During the course of our relationship with you, we may need to collect and process data about you. The types of data that we will require will fall broadly into one of the categories below:
Type of Personal Information Description
|Contact||Name, telephone, address, email address and how to contact you|
|Financial||Bank details, credit information|
|Public||Details from the electoral register, companies house, and other information publicly available about you or your business|
|Special||Criminal records data - this is only stored for Insurance customers currently, please see how your data is used section for further details on this|
|Permission||Permissions you have granted us to use your data, primarily for marketing purposes|
|Documentation||Data stored in documents you have sent us, such as bills and contracts from suppliers to enable us to help you switch, or leases to prove change of tenancy where required.|
|Technical Data||The types of equipment and software, IP addresses, geographical location, operating system and browser type you use to access our online services where available.|
|Analytics||Data that tells us how you have navigated across our websites, selected certain preferences on our website, what number you called us on, how long you called us for and the reason for the call etc.|
|Product Specific||Details about the products you have taken, what you are interested in, whether we've discussed certain products with you previously.|
We will collect this data during the course of business you, by one of the following methods:
In the cases where we are in the course of arranging a contract for you, or have arranged a contract for you in the past, we will also receive data about you via the following methods:
|How might you use my personal information?||What lawful basis will you have to use my personal information in this way?||Why do you use my personal information in this way?|
|We may share your personal information with our approved partners and third-party product providers so that they can return a quote to you via our website. For example, if you use our energy or gas service, we will send your personal information to our panel of approved energy provider so that they can return energy quotes to you via our website.||This processing of your personal information is necessary so that we can provide our services to you in accordance with our website terms and conditions. If we process special category data for this purpose, we will do so only if the law allows us to and at all times strictly in accordance with the terms of our policy document.||Without processing your personal information in this way, we would be unable to provide our services to you.|
|We may share your personal information with a limited number of approved third-party data providers in return for further information about you. We use this further information for data enrichment purposes and in order to auto-populate relevant fields within our website journeys to save you time and effort. For example, if you run an energy quote and provide us with your bill of authority, we may search the databases of our approved third-party data providers in order to auto-populate information about your energy usage.||We have a legitimate interest in processing your personal information in this way.||It is in our legitimate interests to process your personal information in this way so that we can provide a more user-friendly, intuitive and enjoyable price and product comparison experience. We know that our customers’ time is valuable and hence we strive to save people everywhere time and money!|
|We may process your personal information for the purposes of providing you with our continuous savings services. For example, if you have previously used our telecom contract service then we may process your personal information in order to renew a contract for you when your existing one ends.||We have a legitimate interest in processing your personal information for the purposes of providing you with our continuous savings services except where our provision of this service necessitates the processing of special category data. We will only process special category data for the purposes of providing our continuous savings services to you with your consent, if the law allows us to and at all times in accordance with the terms of our policy document.||Our continuous savings services, means that we do all of the hard work of generating a quote for you, whenever your product is due for renewal. We generate quotes early which often means that we secure a better price for you via our website than you might obtain yourself by generating a quote on a date which is closer to your renewal date. You can still come back to our website and run your own quotes or simply confirm that the details we hold about you remain correct and then sign your contract directly via our site - thereby saving you time and money!|
|We may process your personal information for the purposes of providing renewal reminders to you. For example, if you opt-in to receive renewal reminders from us and you have previously used our website to compare energy and gas prices, we may send you renewal reminders before your energy or gas contract is due for renewal. We will send your renewal reminder in advance of the date on which we understand your renewal is due.||We will only process your personal information for the purposes of providing renewal reminders to you with your consent.||Renewal reminders mean that you will be given plenty of notice to return to our website to make sure you are getting a great deal before your policy automatically renews or expires.|
|If you opt-in to receive general marketing from us, we may process your personal information for the purposes of providing our general marketing to you. For example, if you opt-in to receive our general marketing, we may send you newsletters, information about our latest offers, products and promotions and more.||We will only process your personal information for the purposes of providing direct marketing to you with your consent.||All of our marketing is carefully drafted and intended always to be topical, relevant and useful for our customers. Those opted-in are first in-the-know!|
|If you opt-in to receive contact from our partners who provide you with the cheapest quotes, we may provide your contact details to those partners so that they can contact you in order to progress a sale. For example, if you opt-in to receive contact from our partners who provide you with the cheapest quotes, one or more of those partners may contact you after you have run a quote via our website. Those partners may contact you for the purpose of assisting you in purchasing a product or service from them.||We will only share your personal information with our partners so that they can contact you in this way with your consent.||We understand that some of our customers prefer to speak to any supplier before purchasing a contract policy. By opting-in to receive contact from our partners who provide you with the cheapest quotes, you may save a lengthy call queue and still purchase your preferred product in your preferred way!|
