During the course of your interaction with Blue Panda Finance, there is various information that we will collect about you. We only collect the personal data about you that is needed to proceed with claims management services on your behalf. This includes information you voluntarily provide to us, including; name, address, email, phone number and all other information you provide to us as part of the Claims Management process.
All personal data we hold is processed by Blue Panda Finance staff in the UK. Your information is held on our servers, which are hosted by our IT provider – compliant to ISO9001 and ISO27001), also based here in the UK.
We collect, store and use the following kinds of your data:
- information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit and number of page views);
- information relating to any transactions carried out between you and us on or in relation to this website, including information relating to the supply of our services;
- information that you provide to us for the purpose of registering with us (including name, address, telephone number and any financial information);
- information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters);
- information required to complete our services that we will request directly from you, including your personal circumstances and information about your financial products and services; and
- any other information that you choose to send to us.
Why we need your Data
During the provision of our services, you agree for us to process your personal information through signing our Letter of Authority which means you agree to our Terms of Engagement, to allow us to:
- Supply to you services under your contract;
- Send you general commercial communications by the contact details you have provided to us during our services (you can update your communication preferences by using the contact details on our Contact Us Page;
- Contact third parties on your behalf, with your specific instruction; and
- Send you email notifications which you have specifically requested;
Please note, there is certain information and data we need to be able to complete our services for you. We will always explain what it is we need, and why we need it. If you do not provide this, we may not be able to fulfil our contractual obligations with you. If you do not wish to provide this, we have the right to terminate your contract with us in accordance with our Terms of Engagement, which you agree to by signing our Letter of Authority.
What we do with your Data and how we use it
As part of the service we provide to you, we do need to share your information with the specific Lender(s) you have stated in your instruction to us. Blue Panda Finance will not sell, assign, disclose or rent your personal data to any other external organisation or individual except in instances where the law requires us to disclose it, or where it is necessary to disclose the information to comply with a regulatory or legal process. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users of our website with our business partners, affiliates and advertisers for the purposes outlined above.
To allow us to provide our services to you, the following third parties provide critical functions to our business and will process your personal information as directed by us and in accordance with strict data security arrangements:
- Our Services: during our services we will provide your data, under your specific instruction, to named lenders, brokers and other entities your specify and, if required, the Financial Ombudsman. We will also provide a referral to any legal partner, at your request;
- Our Advertising: We also use third party advertising services who provide analytical information about our advertising to help us improve this in the future. In any event, the data held by analytics firms is on an anonymised basis meaning they cannot identify you;
- Our Systems and IT: we use third party firms who provide essential storage arrangements (including call recordings), software and support to our infrastructure;
- Our Regulators: we may be required to provide your data to our Regulators, who include the Financial Conduct Authority, the Legal Ombudsman Service and the Information Commissioner’s Office; and
- Our Professional Services: we use professional legal, consultancy and accountancy services to help us fulfil our legal obligations.
We have carefully selected our third parties due to their commitment to keeping your data safe, and, where possible, all data is processed within the UK. Where data is transmitted outside of the UK, we ensure that there are appropriate security measures in place such as technical security, including encryption and restricted access to your data.
If you request for us to stop processing your data, we will also communicate this to the relevant third parties if they are processing this on our behalf. If you have any concerns about the above third parties, please let us know and we can provide advice and support to help you manage your data preferences.
Except as described herein, we do NOT disclose your information to nor share your information with third parties.
We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorised access to systems where we store personal data.
We restrict access to personal information to our employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
We also have procedures in place to deal with any data security breach should one occur. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We rely on legitimate interests as our lawful basis for processing. Processing is necessary for the performance of a contract to which you, the data subject is party and to take steps at the request of you, prior to entering in to a contract. We will only process your personal data in a way that you reasonably expect.
In respect of our legitimate interests, we have a legitimate interest in keeping you updated about any further services offered by us which may be of interest to you both during and after the conclusion of your contract with us, including communication of any developments that may have an impact on your original service (e.g. a change in the law that will make additional services available to you). We will use the details you have provided to contact you including by telephone, email and post. If you do not wish for us to contact you in this manner, or by a specific method, you will be able to unsubscribe at any time to one or all contact methods and this option will be easy for you to complete.
Furthermore, we offer a comprehensive service to address several areas of financial mis-selling and will help you assess any affected products. As part of this service, we can provide a direct referral to any legal partners who are able to offer specialist support in respect of alternative financial products. We will always ask for your consent before doing so and this is entirely your choice.
We also have a legitimate interest in using your data to help us to review our services and obtain analytics in respect of our customer base.
We may also be required to use your data due to a legal requirement which is placed upon us; this includes our regulatory requirements such as financial record keeping, staff training and monitoring, in addition to complaint handling. In these circumstances, we may be required to keep your data by law. We will always inform you if this is the case.
General Data Protection Regulation
We will do our utmost to ensure our requirements pursuant to the UK GDPR (including any statutory modification or re-enactment) are fully complied with at all times. As is necessary for the purposes of legitimate interests, we will use your data (Data) in the progression of your matter and will act as a “data controller” (for the purposes of UK GDPR) of your data. Specifically we will use your data for the purpose of progressing your claim including through Court, Counsel, Arbitrators, Ombudsman Schemes and Solicitor Agents and any other search in the progression of your matter.
We comply at all times with our obligations under UK GDPR, including but not limited to, taking appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal or special personal data. When considering what measures are appropriate, we shall have regard to the state of good practice, technical development and the cost of implementing any measures to ensure a level of security appropriate to the harm that might result from such unauthorised or unlawful processing or accidental loss or destruction, and to the nature of the data to be protected.