We are licensed by the Information Commissioner’s Office (the UK’s Data Protection regulator) to act as a data controller. Our licence reference number is ZA098851. This can be checked by visiting https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/
A ‘data controller’ is a person or organisation that decides the purposes for which, and the manner in which, customers’ personal data is to be processed. In this context, Kamicom is a data controller as we hold and process personal data concerning our customers.
‘Processing’ of data includes using the data supplied in any way, including passing it to other parties. This Policy explains below to whom personal data might be passed.
‘Personal data’ is any data which relates to a living individual who can be identified either from those data, or from those data and other information which is in our possession. Personal data includes: information held in electronic form, information held in a paper filing system and information held in easily accessible records.
A ‘data subject’ is an individual who is the subject of personal data. As a customer of Kamicom, you would be regarded as a data subject.
There are eight key principles of Data Protection, which we will follow at all times:
- Personal data shall be processed fairly and lawfully
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
- Personal data shall be adequate, relevant and not excessive in relation to the purposes for which they are processed
- Personal data shall be accurate and, where necessary, kept up to date
- Personal data processed for any purposes shall not be kept for longer than is necessary for those purposes
- Personal data shall be processed in accordance with the rights of data subjects under the Act
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
How data might be collected
We may collect personal data from you in a number of ways:
- Information provided by you when completing application and registration forms, whether this is done online or on paper
- From any correspondence you enter into with us
- When you visit our website (including, but not limited to, traffic data, location data, weblogs and other communication data). Please see the Cookies section below for further information
- When you are asked to provide information to verify your identity and/or address
- When you are asked to provide information to verify your income
- Any requests we make to third parties for information about you, such as information obtained from your employer or the provider of a reference
What data might be collected?
Data we might collect from our customers who are interested in taking out a loan includes:
- Personal details
- Family details
- Lifestyle and social circumstances
- Financial details
- Education and employment details
A ‘cookie’ is a text file stored on your computer, or other device you use to access the internet, that collects information regarding your use of the internet.
We use encrypted information obtained from these cookies to improve the experience of visiting our website for all our customers.
Examples of different types of cookie include:
- Session cookies – cookies which are required in order for us to operate the site. They will be removed from your computer or other device as soon as you close the browser
- Persistent cookies – cookies that allow us to remember how you used the site on previous visits, should you re-visit it. These remain on the computer or other device when you close the browser
- Analytical cookies – cookies that record the number of times you visit our site, how long you stay on the site and the method by which you reached our site. These cookies do not record your use of other websites, only our company site
Your computer, or other device you use to access the internet, is likely to allow you to block cookies. If you choose to do so, you may find that you are unable to make use of the full functionality of our site.
Internal use of your data
Within Kamicom, we might use the personal data you provide in the following ways:
- To allow us to identify you when you make contact with us
- To notify you about changes to our products and services
- To ensure we provide the very best customer service at all times
- For the purposes of research into our customer base
- To ensure we meet our regulatory obligations
Whom data might be passed to
As and when required, we may pass the personal data you provide to:
- Lenders, who may be able to provide you with credit
- Credit reference agencies, who provide information about your previous credit history. Credit reference agencies are likely to assess not only your personal data, but also that of any spouse or partner or anyone else with whom you have a financial connection
These are the main organisations to whom we expect to need to pass your personal data to. It may also be necessary to pass personal data to:
- Our regulator, the Financial Conduct Authority, to allow them to carry out their supervision of firms they regulate
- Our trade association and/or the Financial Ombudsman Service, for the purposes of investigating any complaint you may make about Kamicom and then decide to refer to these organisations
- Debt collection and tracing agents. (This will only be necessary if you fail to make agreed repayments on any credit agreement you may enter into)
- Fraud prevention agencies, who collect and maintain information regarding suspected and known fraudulent activity. (This will only be necessary if we have reason to suspect that false or inaccurate information has been provided). Fraud prevention agencies are then entitled to share the data with the police and other law enforcement agencies
- Any organisation that in the future acquires a significant stake in Kamicom Ltd, or a significant proportion of its assets
- Any third party we engage to assist us in providing any of our business functions
- Any organisation to whom we are required to disclose your data by law, or to protect the rights, property and safety of Kamicom, our customers or other parties
We may also introduce You to 3rd parties who can provide other services such as
- credit brokers
- unsecured loans providers, secured loans providers, short term lenders, alternative lenders, peer to peer lenders, guarantor lenders, payday lenders
- credit cards
- prepayment card and bank account providers
- car finance, logbook loan lenders
- debt management companies, insolvency practitioners, bankruptcy specialists, debt and property possession adjusters/advisers
- equity release arrangers and credit reference advisers
- insurance services such as car insurance, home and contents insurance
- utility switching agents
- compensation advisers
Overseas data transfers
If it is necessary to transfer your personal data outside of the UK, the data will not be passed to organisations based outside the European Economic Area.
We may on occasions wish to send you marketing information about products and services which we provide. These communications may be made by telephone, text message, email or post. You are entitled to opt out of receiving such communications, and if you wish to do so, you should inform us of this in writing to: Kamicom Ltd, 20-22 Wenlock Road, London, N1 7GU.
Any requests of this nature will be complied with as soon as we have been able to process your request, and no more marketing communications will then be made to you unless you choose to opt back in to receiving them.
The current security measures taken by Kamicom include:
- The firm’s premises are equipped with UPVC doors with multi-point locking systems. There is a fully installed and working alarm.
- The company’s IT systems have fully installed anti-virus applications (Kaspersky & Norto). Everything is password encrypted, including internet access, with only one person knowing these passwords
We also take the following steps:
- Shredding all our confidential paper waste when no longer required
- Checking the physical security of our premises regularly
- Carrying out appropriate checks on any staff who will have significant access to personal data
- Training staff:
- so they know what is expected of them
- to be wary of people who may try and trick them into giving out personal details
- that they can be prosecuted if they deliberately give out personal details without permission
- to use a strong password – these are long (at least 7 characters) and have a combination of upper and lower case letters, numbers and the special keyboard characters like the asterisk or currency symbols
Subject Access Requests
Individuals have the right to see the personal data held on them. Such requests are known as Subject Access Requests. These will complied with within 40 days of receipt, as required by law, although Kamicom is entitled to ask for any information from you it reasonably requires in order to find the data, and to check your identity as the enquirer. Kamicom may charge a fee of up to £10 for responding to such a request.
Any requests to see the personal data we hold about you should be made in writing to: Kamicom Ltd, 20-22 Wenlock Road, London, N1 7GU.