This privacy notice explains how and why Blue Motor Finance Limited (Blue), uses personal data processed by or collected on our behalf. Blue is a data controller of the data it collects about its customers, and this notice describes how it uses your information. Blue’s contact details are:
This notice applies to Blue’s customers, people who have applied to it for finance, and individuals connected to its customers whose data it collects as part of its interactions with customers. You should read this policy so you know what personal data we collect about you, what we do with it and how you can exercise your rights in connection with it. If you are a partner, supplier, or another third party, please see the Third Party FPN.
Information Blue collects from you
When you apply to Blue for a loan, you provide it with information so that it may decide whether to lend to you and assist with the overall management and administration of your agreement. The information that Blue may collect about you includes:
Blue describes how it treats this information below.
Information collected from third parties
Blue will collect information about you from third parties, such as Credit Reference Agencies (CRAs) when it conducts credit checks on you (see relevant section below for more information).
As the data controller, Blue is legally responsible for ensuring that it has a legal basis for processing your information. The UK GDPR sets out several legal bases for processing personal data, and Blue describes below some of the purposes Blue will use your information and the lawful basis it relies on to do so.
| Purpose | Lawful basis for our processing |
|---|---|
|
Accessing your loan application for a product or service with Blue, including:
|
|
|
Managing and administering your account, to deliver services provided by Blue, including:
|
|
|
Meeting our legal and regulatory obligations
|
|
|
Auditing and assuring our processes and services:
|
|
|
Preventing and investigating fraud and financial crime:
|
|
|
Mergers, acquisitions and business funding:
|
|
|
Market research and business analysis:
|
|
|
Marketing:
|
|
In the course of applying for a loan or while the loan is operating and you interact with Blue, you may provide to Blue and/or Blue may need to process information which is especially sensitive. Some of this information is called “Special Category Data” such as information in relation to health, lifestyle, accessibility, family circumstances and in some cases, information relating to criminal matters or offences.
Blue may collect the following types of special category data about you:
Where this is the case, Blue will normally process this information on the legal basis that it is in the wider public interest, such as for regulatory or legal reasons (for example in relation to identifying and supporting any vulnerability or making any accessibility adjustments) or for preventing or detecting unlawful acts such as fraud.
Substantial public interest including:
Responding to regulatory requirements, including:
Legal claims, including:
Blue may process your information in various ways, using automated and manual systems.
Blue uses automated decision making as part of its process to determine whether it will lend to you and on what terms. Blue will compare your profile against its qualification criteria using automated means, as well as data obtained from credit reference agencies to assess how your likely to act while paying back your loan If you do not meet its criteria, it may refuse to lend to you on the sole basis of its automated decision making systems.
As one of your rights, you are able to object to any solely automated decision that has been made about you and ask that a person at Blue reviews that decision. To do this, and to know more about your rights, see the section below titled “What rights do you have with regard to your information?.”
Credit Reference Agencies
If you apply for a loan, Blue will carry out credit and identity checks on you with CRAs, to:
Blue will carry out additional checks on you from time to time to understand your financial position and manage your loan account.
To carry out credit checks on you, Blue will provide your information that you have provided to us, to a CRA and the CRA will return to Blue information about you. The information that Blue receives from CRAs includes data which originates from Royal Mail (UK postal addresses), local authorises (electoral roll), the insolvency service, Companies House as well as other people with whom you are financially linked (such as your spouse or partner), including but not limited to:
If Blue searches your record at a CRA, the CRA will add to your record the details of its search and the details of your loan application. Blue may also share your information with CRAs on an ongoing basis, including details of settled accounts or debts not fully repaid on time. This information will be available to other organisations that search your CRA record. Other organisations may use this information and other information about you to make credit decisions about you and the people with whom you are linked financially (such as a spouse or partner).
If you propose a joint agreement or Blue enters an agreement with you involving joint parties, this information will be recorded with CRAs. This will create an association between your record and your joint party’s record, which Blue or other organisations may consider in future decisions. This association will remain in place until you file a disassociation with the CRA.
For more information on CRAs, including their relationship with Fraud Prevention Agencies, please refer to the Credit Reference Agency Information Notices (CRAIN) below.
Fraud Prevention Agencies
Blue may share your information with Fraud Prevention Agencies to detect and prevent fraud. If Blue or FPA’s determine that you pose a fraud or money laundering risk, Blue may refuse to provide the services or stop any existing services with you. FPAs will share their records with other organisations, in which other organisations may use this information to make decisions about you and other persons connected to you, including in relation to employment, credit, or insurance, and may result in others refusing services if fraud is detected.
For more information on FPAs, please refer to the Fair Processing Notices below.
CIFAS: https://www.cifas.org.uk/fpn
Legal, Governmental, and Regulatory Bodies
Blue may share your information with legal, governmental, and regulatory bodies to meet its legal and regulatory obligations. These may include the Financial Conduct Authority, the Financial Ombudsman Service, the Information Commissioner’s Office, the Police or any other legal, governmental, or regulatory body.
