Who We Are
We DFI Financial Services Ltd are a company registered in England (Company no. 08522515) and are committed to protecting your privacy and complying with applicable data protection and privacy laws. This privacy notice (Notice) is designed to help you to understand what kind of personal data we collect and how we process and use such data. It also sets out your rights in relation to how we look after your personal data.
We act as a data controller for the personal data we hold about you.
Our products or services may contain links to a third party’s website or service. Unless that third party is processing your personal data on our behalf, we are not responsible for the privacy policies or practices of such a third party. We recommend that you carefully read the privacy notice for such third parties.
Personal data we collect
We collect your personal data typically when you register for our services, make a purchase, enter a sales promotion or otherwise interact with us. Below are examples of the categories of the data we collect on you.
For the most part, you may visit our websites without having to identify yourself. However, certain technical information is normally collected by us as a standard part of our services. This information relates to your IP-address, information about your device and other technical information your browser provides us with, and metadata about your use of our websites (such as when you use the website and how you interact with content). If you call us, additional information such as your telephone number may be saved as a standard part of that communication.
Information you provide us
To allow us to provide you with the products and services you have requested, or to communicate with you, we may ask you to provide us with certain information such as your name, date of birth or age, email address, home or postal address, or financial situation. In registering for our services, you create user names, passwords and other credentials that we use to authenticate you and to validate your actions. You may send us copies of your personal identity documents or details about other financial products to which you may be a party.
You may also indirectly provide us with information through your consents, preferences and feedback.
Your transactions with us
We collect details of the queries or requests you have made, the products and services provided (including delivery details), purchasing details (including payments made, credit card details, billing address, credit checks and other such financial information), details of agreements between us, records of contacts and communications, information and details relating to the content you have provided us with and other such transactional information. We may, in accordance with applicable law, record your communication with our customer care or with other similar contact points.
Certain services may involve the use of your location data. Use of your location data is, however, subject to your prior consent for each service.
Personal data obtained from third parties
We may obtain personal data about you from third party sources such as social media analytics, and from the following partners:
- Experian plc
- Veriphy Ltd
- Contego Solutions Ltd
- MangoPay SA
Why we need your personal data
We collect and process your data for one or more of the following grounds:
To fulfil our contract with you. We use your personal data as is necessary to provide you with our products and services in line with our overall contract. We process and use your personal data to provide you with a personalised service and the product or service you have requested, to fulfil your other requests, process your order(s), and as otherwise may be necessary to perform or enforce the contract between us.
We are required to do so by law or regulation. We and Resolution Compliance Limited are required by to process and store some of your data in order to fulfil our regulatory obligations. We may capture and share your personal data with organisations who can confirm your identity and provide information necessary to prevent fraud or other financial crimes. We may also be required to share your personal details where requested to by legal authorities or the Financial Ombudsman.
There is a substantial public interest in doing so.
You have provided us with your consent. Where you have given your informed consent, we will process your data in accordance with the permission you have given us and this Notice. You may withdraw your consent at any time.
Our other legitimate interests in using your data
Taking into account your interests, we process your personal data for the following purposes:
To verify your identity and administer your account. We process and use your personal data to ensure the functionality and security of our products and services, to identify you and the instructions you give us, and to prevent and detect fraud and other misuses.
Development of products and services. We process and use your personal data to develop our products and/or services. However, for the most part we only use aggregate and statistical information in the development of our products and services, and not data directly identifiable to you. We may also process and use your personal data to personalise our offerings and to provide you with service more relevant to you, for example, to make recommendations and to display customised content and advertising. We may combine personal data collected in connection with your use of a particular product and/or service with other personal data we may hold about you, unless the purpose for which we collected that data is incompatible with amalgamation.
Communicating with you and marketing. We process and use your personal data to communicate with you, for example, to provide information relating to our products and/or services you are using or to contact you for customer satisfaction queries. We may process and use your personal data for marketing. Marketing purposes may include using your personal data for personalised marketing or research purposes in accordance with applicable laws, for example, to conduct market research and to communicate our products, services or promotions to you via our own or third parties’ electronic or other services. When contacting you for the purpose of marketing, we will take into account any preferences you have expressed to us, including any desire not to receive marketing.
Profiling. We may process and use your personal data for profiling for such purposes as targeted direct marketing and improvement of our products or services. We may also create aggregate and statistical information based on your personal data. Profiling includes automated processing of your personal data for evaluating, analysing or predicting your personal preferences or interests in order to, for example, send you marketing messages concerning products or services best suitable for you.
