For the purpose of the Data Protection Act 2018 (the Act) and the provisions of Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR), the Company is the data controller. Our Information Commissioner’s Office Data Protection registration number is ZA001503.
How we collect your Personal Data
We collect Personal Data directly from you via the Website and other communications between us when you use or apply to use our services, including when you apply to us for a loan via a credit broker and they transfer your personal data to us in accordance with your agreement with them. This includes:
- your name, date of birth, home address(es), telephone number(s), email address(es), financial information (such as bank account and salary details) and employment information;
- information about your transactions with us, such as payment history and loan balances, and information provided when interacting with our customer service representatives;
- other personal information you voluntarily provide, which may include special category personal data, for example data which you provide about your health where this relates to your ability to meet your obligations under the agreement;
We also collect your Personal Data from third parties:
- from searches of Credit Reference Agencies (CRAs) of their records relating to you and other people with whom you are linked financially;
- from public records (e.g. the electoral roll);
- from other third parties with your consent (for example a credit broker).
How we use your Personal Data
We use your Personal Data which we collect as set out above to:
- verify your identity and employment status;
- assess your credit history and make credit decisions about you;
- communicate with you by telephone, email, SMS, or post;
- meet our legal, regulatory and contractual obligations arising from any loan agreement you enter into with us;
- manage your account, make collections, trace you and recover debts owed by you;
- prevent fraud and money laundering;
- report positive, delinquent and default data to CRAs
- provide you with information about other products and services we offer that are similar to those that you have already entered into, requested or enquired about;
- provide and improve customer service and support;
- administer our Website, enhance operational capabilities and for internal operations;
Personal Data We Collect
We may share your personal information with:
- third parties to which we transfer, charge or assign your agreement or which provide services for us
- to the purchaser or seller of or investor in any business or asset (including the sale or transfer of a loan) which we are (or are contemplating) selling or purchasing and their advisors or service providers
- in connection with any legal proceedings or prospective legal proceedings or for establishing, exercising or defending legal rights
- law enforcement agencies or regulatory bodies where we are required to do so by law
- CRAs and Fraud Prevention Agencies (FPAs)
Credit Reference Agencies
In order to process your application, we will perform credit and identity checks on you with one or more CRAs. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file; for our initial search on application this may be a 'soft footprint' which cannot be seen by other lenders but if you proceed to take out a loan with us this footprint will be visible to others who search you credit record.
Records remain on file with CRAs and FPAs for 6 years after they are closed, whether settled by you or defaulted.
More information about CRAs and how they use personal information is available at http://www.experian.co.uk/crain/index.html or you can contact the agencies below:
Callcredit Consumer Services Team, PO Box 491, Leeds, LS3 1WZ Tel: 0330 024 7579 or visit www.callcredit.co.uk
Equifax PLC Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US Tel: 0870 010 0583 or visit www.myequifax.co.uk
Experian Consumer Help Service, PO Box 8000, Nottingham, NG80 7WF Tel: 0870 241 6212 or visit www.experian.co.uk
Processing your data using automated decision-making software
We use automated decision-making software to underwrite your loan. Our automated decision-making systems includes but is not limited to the following inputs:
- Credit model algorithms
- Affordability algorithms
- Employment verification
- Anti-fraud and Anti-money laundering databases
- Other data sources that provide inputs that show your creditworthiness, affordability or fitness to receive credit
This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, is inconsistent with any previous information you’ve provided, or you appear to have deliberately hidden your true identity.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the loan you have requested or we may stop providing our service to you.
The use of automated decision-making software is a requirement to enter into a loan agreement with us. You have the right to request that we do a manual review of the results of the automated decision rendered.
Our legal basis for using your Personal Data
Our use of your Personal Data as outlined above is subject to different legal bases for processing, including where necessary for:
- The purposes of the performance of our agreement with you or to take steps at your request prior to entering into an agreement with you. If you do not provide such information we will be unable to provide you with a loan.
- Our legitimate interests, for example in managing and monitoring our website operation, preventing fraud and for our business compliance purposes
- Compliance with a legal obligation, for example under consumer credit, anti-money laundering and data protection law and making reports to our regulatory authorities and to law enforcement agencies.
Where our use of your data is not necessary for one of the purposes outlined above we may seek your consent to use it in a particular way, for example if we ask you to complete a customer survey, or request your consent to pass your information to named third parties for the purposes of marketing to you by electronic means. Where we ask for your consent you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us using the details set out below.
How long we will keep your Personal Data
We will retain your personal data for as long as is necessary for the relevant purposes, as set out above. Once our relationship with you comes to an end, we will keep your personal data for a further 7 years to ensure we comply with our legal obligations and meet our legitimate business needs.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
Transfer of your Personal Data
The Personal Data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA), including the USA. It may also be processed by staff operating outside the EEA who work for us, for our affiliates or for one of our suppliers. Such staff may be engaged in administering your loan, managing your account, collection and processing of payments and the provision of support services. Before we transfer your Personal Data outside the EEA we will take all steps reasonably necessary to ensure that any such transfer is made securely and that there is adequate protection in place in order to protect your Personal Data, as required by the Act and Chapter V of the GDPR, including requiring the transferee to enter into model contractual clauses. Please contact us if you wish to obtain a copy of the relevant safeguards.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
We will take reasonable measures to protect Personal Data in our possession from loss, misuse and unauthorised access, disclosure, alteration and destruction. Personal Data is secured by us in the following ways:
- Personal Data is stored in a restricted access format;
- Personal Data will be transmitted in an encrypted format using Secure Sockets Layer (SSL) software;
- Relevant networks are secured with certified firewalls in a multi-layered manner with redundancy;
- Our customer service representatives are only provided with limited access to Personal Data; and
- Network related equipment is secured with a password, and access is limited to authorised network engineers who support our equipment, systems and the Website.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Marketing and Opt-Out Rights
Unless you have opted out, we may contact you via email, SMS/text message or other electronic mail to inform you about other products or services provided by us that are similar to those that you have already agreed to, requested or enquired about.
