This Privacy Notice explains how we collect, store, use and protect personal data about you when you access https://www.bcmglobal.com as well as in our day-to-day business.
BCMGlobal acts as Data Processor when it provides loan administration services on behalf of its clients. BCMGlobal acts as Data Controller when it provides these services directly to some borrowers and for its own staff records.
Companies that form part of BCMGlobal are set out in section 15 below.
At BCMGlobal where we collect personal information about you, we are committed to protecting this information and your privacy. Set out below is an explanation of how we use, collect and safeguard your personal information through our website or in our day- to-day business.
According to the principles of data protection, we only collect and process personal data that we need for our specified purposes. BCMGlobal will collect and use only as much personal data from you as is necessary to be able to provide you with the services you have requested from us.
When you contact us directly
We collect basic information (name, contact details, etc.) when you contact us directly, for example within this site to submit personal information to us by email or online enquiry. We will record what you say to us by email or phone as sometimes it is legally required. However, when we record a call, we will inform you at the beginning of the telephone conversation.
We also collect personal information directly from you:
| What we do | What information we collect | Why we can do it (legally) |
|---|---|---|
| Respond to queries and complaints | Name, contact details and other information about the services we provide you as part of our contract Information for other individuals included in our products (e.g. beneficiaries). | Legitimate interest, it is important to us as a business. We are legally required to do so. |
| Receive accident and incident reports | Name and contact details | Legitimate interest, it is important to us as a business. |
| Respond to Data Subject Rights Requests | Name, contact details and other information about the services we provide you. Information for other individuals included in our products (e.g. beneficiaries). | We have a legal obligation to do this. |
| Record calls between BCMGlobal staff and yourself | Name, contact details and other personal information that you might disclosed such as health data | Because we are legally required to do so Legitimate interest, it is important to us as a business. |
As part of our contract with you
| What we do | What information we collect | Why we can do it (legally) |
|---|---|---|
| Review your application for the service you are interested in to ensure we can perform the contract (including tax domicile status) | Your name, contact details, date of birth, NI number, address for tax purposes. Similar information for other relevant individuals such as beneficiaries. | Because we are legally required to do so. To provide you with our services based on our contract. |
| Administer, provide and service the relevant financial services product | Your name, contact details, date of birth, personal tax number, address for tax purposes. Similar information for other relevant individuals such as beneficiaries. Product performance information. Your bank account details. Special category of data such as health information if you disclose it in any way to us to inform us. | To provide you with our services based on our contract. Because we are legally required to do so. Consent, in the case of special category of data if you are able to consent freely. |
| Regularly communicate with you | Your name, contact details and any information relevant to the service we provide you. Similar information for other individuals included in the contract as part of the service we provide, such as beneficiaries. Product performance information. Health information if you request communications in Braille or other easier to read formats. | To provide you with our services based on our contract. Because we are legally required to do so. Consent, in the case of special category of data if you are able to consent freely. |
| Prevent financial crime such as money laundering, sanction breaches, tax evasion and fraud. | Your name, contact details, date of birth, personal tax number, address for tax purposes. Similar information for other individuals included in the contract as part of the service we provide, such as beneficiaries Your bank account details. | To provide you with our services based on our contract Because we are legally required to do so Substantial Public interest (prevent financial crime), in regards to any information on criminal convictions |
| To keep our own internal and external management information, maintaining accounting records, analysis of financial results, internal audit requirements or receiving professional advice, as required | Your name, contact details, date of birth, NI number, address for tax purposes. Similar information for other individuals included in the contract as part of the service we provide, such as beneficiaries Product performance information. | Our legitimate interest, to keep appropriate records to monitor performance and evaluate business performance Because we are legally required to do so |
| To improve our products and services and for analytical purposes | Your name, contact details, date of birth, NI number, address for tax purposes. Similar information for other individuals included in the contract as part of the service we provide, such as beneficiaries Product performance information. | Legitimate interest, to improve our services |
For Marketing Purposes
You are in control of how we use your information for marketing and we will only contact you if you have purchased one of our products, service your mortgage or expressed an interest in attending one of our events. In these circumstances, we may share information within the BCMGlobal to inform you of other similar products and services that may be of interest to you, unless you tell us that you do not wish to receive this information.
