OBVIOUS USES OF YOUR PERSONAL DATA
- Registration data
We need the personal data you provide to perform our contract with you, and more specifically for the reasons set out below, including to conduct checks prior to granting a loan, to complete the loan agreement with you, to manage your loan account and to collect payments and/or recover debt. We will also use it to contact you.
- Credit Reference Agencies & Fraud Prevention Agencies
Your personal data is also used for:
- managing your account
- verifying the accuracy of the data you have provided to us
- debt recovery and debtor tracing
- Account management
- When you contact us
LESS OBVIOUS USES OF YOUR PERSONAL DATA
- Browsing patterns, interaction with our website and your equipment
INFORMATION WE SHARE WITH/OBTAIN FROM OTHER SOURCES
Third Parties Service Providers:
- Credit References Agencies & Fraud Prevention Agencies: Sometimes we obtain personal data from, and share personal data with CRAs and/or FPAs, to assist us and CRAs and in creating and/or improving risk models. We only use third party data if the relevant consent has been provided.
- Payment services providers: Sometimes other businesses give us personal data about you which we may need for our legitimate interests of conducting business with you, and on occasion they are necessary to perform our contract with you. This happens when we link through to third party payment providers. They tell us whether you have/have not made payments.
- Debt management companies, Insolvency Practitioners & CMCs: We are under a legal obligation to work with third parties to whom you have provided authority to act on your behalf. In so doing they may provide us with information about you and may request information about you.
- Third party contractors/service providers: We may also engage third party contractors to provide us with technical or delivery services that are related to your loan account with us. We need these providers to provide us with their services for our legitimate interests of operating our business and our website effectively.
- A list of third party contractors/service providers we engage to handle your personal data can provided on request.
- Consumer research: We may use third party providers to undertake consumer research to assist us in understanding consumer needs and preferences, so we can improve or develop our products and services and also so we ensure we target appropriate consumers.
- Direct Marketing: We may use third parties to send direct marketing material on our behalf, to our customers or to target consumer audiences. Our use of third parties to distribute marketing is in the legitimate interests of our business. In all cases we ensure you have been given the opportunity to inform us that you do not want to receive marketing from us.
PROFESSIONAL ADVISERS: We may also share your personal data with professional advisers such as our lawyers and insurers to manage risks and legal claims. This is in our legitimate interests.
PARTNERSHIPS: We may also enter partnerships with third parties to exchange information about you where we think it will give you an opportunity to get a great product or service but we will always inform you about this and ask for your express permission to participate in this.
ADVERTISERS: We may provide suppliers of analytical services or advertising networks and search engine providers with aggregate information about our users to help them reach certain demographics. We do not disclose information that identifies you as an individual.
We may also provide these platforms with your email address to create ‘audiences’ of users fitting within a certain demographic/category so that we can target our marketing. The Facebook GDPR Portal explains these services in more detail. This use is in our legitimate interests of sending you direct marketing.
LAW ENFORCEMENT/LEGAL COMPLIANCE:
We will co-operate with all third parties to enforce their intellectual property or other rights. We will also cooperate with law enforcement requests from within or outside your country of residence. This may include disclosing your personal information to government or law enforcement agencies, or private parties, when we have a good faith belief that disclosure is required by law or when we, in our discretion, believe that disclosure is necessary to protect our legal rights, or those of third parties and/or to comply with a judicial proceeding, court order, fraud reduction or legal process served on us. In such cases, we may raise or waive any legal objection or right available to us. These uses of your personal data are in our legitimate interests of protecting our business security. We may also use your personal data and share it with the recipients listed in this policy for the purpose of complying with our legal obligations.
We only send electronic marketing such as email or SMS marketing to people who have provided the relevant consent for us to do so. We will always offer an unsubscribe facility so you can opt out of receiving this marketing when you first make a loan application and in every marketing communication afterwards. We may on occasion send out postal marketing for the purpose of growing our sales which is in our legitimate interests and in this scenario we will rely on you to let us know if you do not want to receive this by opting out of the marketing.
You also give us personal data such as contact information when you enter one of our competitions. In these circumstances you are giving us these details to participate. These functions only operate on our website on an opt-in basis and so we rely on your consent to use your personal data in this way.
You also give us your personal data when you participate in discussion boards or other social media functions which we may use from time to time on our website. Operating these discussion boards allows you to share your views with our other customers. This processing of data is in the legitimate interests of the business.
WHERE WE SEND YOUR PERSONAL DATA AND WHERE WE STORE IT AND FOR HOW LONG?
The personal data that we collect from you will be stored in the UK, however it will also be transferred and stored as follows: We use the following ‘cloud providers’ to provide us with technical solutions. These include Microsoft Azure and Amazon Web Servers (AWS). Their GDPR portals explain where they store the personal data we provide to them and how they provide us with adequate safeguards to protect your personal data. We only store your personal data for as long we need it. Details of our records retention policy is available upon request. To determine the appropriate period we consider the nature of the personal data, its sensitivity, the potential for harm and the regulatory requirements placed upon us.
SPECIAL CATEGORIES OF PERSONAL DATA
You may provide us with following special categories of personal data. This is required for the performance of the contract. Card details are encrypted. Other information is held securely.
- bank records;
- card details;
- utility bills;
- identification records;
- information concerning your financial status;
- information concerning your employment status.
All information you provide to us is stored on our servers and we have implemented reasonable and appropriate security measures to protect your personal data including limiting access to key personnel and utilizing user names, passwords, encryption and anonymization where appropriate. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee that data breaches will never occur. Please keep your password safe at all times and log out of inactive sessions. Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. Please do not provide us with any other person’s data unless we have specifically prompted you to do so.
For safety purposes, we may require users to verify their accounts (because we want to make sure you are not a robot or a minor). However, with the prevalence of ‘phishing’ you should treat all such emails with caution. We advise that you check our main website by typing in the full address (and not using a ‘cached’ copy of the website on your device) and use the contact details on our website to contact us to verify the request. We also do not recommend that you put email addresses, URLs, phone numbers, full names or addresses, credit card details or other identifying or sensitive information in any online chat function or public profile.
Our products are not aimed at Under 18-year-old individuals and neither is our website.