Spring Finance is a trading name of Spring Finance Group Ltd (1234567) Spring Finance Ltd (03709012) SF 11 Ltd (07731478) and SF 13 Ltd (08273729) all of which are registered in England and whose registered office is at Kinetic Business Centre, Theobold Street, Elstree & Borehamwood, Herts, WD6 4PJ (“we”, “us”, “our” “Spring”) is committed to protecting and respecting your privacy.
This privacy notice will explain what information we collect from you, what we do with your information as well as providing it to our third parties and how we secure and store your data. Spring is required to process your personal data both fairly and lawfully. Spring is the data controller of your personal information. If you require any further information or wish to contact us or our Data Protection Officer at any time our contact details are:
Kinetic Business Centre
Elstree and Borehamwood
Herts WD6 4PJ
How we use your information
We use your data provided by your broker, yourself and credit reference agencies and open source data:
Collecting data – when you, or someone acting on your behalf, make contact
By phone – We may use call number identification to recognise who is calling us and to have a short term record of calls received. We record calls for training, monitoring and record-keeping purposes. We will capture the information that you give us for our records to deal with your enquiry and process it in accordance with our processing basis as set out below.
By email – If you send us an email that is not encrypted any personal data within it may be at risk. We will capture and process the information in the email for our legitimate interest and legal purposes as set out below. When we send emails we encrypt some emails or their content in order to protect personal data.
By post – When we receive an enquiry or a paper application it will contain personal information for applicant(s) and possibly other parties in connection with the property(ies).
Providing information to us on other people including via brokers
In providing information to us about other people you warrant that you have their permission to give us their data and that you have provided them with our privacy notice so that they are aware of the basis on which we will process their information. We store information provided to us in both electronic and paper-based systems.
Parties we may obtain information from
We may obtain information from:
You, someone acting on your behalf or someone associated with you such as your spouse, any joint mortgage holders, or other financial associates
Your employer and past employers (if required)
People who introduce you to us (brokers)
Your professional advisers
We may also obtain information about you from other providers such as:
credit reference agencies (see below),
fraud prevention and search agencies,
via google and other websearch tools,
other providers of public information services such as land registry.,
your mortgage lender or other credit provider
We only do this when we are considering whether or not to offer you a loan or manage any loan offered.
We may capture sensitive data about you with regards to your or a related persons health if you advise us of an issue that we may need to take into account in dealing with your loan or dealing with you as a member of staff. We will ask you for your consent to hold this information but may retain this information where it would be in your best interests for us to do so or to protect us from a claim.
Basis of processing data and who we share your data with
We will hold and process your data for the performance of a legal purpose in order to:
Meet our legal obligations
Help identify you and meet our anti-money laundering obligations
Supply information to any government body, regulatory authority, law enforcement agency as required and to credit and fraud prevention agencies
By consent – Marketing
We will only use or permit third parties to use your personal information for marketing purposes if you have consented to receive marketing communications from us and in accordance with your marketing preferences, or if we are otherwise entitled to do so by law. You can opt out or withdraw your consent at any time by contacting us at firstname.lastname@example.org
Our site may in future contain links to other parties or associates. They will be responsible for their own privacy notices and their policies and Spring will have no responsibility for other parties.
Disclosure of your information
We may disclose your personal information to third parties which may include the following:
Insurers, auditors, solicitors, professional advisors, funders or investors, brokers, persons providing services to Spring Finance Limited or who are involved in the loan application or in the servicing and management of your loan, including credit reference agencies, on processing information and security. The information we provide them will only be provided in connection with and to administer your accounts, and any products or services which we provide you, or about which you have enquired.
Any prospective or new owners, funders or investors in all or any part of our business including any organisation that may take an assignment or transfer of any agreements we have entered with our customers.
Any government bodies or agencies, law enforcement agencies or regulators to meet our legal obligations and to exchange information with other third parties for the purposes of fraud prevention and credit risk reduction.
Credit Reference Agencies
To process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). To do this, we will supply your personal information to CRAs and they will give us information about you.
This will include information from your credit application and about your financial situation and financial history.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt.