You have the right at any time to ask us not to use your Personal Data for marketing purposes by notifying us using the contact details set out in the "Contact" section below
Our Website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their operation. Please check these policies before you submit any Personal Data to those websites.
Your personal information is protected under data protection law and you have a number of rights (see below) which you can seek to exercise. Please contact us in writing, by email or telephone using the details shown under 'Contact and Complaints' below if you wish to do so, or if you have any queries in relation to your rights. Please note these rights do not apply in all circumstances.
Right of access subject to certain exceptions, you have the right of access to your Personal Data that we hold.
Right to rectify your personal information If you discover that the personal information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e. corrected).
Right to be forgotten - You may ask us to delete information we hold about you in certain circumstances. This right is not absolute, and it may not be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations.
Right to restriction of processing - In some cases you may have the right to have the processing of your personal information restricted. For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified.
Right to object to processing - You may object to the processing of your personal information (including profiling) when it is based upon our legitimate interests. You may also object to the processing of your personal information for the purposes of direct marketing and for the purposes of statistical analysis.
Right to data portability - You have the right to receive, move, copy or transfer your personal information to another controller when we are processing your personal information based on consent or on a contract and the processing is carried out by automated means.
"Cookies" are small data files that websites download to a user’s computer, mobile phone or tablet hard drive. Most web browsers automatically accept cookies. We or our service providers send cookies when you visit our Website or websites where our ads appear, make purchases, request or personalise information, or register yourself for certain services. Accepting the cookies used on our Website, sites that are provided by another company on our behalf, or sites where our ads appear may give us access to information about your browsing preferences, which we may use to improve the services we provide to our users, and to personalise and enhance your user experience. We use similar technologies within emails to understand whether the email has been read or if any links have been clicked by you. Cookies are typically classified as either "session" cookies or "persistent" cookies.
- Session cookies do not remain on your computer after you close your browser.
- Persistent cookies remain on your computer or other device until you delete them or they expire.
You can reject cookies or selectively accept cookies by activating the setting on your browser that allows you to refuse all or some cookies. If cookies are not accepted, there may be some features of our Website that will not be available and some websites may not display properly. In most instances, however, you may reject a cookie and still be able to navigate our Website without issue. Information on how to adjust cookie preferences (e.g., preventing your browser from accepting new cookies, etc.) are located in the help and support section of your browser. If you continue to use our Website without changing your settings, we will assume that you agree to receive all cookies on the Website.
We DO NOT store passwords or any other information about a visitor in a cookie that would identify them, locate them, and determine their preferences or their financial activity. Aggregated customer information may help assess the performance of our Website and develop strategies to maximise utility. This information may be provided to other companies, including but not limited to third party advertisers. This information does NOT include any of your Personal Data.
The cookies that we use on the Website and the purpose of their use are:
These Cookies allow us to keep your experience smooth by remembering details of your session, so you do not need to continually re-enter information or log in for every page you visit during a session.
- [AvantCredit] – Contains a session cookie recognizing applicant to process loan application through completion for internal logging;
- Security Cookies – Session cookies used to support security measures within the site;
Performance cookies allow us to collect information about your experience on the AvantCredit platform, we don’t store any personal details, but this allows us to see what pages our users interact with and how, as well as allowing us to track effectiveness of marketing campaigns, so we can continue to improve your experience.
3rd Party Cookies
- Google Analytics – A third party, persistent cookie which supports web analytics tracking; and
- Google Adwords – Conversion tracking.
- Adalyser- Third party, persistent cookies used to support tv tracking system;
- Atlas- Third party, persistent cookies used to tie back an activity on our website to an earlier activity on a third-party website;
- AA003- Third party, persistent cookies used to tie back our people-based metrics in reporting;
- Responsys- Third party, persistent cookie used to track what stage a user reaches on our application via our email marketing platform;
- Heap - Third party, session and persistent cookies used for web analytics;
Functionality cookies allow us to remember settings or provide essential services to improve our customer experience.
3rd Party Cookies
- Olark- Session and persistent third-party cookies used to support the Olark chat system cookies;
- Kenshoo- Third party, persistent cookie used for website conversion tracking;
- Iovation – Contains a cookie to identify applicants electronic device;
- LivePerson – A tracking pixel used to track web session for customer service web chat;
- H Online – Contains a cookie to identify applicants electronic device;
- Adroll- Third party, persistent cookies used to retarget visitors on other websites, or exclude them from said remarketing and records a conversion when user who has seen or clicked an ad reaches a defined point in our conversion funnel;
- DoubleClick – This is a tracking pixel that records traffic coming from 3rd party sources;
- Yield Manager – This is a tracking pixel that records traffic coming from 3rd party sources;
This Policy may be amended from time to time and we will give you notice of material changes by posting a notice regarding the changes on our Website for 60 days or by sending notification via email to the email address you have provided. Please check our Website frequently to see any updates or changes to this Policy.
Contact & Complaints
If you have any questions about how we treat your personal data and protect your privacy, if you have any comments or wish to seek to exercise any of your rights as outlined above or to complain, please contact us by emailing [email protected]
You may also lodge a complaint with the Information Commissioner's Office, Water Lane, Wilmslow, SK9 5AF telephone 0303 123 1113. www.ico.org.uk/.