Privacy Notice

This Privacy Notice explains how we collect, store, use and protect personal data about you when you access https://www.bcmglobal.com as well as in our day-to-day business.

Who is BCMGlobal?

BCMGlobal and its subsidiaries and affiliates (together BCMGlobal, we, us or our) is a leading European independent loan and asset management services provider, part of Link Group, listed on the Australian Securities Exchange. Please refer to the “Legal and Regulatory Status” page on the BCMGlobal website (www.bcmglobal.com/legal-and-regulatory-status) for more details on the trading companies in BCMGlobal. All of the companies are wholly owned subsidiaries of Link Administration Holdings Limited (“Link Group”). For more information on Link Group, please visit www.linkgroup.com.

BCMGlobal acts as Data Processor when it provides loan administration services on behalf of its clients. BCMGlobal acts as Data Controller when it provides these services directly to some borrowers. For more details please see section 12.

Companies that form part of BCMGlobal are set out in section 15 below.

 

What is this Privacy Notice?

At BCMGlobal where we collect personal information about you, we are committed to protecting this information and your privacy. Set out below is an explanation of how we use, collect and safeguard your personal information through our website or in our day- to-day business.

 

What personal information we collect and why we use your information?

According to the principles of data protection, we only collect and process personal data that we need for our specified purposes. BCMGlobal will collect and use only as much personal data from you as is necessary to be able to provide you with the services you have requested from us.

WHEN YOU CONTACT US DIRECTLY

We collect basic information (name, contact details, etc.) when you contact us directly, for example within this site to submit personal information to us by email or online enquiry. We will record what you say to us by email or phone as sometimes it is legally required. However, when we record a call, we will inform you at the beginning of the telephone conversation. Call recordings are kept for seven years.

We also collect personal information directly from you:

  • through feedback forms and other forums;
  • when you provide your details to us either online or offline;

 

What we do

What information we collect

Why we can do it (legally)

Respond to queries and complaints

Name, contact details and other information about the services we provide you as part of our contract

 

Information for other individuals included in our products (ex. beneficiaries).

Legitimate interest, it is important to us as a business.

 

We are legally required to do so.

Receive accident and incident reports

Name and contact details

Legitimate interest, it is important to us as a business.

Respond to Data Subject Rights Requests

 Name, contact details and other information about the services we provide you.

 

Information for other individuals included in our products (ex. beneficiaries).

We have a legal obligation to do this.

Record calls between BCMGlobal staff and yourself

Name, contact details and other personal information that you might disclosed such as health data

Because we are legally required to do so

 

AS PART OF OUR CONTRACT WITH YOU

What we do

What information we collect

Why we can do it (legally)

Review your application for the service you are interested in to ensure we can perform the contract (including tax domicile status)

Your name, contact details, date of birth, NI number, address for tax purposes.

 

Similar information for other individuals included in the product you are hiring, such as beneficiaries.

Because we are legally required to do so

 

To provide you with our services based on our contract

Administer, provide and service the product you are hiring with us

Your name, contact details, date of birth, personal tax number, address for tax purposes.

 

Similar information for other individuals included in the product you are hiring, such as beneficiaries.

 

Product performance information.

 

Your bank account details.

 

Special category of data such as health information if you disclose it in any way to us to inform us

To provide you with our services based on our contract

 

Because we are legally required to do so

 

Consent, in the case of special category of data if you are able to consent freely

Regularly communicate with you

Your name, contact details and any information relevant to the service we provide you.

 

Similar information for other individuals included in the contract as part of the service we provide, such as beneficiaries.

 

Product performance information.

 

Health information if you request communications in Braille or other easier to read formats.

To provide you with our services based on our contract

 

Because we are legally required to do so

 

Consent, in the case of special category of data if you are able to consent freely

Prevent financial crime such as money laundering, sanction breaches, tax evasion and fraud

Your name, contact details, date of birth, personal tax number, address for tax purposes.

 

Similar information for other individuals included in the contract as part of the service we provide, such as beneficiaries

 

Your bank account details.

To provide you with our services based on our contract

 

Because we are legally required to do so

 

Substantial Public interest (prevent financial crime), in regards to any information on criminal convictions

To keep our own internal and external management information, maintaining accounting records, analysis of financial results, internal audit requirements or receiving professional advice, as required

Your name, contact details, date of birth, NI number, address for tax purposes.

