We ask that you read this Privacy Notice carefully as it contains important information about i) who we are, ii) how and why we collect, store, use and share your personal information, iii) your rights in relation to your personal information and iv) how to contact us (and the relevant supervisory authorities) in the event that you have a complaint.
1.1 We, Bibby Financial Services Ireland Limited and associated companies (together, “Bibby Group Companies”) (a full list of our group of companies can be viewed on our website http://www.bibbylinegroup.co.uk/ and reference in this Privacy Notice to “we”, “us” and “our” refers to all or any of the Bibby Group Companies), collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation (“GDPR”) which applies across the European Union and under any local legislation which implements or supplements the GDPR and we are responsible as “controller” of that personal information for the purposes of those laws. It will often be the case that your personal information will be used by more than one Bibby Group Company who will either responsible as joint controllers of that personal information or it may be that one Bibby Group Company is the “controller” and another is the “processor” of that personal information.
1.2 We are committed to the protection of your privacy and you can find out more about your privacy rights and how we gather, use and share your personal information (being the personal information we already hold about you and the further personal information we might collect about you, either from you or from a third party) in this Privacy Notice. How we use your personal information will depend on i) our relationship with you, ii) on the products and services we provide to you (or to any company or limited liability partnership (each, a “Connected Company”) of which you are a corporate officer, owner, member or partner or in connection with which you have agreed to act as surety, guarantor or warrantor (each, a “Key Individual”)) or iii) where you (or a Connected Company) are a customer of one of our clients to whom we’ve made funding available (“Your Supplier”), on the products and services we make available to Your Supplier.
1.3 We have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any data security breach. We will notify you and any applicable regulator of a data security breach where we are legally required to do so.
1.4 This Privacy Notice provides up to date information about how we use your personal information and updates any previous information we have given you about our use of your personal information. We will update this Privacy Notice if we make any significant changes affecting how we use your personal information and we will contact you to let you know about the changes.
2. Your privacy rights
2.1 Under the GDPR you have a number of important rights which you can exercise, free of charge. In summary, those include rights to:
- object, in certain circumstances, to how we use your personal information. If you wish to exercise this right, please contact our DPS, providing details of your objection;
- request access to a copy of your personal information which we hold, along with details of what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge by contacting our DPS. Please make all requests for access in writing, and provide us with evidence of your identity;
- ask us to correct inaccuracies, to complete any incomplete personal information, to delete or restrict personal information or to ask for some of your personal information to be provided to someone else;
- withdraw your consent (if you have given us your consent to use your personal information) and update your marketing preferences by contacting us directly at the Sales Hot Desk on (01) 297 4920
- ask us to delete your personal information where it is no longer necessary for us to use it, where you have withdrawn consent, or where we have no lawful basis for keeping it;
- ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred; and
- ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
For further information in relation to these rights, including the circumstances in which they apply, please see the guidance from the Irish Data Protection Commissioners Office on individuals’ rights under the GDPR https://www.dataprotection.ie/docs/GDPR/1623.htm.
3. What categories of personal information do we use?
3.1 We use a variety of personal information depending on the products and services we provide to you (or to any Connected Company or to Your Supplier). For most products and services which we provide to you (or to any Connected Company) we need your name, address, date of birth, contact details (including email address and phone numbers), any other information to allow us to check your identity (including a copy of your identification documents (such as a passport or driving licence) and information about your credit history.
3.2 For some products and services we may need to use additional personal information which we will gather about you – without this we will not be able to provide any of those products and services to you (or any Connected Company). For example, to make available a funding facility, we need financial information (which may include your income, expenditure, assets and liabilities, credit history and credit scoring), employment details, details of any criminal prosecutions and details of bankruptcy or any judgement registered against you. This information will be used for funding decisions, to help us to operate a funding facility, for fraud prevention and anti-money laundering and to meet our own legal obligations.
