Completing deals,
with confidence

Specialising in structured ABL facilities from £1m to £35m with exceptional levels of client service. We have built a reputation for our deal focussed yet personal and flexible approach to completing deals

PRIVACY NOTICE

Privacy Notice concerning customer and other business-related personal data

Effective Date of this version: 25 May 2018

 

  1. INFORMATION ABOUT US
  2. DSO CONTACT DETAILS
  3. WHAT PERSONAL DATA WE COLLECT AND WHY?
  4. SHARING OF YOUR INFORMATION
  5. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
  6. YOUR RIGHTS

1. INFORMATION ABOUT US AND INTRODUCTION

Leumi ABL Limited (the “LABL” or “we” or “us” or “our”) is a UK-incorporated company that is part of the wider Bank Leumi le-Israel group. We offer a range of asset based lending services to UK-based and international customers. In the course of providing these services, we process relevant personal data about our customers, related individuals, vendors and other business and marketing contacts.

This Privacy Notice contains important information about the way in which we collect, use, disclose, retain and otherwise process personal data. LABL is committed to protecting the personal data of our customers and business contacts and respecting their privacy. We have in place a robust information security management programme which relies on technical and organisational security measures that are reviewed and updated on a regular basis.

Data Controller: For the purpose of the General Data Protection Regulation 2016/679 and any implementing legislation (the “GDPR”), Leumi ABL Limited is the data controller responsible for any personal data that we process. The address of our registered office is: 126 Dyke Road, Brighton, East Sussex, BN1 3TE, United Kingdom.

2. DSO CONTACT DETAILS

Questions, comments, and other communications regarding this Privacy Notice, or our privacy practices in general, are welcomed and should be addressed to our Data Security Officer. Any queries and requests regarding this privacy notice may be emailed to DSO@leumiabl.co.uk or sent by post to 126 Dyke Road, Brighton, East Sussex, BN1 3TE, United Kingdom.

3. WHAT PERSONAL DATA DO WE COLLECT AND WHY?

This section covers the different sources and categories of personal data that we collect and process, why we do so, and the lawful bases for processing by LABL.

Depending on your relationship with LABL, please see the relevant section below where we describe how we obtain your personal data and how we will treat it.

This privacy notice covers the processing of information for the following categories of individuals:

Section 3.1 – Customers (individuals or corporate entities) Where customers are legal entities, this covers employees, shareholders or representatives of our existing or prospective customers (or an employee, officer, shareholder, or other individual associated with it).
section 3.2 – Prospective customers
Section 3.3. – Service providers (covers employees or representatives of our existing or prospective service providers, suppliers and contractors).
Section 3.4 – Website visitors

3.1 If you are our customer (or an employee, officer, shareholder or other individual associated with it)

A – Sources of personal data
B – Personal data that we collect and process
C – Why do we collect your personal data and what are our lawful grounds for it?
D – Who does LABL share your personal data with?
E – How long will your personal data be kept by LABL?

A – Sources of personal data

LABL may obtain your personal data from the following sources:

  1. from you directly (for example, by telephone, via our website, by e-mail, when you fill out our forms, or in the course of carrying out services for you if applicable);
  2. from a company that employs you, if you are our corporate customer,
  3. from other parties (or their advisers);
  4. from credit reference agencies (who may search the UK Electoral Register);
  5. fraud prevention agencies, CIFAS, or other organisations;
  6. from our own affiliates;
  7. from various subscription services; and/or
  8. from publicly available sources (for example, governmental websites, company registries, credit reference agencies, search engines and social media sites).

In considering any application from you or making lending decisions, we may search files held by credit reference agencies, which may keep a record of the search. We reserve the right to carry out further checks from any of these sources from time to time for fraud prevention and credit control purposes.

B – Personal data that we collect and process

As a financial institution, LABL has a legal obligation to carry out due diligence on its customers in compliance with various anti-money laundering, counter terrorism, anti-bribery and anti-corruption, tax and other similar legislation prior to providing services to a customer. To do this, LABL may request personal data relating to an individual customer, a corporate customer’s officers, authorised signatories, direct/indirect shareholders, trustees, settlors, protectors and beneficial owners. This may include:

  1. a copy of a passport, ID card or any other equivalent identity document;
  2. proof of residential address (for example, a copy of a utility bill, bank statement or any other equivalent document confirming the residential address);
  3. a specimen signature;
  4. a completed “politically exposed person” questionnaire;
  5. source of funds;
  6. income levels and other financial data; and/or.
  7. video footage of you if you visit our premises.

