The Data Controller as defined under European Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) is JFL. JFL is registered as a data controller with the UK Information Commissioner’s Office and our registration number is ICO:00011533948.
What this Policy does not apply to
This policy does not apply to other organisations’ websites, apps, products, services and social media from out websites. . When you leave our website, we encourage you to read the privacy notice of every website you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites. Please check these policies before you submit any personal data to these websites.
2. What Data will we collect?
There are different ways in which we collect your information both directly from you and from third parties. For example:
2.1 Information we receive directly from you:
2.2 Information we collect about you when you use our products and services:
2.3 Information collected from others:
We may supplement the information that we collect from you and about your use our services, with information that we receive from third parties.
This may include:
3. Why and when we may collect data about you
There are many reasons why we may legitimately collect and process your personal information and data, including:
In specific situations. We can collect and process your data with your consent. Examples of these situations include:
Please note that if you do not agree to provide us with requested information, it may not be possible for us to provide you with products and services.
3.2 Contractual Obligations
We may process your information where it is necessary to either enter into a contract with you for the provision of our products or services or to perform out obligations under that contract, or to provide with advice or guidance on using our products and services. Examples of your personal and information would include:
3.3 Legal Compliance
If the law or any regulator in any competent jurisdiction requires us to, we may need to collect and process your data and also to provide this to any such regulator, however, we would need to be satisfied that a request for information is lawful and proportionate. And we would need appropriate assurances about security and how the information is used and how long it is kept.
3.4 Legitimate Interest
We may process data for the legitimate running of our business, to manage our business and financial affairs and to protect our customers, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business. In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
3.5 To Prevent Data Crime
We may use your personal information to help prevent and detect crime and fraud. We’ll also use it to prevent and detect criminal attacks on our network or against your equipment. We monitor traffic over our network, trace nuisance or malicious usage, and track malware and cyber-attacks.
To do that, we may use the following information:
4. How we use your information
We may use your personal information and/or data to:
Contact you or, if applicable, your designated representative(s) by post, telephone, electronic mail, etc., in connection with your relationship and/or account
Provide you with information relating to our products and services
Facilitate our internal business operations, including assessing and managing risk and fulfilling our legal and regulatory requirements.
5. Who Do We Share Your Information With?
Where we share your information with third parties, they will process your information either as a data controller or as our data processor, and this will depend on the reason for our sharing your personal data. We will only share your personal data in compliance with the applicable data protection laws and regulatory compliance.
Other organisations with which we may share your information include:
5.1 Other Group Companies
We share your personal information with other companies within the JFL group. The reasons we may share your information in this way include:
5.2 Credit Reference Agencies
We may share your personal information with credit reference agencies (CRAs), for example we may provide them with information about how you conduct your account with us and this information may be used by other organisations in assessing applications from you and members of your household. In addition, they will give us information about you. For example, we may search the files of a credit agency to assess creditworthiness and product suitability, check your identity, trace and recover debts and prevent criminal activity for such as about your financial history. This is so that we can confirm your eligibility for our products and services and guarantee, and ability to make regular payments for these.
We do not sell or share your personal information and/or data to third parties for third party direct marketing purposes.
6. Sharing your Data outside the EEA
The data and information that we collect and process may be transferred to, and stored at, a destination outside of the UK. We will only do so on the basis that any anyone to whom we transfer it protects your data and information in the same way that we would.
In the event that we transfer information to countries outside the EEA, we will only do so where:
7. How we Protect Your Data
The security of your information is important to us. Any information sent to us is protected using robust security methods. The methods we use are industry-standard ensuring data is safeguarded whilst being sent over unprotected communications paths such as the internet.
Our security measures include:
Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect your information and/or personal data, we cannot guarantee the safety of any personal information to transmit to us using online methods.
8. How long we keep your information
By providing you with products or services, we create records that contain your information, and/or data such as customer account records, activity records, tax records and lending and credit account records. Records can be held on a variety of media (physical or electronic) and formats.
We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and/or regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.
Retention periods for records are determined based on the type of record, the nature of the activity, product or service, applicable local legal or regulatory requirements. Retention periods may be changed from time to time based on business or legal and regulatory requirements.
We may, on exception, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the any courts of competent authority, or in relation to an investigation by law enforcement agencies or our regulators. This is intended to make sure that we are able to produce records as evidence, if needed to those respective authorities.
If you would like more information about how long we keep your information, please contact us at email@example.com.
9. What are your rights?
We want to make sure you are aware of your rights in relation to the information and/or data that we process about you. We have described those rights, and the circumstances in which they apply, in the table below:
You have the right to get access to the information and/or data that we hold about you.
If you would like a copy of the information and/or data that we hold about you please contact us at firstname.lastname@example.org or write to us at Data Protection, Jurassic Fibre Ltd, 33 Holborn, London, EC1N 2HT
You have a right to rectification of any inaccurate information and/or data and to update incomplete information and/or data that we hold about you.
If you believe that any of the information and/ or data that we hold about you is inaccurate, you have a right to request that we restrict the processing of that information and/or data and
to rectify any inaccurate data and/or information that we hold about you.
For any rectification requests please call us on
email us at email@example.com
You have a right to request that we delete your information and/or data.
You may request that we delete your information and/or data, if you believe that:
For any deletion requests please email us at
You have a right to request that we restrict the processing of your information and/or data.
You may request that we delete your information and/or data if you believe that:
For any restriction requests please email us at
You have a right to data and/or information portability.
Where we have requested your permission to process your information and/or data or you have provided us with information and/or data for the purposes of entering into a contract with us, you have a right to receive the information and/or data you provided to us in a portable format.
You may also request us to provide it directly to a third party, if technically feasible.
If you would like to request the information you provided to us in a portable format, please
contact us at firstname.lastname@example.org or write to us at Data Protection, Jurassic Fibre Ltd, 33 Holborn, London, EC1N 2HT
You have a right to object to direct marketing.
You have a right to object at any time to processing of your information and/or data for direct marketing purposes, including profiling you for the purposes of direct marketing.
If you would like to change your marketing preferences please contact us at email@example.com or write to us at Data Protection, Jurassic Fibre Ltd, 33 Holborn, London, EC1N 2HT
Lodge Complaints :
You have a right to lodge a complaint with the regulator.
If you wish to raise a complaint on how we have handled your information, you can contact our Data Protection Officer who will investigate the matter via e-mail at firstname.lastname@example.org or write to us at Data Protection, Jurassic Fibre Ltd, 33 Holborn, London, EC1N 2HT
We hope that we can address any concerns you may have, but you can always contact the Information Commissioner’s Office (ICO).
For more information, visit ico.org.uk