Identity & contact details
Redbridge Finance Limited is the Data Controller, or Controller, responsible for processing and storing the Personal Data (Data) you have provided along with any additional data that you provide in the future, or that which is obtained, observed, derived or inferred about you.
We are registered with the Information Commissioners Office in respect of the Data Protection Act 1998 and, from 28th May 2018, the General Data Protection Regulations (GDPR). Our registration number is ZA533663.
We can be contacted by:
BrightOffice Limited is a 3rd party Data Processor that we use to provide our service. This organisation supplies the software that we use to process your claim and your data is stored on their servers and processed by their systems. They do not control how your data is used or how it is managed, their systems process it according to our instructions. BrightOffice Limited is registered with the Information Commissioners Office with registration number Z2557861. (You should not contact BrightOffice Limited directly about your data as they will not be permitted to access or discuss this with you without our instruction as they are not the Data Controller.)
Here is a short summary of what we do.
Redbridge Finance Limited is a regulated Claims Management Company (CMC).
In our role as a CMC we act on your behalf to submit and manage claims for compensation in respect of financial products and services that may have been mis-sold, or inappropriately granted to you.
Your claim is being processed by Redbridge Finance Limited. We believe it is important to protect your Personal and Non-Personal Data (as defined in the Data Protection Act 1998) and we are committed to giving you a personalised service that meets your needs in a way that also protects your privacy. This policy explains how we may collect Data about you. It also explains some of the security measures we take to protect your Data, informs you of your rights under the regulations, and tells you certain things we will do and will not do. You should read this policy in conjunction with the Terms of Business.
Purpose & legal basis for processing your Data
It is important that you understand the purpose that we have collected your Data for and the legal basis that we will use for processing it.
You are submitting your claim using our claim form (or by another agreed method). We need to collect this Data so we can assess your claim and determine whether it has merit. If it does we will use the information you have supplied to submit a claim to the relevant lender and manage this claim to its conclusion. If the lender rejects your claim we will also use your data to submit the complaint to the Financial Ombudsman Service (FOS). Please see the ‘Collecting Data’ and ‘Using Your Data’ sections below for details of how we will collect and use your Data to achieve this purpose.
The legal basis for processing
The legal basis for processing your Data means identifying what (or who) gives us the right to process your Data. Without at least one of these rights being present, we would have no legal right to do so. We rely on 4 different legal bases to process your Data.
Legitimate interest of the controller
One of the legal bases for processing your Data is where it is necessary for the purpose of our own legitimate interests. This means situations where we want, or need, to do something that is principally for our own benefit, provided it will not be detrimental to your own interests, rights or freedoms.
Details of our applicable legitimate Interests include:
This section will provide you with information about the different ways that we will obtain Data about you. This includes collecting Data by the following methods:
Using your Data
When we have collected Data about you we may use this for many different legitimate purposes, both to enable us to provide the service to you, for our own administration and record keeping, to meet our regulatory & legal requirements and to communicate with you and to improve our own systems and services. Below is a summary of these uses:
In addition to the above we may allow other people and organisations to use the Data we hold about you to perform tasks on our behalf in the following circumstances:
Keeping us updated
We may, from time to time, send you an email asking you to visit our website to check and confirm that accuracy of the Data that we hold about you. You agree to receive these requests to validate your details and will notify us of any errors using the method that we outline in the email.
Recipients or categories of recipient of your Data
Under the regulations, we are required to tell you who we will be passing your Data on to. Sometimes it is not always possible to list these organisations by name as there can be too many of them and they can change regularly. In such circumstances, we are permitted to disclose the category of recipients of your Data.
Transfers to third countries and the safeguards
When we transfer your data within the UK and European Economic Area we will always make sure that the people or organisations are registered with the relevant Data Protection Authority for that country. This should protect you and your Data to the levels specified by the current regulations. In the UK this is the Information Commissioners Office.
The most common such transfer would be to the USA. Where this happens we would ensure that the third party is a member of the US-UK Privacy Shield agreement between the European Economic Area and the USA.
This section is specifically aimed at you if you provide your consent to us, or third parties, contacting you for Direct Marketing (DM) purposes. Direct Marketing is defined as the communication, by whatever means, of any advertising or marketing material, which is directed at a particular individual.
Direct marketing from us
If you have consented to this we will only use the methods of contact you have agreed to. We have many different brands which we trade under and we may contact you from any of these. We will limit the categories of products that we include in this marketing. We may also contact you about products and services offered by trusted third parties.
A full list of the brand names we may use, along with the categories of products and services we may contact you about, is available if you follow the link from the claim form.
