We believe you deserve respect when it comes to the security and use of your personal information, so we have described how we look after your information.
For the purpose of the applicable data protection laws, including the Data Protection Act 1998 as amended or replaced (including the EU General Data Protection Regulation due to come into force on 25 May 2018 (“GDPR”)), the data controller is Blue Motor Finance Limited.
We recognise how important it is to protect and manage the information you share with us. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we only authorise access to those employees who require it to fulfil their job responsibilities. When you share data with us through the website, that information is protected by secure socket layer (SSL) encryption. Our security systems meet or exceed industry standards and we are constantly monitoring internet developments to ensure our systems evolve as required.
Collecting your information
We collect personal information about you in a number of ways:
- information you provide to us through our websites and applications, for example, via our ‘contact us’ form. This may include your name, email address, telephone number and any other personal data you provide for us;
- information you provide to our partners, such us our intermediaries and brokers;
- information you provide through communications with us, such as over the telephone or via email; and
- from outside sources such as banks, Credit Reference Agencies and customer service providers to help us with customer verification and credit-related decisions.
In addition to the personal and financial information you submit (or we receive), we may process information about your computer including, where available, your IP address, operating system and browser type – for the purposes of system and loan administration and product improvement. For details on the information collected in this way please see our Cookies Policy.
Our website may use a website usage recording service which may record your mouse clicks, mouse movements and page scrolling. The information collected does not include any credit card or bank details. Data collected by this service is stored and used by us to improve our website usability and also for aggregated and statistical reporting. This information is not shared with anybody else.
We may also record and/or monitor calls for quality checks and staff training. Such recordings may also be used to help us combat fraud.
To register with us you must be 18 years of age or older. Minors are strictly forbidden from using the service.
Use of your information we hold:
As part of the provision of our services, we will hold and use the following details about you:
- your name, address, phone numbers, email address, date of birth, employment, banking and financial details;
- demographic and lifestyle information;
- information we receive when making a decision about you, your loan or application (including information collected from the CRAs);
- details of the loans you have and have had with us and all transactions;
- details of when you contact us and when we contact you;
- if you change your bank and your old bank informs us of your new bank account details, we will hold the new bank account details, and use them to operate your account; and
- any other information which we reasonably need to operate your account, make credit decisions about you or fulfil our regulatory obligations.
We may keep details of any phone number(s) that you call us from and use them to contact you about the services we provide to you.
If you provide us with any debit card details, either during the loan application or subsequently, we will keep those details for payment processing purposes. We may use the details to take further payments both on your current loan and on any subsequent loans, unless you advise us otherwise.
If a card is identified as having been used fraudulently then we will maintain a record of its use for reporting and preventing fraud; the card details will be deactivated to ensure that they can no longer be used to take payment.
When we are managing your account, we may be given sensitive information such as medical information. We will hold and process this information to allow us to make decisions about you and your accounts with us.
References to personal information include all of the information above whether obtained from you, from a Credit Reference Agency or Fraud Prevention Agency, from the internet or from any other source.
We will hold your data on our systems as follows:
- If you have taken out a loan – 5 years from the date on which your agreement is settled or our last interaction with you
- If you have had a loan declined or decided not to proceed with it – 3 years from the date on which you applied for finance
Information we share
We will keep your personal information confidential and only share it with others for the purposes explained in this policy. We have trusted relationships with carefully selected third parties who perform services on our behalf. All service providers are bound by contract to maintain the security of your personal information and to use it only as permitted by us.
We may share information about you:
- with any firm, organisation or person we use to help us operate our lending business, to collect payments and recover debts or to provide other services on our behalf, including third party service providers;
- if you have authorised us to do so, with any person who has told us and who we reasonably believe to be your parent, carer or helper where you are unable to handle your own affairs because of mental capacity or other similar issues;
- with any payment system we may use;
- where you have permitted us to do so, to other finance providers for the purposes of your application for a loan, in order for them to assess whether they can provide a loan to you;
- certain authorities in order to detect and prevent terrorism (including to authorities outside the UK);
- with any person to whom we sell or transfer (or enter into negotiations to sell or transfer) our business or any of our rights or obligations under any agreement we may have with you. If the transfer or sale goes ahead, the transferee or purchaser may use your personal information in the same way as us;
- with regulatory and governmental authorities ombudsmen, or other authorities, including tax authorities, including those overseas, where we are requested by them to do so;
- with CRAs and fraud prevention agencies or any similar organisation which provides a centralised application matching service that collects information from and about mortgage and/or credit applications, for the purpose of preventing and detecting fraud. We may also provide information to third parties to help them to make decisions about whether to lend to you, allow you extended payment terms or otherwise do business with you; and
- if we transfer, charge or assign your Agreement to a third party or if we employ a third party to manage any aspect of your account, we will pass relevant information about you (including personal data) to them for that purpose.
