PNC

Privacy Notice for Customers, Business Contacts, Service Providers and Website Visitors

 

Effective Date of this version: 25 May 2018

1. INTRODUCTION

1.1 PNC Financial Services UK Ltd ("we", "our", "us") are committed to protecting the personal data of individuals associated with the companies with which we do business. As an asset-based lender to the private equity community, mid-market companies and other businesses, our core activities involve only limited personal data processing. This notice (‘Notice’) sets out how and why we collect, use and disclose the personal data that we receive from or in relation to our customers, other business contacts, service providers and website visitors.

1.2 This Notice may be amended from time to time. We will post changes to this Notice on our website and any changes will take effect 30 calendar days after posting. We recognise our continuing transparency responsibilities and will take reasonable steps to bring to the attention of our customers any material changes to this Notice when they are posted. The effective date will be shown on the face of the Notice and the most recent amendments will be highlighted during the period between posting and the effective date of the amendments.

2. DATA CONTROLLER

2.1 PNC Financial Services UK Ltd is the data controller. We are registered in the United Kingdom with company number 07341483, and our registered office address is PNC Business Credit, PNC House, 34 -36 Perrymount Road, Haywards Heath, RH16 3DN.

2.2 Questions, comments and requests regarding this Notice may be emailed to privacyBCUK@pnc.com or sent by post to the above mentioned address.

3. WHAT PERSONAL DATA WE COLLECT AND WHY?

This Section 3 covers the different sources and categories of personal data that we collect and otherwise process, why we do so, and the lawful bases for our processing.

Depending on your relationship with us, please see the relevant section below where we describe how we obtain your personal data and how we will treat it.

This privacy notice covers the processing of information for the following categories of individuals:

Section 3.1 – Current and Prospective Customers

This covers individuals associated with our existing and prospective customers.

Section 3.2 - Account Debtors

This covers individuals associated with our existing and prospective customers.

Section 3.3 - Service Providers and Third Party Vendors

Where service providers are legal entities, this covers employees or representatives of our existing or prospective service providers, suppliers and contractors

Section 3.4 - Website Visitors

4. SHARING OF YOUR INFORMATION

We share personal data relating to our customers and other business contacts among affiliates, and also with trusted third party vendors and business partners. The purposes for these transfers are set out below. We do not sell your personal data to third parties.

A - Our Affiliates

We may disclose your personal data to any member of The PNC Financial Services Group, Inc’s group of companies for the following business purposes:

  • a) to facilitate the credit decision-making process;
  • b) to carry out global AML/KYC processes; or
  • c) to store personal data on our central systems.

In so doing, our affiliates may be data controllers and/or data processors of the personal data that we share with them. As data controllers and/or data processors, these affiliates will process your data in line with intra-group data transfer agreements that we have entered into with the relevant members of The PNC Financial Services Group, Inc’s group of companies in line with the requirements of the General Data Protection Regulation (EU) 2016/679 and national implementing laws ('GDPR').

B - Our Service Providers

We may disclose information about you to organisations that provide a service to us or are acting as our agents, on the understanding that they will keep the information confidential and will comply with contractual safeguards in line with the GDPR requirements.

For example, we may share your information with the following types of service providers:

  • a) technical support providers who assist with our website and IT infrastructure;
  • b) third party software providers, who may include ‘software as a service’ solution providers, where the provider hosts the relevant personal data on our behalf;
  • c) professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;
  • d) money laundering and compliance search providers;
  • e) providers that help us store, collate and organise information effectively and securely, both electronically and in hard copy format, and for marketing purposes;
  • f) providers that help us generate and collate reviews in relation to our services; and/or
  • g) providers that help us analyse or evaluate our data collection process or customer service fulfilment.
C - Government and Regulatory Authorities

We may disclose information about you if we have a duty to do so or if required by an EU or Member State governmental, banking, taxation or other regulatory authority or similar body, or by the rules of any relevant stock exchange or pursuant to any applicable EU or Member State law or regulation or if the law allows us to do so. Otherwise, we will keep information about you confidential.

D - Credit Reference and Fraud Prevention Agencies

In some cases, we may need to share your personal data with authorised credit reference and fraud prevention agencies in order to obtain information from them that is necessary to make credit assessments and to prevent and detect fraud, money laundering and other crimes.

