1. Who are we?
We take privacy seriously and we are open and transparent about how we handle your personal information and about our obligations under applicable data protection laws and regulations, including the General Data Protection Regulation (the “GDPR”) and the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (including as further amended or modified by the laws of the United Kingdom or a part of the United Kingdom from time to time).
This privacy statement explains the basis on which we will control and process any personal information we have about you in connection with the ownership and/or administration of your loan account, that we collect from you or that you may provide to us. We are responsible for any such personal data in our capacity as a data controller or as a data processor, as determined in accordance with applicable data protection legislation.
We have tried to keep this statement as straightforward as possible. However, if you require any further information or clarification or would like to get in contact with us, then please contact Asset Link Capital (No.9) as follows. They will receive and process any requests, complaints or enquiries about your rights on our behalf:
|By writing to||Asset Link Capital (No. 9), PO Box 255, Caerphilly CF83 9FF|
|By calling us on||02920 858786|
|By emailing us at||[email protected]|
 Asset Link Capital (No.9) Limited is a company incorporated in England and Wales (registered number 14222123), whose registered office is at The Peak, 5 Wilton Road, London, United Kingdom, SW1V 1AN.
 Asset Link Capital (No.9) is a trading name of Link Financial Outsourcing Limited. Link Financial Outsourcing Limited is registered in England under number 07059696 and is authorised and regulated by the Financial Conduct Authority, FRN 606817
2. Do we have a Data Protection Officer?
Given the nature of the business of Asset Link Capital (No.9), and the data that we hold we have appointed a Data Protection Officer to help ensure that your rights are protected. You can contact our Data Protection Officer at PO BOX 107 Caerphilly CF83 3GG.
3. What information do we collect?
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may process the following categories of personal data about you:
- Customer data – this includes data such as names, title, address, phone number, email address, gender, nationality, age, date of birth, financial details and circumstances and employment details.
- Communication data – this includes any communication that you send to us whether that be via email, telephone or any other method.
- Technical data – this includes data about how you use our website such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details of the number of times you use our website. The source of this data is our analytics tracking system.
We collect and use this personal data in order to provide our services to you. If you do not provide personal data we ask for, it may delay or prevent us from performing our contract with you and providing these services.
We do not carry out automated decision making or any type of automatic profiling.
Special Category Data
We require your explicit consent if we process special category data (e.g. health data). Where relevant, we will send you a further communication asking you to confirm your consent for this processing.
4. How do we collect your data?
We may collect data about you when you provide the data directly to us (for example, by sending us emails or through other forms of correspondence we have with you, such as phone calls).
We may obtain data about you from the previous (or current) owner of your loan.
Third parties that we appoint may collect data from you and pass it on to us.
We may receive data from third parties such as analytics providers for example, Google, some of which may be based outside the United Kingdom and/or the European Economic Area. Please see section 11 below for further details.
5. What do we do with your information?
We may use your information on any of the following lawful grounds:
a. For the performance of a contract with you; or
b. For compliance with a legal obligation to which we are subject; or
c. For the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms.
Our legitimate interests include the following:
- To conduct our business as an entity that has an interest in loans;
- To conduct our business as an entity that is an asset manager of loans;
- To communicate with you;
- To provide, monitor and improve any service we offer to you;
- To manage and maintain relationships with you and for ongoing customer service;
- For record keeping;
- To generate reports;
- To operate and ensure the security of our website;
- To maintain back-ups of our website or databases;
- To analyse your use of our website;
- To deliver relevant website content;
- To monitor and record calls for quality, business analysis, training and related purposes in order to improve any service we offer you;
- To protect our legal rights and interests including screening for fraud prevention and anti-money laundering purposes;
- For the establishment, pursuance or defence of complaints, investigations and legal claims;
- To meet our regulatory, legal and/or compliance requirements; and
- To grow our business.
- To decide our marketing strategy (to the extent that we market to customers as a result of this, we will rely on our legitimate interests or otherwise obtain consent from customers).
