Black & White Bridging is a trading name of Bath and West Finance Bridging Limited (12339728), Bath and West Finance limited (07673439) and their associated companies incorporated in England and Wales, Bury Manor Offices, Woodcroft Lane, Wick, Bristol BS30 5SH.
The companies operating within the Black & White Bridging brand are:
Bath and West Finance Bridging Limited (12339728)
Bath and West Finance Limited (07673439)
Bath and West Finance 1 Limited (11796052)
Bath and West Finance 2 Limited (11802007)
Bath and West Finance 3 Limited (11801988)
Where we make reference to ‘we’, ‘us’ or ‘our’ in this policy, we are referring to the company who is the data controller.
Unless otherwise specified (whether in this policy or under separate notice), the data controller is determined by the company who is dealing with your application, or the company which has provided you with a loan and/or taken security.
Where one of these companies is a data controller, it will be registered with the Information Commissioner’s Office (ICO).
The lending services we offer make us data controllers. This means that we determine the purposes and means of processing your personal data.
As data controllers, we have certain responsibilities under General Data Protection Regulations (GDPR) to inform you of the personal data we may collect, why we collect it, how we process it and who it may be shared with.
This policy sets out our obligations under GDPR and the rights of people whose personal data we may collect.
If you require any further information or wish to request details on the information we hold for you, please contact our Data Protection Officer either by email or by post.
Black & White Bridging, Bury Manor Offices, Woodcroft Lane, Wick, Bristol, BS30 5SH
What is personal data?
Personal data is information relating to natural persons who:
- can be identified or who are identifiable, directly from the information in question; or
- who can be indirectly identified from that information in combination with other information
For more information on what constitutes personal data, please visit the ICO website using the following link ico.org.uk.
Why we may collect your personal data
We will only collect and use your personal data for a limited number of reasons:
- You have subscribed, whether online or by any other method, to join our marketing database(s) to keep informed of different products we offer and general marketing
- You have applied for a product with us for which we need to collect information about you in order to provide you with, or continue to provide you with those products
- Someone that has applied for a product with us has indirectly supplied information about you as part of an application process
- To comply with compliance and regulatory requirements where required
The nature of this relationship will determine what data we collect, and how we may use it.
How we may collect your personal data
Personal data may be collected either directly from you, or from third parties with your express authorisation.
Examples of how we may collect personal data from you directly are:
- By signing up to a marketing list either through our website, over the phone, or by any other means
- By applying for a product with us, whether in writing, verbally or digitally, either through our website (for example, a contact us form), by e-mail, instant message, post or verbally
- By contacting us to let us know your details have changed
Examples of how we may collect your personal data indirectly are:
- Through an intermediary, such as a credit broker
- Through an introduction to us by other third parties, such as professional accountants, solicitors, valuers, lenders or other advisors
- If another person provides your personal data when they apply for a product with us (for example, if you are a director, guarantor, or beneficiary to an applicant)
- Through external agencies such as credit reference agencies, fraud prevention agencies, ID verification agencies, and any other agencies we use to ensure compliance with the law, regulations and our lending criteria
- Third-party databases, whether private or public, such as Companies House, Land Registry or the Electoral Roll
- Through a business, portfolio or other acquisition, merger or joint venture if you have or had a product with that entity
- Through an app or any other communication channel or platform where, with your consent, your personal data has been shared with us
If relevant, that party should advise you that credit reference, fraud prevention and other reference agency checks will be performed before we consider your application more fully and that your personal information is being shared with us for the purposes and uses set out in this policy.
If you were not given notice, please let us know by contacting our Data Protection Officer.
What personal data we may collect
We will only collect personal data that is needed for business reasons.
When you join our marketing databases only, we may collect the following personal data:
- Your name
- Your address or location
- Your contact details such as email address(es) and phone number(s)
- Your marketing preferences
- Any other personal data that you may input and provide
When you apply for, or take out, one of our products we will collect the following personal data:
- Your name
- Your current and previous address(es)
- Your date of birth
- Your marital status
- Your contact details such as email address(es) and phone number(s)
- Details of your financial profile including banking information, your assets, liabilities, income and employment
- Your credit history including your credit score and associated information
- Your ID documents and other relevant details required to establish your identity
- Details of any court proceedings or judgements against you
- Details of any criminal convictions
- Any other relevant information pertinent to a product application and our underwriting of it
- Any other information required to ensure performance of any contracts with us
When someone else has provided us with your personal data, what we hold depends solely on the type and form of the information given to us. The use of this personal data will comply with this policy and the law.