If you wish to unsubscribe from any emails sent by us, you may do so at any time by following the unsubscribe instructions that appear in the email. Otherwise you can always contact us using the details set out in this Privacy Notice to update your contact preferences. In such circumstances, we will continue to send you service related (non-marketing) communications where necessary.
For Recruitment
| What we do | What information we collect | Why we can do it (legally) |
|---|---|---|
| Consider you for an employment opportunity and to communicate with you, as needed | Collect name, address, email, telephone number, CV, salary expectations and legal residency status | Consent and to be able to take pre-contractual steps |
| Confirm your employment with us | Collect Date of birth, referee details (if any), bank account details or other payment or financial information, details related to background screening (if applicable) | Consent and to be able to carry out with the employment contract |
| Manage and progress the recruitment process | Collect public information in Linkedin and other available public sources | Legitimate interests |
We will only disclose your personal information in accordance with applicable laws and regulations applicable to the countries in which our businesses operate. We may disclose your information to the following third parties:
For more information on how CRAs use personal information please visit;
The list of possible disclosures is not intended to be exhaustive and there may be other legitimate purposes for holding, disclosing or otherwise processing your personal information. Where the law so requires, you will be notified of any additional purposes and where required your consent will be sought.
We operate mainly in Ireland, the UK, Italy and the Netherlands. The sharing of personal information with third parties set out above may involve the transfer of data to jurisdictions outside of the European Economic Area (EEA) or UK. Before any such transfer of data occurs, an appropriate impact assessment is carried out. We will ensure that adequate safeguards, such as Standard Contractual Clauses, are in place, together with supplementary measures where necessary to ensure that your Personal Data receives an adequate and consistent level of protection wherever it is transferred.
We store the information you provide about yourself in a secure database and take appropriate security measures to protect such information from unauthorised access
We take protection of your personal information and our system security very seriously. Any personal information which is collected, recorded or used in any way will have appropriate safeguards applied in line with our data protection obligations.
We implement internal and external audits and regular, independent assurance exercises across our business to ascertain the effectiveness of our security control environment and our security strategy.
Your information is protected by controls designed to minimise loss or damage through accident, negligence or deliberate actions. Our employees also protect your personal and confidential information whenever they are processing it and must undertake annual training on this.
Our security controls are aligned to industry standards and good practice; providing a control environment that effectively manages risks to the confidentiality, integrity and availability of your information. All exchanges of information between you and our website go through encrypted channels in order to prevent interception of your information. Public access to your information via our website / the portal / any web-hosted platform is protected by a login using your user ID and password. You should ensure that these are kept secret and not divulged to other people. You recognise that your use of our website is entirely at your own risk. BCMGlobal websites operates on the internet, which is inherently insecure. BCMGlobal cannot guarantee the information you supply will not be intercepted while being transmitted over the internet. Accordingly, BCMGlobal has no responsibility or liability for the security of personal information transmitted by you via our website.
To take full advantage of all security features you should use an up-to-date browser. To further ensure your personal information is safe, please note, we will never ask a customer to confirm any debit or credit card details via email.
We keep personal data for a variety of purposes and for a variety of time periods. The general guidelines for how long we keep personal data are based on what is necessary and proportionate in our business, taking into consideration how and why we collected it and with specific reference to legal obligations that apply to our business.
Where there is no legally defined period for keeping data, we will keep your information for a time period based on relevant industry standards. Where there are no relevant industry standards, we will use a time limit that allows us to serve you and to comply with our contract commitments but also, we will ensure we do not keep the information for longer than needed.