3.3 For the invoice finance products and services which we provide to Your Supplier, we may need your name, address, contact details (including email address and phone numbers) and any other information to allow us to verify any debts owed to Your Supplier which Your Supplier is seeking funding for. This information could include copies of invoices (and any credit notes or correspondence relaying to those invoices) addressed to you (or a Connected Company) from Your Supplier, copies of supply or service contracts entered into between you (or a Connected Company) and Your Supplier, details of any aged debt owed by you (or a Connected Company) to Your Supplier, details of your (or a Connected Company’s) payment history with Your Supplier and details of your (or a Connected Company’s) financial records.
3.4 If your personal information is needed by us in order to enter into a contract with you (or any Connected Company) or to meet a legal obligation, we will not be able to provide some products or services without that personal information. We will notify you if this is the case.
4. How do we gather your personal information?
We obtain personal information about you:
- directly from you, for example when you visit our offices and fill your details in to our visitors’ book or where you fill out an application or information gathered during any conversations with us or from written exchanges with us;
- by observing how you use our products and services;
- from other organisations such as credit reference and fraud prevention agencies;
- from third party intermediaries and introducers;
- from Your Supplier; and
- from other people who know you including people you are linked to financially.
We may also obtain some personal information from monitoring or recording calls. We may record or monitor phone calls with you for regulatory purposes, for training purposes, to ensure and improve quality of service delivery, to ensure safety of our staff and customers, for other security purposes and to resolve queries or issues. Such recordings belong to us.
5. How we use your personal information
For the vast majority of products and services which we make available to you (or to a Connected Company), we need your name, address, date of birth, contact details (including email address and phone numbers), any other information to allow us to check your identity (including a copy of your identification documents (such as a passport or driving licence)) and information about your credit history. Where we make available products and services to Your Supplier we may need your name, address, contact details (including email address and phone numbers) and any other information to allow us to verify any debts owed to Your Supplier which Your Supplier is seeking funding for. Further details of the categories of personal information which we need about you are provided in section 3
We sometimes need to gather, use and share additional personal information for specific purposes, which are set out in more detail below.
5.1 To operate and administer any funding facility we have made/may make available to you (or any Connected Company) or any of our other products and services (including the provision by us (or nominated service providers) of training in relation to those products and services), we will use:
a. your contact details;
b. your location data for fraud prevention and, if you have consented to it, mobile location services; and
c. your IP address to identify you for security reasons.
We might share all of the information we use for this purpose with third parties who help us to verify your contact details (for example Jumio Corporation (see section 9 below for more information about Jumio Corporation and to deliver our products and services, such as our subcontractors and our own service providers (including (but not limited to) i) the providers of our IT systems and platforms, ii) providers of document management services and solutions, iii) credit or other insurers (for underwriting purposes or in relation to the administration of any claims (who may pass it to persons they deal with and to users of their services), iv) external payroll service providers (where that forms part of the services we provide to you), v) our legal and tax advisers, vi) [persons in relation to any loan guarantee scheme application (to help provide their services),] vii) any person giving (or potentially giving) a guarantee, indemnity or other commitment to any of the Bibby Group Companies in relation to any funding facility or other product we make available to you (or any Connected Company) so they can assess their obligations to the Bibby Group Companies, viii) third party trainers; ix) third party auditors and other advisers acting on behalf of any of the Bibby Companies or on your behalf, so that they can carry out their services to such persons) and any regulators. We use your information in this way because it is necessary to perform our contract with you and to meet our legal obligations.
5.2 To operate and administer any funding facility we have made/may make available to Your Supplier, we will use:
a. your contact details;
b. details of your contractual arrangements with Your Supplier (including payment terms);
c. copies of invoices sent to you by Your Supplier.
We use this information to verify debts which Your Supplier is asking us to fund. We also use this information to assist us in collecting debts due from you. It is in our legitimate interests to ensure that the debts which we are being asked to fund exist and are likely to be paid. It is in our legitimate interests to take steps to collect those debts.
