Last updated: 19 December 2018
Newcastle Strategic Solutions Limited ("NSSL") respects your privacy rights and takes its data protection very seriously. NSSL is a subsidiary of the Newcastle Building Society.
When you deal with us directly, you are likely to provide personal data about others, such as your colleagues or advisers. Before you share any personal data with us, you must make sure the personal data is, in particular, accurate, up to date, limited for what is necessary for the purpose of your requirements and that you have permission to share that with NSSL.
The personal data we collect from you will be kept securely and retained as long as necessary for our relationship or contract with you, for our legitimate business purposes or to comply with any legal obligations around retaining data.
What personal data does NSSL collect?
NSSL collects the following categories of personal data about you when you contact us about the services we offer, enquire about or request a service, when you visit our website, or communicate with us:
- Personal details which you provide to NSSL including name and contact information of yourself or of your colleagues or advisers.
- Communications between you, and NSSL.
- Details of meetings or calls you may have with NSSL.
- Details included in the contract about you.
- Management information including information about the nature of the services we offer to you such as:
- Details of any service issue, or complaints.
- Details of the device being used where you access our services online but not details of who is using it.
- User activity details and user preferences at trend level, i.e. which pages on our site are being visited and how long they are being viewed for, but we cannot personally identify you.
- The website which you were referred to us by.
- Location details at trend level, i.e. which location you might be visiting our website from, but this is not necessarily accurate as it may come from server or data centres and we would not be able to identify you.
- Electronic identification data including IP address and information collected through cookies.
Where does NSSL collect my personal data from?
NSSL collects personal data from you, from your colleagues or advisers, and from third parties, and from publically available information online as set out below.
Personal data supplied by you
NSSL collects personal data from you such as:
- When you enquire about or discuss the services we offer.
- When you use our website.
- If you make an enquiry or a complaint.
Before you share that personal data with us, you must make sure that any personal data is, in particular, accurate, up to date, limited to what is necessary for the purposes of your organisation's requirement and that you have permission to share that personal data with NSSL.
Personal data supplied by others
NSSL collects personal data about you from others such as:
- Any advisers or representatives instructed by you such as your solicitor or consultant.
- Public information sources such as Companies House, the Financial Conduct Authority and the Prudential Regulation Authority.
What if I choose not to give personal data
- We may need to collect personal data by law, to complete our due diligence in respect of who we work for, or to operate our website efficiently, answer your enquiries or agree services with you (for example your contact details).
- If you choose not to give us this information, it may delay or prevent us from providing our services to you and your organisation.
What happens with personal data I provide about my customers?
- You must not share your customers' personal data with NSSL without having an appropriate contract in place with us.
How does NSSL use my personal data?
NSSL processes personal data about you and your staff for certain purposes. Data protection law only allows us to use your personal data if we have lawful reason. We have explained these purposes and the lawful reasons that we rely on to carry out that processing under data protection law below:
Processing data for legal and regulatory obligations
NSSL is required to process your personal data for various legal and regulatory processes. For example, this includes:
- Keeping accurate and up-to-date records, contact details and records of contractual and statutory rights.
- Retaining information for a specified amount of time.
- To adhere to laws and regulations which apply to us.
- To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
Processing data where we have a legitimate interest to do so
NSSL processes your personal data for various purposes where we believe we have a legitimate interest, and we have balanced this against your rights as an individual. For example, this includes:
- To respond to your enquiries.
- To monitor your use of our website to ensure it is functioning correctly and efficiently.
- To monitor, develop and improve our services and for training and quality purposes, for example, we may conduct client satisfaction surveys.
- To complete our due diligence in respect of who we work for.
- Business management and planning, including accounting, risk reporting and auditing to ensure our business is run efficiently and in accordance with best practices.
- Dealing with legal disputes.
What happens if the purposes for processing change?
- We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated or incompatible purpose we will notify you and we will explain the lawful reason which allows us to do so.
Who do we share your personal data with?
The personal data we hold about you is confidential. We will only disclose it outside NSSL when:
- We are required to share it with a third party to take steps as requested by you, and you would like us to provide your details to them. For example, with a parent company of NSSL for them to contact you and discuss the services offered by NSSL.
- We use a supplier to provide services which support our products and services which we provide to you, and we need to talk to them in relation to your enquiry. In this case, we remain responsible for your personal data.
- We or others need to investigate or prevent crime (e.g. to fraud protection agencies).
- The law permits of requires it, or any other regulatory body requires it, even without your consent.
- There is a duty to the public to reveal the information.
Businesses which support NSSL in providing services to you
We operate a complex yet robust and secure range of services. To deliver our services efficiently, we use various suppliers. All our suppliers and other entities in our corporate group which process personal data on our behalf are required to take appropriate security measures to protect your personal data. We do not allow them to use your personal data for their own purposes such as marketing. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
- The Newcastle Building Society (the parent company of NSSL) which provides personnel and contract support to NSSL.
- Newcastle Management Systems Limited (a sister company of NSSL) which provides information systems and support to NSSL.
Others that we may provide your personal data to
- We may share your personal data where you ask us to do so, we are required to by law, or where we have a legitimate interest.
- For example, we may report suspicions of money laundering to the National Crime Agency or Action Fraud. We may also be required to support law enforcement agencies in their investigations. We may not be able to inform you of this in advance.
- We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business.
- We may share your personal data with regulatory bodies or ombudsman services or to otherwise comply with the law.
Information you provide to others
- Please be aware that our site may link to other websites. You may also provide personal data to others directly where they provide services to you. For example, where you speak directly to someone we have introduced you to.
