DPR Group Privacy statement
Who we are
DPR Group is a fast growing Private Equity-backed leading provider of origination and servicing software solutions for banks, building societies and specialist lenders in the UK and Europe. Having received Private Equity investment in June 2017, we are seeking to accelerate our growth through acquisition as well as organic growth.
Our software solutions span across residential and commercial mortgages, personal loans, equity release and savings. We are driven by a desire to maximise operational efficiency and drive down costs across the sector through the innovative use of technology.
Our clients range from large high-street names to smaller niche providers and challenger banks.
DPR Group Limited (company number 04438029) and DPR Consulting Limited (company number 03178610) are companies registered in England and Wales with VAT registration number GB 271603421.
Personal data definition
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymised data).
The kind of information we hold about you
We may collect, store, and use the following categories of personal information about you:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
- Employment Details (including company name, job titles, etc…).
- Financial data related to the products or services purchased
- CCTV footage
- Access control data
- Information about your use of our information and communications systems
- Personal emails sent to your email address
- How is your personal information collected
- We collect personal information about customers, clients and marketing opportunities through contact with our website, calls received by prospective customers, our customer database or through face to face meetings at industry events.
- Where processing is necessary for the fulfilment of a contract, or where specific steps have been taken before entering into a contract.
- Where the processing is necessary for the compliance with the law
- Where processing is necessary for legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect personal data which overrides those legitimate interests.)
- Internal record keeping;
- To follow up, either by e-mail, phone or mail as part of our customer service procedures;
- To periodically send promotional e-mails from us (or on behalf of someone else) about new products, special offers or other information which we think you may find interesting;
- To help us improve and develop our website, online products and services;
- To understand our user demographics and use of our website;
- For administration and client relationship management;
- To answer questions and respond to comments, requests or queries you send us, including any product queries;
- To notify you of changes to our online products or services, and any other purpose related to or ancillary to any of the above.
- To make product changes based on client requests
- To amend bugs, issue software updates, issue patches and fixes to products
- Follow your instructions.
- Comply with a legal duty.
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. You can find out more on the European Commission Justice website http://ec.europa.eu/justice/dataprotection/international-transfers/adequacy/index_en.htm
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. You can find out more about this on the European Commission Justice website http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
- For data sent to the USA, transfer it only to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website http://ec.europa.eu/justice/dataorotection/data-collection/data-transfer/index_en.htm
How your personal data will be used
We request, hold and process personal data about you for the following purposes
These activities may include but are not limited to
Disclosure of your information to third parties
Your information may be shared with our appointed third-party agents and suppliers in order to support our processing. These third parties will only have access to your information in order for them to perform specific tasks with a lawful basis and they may not use it for any other purposes.
We may also pass your information on to financial organisations, credit reference agencies and tracing agencies. We may disclose your information to our professional advisers for the purpose of obtaining professional advice or to other third parties if we have a legal obligation to do so. We reserve the right to monitor, review, retain and/or disclose any information as necessary to satisfy any applicable law, regulation, legal process or governmental request.
Should there be any change to your personal details in the future (i.e. change of name, address, telephone number, bank account, etc) you are asked to notify us promptly. This will ensure we maintain accurate personal details. If it becomes our intention to use your information for any other reason, we shall advise you of those intentions prior to using the information for the additional purpose(s) as well as advising you of any other details within this statement which may be affected.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform our contract with you (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may have to share your data with third parties, including third-party service providers and other entities in the group.
We require third parties to respect the security of your data and to treat it in accordance with the law.
We may transfer your personal information outside the EU.
If we do, you can expect a similar degree of protection in respect of your personal information.
Why might you share my personal information with third parties?
We will only share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest for doing so.
Which third-party service providers process my personal information?
“Third parties” includes third-party service providers (including contractors and designated agents) and other entities within our group.
DPR Group Ltd will take all steps reasonably necessary including policies, procedures and security features to ensure that your data is treated securely and protected from unauthorised and unlawful access and/or use, and in accordance with this notice. Unfortunately, the transmission of information via the internet is not completely secure and, although we will do our best to protect your personal data transmitted to us via the internet, we cannot guarantee the security of your data transmitted to our website from your device. Any transmission is at your own risk.
Sending personal data internationally
We do not envisage transferring any information about or relating to individuals to anyone who is located outside of the European Economic Area.
We will only send your data outside of the European Economic Area (‘EEA’) to:
If we do transfer information to our agents or advisers outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:
How long we keep your personal information
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Data protection laws grant you, as a Data Subject, certain ‘information rights’, which are summarised below:
Right of access – You have the right to obtain a copy of information we hold about you
Right of rectification or erasure – If you feel that any data that we hold about you is inaccurate, you have the right to ask us to correct or rectify it. You also have a right to ask us to erase information about you where you can demonstrate that the data we hold is no longer needed by us, or if you withdraw the consent upon which our processing is based, or if you feel that we are unlawfully processing your data. Please note that we may be entitled to retain your personal data despite your request, for example if we are under a separate legal obligation to retain it. Your right of rectification and erasure extends to anyone we have disclosed your personal information to and we will take all reasonable steps to inform those with whom we have shared their data about your request for erasure.
Right to restriction of processing – You have a right to request that we refrain from processing your data where you contest its accuracy, or the processing is unlawful and you have opposed its erasure, or where we do not need to hold your data any longer but you need us to in order to establish, exercise or defend any legal claims, or we are in dispute about the legality of our processing your personal data.
Right to Portability – You have a right to receive any personal data that you have provided to us in order to transfer it onto another data controller where the processing is based on consent and is carried out by automated means. This is called a data portability request.
Right to Object – You have a right to object to our processing your personal data where the basis of the processing is our legitimate interests including but not limited to direct marketing and profiling.
Right to Withdraw Consent – You have the right to withdraw your consent for the processing of your personal data where the processing is based on consent.
Right of Complaint – You also have the right to lodge a complaint about any aspect of how we are handling your data with the UK Information Commissioner’s Office, which can be contacted at www.ico.org.uk.
Marketing Communications – To stop receiving marketing (such as email, postal or telemarketing), then please contact us using the contact us details below.
IP addresses and cookies
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the Site.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
If you have any queries or you wish to speak to us about how your information will be used, then please contact us at
Tel: 020 7050 2000
Postal Address: DPR Group Limited, Commodity Quay, St Katharine Docks, London E1W 1AZ