6. Who do we share your information with?
The three main credit reference agencies Callcredit, Equifax and Experian ( also called CRAs) each use and share personal data they receive about you that is part of, derived from or used in credit activity and this is explained in more detail in the Credit Reference Agency Information Notice (CRAIN) available at any of the following: TransUnion (www.transunion.co.uk); Equifax (www.Equifax.co.uk/crain) and Experian (www.experian.co.uk/crain).
We may share your information with our employees, directors, shareholders (and to those of our affiliates), financial institutions, investment companies, accountants, lawyers, auditors, insurers, professional advisors, credit reference agencies or other third party service providers who provide services to us such as those that assist us with running our business (e.g IT service providers) and asset management companies. We may also disclose information we have a legal or regulatory right or obligation to report. Further, we may share your information with third parties to whom we sell, transfer or merge parts of our business or our assets.
It is our commitment that prior to disclosing any personal information about you to another organisation we have taken all reasonable steps to ensure that that organisation will hold and protect your information with adequate security measures and in accordance with relevant regulation.
7. How do we keep your information safe?
We protect your information with appropriate security measures under the laws and regulations that apply to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed without authorisation. We confirm our security measures are subject to regular testing and updated as appropriate to the level of data that we hold.
We have procedures in place to deal with suspected personal data breaches and will notify you and any applicable regulator of a breach if we are legally required to do so.
8. How long do we keep your information for?
We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding what the correct time is for which we should keep the data, we look at its amount, nature and sensitivity, the potential risk of harm from unauthorised use or disclosure, the processing purposes, whether these can be achieved by other means and legal requirements.
For tax purposes, in certain circumstances the law requires us to keep information about customers (including Customer, Client, Investor and Communication Data) for six years after they stop being customers.
In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. What are your rights regarding your information?
You have explicit rights concerning your personal information and we will ensure that your rights are protected while your data is in our possession. Your rights include the following:
Right of Access – you may request a copy of all the personal information we hold about you and we will respond within one month. If your request is particularly complex or you have made a number of requests, we may extend this period by a further two calendar months and we shall explain our reasons.
Right of Deletion – You may wish to have certain data we hold deleted and we will comply with this right where, for example, it is no longer necessary for us to hold the data or if there is no lawful ground for processing.
Right of Rectification – You have a right to request that any incorrect, inaccurate or incomplete data is updated, corrected and/or completed.
Right of Restriction – You may wish to restrict us from using your data where, for example, you contest the accuracy of the data.
Right to Object – You have a right to object to us using your data where processing is carried out for direct marketing or for our legitimate interest. We will no longer process your data unless we can demonstrate compelling legitimate grounds.
Right to Data Portability – You have a right to request we share your data with another organisation and we will assist with that process where possible.
You will not have to pay a fee to access your personal data (or to access any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Please note that we may ask you to provide us with additional documentation to verify your identity before we action your request. This is to ensure we are dealing with the correct individual and also for Anti-Money Laundering purposes. We will tell you when we ask for your information whether it is a statutory or contractual requirement to give us the information and the consequences of not providing the information.
10. Making a complaint
If you wish to make a complaint then you may do so in person, by telephone, in writing and/or by email. Please note that complaints will be dealt with on our behalf according to the complaints policy of Asset Link Capital (No.9) and will be fully logged and investigated.
You can also contact the Information Commissioner’s Office (ICO), which is the UK supervisory authority for data protection issues (www.ico.org.uk).
We will not transfer your data to a country outside of the United Kingdom and/or the European Economic Area unless that country ensures an adequate level of data protection, has appropriate safeguards in place or relies on one of the derogations provided for under applicable law and regulation.
It is very important that the information we hold about you is accurate and up-to-date. Please let us know if at any time your personal information changes by contacting us via the details set out above.
This privacy statement was first published in November 2022. This may be updated by us at any time. When we make any material changes to this statement, we will communicate these to you appropriately.