Privacy Policy

Data Protection Policy

Grange Distributors (Romford) Limited t/a Cash Concepts

1) Introduction

We are a Consumer Credit Business licensed by the FCA Ref number 741816

We are registered with the ICO for Data Protection Ref No ZA485350

We do not require a Data Protection Officer because we are a small business with relatively small amounts of data stored. However, our Information Leader is the key contact for data protection.

Under FCA SYSC requirements we also have a senior manager who takes responsibility for data, their title is Managing Director.

2) Basis of Processing Data

We retain data and relevant information about our customers on the following basis;

Pawnbroking, Buy Back, Layby's, Cheque Cashing and Bureau De Change – Legitimate Interest- We process – proof of name, address complying with AML requirements. We ask for [eg passport or driving license/ utility bill] for all new customers and apply due diligence as per our AML policy.

Pawnbroking-Marketing soft opt-in– We use a soft opt-in for marketing. This means that unless the customer ticks the box on contract note 6 of their Pawn Contract we may send them relevant marketing emails and contact them as per article 22 of the PECR (Privacy and Electronic Communications Regulations), on the basis that;

we have obtained the contact details in the course of a pawn contract
we are only marketing their own similar products or services; and
we gave the person a simple opportunity to refuse or opt out of the marketing, both when first collecting the details and in every message after that.
Other activities

[For marketing through third parties and for CRAs (Credit Rating Assessments) we specifically request the Consent of the customer, and they must opt-in by signing our privacy statement ]

CCTV- is retained for one month as part of the legitimate process of preventing crime. Footage is shared with police on request to help ongoing investigations.

3) Data Controller

We Grange Distributors (Romford) Limited t/a Cash Concepts, are the Data Controllers, and are responsible for all personal information retained, and are subject to audit by the Information Commission Office (ICO). We do not share our data with 3rd parties.

4) Disclosure

All customers setting up an account with us including Pawnbroking customers are made aware at the point of transaction how, where and with whom their information will be shared.

Adequate Explanations

There is standard information that our staff always read out to customers. We state to them before any information is taken;

Please read our privacy notice carefully, this explains what personal information we require about you to enter into and manage our agreement with you and for our legitimate interests (for example preventing fraud). It also explains how we may acquire, use and share that information and what rights you have regarding the data we hold about you. We may send you marketing communications unless you opt out of receiving them (see the tick box on note 6).

We Show the Customer Our Privacy Notice

We show every customer the privacy notice before any pawn transaction via a laminated privacy notice on the Counter. Since the basis for processing data is Legitimate Interest ( a pawn contract) the customer is not required to sign this.

Every contract has a Data Processing Clause (no. 6 on back of pawn contract)

This is a shortened version of the privacy notice but also has a soft opt-in for marketing.

Data protection

The personal information we collect about you is used by us to fulfil our statutory obligations, to administer your agreement(s) and contact you, and when otherwise required by law or where permitted by Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR). You will have already seen our privacy notice. It is important that you provide us with accurate information. If you provide false or inaccurate information or we suspect fraud, this information may be recorded. We will retain your data for six years after our account with you is closed, whether settled by you or in default.

You have the right to:

access the information we hold about you
ask us to make changes to your information to make sure it is accurate/up to date
ask us to stop or limit processing or delete your information(we are not obliged to do this in relation to information we need as part of our contractual relationship)
receive your information in a format that suits you
transfer your information to a third party
please contact us using the details shown overleaf for further information.
We may contact you by post, email, SMS or telephone for the purposes of marketing our products and services; please tick here □ if you do not wish to receive such marketing.
[We do not undertake CRA checks and we do not share data with 3rd parties]

5) Data collection

We have reviewed our business through our Information audit to identify the data that is processed and how it flows into the business.

We will ensure that data is collected within the boundaries defined in this policy. When collecting data, we will ensure that the customer clearly understands why the information is needed.

We will respect the following rights for individuals:

The right to be informed
The right of access- [in the case of Pawnbroking, they are entitled to ask the details of their contract but cannot demand a replacement contract.]
The right to rectification [for example changing address]
The right to erasure [they cannot demand the erasure of a pawn contract, although it would be erased after 6 years of no contact as part of your policy]
The right to restrict processing g. To temporarily stop proceedings because they have accidentally given incorrect information e.g. got their phone number wrong.
The right to data portability
The right to object-
Rights in relation to automated decision making and profiling.

