Summary

As a controller and /or processor of personal data, we to set out details of the personal information we hold about you, what we do with that data, why and how long we hold it, who to contact if you have any complaints or questions about the way we hold or transfer that data, and your rights in respect of that data.

If you have any questions about the content of this letter, please contact info@meraim.co.uk or telephone 020 7569 6835

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would however appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

What is personal information?

Personal information means any information about you from which you can be identified. Examples of personal information include your name, home address, work address , work email, national insurance number, date of birth, gender, marital status, qualifications, telephone number and e-mail address but it also includes other pieces of information which can be used to identify you, either directly or indirectly, such as a cookie.

What types of information do we use?

In the course of our contractual arrangements to provide real estate loans, we collect certain information in our capacity as controller in our own right and/or as processor engaged by our client. The information which we may collect, use, store and transfer about you are:

• Anti-money laundering identity data such as name, date of birth, gender, marital status, passport details, national identity number, photograph;

• Contact data such as email and postal addresses both at work and at home;

• Communications, including emails and phone calls;

• Employment details (job title, company name, address etc.);

• Payment information (bank account, credit card or other details);

• Educational history;

• Employment or work history/background;

• Information on trading or other financial activity;

• Contractual/contact information (i.e. our ‘history’ together – services provided or discussed);

• Instructions or requests;

• Financial information (financial position and history);

• Documentary data (things can include passport or drivers licence or other forms of identification);

• Public records (or openly accessible data) such as the Electoral Register;

• Historical information i.e. previous names and addresses;

• Sanctions / Enforcement / Politically Exposed persons (PEP) records; and

• Media Searches.

Our products and services are not intended for children and we will not knowingly collect any data related to children save as may form part of any Know Your Customer data collection. 

We do not collect any special categories of personal data . This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic or biometric data. 

Consequences of not providing some types of information

Where we need to collect your personal information by law, or under the terms of a contract we have with you relating to your transactional engagement with you , as the case may be , and you fail to provide that information when requested, we may not be able to provide the services required, and that may impact you in terms of your transactional involvement with us. In this case we will notify you.

How do we collect information about you?

Typically we will collect information from you as part of our general marketing efforts after personal introductions, or as part of the performance of our contract with you in connection with a prospective new lending opportunity,  in order for us to provide our services to you in connection with that transaction. We collect information from and about you in the following ways:

Through direct interactions when you give us your personal information by filling in forms or during correspondence, emails with us, phone calls, or meetings with us. 

Through using our website when we collect information using cookies or similar technologies which tell us about your equipment, browsing actions and patterns. 

Through third parties such as credit reference agencies and fraud prevention agencies. We may also receive personal information from other companies and organisations such as introducers, personal advisers, personal representatives, professional consultants used by you and debt brokers. The third parties which we receive personal information from are as follows:

• Law firms engaged by you or ourselves;

• KYC agencies such as Refinitiv

• Credit reference agencies such as Experian; and

• Agents representing you in your local jurisdiction.

How we will use your personal information

We only obtain, use and keep personal information where we need it for a specific purpose.  We set out in the table below the ways in which we plan to use your personal information.  We are only able to use your personal information if we have a proper legal reason or basis for doing so.  This is called a legal basis and the regulations require that we have a legal basis so that your privacy is protected.  Most commonly we will use your information in the following ways:

• Where there is a contract to which you are or will become party and in connection with which we have agreed to provide our products and services and we have a contractual agreement to do this.

•  We have a legal obligation. We need to use your personal information to comply with laws that assist in the prevention of financial crime and to comply with regulatory obligations. For example this might include confirming your identity and source of wealth to an investor or lender funding a transaction with which you are involved , as well as ensuring we provide you with necessary information so you understand the risk of the financial services we can provide.

•  We have asked for, and you have provided, consent to use your information. Please note that you can withdraw your consent at any time – this is part of how the law protects your interests.

• We, or a third party, have a legitimate interest in processing the information and your interests and fundamental right do not override those interests. For example, processing your information to prevent fraud.

We set out in the table below all the ways we plan to use your personal information and the legal bases we rely on to do so. We also explain what our legitimate interests are where appropriate:

We will only use your personal information for the reason for which we collected it.  We will only use it for another reason if we believe that new reason is compatible with the original purpose.  If we do need to use your personal information for a non-related purpose we will tell you about it and explain the legal basis which allows us to do so.

Marketing

We can use your personal information to send you communications if we believe we have a ‘legitimate interest’. We are required to make an assessment with regards to the benefits for us weighed against how appropriate it is to contact you in this way and whether it would be unfair to you. We believe that as a commercial enterprise we do have a legitimate interest in contacting you about our products or services and we will only do so if we decide it would be of interest or beneficial for you. 

Who we share your information with

We may need to provide information to third parties for a variety of reasons: for example, we may need to provide information to assist in the detection or prevention of crime or for the purpose of safeguarding national security. Please refer to the table in the section ‘How we will use your personal information’ which explains how we use your data. The third parties we may share your information with are as follows:

• Regulatory & Compliance Companies

• The Financial Conduct Authority

• Credit Institutions

• Law Firms

• Auditors & Accountants

• Group Companies

• Funding, Investor and Lending Companies

• Background Screening Firms

• IT Providers

• Financial Conduct Authority and other regulators

Sending and receiving your information from inside and outside of the UK and EEA

The European GDPR regulations have been put in place to protect your privacy and apply throughout the EEA which includes all the countries in the European Union plus Iceland, Liechtenstein and Norway. As of 1/1/2021 it no longer includes the United Kingdom but the UK government has incorporated the GDPR into UK data protection law and until 30/6/2021 no additional measures are required to facilitate data transfer.    

Accordingly:

• Provided we continue to comply with the UK GDPR regulations we will transfer your data to the EEA without any further restriction;

• We may send your information to other third parties who are based outside of the EEA, however we will only share your information with them because the following safeguards have been put in place:

• The country we send your information to is deemed to provide an adequate level of protection by the European Commission;

• The information is being transferred between organisations which are engaged in the same economic enterprise, or within our corporate group, and we have an agreement in place which sets out how your privacy will be protected.

You can obtain further information on the specific mechanism used by us when transferring your personal information outside of the EEA by contacting info@meraim.co.uk

Storing your information

In the course of our contractual arrangements to provide lending activities related services to you, we will need to keep your personal information (updated to ensure accuracy) to fulfil our contract. We also need to comply with EU and UK law, which often requires us to keep certain records - which will include certain personal information – for several years.

Our policy is to keep records for up to 7 years after you are no longer a client or counterparty of our client. We will ensure all records are safely destroyed if we no longer need to retain them.

Your rights

You are provided with a number of different rights under the data protection laws in relation to your personal information. These allow you:

• To access your information;

• To request we correct your information;

• To request that we erase your information;

• To object to the processing of your information;

• To request a restriction in the processing of your information;

• To request a transfer of your information; and

• To withdraw your consent.

If you wish to exercise any of these rights please email info@meraim.co.uk. Please note that you will not have to pay a fee to access your personal information or to exercise any of the other rights.  We may, however, charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or we may refuse to deal with your request.  We may also need to seek further information from you to confirm your identity before we release any personal information.  This does not affect your right to make a complaint.

Security

We have put in place appropriate security measures to best protect your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  We have a procedure to deal with any suspected personal data breach and will notify you, and other regulators, where we are legally required to do so.