British Monomarks Ltd. 2018
British Monomarks Limited have determined that there is a legal obligation to request, verify and store customer ID documentation because of being being classified by HMRC as a Company Services Provider.
The following Privacy Statement has been drawn up from the key questions that arise from the requirements of the new GDPR laws.
A) What information is being collected?
British Monomarks Ltd. are required by HMRC Anti-Money Laundering rules, based on the June 2017 Act of Parliament: The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, to hold personal and corporate ID documentation for all individuals, organisations and corporate businesses that contract with us to use our mail handling and mail forwarding services. In respect to this Act of Parliament British Monomarks Limited are classified by HMRC as a Company Services Provider.
The information we are required to hold for service account holders and all named individuals set up on their account to be able to receive mail at our business address is as follows:
A current Photo ID such as a passport or photo driving licence AND a current proof of residential address. This must be in the name of, and addressed to, the named individual and less than 3 months old. Acceptable documents include utility bills, bank letters or statements, HMRC correspondence, landline or broadband bill etc. Documents that cover a full calendar year such as an insurance policy, TV licence, property lease etc. will also be accepted.
2. Organisations & Corporations:
The requirements for individuals as set out in 1. above apply and additionally we require to hold these two items of ID documentation for the all directors, persons with significant control and trustees of incorporated companies, charities and organisations.
For incorporated companies we require a copy of the company’s Certificate of Incorporation AND a proof of the Company’s trading address AND a proof of Company’s Registered Office Address.
B) Who is collecting it?
All ID is requested and handled exclusively by British Monomarks’ AML Team which comprises of a Controller and Operator/s. This team is overseen by the Company’s Responsible Person who is registered and approved for this role with HMRC.
C) How is it collected?
Personal ID documentation is only ever directly requested from the account holder. They are requested to provide their personal IDs and those of named individuals set up on their account. We provide a number of options for their provision:
– Online via our website as the 3rd and final stage of our Service Sign Up Process. This is a secure, encrypted online form / file uploader which automatically recognises the documentation we require from a combination of the service purchased and other information entered by the applicant. This may include additional names required to receive mail on the account or company directors, trustees or persons of significant control for incorporated businesses, charities and similar organisations.
– Other ways we collect ID documentation can be triggered by an updating information request by us as a result of a change of the customer’s residential address, name change through deed poll or marriage or additional names being added to the account. It is entirely at the discretion of the customer how they supply their ID documentation to us. The following routes are available. (i) Email as an attachment. (ii) Online via an encrypted file uploader form (iii) In person at our offices (iv) by post or courier.
D) Why is it being collected?
Individual customer and corporate IDs are collected to comply with HMRCs specific AML requirements and UK law, namely; (i) the verification of the account holder’s and named individual’s identities and residential address details; and (ii) the corporate information required as listed (2) above.
E) How will it be used?
The ID documentation we are required to hold is used, in the first instance to satisfy ourselves that the customer is in fact who they say they are. This can be achieved by two distinct methods. (i) When the customer presents their ID documentation to us in person we are able to make a subjective evaluation by comparing the individual with the information recorded on their ID Document mainly, but not exclusively, based on likeness, age and gender. (ii) Where customer ID documentation is received by post, file upload, email or provided in person by a third person. Under these circumstances we use a third party AML verification company Creditsafe PLC. We also use a variety of other sources for incorporated company, charity or organisation verification including Companies House and the the web presence of these such as a websites and Linked In.
F) Who will it be shared with?
As stated in (3) above the two third party organisations we ‘share’ customer ID information with is Creditsafe PLC and Depositit. (i) Creditsafe PLC. Results from ID checks made using CreditSafe’s Personal AML verification system are based on information drawn from a blend of life and death registers to verify an individuals identity, there is no financial aspect whatsoever to this activity. We use this system for the sole purpose of the verification of ID documentation and is only used when customer documentation is not presented in person. (ii) Depositit. Provides blind, powerfully encrypted off-site back up of the entirity of British Monomarks Limited’s company data.
The following is a positioning statement from Creditsafe:
“Creditsafe acts as data controller in relation to any personal data received and processed by it in connection with its services. This determination has been made following detailed data protection impact assessments on all data flows in and out of our organisation, including via the services we provide, and independent legal advice from data protection specialists.
Therefore, we do not act as processor for the customer and the customer does not ‘share’ information with us as we or our suppliers already hold the information on our database.”
Our company data is backed-up incrementally offsite by an established service provider.
The following is a positioning statement from Depositit:
“Depositit are a UK based data protection and cyber security company providing solutions that safeguard digital data against Loss from accidental deletion, hard drive error, virus corruption, theft, fire and flood and Infiltration from hacking, ransomware, malware exploits and all malicious cyber threats.
It’s important to note that Depositit do NOT have access to any customer files at any time. The only information we have access to are details that have been registered to us for contact purposes such as the company name, address, contact and contact number and email address. Customers’ using our Depositit Computer Backup Service to safeguard files against Loss-we are storing your files BUT can never see them. They are encrypted on the client side prior to transfer and when stored in the Depositit data centres (x 2 and both UK based and commercially independent from each other for additional safeguarding and redundancy) they arrive in that encrypted format (unintelligible) and for extra security are further encrypted using 448-bit Blowfish encryption.
Depositit never access any files stored on our systems and do not, see, read or open anything.
G) What will be the effect of this on the individuals concerned?
We are of the view that our legally required activities of requesting, verifying and storing our customer’s ID will not have a negative impact on our customers.
H) Is the intended use likely to cause individuals to object or complain?
Given we are legally required by HMRC and UK law to request, verify and hold customer and corporate ID information soley for the purposes of identity verification we can see no reasonably held reason for legitimate customers to object or complain.
In person at our offices:
Working weekdays 9.00am – 5.30pm. British Monomarks Limited. Monomark House, 27 Old Gloucester Street, London WC1N 3AX
Working weekdays 9.00am – 5.30pm. 020 7419 5000