1.2 We are committed to protecting your privacy on-line. This policy explains how we collect information, what we do with it and what controls you have.
2. Personal information we may collect from you
2.1 We may collect and process the following personal information about you:
- information (such as your name, email address, postal address and telephone number) that you provide by completing forms on the Site, subscribe to any service, upload or submit any material via the Site, or request any information;
- information needed to verify your identity and the fact that you hold a mortgage with us;
- in connection with an account sign-in facility, your log-in and password details;
- details of any payments made by you through the Site (but not card details – see section 5.2;
- communications you send to us, for example to report a problem or to submit queries, concerns or comments regarding the Site or its content; and
- information from surveys, promotions and competitions that we may, from time to time, run on the Site, if you choose to respond to, or participate in, them.
2.2 You are under no obligation to provide any such information. However, if you should choose to withhold requested information, we may not be able to provide you with certain services or register you as a user of this Site.
3. Uses made of your personal information
3.1 We use the personal information you provide to:
- enable us to provide you with the services and information offered through the Site and which you request;
- service your mortgage including applying payments made via this Site;
- contact you requesting feedback on the Site and related issues;
- send you information we think you may find useful or which you have requested from us, including information about our products and services, provided you have indicated that you do not object to being contacted for these purposes (or provided you have agreed that we may, in the case of electronic communications).
4. Information about Cookies Including Third Party Cookies
4.1 The Site currently only uses session cookies and persistent cookies to store certain information. Cookies are text files that a website transfers to your computer's hard drive to store and sometimes track information about you. Session cookies do not permanently store information and are not transferred to your computer's hard drive. Persistent cookies are stored on your computer's hard drive for a set length of time and although these cookies identify your computer, again, they do not themselves personally identify users.
- administer the Site and assist in diagnosing technical problems;
- identify new and return visitors to the Site;
- audit the accessing of resources and downloading of data from the Site;
- assist in improving and updating the Site; and/or
- assist in improving and developing our products and services.
4.3 Cookies that we use
4.4 Most web browsers automatically accept cookies, but if you prefer, you can change your browser to prevent this and your help screen or manual will tell you how to do this. You can learn more about cookies by visiting http://www.allaboutcookies.org/ which includes useful information on cookies and how to block cookies using different types of browser. However, you may not be able to take full advantage of the Site if you do so.
4.5 Third Party Cookies
Our website may contain links to other websites of interest. However, once you follow a link, we are not responsible for the privacy policies of the other sites even if you access the links from the Website. You should exercise caution and look at the privacy statement applicable to the website in question.
4.6 How to withdraw your Consent to Cookies / removing Cookies
If you want to find out more about cookies and how to manage and delete cookies from your computer you may wish to visit www.allaboutcookies.org/
5. Information sharing
We may share your information with:
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
- Credit reference agencies (CRAs) for the purpose of assessing your credit where this is a condition of us entering into a contract with you. The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the Credit Reference Agency Information Notice (“CRAIN”), a common statement developed by the 3 major CRAs. A copy of the CRAIN can be found in the document section of the website: www.kmc.co.uk/intermediaries/literature-documents . The CRAIN is also accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document: Callcredit (www.callcredit.co.uk/crain); Equifax (www.equifax.co.uk/crain); Experian (www.experian.co.uk/crain).
- Fraud prevention agencies (FPAs) for the purposes of preventing fraud and money laundering, and to verify your identity, where this is a condition of us entering into a contract with you. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
6.1 We place great importance on the security of all personally identifiable information associated with our users. We have security measures in place to protect against the risk of loss, misuse or alteration of personal information under our control. Our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal information. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.
6.2 You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via the Site whilst it is in transit over the internet and any such submission is at your own risk.
6.3 It is advisable to close your browser when you have finished your user session to help ensure others do not access your personal information if you use a shared computer or a computer in a public place.
7. Storage of your information
7.1 Information that you submit via the Site is sent to and stored on secure servers located in the United Kingdom. This is necessary in order to process the information.
7.2 Information submitted by you may be transferred by us to our other offices and/or to the third parties mentioned in the circumstances set out above (see information sharing), which may be situated in locations outside the European Economic Area (EEA) and may be processed by staff operating in those locations. The countries concerned may not have similar data protection laws to the EEA. Where we transfer your information we will take all reasonable steps to ensure that your privacy rights continue to be protected. By submitting information via the Site, you agree to this storing, processing and/or transfer.
8. Your details
You must ensure that any registration details you provide are accurate. If you choose, or you are provided with, a log-on ID (such as a username and password or other identifier) as part of our security procedures, you must treat such information as confidential and must not reveal it to anyone else. You are responsible for all activities that occur under your log-on ID and must notify us immediately of any unauthorised use or other security breach of which you become aware. We reserve the right to disable any log-on ID, at any time, if in our opinion you have failed to comply with any of the provisions of these terms and conditions or if any details you provide for the purposes of registering as a user prove to be false.
9. Your Data, Your Rights
You may exercise several rights in relation to the data we process about you. These are:
- You have a right to rectify any incorrect or inaccurate data – please let us know if you believe that we are using any inaccurate or incomplete personal data about you.
- Under certain circumstances, as determined by the Data Protection Legislation, you may ask us to:
- Erase the personal data we hold and use about you
- Restrict the way in which we hold and use your personal data
- Provide you with your data in a re-usable structure, or transmit this to another party at your request
- Stop holding or using your data for specific reasons, including marketing
- You also have the right to opt out of decision making that is based solely on automated processing (e.g. decisions taken solely by a computer) where the decision has a legal or otherwise significant effect on you.
If you would like to exercise any of the rights mentioned above or require further information in relation to the way in which we process your personal data please contact our Data Protection Officer at firstname.lastname@example.org or write to us at The Data Protection Officer, Ascot House, Maidenhead Office Park, Maidenhead, SL6 3QQ.
Furthermore, you continue to have the right to access your personal data and be provided with certain information about the way we process your data. This includes the right to obtain a copy of the personal data we hold about you. This is free of charge. Your “Data Subject Access Request” can be submitted using our online form, verbally over the phone with one of our customer services advisors, or by writing to Customer Services, Ascot House, Maidenhead Office Park, Maidenhead SL6 3QQ.
If you require any further information regarding any of the above points please contact us on 0333 300 0426 between the hours of 9am and 5.30pm, Monday to Friday.
Finally, you can find out more about your rights, how to exercise them, or refer any concerns you have to the Information Commissioner’s Office (www.ico.org.uk or call their helpline on 0303 123 1113).