LABL may conduct real-time and/or automated screening against politically exposed persons and prohibited and/or sanctioned persons lists published by various regulators from time to time or checks through certain subscription services. This may include information relating to your partner or other members of your household.

If you are an individual customer, or an officer or authorised signatory of a corporate customer, LABL may also collect your contact details (including your name, title, postal address, telephone number(s) and email address) and other verification details, such as call-back contact details.

In providing our services to you, we will process the details of your transactions, account summaries, and other financial details relevant to the management of your account with us.

If you are using our online services, please see the details we may collect in section 3.4 below.

C – Why do we collect your personal data and what are our lawful grounds for it?

Contract
Legal obligations
Legitimate interests

Contract

If you are a customer of LABL, the above personal data is necessary for the purposes of entering into a contract with us as a customer and providing you with the following services:

  1. provision of products services that are requested from us;
  2. managing, operating and giving and receiving instructions in respect of accounts held with us or our affiliates under the transactions documentation;
  3. sending you statements,
  4. communicating with you about changes to services,
  5. planning visits to our and / or your premises, or other locations,
  6. maintaining a commercial relationship with you,
  7. responding to any queries that you may submit to us.

Legal obligations

We need to collect your personal data to comply with our legal obligations:

  1. for assessment and analysis necessary to prevent and detect money laundering, including but not limited to carrying out any relevant anti-money laundering and sanctions checks and fulfilling our obligations under any relevant anti-money laundering law or regulation (including under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017); and / or
  2. to comply with any other professional, UK or EU legal and regulatory obligations which apply to us.

Where you are unable to provide us with your personal data that is a legal or a contractual requirement in relation to the provision of our services to you, we may be compelled to refuse to offer our services.

Legitimate interests

Finally, the personal data we collect is used to protect our business interests including the following:

  1. to develop and improve our services to you and other customers;
  2. to learn from the way you use and manage your account(s), from transactions you make and from the payments which are made to your account;
  3. to assess and analyse in order to prevent and detect fraud and other crime,
  4. to carry out regulatory checks;
  5. to meet our obligations to any relevant regulatory authority;
  6. to carry out operational and administrative actions;
  7. to exercise or to defend legal claims;
  8. to inform you of products, services and events that may be of interest to you by letter, telephone, messages, e-mail and other electronic methods, provided that we have your permission, where necessary.

You may tell us at any time if you do not wish your personal data to be used for the purposes of our legitimate interests listed above, including to receive marketing communications from us by contacting our DSO (see the contact details in section 2 above).

Where we rely on legal obligations or performance of our contractual obligations as the lawful bases, LABL may not be able to move forward with providing services if:

  • the documents listed above are not provided to complete our checks required by law; or
  • the documents and/or screening checks are not satisfactory to LABL in its sole opinion.
D – Who does LABL share your personal data with?

Credit reference and fraud prevention agencies
Government or regulatory authorities
LABL’s affiliates
LABL’s service providers

Credit reference and fraud prevention agencies

In some cases, where you are an individual customer of LABL or an individual associated with a corporate customer, we may need to share your personal data with authorised credit reference and fraud prevention agencies in order to obtain information from them that is necessary to make credit assessments and to prevent and detect fraud, money laundering and other crimes.

Should an unaffiliated third party request a credit reference from us, or any other request for a reference that concerns you, we will not provide such a reference without your written permission unless agreed within our transaction documentation.

Government or regulatory authorities

We may also disclose information about you if we have a legal duty to do so or if we are required or requested by any governmental, banking, taxation or other regulatory authority or similar body, or by the rules of any relevant stock exchange or pursuant to any applicable law or regulation or if the law allows us to do so. Otherwise, we will keep information about you confidential.

