We believe you deserve respect when it comes to the security and use of your personal information, so we have described how we look after your information.
For the purpose of the applicable data protection laws, including the Data Protection Act 2018 (“The Act”) as amended or replaced, the data controller is Blue Motor Finance Limited.
We may use a credit scoring or other automated decision making system to assess your application.
In considering whether to enter into this Agreement, Blue Motor Finance Limited (“we”, “us”) will search your record at credit reference agencies (“CRAs”). They will add, to their record about you, details of our search and your application and this will be seen by other organisations that make searches. This and other information about you and those with whom you are linked financially may be used to make credit decisions about you and those with whom you are financially linked. They will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, verify your identity, manage your account, trace and recover debts and prevent criminal activity such as fraud and money laundering – these checks require us to process personal data about you.
We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations.
These records may be used and searched by us and them to:
It is important that you provide us with accurate information. We check your details with fraud prevention agencies and if you provide false or inaccurate information or we suspect fraud, this information may be recorded.
Fraud prevention agency records will be shared with other organisations to help make decisions on credit, motor, household, life and other insurance proposals or claims for you and members of your household.
We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the credit reference agency information notice (CRAIN). The CRAIN is accessible at Equifax and Experian.
Before entering into this Agreement we may search records at CRAs, which may be linked to your spouse/partner, or other persons with whom you are linked financially. For the purposes of any application or this Agreement you may be treated as financially linked and you will be assessed with reference to “associated records”.
Where any search or application is completed or Agreement entered into involving joint parties, you both consent to us recording details at CRAs. As a result an ‘association’ will be created which will link your financial records and your associate’s information may be taken into account when a future search is made by us or another lender unless you file a “disassociation” at the CRA.
We will use the following personal information about you (including personal data for the purposes of the Data Protection Act 1998 as amended or replaced (and the General Data Protection Regulation 2016/679 (GDPR), once it comes into force)) in connection with any application you make to us, or any Agreement you enter into with us. This includes:
It is important that you provide us with accurate personal information as we will process the personal data with which you provide us in order to provide the following services to you:
If you do not provide this information we may not be able to provide credit to you.
We may also use your personal information for credit scoring or other automated decision making systems. We match our data with data from other sources such as credit reference agencies and information we may already hold about you - we may validate and analyse your information and, in some cases, match it against third party data to ensure that the information we hold about you is as accurate, consistent and well-organised as possible. Credit scoring is a system which is used to assess your application and make decisions about your account. It calculates your likelihood of repaying the amount you intend to borrow, this will influence the rate which we may offer you or result in our not offering you a credit facility. We regularly review the formulas we use in our automated systems to ensure that they remain accurate. We also use this analysis for personalising and improving aspects of our services and research such as analysing market trends and customer demographics. A low credit score may result in us not being able to provide credit to you.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us as detailed below.
We may share information about you:
We use your personal data on the following legal basis, depending on the purpose of our processing:
Where the processing of your personal data by us is based on your consent, you may withdraw your consent at any time, by writing to us or emailing us as detailed below.
If you withdraw your consent, this will not affect the lawfulness of any processing which has taken place before you have withdrawn your consent.
We will hold your data on our systems as follows:
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
If you have opted into marketing then we will hold your contact details (email address, telephone number, name and address) for marketing purposes for up to 36 months from the time you last interacted with us. You may opt out of this at any time by updating your details through My Account or by clicking unsubscribe from any marketing communication you have received from us.
If you want to have details of the CRAs or any other agencies from whom we obtain, and to whom we pass, information about you including fraud prevention agencies, please contact us as detailed below. You have a legal right to these details. You have a right to receive a copy of the information we hold about you. You may at any time request access to and/or, if incorrect, the rectification of your personal data by writing to us or e-mailing us as detailed below.
Under the GDPR, or any equivalent rules in the UK, you may be entitled to additional rights in relation to our handling of your personal data. For example, the right to have your personal data erased, the right to object to or restrict us from processing your personal data, and the right to data portability. If you would like to exercise these rights once they come into force, please write to us or email us as detailed below.
Should you have any complaints about how we handle your personal information, please contact us as detailed below. Should we be unable to resolve your complaint and you wish to take your complaint further, you may do so by contacting the UK Information Commissioner’s Office.
We, the CRAs and the fraud prevention agencies will also use the information provided for statistical analysis about credit, insurance and fraud. We may also use information about you to carry out market research. We and any company associated with and/or approved by us may disclose and use any information about you to advise you by post, telephone, e-mail or other electronic media, about loan and other products and services provided by it or any third party which may be of interest to you, unless you notify us that you do not wish to be so advised.
We may transfer your personal information abroad to other countries outside the UK. If we do so, we will ensure the information is held securely to standards as least as good as those in the UK and only used for the purposes set out in this notice.
We may also transfer your personal data to a location outside of the European Economic Area (EEA). If we do so, we shall undertake an assessment and put in place adequate safeguards, in accordance with applicable data protection laws, to ensure third party recipient will provide adequate security of such personal data and respect your rights to privacy. For further information on the adequate safeguards used by us, please contact us as detailed below.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
You can contact us at email@example.com or by writing to us at:
PO Box 565
Updated January 2020