About VeriFI and the purpose of this policy

We are VeriFI Asset Protection Ltd (VeriFI), a limited liability company incorporated in England with company registration number 13842278 and our Registered Office address is at 17 The Grove, Ilkley, West Yorkshire, LS29 9LW.

This Privacy Policy and Fair Processing Notice (Policy) explains how and why VeriFI may collect and use any personal data about you. 

In this Policy, references to personal data means any information that relates to an identifiable natural person. In this context, the natural person means; you. 

Terms such as we, us, our,

For the most part, it is more likely that personal data is passed to us by our clients (e.g. banks, finance providers, insurance companies, and may also include intermediaries such as brokers with whom they deal) because they have asked us to provide services to them which relate to their own products and services which their customers have asked them to provide (e.g. finance to purchase and asset or an policy to insure an asset). In that case, the bank or insurance company is the data controller for the purposes of data protection compliance and you should, in the first instance, refer to them and their own data privacy policy as to how your personal data is being used. In that context, VeriFI acts as a data-processor and is subject to a GDPR compliant data processing agreement with our client which is a legally binding contract which determines the nature of the processing of personal data provided to us (i.e. limited to the purpose of providing inspection and audit services to the client).

However, we may collect information from you (which could include personal data) when you visit our website, use one of our services, contact us by telephone or email or receive a communication from us relating to your use of our services.

Unless clearly stated otherwise, this Policy applies to personal data collected by VeriFI where VeriFI acts as a data controller as defined in the GDPR (i.e. where VeriFI makes the decisions regarding the purposes and means of processing the data we collect). 

We recommend that you read this Policy so that you can understand the types of personal data we collect about you, how we use it, and what legal rights you have in relation to it. 

We may also issue to you other notices regarding your personal data and privacy which may apply in specific circumstances. We recommend that you read those also.

Controller

Where VeriFI collects personal data directly (i.e. where it has not been provided to us by the finance or insurance provider a relevant individual is dealing with) VeriFI will be a data controller. 

When VeriFI is the data controller, VeriFI is responsible for making sure that your personal data is used properly in accordance with applicable laws. As data controller, VeriFI is bound to provide you with the information in this Policy. 

However, on occasions there may be other data controllers involved in processing your data as further explained in this Policy (e.g. your finance or insurance provider to whom we provide services which relate to you), or as you may be advised at the time your information is to be processed.

Contact Details

If you need to contact us, you can write to us at:

Data Protection Compliance

VeriFI Asset Protection Ltd

17 The Grove

ILKLEY

LS29 9LW

Or you can email us at (please include “Data Protection” in the subject heading so we deal with it straight away):

Changes to this policy and your duty to inform us of changes

VeriFI reserves the right to change this Policy at any time, so we recommend that you regularly check this page and keep yourself up to date with the terms of this Policy. 

One of our obligations as a data controller is to make sure that the personal data we hold about you is accurate and up to date. We therefore require you to inform us if any of the information we hold about you changes for any reason.

Types of data

We define into easy to understand groups as follows:

Type | Description
Contact | NameWork emailWork phone (including mobile)Work addressWork organisation
User Profile | NameWork organisationWork role/positionWork emailWork phone (including mobile)Work addressLogin credentialsUser settings and permissions
User Content | Contact (see above)User Profile (see above)UsagePhotographic or video content submitted by User in connection with service request, enquiry, or system fault reporting
Usage | Access dates and timesUsage duration Geo-location data collected from User’s device(s)Device (see below)System activity (including faults and connection failures)Data input/uploaded by UserAssets associated with User or User’s employer (including, without limit, asset specific information e.g. make, model, registration/serial number, insurance status, maintenance status, regulatory or government issues licences and approvals, values or prices paid, finance agreements)
Device | Hardware modelsDevice IP address or other unique device identifiersOperating systems and versionsSoftware Preferred languagesDevice motion dataMobile network dataWi-Fi data (which device is connected to)
External Source | Includes data from or in connection with:Financial Services providers (Banks, asset finance providers, insurance providers)Intermediaries of Financial Services providers (e.g. brokers or other intermediaries)Credit reference agenciesVendors who provide ID verification servicesSuppliers/Sellers (of assets which are the subject of VeriFI’s services)Third party technical services providers (e.g. hosting services, technology support and maintenance services, etc.)Publicly available sourcesGovernments, regulatory authorities, or law enforcement agencies or officials
ID | NameEmail PhoneAddress Photo (selfie) Photo (government issued ID card/driver’s licence/other government issued document) - may include gender, photo, date of birth

The data we collect about you

This section describes the information which we, as controller, collect directly from or about you. It is important that you understand that, where your personal data has been provided to VeriFI by your finance provider or insurance provider, they are the controller and you should consult their privacy policy to understand what personal data they collect about you and how it may be used (including where it is provided to VeriFI for providing our service to them).