Affiliates of LABL

The following are LABL’s affiliates:

  • Bank Leumi le-Israel B.M. (“BLITA”);
  • Bank Leumi UK PLC (“BLUK”); and
  • Bank Leumi USA (“BLUSA”)

LABL may share your personal data with its affiliates, BLITA and BLUK, for the purposes of:

  • providing us with back-office and middle-office support and systems for managing operations and treasury related risk,
  • overall group-wide risk management,
  • litigation management,
  • allowing them to evaluate the opportunity to participate in lending transactions and opportunities that involve you or a company with which you are associated
  • compliance with regulatory requirements applicable to affiliates, and
  • marketing

We may also share your personal data with BLUSA where that is necessary: for the purpose of enabling our US affiliate to evaluate the opportunity to participate in lending transactions and opportunities that involve you or a company with which you are associated, and for compliance with regulatory requirements applicable to affiliates.

In so doing, LABL’s affiliates may be data controllers and / or data processors of your personal data together with LABL. As data controllers and / or data processors, these affiliates will process your data in line with the intra-group data transfer agreements in line with the requirements of the GDPR.

LABL’s service providers

We may give information about you and how you manage your account to organisations that provide a service to us or are acting as our agents, subject to contractual measures that we put in place obligating such organisations, on the understanding that they will keep the information confidential and will comply with applicable data protection laws.

For example, we may share your information with the following types of service providers that we engage with:

  1. Technical support providers who assist with our website and IT infrastructure;
  2. Third party software providers, who may include ‘software as a service’ solution providers, where the provider hosts the relevant personal data on our behalf;
  3. Professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;
  4. Money laundering and compliance search providers;
  5. Providers that help us store, collate and organise information effectively and securely, both electronically and in hard copy format, and for marketing purposes;
  6. Providers that assist us in transferring information effectively and securely for HMRC and Court purposes; and/or
  7. Providers that help us generate and collate reviews in relation to our services.

Please see further detail on the sharing of personal data in section 4 below.

E – How long will your personal data be kept by LABL?

LABL keeps the personal data in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

We will generally hold personal data collected for the purposes described in the section ‘Why do we collect your personal data and what are our lawful grounds for it?’ above for the entire duration of our relationship with our customer with regard to the provision of services and any applicable regulatory or retention period prescribed by law. We will retain information about you after the closure of a customer account or if your application is declined or abandoned for as long as required for legal, regulatory, fraud prevention and legitimate business purposes.

3.2 If you are a prospective customer

A – Sources of personal data
B – Personal data that we collect and process
C – Purposes for processing your personal data
D – Lawful basis for processing
E – Who does LABL share your personal data with?
F – How long will your personal data be kept by LABL?

A – Sources of personal data

If you are a prospective customer or an individual associated with a prospective customer (e.g. an employee, shareholder or a representative) and not our existing customer, we will mainly process the business contact details.

These details may have been provided:

  1. by you directly (for example, when you fill out our forms);
  2. via our website;
  3. by email;
  4. by telephone;
  5. during networking events that we have either hosted, or sponsored, or attended;
  6. if you visit our premises; and /or
  7. from publicly available sources (for example, your company website).
B – Personal data that we collect and process

LABL may process your contact details, including your name, title, postal address, telephone number(s) and email address. LABL may also process video footage if you visit our premises.

C – Purposes for processing your personal data

We may process personal data for the purposes below:

  1. To provide you with information, products or services that you request from us or that we feel may interest you. Where we use your email to communicate marketing information to you we will seek your prior consent, where required to do so by law.
  2. To enable us to plan visits to prospective customer premises and establish commercial relationship with the customer.
  3. For the fulfilment of marketing campaigns online, by letter, telephone, messages, email or other electronic methods.
  4. To provide security of our offices, when you visit us.
D – Lawful basis for processing

We process the types of personal data identified above on the basis of our legitimate interests or those of our customers or suppliers where relevant.

If you wish to withdraw your consent, or object to our using your contact details for any of the purposes listed above, including direct marketing, please send us an email at: dso@leumiabl.co.uk.

E – Who does LABL share your personal data with?

LABL may share your personal data with LABL’s affiliates with whom we may carry out joint marketing campaigns or events.

LABL may, from time to time, share your personal data with our advertising and promotional agencies and consultants and those organisations selected by us to carry out marketing campaigns on our behalf subject to appropriate contractual safeguards

Please see further detail on the sharing of personal data in section 4 below.

