1. Who we are
We understand how important your privacy is to you and ensure any personal data you provide us with is treated with respect, is properly protected and handled in accordance with UK data protection rules and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR).
This iFrame is owned and operated by HIGHTOWER FINANCE LIMITED, a company registered in England with its registered office at 4th Floor Millbank Tower, 21-24 Millbank SW1P 4QP LONDON. Contained within this statement and set out below are details of the type of personal data we may hold about you, our customer, how we obtain and process any personal data we may have and, most importantly, how we protect your privacy. This policy relates only to the personal data submitted or collected via this website.
If you have any queries or concerns regarding how we use your personal data or any questions regarding any of the information provided in this statement, please contact our Data Protection Officer at support@hightwfin.com.
2. General Data Protection Principles
You are visiting our website to apply for a personal loan. You need to know where your personal information is being sent, who is using it and why. You also need to be sure your personal information is kept safe and used only for the purposes you have agreed to.
Under the GDPR we are required to process the personal data you provide us with in a responsible manner. In accordance with the six principles below it must be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposed; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
3. Your Personal Data
What Personal Data do we collect?
The information we ask you to provide via the application form on this website is the minimum required for us to provide you with the service.
The personal data we usually ask you to provide is:
- Name
- Date of Birth
- Email addresses and phone numbers
- Details of your visits to our sites and the resources you access (including, but not limited to, IP address, traffic data, location data, weblogs and other communication data). Please refer to our Cookie Policy for more information.
Why do we collect your Personal Data?
The main reason we collect your personal data is to provide you service and help you gain access to short term personal loan offers.
We also use information about you to:
- Communicate with you in connection with your enquiry by email, SMS, telephone or post
- Contact you to offer products, services or offers you may be interested in (where we have your express consent to do so)
- Verify your personal information
- Conduct statistical analysis for our own internal processes and/or to detect, prevent and investigate actual and potential fraud and related activities.
- Update this website to meet our customers’ needs in the future and develop, improve and update our products.
- Assist us in the administration and servicing of your account.
- Notify you of any changes to our services
- Comply with any legal or regulatory obligations
Legal basis for collecting your personal data.
When you complete all loan application details on our website we process this data on the basis that we have a legitimate interest in processing this data.
The legitimate interests basis is defined by Article 6(1)(f) of the GDPR as being where ‘processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal date which overrides those legitimate interests’.
How we use your Personal Data.
We use the personal data you input via the online loan application form to match your details with our panel of lenders and credit brokers.
We will keep you informed as to the progress of your loan application via telephone, email or SMS unless specified otherwise.
In addition, we may also send you information regarding similar products and services using the contact information that you supplied to us as part of your application. As an existing customer who has provided us with your details in order to use our credit broking services, we are able to contact you about similar products or services.
4. Your Individual Rights
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Subject to certain circumstances, you are able to exercise all of the above rights.
Where you elect to exercise any of your rights please be aware we not charge you a fee.
Right to be informed
You have the right to be informed about the collection and use of your personal data. To be completely transparent with how we use your personal data we provide you with the following privacy information:
- The name and contact details of our organisation and the contact details of our Data Protection Officer
- The purposes and lawful basis for processing personal data
- The categories of personal data obtained
- The recipients or categories of recipients of the personal data
- The details of transfers of the personal data to any third countries or international organisations
- The retention periods for the personal data
- The rights available to individuals in respect of the processing
- The right to withdraw consent and the right to lodge a complaint with a supervisory authority
- The details of the existence of automated decision-making, including profiling.
We regularly review, and where necessary, update our privacy information.
Right of access
You have the right to know who has access to your personal data, what it is being used for, where it’s kept, and everything about your personal data as it passes through our data process.
A ‘Subject Access Request’ (SAR) can be made requesting us to supply you with all reasonable information or documentation that we hold relating to your personal data. You can make a subject access request verbally or in writing. If you make your request verbally, we recommend you follow it up in writing to provide a clear trail of correspondence.
Before providing any information we must verify the identity of the person making the request using ‘reasonable means’. We will ask you for your first name, surname, date of birth, address, a utility bill (or similar) and the method by which you received marketing communications.
Please email your SAR to our Data Protection
Officer: support@hightwfin.com
Responses will be provided electronically in a clear format unless requested otherwise. We have one month to comply with this request but if the request is complex can extend the period for a further two months.
The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete.
It is important that the personal data you input on this website is accurate, complete and up to date.
We will assume the personal data you provide is correct and provide our services on this basis. If fraudulent information is given then we may be alerted to this by a Fraud Prevention Agency.
If you think you have mistakenly given us incorrect information, please contact us at support@hightwfin.com and we will update it as soon as possible.
Whilst we make every effort to ensure the personal data we hold about you is right, if you notice any errors in any communications received from us please send us an email detailing the changes to the email address above and we will ensure it is accurate.
We will rectify the information within a month of receiving your request and inform all relevant third parties of the amendment. If the request is complex we can extend the period for a further two months.