Service Providers
Blue may share your information with professional advisers (including legal advisers), outsourcing providers (such as IT service providers), financial institutions (such as banks), or with any other type of organisation or person that it uses to help it conduct its business. Blue only uses third parties where they have entered into appropriate data processing agreements in place. This means that they cannot do anything with your personal information unless Blue have instructed them to do it. They will not share your personal information with any organisation apart from Blue or further sub-processors who must have also entered into a similar data processing agreement, or where the law authorises them to do so.
Examples of third party service providers that Blue use are as follows:
Authorised Third Parties
Blue may share your information with any person that you have authorised to engage with it on your behalf or that otherwise has a legal authorisation to do so. This includes parents/guardians, carers, or any other helpers where you are unable to handle your own affairs due to mental incapacity or other similar issues, for example power of attorney.
Blue may share your information with any organisation you have appointed to act on your behalf or authorised to receive your information, such as law firms and claims management companies.
Restructure, sale or acquisition
Blue may share your information with any person to whom it sells or transfers (or enters into negotiations to sell or transfer) its business or assets. If the transfer or sale goes ahead, the transferee or purchaser may use your information as set out in this notice.
Other lenders with an interest in your loan
If you have a loan agreement, Blue may transfer an interest in your loan to selected partners, such as other lenders, including where Blue transfers or delegates its rights and obligations under your loan agreement to another lender. If the transfer goes ahead, Blue may share your information with each transferee who has an interest in your loan where there is a lawful basis for it to do so - for example, to enable the other lender to meet its regulatory obligations or reporting requirements. In such circumstances, the transferee may use your information as set out in this notice, including data from credit reference agencies for the purpose of assessing their risk, which may include matching your data to other data which they may hold about you.
We are unable to provide you with a product or service or to process your application without having certain personal data about you. Your personal data is required before you can enter into the relevant contract with us, and or it is required during the life of the contract and or it is required by laws that apply to us.
Where you tell Blue you are happy to receive information from us or providing you have not opted out, we may send you communications about products and services that we perceive may be of interest to you, including third party marketing.
If, at any time, you prefer not to receive further communication, you will have the ability to unsubscribe and opt out from such communication by means of a link provided in every email that is sent to you. You can also update your marketing preferences through your online portal account or contacting the customer service team at: customerservices@bluemotorfinance.co.uk.
Blue may transfer your information outside the United Kingdom to comply with legal or regulatory duty or where it is required by suppliers in connection with the services provided by Blue. Your personal data is only permitted to be transferred be transferred internationally by virtue of an adequacy decision in place, which means that the recipient country has similar data protection laws and measures which protect your information to UK standard. In other cases, your personal data is permitted to be transferred internationally by virtue of contracts in place between Blue and third parties which include contractual obligations in the form of standard data protection clauses which require the recipient to protect your personal data to the standard required in the UK. For more information on international data transfers, including details of safeguards, please contact Blue’s Data Protection Officer at dpo@bluemotorfinance.co.uk.
If you apply for finance and Blue decides not to lend to you or your finance application is accepted but you do not proceed, it will keep your information for 1 year from the end of your relationship with it. Blue does this for several reasons, including to provide information to regulators on its lending practices. However, Blue may extend the relationship beyond the date it refused your loan application, e.g. if there is an ongoing dispute or complaint. If Blue extends the relationship, it will end it as soon as it determines it is possible to do so, e.g. when the dispute or complaint is settled.
If you enter a loan agreement with Blue, it will keep your information for 7 years from the end of the last financial year of our business relationship with you. Blue does this for several reasons, but primarily to maintain records according to its legal and regulatory obligations. However, Blue may extend the relationship beyond the end of the contract, e.g. if there is an ongoing dispute or complaint. If it extends the relationship, it will end it as soon as it determines it is possible to do so, e.g. when the dispute or complaint is settled.
You may have the following rights in regard to your information:
If you wish to exercise your right of access to a copy of your information, please contact Blue at its dedicated email address dsar@bluemotorfinance.co.uk.
If you have questions regarding your rights or wish to exercise a right other than the right of access, please contact Blue’s Data Protection Officer at dpo@bluemotorfinance.co.uk.
This privacy notice is kept under regular view and our latest version will be published here. In the event of any substantial changes in the way Blue Motor Finance Ltd processes your personal data you may be contacted to notify you of such changes.
You have a right to make a complaint if you are dissatisfied with how your personal data is processed by Blue Motor Finance. However, we would appreciate the opportunity to deal with your complaint before you approach the supervisory authority. Please contact us at dpo@bluemotorfinance.co.uk as we Blue may be able to resolve your complaint or address your concerns in the first instance.
If you are still not satisfied with the response sent by Blue, you have the right to complain to the Information Commissioner’s Office about Blue’s processing of your information. You can contact the Information Commissioner’s Office using the following details:
Web: https://ico.org.uk/make-a-complaint/
Telephone: 0303 123 1113