F – How long will your personal data be kept by LABL?

LABL will retain your business contact details for as long as it is necessary for the purposes set out above (e.g. for as long as we have a relationship with you as our business contact).

We review the information we retain regularly and when there is no longer a legal or business need for us to hold it, we will either delete it securely or, in some cases, anonymize it in a way that no longer identifies you.

Any contact details that are stored on our customer relationship management database will be removed from our mailing lists if they are more than 3 years old and there has been no interaction with them during that period, following which they will be deleted permanently.

3.3  Service Providers (covering their employees, authorised signatories, officers, directors and representatives)

A – Sources of personal data
B – Personal data that we collect and process
C – Why do we collect your personal data and what are our lawful bases for it?
D – Who does LABL share your personal data with?
E – How long will your personal data be kept by LABL?

A – Sources of personal data

LABL may obtain your personal data from the following sources:

  1. from you directly (for example, when you fill out our forms, sign agreements with us, or in the course of carrying out services for us);
  2. from a company that employs you, if you are a representative of one of our corporate service providers; and/or
  3. from publicly available sources (for example, your company website).
B – Personal data that we collect and process

LABL may request personal data relating to our service providers’ officers, authorised signatories, and other associated individuals. This may include:

  1. name;
  2. job title; and
  3. business contact details.
C – Why do we collect your personal data and what are our lawful grounds for it?

Legal obligations

We may need to collect your personal data to comply with any professional, legal and regulatory obligations which apply to us.

Legitimate interests

The personal data we collect may also be used for the following of our legitimate interests:

  1. to communicate with you in relation to the services provided to us;
  2. to carry out regulatory checks;
  3. to meet our obligations to any relevant regulatory authority;
  4. to carry out operational and administrative actions;
  5. to exercise or to defend legal claims;
  6. to prevent illegal activity, and/or
  7. to invite you to events and inform you of products and services that may be of interest to you by letter, telephone, messages, e-mail and other electronic methods. Where we send you direct marketing by email, we will obtain your consent where we are required to do so by law.

If you object to us using your contact details for these purposes, including direct marketing, please send us an email here: dso@leumiabl.co.uk.

D – Who does LABL share your personal data with?

LABL’s affiliates
LABL’s service providers
Regulatory authorities

LABL’s affiliates

LABL may share your personal data with its affiliates (see the list above) for the purposes of overall group-wide risk management, litigation management, compliance with regulatory requirements applicable to affiliates, and marketing.

LABL’s service providers

We may give information about you to organisations that provide a service to us or are acting as our agents, on the understanding that they will keep the information confidential and will comply with data protection laws

For example, we may share your information with the following types of service providers that we engage with:

  1. Professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers,
  2. Providers which help us store, collate and organise information effectively and securely, both electronically and in hard copy format, and for marketing purposes.
  3. Providers which help us generate and collate reviews in relation to our services.

Regulatory authorities

We may disclose information about you if we have a duty to do so or if we are required or requested by any governmental or regulatory authority or similar body, or by the rules of any relevant stock exchange or pursuant to any applicable law or regulation or if the law allows us to do so. Otherwise, we will keep information about you confidential.

Please see further detail on the sharing of personal data in section 4 below.

E – How long will your personal data be kept by LABL?

LABL will retain your business contact details for as long as it is necessary for the purposes set out above (e.g. for as long as we have, or need to keep a record of, our relationship with you as our business contact).

Contact details concerning account representatives of our vendors will be retained for one year following the termination of the relevant supplier relationship.

3.4 If you are our website visitor

A – Sources of personal data
B – Personal data that we collect and process
C – Why do we collect your personal data and what are our lawful bases for it?
D – Who does LABL share your personal data with?
E – How long will your personal data be kept by LABL?

A- Sources of personal data

We may obtain your personal data from the following sources:

  1. from you directly (for example, at the time of subscribing to any services offered on our website (www.leumiabl.co.uk), including but not limited to email mailing lists, interactive services, posting material or requesting further goods or services);
  2. from your device or browser; and/or
  3. if you contact us, we may keep a record of that correspondence.
B- Personal data that we collect and process
  1. name;
  2. username;
  3. email address
  4. operating system;
  5. browser type;
  6. cookie data (for more information please see our Cookie Policy: leumiabl.co.uk; and/or
  7. IP address.
C – Why do we collect your personal data and what are our lawful bases for it?

