UK

Privacy policy

Franchiseefirst is the trading name of SBC MGA UK ltd and SBC EUROPE SAS

The protection of your personal information is important to us. We respect your privacy and want you to understand how we use the information that you provide to us. This Privacy Policy together with our terms and conditions, sets out the basis in which we may collect, share and use your personal information. In accordance with the General Data Protection Regulation (GDPR) and related UK and French data protection legislation, SBC MGA UK Limited ("SBC UK") and SBC EUROPE SAS ("SBC EUROPE") are committed to respecting and protecting the confidentiality and security of the information that you provide to us. The UK law applies to SBC UK and the French law applies to SBC EUROPE.

This Privacy Notice is to provide you, whether you are a customer, a partner or employee of a customer or other individual about whom we control data, with helpful information about the types of data we process and what we do with that data. If you have any questions, or if you want any further information, please contact us using the contact details below.

Contact details

European Economic Area (not UK) Address: 25, rue Michel Ange 75016 Paris France Website: www.franchiseefirst.com
Telephone: +33 950 275 788
Email: [email protected]

Unite Kingdom only (Not Europe) Address: Level 30, The Leadenhall Building 122 Leadenhall Street, London EC3V 4AB, UK Website: www.franchiseefirst.com
Telephone: +44 (0) 203 753 4611
Email: [email protected]

The data we handle

We are data controllers. SBC UK controls the data collected in relation with the SBC UK products and SBC EUROPE controls the data collected in relation with the SBC EUROPE products.  The data we process concerns people with whom we have business relationships, including the directors, partners and employees of our customers and potential customers and other third parties who interact with us.  In the course of providing our surety and bonding products we may also process some personal data in respect of the customers of our customers.

We may obtain personal data directly from the individuals concerned, from our customers, potential customers, from third parties involved in matters we act on for our customers, and from other third parties (including publicly available information).

The types of data we process are varied and will include detailed data about our customers' businesses, including personal data about directors, partners, employees and affiliates. We may record full names, contact details, and associated personal data. If we do so, and we cannot avoid processing such personal data, this Privacy Notice will apply to the individuals concerned.

In some circumstances we may handle special category personal data (sensitive information), in which case we take particular care to only process such data in accordance with legal constraints. Where necessary, we will obtain the express consent of the data subject to processing such data.

We will only collect personal information (other than sensitive information) about you where the information is reasonably necessary for the activities or functions we undertake with or for you and/or as otherwise permitted by the 2016/679 EU regulation and European Council April 27,2016 decision. In addition:

  • SBC UK as otherwise permitted by The UK Data Protection Act 2018,
  • and for SBC EUROPE as permitted by the French Data Protection Act (law 78-17 of January 6, 1978 as modified).

These activities and functions usually involve the issue of a surety or bond or policy to or on your behalf and/or the settlement of a policy claim or activities associated with the issuing of a surety, bond or policy or paying a claim, including renewal, adjustment or loss investigation. If you are providing a personal guarantee to us related to a surety or bond or policy, we may need information about your financial status. This may require us to collect personal information such as your name, age, gender and your employment details.  If you are applying for a job with us, we may need personal information such as your qualifications and past occupations.

We will collect sensitive information about you if you consent and the information is reasonably necessary for the activities or functions we undertake with or for you and/or as otherwise permitted for

  • SBC UK by The Data Protection Act 2018 and
  • For SBC EUROPE by The French Data Protection law and regulation.

These activities and functions usually involve the issue of a surety or bond or policy to or on your behalf and/or the settlement of a policy claim or activities associated with the issuing of a surety, bond or policy or paying a claim, including renewal, adjustment or loss investigation. This may require us to collect sensitive but relevant information such as your credit information. If you are applying for a job with us or if you are providing a personal guarantee to us, we may need sensitive information.

What we do with data

We process personal data for the purpose of providing surety and bonding products to our customers and also for our own general business purposes which may include:

  • Administering our customers' accounts, billing and tracing and collecting any debts.
  • Reporting to insurers and any relevant corporate entity relevant to your business (such as a franchisor in the case of franchise bonds).
  • Managing our business performance, assessing customer satisfaction (such as asking for customer feedback, monitoring customer records, testing and updating our systems, networks, applications or software, and general improvement of our services).
  • Advertising, marketing and public relations, including sending direct marketing communications (subject to the restrictions of French law and regulation).
  • Ensuring the safety and security of our people and premises.
  • Disclosures to our auditors and our own legal and other professional advisors.
  • Fraud prevention, anti-money laundering, anti-bribery and for the prevention or detection of crime.

Our basis for processing

We will only process personal data where we have a lawful basis for doing so. In general, our lawful basis will be one or more of the following:

  • The processing is necessary for the assessment and potential issue of a surety, bond or policy (and any variation or renewal) on your behalf or at your request prior to entering a contract.
  • The processing is necessary for compliance with our legal obligations.
  • The processing is necessary for the purposes of pursuing our legitimate interests (this includes carrying out our business of providing surety and bonding products to corporate and individual customers and pursuing our general business interests).
  • The processing is necessary for the establishment, exercise or defence of policy and/or legal claims.