 

Similar information for other individuals included in the contract as part of the service we provide, such as beneficiaries

 

Product performance information.

Our legitimate interest, to keep appropriate records to monitor performance and evaluate business performance

 

Because we are legally required to do so

 

To improve our products and services and for analytical purposes

Your name, contact details, date of birth, NI number, address for tax purposes.

 

Similar information for other individuals included in the contract as part of the service we provide, such as beneficiaries

 

Product performance information.

Legitimate interest, to improve our services

 

FOR MARKETING PURPOSES

You are in control of how we use your information for marketing and we will only contact you if you have purchased one of our products or expressed an interest in attending one of our events. In these circumstances, we may share information within the BCMGlobal to inform you of other similar products and services that may be of interest to you, unless you tell us that you do not wish to receive this information.

If you wish to unsubscribe from any emails sent by us, you may do so at any time by following the unsubscribe instructions that appear in the email. Otherwise you can always contact us using the details set out in this Privacy Notice to update your contact preferences. In such circumstances, we will continue to send you service related (non-marketing) communications where necessary.

 

FOR RECRUITMENT

What we do

What information we collect

Why we can do it (legally)

Consider you for an employment opportunity and to communicate with you, as needed

Collect name, address, email, telephone number, CV, salary expectations and legal residency status

Consent and to be able to take pre-contractual steps

Confirm your employment with us

Collect Date of birth, referee details (if any), bank account details or other payment or financial information, details related to background screening (if applicable)

Consent and to be able to carry out with the employment contract

Manage and progress the recruitment process

Collect public information in Linkedin and other available public sources

Legitimate interests

 

When BCMGlobal collects data for recruiting purposes the Data Controller will be Link Group. For more information you can access the Group Recruitment Privacy Notice here.

Who we share personal information with?

We will only disclose your personal information in accordance with applicable laws and regulations applicable to the countries in which our businesses operate. We will disclose your information to the following third parties:

  • Any person with legal or regulatory power over us (such as the Central Bank of Ireland, An Garda Síochána or the Garda National Economic Crime Bureau) that may require disclosure on legal grounds, or other relevant Government departments where reasonably necessary for financial crime and sanction prevention purposes).
  • Service providers engaged by us to help us run our business and perform the Services/our contract with you. Such service providers will include, for example, cloud storage providers (engaged by us to provide electronic storage facilities for our business data and your information), Mortgage Servicers, Field Agents, Solicitors, Enquiry Agents, Valuers, Central Credit Register and the Property Registration Authority of Ireland.
  • Your relatives, powers of attorney, guardians acting on your behalf or other people or organisations associated with you such as your financial advisor or your lawyer whenever you have given us permission to share your personal information with them.
  • Third Parties, such as Investors and Agencies, who receive information from us for the purpose of reporting.
  • Identity and Verification agencies.
  • Other parties in commercial relationships with BCMGlobal, including financial organisations and advisors where necessary to enable us to fulfil our service to you.
  • Any member of the Link Group which means; its subsidiaries, our ultimate holding company and its subsidiaries (from time to time) as necessary for the purposes described in this Privacy Notice;
  • Credit Reference Agencies CRA (including the Central Credit Register) - for the purpose of customer identification and information concerning your financial situation and financial history and the prevention of fraud. We will exchange information with CRA’s until the debt has been repaid and CRA’s will share your information with other organisations.

The list of possible disclosures is not intended to be exhaustive and there may be other legitimate purposes for holding, disclosing or otherwise processing your personal information. Where the law so requires, you will be notified of any additional purposes and where required your consent will be sought.

International Transfers

The sharing of personal information with third parties set out above (including Link Group subsidiaries and service providers) may involve the transfer of data to jurisdictions outside of the European Economic Area (EEA). We will ensure that any such subsidiary or service provider has put in place adequate safeguards to ensure that your information is held securely and in accordance with this Privacy Notice. Such steps may include placing the party we are transferring personal information to under contractual obligations to protect it to adequate standards. Transfers within the Link Group will be covered by an agreement entered into by members of the Link Group (an intra-group agreement) which contractually obliges each member to ensure that your Personal Data receives an adequate and consistent level of protection wherever it is transferred within the Group or a specific contract arrangement implementing the specific safeguards such as the Standard Contractual Clauses provided by the European Commission.

How do we keep your information secure?