5.3 To administer payments to you or from you (or otherwise for our account in respect of any services or products we make available to you or a Connected Company or to Your Supplier), we will use:
a. your contact details and the payment details that you have provided to us; and
b. your location data to enable us to verify locations at which payments are made for fraud prevention purposes.
We may give this information to our third party payment providers to process payments to or from you or otherwise in respect of payments being made to us. We use your details in this way because it is necessary to perform our contract with you (or any Connected Company) where you are (or such Connected Company is) our client or, where you are the debtor of our client, using your personal information in this way is in our legitimate interests to collect debts due to us.
5.4 To make credit decisions about you (or any Connected Company), including new applications for funding or requests to increase funding limits, we will use:
a. information you give to us about your credit history;
b. information about those you are financially linked to (such as your partner);
c. information about how you have used other products and services offered by us;
d. information we receive from third party credit reference agencies and fraud prevention agencies; and
e. information we receive about you directly from other third parties.
For this purpose, we share information with credit reference and fraud prevention agencies. The information could then be used as follows:
a. the credit reference or fraud prevention agency might add details of our search and your credit application to the records they hold about you, whether or not your application proceeds;
b. we and the credit reference or fraud prevention agency might link your financial records to those of any person you are financially linked to – this means that each other's information (including information already held by us or the credit reference agency) will be taken into account in all future credit applications by you (or such financially linked person), until one of you successfully files a 'disassociation' at the credit reference agencies;
c. we might add details of your (or the Connected Company’s) facility with us to the credit reference or fraud prevention agency's records, including details of how that facility is being operated and including any default or failure to keep to the terms of the underlying agreement;
d. the credit reference or fraud prevention agency could pass on any of that information to other companies unrelated to us for the credit checking and fraud prevention purposes mentioned above; and
e. the credit reference or fraud prevention agency will also use the information for statistical analysis about credit, insurance and fraud on an anonymous basis.
When credit reference agencies receive a search from us, they will place a search footprint on your credit file that may be seen by other lenders and other companies unrelated to us (for example, other funders and credit providers).
Further details of the credit reference agencies (and the ways in which they use and share personal information) are explained in more detail at www.experian.ie (Experian can also be contacted on (01) 846 9200).
The information, including personal data, provided on this application may be disclosed by BFSI to the Strategic Banking Corporation of Ireland (“SBCI”) for the purposes of: (i) determining eligibility for the particular SBCI scheme; (ii) anti-money laundering / financing of terrorism or fraud; (iii) the BFSI and SBCI’s reporting functions in accordance with the scheme; and (iv) conducting relevant surveys by or on behalf of the SBCI. Such processing is undertaken pursuant to the SBCI’s statutory purposes and in relation to personal data that it obtains, the SBCI acts as data controller for the purposes of applicable data protection law. The SBCI may also disclose the information to its respective advisors, contracted parties, delegates and agents, and the SBCI’s own funders (details of which are available at: https://sbci.gov.ie/). For further information on how the SBCI handles personal data, including information about your data protection rights (in respect of the SBCI) and the contact details of the SBCI’s data protection officer, please refer to the SBCI’s data protection statement which is available at: https://sbci.gov.ie/).
For information on how the SBCI handles personal data, including information about your data protection rights (in respect of the SBCI) and the contact details of the SBCI’s data protection officer, please refer to the SBCI’s data protection statement which is available at: https://sbci.gov.ie/.
We use your information in this way because i) it is necessary to perform our contract to deliver credit related products and services to you (or any Connected Company), ii) to meet our legal obligations and iii) because it is in our legitimate interests to understand your financial position and to promote responsible lending.
5.5 To comply with our legal obligations, to prevent financial crime including fraud and money laundering we will use:
a. any information you have given us, that we have obtained from a third party, or that we have obtained by looking at how you use our services, where it is necessary for us to use that information to comply with a legal obligation; and
b. this information will include name, address, date of birth, every country of residence/citizenship, personal identification (which may include passport number or driving license number) your IP address, and information about any criminal convictions.
