Privacy Policy
Privacy Notice
This privacy notice sets out how Global Loan Agency Services Limited of 55 Ludgate Hill, Level 1, West, London EC4M 7JW (GLAS), also referred to in this privacy notice as “we”, “our” or “us”, collect and use your personal information. We are committed to being transparent and protecting your data; therefore, this notice includes how we store and protect your data, who we share your data with and how long we hold your data for. This notice also outlines your rights and the actions you should take if you are concerned with the way GLAS is handling your personal data. Should we ask you to provide certain information by which you can be identified when using this website, you can be assured that it will only be used in accordance with this privacy notice.
GLAS is the data controller and is responsible for the processing of client data. Our Data Protection Officer who is responsible for GLAS and its employees to comply with the GDPR and is the first point of contact for individuals whose data is processed can be contacted at, dpo@glas.agency.
References in this notice to “your information” are to personal data that you provide or that is provided to us.
How we collect your personal data:
- From you directly,
- From a third party (for example, a solicitor, beneficiary) or others who are a part of providing your services.
What type of personal data may be collected by GLAS?
- Full name (may include marital status)
- Photographic Identification
- Personal business email address
- Telephone Number
- Nationality
- Date of birth
- Passport number
- Proof of address
- Bank account details such as sort code and account number
- Tax or National Insurance Number
- Name/s of the executor
- Name/s of the beneficiary
- Employment contract (if we are acting as Facility Agent)
How we use your personal data and our lawful basis for processing this
- Personal business email address: We need this information to contact you in regards to a transaction/agreement. The lawful basis of processing this personal data is the pursuit of our legitimate interests.
- Photo ID (Including but not limited to, Passport, National ID, Driving License): We use photographic identification to verify the identity of a potential client. This is in line with our ‘Know Your Customer’ (KYC) procedures and a requirement by law to fulfill our Anti-Money Laundering & Counter Terrorist Financing obligations.
- Proof of address: We use proof of address to verify the identity of a potential client. This is in line with our KYC procedures and a requirement by law to fulfill our Anti-Money Laundering & Counter Terrorist Financing obligations.
- Name, email address and telephone number provided via our website: We will also use your personal information to contact you using the details you provided to offer our services and for operational and business purposes. Our lawful basis for processing this information is the pursuit of our legitimate interests.
- Bank Account Details: We need bank account details to make interest payments or to distribute trust or escrow funds (if applicable). The basis of this processing is due to having a contract with the individual and is the pursuit of our legitimate interest.
- Confirmation of an individual’s Tax number or National Insurance number: We need a client’s tax or national insurance number to verify the identity of a potential client. This is in line with our KYC procedures and a requirement by law.
- Original sealed Grant of Probate (this may include names of the executor and/or beneficiary): We need this data for the maintenance of the register, for example, to update. We also need the Grant of Probate to make payments if the beneficiary is deceased. It is the pursuit of our legitimate interest to process this data.
- Employment Contract: We may be given this data under the agreement relating to our role as a Facility Agent to check the employment status of an individual. We have a legal obligation to receive this data.
Who we share your personal data with
If the personal data that you provide to our transaction managers is for KYC purposes, then your personal data will be securely emailed to our compliance team to process.
Your name and personal email address will be shared with our third-party marketing platform, MailChimp in order to send you marketing communications. The same data will also be shared with our third-party Customer Relationship Management system (CRM).
Your information may be disclosed when we believe in good faith that the disclosure is:
- required by law;
- to protect the safety of our employees, the public or GLAS property;
- required to comply with a judicial proceeding, court order or legal process; or
- for the prevention or detection of crime (including fraud).
Storage, Security and Transfers
GLAS take the security and protection of your personal data very seriously. We have technical and organisational security measures to ensure that your personal data is secure against both external and internal threats and access to personal data is restricted to those who need to process it. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. GLAS have also established backup and recovery procedures in the unlikely event that your personal data is lost or accidently destroyed.
Once your personal data has been processed, it will be securely stored in a private portal on Microsoft Office 365 which has restricted access.