Direct marketing from 3rd parties.
If you have consented to this we will only permit them to use the methods of contact you have agreed to. While it is impossible to list these third parties by name, we are obliged to provide you with the categories of organisation and products that they will send you marketing material about.
A full list of the organisation and product categories is available if you follow the link from the claim form.
If you choose to opt- in to either of the direct marketing options, you may change your mind at any time. The easiest way to do this is to follow the opt-out instructions contained in that message. This will however only opt you out of that method of communications from that sender. To opt out of all/other direct marketing methods, you will need to email, call or write to us using the details in the “Identity and contact details” section of this document. Please include your full name, email address and mobile number and what you wish to opt out of, in any written communication, so we can accurately follow your wishes.
Retention period of your Data
When you provide Data to us we will store it securely on our systems, and those of any third party Data Processor, and protect it to a level you would expect of us. The Data Protection Regulations require us to only keep, or retain, this Data for as long as we need to.
When determining this retention period we must consider what we would use the data for during this period. This includes:
On the basis that you can make a complaint about us to the Legal Ombudsman up to 6 years after the event that you are complaining about, we will keep your Data on file for a period of 6 years from the date the we terminated our relationship. This will be later of:
Where we have managed more than 1 claim, this will be the latest date across all such claims.
Your right to access
Under the Regulations, you have the right to obtain confirmation that your Data is being processed and also access to the Data we hold. You also have the right to supplementary information, however, this largely corresponds to the information which is provided in this document, where a copy will be supplied.
Generally, you have the right to obtain this information free of charge and within 1 month of us receiving your request.
On rare occasions where the request is manifestly unfounded, excessive, repetitive or where you request further copies of the same information already supplied, we will be entitled to charge a reasonable fee to cover our administrative costs. We will advise you in advance if we intend to charge this fee and ask you to confirm your acceptance of it by making payment to us at that point. Where one of the above applies we may also refuse to responds to your request, we will notify you of this refusal and provide details of the actions you may take if you are unhappy with this decision.
When making such a request, you must provide sufficient information about yourself to enable us to verify your identity.
Your right to rectification
Under the Regulations, you have the right to have your Data rectified if it is inaccurate or incomplete.
If we receive such a request, we will normally complete the rectifications and respond to you within 1 month to advise you that this has been done. In the unlikely event that we are not willing or able to take action in respect of your request to rectify your Data we will notify you of this and provide details of the actions you may take if you are unhappy with this decision.
Where we have disclosed your Data on to third parties, when it is possible to do so, we will inform them of the rectification. We will also, where appropriate, advise you of the third parties that your Data was passed to.
Your right to erasure
Under the Regulations, in some circumstances, you have the right to ask us to erase your Data and to prevent us from processing it.
We may, however, have the right to refuse this request, even if you withdraw your consent, on the following basis:
We will advise you at the time whether we are able to carry out your request, or whether we deem that there is an overriding basis to continue to store and process your Data.
Where we have disclosed your Data on to third parties, when it is possible to do so, we will inform them of your request to have your Data erased.
Your right to restrict processing of your Data.
Under the regulations, you have the right to ‘block’ the processing of your Data. When the processing is restricted, we may still store your Data, but may not process it. We will allow a block to be placed on the processing of your Data in the following circumstances:
If, following a restriction being placed on processing your Data, we decide to lift this restriction, we will advise you of this and explain why.
Where we have disclosed your Data on to third parties, when it is possible to do so, we will inform them of the restriction on processing your Data.
Your right to data portability
Under the regulations, you have the right to ask us to provide certain Data you have provided to us in a structured, commonly used, machine-readable form. In simple terms, this means a computer file containing your Data which another organisation can import directly into their computer systems. The aim of this right is to make it easier for you to switch providers without having to manually obtain and re-enter all your details. This right is ONLY applicable where:
It should also be noted that this right is limited to Data that you provide to us. This may be through the application form, or through Data we collect, based on your actions, as you use our services. It does not include any Data that has been generated by us about you, such as our decision making or processes.
We will also, upon your request, and provided it is technically feasible, transmit this Data electronically to another organisation.
We will aim to carry out your request without undue delay, but in any case, we will take no longer than 1 month. If the request is complicated, we may extend this by two further months, but we will contact you within the initial month to provide more details on this.
We will normally produce the file in CSV format.
Before we will carry out this request we need to make sure that we can adequately identify you. If we cannot do this based on the information you provide in the request, we will ask for additional information to be supplied. We will only provide this Data when we have reasonably assured ourselves that it is you that is making the request.