|If you opt-in to receive contact from our third-party product providers, we may provide your contact details to those providers so that they can contact you in order to progress a sale. For example, if you opt-in to receive contact from our third-party product provider of contracts in the course of completing a quote on one of our other contract journeys, that provider may contact you after you have run a quote via our website. Those providers may contact you for the purpose of assisting you in purchasing a product or service from them. They may share your personal data with any service providers they work with to provide you with a quote.||We will only share your personal information with our third-party product providers so that they can contact you in this way with your consent.||We understand that some of our customers may be interested in other supplier policies whilst completing a particular journey on our website. For example, if you were to complete a quote for a contract for a phone, some customers may also be interested in purchasing energy too. By opting-in to receive contact from our third-party providers who have access to a range of suppliers, you may save having to complete another journey on our website and still purchase an additional service relevant to you.|
|We may process your personal information in order to send you service communications.||This processing of your personal information is necessary so that we can provide our services to you in accordance with our website terms and conditions.||Without processing your personal information in this way, we would be unable to provide our services to you.|
|We may process your personal information in order to detect and prevent financial crime, including fraud.||We have a legitimate interest in processing your personal information for the purposes of detecting and preventing financial crime.||It is in our legitimate interests to process your personal information in this way because financial crime negatively impacts all of us. We take our obligation to investigate, report and hence seek to prevent financial crime extremely seriously and we believe our work in this area benefits the overwhelming majority of our customers who use our website honestly.|
|We may process your personal information and share it with our approved partners and third-party product providers in order to verify that a sale between you and one of our approved partners or third-party product providers has taken place.||We have a legitimate interest in processing your personal information for sales validation and audit purposes.||It is in our legitimate interests to process your personal information in this way so that we can continue to provide our services to you free of charge. This means that when you buy a product or service from a third party via our website, that third party pays us a commission instead. In order to ensure that we are fairly and properly remunerated and able to continue to provide our services free of charge, it is imperative that we are able to audit our approved partners and third-party product providers for sales validation purposes.|
|We may process your personal information in order to personalise or improve aspects of our service delivery and for troubleshooting and other quality control and testing purposes, including for the purposes of responding to any queries or complaints about our services raised by you or our approved partners and third party and product providers.||We have a legitimate interest in processing your personal information in order to ensure that we are always able to provide an excellent quality of service.||It is in our legitimate interests to process your personal information in this way so that we can provide an excellent quality of service. To do this, we regularly monitor and seek to improve our interactions with you and our approved partners and third-party product providers. This helps us to understand how we can better satisfy your needs and hence grow our business. Sometimes we may also need to access your personal information in order to resolve any queries or complaints which are made about our service. Our work in this area ensures that we can continue to provide the level of service which you have rightly come to expect from us.|
|We may process your personal information in order to obtain feedback and reviews for customer research purposes to help us improve and quality control our service this may include the use of trusted independent third parties.||We have a legitimate interest in processing your personal information in order to ensure that we are always able to provide an excellent quality of service.||It is in our legitimate interests to process and share your personal information in this way so that we can provide an excellent quality of service. To do this, we regularly monitor and seek to improve our interactions with you and our approved partners and third-party product providers. This helps us to understand how we can better satisfy your needs and hence grow our business. Our work in this area ensures that we can continue to provide the level of service which you have rightly come to expect from us.|
|We may process your personal information in order to comply with any and all legal and/or regulatory obligations to which we are subject.||This processing of your personal information is necessary so that we can comply with legal obligations to which we are subject.||We operate within a heavily regulated environment and we are subject to numerous laws, rules and requirements. Sometimes it is necessary for us to process your personal information in order to obey the laws, rules and requirements to which we are subject.|
|We may process your personal information with third-party companies, in order to comply with the Financial Conduct Authority, (FCA) or with partners accredited by the FCA.||This processing is necessary as it makes sure we adhere to regulations and are compliant with the FCA.||We need to make sure our services are within these guidelines to make sure the customers are getting a fair service.|
When you use our services, agree a contract with a supplier or talk to us about services we offer we may share your information with our partners and the third parties below. If you would like to know who your information has been shared with in the course of arranging your contracts, then you can request this information at any time.