How we use your information
We will use your information to:
- assess your application, including searches against credit reference agencies (“CRAs”) and fraud prevention agencies’ records, including information from overseas (to find out how each CRA uses and shares personal data, please click here);
- make, or assist in making, credit decisions about you, assess lending and insurance risks, and to check the details that you have let us and others have;
- operate and manage your account and manage any application, agreement (including this Agreement) or correspondence you may have with us;
- carry out, monitor and analyse our business;
- contact you via email, SMS, letter or telephone regarding this Agreement, including to service your account;
- contact you by email, SMS, letter or telephone for marketing purposes, where you permit us to do so;
- to identify, prevent, detect or tackle fraud, money laundering, terrorism and other crimes;
- to form a view of you as an individual and to identify, develop or improve products, that may be of interest to you;
- carry out market research, business and statistical analysis;
- provide information to independent external bodies such as governmental departments and agencies, universities and similar to carry out research;
- carry out internal audits;
- perform other administrative and operational purposes including the testing of systems;
- trace your whereabouts;
- recover any debt you owe us; and
- comply with our regulatory obligations.
Your data may also be used for other purposes for which you give your permission, or where we are permitted to do so by law, or it is in the public interest to disclose the information or is otherwise permitted under the terms of the applicable data protection laws including the GDPR.
We use your personal data on the following legal bases, depending on the purpose of our processing:
- to enable us to perform the contract between you and us (if you have entered into a contract with us for services);
- your consent (for example, in respect of marketing);
- otherwise in our legitimate interests (for example, to make available the website to you); or
- to comply with a legal obligation.
Where the processing of your personal data by us is based on your consent, you may withdraw your consent at any time, by emailing us at email@example.com or by writing to us at:
Blue Motor Finance Limited
PO Box 565
If you withdraw your consent, this will not affect the lawfulness of any processing which has taken place before you have withdrawn your consent.
Transfer of Information
We may also transfer your personal data to a location outside of the European Economic Area (EEA). If we do so, we shall undertake an assessment and put in place adequate safeguards, in accordance with applicable data protection laws, to ensure third party recipient will provide adequate security of such personal data and respect your rights to privacy.
You may at any time request access to and/or, if incorrect, the rectification of your personal data by contacting us as per below.
Under the GDPR, or any equivalent rules in the UK, you may be entitled to additional rights in relation to our handling of your personal data. For example, the right to have your personal data erased, the right to object to or restrict us from processing your personal data, and the right to data portability. If you would like to exercise these rights once they come into force, please write to us or email us as per below.
Should you have any complaints about how we handle your personal information, please contact us as per below. Should we be unable to resolve your complaint and you wish to take your complaint further, you may do so by contacting the UK Information Commissioner’s Office.
We want to make sure that your information is accurate and up to date. You may ask us to correct or remove any information that you think is inaccurate or you can do this yourself by logging into the Customer Portal or by contacting us as per below.
Please contact Customer Services if you want to have details of the Credit Reference Agencies or any other agencies from whom we obtain, and to whom we pass, information about you including Fraud Prevention Agencies. You have a legal right to these details. You must contact these agencies directly.
Third party links
Our site may contain links to third party websites. If you follow a link to any of these websites, please note that these websites have their own terms and privacy policies and that we do not accept any responsibility or liability for them.
You can contact us at firstname.lastname@example.org or by writing to us at:
Blue Motor Finance Limited
PO Box 565
Personal Data provided as part of a redress programme
The personal data that you provide as part of any redress programmes will only be used for the purposes of communicating relevant updates and will not be used for marketing purposes. We will not pass the data to any third parties unless required to do so by law, regulation or a regulatory body. We will not retain such data for a period which is longer than necessary.
Last updated May 2018