Where VeriFI is the controller, the personal data we collect about you will depend on the nature of your interaction with VeriFI. 

When VeriFI is asked to provide its services | Generally, we act for institutional providers of finance and insurance services and these are not living individuals (rather, they are companies or similar organisations). However, when dealing with employees, workers, or consultants (who are living individuals) of those institutions, VeriFI may collect the following types of personal data:ContactUser Profile
When an enquiry is made to VeriFI from our website or via email | We also collect personal data voluntarily provided by any visitors to our website (communications via Contact Us) or individuals that email us with a question or comment about our products and services, or sign up for product demonstrations. VeriFI may collect the following types of personal data:ContactUser Content
Information collected when our inspection tools or VeriFI CRM system are used | Where VeriFI’s virtual inspection tools (e.g. our self-certiFI inspection tool) or VeriFI CRM system are utilised we collect the following types of personal data:ContactUser ProfileUser ContentUsageDeviceID (only where ID verification is required by VeriFI client)As noted in the Introduction section, where a VeriFI client asks us to perform VeriFI’s services, they will provide us with information about their own customers which may include personal data. We need to use that information in order to provide our inspection tools and/or carry out inspections and audits. In that context, where we use the information provided to us, we act as a data processor under a GDPR compliant data processor agreement which determines what we do with personal data. Our client is responsible for ensuring that they have complied with applicable data protection laws in collecting the applicable personal data and providing it to VeriFI to perform our service to the client.
Information collected when VeriFI attends a client’s customer’s or intermediary’s premises | Where VeriFI (including its authorised service providers) attends the premises of a customer of VeriFI’s finance or insurance provider client to undertake an inspection in person, VeriFI will collect the following types of personal data relating to the employees or other workers of the customer:ContactUser Profile NameUser Content 

How is your data collected?

Direct Interactions | We will collect personal data through direct interactions with data subjects e.g. when a data subject contacts VeriFI (enquiries about our services and technology tools or other marketing requests), when a user uses VeriFI’s services (access to and use of inspection tools and VeriFI CRM system), reporting technical faults related to inspection tools and VeriFI CRM, communications regarding billing between VeriFI and its client, etc.
Automated technologies or interactions | We will collect personal data automatically when a data subject interacts with VeriFI website and from accessing and using our inspection tools and VeriFI CRM. This may include collecting data using server logs, Cookies, and similar technologies.
External Parties | We will collect personal data from a number of External Parties. This is mostly from VeriFI clients (financial services providers and insurance providers) who wish to use VeriFI’s services but may include data that we collect from other third parties in connection with the provision of our services to those clients. For example, we may receive personal data about Users from technology providers we use to support our business, services, and our technical platforms, including support ticketing systems such as Asana, and other hosting and communications providers such as Amazon Web Services based inside or outside of the EU.

VeriFI will only use the personal data we collect in circumstances where the law allows us:

Generally, we do not rely on consent as a legal basis for processing personal data we collect except where we wish to send you marketing communications (whether directly from us or via a third party service provider). You have the right to withdraw consent to marketing at any time by contacting us or by clicking “unsubscribe” in any marketing communications you receive from us.

Purposes for which we use your personal data

The table below describes the ways we use personal data collected by VeriFI and the legal basis for processing. Where appropriate, we have identified where we may rely on legitimate interest as a basis for processing. 

We may process your personal data on more than one lawful basis depending on the specific purpose for which we are processing the personal data. 

