Data Protection Law – including the application of the General Data Protection Regulation (GDPR)
The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
1. The data controller
PPI Advice Ltd are committed to protecting and respecting the privacy of anyone who chooses to use our websites, or our company services. Our two websites are:-
This policy (and any other documents referred to in it) sets out the basis on which any personally identifiable information (“personal data”) we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our practices regarding your personal data and how we will treat it. By visiting our websites, you are consenting to the practices described in this policy.
Whilst every effort has been made to ensure that emails are secure, we are not able to guarantee the security of any information you submit via an email. This is because emails are not an entirely secure medium of communication.
Providing your personal details via our websites is safe as the information that is sent to us is encrypted. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. To be able to create an SSL connection a web server requires an SSL Certificate. The encryption service connected to our websites has an SSL Certificate.
Under UK data protection legislation, you need to be aware of the data controller and we confirm the data controller is PPI Advice Ltd.
PPI Advice Ltd is a limited company registered in England and Wales under company number 8762916 and our registered office address is: –
PPI Advice Ltd, 11A Woodside Road, West Moors, Ferndown, Dorset BH22 0LY
Our Registration number with the Information Commissioner is ZA028022
2. The Information we collect
Our websites allow you to complete and submit an online form, to express your interest in our services. We request personal data from you such as your name, address, past addresses, date of birth, telephone number, email address, lenders with whom you arranged finances and the credit types you have held in the past.
We need this information so that we may contact you about our PPI reclaim services and provide the required forms to commence the claims process. If you submit your data via the online submission form located on our websites, your data will be stored securely and used by us to contact you and send the application forms.
The application forms are dated and expire after 6 months. We will advise you by email, or letter, if your forms are about to expire or have expired. This service, warning of the impending expiry date, is designed to prevent you from purchasing postage unnecessarily.
3. The way we use and process your information
We use personal data held about you in the following ways: –
To ensure that content shown on our websites is presented in the most effective manner for you and for your devices.
To conduct Claims Management Services
To carry out our services and any other obligations arising from any contracts that may be entered into between you and us, such as disclosing your personal data to third parties; for example, financial institutions and lenders, the Financial Ombudsman Service, the Financial Services Compensation Scheme, our Regulators, and any third-party service providers.
To obtain your interest in products and services that we may be able to offer or arrange. Products and services can include:-
Claims Management Services for mis-sold Payment Protection Insurance, mis-sold Packaged Bank Accounts, Future Planning such as Wills, Funeral Plans, Non-Underwritten Life Cover, Financial Products, Debt Assistance, Unsecured Lending, Re-Mortgage Facilities, Equity Release and other products and services. We may ask you about your interest in these products to gain your consent to future marketing. Where you have an existing relationship with us, we may contact you under our legitimate interests to offer products and services. We will only do this where we think it reasonable to do so and have carried out an assessment. You can object at any time from receiving any marketing and we will abide by your request. Please see Section 6 below.
To notify you about changes to our service.
To comply with our legal obligations.
To administer our websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, to follow-up visitors to ensure they have valid forms and information.
To keep our websites safe and secure.
We may employ other companies and individuals to perform functions on our behalf. Examples may include areas such as analysing data and providing marketing assistance. Such companies and individuals may have access to personal information needed to perform these functions but shall not use the data for any other purposes and are required to process the data in accordance with the UK Data Protection law including GDPR from 25th May 2018 and beyond.
4. Cookies used on our websites
Cookies are small files saved to your computer’s hard drive that track, save and store information about your interactions and use of our websites. This allows the website, through its server, to provide you with a tailored experience within the website. You are advised that if you wish to deny the use and saving of cookies from our websites on to your computer’s hard drive you should take necessary steps within your web browsers security settings to block all cookies sent from our websites and their external serving vendors.
Other cookies may be stored to your computer’s hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may remain for a longer period of time. No personal information is stored, saved or collected.
5. Social Media Platforms
Communication, engagement and actions taken through external social media platforms, that our websites participate on, are custom to the privacy policies held within each social media platform respectively.
Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regards to your own privacy and protection of personal details. Our websites will never ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
Our websites do not currently use social sharing buttons which help share web content directly from web pages to social media platforms, such as Facebook, Twitter and other social media platforms.
You should be aware that social media platforms are likely to be collecting information about what you are doing whenever you use the internet, including visit to our websites. You are advised before using such social sharing buttons that you do so at your own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
In some cases, social media platforms will register that you are visiting either of our websites and the specific pages you are visiting, even if you don’t click on the buttons but are logged into their services. You should check the social media platforms and internet search engines respective privacy policies to find out what they do with your information and to find out how to opt out or delete such information.
6. The Legal Basis for Holding Your Data
The law on data protection includes different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent.
For example, when you complete an online form located on one of our websites.
When collecting your personal data, we’ll always make clear to what data is necessary in connection with a particular service, and you can always choose not to provide the details we have requested. Although taking this action is likely to end the Claims Process.
In certain circumstances, we need your personal data to comply with our contractual obligations.
For example, if you request us to send you the application forms to start the reclaim process or to liaise with your past lenders.