Who we may share your personal data with
Your personal data may be shared with the associated companies within the Black & White Bridging brand. This includes being stored on data servers owned or leased by one or more of the associated companies.
Your personal data may be shared with external data processors to assist us in providing you with our products.
We may provide your personal data collected as part of an application or contract with the following third-parties:
- Credit reference agencies
- Fraud prevention agencies
- ID verification agencies
- Mortgage application databases
- Other agencies that we may use from time to time to ensure compliance with the law, regulations and our lending criteria
- Public registers such as Companies House and Land Registry
- Statutory bodies such as regulators, crime agencies, the police, or the courts
- Industry bodies and associations
- Our bankers and funders
- Our assignees and transferees (if your loan is assigned or sold by us to another party)
- Our professional advisors such as surveyors, solicitors, accountants and auditors
Credit reference agencies
These agencies maintain credit profile data on consumers and businesses.
When you apply for a product with us, your details may be shared with a credit reference agency so that we can view your credit history and profile.
Your credit profile provides data on loans, credit accounts, personal finance and utilities that you have or have had in the past. Your profile may disclose how well payments are managed, along with details of defaults.
We may provide information on the products you have applied for, as well as the amount of credit.
We may share details of products you have with us, including your balances and repayment profile, for inclusion on your credit profile.
An association between you and any joint applicant may be created at the credit reference agency. This may link your financial records, each of which may be taken into account in all future applications by either or both of you
If an association already exists then your application will be assessed with reference to these associated records. This situation will continue until one of you successfully files a disassociation at the credit reference agency.
Fraud prevention agencies
We have obligations to help prevent fraudulent activities, including identity fraud, transaction fraud and money laundering.
We may share your personal data with different fraud prevention agencies, who may then use your personal data to search multiple databases designed to hold data on fraudulent individuals and activities.
ID verification agencies
These agencies will analyse ID documents along with your biometric data, and cross reference them with other data, whether or not provided by us, to validate their authenticity.
We may share your ID documents and other personal data with these agencies to authenticate your identity.
This is again part of our legal and regulatory requirements.
Mortgage application databases
These databases hold data on previous mortgage applications made with other lenders.
We may submit your application form data to these agencies for them to perform a search match against your details and identify any discrepancies.
Your application form data may be available to other financial institutions who use these databases and with whom you submit other applications for finance.
We may use other agencies from time to time to ensure compliance with the law, regulations and our lending criteria as this may change.
Public registers hold records and information that may be required by law.
Public registers that we often deal with are Companies House, which holds records of company information in the UK, and the Land Registry, which holds records of property ownership and interest in the UK.
We may be required to provide your personal data to these public registers in order to comply with the law, and to register our financial interests.
This includes registering our mortgages, and the requirements of our bankers and funders.
We may be requested by statutory bodies such as the National Crime Agency, police forces, Serious Fraud Office or FCA to provide specified personal data on their lawful request for information.
This is done on a confidential basis and, through legislation, you will not be entitled to be informed of when this transfer of data has occurred.
Details of what data we have submitted to these entities are also exempt from disclosure under a Subject Access Request.
Industry bodies and associations
We hold membership with various industry bodies that help represent similar businesses.
They generally also provide governance for their members to ensure good industry practices and codes are being followed.
They may also operate as a dispute resolution scheme if you have raised a complaint or issue against us.
Only in these circumstances may we share your personal data with them, and only on a basis specific and proportionate to the complaint.
Our bankers and funders
Like many other lenders and businesses, we borrow money in order to support our operations. Funding can take different forms and structures.
Your personal data may be shared with our bankers and funders in order for them to assess our compliance and performance with any funding arrangements we may have with them.
We will always anonymise and aggregate personal data where possible, and the personal data we do share will be limited in scope to the specific requirements only.
Our assignees and transferees
If we have assigned your loan to another party, your personal data will be shared with this party, as they will become a Data Controller.
If we continue to manage your loan after any assignment, we may continue to hold and process your personal data as a joint Data Controller, in line with this policy.
Our professional advisors
Your personal data may be shared with our professional advisors such as surveyors, solicitors, accountants, auditors or other professional services.
We rely on these professional advisors throughout our underwriting process, and for performance of your contract with us.
The personal data we share with our advisors is only enough sufficient for them to perform their service to us.
How we comply with data protection laws?
Data protection laws require that we meet certain lawful grounds before we are allowed to use your personal data in the manner described in this policy and that we explain these legal grounds to you.