If we anonymise your personal information so that it can no longer be associated with you, it will no longer be considered personal information, and we can use it without further notice to you.
You have the following rights in relation to how we use your information. To know how you can exercise these rights refer to section 13 “Where you want to submit a Data Subject Request”. You can contact us at [email protected] for Ireland and Italy, or [email protected] if you are in the UK.
Right to lodge a complaint
You have a right to complain to the ICO the DPC or the Garante per la protezione dei dati personali (Garante) at any time if you object to the way in which we use your personal information. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/ if you are in the UK, the Data Protection Commissioner https://www.dataprotection.ie/ if you are in Ireland, or https://www.garanteprivacy.it/ if you are in Italy.
Right of access
You have the right to know if we are using your information and, if so, the right to access it and information about how we are using it. There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing, unless otherwise requested. Where you have made the request by electronic means the information will be provided to you by electronic means where possible.
Right of rectification
We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case you have the right to require us to rectify any errors in the information we hold about you.
Right to erasure
You have the right to require us to delete your information if our continued use is not justified. However, this will need to be balanced against other factors, depending upon the type of personal information we hold about you and why we have collected it. There may be some legal and regulatory obligations which mean we cannot comply with your request.
Right to restrict processing
In some circumstances, although you may not be entitled to require us to erase your information, you may be entitled to limit the purposes for which we can use your information.
Right of data portability
You may have the right to require us to provide you with a copy of the personal information that you have supplied to us in a commonly used machine-readable format or to transfer your information directly to another controller (e.g. a third party offering services competing with ours). Once transferred, the other party will be responsible for looking after your personal information.
Right to object to direct marketing
You can ask us to stop sending you marketing messages at any time.
Right not to be subject to automated decision making
BCMGlobal does not make decisions about you using automated decision making or profiling of your personal data.
Right to withdraw consent
For certain limited uses of your personal information, we may ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. If you withdraw your consent, we may not be able to provide certain products and services to you. If this is the case, we’ll tell you at the time you ask to withdraw your consent.
In some circumstances exercising some of these rights will mean we are unable to continue providing you with your mortgage or maintaining a business relationship with you.
You can make any of the requests set out above using the contact details in this Privacy Notice. Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. We will always respond to any request you make. We may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances, but we will tell you why.
Our site may contain links to other sites. Such other sites may also make use of their own cookies and will have their own privacy policies. You should carefully review the privacy policies and practices of other sites, as we cannot control or be responsible for their privacy practices. We do not accept any liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.
BCMGlobal provides support for the administration of these loans to its clients or to intermediaries who hold the primary responsibility for the loans. In some cases, BCMGlobal is directly responsible for the administration of loans (and may also be responsible for the determination of the management of the overall strategy regarding this loan portfolio) where it acts in the capacity of lender of record. BCMGlobal however will never offer lending for new loans.
When BCMGlobal provides services on behalf of its clients, the Client will be the Data Controller and BCMGlobal will be the Data Processor. When BCMGlobal collects data for (1) Marketing and (2) products and services related activities provided directly to the borrowers, BCMGlobal will be the Data Controller.
The lender or owner of your loan is responsible for providing you with a statement setting out how this is achieved (often referred to as a Privacy Notice) in situations where BCMGlobal is providing services to them. This document constitutes the Privacy Notice where BCMGlobal act as legal title holder of your loan. If you require a copy of the Privacy Notice in either case, you should get in touch with the case manager you normally deal with in respect of your loan.
BCMGlobal does not accept any liability for the privacy practices of the lenders or loan owners that it provides services to. Where you access a Privacy Statement on a third-party website, your use of such websites is at your own risk.
As stated in the ‘Your Rights’ section above, you have several rights in relation to your personal information, including the right to request access to your personal information, correct any mistakes on our records, erase or restrict records where they are no longer required, and object to us in relation to the processing of personal information based on legitimate business interests.
