7. Who we share information with
We will share your information with selected third parties who provide
Castle Trust Group with professional services.
This may include, for example, passing information to our accountants
and/or professional advisers to enable them to best advise us in relation to a
specific matter. In such circumstances,
we will only pass the minimum amount of information that is required to enable
those advisers to provide us with the advice required. The lawful basis for this processing will be
‘Legitimate Interests’. We have a
legitimate interest in passing your information to such third parties but will
ensure at all times that your rights are not infringed in any way and that the
personal data we transfer is kept secure and only used for the purpose for
which it was provided.
Unless you expressly authorise its disclosure, your personal data will
not be disclosed to anyone else other than:
companies within the Group,
who provide relevant products or services to the Company,
or future employers,
potential purchasers of the Company or of that part of the business in which
credit reference agencies;
information technology and information
security providers; and
market research and analytics companies.
payment service providers
ID verification providers
We share your personal information with these service providers for the
purposes of managing our business and dealing with you as an
employee of that business.
If you would like further information regarding the specific named
recipients that we share data with, please contact the DPO.
Credit Reference Agencies
order to process your application, we will perform credit and identity checks
on you with one or more credit reference agencies (“CRAs”).
To do this, we
will supply your personal information to CRAs and they will give us information
about you. This will include information about your financial situation and
financial history. CRAs will supply to us both public (including the electoral
register) and shared credit, financial situation and financial history
information and fraud prevention information.
We will use this
Verify the accuracy of the data you have provided
Prevent criminal activity, fraud and money
receive a search from us they will place a search footprint on your credit file
that may be seen by other searchers.
The identities of the CRAs, their role also as fraud
prevention agencies, the data they hold, the ways in which they use and share
personal information, data retention periods and your data protection rights
with the CRAs are explained in more detail at Experian www.experian.co.uk/crain, TransUnion www.transunion.co.uk/crain and
Fraud prevention, law enforcement agencies
and other non-marketing users
We may share your personal information, or any suspected fraud relating
to you, with law enforcement agencies and regulators where we are under a duty
to disclose or share your information in order to comply with any legal or
regulatory obligation, or if we reasonably consider that this is necessary to
help prevent or detect fraud or other crime or to protect the rights, property,
or our safety, our customers or others.
The personal information you provide (including your email and internet
protocol (IP) addresses) may also be copied, stored, used and licensed to
assist with identity verification, prevention of fraud and money laundering,
service delivery and process implementation.
We may share your information if we are under a duty to disclose or
share your information with HM Revenue & Customs (HMRC), who may transfer
it to the government or the tax authorities in another country where you may be
subject to tax.
We may also
share your personal information with any other third
parties where we are required to do so by law.
The results of your identity check may also be disclosed to authorised
third parties through credit referencing, fraud prevention, risk assessment and
We transfer, use and/or store your personal information outside of the
European Economic Area (“EEA”) and the laws of some of these destination
countries may not offer the same standard of protection for personal
information as in the UK.
We currently transfer data to third parties for processing outside of
the EEA for the purposes of verifying your identity and providing you with
employee benefits. We may update this
list from time to time and any changes will be communicated to you via an
update to this privacy notice.
Transfers to our third-party service providers are to enable them use
and store your personal information on our behalf. We will, however, put in place appropriate
security procedures in order to protect your personal information. We also
ensure that, where your information is transferred to any country outside the
EEA this is done using specific legally-approved safeguards. You can request further details and a copy of
these by contacting the DPO (see section 10).