Privacy Policy

Introduction
When you register with us or ask us to provide you with any of our products or services, you are agreeing that we may handle your information in accordance with this Privacy Policy and other associated policies relating to the protection of personal and sensitive data.

We use your information only in accordance with this Privacy Policy and take all necessary steps to ensure we keep your information secure.

This policy should be read carefully along with our Terms & Conditions; by accessing our website you confirm that you have read, understood and agreed to them. By using and browsing our website, you consent to cookies (where appropriate) being used in accordance with our Cookies Policy. If you do not consent, you must disable cookies or stop using our website. 
How we collect your information

We will collect your information when you register with us, when you ask us to provide you with any of our products or services, when you speak with us over the telephone, when you write to us and when you visit our website. We may use cookies to collect information about your use of our website.

The personal information taken such as name, address, date of birth, email address, country of birth, passport details, driving licence details and other identifying information is obtained when you register with us for the supply of services, transact either in branch or online or if you are being employed by any of the NoteMachine Group of companies.

How we use your information
Employment checks
All employees of the Company are subject to the pre-employment checks such as references and may be subject to credit scoring, SIA licence and DBS checks.  These checks are conducted due to the nature of risk associated with the type of business that we operate and that we operate within a highly regulated industry.

Registration and administration
We use your information to enable you to register your interest with us and, once your registration is complete, for the administration of your account, to contact you, to update our records about you, and to respond to and process your queries and requests. All personal information is checked against an independent system that reviews the electoral register and other databases to validate your identity.  All data that we collect is held on servers located within the EEA and are kept secure and personal and sensitive data is only accessed by authorised personnel.

Our products and services
NoteMachine Group use your personal information so that we can provide you with products and services which you use, may be relevant, similar products or services which we think may be of interest to you (if you have opted in to receive such information) and to meet our contractual obligations to you. This may include information concerning promotions or offers which could benefit you. We also use your information to notify you about changes or developments relating to our products and services that you use. 

We might contact you by mail, telephone, email, or text unless you have asked us not to. If you are a registered customer, we may also display personalised advertising to you when you use our online account service and mobile app. You can change your preferences at any time by calling us, writing to us, contacting your local branch or by updating them online. If you do opt out, you may still see some generic, non-personalised advertising when you are using our online services.
We will not provide information about you to companies outside our Group to use for their own marketing purposes unless you have given us your consent to do so.

Monitoring
We record and may monitor and use transcripts of our telephone calls with you in case we need to check we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve the quality of our service and to help to detect or prevent fraud or other crimes.  Conversations may also be monitored for staff training purposes.

The details expressed in this website and accompanying documents or transmissions are for information purposes only and are not intended as a solicitation for funds or a recommendation to trade. NoteMachine Group accepts no liability whatsoever for any loss or damages suffered through any act or omission taken as a result of reading or interpreting any of the information contained or related to this site. Before you register or transact with us you should read this Privacy Policy. 

Profiling
Profiling’ is the use of personal information to predict an individual’s behaviour, such as their performance at work, economic situation, personal preferences, interests, reliability, behaviour, location or movements etc.  

We may use your personal data to carry out marketing analysis, for example we look at what you have viewed on our sites and apps and what products and services you have bought to better understand what your interests and preferences are, and to improve our marketing (if you have opted in to receive such information) by making it more relevant to your interests and preferences. For statistical purposes such as analysing the performance of our sites and apps and to understand how visitors use them and where they are used.

Data sharing
NoteMachine Group
We may share your information with other members of the NoteMachine group of companies where we need to do so to provide you with any of the products or services you have requested or where you have asked us to do so.

Your instructions
We may share your information with anyone (for example, an agent) who you have told us or who we are otherwise aware is acting on your behalf, or who introduces you to us, or who you have asked us to contact.

Prevention and detection of crime
NoteMachine Group and our products and services are subject to The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, The Criminal Finances Act 2017 and regulation by HM Revenue and Customs. Some of our products and services are also subject to regulation by the Financial Conduct Authority ("FCA"). We may be required by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, The Finances Act 2017, by HM Revenue & Customs, by the FCA or other regulatory bodies, by the Police or other law enforcement agencies (for example, in connection with criminal prosecutions, money laundering or fraud investigations), by order of a court or otherwise by law to use your information in the detection, prevention or prosecution of crime, tax evasion, fraud or audit purposes.

Credit controls or debt collection agencies
We may share your information with credit control or debt collection agencies, for example, if you owe us money and we engage their services to recover it from you.

On a business sale or purchase
If we decide we want to sell our business or receive an offer to buy our business we may have to share your information with a prospective purchaser and their legal, financial or other advisers. In these circumstances, we will take appropriate steps to ensure that your information is properly protected.

Others
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless explicitly requested by you. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. You may sometimes ask us about, or we may sometimes ask you if you are interested in, products or services which we are unable to provide but which someone else we know (“NoteMachine Group contact”) may be able to provide (for example, travel or financial services). We will never pass your information to a NoteMachine Group contact unless you have asked us to do so. Please note that we are not responsible for and cannot be liable to you for any products or services of any NoteMachine Group contact or any acts or omissions of any NoteMachine Group contact.