We will respond to your request in writing as soon as practicable and in any event not more than within one month of receipt of your request. In exceptional cases, we may extend this period by two months and we will tell you why. We may request proof of identification to verify your request. To exercise these rights please contact us by using the details below.
In particular, regarding your right of access, you have the right to obtain the following from us, as Data Controller:
If you wish to submit a Data Subject Access request, please email [email protected] for Ireland and Italy, and [email protected] if you are in the UK. In your request, it would be helpful to us if you set out as much information that you can concerning your request including:
The DPC has provided the below template for access requests that are made to the controller in writing:
“Dear…
I wish to make an access request under Article 15 of the General Data Protection Regulation (GDPR) for a copy of any information you keep about me, on computer or in manual form in relation to…”
When BCMGlobal is not the Data Controller of your information, all responses to Data Subject Access requests are the responsibility of the lender or loan owner concerned rather than of BCMGlobal, as it acts as Data Processor on behalf of the Data Controller.
In addition, please note that the rights you have in respect to your personal information are not absolute and are subject to a range of legal conditions and exemptions. If and to the extent a relevant legal condition or exemption applies, we reserve the right not to comply with your request. However, we will let you know why.
Please note that this Privacy Notice will be reviewed and may be changed from time to time. When changes to this Privacy Notice have been posted, the date at the bottom of this Privacy Notice will be revised.
Questions, comments, complaints and the exercise of your rights regarding this notice and your information are welcomed and should be addressed to the:
| Office | Country | |
|---|---|---|
| BCMGlobal ASI Limited | Ireland | Data Protection Officer in Ireland by email at [email protected] or by post at BCMGlobal ASI Limited, Block C, Maynooth Business Campus, Maynooth, Co. Kildare, W23 F854. |
| BCMGlobal Mortgage Services Limited (ICO Registration Z6529181) Rooftop Mortgages Limited (ICO registration Z9494874) | United Kingdom | Data Protection Officer by email at [email protected] or by post at BCMGlobal Mortgage Services Limited, Crown House, Crown Street, Ipswich, IP1 3HS Data Protection Officer by email at [email protected] or by post at Rooftop Mortgage Limited, Crown House, Crown Street, Ipswich, IP1 3HS |
| BCMGlobal (UK) Limited BCMGlobal London Limited | United Kingdom | Data Protection Officer by email at [email protected] or by post at BCMGlobal ASI Limited, Block C, Maynooth Business Campus, Maynooth, Co. Kildare, W23 F854. |
| BCMGlobal ASI Limited (Italy Branch) | Italy | Data Protection Officer in Ireland by email at [email protected] or by post at BCMGlobal ASI Limited, Block C, Maynooth Business Campus, Maynooth, Co. Kildare, W23 F854. or at BCMGlobal ASI Limited, Sede Secondaria e Rappresentanza Generale per l’Italia, Via Borromei 5/B, 20123 Milano (IT) |
If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law, you can complain to:
| Office | Country | Data Protection Supervisory Authority |
|---|---|---|
| BCMGlobal ASI Limited | Ireland | The Data Protection Commission (“DPC”). You can contact the DPC via its website www.dataprotection.ie or LoCall 1890 25 22 31. |
| BCMGlobal Mortgage Services Limited Rooftop Mortgages Limited BCMGlobal (UK) Limited BCMGlobal London Limited | United Kingdom | The Information Commissioner’s Officer (“ICO”). You can contact the ICO via website www.ico.org.uk or by phone at 0303 123 1113. |
| BCMGlobal ASI Limited (Italy Branch) | Italy | The Data Protection Commission (“DPC”). You can contact the DPC via its website www.dataprotection.ie or LoCall 1890 25 22 31. Garante per la protezione dei dati personali ( Piazza Venezia n. 11 – 00187 Roma / https://www.garanteprivacy.it/ [email protected] / [email protected] / +39 06 696 771 |
Updated: January 2024
