Maximise Capital Ltd

PRIVACY POLICY

Last updated: 1 July 2020

ABOUT THIS PRIVACY POLICY

    1. The website www.maxcap.co.uk (the Site) is operated by Maximise Capital Ltd (“we”, “us”, “our”), a business trading in England and Wales. Our address is 35 Ballards Lane, London, England, N3 1XW. 
    2. We are committed to protecting your privacy and complying with our data protection obligations under the Data Protection Act 2018 (the DPA 2018), the General Data Protection Regulation 2016/679 (the GDPR) and any other applicable UK legislation (together, Data Protection Law).
    3. When you interact with us or use the Site, we act as the data controller of your personal data. This means that we are responsible for processing your personal data and deciding how to use it. This privacy policy explains the types of personal data we may collect about you when you interact with us, why we collect it, what we use it for and what rights you have over that data. Personal data is any information about an identifiable person. Processing is anything we do with your personal data, including using, storing, sharing and deleting it.
    4. This policy was last updated on the date shown at the top. We may change this policy at any time by posting an updated version on the Site and will make reasonable efforts to bring any material changes to your attention. You may wish to check it before using the Site as any changes will be effective from the date that they are made. 

CONTACT INFORMATION

If you have any concerns or would like further information about our use of data or this policy in general, you can contact sales@maxcap.co.uk. 

WHAT INFORMATION DO WE COLLECT?

We collect, store and use the types of personal data set out in the table at the end of this policy.

HOW WILL WE USE YOUR PERSONAL DATA?

We will use your personal data for the purposes set out in the table at the end of this policy.

HOW DO WE SHARE YOUR PERSONAL DATA?

    1. When we share personal data, we do so in accordance with Data Protection Law. We may share certain personal data, where necessary, with employees, contractors, consultants, partners or advisers, to facilitate sales and for general commercial purposes.

In addition, where necessary, your personal data may be shared:

      1. with parties who provide products or services to us, such as, Credit reference agencies, Financial institutions etc.
      2. with government or quasi-governmental organisations, law enforcement and other regulatory authorities or third parties when required or permitted by law, including but not limited to in response to court orders, for the prevention and detection of crime and to protect intellectual property and any other legal rights.
    1. We may also provide third parties with aggregated but anonymised information and analytics about our customers. Before we do so we will make sure that it does not identify you.
    2. In some cases, when we share personal data, it will involve the transfer of that personal data to countries outside the EEA which have different data protection standards to those which apply in the EEA.
    3. Where we transfer personal data outside the EEA we will ensure that there are adequate safeguards to protect your privacy rights under Data Protection Law.

THIRD PARTY LINKS

This Site contains links to other websites over which we have no control. We are not responsible for and do not review or endorse the privacy policies or practices of other sites which you choose to access from this Site. We encourage you to review the privacy policies of those other sites, so you can understand how they collect, use and share your personal information.

YOUR RIGHTS

    1. We respect your rights to privacy and will respond to requests for access or control over information about you in accordance with Data Protection Law. We may require you to verify your identity before we take any action.
    2. Depending on the reason we have your personal data, you have a right to:
      1. access the personal information we hold about you (commonly known as subject access);
      2. request that we correct or complete personal information we hold about you that is inaccurate or incomplete; 
      3. request that we erase your personal information in some circumstances, or object to our processing it as detailed at paragraph 7.5; 
      4. restrict how we use your personal information, in certain circumstances; 
      5. request that we provide you with copies of your personal information in a machine-readable format or transfer it across different services; and
      6. where we have asked for your consent to process your data, to withdraw this consent.
    3. These rights are limited in some situations under Data Protection Law – for example, where we can demonstrate that we are under a legal obligation to process your data.
    4. If you wish to exercise any of these rights, please contact us using the details in paragraph 2 above. 

Your right to object 

You have a right to object to our processing of your personal data and ask us to stop doing so. If we are processing your personal data for direct marketing purposes (which includes profiling to the extent that it is related to such direct marketing) and you object to this, we will stop processing your personal data immediately.

If our processing of your personal data is in the public interest or pursuant to our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons which override your interests, or our use of your personal data is for the establishment, exercise or defence of legal claims.

We hope that we can satisfy any queries you may have about the way we process your data. However, if you have unresolved concerns you also have the right to complain to data protection authorities (in the UK, the Information Commissioner’s Office). You can call the ICO on 0303 123 1113 or go to their website: https://ico.org.uk/make-a-complaint/).

DATA RETENTION

Your personal data will only be kept for as long as necessary for our purposes. Specific periods are set out in the table at the end of this policy.

