to provide services to you and to run our business.
• Agents, suppliers, sub-contractors and advisers.
These are types of firm that we use to help us run accounts, policies and services.
• Agents who help us to collect what is owed to us
• Credit reference agencies
• Someone linked with you or your business’s product or service.
This could mean a joint account holder, trustee, or fellow company director.
• Other financial services companies (to help prevent, detect and prosecute unlawful acts and fraudulent behaviour)
• Independent Financial Advisors.
This could be someone who advises you on things like pensions or life assurance. We won’t share any personal information unless they have your consent to ask us for it.
• Price comparison websites and similar companies.
• Employers (for instance, to confirm your identity if we ask for a mortgage reference)
• Companies you ask us to share your data with.
This is to do with something called Open Banking, which gives you more freedom and control to use your own banking data. It can make it easier for you or your business to shop around for products like credit cards, savings and current accounts.

General business
Outside companies we use to help grow and improve our business.
• Companies we have a joint venture or agreement to co-operate with.
• Organisations that introduce you to us.
• Advisers who help us to come up with new ways of doing business. This might be a legal firm, IT supplier or consultancy.

How we work out what marketing you receive
We do not use your personal information in such activity at all.

How we use your information to make automated decisions
We do not use such service or technology at all.

Fraud prevention agencies
This includes crimes such as fraud, money-laundering and terrorist financing.
We may need to confirm your identity before we provide products or services to you or your business. This may include carrying out fraud checks at the point of sale.
Once you have become a customer of ours, we will share your personal information as needed to help combat fraud and other financial crime. The organisations we share data with are:
• Registered Fraud Prevention Agencies (FPAs)
• Other agencies and bodies acting for the same purpose
• Industry databases used for this purpose

Throughout our relationship with you, we and these organisations exchange data between us to help prevent, deter, detect and investigate fraud and money-laundering.
None of us can use your personal information unless we have a proper reason to do so. It must be needed either for us to obey the law.

We or an FPA may allow law enforcement agencies to access your personal information. This is to support their duty to prevent, detect, investigate and prosecute crime.
These other organisations can keep personal information for different lengths of time, up to six years.

The information we use
These are some of the kinds of personal information that we use:
• Name
• Date of birth
• Residential address
• Nationality
• Residency and Citizenship status
• Details of Beneficiaries
• Contact details, such as email addresses and phone numbers
• Financial data
• Data relating to your or your businesses products or services
• Employment details
• Data that identifies computers or other devices you use to connect to the internet. This includes your Internet Protocol (IP) address.
• Usage of Our services
• Fraud, debt and theft information
• Tax information

Information Security
Your data is considered to be an important asset to us, and as such, we make reasonable effort to ensure the necessary measures are in place to prevent unauthorised or inappropriate access, use, modification, disclosure or destruction.

Other measures we take to keep your data secure include, but are not limited to:
• making regular backups of files;
• protecting file servers and workstations with virus scanning software;
• using a system of passwords so that access to data is restricted;
• allowing only authorised staff into certain computer areas;
• using data encryption techniques to code data when in transit;
• ensuring that staff are only given sufficient rights to any systems to enable them to perform their job function.

Automated decisions for fraud prevention
The information we have for you or your business is made up of what you tell us, and data we collect when you use our services, or from third parties we work with.
We and other organisations acting to prevent fraud may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account or policy is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you or your business. Either of these could indicate a risk that fraud or money-laundering may be carried out against a customer, the bank or the insurer.

How this can affect you
If we or an FPA decide there is a risk of fraud, we may stop activity on the accounts or block access to them. FPAs and cross-industry organisations may also keep a record of the risk that you or your business may pose.
This may result in other organisations refusing to provide you with products or services, or to employ you.

Data transfers out of the EEA
FPAs and other organisations we share data with for these purposes may send personal information to countries outside the European Economic Area (‘EEA’). When they do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include following international frameworks for making data sharing secure.

Sending data outside the EEA
We never send your data outside EEA except following your instructions or instructions from UK authorities.

Contact Details:
Connectum Limited
16 High Holborn
Office 408
London, WC1V 6BX, UK
+44 746 855 9423
+44 208 616 7272
+44 208 616 7273
dpo@connectum.eu
www.connectum.eu