Purpose/Activity | Type of data | Lawful basis for processing including legitimate interest
Register a new User on VeriFI CRM or other VeriFI services | ContactUser ProfileID | Performance of a contract with VeriFI client
Enabling a User to access and use VeriFI inspection tools, VeriFI CRM, or other VeriFI technical tools or platforms | ContactUser ProfileUser Content UsageDeviceExternal SourceID | Performance of a contract with VeriFI clientNecessary for our legitimate interests (for legal liability purposes, to provide auditable records of use of VeriFI products and services, fraud prevention)
Managing our relationship with those who directly interact with VeriFI e.g. notifying you of updates to our terms of business or this Policy, if you have a contractual relationship directly with VeriFI, asking you to provide feedback on VeriFI and its products or services, responding to enquiries which you make to us about VeriFI’s products or services | ContactUser ProfileUser ContentUsageDevice | Performance of a contract with VeriFI clientPerformance of a contract with data subject themselvesNecessary for our legitimate business interests (to keep our records updated, to comply with our legal and tax obligations, to study and improve how VeriFI’s services and products are used or could be used)
Administering and protecting VeriFI business and VeriFI inspection tools, VeriFI CRM, or other VeriFI technical tools or platforms (including troubleshooting technical problems, fixing faults, data analysis, testing, system maintenance, User support, hosting and reporting of data) | ContactUser ProfileUser Content UsageDeviceExternal SourceID | Performance of a contract with VeriFI clientNecessary for our legitimate interests (for efficiently operating the VeriFI business, for efficiently operating VeriFI inspection tools, VeriFI CRM, or other VeriFI technical tools or platform,provision of technology services, network and system security, fraud prevention, legal liability purposes, to provide auditable records of use of VeriFI products and services)
Use data analytics to improve VeriFI inspection tools, VeriFI CRM, or other VeriFI technical tools or platforms, marketing, client relationships and experiences | User ContentUsageDevice | Necessary for our legitimate interests (to analyse and study how Users and clients user our products and services, to further develop our products and services, to grow the VeriFI business, to inform our marketing strategy, to inform our product roadmap and development requirements)
To deliver relevant promotional materials | ContactUser ProfileUser ContentUsageDevice | Necessary for our legitimate interests (to analyse and study how Users and clients user our products and services, to further develop our products and services, to grow the VeriFI business, to inform our marketing strategy, to inform our product roadmap and development requirements)

In order to operate our business and provide VeriFI’s products and services, there will be times where we share personal data which VeriFI collects. These include:

Shared with | Type of data | Reason for sharing
VeriFI clients (including their intermediaries and applicable service providers) | ContactUser ProfileUser Content UsageDeviceExternal SourceID | Performance of or preparing to enter into a contract with VeriFI client who has contracted for VeriFI’s services which involve you e.g. where you are a User, where you work for the VeriFI client, where you provide services to the VeriFI client (including, without limit, brokerage services) where you are a customer or a prospective customer of the VeriFI client
VeriFI contracted third-party suppliers | ContactUser ProfileUser Content UsageDeviceExternal SourceID | We may share your personal data with organisations who VeriFI has contractual relationships with for the supply of goods and services as part of providing service to our clients and/or managing our business operations. This includes service providers who help VeriFI operate and maintain the VeriFI business, VeriFI inspection tools, VeriFI CRM, or other VeriFI technical tools or platforms (including those who provide services such as: troubleshooting technical problems, fixing faults, data analysis, testing, system maintenance, User support, hosting and reporting of data).We may also disclose your personal data to our authorised representatives in connection with a contracted transaction between you and us or a contract between you and a VeriFI client. This includes solicitors, surveyors, valuers, insurers, loss adjusters, recovery agents, telematics and asset tracking products or services providers, and any party described in the terms and conditions of the individual products you have purchased from a VeriFI client or (if applicable) from VeriFI directly. We will have in place an appropriate GDPR compliant data processor agreement with our service providers which will restrict how they are able to process any personal data we provide to them. If any service provider is based outside of the European Economic Area, we will ensure that the provider is either a current subscriber to the EU/US Privacy Shield, or we have an appropriate GDPR compliant contract for the international transfer of personal data with them.
Other External Sources | ContactUser ProfileUser Content UsageDeviceExternal SourceID | In order to protect, enforce, defend, or perform our legal rights and/or obligations.Fraud and crime prevention.To comply with good governance obligations.To protect our rights, property, or safety, or that of our clients, Users, or other persons.
Purchasers of the whole or any part of VeriFI (including any joint venture partner) | ContactUser ProfileUser Content UsageDeviceExternal SourceID | For the purposes of due diligence in circumstances where VeriFI sells or enters into a process to sell or with the aim of selling the whole or any part of VeriFI or its business undertaking or enters into or proposes to enter into a joint venture with a third party.

Marketing

Promotional offers from VeriFI

Where we have your consent to do so, we may send you marketing communications relating to our products and services and (where appropriate) those which we select as being complementary and relate to products or services provided by third parties we work with.

Third Party Marketing

Where we have your consent to do so, we may share your personal data with third party providers of products or services provided who VeriFI either works with or which VeriFI considers appropriate to you or your business.

Consent and opting out

You are in complete control of whether you consent or not to receiving any form or marketing communications from VeriFI and/or third parties. You always have the right to opt out either by writing to us or by clicking “unsubscribe” on any marketing communications you receive.

Cookies

Visitors to VeriFI’s website who do not log in to the VeriFICRM (i.e. who are not Users of VeriFI’s inspection tools, VeriFI CRM, or other VeriFI technical tools or platforms which require access credentials to use) can set their browser to refuse all or some browser cookies or to alert you when the website sets or accesses cookies. If, in this case, you disable or refuse cookies, please note that some parts of the website may become inaccessible or not function properly. 

