The Data Controller as defined under the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) in relation to your personal data is JFL. JFL is registered as a data controller with the UK Information Commissioner’s Office and our registration number is ZA506987.
What this Policy does not apply to
This policy does not apply to other organisations’ websites, apps, products, services and social media accessed from our websites and/or apps. When you leave our website and/or apps, we encourage you to read the privacy notice of every website and app that you visit. We do not accept any responsibility or liability for the privacy policies or notices on third-party websites or apps. Please check these policies before you submit any personal data to these websites or apps.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (which is known as anonymous data).
There are different ways in which we collect your information both directly from you and from third parties. For example:
2.1 Information we receive directly from you:
2.2 Information we collect about you when you use our products and services:
2.3 Information collected from others:
We may supplement the information that we collect from you and about your use of our products and/or services, with information that we receive from third parties.
This may include:
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
There are many reasons why we may legitimately collect and process your personal information and data, including:
3.1 Contractual Obligations
We may process your personal information where it is necessary either to take steps at your request before entering into a contract with you for the provision of our products and/or services, or to perform our obligations under that contract.
Examples of these situations include:
Examples of your personal information that we may process under this legal basis include:
3.2 Legal Compliance
If the law or any regulator in any competent jurisdiction requires us to, we may need to collect and process your data and also provide this to any such regulator. However, we would need to be satisfied that a request for information is lawful and proportionate and we would need appropriate assurances about security, how the information is used and how long it is kept.
3.3 Legitimate Interest
We may also use your personal data where it is necessary to pursue our legitimate interests (or those of a third party) but only in a way which might reasonably be expected as part of running our business and only where such interests are not overridden by your fundamental rights, freedoms or interests.
We may process your personal data under this basis for the legitimate running of our business, to facilitate our internal business operations including assessing and managing risk, to manage our business and financial affairs and to protect our customers, employees and property. It is in our interests to ensure that our processes and systems operate effectively and that we can continue operating as a business.
We may also use your personal information for the legitimate interest of helping to prevent and detect crime and fraud and to prevent and detect criminal attacks on our network or against your equipment. We monitor traffic over our network, trace nuisance or malicious usage, and track malware and cyber-attacks.
To do that, we may use the following information:
In specific situations, we may collect and process your data with your consent including the following:
However, if we do so, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent. Please note that if you do withdraw your consent, we may not be able to provide certain information, products or services to you.
Where we share your information with third parties, they will process your information either as a data controller or as our data processor, and this will depend on the reason for our sharing your personal data with them. We will only share your personal data in compliance with the applicable data protection laws and regulatory compliance and only for the purposes set out in paragraph 3 of this policy.
We require all third parties with whom we share your personal data to respect the security of your personal data and to treat it in accordance with the law.
Other organisations with which we may share your information include:
4.1 Contracted Partner Companies
We may share your personal information with Partner companies with whom we have contracts for certain products and/or services. The reasons we may share your information in this way include:
4.2 Credit Reference Agencies
We may share your personal information with credit reference agencies, for example we may provide them with information about how you conduct your account with us and this information may be used by other organisations in assessing applications from you and members of your household. In addition, they will give us information about you. For example, we may search the files of a credit agency to assess creditworthiness and product suitability, check your identity, trace and recover debts, prevent criminal activity or to gather information about your financial history. This is so that we can confirm your eligibility for our products and/or services and guarantee your ability to make regular payments for such product and/or services.
We do not sell or share your personal information and/or data to or with third parties for third party direct marketing purposes.
4.3 Other third parties
We may share your personal information with the following:
The data and information that we collect and process may be transferred to, and stored at, a destination outside of the European Economic Area (EEA). We will only transfer your personal data outside the EEA on the basis that anyone to whom we transfer it protects your data and information in a similar way to us.
In the event that we transfer your information to countries outside the EEA, we will only do so where:
The security of your information is important to us. Any information sent to us is protected using robust security methods. The methods we use are industry-standard ensuring data is safeguarded whilst being sent over unprotected communications paths such as the internet. Our security measures include:
By providing you with products or services, we create records that contain your information, and/or data such as customer account records, activity records, tax records and lending and credit account records. Records can be held on a variety of media (physical or electronic) and in a number of formats.
We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and/or regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and provide evidence of our business activities.
Retention periods for records are determined based on the type of record, the nature of the activity, product or service, applicable local legal or regulatory requirements. Retention periods may be changed from time to time based on business or legal and regulatory requirements. However, we will only retain your personal data for as long as is reasonably necessary to fulfil the purposes for which we collected it.
We may, on exception, retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from any courts of competent authority, or in relation to an investigation by law enforcement agencies or our regulators. This is intended to make sure that we are able to produce records as evidence, if needed to those respective authorities.
If you would like more information about how long we keep your information, please contact us at [email protected]
|Access: You have the right to get access to the information and/or data that we hold about you.||If you would like a copy of the information and/or data that we hold about you please contact us at [email protected] or write to us at Data Protection, Jurassic Fibre Ltd, 33 Holborn, London, EC1N 2HT|
|Rectification: You have a right to rectification of any inaccurate information and/or data and to update incomplete information and/or data that we hold about you.||If you believe that any of the information and/ or data that we hold about you is inaccurate, you have a right to request that we rectify any such data. For any rectification requests please email us at [email protected]|
|Erasure: You have a right to request that we delete your information and/or data.||You may request that we delete your information and/or data in certain circumstances including where:
|Restriction: You have a right to request that we restrict the processing of your information and/or data.||You may request that we restrict or limit the way that we process your information and/or data in certain circumstances including where:
|Portability: You have a right to data and/or information portability.||Where we are processing your data by automated means and either we have requested your consent to process your information and/or data or you have provided us with information and/or data for the purposes of entering into a contract with us, you have a right to receive the information and/or data you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible. If you would like to request the information you provided to us in a portable format, please contact us at [email protected] or write to us at Data Protection, Jurassic Fibre Ltd, 33 Holborn, London, EC1N 2HT|
|Objection: You have a right to object to our processing of your data and / or information.||You have a right in certain circumstances to object at any time to processing of your information and/or data including where the processing is for:
|Lodge Complaints: You have a right to lodge a complaint with the regulator.||If you wish to raise a complaint on how we have handled your information, you can contact us, and we will investigate the matter, via e-mail at [email protected] or write to us at Data Protection, Jurassic Fibre Ltd, 33 Holborn, London, EC1N 2HT. We hope that we can address any concerns you may have, but you can always contact the Information Commissioner’s Office (ICO). For more information, visit ico.org.uk|