We store the information you provide about yourself in a secure database and take appropriate security measures to protect such information from unauthorised access

We take protection of your personal information and our system security very seriously.  Any personal information which is collected, recorded or used in any way will have appropriate safeguards applied in line with our data protection obligations.

We implement internal and external audits and regular, independent assurance exercises across our business to ascertain the effectiveness of our security control environment and our security strategy.

Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect your personal and confidential information whenever they are processing it and must undertake annual training on this.

Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information.

All exchanges of information between you and our website go through encrypted channels in order to prevent interception of your information. Public access to your information via our website / the portal / any web-hosted platform is protected by a login using your user ID and password. You should ensure that these are kept secret and not divulged to other people. You recognise that your use of our website is entirely at your own risk.  BCMGlobal websites operates on the internet, which is inherently insecure.  BCMGlobal cannot guarantee the information you supply will not be intercepted while being transmitted over the internet.  Accordingly, BCMGlobal has no responsibility or liability for the security of personal information transmitted by you via our website.

To take full advantage of all security features you should use an up-to-date browser. To further ensure your personal information is safe, please note, we will never ask a customer to confirm any debit or credit card details via email.

 

How long will we store your information for?

We keep personal data for a variety of purposes and for a variety of time periods. The general guidelines for how long we keep personal data are based on what is necessary and proportionate in our business, taking into consideration how and why we collected it and with specific reference to legal obligations that apply to our business.

Where there is no legally defined period for keeping data, we will keep your information for a time period based on relevant industry standards. Where there are no relevant industry standards, we will use a time limit that allows us to serve you and to comply with our contract commitments but also, we will ensure we do not keep the information for longer than needed. Some specific information we store:

  • Our website uses Google Analytics where a record of some of your personal data (e.g., IP address) will be retained for 38 months.
  • We typically keep personal data used to provide you with our products/services for 7 years from the end of our relationship with you. In some cases where there may be a dispute or a legal action, we may be required to keep personal information for longer.

If we anonymise your personal information so that it can no longer be associated with you, it will no longer be considered personal information, and we can use it without further notice to you.

Your rights

You have the following rights in relation to how we use your information. To know how you can exercise these rights refer to section 13 “Where you want to submit a Data Subject Request”. You can contact us at privacy@bcmglobal.com

Right to lodge a complaint

You have a right to complain to the ICO or the DPC at any time if you object to the way in which we use your personal information. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/ if you are in the UK and for the Republic of Ireland on the Data Protection Commissioner https://www.dataprotection.ie/

Right of access

You have the right to know if we are using your information and, if so, the right to access it and information about how we are using it.  There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing, unless otherwise requested. Where you have made the request by electronic means the information will be provided to you by electronic means where possible.

Right of rectification

We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case you have the right to require us to rectify any errors in the information we hold about you.

Right to erasure

You have the right to require us to delete your information if our continued use is not justified. However, this will need to be balanced against other factors, depending upon the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.

Right to restrict processing

In some circumstances, although you may not be entitled to require us to erase your information, but may be entitled to limit the purposes for which we can use your information.

Right of data portability

You have the right to require us to provide you with a copy of the personal information that you have supplied to us in a commonly used machine-readable format or to transfer your information directly to another controller (e.g. a third party offering services competing with ours).  Once transferred, the other party will be responsible for looking after your personal information.

Right to object to direct marketing

You can ask us to stop sending you marketing messages at any time.

Right not to be subject to automated decision making

BCMGlobal does not make decisions about you using automated decision making or profiling of your personal data.

Right to withdraw consent

For certain limited uses of your personal information, we may ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information.  If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.

In some circumstances exercising some of these rights will mean we are unable to continue providing you with your mortgage or maintaining a business relationship with you.

You can make any of the requests set out above using the contact details in this Privacy Notice. Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. We will always respond to any request you make. We may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances, but we will tell you why.

How does BCMGlobal websites use my Internet Protocol (IP) address and collect cookies?

Each time you use our websites, we will automatically collect certain technical information, including the type of browser you use, the Internet Protocol (IP) address used to connect your computer to the internet, and information about your visit, including the full Uniform Resource Locations (URL), clickstream to, through and from our sites, traffic data and other communication data, the resources that you access, and the information derived from the cookies we place on your mobile device and/or computer.