DATA PROTECTION PRINCIPLES

    1. We process your personal data in accordance with the following principles: 
      1. we process your personal data lawfully, fairly and in a transparent way; 
      2. we collect your personal data for specified, explicit and legitimate purposes; any further processing we do is compatible with the original purposes for which for which we collected it;
      3. we only process personal data which is adequate, relevant and limited to what is necessary to achieve the purpose for which it is processed; 
      4. we take reasonable steps to ensure that all personal data is accurate and kept up to date where necessary;
      5. we do not store personal data in a form which identifies you for any longer than is necessary for the purposes of processing; and
      6. we process personal data securely and in a way that protects against unauthorised or unlawful processing, accidental loss, destruction or damage. 
    2. When we ask for your personal data we will tell you whether you are required by law or contract to provide it, and what will happen if you do not provide the data.  
    3. Any request for consent to the processing of your personal data will be made directly to you and will include information about why we require the personal data and what will be done with it.

WHAT IS OUR LAWFUL BASIS FOR PROCESSING?

    1. We will only process personal data when we have a lawful basis for doing that processing. The table at the end of this policy sets out the lawful basis we rely on for each type of data we process.
    2. We will choose one of the lawful bases in the GDPR to justify how we use your personal data. These are:
      1. Consent: You have given consent to the processing of your personal data for one or more specific purposes.
      2. Contract: The processing is necessary for the performance of a contract with you or in order to take steps at your request before entering into a contract.
      3. Legal obligation: We need to process your personal data to comply with a legal obligation.
      4. Vital interests: The processing is necessary to protect the vital interests of you or another person.
      5. Public interest: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of some official authority.
      6. Legitimate interests: Processing is necessary for the purposes of legitimate interests pursued by us or someone else, except where such interests are overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.

In order to process your application we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain/index.html [experian.co.uk]

CRAIN (Credit Reference Agency Information Notice) is a document produced by the three Credit Reference Agencies- Experian, Equifax and TransUnion (formerly Callcredit)- that explains the use of personal data they receive from third parties about individuals and/or their businesses in relation to credit activity.  CRAIN has been produced in conjunction with the Information Commissioner’s Office (ICO).

ATTRIBUTION

This privacy policy was created using a template from Sparqa Legal (https://www.sparqa.com), June 4, 2020.

TABLE OF PERSONAL INFORMATION WE USE

The table below sets out detailed information about our purposes for processing, the basis for processing and the retention period for the personal data.

Category of personal data
Purpose of processing
Lawful basis for processing
retention Period
Name and contact details
Undertaking Customer due diligence checks for the prevention and detection of financial and other crimes and undertaking checks, including on Related Parties, in relation to identity verification, application checks, anti-money laundering, compliance and risk screening

Customer administration and management

Transaction processing, monitoring and analysis activities to develop and manage Maximise Capital’s products and services

Communicating with the Customer and Related Parties from time to time about products, services, events offered by Maximise Capital, and other communications such as research and insights, that may be of interest to the Customer and Related Parties.

Complying with legal obligations to which it is subject and co-operating with regulators and law enforcement bodies

Exercising its legal rights where it is necessary to do so, for example to protect Maximise Capital against harm to its rights and property interests, to detect, prevent and respond to fraud or other violations of law, for legal and dispute management purposes, and for debt collection and recoveries purposes

To contact you with information, newsletters and marketing materials about our products and services, and other relevant products and services as provided by our partners

We collect, use and keep the information we receive via our website to fulfil the visitor’s requests. We will use your information to respond to a request submitted by you, to provide the Service to you and to carry out our obligations from any contracts entered into between you and us; Contact you and provide you with information regarding Maximise Capital and our products and services; Correspond with you; Comply with applicable laws, regulations and rules, and requests of governmental agencies.
Performance of contract

Compliance with legal obligation

Consent

The retention period is linked to the amount of time available to bring a legal claim, which in many cases is six or seven years following closure of the Customer(‘s) accounts or following a transaction. Maximise Capital will retain Customer Personal Data after this time if it is required to do so to comply with the law, if there are outstanding claims or complaints that will reasonably require Customer personal data to be retained, or for regulatory or technical reasons. Where Maximise Capital retains this data it will continue to make sure that Related Parties’ privacy is protected.
Date of birth
For fraud prevention and detection

Obtain credit reports from credit reference agencies
Performance of contract

Compliance with legal obligation

Legitimate interests in ensuring your safety
The retention period is linked to the amount of time available to bring a legal claim, which in many cases is six or seven years following closure of the Customer(‘s) accounts or following a transaction. Maximise Capital will retain Customer Personal Data after this time if it is required to do so to comply with the law, if there are outstanding claims or complaints that will reasonably require Customer personal data to be retained, or for regulatory or technical reasons. Where Maximise Capital retains this data it will continue to make sure that Related Parties’ privacy is protected.
Payment information
For the repayment of loans, and other products and services offered via our partners
Performance of contract

Compliance with legal obligation
The retention period is linked to the amount of time available to bring a legal claim, which in many cases is six or seven years following closure of the Customer(‘s) accounts or following a transaction. Maximise Capital will retain Customer Personal Data after this time if it is required to do so to comply with the law, if there are outstanding claims or complaints that will reasonably require Customer personal data to be retained, or for regulatory or technical reasons. Where Maximise Capital retains this data it will continue to make sure that Related Parties’ privacy is protected.
Browser, device and Site usage information
To improve marketing, analytics, or site functionality.
Performance of contractLegitimate interest in maintaining our Site
For three years since you last logged on to the Site
Information collected through cookies and similar technologies
To improve marketing, analytics, or site functionality.
Consent
For three years since you gave consent, or until you withdraw consent if earlier
Personal details (e.g. name, date of birth, identification information,)