LABL processes your personal data for the following purposes:

  1. to allow you to participate in interactive features of our service when you choose to do so;
  2. to ensure that content from our website is presented in the most effective manner for you and for your device;
  3. to allow us to share information in order to provide any product or service you have requested;
  4. for the provision of support services;
  5. for the management of our customer records;
  6. for system administration purposes;
  7. for generating and monitoring statistical data about our users’ browsing actions and patterns, the number of visitors to our website, the pages visited and how long they stayed; and/or
  8. to exchange personal data with Bank Leumi Group companies for the purpose of reporting, global management, carrying out monitoring, analysing business, complying with group regulatory requirements and any other purposes that is incidental to or connected with the foregoing purposes.

As described in our Cookie Policy, we will not set cookies on a user’s device unless they have consented to our doing so, unless the cookies in question are necessary for the performance or navigation of our website.

It is in LABL’s legitimate interests, and that of our website visitors, for us to process data about their use of our website in order to improve the services and information that we provide on it and for the security of our website operation.

Please do not submit your information to via our website, if you do not want us to process your personal data for the above purpose.

If you do not want us to process your personal data for the purposes above, please send an email to our DSO as set out in section 2 above.

D – Who does LABL share your personal data with?

We may share your information with companies that provide the following services to LABL:

  1. Analyse or evaluate our data collection process or customer service fulfilment;
  2. Service providers, such as website hosting companies or those that operate the website on which information about you is collected.

Please see further detail on the sharing of personal data in section 4 below.

E – How long will your personal data be kept by LABL?

We keep your personal data for as long as necessary to respond to your queries and/or to maintain a relationship with you. When our relationship ends, we will delete your personal data or aggregate the data we collect about our website use, so that the data no longer identifies you.

4. SHARING OF YOUR INFORMATION

Data that we collect may be shared with our affiliated companies, suppliers or service providers as mentioned specifically in each relevant section above. Also, we may share your personal data in the following cases:

  1. as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of our Terms and Conditions or other agreements, or as required by law; and/or
  2. in the context of mergers and acquisitions, LABL may transfer your personal data to potential purchasers and their advisors, subject to appropriate confidentiality obligations, in the event LABL decides to dispose of all or parts of its business.

5.TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

In general, when transferring your personal data outside the EEA (which consists of EU member states and Iceland, Lichtenstein and Norway), we will only do so using one of the following safeguards:

  1. the transfer is to a non-EEA country which has an adequacy decision by the EU Commission (e.g. Israel);
  2. the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA.
  3. the transfer is to an organisation which has Binding Corporate Rules approved by an EU data protection authority; or
  4. the transfer is to an organisation in the US that is EU-US Privacy Shield certified.

You may request a copy of the relevant document by contacting our DSO as indicated in section 2 above.

6. YOUR RIGHTS

You have the following rights in relation to your personal data under the GDPR:

  1. to obtain information on how we handle your personal data and access documents which contain your personal data;
  2. to request us to correct or update your personal data if it is inaccurate or out of date;
  3. to object to the processing of your personal data for the purposes of our legitimate interests, as discussed above;
  4. to erase personal data about you that is held by us:
    i     which is no longer necessary in relation to the purposes for which is was collected,
    ii    to the processing of which you object, or
    iii   which may have been unlawfully processed by us;
  5. to restrict processing by us, i.e. to restrict processing to storage only:
    i     where you oppose to deletion of your personal data and prefer restriction of processing instead, or
    ii    where you object to the processing by us on the basis of its legitimate interests;
  6. to transmit personal data that you submitted to us back to you or to another organisation in certain circumstances; and
  7. to withdraw your consent at any time, if we rely on your consent (for example, when setting cookies on your device or for direct marketing).

If you at any time decide that you do not want to be contacted for direct marketing purposes or if you would like to exercise any of these rights, please contact our DSO as indicated in section 2 above.

If you are unhappy with how we have dealt with your request or concern, you have the right to file a complaint with the Information Commissioner’s Office, the UK supervisory authority.

For more details, please visit the ICO’s website: https://ico.org.uk/concerns/handling/.