This privacy notice sets out how Global Loan Agency Services Limited of 55 Ludgate Hill, Level 1, West, London EC4M 7JW (GLAS), also referred to in this privacy notice as “we”, “our” or “us”, collect and use your personal information. We are committed to being transparent and protecting your data; therefore, this notice includes how we store and protect your data, who we share your data with and how long we hold your data for. This notice also outlines your rights and the actions you should take if you are concerned with the way GLAS is handling your personal data. Should we ask you to provide certain information by which you can be identified when using this website, you can be assured that it will only be used in accordance with this privacy notice.
GLAS is the data controller and is responsible for the processing of client data. Our Data Protection Officer who is responsible for GLAS and its employees to comply with the GDPR and is the first point of contact for individuals whose data is processed can be contacted at, firstname.lastname@example.org.
References in this notice to “your information” are to personal data that you provide or that is provided to us.
How we collect your personal data:
- From you directly,
- From a third party (for example, a solicitor, beneficiary) or others who are a part of providing your services.
What type of personal data may be collected by GLAS?
- Full name (may include marital status)
- Photographic Identification
- Personal business email address
- Telephone Number
- Date of birth
- Passport number
- Proof of address
- Bank account details such as sort code and account number
- Tax or National Insurance Number
- Name/s of the executor
- Name/s of the beneficiary
- Employment contract (if we are acting as Facility Agent)
How we use your personal data and our lawful basis for processing this
- Personal business email address: We need this information to contact you in regards to a transaction/agreement. The lawful basis of processing this personal data is the pursuit of our legitimate interests.
- Photo ID (Including but not limited to, Passport, National ID, Driving License): We use photographic identification to verify the identity of a potential client. This is in line with our ‘Know Your Customer’ (KYC) procedures and a requirement by law to fulfill our Anti-Money Laundering & Counter Terrorist Financing obligations.
- Proof of address: We use proof of address to verify the identity of a potential client. This is in line with our KYC procedures and a requirement by law to fulfill our Anti-Money Laundering & Counter Terrorist Financing obligations.
- Name, email address and telephone number provided via our website: We will also use your personal information to contact you using the details you provided to offer our services and for operational and business purposes. Our lawful basis for processing this information is the pursuit of our legitimate interests.
- Bank Account Details: We need bank account details to make interest payments or to distribute trust or escrow funds (if applicable). The basis of this processing is due to having a contract with the individual and is the pursuit of our legitimate interest.
- Confirmation of an individual’s Tax number or National Insurance number: We need a client’s tax or national insurance number to verify the identity of a potential client. This is in line with our KYC procedures and a requirement by law.
- Original sealed Grant of Probate (this may include names of the executor and/or beneficiary): We need this data for the maintenance of the register, for example, to update. We also need the Grant of Probate to make payments if the beneficiary is deceased. It is the pursuit of our legitimate interest to process this data.
- Employment Contract: We may be given this data under the agreement relating to our role as a Facility Agent to check the employment status of an individual. We have a legal obligation to receive this data.
Who we share your personal data with
If the personal data that you provide to our transaction managers is for KYC purposes, then your personal data will be securely emailed to our compliance team to process.
Your name and personal email address will be shared with our third-party marketing platform, MailChimp in order to send you marketing communications. The same data will also be shared with our third-party Customer Relationship Management system (CRM).
Your information may be disclosed when we believe in good faith that the disclosure is:
- required by law;
- to protect the safety of our employees, the public or GLAS property;
- required to comply with a judicial proceeding, court order or legal process; or
- for the prevention or detection of crime (including fraud).
Storage, Security and Transfers
GLAS take the security and protection of your personal data very seriously. We have technical and organisational security measures to ensure that your personal data is secure against both external and internal threats and access to personal data is restricted to those who need to process it. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. GLAS have also established backup and recovery procedures in the unlikely event that your personal data is lost or accidently destroyed.
Once your personal data has been processed, it will be securely stored in a private portal on Microsoft Office 365 which has restricted access.
Your name and personal business email address will be stored on our third-party CRM system which has access restricted to only those who have a business need to see this information. Our CRM is SOC 2 compliant and maintains reasonable security measures to protect your information from loss, destruction, misuse, unauthorized access or disclosure. Our CRM complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S.
MailChimp’s servers are located in the United States so information may be transferred to, stored, or processed in the United States. However, MailChimp participates in and has certified its compliance with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
GLAS may transfer your personal data outside the European Economic Area (EEA) and your data may be transferred to the UK from outside the EEA. If this happens, we will make sure that suitable safeguards are in place and that your personal data is protected at the same level that it is in the UK.