Right to erasure
You have the right to erasure which is also known as a ‘request to be forgotten’. This equates to asking for any personal data you have supplied to be removed from our systems where there is no reason to keep processing it.
This right can be exercised under the following circumstances:
Where the individual withdraws consent
Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
When the individual objects to the processing and there is no overriding legitimate interest for continuing processing.
The personal data has to be erased in order to comply with a legal obligation.
The personal data is processed in relation to the offer of information society services to a child.
We will suppress and remove all data held, upon request. Our marketing partners will immediately be informed of the request and will follow the same actions. We will however keep the communication of the ‘request to be forgotten’ for our records. Where we cannot remove all your personal data we will notify you.
Grounds on which we can legally refuse a request are:
- To comply with a legal obligation
- The exercise or defence of legal claims
- To exercise the right of freedom of expression and information
Right to restrict processing
You can ask us to stop or restrict processing your personal data. It is an alternative to requesting erasure of your data.
This is not an absolute right and will only apply in certain circumstances such as:
Where you are contesting the accuracy of your personal data and we are verifying the accuracy of the data.
The data has been unlawfully processed (i.e. in breach of the lawfulness requirement)
We no longer need the personal data but we need to keep it in order to establish, exercise or defend a legal claim.
As a matter of good practice we will automatically restrict processing your personal data whilst we are considering its accuracy or the legitimate grounds for processing the personal data in question.
When we restrict your personal data, we are still permitted to store it but not use it. We will inform all relevant third parties to confirm this right is carried out.
You can make a request for restriction at any time and we have one month in which to respond to your request. This can be extended by two months where the request is complex or we receive a number of requests. We would advise you if an extension is necessary clearly stating our reasons why.
Right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. Before transferring your personal data we will carry out rigorous checks to verify your identity.
The right to data portability applies:
- To personal data an individual has provided to a controller;
- Where the processing is based on the individual’s consent or for the performance of a contract;
- When processing is carried out by automated means.
If you request us to transfer your information we will do so in a format that is structured, commonly used and in a machine-readable form.
We will respond to your request within one month. This can be extended by two months where the request is complex or we receive a number of requests. We would advise you if an extension is necessary clearly stating our reasons why.
Right to object
You have the right to object to the processing of your personal data if it is for direct marketing purposes.
You can consent to receive direct marketing from us and our trusted third parties on our application page. This is not compulsory and, where consent has been given, it can be withdrawn at any time.
As soon as a ‘right to object’ request is received, we will cease processing your personal data and contact all parties we deal with to ensure they also cease processing your personal data. We ask for 3-5 working days to cease all communications.
Rights in relation to automated decision making and profiling
You have the right to object to automated decision making, to express your point of view, ask for human intervention, and to be provided with an explanation of the decision with your option to challenge it. The right is not absolute and is not applicable for the entering into a consumer credit agreement.
5. Further Information
Notification of Breach
We make a promise as a company, that we will inform you at the first sign of a data breach. We want to make sure we are being completely transparent with you regarding your data and the security of your data. We will contact you via email or phone, to inform you of any suspicious activity.
Complaints
If you have any complaints about how we have used your personal data please contact our Data Protection Officer at support@hightwfin.com
We do recommend that you bring any issues to our attention as soon as possible. The sooner we know about the issue the sooner we may be able to help resolve it.
Usage of links to other sites
This website may provide links to other websites which have privacy policies that differ from ours.
This Privacy Policy applies only to this website and how we process your personal data.
We cannot be held responsible for the other sites Privacy Policy which will be specific to them. This also applies to site content, practices they carry out and the services and products they may offer; all of which we cannot take any liability for.
As part of providing a credit brokering service to you, you will be directed to a lender should your loan application be successful. Please check their Terms and Conditions and Privacy Policy before proceeding with the loan. Please direct any questions regarding their loan offer directly to them for an accurate response.
Cookies
When you visit this website a small text file known as a ‘cookie’ is placed on your computer or other device which may provide some personal data details from you. Some cookies are required for the functioning of the website, others allow us to recognise you each time you visit and remember your preferences. Cookies are also used to improve user experience on the website, advertising, tracking and browsing habits.
Children
We do not knowingly collect any personal data from children under the age of eighteen. Applicants on this website must be eighteen years of age or older to use our services.
Consent to this Privacy Policy
By ticking the confirmation box on the application form you confirm that you have read and accepted this Privacy Policy and give your consent to your personal data being used as set out above.
If you do not agree to the contents of this Privacy Policy and how we handle your personal data please do not continue to use the website.
Changes to this Privacy Policy
HIGHTOWER FINANCE LIMITED reserves the right to amend the content of this Privacy Policy at any time. If this occurs we will update policy and the revised policy will be posted on this website.
If you are using our services we would encourage you to visit this Privacy Policy on a regular basis to make sure you have read the latest version and understand what we do with your information.