For more information about the cookies we may use, please see our Cookie Policy. 

Change of purpose

VeriFI will only use your personal information for the purposes for which we collected it unless we reasonably need to to use it for another purpose(s) and that purpose(s) is compatible with the original purpose(s). If you wish to obtain an explanation as to how the processing for the new purpose(s) is compatible with the original purpose, please contact us.

If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We may process your personal information without your knowledge or consent, in compliance with this Policy, where this is required or permitted by law.

Security

We have put in place appropriate technical and organisational security measures to prevent your personal information which we collect from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed to unauthorized persons. In addition, we limit access to your personal information to those of our employees, agents, contractors, and other third parties who have a legitimate need to know. They will only process your personal information which we collect on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal information breach and VeriFI will notify any affected data subject of a security breach where we have a legal obligation under GDPR to do so.

Retention

How long will VeriFI use your personal data for?

VeriFI will only retain your personal information which we collect for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information, and whether we can achieve those purposes through other means, and the applicable legal requirements to which your personal information is subject.

By law we are required to keep basic personal information e.g. if you are a customer or if you otherwise use our services, for six years after the customer ceases to be a customer or user last uses the services. We do this for tax, regulatory, and legal liability purposes. We may also keep the information longer if deemed reasonably necessary in connection with our contractual relationships with our clients who use our services.

Where required, we will seek to renew consents from you for e.g. marketing communications on a more frequent basis.

In some instances, we may apply anonymisation tools to your personal information (so that it can no longer be associated with you). We may do this in order to undertake statistical analysis or research or for other legitimate purposes to develop our business and services. In this case, we may keep and use this information indefinitely.

Your legal rights

Your rights under GDPR are described below. 

Your right | What it means
To be informed | VeriFI is required to be transparent about the processing that we do with any personal data we collect from or about individuals. The information that you supply is determined by whether we collected your personal data directly from you or indirectly via someone else (such as a client of VeriFI). Your right to be informed may be relevant if you consider it necessary to ask for more information about what we do with your personal data.
To request access | Data subjects from whom we have collected personal data have a right to obtain confirmation that it is being processed, and to obtain information about how we process it. This is normally done by way of a “subject access request” to VeriFI.
To object to processing | Data subjects have a right to object to processing their personal data in certain circumstances e.g. where the basis relied on is legitimate interests of the controller, where it is processed for direct marketing, or where it is processed for the purposes of compiling statistics.
To restrict processing | Data subjects have a right to restrict processing of personal data e.g. where you contest it as being inaccurate (until the accuracy is verified), where you have objected to the processing (where it was necessary for legitimate interests) and we are considering whether VeriFI’s legitimate interests override the interests of the data subject; where you consider that the processing is unlawful, and where you oppose erasure and request restriction instead; or where we no longer need the personal data for the purposes of the processing for which we were holding it but where you require us to continue to hold it for the establishment, exercise or defence of legal claims.
To erasure | A data subject has the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing. This right applies only in particular circumstances. It may be relevant where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
To correction or completion | A data subject has the right correction of personal data which is inaccurate, and also to have incomplete personal data completed in certain circumstances. If VeriFI has disclosed the relevant personal data to third parties, we must also inform them of the rectification where this is possible.
Portability | Data subjects have a right to obtain and reuse their personal data for their own purposes across different services; to move, copy or transfer their personal data easily from one environment to another in a safe and secure way without hindrance to usability. This right is relevant where personal data is being processed based on a consent or for performance of a contract and is carried out by automated means. This is not the same as the right of access.
Automated Decision Making | In certain circumstances, data subjects have the right to require a data controller to operate certain safeguards against the risk that a potentially damaging decision is taken solely without human intervention. Data protection laws prohibit this particular type of automated decision making except where it is necessary for entering into or performing a contract; is authorised by law; or where the data subject has explicitly consented to it. In those cases, the data subject has the right to insist on human intervention and an explanation of and right to challenge the decision.
To complain | Data subjects have the right to complain to the Information Commissioner’s Office (https://ico.org.uk/make-a-complaint/). The ICO is the UK data protection regulator. Without affecting your legal rights, VeriFI always strives to resolve any disputes with data subjects whose data we collect and if you have any questions or complaints about how we collect or use your personal data, please contact us: Data Protection Compliance VeriFI Asset Protection Ltd 17 The Grove ILKLEY LS29 9LW Or you can email us at (please include “Data Protection” in the subject heading so we deal with it straight away): info@verifiassetprotection.com