PRG Privacy Policy

PRIVACY POLICY PLASTERBOARD RECYCLING GROUP

Your right to privacy is important to us. We know that your personal data belongs to you and not to us. That’s why we take the security of your information seriously and have strict policies and processes in place to ensure it is kept private and safe.

This privacy notice describes the way we collect your information, how we use it and why.

Who we are

Plasterboard Recycling Group

Where we use the term ‘we’ in this notice we mean the relevant member of our team who is processing your personal information.

The entity you have a relationship with will be the controller of any personal information you provide to us.

Plasterboard Recycling Group is regulated by the Environment Agency.

If you have any queries about how your personal information is used by us, which are not answered in this notice, please email us.

What is personal data?

Personal data is considered to be any information that either alone, or in combination with other information, would identify you as a living individual. For example, your name and date of birth.

How do we collect your information?

The type of loan or other product you have with us will dictate how your personal information is collected.

Personal information may be provided to us by;

• You or a third party

And may be provided;

electronically
by telephone
within paper correspondence

When applying for a product or service we will ask you to provide some information about yourself for security, identification and verification purposes.

When completing any forms, we will always tell you how your information will be used in relation to the product or service you are applying for within the declaration and in any associated terms and conditions.

When you provide any information about others (eg for a joint account) you must ensure that you have their consent or are otherwise entitled to provide the information to us.

Websites

You can visit our website without telling us who you are or revealing any information about yourself. When we ask you for personal information online it will only be in response to you applying for, or using, one of our online products or services.

We will not use information and/or any statistical analytics tool to track or collect any personally identifiable information about visitors to our site.

If you have logged into our site, please review our Cookie Policy at www.prg.uk.com to see what information may be recorded.

What personal data do we process?

We may process the following personal information;

Account Number
Full name
Date of birth
Address (both business and residential)
Address history
Home and mobile telephone numbers
Memorable Information (provided to us to in some instances to be used as a security check for account access)
Employment details
Corporate Directors – position within the company
Contact email address
Bank account number
Sort Code
Passport information if required for ID purposes
Vehicle details
Driving licence information
If you have requested a third party act on your behalf, the name and contact details of this party

Throughout the life of your account, you may provide the following information to us:

Your racial or ethnic origin
Political opinions
Your religious or philosophical beliefs
Trade union membership
Data concerning your health
Data concerning your sex life or sexual orientation

These pieces of information are considered to be special categories of data. We will only record them if they are relevant to the management of your account (for example, if you have a medical condition which means you require a bespoke communication approach) and we will not record this information without your explicit consent. You are able to withdraw this consent at any time, just get in touch.

On what basis are we allowed to process your personal data?

Under Data Protection law we are only allowed to process your personal data if we have a proper reason to do so. This includes sharing it to third party lenders. The law allows us to process your data for one or more of the following reasons;

to fulfil a contract we have with you or with a third party lender
when it is our legal duty
when it is in our legitimate interest
when you consent to it

A legitimate interest is when we have a business or commercial reason to use your information. This reason must not unfairly go against what is right and best for you.

The table below shows the ways we may use your personal information and why;

What we use your personal information for	Why we use your personal information
	Fulfil a contract
To verify your identity	Legal Duty
To manage our relationship with you	Legitimate interest
To deliver products and services	Your consent
To make and manage customer payments
To manage fees, charges and interest due on customer accounts
To collect and recover money that is owed under agreements or contracts	Fulfil a contract Legal Duty Legitimate interest
To respond to complaints and seek to resolve them
To detect, investigate, report and seek to prevent financial crime
To comply with laws and regulations that apply to us
To manage risk for us and our customers
To prevent fraud and money laundering
To exercise our rights, set out in agreements or contracts
To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance and audit requirements.	Fulfil a contract Legal Duty Legitimate interest

Who do we share your personal data with and why?

We share your personal information;

With businesses who may process data to form a contract.
With fraud prevention agencies (including the National Crime Agency, Action Fraud and the Home Office) to protect us from fraud and money laundering. We may also pass information to financial and other organisations involved in fraud prevention including law enforcement agencies who may also access and use this information to detect, investigate and prevent crime. We may automatically decide that you pose a fraud or money laundering risk or if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. If you give false or inaccurate information and we suspect fraud we will record this. Please go to www.cifas.org.uk/privacy-notice to read the Cifas privacy notice in full
With third parties where we are legally required or permitted to do so, for example for crime prevention purposes or to protect our right or the rights of our third party companies, employees or customers
With regulatory bodies where we are required to do so for legal and regulatory purposes
If you would like to know which specific third parties process data on our behalf, please email us

Possible consequences of us processing your personal data

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, finance or employment to you. If you have any questions about this, please contact us.

How long will we keep your personal information?

We will keep your personal information for as long as you have an agreement with our third party lenders. After you stop being a customer we may keep your data for up to 2 years for one of these reasons;

to respond to any questions or complaints
to show that we treated you fairly
to maintain records according to our regulatory and statutory obligations

We will keep your data for longer than this if we cannot delete it for legal or regulatory reasons. When this happens, we will make sure that your privacy is protected and we will only use it for these purposes.

Your information rights

You have various rights in terms of how and why your personal data is processed. Please contact us at any time if you wish to exercise these rights:

You have the right to rectify and correct inaccurate or out of date information at no extra cost
You may be able to request the deletion or removal of personal data where there is no compelling reason for its continued processing. You don’t have an absolute ‘right to be forgotten’ but we will consider the request in specific circumstances
You have the right to restrict and/or object to certain processing, providing it meets the requirements set out in law
You have the right to move, copy or transfer personal data. If we are processing data to perform our obligations to you, or because you consented, if that processing is carried out by automated means, we will help you to move, copy or transfer your personal data to other IT systems.
You have a right to access the personal information that we hold about you. We won’t charge you for this request, however, we may charge a reasonable fee if your request is largely unfounded or if you make repeated requests. Please make your request in writing and complete a Subject Access Request Form. Telephone calls will not be provided as standard as not all calls are recorded.

If you choose not to give personal information

We may need to collect personal information by law and under our terms and conditions. If you chose not to give us this personal information it may delay, or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts. It could mean that we cancel a product or service that you have with us.

Complaints

If you wish to complain about how we have treated your personal data, please email us to discuss your concerns.

You may also refer your concerns to the Information Commissioner’s Officer (ICO), the body that regulates the handling of personal data in the UK. You can contact them by:

Information Commissioner

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Telephone: 01625 545745