Additionally, where you have asked us to transmit the Data to another organisation, we will only do this where the security of the file during transit can be assured. We will advise you whether we consider your requested transmission method to be adequately secure when we receive your request.
Note: The ‘right to data portability’ is not the same as the ‘right to access’. The right to access may provide you with more of the information that we hold on you as it will include more than just the Data you have supplied, however under the right to access, the data will not be provided in a machine-readable format and therefore will be unlikely to be easily imported into another organisations systems. As a rule of thumb, if you want to move your Data, portability is probably the best option, if you want to see for yourself what we hold about you, then it’s the right to access that should be considered.
Your right to object
Under the regulations, you have the right to object to us processing your Data for the following purposes:
You will be given your right to object to Direct Marketing during the application process. We will only carry out such marketing where you have given your explicit consent. We will stop such marketing if, at any stage, you advise us that you have changed your mind. More details can be found in the section on Direct Marketing.
If you object to us processing your Data on the basis of our own legitimate interests, we will stop processing UNLESS we can demonstrate to you that our interests will over-ride your own interests in this matter.
If you object to us processing your Data for research purposes, you must have grounds relating to your particular situation in order to exercise this right.
Your right to withdraw consent at any time
When you withdraw your consent, you may prevent is from carrying out some, or all, of the tasks you have asked us to perform on your behalf. In these circumstances, we will not be liable for the results of us not being able to fully execute our role in the process, including things that we have been unable to do which have led to us failing to provide the agreed service.
Even after you have withdrawn your consent as a legal basis for processing your Data, we may still be able to perform some, or all, of our actions using one or more of the other legal bases provided under the Data Protection Regulations. More details of these can be found in the section Purpose & legal basis for processing your data.
Your right to lodge a complaint with a supervisory authority
If you are unhappy with anything we have done, or not done, regarding your Data and the Data Protection Regulations, you have the right to make a complaint to our supervisory authority. In the UK the supervisory authority is the Information Commissioner’s Office (ICO). They can be contacted by:
As a responsible Company, we would always prefer the opportunity to work with you to resolve your complaint ourselves before you contact our supervisory authority. If you would be happy for us to do this, please contact us using one of the methods in the first section of this document. You can always refer the matter to the ICO at any point if you are unhappy with the way we are dealing with it.
The provision of your Data
You are not required by any statutory (legal) or contractual requirement to provide us with any of your Data before you sign our Terms of Service. If however, you do not supply the information request on the claim form we will be unable to proceed with providing you the service.
After this point, unless you cancel our service in accordance with our Terms of Business, you will be required to provide us such information, as may be requested from time to time, which is reasonably required in order to submit and manage your claim.
If you do not provide us with the Data requested after signing the Terms of Business, we may be unable to carry out the claims management role that you have asked us to do when you apply. This may also put you in breach of our Terms of Business
The existence of Automated Decision Making (ADM) and your right in relation to automated decision making and profiling
Under the regulations, in some circumstances, you may have the right not to be subject to a decision which has been based on automated processing and produces a legal or similarly significant effect on you. Under these circumstances, your rights include obtaining human intervention, expressing your point of view or obtaining an explanation of the decision and then challenging it.
We do not use Automated Decision Making or Profiling in our processes.
What we will do
We will ensure that we take all reasonable steps to protect your Data at all times. This includes, but is not limited to:
We will only store your Data on secure servers, whether owned by us or another Data Processor. Where we transmit your data over the internet we will use a recognised encryption method such as https.
What you need to be aware of
Please remember that communications over the internet, such as emails and webmail’s (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered – this is the nature of the internet. We cannot accept responsibility for any unauthorised access or loss of Data that is beyond our control or occurs before we are in receipt of the data.
When we provide services, we want to make them easy, useful and reliable. This sometimes involves placing small amounts of information on your computer. These are called ‘cookies’.
These cookies cannot be used to identify you personally and are used to improve services for you. A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website.
Cookies are used by many websites and can do a number of things, for example remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website.
We use Google Analytics cookies to collect information about how visitors use our website and to help us ensure it is tailored to our customers’ needs and interests. These cookies only collect information in an anonymous form, including the number of website visitors and the pages visited. No Data is collected or stored by Redbridge Finance Limited. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout
A number of websites provide detailed information on cookies, including AboutCookies.org and AllAboutCookies.org.
If you have any queries about these or would like more information, please contact us using the details in the first section of this document.
The Website may include third-party advertising and links to other websites. We do not provide any personally identifiable customer information to these advertisers or third-party websites.
We exclude all liability for loss that you may incur when using these third party websites.