Who we are?
Hexa Finance Limited (Company No. 12814502) are financial consultants and commercial finance brokers, based in South Wales. You can find out more about us at www.hexafinance.co.uk. Our registered office is Merlin House, Langstone Business Park, Newport, Wales, NP18 2HJ and we can be contacted at email@example.com. For commercial finance broking activities, Hexa Finance Limited are authorised and regulated by the Financial Conduct Authority as a broker, not a lender under FRN: 974633.
For the purpose of the European Data Protection regulations (the ‘GDPR’) and the Data Protection Act 2018 (‘the Act’) (both of which Hexa will fully comply with) we will either be the Data Controller or Data Processor. We are registered with the Information Commissioner’s Office (ICO) under RR: ZA791290.
If you have any questions, or want more details about how we use your personal data, you can ask us by emailing firstname.lastname@example.org.
In providing you access to financial products and services; we may be required to process your personal data. This Privacy Notice sets out the ways in which Hexa Finance are committed to protecting and respecting your personal data, including what we do with your information and who it will be shared with. It will tell you about your privacy rights and how the law protects you.
This Privacy Notice may change at any time in the future – we will keep it up-to-date on our website www.hexafinance.co.uk for you to access at any time.
What data do we collect?
When you engage with us (either directly or via a third-party), we may receive personal information about you which may include your name, address, date of birth, bank details, details about your employment, and other categories of as information outlined in the table below. This can be collected directly from you or through an agent such as an introducer, independent financial advisor, or solicitor, and may be in writing, on our website, over the telephone, by e-mail, or by some other means.
|Your Name, Date of Birth
|Your financial position, status, and history
|Where you live, your telephone number, email address and other ways to contact you
|Details about payments to us and or our funding panel.
|Details about the products and services we provide to you
|Details about how you use our products and services
|What we learn about you from letters, emails and conversations between us
|Open Data & Public Records
|Details about you that are in public records, such as the Electoral Register and information that is openly available on the internet
|Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, driving licence and birth certificate.
We will not collect or process ‘Sensitive Personal Data’ without having both a legal basis to do so and your explicit consent.
You must not send us personal data about someone else without first getting his or her consent for it to be used and disclosed in the ways set out in this Privacy Notice. If you do send such personal data, we will assume he or she has consented, although we reserve the right to ask for confirmation from them. Where you do give us data about someone else, or someone else discloses a connection with you, that data may be considered with your other personal data.
How the law protects you
As well as our Privacy Notice, your privacy is protected by law. This section explains how that works.
Data Protection law says that we can use personal information only if we have a valid basis on which to do so. The law says we must have one or more of these valid reasons:
- To fulfil a contract we have with you, or
- When it is our legal obligation, or
- When it is in our legitimate interest, or
- When you consent to it
A legitimate interest is when we have a business or commercial reason to use your information, if it does not interfere with your fundamental rights and freedoms. If we rely on our legitimate interests, we will tell you what that is.
Here is a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are:
Who we share your personal data with?
We will never sell or lease your personal information to any third party. We may transfer, disclose or distribute your personal information in the following circumstances:
- Where we have your permission.
- Where we are required to do so by law.
- Where there are legitimate interests for processing – i.e. where it is needed by our agents, advisors or others involved in running accounts and services for you or in undertaking activities linked to the operation of such services or accounts on our behalf; or
- Where the transfer or disclosure would otherwise follow legal requirements, we are subject to including, but not limited to, statute or regulation.
Hexa Finance Limited may share your personal data with these organisations:
|Financial Institutions such as banks, peer-to-peer lenders, private investors, alternative finance providers to whom we may apply for finance on your or your business’ behalf.
|Credit Reference Agencies*
|To assess you or your business is eligible for credit, to check you or your business is able to afford to make repayments, to make sure what you’ve told us is correct, to help detect and prevent financial crime, to trace and recover debts.
|Fraud Prevention Agencies
|To detect fraud and money-laundering risks. Agents / Advisors To assist in setting up and maintaining your account, and to assist our communication with you
|Independent Software Providers
|Software that is used by Hexa Finance Limited to assist in the processing of data as part of an application or enquiry by you our customer.