In order to improve the quality of our website and services, we may from time to time send your computer a "cookie". Cookies are text files that identify your computer to our server and are stored on your device. Cookies in themselves do not identify the individual user, just the computer used. When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the website work as you expect it to. Cookies enable us to improve your user experience by avoiding the need for you to enter the same information more than once. They also allow us to analyse user behaviour to improve the functionality and performance of our website. Because we respect your right to privacy, you can choose not to allow some type of cookies. Review the different cookie category headings below to find out more. For more on how to change our default settings review the section “How to control and delete cookies” below. However, please be aware doing so may impact your experience on the site.

We comply with the EU cookie regulations as introduced in the UK on 25 May 2011 through the EU ePrivacy Directive (2002/58/EC, as amended by 2009/136/EC), and the Irish ePrivacy Regulations, implemented by Statutory Instrument (S.I.) No. 336 of 2011. There are several types of cookies that can be stored on your device. The following is a non-exhaustive list you can learn more about the different types of cookies in our cookie policy:

“Strictly necessary Cookies”. These cookies are always on when you visit us and you can’t turn them off. We call these “strictly necessary Cookies”. We use them to make sure our digital services are secure and work correctly.

We also use tracking Cookies to help us understand our visitors better. You can switch these on or off at any time and you can always change your mind. We’ll only use them if you’ve given us your consent.

Also, you should be aware there may be some Cookies from other companies. These "third-party Cookies" might track how you use different websites, including ours. For example, you might get a social media company’s Cookie when you see the option to share something. You can turn them off, but not through us. To know more, you can visit our cookie policy.

How to control and delete cookies

On your first visit, we will tell you about the types of cookies we use and ask for consent. You can also delete any cookies that are already on your computer, the “help” section in your browser should provide instructions on how to locate the file or directory that stores cookies.

Further information about cookies can be found at https://ico.org.uk/for-the-public/online/cookies/, https://www.dataprotection.ie/en/dpc-guidance/guidance-cookies-and-other-tracking-technologies,   www.allaboutcookies.org and www.youronlinechoices.eu.

In addition, in order to develop our site in line with customers’ needs, BCMGlobal use an analytics and optimization service provided by WT EMEA Acquisitions Ltd (WebTrends) to track and analyse how parts of the site are used. We use this information to help improve the site. The data collected by WebTrends will be stored exclusively for analytical purposes and does not result in any personally identifiable data being collected or stored. WebTrends will send your computer a persistent cookie in order to evaluate your use of this site. WebTrends store the information collected by the persistent cookie on servers in the United States, European Union Member States and other countries. WebTrends may also transfer this information to third parties where required to do so by law, or where such third parties process the information on WebTrends' behalf. WebTrends will use this information for the purpose of evaluating use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. WebTrends will not associate your IP address with any other data held by WebTrends. BCMGlobal uses WebTrends to optimise this site and improve the service we provide to our visitors. This ensures that the website is fully functional and optimised to create the best possible user experience.

Our website uses Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing small text files called ‘cookies’ on your device. The information that the cookies collect, such as the number of visitors to the site, the pages visited and the length of time spent on the site, is aggregated and therefore anonymous. The retention period for data that is associated with cookies, user identifiers or advertising identifiers is 38 Months.

We never gather other information from your disk or computer. We will collect a copy of the data held by the cookie from inclusion in any analysis. We use full SSL protocols when collecting visitor information on secure pages; this ensures that the site’s security is not compromised. We encrypt all transmitted visitor information (even from non-secure pages), so no-one else can read the information we gather. None of the cookies used on our websites collect, record or store personally identifiable information about you.

Following links from our websites

Our site may contain links to other sites. Such other sites may also make use of their own cookies and will have their own privacy policies. You should carefully review the privacy policies and practices of other sites, as we cannot control or be responsible for their privacy practices. We do not accept any liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.

When BCMGlobal is a Data Controller and Data Processor and information on how lenders or loan owners are holding and processing your personal data

BCMGlobal provides support for the administration of these loans to its clients or to intermediaries who hold the primary responsibility for the loans.  In some cases, BCMGlobal is directly responsible for the administration of loans (and may also be responsible for the determination of the management of the overall strategy regarding this loan portfolio) where it acts in the capacity of lender of record.  BCMGlobal however will never offer lending for new loans.

When BCMGlobal provides services on behalf of its clients, the Client will be the Data Controller and BCMGlobal will be the Data Processor. When BCMGlobal collects data for (1) Marketing and (2) products and services related activities provided directly to the borrowers, BCMGlobal will be the Data Controller.