We will give information to and receive information from third parties where that is necessary to meet our legal obligations, including credit reference agencies, fraud prevention agencies, An Garda Síochána and other law enforcement and government agencies, banks and regulators. Fraud prevention agencies may use your information as set out in paragraph 5.4 above
5.6 For financial management and debt recovery purposes, we will use:
a. your contact details; and
b. information we obtain from looking at how you have used our services.
We will give information to and receive information from third parties where that is necessary to recover debts due by you or your customers (or by a Connected Company or the customers of that Connected Company) to us, for example, other funders, debt recovery agents, insolvency practitioners, our legal advisers, credit reference agencies and sheriff officer or bailiff services. This might include passing personal information about you to a third party who we have transferred your debt to, and who will then contact you directly to collect that debt. If your debt is transferred to a third party you will be advised of the identity of that third party.
We use your information in this way because it is necessary to perform our contract with you, to exercise our legal rights, and because it is fair and reasonable for us to do so.
5.7 To carry out market research and analysis to develop and improve our products and services we will use:
information about how you have used our products and services. We use your information in this way because it is in our interests to do so for the purpose outlined above.
We may pass your personal information to market research companies and other service providers as required.
5.8 To market products and services to you, we will use:
a. the contact details you have provided to us; and
b. information we have gathered from your use of our other products and services to form a profile of you which we will use to assess what other products and services would be most beneficial for you.
We will pass your personal information to our service providers who help us with these marketing activities.
Sometimes we work with other companies to offer you the best products and services. We will sometimes share your personal information with our partners, and receive personal information about you from our partners, to make sure that we give you the best, most relevant offers when we market to you (if you have consented or have otherwise requested us to do this).
We might also receive personal information about you from a third party and use it to market our products and services to you, where you have given that third party your consent to share the personal information with us (or have otherwise requested them to do this) or where that third party otherwise has a lawful basis for sharing that personal information with us. We may collect your name and address from other service providers for the purpose of providing suitable marketing to you.
5.9 To facilitate introductions from, and to enable introducer fee payments to be made to, third parties, we will give information to and receive information from third party independent financial advisers and brokers. In doing this we will use:
a. information about the general nature of our products and services; and
b. information about the value of those products and services (where we have made them available to you (or a Connected Company)).
We use your information in this way because it is in our interests to have relationships with third party introducers in order to expand our business and to allow us to provide you with the products and services that best suit you.
5.10 To make introductions to third party financial advisers and brokers or third party funders we will use:
a. your contact details; and
b. information in relation to the products and services which we believe you are seeking or which may be best suited to you.
We use your information in this way where you have either given your consent to this or have otherwise requested us to do this
5.11 To enable us to obtain the funding which we provide to you (or a Connected Company) we may use:
information in relation to the facility made available to you (or a Connected Company) (which could include copies or the originals of our agreements with you (or such Connected Company) and the provision of such information to our funders or block discounters.
We use your information in this way where our own funding arrangements require us to do so in order to obtain the funding which we make available to you.
5.12 To comply with our obligations to supply details of our business (and its performance) to our funders including the SBCI Disclosees and auditors we will use:
a. your name; and
b. details of the amount of funding made available by us to you (or a Connected Company).
We use your information in this way as it is a requirement of our funding arrangements (and a failure to comply would mean that we would be unable to provide you (or a Connected Company or Your Supplier) with the funding you (or they) need) or our audit obligations (which we have a lawful obligation to comply with).
5.13 For business development purposes and to engage with introducers, contractors and advisers we will use:
your contact details in order to make contact with you for any of the above purposes. We do this either because i) it is necessary in order to enter into a contract with you or to perform a contract once entered into or ii) it is in our legitimate interests to interact with you for networking and business development purposes.
5.14 For security and administrative purposes we will use:
information (which would usually include your name, details of your organisation and your vehicle registration number) which you may insert into our visitors’ books when you visit our premises.
This information is needed to assist us to verify your identity and to help administer appointments which you have with us. The information will also help us to determine who is within our premises, in the case of an emergency. Your vehicle registration details can help us to identify and locate you whilst you’re visiting our premises, should there be a problem connected to your vehicle.