When we ask CRAs about you or your business, they will note it on your credit file. This is called a credit search. Other lenders may see this, and we may see credit searches from other lenders. We will also search other partners or directors that you are in business with. You should tell them about this before you apply for a product or service. It is important that they know your records will be linked together, and that credit searches may be made on them. You can find out more about the CRAs on their websites, in the Credit Reference Agency Information Notice.
We may also share your personal information if the make-up of Hexa Finance Limited changes in the future:
- We may choose to sell, transfer, or merge parts of our business, or our assets. Or we may seek to acquire other businesses or merge with them.
- During any such process, we may share your data with other parties. We will only do this if they agree to keep your data safe and private.
- If the change to our company happens, then other parties may use your data in the same way as set out in this notice.
Where we store your personal data
Hexa Finance access these products via Microsoft’s “Two Factor” Authentication tool to ensure we keep ours and our customers data safe as all times.
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice. We will only send your data outside of the European Economic Area (‘EEA’) to:
- Follow your instructions.
- Comply with a legal duty.
- Work with our agents and advisors who we use to run your accounts and services.
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the processing of your payment details and the provision of support services. We may transfer your personal data to recipients located in countries outside of the EEA which may not have data privacy laws equivalent to those in the EEA. In those instances, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice and applicable data privacy laws.
How long we keep your personal data
We will keep your personal data for as long as you are a customer of Hexa Finance Limited. After you stop being a customer, we may keep your data for longer than 7 years for one of these reasons:
- To respond to any questions or complaints.
- To show that we treated you fairly.
- To maintain records according to rules that apply to us (e.g. 2007 Anti-Money Laundering regulations).
We may also keep your personal data for longer than 7 years if we cannot delete it for legal, regulatory or technical reasons. If we do, we will make sure that your privacy is protected and only use it for those purposes. We may also keep it for research or statistical purposes unless you object.
We or our lenders may use a system to decide whether to lend money to you or your business, when you apply for credit – this is called credit scoring. It uses past data to assess how you’re likely to act while paying back any money you borrow. This includes data about similar accounts you may have had before.
- Credit scoring uses data from three sources
- Your application
- Credit reference agencies
- Data we may already hold.
It gives an overall assessment based on this information. Banks and other lenders use this to help make responsible lending decisions that are fair and informed. Credit scoring methods are tested regularly to make sure they are fair and unbiased.
As a person you have rights over automated decisions. You can ask that we or our lenders do not make our decision based on the automated score alone. You can object to an automated decision and ask that a person reviews it. If you want to know more about these rights, please contact us.
How to get a copy of your personal data
You can access your personal information we hold by writing to DSAR Unit, Hexa Finance Limited at Merlin House, Langstone Business Park, Newport, Wales, NP18 2HJ.
You have the right to access your personal data from us in a format that can be easily re-used and therefore passed on in this format to other organisations. Please indicate you would like your personal data in this format when writing to us.
Letting us know if your personal data is incorrect
You have the right to question any information we have about you that you think is wrong or incomplete. Please contact us if you want to do this. If you do, we will take reasonable steps to check its accuracy and correct it..
We can only use your personal information to send you marketing information if we have your consent or a legitimate interest. A legitimate interest will usually be a commercial reason which cannot be used unfairly against you. If you change your mind after providing your consent, you are able to do so by contacting us.
We may monitor and or record phone calls to ensure that we have carried out your instructions correctly, to resolve queries and complaints, for regulatory purposes, to help detect or prevent fraud or other crimes, improve service and to help monitor and train our staff. Our lawful reason for this under data protection law is our legitimate interests or in some cases compliance with legal obligations.
What are your data protection rights?
Our Company would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.
The right to erasure – You have the right to request that Our Company erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to Our Company’s processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email email@example.com or write to us: Hexa Finance Limited, Merlin House, Langstone Business Park, Newport, Wales, NP18 2HJ.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
For further information, visit www.allaboutcookies.org.
Privacy policies of other websites
How to contact us
Email us at: firstname.lastname@example.org
Or write to us at: Hexa Finance Limited, Merlin House, Langstone Business Park, Newport, Wales NP18 2HJ.
How to contact the appropriate authority
Should you wish to report a complaint or if you feel that Our Company has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office at www.ico.org, or https://ico.org.uk/global/contact-us/