Close

Please complete the form below and we will be happy to assist you.

    All fields are required.

    Privacy Policy

    Who are we?

    We trade as Consumer Credit Compliance Limited (also referred to in this privacy policy ‘we’, ‘us’). Consumer Credit Compliance Limited is a group of companies that comprises of two separate legal entities, namely Consumer Credit Compliance Limited (Company number 08819918), Consumer Credit Compliance Training Limited (Company number 10926638). The aforementioned legal entities provide an Appointed Representative Network and training to individuals (e.g. sole traders, small partnerships and unincorporated bodies) and corporate bodies (e.g. private limited companies) in relation to compliance with the requirements under the FCA’s regulatory system, data protection and direct marketing legislation. Consumer Credit Compliance Limited is authorised and regulated by the Financial Conduct Authority (‘FCA’) (FRN 631736) and operates a network of appointed representatives. In addition to providing an Appointed Representative Network and Training, Consumer Credit Compliance Limited handles personal information relating to its appointed representatives (including prospective appointed representatives) in the course of operating its network.

    All legal entities that make up Consumer Credit Compliance Limited are authorised data controllers and the particulars of their registration can be found on the data protection register under the following registration numbers:

    Consumer Credit Compliance Limited – ZA074336

    Consumer Credit Compliance Training Limited – ZA568143

    Consumer Credit Compliance Limited can be contacted by telephone, post and/or email using any of the below contact details. We also have the facility to arrange face to face meetings subject to making prior appointments.

    Contact Details

    Email: info@consumercreditcompliance.co.uk

    Telephone: 01423 613335

    Address: Consumer Credit Compliance Limited, Windsor House, Cornwall Road, Harrogate, HG1 2PW

    How do we use your personal information?

    As a financial services and data protection compliance consultancy, we predominantly process personal data in the course of providing services to businesses (as opposed to consumers). A good number of our clients are corporate bodies however we also work with firms that are individuals (e.g. sole traders, small unincorporated partnerships and unincorporated bodies). It is to be noted that the latter category of individuals are treated akin to consumers under data protection legislation and we endeavour to provide the intended consumer protection to this category of data subjects in the manner in which we process/handle your personal information.

    Please see below details of how we use/intend to use your personal information and the legal bases that we rely upon for each use:

    View the full category of Personal Data, Purposes of Processing Activities and Legal Basis information PDF here

    It is to be noted that we record our calls for training and quality purposes therefore the content of your discussions with any of our representatives (including staff and contractors) may constitute personal information and be handled by us according to this privacy policy. Any personal data that you provide to us by telephone will be handled in the same manner set out above (as appropriate to the context) and upon the appropriate legal basis that correlates with the purpose of the processing activity (e.g. to provide your firm with consultancy services).

    Where do we obtain your personal information from?

    In the majority of cases, we obtain your personal information directly from you or from your firm. In some circumstances, typically to operate our direct marketing strategy, we may obtain your personal information from public sources such as the Financial Services Register and Companies House. Typically, the personal information that we collect from public sources relating to you is limited to your full name, job title, approved person/Senior Manager status, company details and business email address. We may, through our staff, representatives and/or appointees, connect with you on LinkedIn and use this platform to obtain the aforementioned information about you in order to send direct marketing communications to you by email and/or, on occasion, via LinkedIn.

    What happens if you do not provide your personal information to us?

    We typically require your personal information (in the above contexts) to assess your firm’s need for our services, to define the scope of our prospective/current engagement and to deliver the required consultancy service to your firm. Should you not provide us with the necessary personal information we require to enter into a service agreement with you or to adequately deliver the relevant consultancy service, we may be unable to provide our services or may be limited as to the extent to which we are able to provide consultancy support to your firm.

    We also typically require the abovementioned personal information in order for us to effectively operate our appointed representative network. Should you fail to provide us with the relevant information we require to operate our appointed representative network, it is likely that we will not be able to provide our appointed representative services to your firm including potentially not being able to complete or adequately complete the pre-engagement due diligence process or our compliance monitoring activities which may result in us not entering into an appointed representative contract with your firm or terminating an existing appointed representative contract with your firm.

    Who do we share your personal information with?

    The legal entities that make up Consumer Credit Compliance Limited may share personal information with each other in certain circumstances such as where your firm engages consultancy services that are delivered by various legal entities within Consumer Credit Compliance Limited. It is to be noted that in certain circumstances we operate a ‘Chinese wall’ between the legal entities in Consumer Credit Compliance Limited minimise conflict of interest risks, for example, where one legal entity provides consultancy services to a firm that operates in a sector that may potentially conflict with a client of another legal entity within Consumer Credit Compliance Limited that operates in a competing sector.

    As a compliance consultancy that specialises in FCA compliance, data protection and direct marketing compliance, we typically are engaged to make representations to regulatory authorities on behalf of our clients, for example, to the FCA or Information Commissioner’s Office. As such, we may be instructed by our client to share relevant personal data with the relevant regulatory bodies. It is to be noted that as a firm that is authorised and regulated by the Financial Conduct Authority, Consumer Credit Compliance Limited is under a legal obligation to notify the FCA about anything relating to it and its appointed representatives that the FCA would reasonably expect notice. This includes but is not limited to any rule breaches by our appointed representatives or findings that relevant individuals associated with our appointed representatives (e.g. directors, partners, sole traders etc.) no longer satisfy the fitness and propriety criteria.