5.15 In completing our documents we will use:
a. contact information; and
b. occupation details
of any individuals who witness any signatures on any of our documents.
This information is required to make it easier to identify and trace a witness in case any questions arise in the future concerning the execution of our documents. Each party to our documents will be provided with a fully signed copy of then and further copies will (where relevant) be filed with the Companies Registration Office and the Property Registration Authority. All witness details (other than witness names) will be redacted before filing at the Companies Registration Office.
Connected Companies and Key Individuals - personal information requirements
For a Connected Company, we will use personal information about Key Individuals, so that we can operate and administer the products and services which we provide to the Connected Company.
The personal information we use about Key Individuals is as set out in preceding paragraphs of this section 5, and we may use it for any of the purposes described in this section 5. We may hold personal information on Key Individuals for the purposes of operating and administering products and services which we provide to the Connected Company, as well as for the purposes of the prevention of fraud and money laundering, for debt recovery purposes, and to make credit decisions about the Connected Company.
Personal information on Key Individuals is obtained directly from the Key Individual, from the Connected Company, from the Key Individual's dealings with any of the Bibby Group Companies, and from fraud prevention and credit reference agencies. Such information may include special categories of personal information, such as information relating to health or criminal convictions.
6. Automated decision making
6.1 Sometimes we use your personal information in automated processes to make decisions about you, such as credit scoring. When credit scoring, we use personal information (which may have been obtained from you, obtained from credit reference agencies or extracted by us based on how you have used other products and services provided by us (including your credit history with us)) to create a profile of you. This predicts your credit worthiness based on your financial profile. We analyse this information to identify a credit score based on how likely it is that your payment obligations to us will be met. This information is used by us to decide whether i) to enter into a contract to provide a product or service to you (or to a Connected Company or Your Supplier), ii) to adjust products or services you (or such Connected Company or Your Supplier may) have with us (such as increasing or decreasing funding limits), iii) to pre-approve future products or services for you (or such Connected Company or Your Supplier) and iv) in some cases, whether we need to take action to recover sums due to us.
6.2 We want you to get the most relevant information about our products and services at the right time. The most effective way for us to do this is to use automated processes to create a profile of you for marketing. To carry out marketing profiling we use information (which may have been obtained from you, obtained from credit reference agencies, extracted by us based on how you have used other products and services provided by us (including your credit history with us), arising from any feedback which you have provided to us or obtained from other external data sources) to create a profile of you.
7. Our lawful basis for using your personal information
7.1 We only use your personal information where we have a lawful basis to do so. This could include where:
- we have your consent;
- we need to use the information to comply with our legal obligations;
- we need to use the information to perform a contract with you or to take steps at your request before a contract is entered into; and/or
- it is in our interests or someone else's interests to use the personal information and your interests in protecting your personal information do not override this – this will include where it is in our interests to use your personal information to decide whether to enter into a funding facility with you (or with a Connected Company or Your Supplier) and, afterwards, to progress, process or administer that funding facility (including facilitating payments and collecting in monies owed to us), to contact you about products or services, to market to you, or to collaborate with others to improve our services.
Where we have your consent, you have the right to withdraw it. We will let you know how to do that at the time we gather your consent. See section 11 (Keeping you up to date) for details about how to withdraw your consent to marketing.
7.2 Data protection laws give special protection to particularly sensitive personal information. This includes information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations. We will only use this kind of personal information where:
- we have a legal obligation to do so (for example to protect vulnerable people);
- it is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises);
- it is in the substantial public interest;
- it is necessary for the prevention or detection of crime;
- it is necessary for insurance purposes; or
- you have specifically given us explicit consent to use the information.
7.3 We may use information about criminal proceedings relating to you to decide whether to enter into a facility with you or a Connected Company or Your Supplier (we will generally not do this if you have a criminal prosecution, for fraud prevention/anti-money laundering purposes and to fulfil our legal and regulatory obligations.
