This version was created on 10 November 2018.
For the General Data Protection Regulation (GDPR) 2018, Insight Private Finance Limited is the registered data controller responsible for your personal data and this website, whose registered office is at 7a Alkmaar Way, Norwich, Norfolk, NR6 6BF, United Kingdom.
Email address: firstname.lastname@example.org
We may collect, use, store the following kinds of personal data, either via the online 'fact find' you complete on our website or via further communications with you, such as telephone calls or electronic messages:
Under anti-money laundering regulations, we are required to complete customer identity verification. We will check and verify your name and address against data held by credit reference agencies databases and the electoral roll. If this verification fails, we may ask you to provide us with further personal identity and proof of address documents to confirm your details. This process of checking and verification does not affect you credit history.
We may use your data and information to contact you to ask you if you would like to leave a review and make any of your reviews public, potentially as part of our marketing material, or to assist with any issues you may have come across while using our service or product.
We may also record information about potential vulnerabilities in order to meet our obligations to vulnerable customers, as set out by the Financial Conduct Authority (FCA). Find out more here.
Calls with our customer support staff and advisors may be recorded for training and monitoring purposes.
When you provide it to us by:
We'll mainly use your personal data when applying for a mortgage, insurance product or other product or service that we offer, where we need to perform the contract we're about to enter into or have entered into with you. We use your data to do the following:
The lawful basis for processing your data for the activities described above are as follows:
Where we rely on consent as a legal basis for processing your personal data, you have the right to withdraw consent to marketing at any time by contacting us.
All data associated with a completed mortgage application or other product application will be held by us for at least 6 years post-completion, to meet our legal and regulatory obligations. Any data associated with an incomplete application will be held as long as your Insight Private Finance account remains open. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
We may share your information with the following entities
We will get your express opt-in consent before we share your personal data with any other company for the third party's marketing purposes.
We will ensure your data remains within the EEA and therefore fall under purview of the General Data Protection Regulation. If for any reason we use third parties that are domiciled outside of the EEA any such data storage will undergo further enhanced controls and checks, dependent on the country of storage. We will inform you of any such instance where this may occur.
If you would like to stop receiving marketing messages from us, you can opt out at any time by clicking the unsubscribe button or the link at the bottom of any of our marketing emails, or by contacting us at any time.
Where you opt out of receiving these marketing messages, this won't apply to personal data provided to us as a result of a product transaction.
Under the General Data Protection Regulation 2018, your rights are as follows:
you have the right to access your personally identifiable data and supplementary information. This will be provided free of charge. However, when a request is manifestly unfounded, excessive or repetitive we reserve the right to charge a fee. We may also charge a reasonable fee to comply with requests for further copies of the same information. You can request access to your information by emailing us at email@example.com
you have the right to be informed about the collection and use of your personally identifiable data
you have the right to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
This enables you to ask us to delete or remove personal data, known as 'the right to be forgotten', where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we're required to erase your personal data to comply with local law. It is important to note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
you have the right to object to the processing of your personal data where we're relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we're processing your personal data for direct marketing or profiling purposes.
This enables you to ask us to suspend the processing of your personal data. This is not an absolute right and only applies in certain circumstances. Please note that even when processing is restricted, we are allowed to store your data.
We'll provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
if we have performed automated decision making and you wish to have a human intervene or wish to challenge the automated decision.
If you withdraw your consent, we may not be able to provide certain products or services to you. We'll advise you if this is the case at the time you withdraw your consent.
When applying for a product via Insight Private Finance, we will share your data with lenders in order to process your application. Your lender may use credit reference and fraud prevention agencies to help them make decisions. This will involve checking records at credit reference agencies (CRAs) and at fraud prevention agencies (FPAs).
When CRAs receive a search request from the lender they place a search footprint on your credit file that might be seen by other lenders. Having multiple search footprints on your credit file may affect your ability to borrow in the future. The lender will make checks such as assessing your application for credit and verifying the applicants' identities to prevent and detect crime and money laundering.
As noted above, if you are making a joint application the lender will link your records together, so you gain your partner's express consent to disclose their personal data and information. CRAs also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
Information on applications will be sent to CRAs and will be recorded by them. Where you borrow from the lender, the lender will give details of your accounts and how you manage it/them to CRAs. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs and CRAs to perform similar checks and to trace your whereabouts and recover debts that you owe.
If you give false or inaccurate information and the lender suspects or identifies fraud, the lender will record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention.
If you have borrowed from the lender and do not make payments that you owe them, the lender will trace your whereabouts and recover debts.
The lender and other organisations may access and use the information recorded by fraud prevention agencies based in other countries.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
All data held on the platform is stored in the Microsoft Azure cloud. The underlying Azure cloud is certified by many international and governmental bodies, including PCI-DSS (payment card processing) and UK G-Cloud compliance.
Access to managing the services within the Azure infrastructure is protected by three levels of authentication: all users must use two-factor authentication and strong passwords, and all individual services have an access password. All users have individual access accounts, which are centrally controlled and permissioned. Access to management functions and code deployments are performed over HTTPS (through a browser) or SSH (through PowerShell).
Access to the data held within the services is further protected by a firewall which only permits white-listed IP address to connect. Databases, file storage and all backups are encrypted by default, and databases are encrypted at rest (transparent data encryption).
Databases are backed up continuously and held both on the infrastructure (hot backup) and offline (cold backup) on encrypted hard drives. Full data snapshots are taken and tested before any infrastructure or code deployment, so that changes can be rolled back immediately. The deployment process is fully automated, using the same authentication as access to underlying services.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
If you have a complaint about the way your data has been handled, please contact Penvest:
Email address: firstname.lastname@example.org
Telephone: 01603 268080
In writing: Antony Howard, Penvest Ltd, Insight House, 7a Alkmaar Way, Norwich International Business Park, Norwich, NR6 6BF
Please include your name and address, a contact telephone number, the email address you signed up with and details of why your complaint. We will investigate your complaint promptly and will respond to you as soon as we can detailing our findings of your complaint.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK independent supervisory authority for data protection issues (www.ico.org.uk) at:
Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
0303 123 1113
Our Information Commissioner's Office (ICO) registration number is ZA474574