The lender or owner of your loan is responsible for providing you with a statement setting out how this is achieved (often referred to as a Privacy Notice) in situations where BCMGlobal is providing services to them.  This document constitutes the Privacy Notice where BCMGlobal act as legal title holder of your loan.

If you require a copy of the Privacy Notice in either case, you should get in touch with the case manager you normally deal with in respect of your loan.

BCMGlobal does not accept any liability for the privacy practices of the lenders or loan owners that it provides services to. Where you access a Privacy Statement on a third-party website, your use of such websites is at your own risk.

Where you want to submit a Data Subject Request

As stated in section 9 you have several rights in relation to your personal information, including the right to request access to your personal information, correct any mistakes on our records, erase or restrict records where they are no longer required, and object to us of personal information based on legitimate business interests.                                                                                                                       

We will respond to your request in writing as soon as practicable and in any event not more than within one month after of receipt of your request. In exceptional cases, we may extend this period by two months and we will tell you why. We may request proof of identification to verify your request. To exercise these rights please contact us by using the details below.

In particular, regarding your right of access, you have the right to obtain the following from us, as Data Controller:

  • Confirmation of whether or not personal data concerning you is being processed.
  • Where personal data concerning you is being processed, a copy of your personal data.
  • Where personal data concerning you is being processed, other additional information as follows:
  1. Purpose(s) of the processing.
  2. Categories of personal data.
  3. Any recipient(s) of the personal data to whom the personal data has or will be disclosed, in particular recipients in third countries or international organisations and information about appropriate safeguards.
  4. The retention period or, if that is not possible, the criteria used to determine the retention period

If you wish to submit a Data Subject Access request, please email privacy@linkgroup.ie.  In your request, it would be helpful to us if you set out as much information that you can concerning your request including:

What you are seeking to achieve from submitting the request;

What types of personal data does the request apply to; and

Over what period did you provide the personal data to the lender or loan owner or to BCMGlobal acting on its behalf

The DPC has provided the below template for access requests that are made to the controller in writing:

“Dear...

I wish to make an access request under Article 15 of the General Data Protection Regulation (GDPR) for a copy of any information you keep about me, on computer or in manual form in relation to...”

When BCMGlobal is not the Data Controller of your information, all responses to Data Subject Access requests are the responsibility of the lender or loan owner concerned rather than of BCMGlobal, as it acts as Data Processor on behalf of the Data Controller.

In addition, please note that the rights you have in respect to your personal information are not absolute and are subject to a range of legal conditions and exemptions. If and to the extent a relevant legal condition or exemption applies, we reserve the right not to comply with your request. However, we will let you know why.

Changes to this Privacy Notice

Please note that this Notice will be reviewed and may be changed from time to time. Any changes we may make to our privacy policy in the future will be posted on this page When changes to this Privacy Policy will be posted, the date at the bottom of this Privacy Policy will be revised

Who can you speak to at BCMGlobal about this notice and what we do to protect your information?

Questions, comments and the exercise of your rights regarding this notice and your information are welcomed and should be addressed to the Data Protection Officer by email at privacy@bcmglobal.com or by post at BCMGlobal ASI Limited, Block C, Maynooth Business Campus, Maynooth, Co. Kildare, W23 F854.

If you wish to make a complaint on how we have handled your personal information, you can contact our Data Protection team at privacy@bcmglobal.com or in our registered address:

BCMGlobal ASI Limited, Block C, Maynooth Business Campus, Maynooth, Co. Kildare, W23 F854.

If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law, you can complain to:

 

Office

Country

Data Protection Supervisory Authority

BCMGlobal ASI Limited

 

BCMGlobal ASI (Italy Branch) Limited

Ireland

The Data Protection Commission (“DPC”). You can contact the DPC via its website www.dataprotection.ie or LoCall 1890 25 22 31.

BCMGlobal  (UK) Limited

 

BCMGlobal London Limited UK

United Kingdom

The Information Commissioner’s Officer (“ICO”). You can contact the ICO via website www.ico.org.uk or by phone at 0303 123 1113.

BCMGlobal Netherlands, B.V

 

Flexfront BV

 

Nationaal Hypotheek Loket BV

Netherland

Autoriteit Persoonsgegevens. You can contact them via its website https://autoriteitpersoonsgege... or by phone at 0900 2001 201

 

Updated: November 2021