This policy document sets out our over-arching approach to data collection and protection.
This document has been developed ahead of the changes being made under GDPR in May 2018. It brings together existing polices followed by the CFA and the BCCA from before their merger. Recognising that the new Consumer Finance Association is restructuring on a constant basis, this is subject to change.
Why do we hold information?
The Consumer Finance Association is a trade association, representing firms engaged in consumer credit and other financial services. That representation involves regular communication from members to the association and, in turn, communication with a range of stakeholders.
Having accurate information about our members, and our wider network, is crucial to our success. It is important that we better understand our members, and just as important that we understand how best to communicate with them.
Many within our membership will provide their information in a professional capacity, but this may take the form of personal information.
We also gather information about our wider network, for example stakeholders that express an interest in finding out more about us and entering an informal relationship.
As an employer we also hold personal information about members of staff and will continue to hold such information for a period to abide by employment regulations.
Version: 22nd May 2018
How do we use your information?
- To confirm your identity
- To administer your membership of our organisation
- To let you know about relevant services, both ours and other relevant organisations (though always through our chancels and never by passing on your data).
- To update and correct membership records
- To develop, test and improve our services
- To notify you of changes to our services
- To ensure the content of our communications is appropriate
- To administer our online facilities, including CFA portal and website
How do we collect information?
Information is provided to the CFA in several ways:
- Information is supplied by member firms, and this will include information about individuals that our members ask us to engage with as part of their membership. Information will be gathered during the application process and when members engage with our services. For our purposes, this is our ‘members’ group
- We collect data from individuals that express an interest in receiving information the association. This normally involves individuals proactively contacting the CFA and asking to be added to our mailing list. For our practical purposes, this is our ‘network’ group.
- When we employ members of staff we ask them to provide us with information required to offer a contract and to make salary payments. This is requested directly of the individual.
What information do we hold?
The CFA holds information about team members as part of their employment. This will include contact information, as well as payment information (i.e. bank account details, tax codes and NI numbers).
We will process information to ensure effective employment and the satisfaction of the employment contract.
The CFA will hold information provided by members about key individuals, including – name, organisation, email, postal address, telephone numbers and any other relevant information about their role within their organisation.
The association can only provide its services through communication with individuals.
In providing our services, we may also hold information about participation in CFA activities. This will help improve the quality of our services, and the development of new ones.
We hold similar contact and participation information about those in our wider ‘network’. This will include – name, organisation, email, postal address, telephone numbers and any other relevant information about their interests in our activity.
Data protection law sets the lawful legal reasons for us collecting, holding and using personal data. Based on our understanding of the legal position, these are:
- For the purposes of our legitimate interests. Our relationships are primarily with our member and stakeholder organisations, so we believe that this requires us to collect and hold information.
- More specifically there will be occasions where we have entered into a contract with you, and we may need to process your personal information to fulfil this contract. For example, if you attend a CFA training event.
- For non-members, we will process information with their explicit consent. This consent will be collected at the point of contact and renewed on an appropriate basis.
Storage of your information.
We will keep personal information held as part of our membership records for the duration of that organisation’s membership. At the end of a membership we will delete most records and retain the minimum information necessary to deal with any future issues.
As individuals moves from our ‘members’ list to our ‘network’ list we will seek consent to hold any information.
Who do we share this information with?
We may occasionally pass on details to third parties providing us with support, for them to deliver an improvement to our services. For example, web-usage information that is shared with Google so that they can provide web analytics.
However, such information will only be provided for specific association purposes, and we would never pass over information to third parties for their commercial use.
As many of our members are regulated firms, we recognise that there may be a need to share data with the relevant regulator (i.e. HMRC or FCA). All members are made aware of this when they join the association.
Specific policies have been developed for those making use of the CFA website, and members accessing the CFA Portal. They set out the reasons and methods of collecting data about individuals visiting these online sites.
22nd May 2018