If the law requires us to, we may need to collect and process your data.
For example, we can pass on details of people involved in fraud or other criminal activity to relevant law enforcement organisations.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of providing a Claims Management Service and which does not materially impact your rights, freedom or interests.
For example, we may ask you to provide proof of your current address and proof of your identity. This happens when a lender no longer has your current address in their records, or you have changed your name, and it may also apply if your usual signature has changed or does not match that held on their records.
We may also use your home address details and email address to send you direct marketing information by post or email so that we can advise you about products and services that we think might be of interest to you.
7. Your Data and Your rights
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by contacting us. Our details are as undernoted:-
Telephone: 01202 855 257 and from overseas 0044 1202 855 257
Letter: PPI Advice Ltd, 11A Woodside Road, West Moors, Ferndown, Dorset BH22 0LY
If you request information from us but decide not to use our service, your personal data will be automatically deleted after 60 months. If you do use our Claims Management Service, we are required by law to retain your personal data for as long as is reasonably necessary to comply with our statutory and contractual obligations. You have the right to request we delete your data from our records subject to our statutory and contractual obligations. This is known as the right to be forgotten.
You also have the right to access information held about you. Your right of access can be exercised in accordance with current Data Protection legislation. An access request will be provided free of charge. Any further or subsequent copies may be subject to a fee to meet our costs in providing you with details of the information we hold about you.
You have the right to rectification, which means that the personal information we hold about you can be rectified, if any of its detail has been logged or processed incorrectly. If you would like us to make any amendments to the data we hold, please contact us at: email@example.com
If you have any concerns about the way we process your data, you can contact us using the above details, or in writing to:
The Data Protection Officer
PPI Advice Ltd
11A Woodside Road
8. Policy changes
9. Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites)
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence. Details can be found in Section 10 below.
10. If you live outside the United Kingdom
This Privacy Notice is only available in English and in case of any dispute about its meaning, the English version will take precedence.
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us, or on your behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
Sometimes we’ll need to transfer your personal data between countries to enable us to supply the services you’ve requested. In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the UK.
By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes.
This may occur because our information technology storage facilities and servers are located outside your country of residence and could include storage of your personal data on servers in the UK.
We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.
We’ll ensure that any third parties process your personal data only in accordance with their legitimate interests. These third parties may be subject to different laws from those which apply in your country of residence. Please note that we do not take active steps to ensure that any overseas recipient of your personal data complies with the laws which apply in your country.
For the purposes of this Privacy Notice, ‘personal data’ means any information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information or opinion is true, and whether or not the information or opinion is recorded in a material form.
If you live in Australia you may submit any questions, comments or complaints to our Data Protection Officer, Mr Carl de Lima, who will reply to you within 30 days with a written reply.
If you are contacting us to complain about an alleged breach of this Privacy Notice or our legal privacy obligations, please provide us with as much detail as possible in relation to your complaint.
We will take every privacy complaint seriously and assess it with the aim of resolving all issues quickly and efficiently. We would be grateful for your cooperation with us during this process by providing us with any relevant information that we made need.
If we have not come back to you within 30 days, or you are not happy with the response that you’ve received, you may submit a complaint to the Office of the Australian Information Commissioner.
We are committed to keeping your personal information secure and will take all reasonable precautions to protect it from loss, misuse or unauthorised access or alteration. However, except to the extent liability cannot be excluded due to the operation of statute, we exclude all liability (including in negligence) for the consequences of any unauthorised access to, disclosure of, misuse of or loss or corruption of your personal information.
Nothing in this Privacy Notice restricts, excludes or modifies or purports to restrict, exclude or modify any statutory consumer rights under any applicable law including the Competition and Consumer Act 2010.
To learn more about our cookies and website ‘track’ and ‘do not track’ practices please see our Cookies Policy as covered in Point 4 above.
As your data may be transferred to third parties outside Canada, local police or other enforcement, regulatory or Government bodies may have access to that data, with or without our knowledge.
The personal data we process may be accessed by people within our company, or by our third-party service providers, who require access for the purposes indicated in this Privacy Notice, or as may be permitted or required by applicable law. The personal data we collect is largely held in the UK.
If you have any questions, please contact our Data Protection Officer – Mr Carl de Lima.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal information, you have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada, or in some Canadian provinces, your local Privacy Commissioner.
South Korea, Malaysia, Singapore, Qatar
Terms used in this Privacy Notice shall have the meanings assigned to them by the Personal Data Protection Act 2010 (also known as the PDPA).
By becoming a client of PPI Advice Ltd, or browsing our websites and/or agreeing to receive digital direct marketing communications, you agree that we may process your personal data as described in this Privacy Notice and our Cookies Policy (see Point 4 above), including for analytics and research into website use.
When you agree to receive direct marketing emails from us, we may send you promotions about certain products we believe will be of interest to you.
If you live in Hong Kong you may submit a complaint to our UK-based Data Protection Officer – Mr Carl de Lima, who will reply to you within 30 days. If we have not provided a written reply, or you are not happy with the response that you receive, you may submit a complaint to the Office of the Privacy Commissioner for Personal Data.