Contact details (e.g. phone number, email address, postal address, mobile number)

Business-related details (e.g. relationship with the business or Related Parties, business information, information about any shareholdings, business contact details)

Transactional details (e.g. information about services, requests, queries or complaints)

Financial details (e.g. information about business accounts, financial history, information from credit reference agencies and fraud prevention agencies)
Undertaking Customer due diligence checks for the prevention and detection of financial and other crimes and undertaking checks, including on Related Parties, in relation to identity verification, application checks, anti-money laundering, compliance and risk screening

Customer administration and management

Transaction processing, monitoring and analysis activities to develop and manage Maximise Capital’s products and services

Communicating with the Customer and Related Parties from time to time about products, services, events offered by Maximise Capital, and other communications such as research and insights, that may be of interest to the Customer and Related Parties.

Complying with legal obligations to which it is subject and co-operating with regulators and law enforcement bodies

Exercising its legal rights where it is necessary to do so, for example to protect Maximise Capital against harm to its rights and property interests, to detect, prevent and respond to fraud or other violations of law, for legal and dispute management purposes, and for debt collection and recoveries purposes

To contact you with information, newsletters and marketing materials about our products and services, and other relevant products and services as provided by our partners

We collect, use and keep the information we receive via our website to fulfil the visitor’s requests. We will use your information to respond to a request submitted by you, to provide the Service to you and to carry out our obligations from any contracts entered into between you and us; Contact you and provide you with information regarding Maximise Capital and our products and services; Correspond with you; Comply with applicable laws, regulations and rules, and requests of governmental agencies.

Some of the information that Maximise Capital collects are special categories of personal data (also known as sensitive personal data). For example, the customer due diligence checks Maximise Capital carries out may reveal information about criminal convictions or offences about customers and Related Parties. In addition, if incorrect information is provided or fraud is suspected, Maximise Capital will record this. Maximise Capital may also pass this information to financial crime prevention agencies where it may be accessed by law enforcement agencies globally. Where Maximise Capital processes such sensitive personal data, it will usually do so, on the basis that it is necessary for reasons of substantial public interest or to establish, exercise or defend any legal claims. In any case, Maximise Capital will carry out the processing in accordance with applicable laws.

Maximise Capital may be required by law to collect certain personal data, or as a consequence of its contractual relationship with its customers. Failure to provide this information may prevent or delay the fulfilment of these obligations.
To assess business’s commercial interests

Performance of contract

Compliance with legal obligations

Consent
The retention period is linked to the amount of time available to bring a legal claim, which in many cases is six or seven years following closure of the Customer(‘s) accounts or following a transaction. Maximise Capital will retain Customer Personal Data after this time if it is required to do so to comply with the law, if there are outstanding claims or complaints that will reasonably require Customer personal data to be retained, or for regulatory or technical reasons. Where Maximise Capital retains this data it will continue to make sure that Related Parties’ privacy is protected
Data requested from Credit reference agencies and fraud prevention agencies
To assess creditworthiness and product suitability, check the identities of Customers and Related Parties, manage the Customer’s account, trace and recover debts and prevent criminal activity.

Maximise Capital will also continue to exchange Customer and Related Parties’ information with credit reference agencies on an ongoing basis. Credit reference agencies will share Customer and Related Parties’ information with other organisations.

The personal data Maximise Capital collects from the Customer and Related Parties will be shared with fraud prevention agencies who will use it to prevent fraud and money laundering and to verify the identity of the relevant individuals. If fraud is detected, the relevant individuals could be refused certain services, finance or employment.

To assess business’s commercial interests

Performance of contract

Compliance with legal obligations

Consent
The retention period is linked to the amount of time available to bring a legal claim, which in many cases is six or seven years following closure of the Customer(‘s) accounts or following a transaction. Maximise Capital will retain Customer Personal Data after this time if it is required to do so to comply with the law, if there are outstanding claims or complaints that will reasonably require Customer personal data to be retained, or for regulatory or technical reasons. Where Maximise Capital retains this data it will continue to make sure that Related Parties’ privacy is protected.
Data requested from Credit reference agencies and fraud prevention agencies
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found here: https://www.cifas.org.uk/fpn
To assess business’s commercial interests

Performance of contract

Compliance with legal obligations

Consent
The retention period is linked to the amount of time available to bring a legal claim, which in many cases is six or seven years following closure of the Customer(‘s) accounts or following a transaction. Maximise Capital will retain Customer Personal Data after this time if it is required to do so to comply with the law, if there are outstanding claims or complaints that will reasonably require Customer personal data to be retained, or for regulatory or technical reasons. Where Maximise Capital retains this data it will continue to make sure that Related Parties’ privacy is protected.