Tracking remuneration due to us or our partners. We use your personal data to ensure that we receive the remuneration or commission due to us from, or payable by us to, any third-party product providers or distributors.
Insurance. We process personal data as required to enable us to periodically obtain insurance cover for our business and to notify and process claims with our insurers.
Business continuity. In the event of an interruption or cessation of our business, we need to ensure that we can implement our business continuity procedures (for example, we may need to rebuild our IT systems) or wind down planning to protect your interests. This may involve a transfer of your personal data to a third party (see below).
Transfers of your personal data
We will transfer your personal data to the third parties noted below, or as obligated by law.
Resolution Compliance Limited is a joint controller of your personal data in relation to our regulated activities.
Material service providers. We will transfer your personal data to the following third parties who provide us with a material service:
- North Row
- Mango Pay
Generic service providers. We may transfer your personal data to third parties who control or process personal data on our behalf to enable the efficient technical and logistical provision of our services. These service providers supply us with cloud data storage, data security services, customer relationship management software, and support ticketing services. We may substitute a technical or logistical service provider from time to time. Such parties are generally not permitted to use your personal data for any other purposes than for what your personal data was collected, and we require them to act consistently with applicable laws and this Notice as well as to use appropriate security measures to protect your personal data.
Event driven transfers. We may transfer your personal data to third parties in certain events where is it necessary to protect your, or our, legitimate interests. This includes the cessation, sale or transfer of our business; civil or criminal legal, or regulatory, proceedings; or insurance claims.
International transfers. Our products and services may be provided using resources and servers located in various countries around the world. Therefore, your personal data may be transferred outside the country where you use our services, including to countries outside the European Economic Area (EEA). We will only transfer data in such circumstances if the level of data protection in that jurisdiction is deemed adequate, or if there are appropriate safeguards in place to protect your privacy.
How long do we keep personal data?
We will only keep your personal data for so long as it is reasonable for us to do so, depending upon the nature of the data and our processing, and the grounds upon which we collected it. In general, we will delete redundant account information within 14 days of our relationship ending. However, we are obliged to keep certain records of our relationship to comply with the FCA’s rules, in which case we will instead restrict access through our archiving processes. Subject to any actual or potential legal claim, the maximum time that we envisage retaining any of your information is seven years, after which time it will be destroyed.
Information we use for marketing purposes will be kept by us until you notify us that you no longer wish to receive this information. If you do notify us that you no longer wish to receive marketing information we will keep an encrypted version of your contact information to ensure we respect your wishes.
What are your rights?
You have the right to request information and access to the personal data we hold about you.
You also have the right to request that we correct or delete any incomplete, incorrect, unnecessary or outdated personal data we hold on you. However, we cannot delete such personal data that is necessary for compliance, our binding legal obligations or if the personal data must be retained according to applicable laws, or is required for the exercise or defence of a legal claim.
In case you consider your personal data collected by us to be inaccurate but you do not wish your personal data to be deleted; if we have used your personal data unlawfully; or you have objected to the processing and the existence of legitimate grounds for processing is still under consideration, you may request restriction of processing of your personal data.
You may also at any time object to your personal data being processed for direct marketing purposes, sending promotional materials, profiling, or for the performance of market research. Further, where your personal data is processed based on your consent, you have the right to withdraw your consent for such processing at any time.
In case you wish to make use of your rights mentioned above, you may, as appropriate and in accordance with applicable laws, exercise such rights by contacting us through the contact points referred in the marketing materials or below in this Notice. In some cases, especially if you wish us to delete or cease the processing of your personal data, this may also mean that we may not be able to continue to provide the services to you.
Please note that we may need to identify you and to ask for additional information in order to be able to fulfil your above requests. Please also note that applicable law may contain restrictions and other provisions that relate to your above rights.
How to contact us
If you wish to contact us, please send an email to our nominated person at [email protected], write to 6 Sansome Lodge, Little Southfield Street, Worcester, WR1 1LH or call 0207 022 0987.
A cookie is a small piece of code, sent from a website sends to a user's internet browser, which allows that website to track the user's previous activity when they return to that website. This allows us to provide you with the experience that you expect from us and lets us continually improve our service.
You can block cookies by changing the settings on your browser, but if you do you will not be able to access all or parts of our website.
The types of cookies we use are:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
If you want more information about how cookies operate, or how to manage them, please visit About Cookies.
Changes to this Notice.
We may change this Notice from time to time. You should check this Notice occasionally to ensure you are aware of the most recent version.
This Notice was last updated on 10 May 2018.