Takepayments (FCA accredited)
The communications we send to our customers can be categorised broadly as “direct marketing communications” and “service communications”.
a. Direct marketing communications
We understand that some of our customers like to receive only certain types of direct marketing communications. For us, this means drawing a distinction between our renewal reminders and our general marketing which includes our newsletters and information about our latest offers, products and promotions.
Because we draw a distinction between renewal reminders and our general marketing, you can choose to receive renewal reminders but not our general marketing and vice versa. Similarly, if you tell us that you do not want to receive renewal reminders or general marketing from us, we will not send any direct marketing communications to you.
b. Service communications
Service communications broadly comprise of communications which:
We will only ever send personal information to providers outside the EEA if those providers are required to protect personal information in exactly the same way they would be required to protect personal information if they were based within the EEA. This means that we will only send personal information to a non-EEA country if:
The security of personal information is extremely important to us and hence we have put in place appropriate security measures to protect personal information from being accidentally lost, used or accessed in an unauthorised way.
Under the General Data Protection Legislation, you have the following rights, this section explains what they mean and what you can request of us:
1. The right to be informed
2. The right of access
You are entitled to request the personal information we hold on you and how we have processed that information. You can do this simply by contacting us via email, letter or phone and we will respond within 30 days. Additionally, you have the right to certain information in a digital format to use this yourself. Please let us know that you would like this option at the point of requesting your personal information.
3. The right to rectification
If you believe that any of the personal information we hold is incorrect or out of date, please contact us and we will resolve it for you.
4. The right to request we stop processing your information, object to us holding it or delete your information completely
You can ask us to delete, remove or stop using your personal information if there is no reason that we should be holding it or processing it. As stated above, there may be a contractual agreement in place, or we have a legal obligation to process or store your data, and in these circumstances, we will explain whether we can delete your data or stop processing it, this will not be on all occasions. Broadly speaking, where we have asked for your consent to process your data eg. Sending marketing emails, you can withdraw your consent at any time to that sort of processing; or where we are acting under legitimate interests, you will be able to request we stop that processing. We will review any request under these rights and provide you with an answer either agreeing to your request, or explaining why we can’t. Our site also contains links to and from the websites of our partner networks, suppliers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or data activities on such websites. Please check these policies before you submit any personal data to these websites.
Customers Complaints Policy and Procedures
It is Fletcher’s policy to handle complaints as part of the overall strategy to satisfy the needs of customers using our services. Expressions of dissatisfaction will be considered as important as complaints and plans put in place to remedy the service.
1. Complaints will be handled:
2. Staff will endeavour to:
3. Formal written complaints will be:
4. The complaints procedure will be:
5. Anonymous feedback from courses or word of mouth
Any person dissatisfied with Fletcher’s services will be encouraged to make this fact known at the point and time of their dissatisfaction to the persons directly involved.
The first person to be advised of the complaint will, if appropriate, endeavour to resolve the difficulty, ensuring that Fletcher’s policy and procedures are followed. If it is not appropriate for the member of staff to deal with the complaint, it will be referred as soon as possible to the Manager.
This is the sequence of activities to be followed within the centre:
If a satisfactory conclusion is not obtained by the customer from the above procedure then the customer has the right to escalate the complaint to the Awarding Organisation who will investigate the complaint until resolved.
|Last updated||20th August 2020|
|GDPR||means the General Data Protection Regulation.|
|Register of Systems||means a register of all systems or contexts in which personal data is processed by Fletchers Business Solutions.|
1. Data protection principles
Fletcher’s Business Solutions is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
2. General provisions
3. Lawful, fair and transparent processing
4. Lawful purposes
5. Data minimisation
7. Archiving / removal
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Fletcher’s Business Solutions shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
The purpose of this policy is to summarise the procedures for the retention and disposal of information.