This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the Credit Reference Agency Information Notice (“CRAIN”). CRAIN is accessible from the CRAs – clicking on any of these three links will take you to the same CRAIN document:
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
Retention of your personal information
We will retain information for our legitimate interests and legal purposes as follows:
Loans advanced – up to 6 years after the loan has redeemed but may be longer where legal action has been taken or is pending
Enquiries and applications for loans not advanced – up to 6 months from the date the enquiry or application is marked not proceeded with – may be longer where a fraudulent application is made. We may also need to keep any anti-money laundering information gathered for a period of up to 5 years
Intermediaries – up to 6 years from the end of our relationship
Professional advisers, contractors and third party advisers – up to 6 years from the end of our relationship
Staff records – up to 5 years from the time of termination of employment or final actions, e.g. tribunals, unless there are ongoing legal actions or other issues such as criminal activity
Where you have consented to marketing we will retain your contact information for marketing purposes until such time as consent is withdrawn.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “How to contact us” heading below.
In accordance with our obligations under Data Protection Laws, to prevent unauthorised access to or disclosure of your personal data (including card payments), maintain data accuracy, and ensure the appropriate use of your personal data, we have put in place appropriate electronic and managerial procedures to safeguard and secure the personal data we collect online.
However, there may be instances where the transmission of information via the internet, including any online enquiry forms you submit to us and/or information, is not completely secure. We cannot guarantee the security of your data transmitted to the website so you are sending us your personal data at your own risk. Once we have received your personal data, we will use the steps detailed above to protect it.
You should be aware of inherent risks in transferring personal data over the internet. For example, if you send us an email from your private mailbox, we cannot guarantee the security of the content. For that reason, please do not send to us an unsecured e-mail with confidential information such as bank account numbers, or any sensitive personal data.
Fraud Prevention Agencies
We may need to confirm your identity before we provide products or services to you or your business.
We may share your personal information as needed to help detect money-laundering and fraud risks. We use Fraud Prevention Agencies (FPAs) to help us with this.
Both we and FPAs can only use your personal information if we have a good reason to do so. It must be needed either for us to obey the law or regulations, or for a ‘legitimate interest’.
We use the information to:
Help prevent money laundering and fraud.
Fulfil any contracts you or your business has with us.
We or a FPA may allow law enforcement agencies to access your personal information. This is to support their duty to detect, investigate, prevent and prosecute crime.
FPAs can keep personal data for different lengths of time. They can keep your data for up to six years if they find a risk of money-laundering or fraud.
Below are examples of the personal data that is used:
Date of birth.
History of where you have lived.
Contact details, such as email addresses and phone numbers.
Data relating to your or your business’ products or services.
Data that identifies computers or other devices you use to connect to the internet. This includes your Internet Protocol (IP) address.
We and FPAs may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you or your business. Either of these could indicate a possible risk of fraud or money-laundering.
If we or a FPA decide there is a risk of fraud, we may stop activity on the accounts or block access to them. FPAs will also keep a record of the risk that you or your business may pose.
This may result in other organisations refusing to provide you with products or services, or to employ you.
FPAs may send personal information to countries outside the European Economic Area (“EEA’). When they do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include following international frameworks for making data sharing secure
Cookies and similar tracking technology
You have the right as an individual to request details on the information we hold on you and to ask us to correct any information which may be inaccurate. To exercise your right please contact us and ask for a Data Subject Access Request and the information you require.
You are also able to exercise your right to be forgotten. This does not mean we will have to automatically delete all information held on you as we may still need to keep appropriate information in order to meet our legal obligations and for our legitimate interests.
There are other rights which, due to the basis on which we process data, you may not always be able to exercise. These include:
To restrict the processing of your data
To provide your data in a portable format
To object to the processing of your data
You might also wish to complain about the way in which we have processed your data.
To exercise your rights or to make a complaint please contact us:
Post: Kinetic Business Centre, Theobald Street, Elstree and Borehamwood, Herts WD6 4PJ.
You also have the right to make a complaint to the Information Commissioners’ Office. You can make a complaint to them via their website https://ico.org.uk/make-a-complaint/ or by calling them on 0303 123 1113.
Changes to this privacy notice
We may review our privacy notice from time to time.
Thank you for your request, one of the team will call you.