The Board of www.the10th.com has considered and adopted the following procedure. The responsibility of updating the Board on developments within GDPR rests solely with the risk committee and/or Data Protection Officer. (NB – this procedure replaces any previous versions).

Officers and staff of www.the10th.com will treat all information received from clients and third parties in accordance with the GDPR regulations.

The prime purpose for collection of data by www.the10th.com is its use exclusively in the application, provision and management of financial product and service lines.  The company consider that the processing is necessary for the performance of a contract with you (the data subject), or to take steps to enter into such contract with you.  Data is collected to ensure our understanding of your needs, and enable us to provide a quality service to you, particularly but not limited to the following reasons: 

• To establish internal records for the provision of our business services and operations
• To maintain records so that both Legal and Regulatory responsibilities can be met without delay
• To ensure that data is only disclosed to the appropriate parties
• To ensure that appropriate information is processed and retained in accordance with practices, as defined by the Information Commissioner
• To safeguard the rights of individuals with regards personal information which may be held, stored or processed about them

Periodically, we may send promotional emails regarding new services, special offers or other information which we believe you may find relevant, by using the email address provided by you.

Your consent must be given freely, specifically, informed, unambiguous and must be verifiable. This means that some form of record must be kept as to how and when your consent was given. All individuals have the right to withdraw their consent at any time. www.the10th.com will ensure that consent is provided by the following means:

Online Applications: The applicant will be directed to our “terms and conditions” information, which includes a copy of the company’s GDPR procedure. You will then be asked to confirm your permission to continue, based upon those conditions set out in the document, by your completion of a tick box. On acceptance of the terms and conditions, the data will then be forwarded from your internet browser, and processed in accordance with the type of application in question. Should you be unwilling to share your data at this point, the application will not be forwarded from your internet browser and you will be free to discard the application without further interaction with www.the10th.com.

You may wish to restrict the use or collection of your personal information. This can be done in the following ways:

Your information will only be collected on our website contact form when you have agreed to our terms and conditions of business.

www.the10th.com will occasionally use email and SMS marketing and credit control tools for the purpose of client communication. Where used, we will include information regarding unsubscribing your email address from any ongoing marketing communications.

If you should believe www.the10th.com hold personal information about you, you are welcome to send us a written “Subject Access Request” to request details of such data. We will require you to provide comprehensive proof of your identity before releasing such data.

Should you require this personal information to be anonymized, archived, deleted, updated or altered in any other way, you should include this in your written request to us. Www.the10th.com will be happy to comply where our statutory, regulatory and commercial rights and responsibilities will not be compromised.

www.the10th.com are only able to respond to “Subject Access Requests” when received in writing, and sent to our postal address on our contact page. We will not distribute your personal information to any third parties unless we are explicitly required to do so under IT hosting arrangements, for accounting or regulatory purposes, or by law.

Data collected and retained comes under the following categories:

• Personal data
• Banking data
• Financial history
• Credit history
• Insurable risk data
• Insurance claims history
• Underwriting notes
• Insurance notes
• Credit control notes
• Conversations between clients and personnel
• Public data

Each of these data categories are considered to be a requirement to fulfill the contractual obligations of both the company and the client.

• The client
• Group Companies
• IT Hosting Platforms
• Credit Reference Agencies
• Payment Gateway Providers
• Regulatory Authorities (including Police, Customs, FIS)
• Ombudsman
• Auditors
• Suppliers of services
• Financial Organisations
• Debt Collecting, Tracing and Private Investigators
• An organisation processing data on behalf of the company

Your personal information will be kept in a format which allows identification of data subjects for no longer than is necessary for the purposes for which the information is processed.  It should be noted that records linked to financial transactions are subject to retention rules.  These rules are published periodically by regulatory authorities and under accounting standards rules.  Currently, the minimum retention period under these requirements is six years.

Application records are required to be retained in order to ensure AML/CFT (Anti-Money Laundering / Combatting the Funding of Terrorism) reporting can be maintained. 

The retention period is measured from the date of the application (where there is no corresponding business written), or where business is written, from the date of the completion of the product:

Customer Information:  6 years after the completion of the last product provided

Loan Application Data:  6 years after the completion of the agreement

Insurance Application Data:  6 years after the completion of the policy

Life/Mortgage Application Data:  6 years after the completion of the related mortgage

Investment Business data:  10 years after the completion of the product (Jersey rule)

Application not leading to the sale of a product:  6 year

HR Data:  6 years after the leave date of the employee

Payroll Data:  6 years after the leave date of the employee.

Job application Data (unsuccessful candidate):  3 months following the fulfilment of the position

Employers Liability Insurance policy data must be retained for a minimum period of 10 years, consequently for these policy types, all data will be retained accordingly.  At the completion of the retention period, all data will be purged.

Personal information consisting of the following information is deemed to be of a sensitive nature, and www.the10th.com will not enquire nor retain information relating to these:

(a) the racial or ethnic origin of the data subject;
(b) his/her political opinions;
(c) his/her religious beliefs or other beliefs of a similar nature;
(d) whether he/she is a member of a trade union;
e) his/her sexual life;

Please note, it is necessary in some cases to record medical history in relation to travel and medical insurance plans. Where this is the case, records will be retained in accordance with the retention policies detailed above.

www.the10th.com are committed to ensuring the security of your personal data. All information transferred between your internet browser and our website or third party applications are encrypted using HTTPS protocol, using Digital Certificates with secure TLS Cyphers. This can be verified by the appearance of the secure padlock symbol in the browser address bar.

In order to prevent any unauthorised access/disclosure, we have put in place further electronic, physical and managerial procedures to secure and safeguard the information collected. These procedures and policies are company confidential. This is to avoid exposure of data security, and so can only be made available to relevant parties, legally bound by a non-disclosure agreement.