7.4 More information about our lawful basis for processing your personal information is contained in section 5 above.
8. Sharing your personal information
8.1 We will share personal information with other Bibby Group Companies and with other third parties where we need to do that to make products and services available to you, to market products and services to you, to meet or enforce a legal obligation or where it is fair and reasonable for us to do so. We will only share your personal information to the extent needed for those purposes.
8.2 Who we share your personal information with depends on the products and services we provide to you (or any Connected Company or Your Supplier) and the purposes we use your personal information for. For most products and services we will share your personal information with our own service providers such as our IT suppliers, with credit reference agencies and with fraud prevention agencies. We may also share your information with others such as third parties approved by you, external contractors, suppliers, consultants, third party agencies and representatives, our professional advisers and, in some cases, our own funders. If practical these recipients of the information will be bound by confidentiality obligations. We may also be required to share some personal information with the Government or any industry regulators (where we are required to do so by law or to assist with their investigations or initiatives), such as the Central Bank, the Revenue Commission, the Data Protection Commissioner or the courts, or with an Garda Síochána, law enforcement or security services (to assist with the investigation and prevention of crime and the protection of national security). See section 5 (How we use your personal information) for more information about who we share your personal information with and why.
8.3 Most of the time the personal information we have about you is information you have given to us, or gathered by us in the course of providing products and services to you (or to a Connected Company or Your Supplier). We also sometimes gather personal information from third parties for example where necessary for credit checking and fraud prevention or for marketing purposes (to enable you to receive details of relevant products from us). See section 5 (How we use your personal information) for more information about who we receive your personal information from and why.
9. Transfers of information outside the European Economic Area (“EEA”)
9.1 We may need to transfer your personal information outside of the EEA , for instance to other Bibby Group Companies, service providers, agents, subcontractors and regulatory authorities in countries where data protection laws may not provide the same level of protection as those in the EEA. An example of this occurs in relation to our identity verification procedures. If you are a prospective client or a Key Individual in relation to a prospective client then we will use the services of Jumio Corporation to assist in identity verification. Jumio Corporation is a US based company which operates globally and which uses computer vision technology, machine learning and live verification to verify credentials.
9.2 We will only transfer your personal information outside the EEA where either i) the transfer is to a country which ensures an adequate level of protection for your personal information (as determined by the European Commission) or ii) we have put in place measures to ensure adequate security for your personal information (in accordance with Article 46 of the GDPR). These measures include ensuring that your personal information is kept safe by carrying out strict security checks on our overseas partners and suppliers, backed by strong contractual undertakings such as the EU style model clauses. We also use the EU Commission approved EU-US Privacy Shield when we transfer personal information to the US. https://www.jumio.com/about/compliance-regulations/
10. How long we keep your personal information for
10.1 How long we keep your personal information for depends on the products and services we deliver to you (or to a Connected Company or to Your Supplier). We keep your personal information for so long as you have (or the relevant Connected Company or Your Supplier has) a relationship with us but will never retain your personal information for any longer than is necessary for the purposes we need to use it for.
10.2 We generally keep the personal information we use for at least seven years after the end of any facility which we make available to you (or any Connected Company or Your Supplier) or from the date you (or such Connected Company or Supplier) last used one of our services. Where the documentation relating to any facility made available to you (or any Connected Company or Your Supplier) consists of documents signed as deeds then we may keep those documents and personal information relating to those documents for twelve years after termination of those documents. In some circumstances we will hold personal information for longer than stated above where we believe that this is necessary for active or potential legal proceedings or to resolve or defend claims.
11. Keeping you up to date
11.1 We will communicate with you about products and services we are delivering using any contact details you have given to us - for example by post, email, text message, social media, and notifications on our website.
11.2 Where you have given us consent to receive marketing, you can withdraw consent, and update your marketing preferences by contacting us directly at the sales hot desk at (01) 297 4920.
13. Do you need extra help?
Please contact our Sales hot desk at (01) 297 4920 if you would like this Privacy Notice in another format (for example audio or large print.