Just Protect Limited – Group Privacy Policy

Version: 2.1

Effective Date: March 2026

Just Protect Limited ("we", "us", or "our"), trading under the styles Just Fund Me, Just Innovate, Just Auto Loans, and Just Protect Group, is committed to protecting your personal data. As a finance and insurance broker, we collect personal information to process your application and to provide access to our finance and aftercare product providers.

This Privacy Policy explains how we collect, use, share, and protect your personal data in accordance with UK data protection law, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and amendments introduced by the Data (Use and Access) Act 2025 (DUAA).

Who We Are

• Legal Entity: Just Protect Ltd
• Registered Address: 13 Liverpool Road North, Maghull, Merseyside, L31 2HB
• Contact: 01704 627282
• Email: info@justprotect.co.uk
• ICO Registration Number: ZA304322
• FCA Firm Reference Number: 792773

Data We Collect

Upon your consent, either through our terms of business or via an authorised introducer, we may collect some or all of the following categories of personal data:

• Full Name
• Date of Birth
• Residential Information (current and previous addresses)
• Contact Details (phone and email)
• Financial Information (income, expenditure, credit history)
• Employment Status and Details
• Identification Documents (passport, driving licence)
• Bank Account Details
• Vehicle and Insurance Information
• Records of your communications with us

We may also collect information about vulnerability indicators or circumstances requiring additional support to ensure we meet our obligations under FCA Consumer Duty.

How We Use Your Information

We process your personal data to:

• Assess and process applications for finance and insurance products
• Communicate with you regarding products, services, and support
• Comply with legal, regulatory, and FCA obligations, ensuring fair treatment, transparency, and Consumer Duty outcomes
• Prevent fraud, money laundering, and financial crime
• Improve our products and services through analysis and customer feedback
• Handle complaints and queries effectively
• Identify and support customers in vulnerable circumstances

Legal Basis for Processing

We process your data based on the following lawful bases under UK GDPR and DUAA:

• Consent: Where you have given us express permission (you may withdraw this at any time).
• Contractual necessity: To fulfil our agreement with you.
• Legal obligation: To meet regulatory requirements, including those set by the FCA, ICO, and under UK data protection law.
• Legitimate interests: For fraud prevention, network and information security, business administration, and improving customer outcomes.

Data Sharing and Transfers

We may share your data with:

• Finance providers, insurers, and product partners
• Credit reference agencies (Equifax, Experian, TransUnion)
• Fraud prevention agencies
• Regulatory authorities (e.g., FCA, ICO, Financial Ombudsman Service) if required
• Third-party service providers who assist with our operations (IT support, document management, customer communications)
• Legal and professional advisers

We do not transfer your data outside the UK unless permitted by UK GDPR or DPA 2018, using robust safeguards such as International Data Transfer Agreements or adequacy decisions recognised under UK law.

Data Retention

Your information is retained only as long as necessary for the purposes identified or as required by law and FCA guidelines. Typically:

• Customer records: Retained for at least five years after the relationship ends.
• Motor finance records: Retained until 11 April 2031 in line with FCA motor finance complaint handling requirements.
• Complaints data: Retained for at least five years (or longer for motor finance complaints).

After this period, data will be securely deleted or anonymised.

Data Security

We implement appropriate technical and organisational measures to protect your data from loss, misuse, unauthorised access, disclosure, or alteration. This includes:

• Encryption of sensitive data in transit and at rest
• Access controls and staff training on data protection
• Regular security audits and cyber resilience reviews
• Ongoing monitoring of security threats and vulnerabilities

We take our data protection responsibilities seriously, particularly in light of the ICO’s enhanced enforcement focus and updated procedural guidance under the Data (Use and Access) Act 2025.

Your Rights

Under UK GDPR, DPA 2018, and DUAA, you have rights to:

• Access your personal data (subject access request)
• Rectify inaccurate data
• Erase data where applicable (right to be forgotten)
• Restrict or object to processing
• Data portability (receive your data in a structured format)
• Withdraw consent at any time (where processing is based on consent)
• Object to automated decision-making (including profiling)

To exercise any of these rights, please contact us using the details provided below.

Our Data Protection Complaints Process

If you have concerns about how we handle your personal data, we encourage you to contact us first so we can resolve the matter promptly. We have a formal internal data protection complaints process to address your concerns.

How to Complain to Us

You can raise a data protection complaint by:

• Email: info@justprotect.co.uk or complaints@justprotect.co.uk
• Phone: 01704 627282
• Post: Data Protection Officer, 13 Liverpool Road North, Maghull, Merseyside, L31 2HB

We will acknowledge your complaint within 24 hours (working days) and aim to provide a full response within one month.

Escalation to the ICO

If you remain dissatisfied with our response, or prefer to complain directly to the regulator, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

• Website: www.ico.org.uk
• Phone: 0303 123 1113
• Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

This process reflects updated ICO guidance on data protection complaints and enforcement procedures introduced under the Data (Use and Access) Act 2025.

Changes to This Privacy Policy

We review this policy regularly and may update it to reflect regulatory changes, best practice, or changes to our services. The updated policy will be available via our website and upon request.

Current version: 2.1

Last updated: March 2026

Contact Us

For any questions about your data or this policy, please contact:

• Email: info@justprotect.co.uk
• Phone: 01704 627282
• Address: 13 Liverpool Road North, Maghull, Merseyside, L31 2HB