When considering a loan application from a customer or making lending decisions, we may request background checks on associated individuals to be carried out by credit reference agencies, which may keep a record of the search in line with their own obligations and responsibilities.

In regard to background and credit checks on individuals associated with our customers, we reserve the right to carry out further checks from any of these sources from time to time for fraud prevention and credit control purposes.

Should an unaffiliated third party request a bank or credit reference from us, or any other request for a reference that concerns you, we will not provide such a reference without your written permission.

E - Other

We may also disclose your personal data:

  • a) as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of the terms of our agreements, or as required by law;
  • b) in the context of mergers and acquisitions, we may transfer your personal data to potential purchasers and their advisors, subject to appropriate confidentiality obligations, in the event the we decide to dispose of all or parts of our business; and
  • c) with our advertising and promotional agencies and consultants and those organisations selected by us to carry out marketing campaigns on our behalf, subject to appropriate contractual safeguards.
5. TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

In general, when transferring your personal data outside the EEA (which consists of EU Member States and Iceland, Lichtenstein and Norway), we will only do so if one of the following safeguards is in place:

  • a) the transfer is to a non-EEA country which has an adequacy decision by the EU Commission;
  • b) the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA;
  • c) the transfer is to an organisation which has Binding Corporate Rules approved by an EU data protection authority; or
  • d) the transfer is to an organisation in the US that is EU-US Privacy Shield certified.

We may exceptionally rely on one of the GDPR derogations if applicable.

You may request a copy of the relevant documentation from us using the contact details provided in section 2 above.

6. OUR RETENTION POLICY

We retain personal data only for as long as necessary for the purposes for which the data was collected, except where necessary to meet our legal obligations (for example, in relation to AML requirements) or in order to establish, exercise or defend potential legal claims.

7. YOUR RIGHTS

If you are an individual covered by this Notice, you have the following rights in relation to your personal data under the GDPR:

  • a) to obtain information on how we handle your personal data and access documents which contain your personal data;
  • b) to request us to correct or update your personal data if it is inaccurate or out of date;
  • c) to object to the processing of your personal data where your data is processed our legitimate interest, is the lawful basis for processing, as indicated in Section 3 above, or where decisions about you are based solely on automated processing, including profiling;
  • d) to erase personal data about you that is held by us:
    • i. which is no longer necessary in relation to the purposes for which is was collected,
    • ii. to the processing of which you object, or
    • iii. which may have been unlawfully processed by us;
  • e) to restrict processing by us, i.e. to restrict processing to storage only:
    • i. where you oppose to deletion of your personal data and prefer restriction of processing instead, or
    • ii. where you object to the processing by us on the basis of our legitimate interests;
  • f) to transmit personal data that you submitted to us back to you or to another organisation in machine-readable format under certain circumstances; and
  • g) to withdraw your consent at any time, in the limited circumstances in which we may rely on your consent to process your personal data.

These rights are not absolute and are subject to various conditions under:

  • applicable data protection and privacy legislation; and
  • the laws and regulations to which we are subject.

For general questions regarding this Notice or if you at any time decide that you would like to exercise any of these rights, please contact us using the contact details provided in section 2 above.

If you are unhappy with how we have dealt with your request or concern, you have the right to file a complaint with the Information Commissioner’s Office, the UK supervisory authority. For more details, please visit the ICO’s website: https://ico.org.uk/concerns/handling/.

The PNC Financial Services Group, Inc. 2017 UK Tax Strategy

PNC and PNC Bank are registered marks of The PNC Financial Services Group, Inc. ("PNC").

In the UK, lending products are provided by PNC Financial Services UK Ltd., which is an indirect wholly-owned subsidiary of PNC Bank, National Association ("PNC Bank").

In Canada, PNC Bank Canada Branch, the Canadian branch of PNC Bank, provides bank deposit, treasury management, lending (including asset-based lending through its Business Credit division) and leasing products and services (through its Equipment Finance division). Deposits with PNC Bank Canada Branch are not insured by the Canada Deposit Insurance Corporation. Deposits with PNC Bank Canada Branch are not insured by the Federal Deposit Insurance Corporation, nor are they guaranteed by the United States Government or any agency thereof.

Lending and leasing products and services, as well as certain other banking products and services, may require credit approval.

Neither PNC Financial Services UK Ltd. nor PNC Bank Canada Branch provides legal, tax or accounting advice.

© The PNC Financial Services Group, Inc. All rights reserved.