- We are not responsible for the use of any personal data that you give directly or are collected via such third parties.
- You should read the respective data policies or procedures of these third parties to find out how they use your personal data.
How long does NSSL keep my personal data?
- We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- NSSL keeps your personal data for the period agreed with you following the end of your organisation's relationship with NSSL.
- Details of periods of time for which we keep other aspects of your personal data are available in our data retention policy which is available from our Legal Services Department upon request.
- Once the relevant retention period has passed we will securely destroy your personal data in accordance with our data retention policy and data destruction policy.
What are my data protection rights and what can I do to enforce them?
Your rights in connection with personal data
Under certain circumstances, by data protection law in the UK you or your staff, where you are an individual data subjects, have the right to:
Access your personal data
Request access to your personal data (commonly known as a "subject access request"). You may ask for and receive a copy of the personal data we hold about you by writing to us at Principal Office, Portland House, New Bridge Street, Newcastle Upon Tyne, NE1 8AL or calling us on 0345 734 4345. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee:
- if your request for access is clearly unfounded or excessive - we may also refuse to comply with the request in those circumstances; or
- in the event that you ask for further copies of the information
Amendment of personal data
- Request correction of the personal data that we hold about you. You may ask us to correct any incomplete or inaccurate information we hold about you.
- It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Erasure of personal data
- Request erasure of your personal data. You may ask us to delete or remove personal data where there is no good reason for us continuing to process it, or if you have objected to our processing (see below). We may have a legal reason or other legitimate reason to continue to process your personal data.
Withdrawal of consent
- To withdraw your consent. Where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you may withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us by telephone or in writing, whichever is easiest for you. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the original purpose, unless we have another legitimate basis for doing so in law. This will not affect the lawfulness of the processing that you consented to before you withdrew your consent.
Object to processing
- Object to processing of your personal data where we are relying on a legitimate interest to process your personal data and there is something about your particular situation which makes you want to object to processing on this ground.
- Object to direct marketing. You may ask us to stop processing your personal data for direct marketing purposes. To stop direct marketing contact us by telephone or in writing.
- Request the restriction of processing of your personal data. You may ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Transfer your data
- Request the transfer of your personal data to another party. You may ask us to provide your personal data in a form that you or another business can use.
- Lodge a complaint with the UK's Information Commissioner, or other applicable data protection regulator.
Contact us to exercise your rights
- We will notify others of your request to rectify, erase or restrict the processing of your personal data if we have shared your personal data in accordance.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
How does NSSL protect and secure my personal data?
- We have in place a range of security safeguards to protect your personal data against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification, regardless of the format in which we hold it.
- The way we do this depends on the sensitivity of the information and the format in which it is contained. Security measures include technological measures such as Transport Layer Security i.e. HTTPS, which creates a secure connection with your browser when you register and login into our online services, physical measures like restricted access to offices and strategic measures such as our own clearances via a logical access process and limiting access to a "need-to-know" basis.
- No data transmission over the internet or the telephone can be guaranteed to be perfectly secure. Any personal data you submit to us or access electronically or over the telephone is done at your own risk.
- We endeavour to take all reasonable steps to protect your personal information but cannot guarantee the security of any data you disclose online.
What cookies and tracking technologies does NSSL use?
Visitors to our website
In order that we can monitor and improve our websites we gather certain information about you when you use them, including details of your domain name and IP address, operating system, browser, version and the name of the website that you visited prior to our website (if you came to us through a search engine or another website for example).
What is a cookie?
A cookie is a text only string of information that a website transfers to the cookie file of the browser on your computer's hard disk so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the "lifetime" of the cookie, and a value, usually a randomly generated unique number. Cookies cannot be used by themselves to identify you and are not computer programs, and can't cause any damage to your computer.
What is a persistent cookie?
These retain a user's preference if you select the 'Remember Me' option within our online account management service and are not deleted when the browser is closed. They stay on your device until expiry or you decide to remove them. The cookie we issue contains a uniquely generated random number and expiry date. It does not contain any personal information.
What is a session cookie?
These are temporary cookies that remain in the cookie file of your browser until you leave our site. Session Cookies allow you to carry information across pages of our site and avoid having to re-enter information into calculators, tools, illustrations and demonstrations.
How do I disable/enable cookies?
By modifying the settings of your browser, you may opt to accept cookies, to be informed when one is about to be placed on your computer, or to automatically reject all cookies. However, you will not be able to use all the interactive features of our site if cookies are disabled.
More information on cookies can be found at http://www.aboutcookies.org
What is a web beacon?
Web beacons (sometimes known as clear or transparent gifs) are used to identify whether a recipient has opened an HTML email. When the email is opened the web beacon generates a record showing that the email has been viewed. Web Beacons may also recognise when the email was opened, how many times it was forwarded and which URL's (links within the email) were clicked.
These beacons do not carry any personally identifiable information and are only used to track the effectiveness of a campaign.
Disabling Web Beacons within Emails
If you do not wish to receive Web Beacons you will need to disable HTML images or refuse HTML (select Text only) emails via your email software.
Social Media Widgets
Links to external websites
Our website may be linked to or from third party websites. These links are provided as a convenience only. We are not responsible for the content or privacy principles of websites that are linked to or from our website. You should review the privacy policies of any third party websites you visit.
How do I make complaint?
As an individual data subject, you also have the right to submit a complaint to the UK's Information Commissioner's Office (or ICO) or any other applicable data protection regulator.
How do I contact NSSL about my personal data?
The contact details of the DPO for NSSL are as follows: firstname.lastname@example.org