To use your personal data, we will rely on the following lawful grounds, though more than one ground may be relevant to each example of our processing:
If you have applied for (whether directly or indirectly) or taken out a product with us, we may process your personal data to the extent required for us to provide you with services related to products that you have obtained or intend to obtain from us in accordance with its terms.
We may process your personal data where this processing is in our legitimate interests.
Examples of this may include:
- Assessing the risk to us when offering you products and services
- Verifying your identity to detect and prevent fraud, which may adversely affect our business
When applying this area, we are required to carry out a balancing test of our interests in using your personal data (for example, in order to improve our products and services), against the interests you have as a citizen and the rights you have under data protection laws (for example, to not have your data sold to third party marketing company without your knowledge).
We will always act reasonably and give full and proper consideration to your interests in carrying out this balancing test.
Where there is a legal requirement upon us to record, retain or share your personal data with authorities or regulators, we must do so.
Substantial Public Interest:
Where you have a health issue and we are notified about that issue by you or by someone else, we may record this sensitive personal data where it is necessary for reasons of substantial public interest.
This is to allow us to comply with the Equalities Act 2010 and make reasonable adjustment for you if required.
Where you have provided your consent, we may rely on this consent to use your personal data in certain ways.
When we discuss product requirements with you, we do so on the basis that both parties are wishing to enter into a contract for the supply of services.
In order to perform that contract, and to arrange the product(s) you require, we will use your personal data for the purposes set out in this policy.
A cookie is a piece of data that a website transfers to the internet browser on your computer’s hard disk, which lets the website remember who you are. It will usually contain a unique, randomly generated, number that does not personally identify you.
Session cookies stay in your browser only until you close it. Persistent cookies stay in your browser for longer. How long depends on the lifetime of the relevant cookie.
Most websites will employ cookies for this purpose. They cannot be used by themselves to identify you, and we will not attempt to use them for this purpose.
When you first use our website, you will have the option to choose which cookies you would like to use. After this, you may disable cookies by changing the settings on your browser.
For more information about cookies and manging them, visit www.allaboutcookies.org.
How we comply with data protection laws?
We use session cookies to allow you to carry information across pages and avoid having to retype it.
We may use persistent cookies so we can recognise your number (but not identify you further) when you return to our website to arrange and edit or personalise the content to best match your requirements.
Third parties, such as search engines, may also serve cookies through this website. They may be used to put together statistics to help understand how people use the site, or to check whether and how often particular content is being viewed.
Data protection legislation provides you with express rights to control your personal data.
Your right to object or request erasure of the personal data we hold
You may object to us holding or processing your personal data and/or request that we remove this data from our storage.
Where you have taken out a product with us, we may have an obligation to retain your information in order to assure the performance of the contract.
We may also need to keep some of your personal data for a period of time decided and set elsewhere in the policy.
Please contact the firm’s Data Protection Officer if you wish to object or request to erase your data.
Your right to correct your data
Where you or we become aware of an error in the personal data that we process or hold, you have a right to have that data corrected.
You can inform our Data Protection Officer of any errors that need to be corrected.
Your right to correct your data
You have the right to request either the details of the personal data we hold on you or to request a copy of this. We are obliged to provide this to you within 30 days of receipt of your request.
Please contact the firm’s Data Protection Officer to request this.
Your right to data portability
You have the right to request that the personal data we hold is passed to another Data Controller for their use on your behalf in a machine-readable format.
Please contact the firm’s Data Protection Officer if you wish to request this.
Your right to complain
You have a right to complain about how and why we process, or any errors we have made in the processing of, your data.
All complaints should be made directly to our Data Protection Officer in the first instance.
If we are unable to satisfy your complaint, you can also contact the Information Commissioner’s Office:
ICO, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
0303 123 1113
We will only retain your data for as long as is necessary. The retention period will be determined by various criteria, including:
- The purpose for which we are using it, and how long we expect to need to use it for
Laws or regulations may set a minimum period for which we have to keep your personal data, for example the holding of accounting and tax records
We understand the importance of safeguarding the information under our control and endeavour to take all reasonable steps to protect it.
Our data servers, both in-house and outsourced, are located within the UK and EEA.
Your personal data may be stored or processed outside of the UK or EEA from time to time.
Where this does take place, we will take all reasonable steps to ensure this is done in compliance with the law.
Changes to this policy
We may update this policy from time to time. To ensure that you are always up to date, please check our website regularly at blackandwhitebridging.co.uk