This Policy applies to all business units, processes, and systems in all countries in which the Company conducts business and has dealings or other business relationships with third parties.
This policy applies to all information used at the Company. Examples of documents include:
Who is this for?
All employees either permanent or temporary, all clients and businesses, regardless of their length of employment/placement in the service, are required to read and understand this document, so they are fully aligned with the policy of Fletcher’s Business Solutions. This document will be made available to clients or employees on request.
How long do we keep our records?
Records will be kept for as long as they are required to meet the operational needs of Fletcher’s Business Solutions, in compliance with legal and regulatory requirements.
We will regularly look into the retention periods for different categories of information to determine whether the information should be disposed of, or whether it needs to be retained for a longer period of time.
Security of personal information
Fletcher’s Business Solutions will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
Fletcher’s Business Solutions will store all personal information on our secure (password- and firewall-protected) servers.
The client should acknowledge that the transmission of information over the internet is inherently insecure, and that The Company cannot guarantee the security of data sent over the internet.
Destruction of data
Different types of information will be destroyed in certain ways. For example:
Individuals have the right to access their personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing. Our business must comply with the requirements of the General Data Protection Regulations (GDPR) and we must be able to demonstrate compliance to the Information Commissioner’s Office (ICO).
An individual has the right to know what information is held about them. GDPR in the UK provides a framework to ensure that personal information is handled properly. This information must be:
How do you make a subject access request?
A subject access request is a written request for personal information held about you by Fletcher’s Business Solutions. You have the right to see what personal information we hold about you. You are entitled to be given confirmation as to whether we hold or process your personal information, and if so you are entitled to access all your personal information as well as details of:
How do we verify the requestor’s identity?
The requestor must supply valid evidence to prove their identity. We may verify the requestor’s identity either through a phone call where we ask questions that only the requestor will know the answers to or by requesting forms of identification. We accept the following example forms of identification:
How to process the request
Our aim is to determine what information the requestor is asking for. If the request is not clear, or where if we process a large quantity of information about an individual, the GDPR permits us to ask the individual to specify the information the request relates to. Where this applies, we will proceed with a request for additional information.
We must verify whether we process the data requested. If we do not process any such data, we must inform the data subject accordingly.
We must respond to the data subject within 30 days of receiving the request as valid. This is a requirement under the GDPR.
Karl Whitehead is responsible for the handling of Subject Access Requests (SAR) in our business. Any employee, who receives a request from Karl Whitehead to locate and supply information relating to a SAR, must make a full exhaustive search of the records which they are responsible for or owns. This may include but is not limited to emails (including archived emails and those that have been deleted but are still recoverable), Word documents, spreadsheets, databases, systems, removable media (for example, memory sticks), recordings, paper records in relevant filing systems.
Karl Whitehead should check whether the data requested also involves data on other data subjects and make sure this data is filtered before the requested data is supplied to the requestor; if data cannot be filtered, ensure that other data subjects have consented to the supply of their data as part of the SAR.
All the information that has been requested must be provided unless an exemption can be applied (see below). Information must be supplied in an intelligible form and we will explain acronyms, codes or complex terms.
Issuing a response
Once any queries around the information requested have been resolved, copies of the information will be sent to you electronically wherever possible or, if this is not technically possible, by post.
Will we charge a fee?
If your data subject access requests are excessive or manifestly unfounded, we will charge £10 to cover the administrative costs involved in dealing with your request. In extreme circumstances, we reserve the right to refuse your requests.
As stated, we have to respond to a SAR within 30 days. If more time is needed to respond to complex requests, an extension of another two months is permissible, provided this is communicated to the data subject in a timely manner within 30 days. Where we decide not take action on the request of the data subject, we need to inform the data subject of this decision without delay and at the latest within 30 days of receipt of the request.
Our response to the requestor
After processing the SAR, our response to the requestor should include:
Where a requestor is not satisfied with a response to a SAR, we must manage this as a complaint. We must advise the requestor that if they remain unhappy with the outcome, they may complain to the Information Commissioners Office or take legal action against us.