6) Data Storage

Information and records relating to service users will be stored securely and will only be accessible to authorised staff. Information will be stored for only as long as it is needed or required statute and will be disposed of appropriately. [e.g. We store pawnbroking data for 6 years from the last point of contact].

It is our responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been destroyed or sold to a third party.

We will undertake periodic [annual] Information audits and Data Protection Impact Assessments to continually aim to improve systems, minimise risk and improve security.

7) Data access and accuracy

We will ensure that:

The Information Leader has the responsibility for data in their job description and that they are fully trained for the role to ensure compliance with Data Protection [they keep up to date by online training provided by the NPA]
Everyone processing personal information understands that they are contractually responsible for following good data protection practice and are trained according [using the modules provided online by the NPA]
Everyone processing personal information is appropriately trained to do so
Everyone processing personal information is appropriately supervised
We deal promptly with any enquiries about handling personal information
We annually review and audit the ways it hold, manage and use personal information through our Information Audit
All staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any future changes or amendments made to the GDPR 2018.

8) Data Breeches

We will maintain a log of all data breaches no matter how small. A small breach would include [overhearing account details, losing a small amount of data or accidental deletion, loss of CCTV footage.]

Examples of a major breach would be [loss or theft of entire database, web cybersecurity issue or hacking resulting in the theft of emails/ passwords/ financial data of a significant or unquantified number of people.

We will ensure we have robust breach detection, investigation and internal reporting procedures in place.

We will report serious breaches within 72 hours of becoming aware of the breach where feasible, to the ICO on 0303 123 1113 and explain;

what has happened;
when and how we found out about the breach;
the people that have been or may be affected by the breach;
what we are doing as a result of the breach; and
who ICO should contact for more information
advise who else we have told about the breach.

9) Our Privacy Notice

Grange Distributors (Romford) Limited t/a Cash Concepts Privacy Notice

This explains how and why we acquire and use your personal information in accordance with Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR).

We may collect information about you: as part of your loan application and for the purposes of managing your loan agreement from you, from public records and from third parties with your consent .This includes your name, address, date of birth, contact details, employment information, credit record and your agreement history.

We use your information to:

communicate with you by telephone, email, SMS, or post using the contact details you have provided

manage your account

prevent fraud and money laundering

We may use your data for the above purposes to fulfil our legitimate interest of managing our legal agreement with you and where otherwise required to comply with our legal and regulatory obligations and where permitted by the GDPR. If you do not provide us with your personal information, we will not be able to lend to you.

We may also use your information for other purposes where you have consented to this (see below).

We may share your information with:

third parties to which we transfer, charge or assign your agreement or which provide services for us
law enforcement agencies or regulatory bodies where we are required to do so by law
We store your information:

within the European Economic Area (EEA)
if we transfer data outside the EEA we will ensure that before we do so, there is adequate protection in place to ensure the security of your data.
We keep your information:

for as long as it is needed to manage your account and for a maximum of six years unless a longer period is required by law.

You have the right to:

access the information we hold about you
ask us to make any changes to your information to make sure it is accurate and up to date
ask us to stop or limit our use of or to delete your information (we are not obliged to do this in relation to information we need as part of our contractual relationship)
receive your information in a format that suits you
transfer your information to a third party

Cookie Policy

This Website may place and access certain Cookies on your computer. Grange Distributors Ltd uses Cookies to improve your experience of using the Website and to improve our range of products. Grange Distributors Ltd has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times.

All Cookies used by this Website are used in accordance with current UK and EU Cookie Law.

Before the Website places Cookies on your computer, you will be presented with a pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling Grange Distributors Ltd to provide a better experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of the Website may not function fully or as intended.

This Website may place the following Cookies:

(Type of Cookie) / Purpose
(Strictly necessary cookies) These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
(Analytical/performance cookies) They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
(Functionality cookies) These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
(Targeting cookies) These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser.

You can choose to delete Cookies at any time; however you may lose any information that enables you to access the Website more quickly and efficiently including, but not limited to, personalisation settings.

It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.

Contact

If you have a question, want to exercise your rights or make a complaint, please contact us.

If we cannot resolve your complaint, you may contact the Financial Ombudsman Service at:

Financial Ombudsman Service

Exchange Tower

London

E14 9SR

Tel: 08000 234 567

You also have the right to complain to the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. www.ico.org.uk.