Maintaining the security of your data is a priority at Firmin & Co, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. Firmin & Co. is also dedicated to being transparent about what data we collect about you and how we use it.
This policy, which applies whether you visit our branches, use your mobile device or go on line, provides you with information about:
You have the right to opt out of receiving promotional communications at any time, by:
Our service providers and suppliers
In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include mortgage services and conveyancing. Firmin & Co. only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to Firmin & Co. and to you, and for no other purposes.
Other third parties
Aside from our service providers, Firmin & Co. will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organisations for marketing purposes.
We may share your data with:
1. How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.
1.1 It applies to Information collected by us, or provided by you, whether in one of our branches, over our Website (including the mobile optimised version of the website accessible from your portable hand-held device), or in any other way (such as over the telephone). It is also intended to assist you in making informed decisions when using our Website, App and our products and services. Please take a minute to read and understand the policy.
2. What Information Do We Collect on our Website?
2.1 When you visit our Website (including the mobile optimised version of the website accessible from your portable hand-held device) you may provide us with personal information such as name, address, telephone number and email address. You may provide us with Information in a number of ways:
a) by supplying us with the Information as listed above, on an individual basis by registering as a registered user or subscribing to receive updates from us. To become a registered user you must provide us with your name, address, postcode, and email address, but you may also provide us with additional information if you choose to do so.
b) by corresponding with us by email, in which case we may retain the content of your email messages together with your email address and our responses;
f) by Information provided when you use our mobile optimised website from your portable hand-held device including details of your physical location, where you have agreed to it being used.
3. How we use your Information
3.1 We will hold, use and disclose your Information for our legitimate business purposes including:
a) to keep you up to date about important changes to our business;
b) to direct-market products and services (including push notifications), advise you of news and industry updates, events, promotions and other information. Before we do so, you will be given an option to opt-out of such communications and an option to unsubscribe will also be provided with each communication;
c) to answer your queries;
d) to provide further services to you by sharing your Information with other companies within our group of companies, as well as trusted third parties. Further details about this are set out in the section 8 below on Sharing your Personal Information;
e) to release Information to regulatory or law enforcement agencies, if we are required or permitted to do so.
4. The legal basis for processing your Information
4.1 Under GDPR, the main grounds that we rely upon in order to process your Information are the following:
a) Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your Information. We may also be obliged by law to disclose your Information to a regulatory body or law enforcement agency;
b) Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your Information for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your Information protected. Our legitimate interests include responding to requests and enquiries from you or a third party, optimising our website and customer experience, informing you about our products and services and ensuring that our operations are conducted in an appropriate and efficient manner;
c) Consent – in some circumstances, we may ask for your consent to process your Information in a particular way.
5. How we share your Information
5.1 In certain circumstances we will share your Information with other parties. Details of those parties are set out below along with the reasons for sharing it.
a) Other parties within our group of companies: Your information may be shared with our UK branches, as certain processing functions within Firmin & Co are centralised.
b) Trusted third parties: In order to provide certain services, we will share your information with third party service providers such as, solicitors, mortgage brokers and IT infrastructure companies. We will not share your data with any third party where it is not necessary to do so to provide a service to you.
c) Regulatory and law enforcement agencies. As noted above, if we receive a request from a regulatory body or law enforcement agency, and if permitted under GDPR and other laws, we may disclose certain personal information to such bodies or agencies.
d) New business owners. If we or our business merges with or is acquired by another business or company, we will share your personal information with the new owners of the business or company and their advisors. If this happens, you will be sent notice of such event.
6. How long we hold your Information
We will only retain your Information for as long as is necessary for the purpose or purposes for which we have collected it. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept. For example, if we receive your Information through a competition entry, we will retain your data for as long as is necessary to administer the competition. If we receive your Information when you apply for a job, we will retain your data for as long as is necessary to process your application, and maintain application statistics. We will not directly market to you for longer than three (3) years, unless you consent to receive direct marketing by opting in again before the expiry of that three (3) year period. In certain circumstances, once we have deleted or anonymised your data, we may need to retain parts of it (for example, your email address), in order to comply with our obligations under GDPR or other legislation, or for fraud detection purposes.
7. Your rights relating to your Information
7.1 You have certain rights in relation to personal information we hold about you. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on your request.
a) Right of Access. You have the right at any time to ask us for a copy of the Information about you that we hold, and to confirm the nature of the Information and how it is used. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your Information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
b) Right of Correction or Completion. If Information we hold about you is not accurate, or is out of date or incomplete, and requires amendment or correction you have a right to have the data rectified, updated or completed. You can let us know by contacting us at the address or email address set out above.
c) Right of Erasure. In certain circumstances, you have the right to request that Information we hold about you is erased e.g. if the Information is no longer necessary for the purposes for which it was collected or processed or our processing of the Information is based on your consent and there are no other legal grounds on which we may process the Information.
d) Right to Object to or Restrict Processing. In certain circumstances, you have the right to object to our processing of your Information by contacting us at the address or email address set out above. For example, if we are processing your Information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You also have the right to object to use of your Information for direct marketing purposes.
You may also have the right to restrict our use of your Information, such as in circumstances where you have challenged the accuracy of the Information and during the period where we are verifying its accuracy.
e) Right of Data Portability. In certain instances, you have a right to receive any Information that we hold about you in a structured, commonly used and machine-readable format. You can ask us to transmit that Information to you or directly to a third party organisation.
This right exists in respect of Information that:
While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to Information of others without their consent.
7.2 You can exercise any of the above rights by contacting us at the address or email address set out above. You can exercise your rights free of charge.
7.3 Most of the above rights are subject to limitations and exceptions. We will provide reasons if we are unable to comply with any request for the exercise of your rights.
To the extent that we are processing your Information based on your consent, you have the right to withdraw your consent at any time. You can do this by unsubscribing via the link provided in any direct marketing communication, or contacting us at the address or email address set out above.
9. Website Accessibility
9.1 Firmin & Co. recognises the importance of providing a website that is accessible to everyone and is easy to use. This section outlines our ongoing commitment to making our online services accessible and explains some of the accessibility features of this Website.
9.2 Website accessibility means that people with disabilities can use the Website. More specifically, Website accessibility means that people with disabilities can perceive, understand, navigate, and interact with the Website, and that they can contribute to the Website. Website accessibility also benefits others, including older people with changing abilities due to aging. (Quote from https://www.w3.org/WAI/intro/accessibility.php)
9.3 This Website contains the following features which should help users make the website more accessible:
a) providing a sitemap;
b) every content and decorative image has the ability to have alternative text added so if images are disabled or not appearing the user can see read what the image is displaying;
c) tabbing through the Website is organised in a logical top down left to right order;
d) clearly defined visible hover and focus (tab) state for each link;
e) the ability to jump to the main content on the page by bypassing the top menu when you use the keyboard;
f) HTML for lists, tables and quotes being coded correctly;
g) the ability to navigate around the site and access all functionality by only using the keyboard;
h) all fields and labels within forms including error messages, are clearly labelled and have the correct notations;
i) the visual contrast combination of text and background colours meet the correct ratio so all text is easily read; and
j) the Website is readable when large size text is used in Internet Explorer
If you are unhappy about the use/processing of your personal information, you can contact our Data Protection Officer by email firstname.lastname@example.org or by calling 01733 973673