    We may, in limited circumstances, share personal information with our legal advisers/solicitors where required. This would typically be where necessary to establish, exercise or defend legal claims.

    Do we transfer personal information outside of the EEA?

    We do not typically transfer your personal information outside of the EEA. Our consultancy services typically relate to UK regulatory requirements and disclosing personal information, where instructed by our clients or where under a legal obligation to do so, to relevant UK regulatory authorities only (as opposed to any regulatory authorities outside of the EEA). We utilise Zoho CRM, Microsoft Exchange and Sharepoint (‘IT systems’) to store information which could comprise of your personal information. Our IT system providers either store our database (which may comprise of your personal information) on servers located in the United Kingdom, European Union or in the United States (i.e. Zoho Corporation Pvt. Ltd (‘Zoho’)). Zoho has in place SCCs-based Data Processing Agreements (DPAs) with us. Any data which is transferred out of EEA that is shared with Zoho is for the purpose of obtaining technical support, and Zoho access to the EU DC from our other office locations in order to conduct debugging operations. A copy of the DPAs which we have in place with Zoho are available upon request by contacting us by email to info@consumercreditcompliance.co.uk.

    How long do we store your personal information?

    As a general rule of thumb, we seek to only store your personal information for as long as is necessary to fulfil the purposes highlighted above in the section ‘How do we use your personal information?’ We apply ‘necessary’ in the context of our use of personal information to be six years from when your firm ceases to be our client or our appointed representative. The aforementioned is subject to you exercising your unconditional/absolute right to object to the use of your personal information for direct marketing purposes by, for example, unsubscribing to our promotional emails or otherwise notifying us that you no longer accept for us to use your personal information for direct marketing purposes. Should you not object to the use of your personal information for direct marketing purposes, we will typically continue to use your personal information for the same purpose until you notify us otherwise. Our direct marketing communications are typically aimed that you in a business capacity (as opposed to a consumer capacity) and therefore we assess that the continued use of your personal information for direct marketing purposes until and unless you advise otherwise (typically your full name, company details and company email address) is less likely to infringe your privacy rights.

    We typically retain your personal information, in the context of our appointed representative service, for six years after you cease to be our appointed representative. It is to be noted that, for as long as you continue to be our appointed representative and/or a recipient of our consultancy services (including periodically, infrequently or on an ad-hoc basis), we will continue to handle your personal information for the purposes set out in the ‘How do we use your personal information?’ section above.

    What are your rights in relation to your personal information?

    It is to be noted that should you exercise any one of the below individual rights, the GDPR gives us up to one month to action your request (where appropriate). Should we not be able to comply with your request within the one month period, it is to be noted that the GDPR makes provision for us to extend the period by two further months depending on the complexity or number of requests you make. In such circumstances, we will inform you about any such extension within one month of receiving your request.

    Right of access

    You have the right to request copies of the personal information we hold about you at any time. It is to be noted that your right of access entitles to you access copies of your personal information as well as a copy of the information contained in this privacy policy which sets out how we handle your personal information.

    Right to rectification

    You have the right to request that we correct any inaccurate personal information we hold about you. It is to be noted that the right to rectification includes your entitlement to have incomplete personal data completed, including by means of providing a supplementary statement.

    Right to erasure (‘right to be forgotten’)

    You have the right to request that we delete your personal information from our records. This is also known as the ‘right to be forgotten’. It is to be noted that the right to be forgotten is a conditional as opposed to an absolute right. This means that we shall only be under an obligation to erase your personal information where:

    1. It is no longer necessary in relation to the purposes for which the said personal information was collected or otherwise used by us for us to continue handling the said personal information.
    2. Where you withdraw your consent for us to continue to handle any special category personal information relating to you such as health data.
    3. You object to us processing your personal information for direct marketing purposes (as the same is reliant on the legitimate interests lawful basis).
    4. We have unlawfully processed your personal information.
    5. There is a legal obligation upon us to erase your personal information.

    It is to be noted that we are not under an obligation to erase your personal information where the handling of your personal information is necessary for us to comply with a legal obligation (including our regulatory obligations to the FCA) or where the handling of your personal information is necessary for us to establish, exercise or defend legal claims. For example, in practice, it is likely that we will be unable to erase your personal data if you have been party to an appointed representative contract with us which has ceased within the six year data retention period set out above. This is to ensure we comply with our legal obligations under the FCA’s regulatory system.

    Right to restrict processing

    You have the right to request that we restrict how we use your personal information. This right is applicable where:

    1. You contest the accuracy of the personal information that we hold about you.
    2. The restriction of processing for a period will enable us to verify the accuracy of the personal information we hold about you.
    3. The handling of your personal information is unlawful and you oppose the erasure of your personal information and instead request the restriction of its use.
    4. We no longer need your personal information for any purpose(s) however you require the same for the establishment, exercise or defence of legal claims.
    5. You object to use of your personal information for direct marketing purposes on the basis that we have a legitimate interest to do so.
    6. The restriction of processing will enable verification of whether our legitimate interests override your rights.