Your information will be passed to third parties for the purpose of validating identity and for the completion of credit references and DBS checks for employees of NoteMachine Group of companies.

Data Protection Act and your details
We are required to handle information which we hold about you that is capable of identifying you (either alone or with any other information we may hold about you) in accordance with the Data Protection Act 2018 (“the Act”), which regulates the use of “personal data” in the United Kingdom.
You have the right under the Act to ask us in writing (Subject Access Request) for details concerning the "personal data" we hold about you, including a description of that data, the purposes for which it is being used and to whom that data has been or may be disclosed. We may charge you an administration fee for providing additional copies of information and depending on the volume requested.

You have the right to object to direct marketing (including profiling) by contacting the Data Protection Officer (details can be found in the ‘How to Contact Us’ section of this policy), but we would only market to you if you have opted in to receive information on our products and services. 
The personal and sensitive information that we hold should be accurate and kept up to date.  Please keep us informed of any changes to your information and please be assured that you can delete or correct any information either by visiting your registration online, by email or writing to the Data Protection Officer (details can be found in the ‘How to Contact Us’ section of this policy). 
Retention

NoteMachine Group will retain your details for as long as they are needed for the relevant purposes listed under the ‘How we use your data’ and the ‘Data Sharing’ section of this notice. The Company may also retain certain records for other legitimate reasons (including after your relationship with the Company has ended), for example to resolve any potential disputes, cross-check against future applications and to comply with other reporting, legislative and retention obligations.When your personal information is no longer needed as defined by our Retention Policy it will be permanently deleted from our databases.

Information Sharing Outside of the UK
The nature of our products and services means that we may need to share your information with people or businesses based in countries outside of the United Kingdom. All countries in the European Economic Area (EEA), which includes the UK, have similar standards of legal protection for your personal information. We may run your accounts and provide other services from centres outside the EEA (such as the USA and India) that do not have a similar standard of data protection laws to the UK. If so, we will require your personal information to be protected to at least UK standards.  We may process payments through other financial institutions such as banks and the worldwide payments system operated by the SWIFT organisation if, for example, you make a CHAPS payment or a foreign payment. Those external organisations may process and store your personal information abroad and may have to disclose it to foreign authorities to help them in their fight against crime and terrorism. The countries to which we may need to send your information would normally be obvious to you. For example, if you have instructed us in connection with a purchase of a property in France then we will usually be dealing with people or businesses based in France (which may include banks, lawyers and estate agents) that are connected with the purchase in order to fulfil our contractual obligations to you.

In many instances we will be dealing with people or businesses which you have asked us to deal with or who you already know or who already know you.

If these are based outside the EEA, your personal information may not be protected to standards similar to those in the UK.

Information security
We use industry-standard products to protect your personal data held on our servers and ensure that any third parties, with whom we share your information, has the same level of protection.

Children’s Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act) and we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

Automated decision making 
Whilst we currently use some automated systems that are designed to assist us in identifying individuals for employment and transacting purposes we ensure that any automated decision is always reviewed by the business and arbitrated with human intervention. 

Your Consent
By using our site, you consent to our online Privacy Policy.

Cookies
In general, you can visit NoteMachine Group websites without identifying who you are or revealing any information about yourself. However, cookies are used to store small amounts of information on your computer, which allows certain information from your web browser to be collected. Cookies are widely used on the internet and do not identify the individual using the computer, just the computer being used. Cookies and other similar technology make it easier for you to log on to and use our websites during future visits.

To access our Cookie Policy, please visit the Cookies page.

Changes to our policy
This policy replaces all previous versions and is correct as of July 2019. We reserve the right to change the policy at any time. You should check our website periodically for any changes which may affect you.

Your right to lodge a complaint with us and the supervisory body
If you are unhappy with any response to a Subject Access Request or to how you believe your data is being handled by the Company after we have tried to resolve your concerns then you have the right to take your complaint to the relevant supervisory body.  You can find out more about the Act and your rights by visiting the website of the Information Commissioner at https://ico.org.uk. The Information Commissioner's Office can also be contacted by telephone on 0303 123 1113.

How to contact us
If you have any questions about our Privacy Policy or the information that we hold about you, please contact us in writing by email at datacontroller@notemachine.com or by post to the Data Protection Officer to: NoteMachine Group, PO Box 435, Stevenage, Hertfordshire SG1 9GA
© 2017 NoteMachine Group | Registered in England & Wales 
Registered Office: Russell House, Elvicta Business Park, Crickhowell, Powys, NP8 1DF

NoteMachine – Registered No: 01359357
Eurochange – Registered No: 02519424
NM Mortgages – Registered No: 05336870
TestLink – Registered No: 02598460

This policy was approved by the Board of Directors and is issued on a version controlled basis under the signature of the Chief Executive Officer (CEO).