Your name and personal business email address will be stored on our third-party CRM system which has access restricted to only those who have a business need to see this information. Our CRM is SOC 2 compliant and maintains reasonable security measures to protect your information from loss, destruction, misuse, unauthorized access or disclosure. Our CRM complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S.
MailChimp’s servers are located in the United States so information may be transferred to, stored, or processed in the United States. However, MailChimp participates in and has certified its compliance with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
GLAS may transfer your personal data outside the European Economic Area (EEA) and your data may be transferred to the UK from outside the EEA. If this happens, we will make sure that suitable safeguards are in place and that your personal data is protected at the same level that it is in the UK.
Email Marketing
We rely on the following legal basis to send email marketing:
- Where it is in our pursuit of legitimate interest to do so
- With your consent
By ‘legitimate interests’ we mean that we have a business reason to use this data, and it does not conflict unfairly with your interests.
If you have provided us with your business card, we will add you to our marketing list. We would like to keep you updated with information about GLAS in regards to products or services that you may be interested in, updates and briefings and invitations to our events. You can unsubscribe at any time.
If you have given consent to receive our marketing emails via our website, we may use your personal corporate email address to email you with the information above.
You can unsubscribe at any time by clicking on the ‘unsubscribe’ link at the bottom of any email from us or by clicking here
How long does GLAS keep your data for?
The above personal data will stay on file for as long as we have reasonable business needs and will retain the personal data in line with legal and regulatory requirements or guidance. Our Anti-Money Laundering (AML) Policy confirms that to ensure compliance with our Customer Due Diligence policy, records of identification are to be retained for 5 years after the account is terminated or a transaction matures. During these 5 years your personal data will be archived securely in Microsoft Office 365 Sharepoint.
After this date we will securely delete your personal data and will take steps to ensure that the personal data is erased and cannot be recovered.
Many records may legitimately need to be stored for more than five years after receipt. If GLAS still has a relationship with an individual directly, or indirectly through a corporate structure, then we need to maintain the data and refresh it where necccessary.
How we use cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor behavior information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
For further information visit www.aboutcookies.org or www.allaboutcookies.org
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browsers. However, in a few cases some of our website features may not function as a result.
Links to other websites
Our website may contain links to other websites of interest. This privacy notice only applies to this website so when you link to other websites you should read their own privacy policies.
Controlling your personal information
You can choose to restrict the use of your personal information. After completing our form on the website, you can tick or leave blank the box that asks if you are happy to receive future marketing communications from GLAS.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
Access to your information and correction
Under the new regulations you have the right to access a copy to your own personal data that we hold. This is called a Subject Access Request (SAR) and any requests must be made in writing to the Data Protection Officer. Information will be provided within one month of receipt. If the request is manifestly unfounded or excessive GLAS can extend this period by a further two months. If this is the case, you will be informed, and we will provide you with an explanation as to why the extension is necessary.
If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible. We will promptly correct any information found to be incorrect.
Your rights
The new regulations provide individuals more rights in regard to their personal data. There are certain circumstances that your rights apply to and if you wish to exercise any of the below we can let you know whether these apply or not.
Your rights include:
- The right to be informed about the processing of your data and how it is collected and used
- The right to rectify your data if it is found to be incorrect or incomplete
- The right to have your personal data deleted (the ‘right to be forgotten’)
- The right to restrict processing of your personal data
- The right to data portability (to move, copy or transfer your personal information)
- The right to object to the processing of your personal data
- Rights in relation to automated decision making and profiling which has a legal effect or will significantly affect you
If the processing of your personal data has been based on consent you have the right to withdraw this at any point. In order to do this, please contact the Data Protection Officer.
If you are concerned with the way GLAS is handling your personal data, then please contact our Data Protection Officer in the first instance. However, should you feel that the adequate action is not being taken, you have the right to inform a supervisory authority, such as the Information Commissioner’s Office (ICO) 0303 123 1113, https://ico.org.uk/
GLAS may revise the Privacy Notice from time to time. You should regularly check this Privacy Notice for updates.
The GLAS Australia Privacy Policy can be found here.
The GLAS SAS Privacy Policy can be found here.
The GLAS German Privacy Policy can be found here.