In addition, in some circumstances we may process personal data on the basis that an individual has provided their express consent, for example, for marketing to an individual by email or SMS or for the processing of special category data. Please note that the individual concerned may withdraw their consent at any time by contacting us using the contact details above.

Direct marketing

We may send marketing materials to you as prospective customers having firstly obtained directly or indirectly your consent, provided we are otherwise permitted to do so by law. Individuals and firms will always have the right to unsubscribe from any marketing.  Instructions on how to opt-out will be included within the communication concerned. Alternatively, please use the contact details above.

Who we share data with

In providing our services and in complying with our legal obligations, we may share the personal data that we obtain, insofar as we are required or permitted by law to do so, with the following third parties:

  • Insurers used by us in providing the product or service you have asked us to provide, details of which can be made available on request.
  • Service providers used by us in processing any claim including loss adjustors and claims management providers, document storage facilities and IT service providers such as cloud providers of software, data room and IT servers.
  • Our auditors, our own legal and other professional advisors, our insurers and insurance brokers.
  • Government agencies, regulators, the police/law enforcement agencies and other authorities (including the French data protection law authority).
  • Financial organisations, debt collection, credit reference and tracing agencies, and related investigators.
  • Any relevant corporate entity relevant to your business (such as a franchisor or trade supplier in the case of franchise bonds).

We may also share your personal data with anyone you have authorised to deal with us on your behalf.

The data we collect will also be processed by any employee and/or service of SBCUK or SBC, on a business need to know.

Where data may be sent

The data we collect may be transferred to, and stored at, a destination outside of the European Economic Area ("EEA") including to countries recognised by the European Commission as providing adequate protection (equivalency). It may also be processed by staff operating outside of the EEA who work for one of our suppliers. If we provide information to a third party, we will ensure that it and any of its agents and/or suppliers take all steps reasonably necessary to ensure that your data is treated securely and in accordance with GDPR, related UK (SBC UK) or French (SBC EUROPE) data protection legislation and this Privacy Notice, which may include entering into the necessary data transfer agreements.

Should you wish further information on the guarantees taken, please contact us by using the contact details above.

How long we keep data

We will keep personal information no longer than is necessary for the purpose for which it was provided unless we are required by law or have other legitimate reasons to keep it for longer (for example if necessary for any legal proceedings). These retention periods depend on the nature of our relationship with the individual and the information involved. For instance, we generally retain relevant personal data for the duration of our business relationship and for up to one year after that relationship has concluded, or the time for any possible claim has expired.

How we maintain data

We will take reasonable steps to ensure that personal information we collect, hold, use and disclose is accurate, up-to-date, complete and relevant. We are committed to keeping secure the personal information provided to us. We will take all reasonably necessary steps to protect the personal information we hold about you from misuse, interference and loss and from unauthorised access, modification or disclosure. We have a range of practices and policies in place to provide a robust security environment. We will ensure the ongoing adequacy of these measures by regularly reviewing them. Our security measures include but are not limited to:

  • Ongoing education of our staff as to their obligations with regard to your personal information.
  • A data security management policy and processes.
  • A data breach notification management policy and processes.
  • Employing physical and electronic means including access controls to protect against unauthorised physical access.
  • Use of passwords when accessing our systems.
  • Restricting access to electronic records on a "need to know" basis.
  • Daily back-up of our data to minimise chance of data loss.
  • Employing firewalls, intrusion systems and virus scanning tools to protect against unauthorised persons and viruses from entering our systems.
  • Entering into confidentiality agreements with employees and third parties.
  • Lockable secure storage for physical records containing personal information.

Complaints

All persons about whom we hold or process personal data (data subjects) have the right to lodge a complaint with:

  • SBC UK - the Information Commissioner in respect of our processing of their personal data. Information can be found at www.ico.org.uk/for-the-public/
  • SBC EUROPE - the CNIL (Commission Nationale de l'Informatique et des Libertés) 3, Place de Fontenoy TSA 80715 75334 PARIS CEDEX 07 France in respect of our processing of their personal data. Information can be found at www.cnil.fr

To raise a complaint with us in the first instance, please contact us using the contact details above.

Individuals' rights under European Data Protection law and regulation

All persons about whom we hold or process personal data (data subjects) have rights under data protection laws to request from us access to or rectification of their personal data. We will erase any or all of your personal data upon your specific request where we have no legitimate reason to continue to hold your information. You also have the right to request the restriction of any processing or to object to our processing of your personal data. You also have the right to data portability. Please use the contact details above to exercise your rights. You can find more information about your rights at SBC UK www.ico.org.uk/for-the-public/ or for SBC EUROPE at www.cnil.fr