    Right to object

    You have the right to object to the use of your personal information at any time. It is to be noted that the right to object is conditional and only applies, in the context of our use of your personal information, to the use of your personal information for direct marketing purposes (as this is based on the legitimate interests lawful basis). It is to be noted that you have an unconditional/absolute right to object to the use of your personal information for direct marketing purposes. Where you exercise your right to object, we can no longer handle your personal information for direct marketing purposes.

    Right to data portability

    You have the right to obtain a copy of your personal information in a structured, commonly used and machine-readable format such as Excel or Word or request that your personal information be ported to another controller.

    Right to withdraw consent

    Please note that should you provide us with your consent to handle special category personal information relating to, for example, your health, you have the right, at any time, to withdraw your consent for us to use the said personal information.

    How can I exercise my rights in relation to my personal information?

    You can exercise any and all of your individual rights by contacting us on any of the below: Email: info@consumercreditcompliance.co.uk Telephone: 01423 613335 (Consumer Credit Compliance Limited), Address: Consumer Credit Compliance Limited, Windsor House, Cornwall Road, Harrogate, HG1 2PW How do I lodge a complaint about the use of my personal information? Should you be dissatisfied with the manner in which we use your personal information, you have the right to lodge a complaint with the Information Commissioner’s Office, who are the UK’s data protection supervisory authority. You can lodge a complaint with the ICO by following this link https://ico.org.uk/concerns/ or calling the ICO on 0303 123 1113.

    We encourage that, in the first instance, you submit any complaint to us and give us the opportunity to investigate and resolve the same prior to lodging a complaint with the Information Commissioner’s Office.

    How we use cookies

    A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

    We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

    Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

    You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. A full list of the cookies we use can be found on our website.

    Cookie NameCookie OwnerCookie Description
    wordfence_verifiedHumanWordfenceCookie set by the Wordfence Security WordPress plugin to protect the site against malicious attacks.
    wfwaf-authcookieWordfenceThis cookie is set by the WordPress security plugin “Wordfence”. It is used to authenticate user’s login request.
    wfvt_WordfenceThis allows a security plugin we use to operate
    wfvt_3518825923WordfenceThis allows a security plugin we use to operate
    langUnknownUsed by multiple companies, but usually means adding an extra “Cookie” field to the Language Negotiation settings, allowing the language to be set according to a cookie.
    uidScoreCardResearchThese cookies are used to make advertising messages more relevant to you and your interests. They also perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed, and in some cases selecting advertisements that are based on your interests. For further information, see the section of the Cookie Statement entitled “Targeted online advertising”.
    _gaGoogle AnalyticsUsed to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.
    __atuvsAddThisThese 3rd party __atuvc and _atuvs cookies are persistent cookies that are created and read by the AddThis social sharing site in order to make sure you see the updated count if you share a page and return to it before our share count cache is updated.
    sc_is_visitor_uniqueSessionCamThe SessionCam reporting console can re-sort recorded sessions by unique visitor. This means that multiple visits from the same unique visitor over a selected date/time range can be aggregated. This cookie (named “sc.UserId”) is used to enable this report.
    __cfduidUnknownUsed by multiple companies, but usually this cookies support chat services and accelerate loading times for chat functionality available through websites.
    DYNSRVHosting ProviderThis cookie is believed to be used for load balancing to manage server traffic demand.
    _gidGoogle AnalyticsUsed to distinguish users.
    __atuvcHotjarCookies set by AddThis for social sharing.
    _gat_UA-49657595-1Google AnalyticsThis is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
    pt.go.affec.tvAdvertising cookie
    sessFlashtalkingThese cookies are used to make advertising messages more relevant to you and your interests. They also perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed, and in some cases selecting advertisements that are based on your interests. For further information, see the section of the Cookie Statement entitled “Targeted online advertising”.
    uuid2FlashtalkingThese cookies are used to make advertising messages more relevant to you and your interests. They also perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed, and in some cases selecting advertisements that are based on your interests. For further information, see the section of the Cookie Statement entitled “Targeted online advertising”.
    oo.go.affec.tvAdvertising cookie
    ck.go.affec.tvAdvertising cookie
    locAddThisShare button for social media
    vcAddThisShare button for social media
    ouidAddThisShare button for social media
    uvcAddThisShare button for social media
    is_uniqueStat CounterShare button for social media
    di2AddThisShare button for social media
    wordpress_logged_inWordPressAfter login, wordpress sets the wordpress_logged_in_[hash] cookie, which indicates when you’re logged in, and who you are, for most interface use.
    wordpress_secWordPressEssential WordPress session management cookies for logged in users.
    wordpress_test_cookieWordPressWordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.
    wp-setting-WordPressWordPress also sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
    wp-settings-time-WordPressWordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
    gdpr_popupOgden FulfilmentThis cookie is used to track who has already been shown the notice. The cookie has been set never to expire unless there is a change in the privacy policy.

    Trusted by