Blue Motor Finance Limited 3rd Party Fair Processing Notice

Introduction

Blue Motor Finance Limited (BLUE), has prepared this Fair Processing Notice (FPN) to explain how it uses any personal data it collects about you. Blue’s contact details are:

• Blue Motor Finance Limited, Darenth House, 84 Main Road, Sundridge, Kent, TN14 6ER
• customerservices@bluemotorfinance.co.uk
• 0203 005 9332

BLUE has dedicated FPNs for Customers and Staff & Applicants. This FPN applies to all individuals who do not fall within the scope of either the Staff or Customer FPNs. If you are unsure whether you fall within the categories of Staff or Customers, please contact Blue’s Data Protection Officer and they will help you identify which FPN applies to you.

This is a non-exhaustive list of parties who Blue considers 3rd Parties and who fall within the scope of this FPN:

• Suppliers including sole traders
• Motor Vehicle Dealers
• Professional advisers
• Brokers
• Insurers
• Lenders
• Visitors to our premises

What information does Blue collect?

Blue collects your information for a variety of reasons, primarily regarding its proposed or actual business relationships with you. The information that you provide to Blue will depend on the nature of the relationship and therefore may include your:

• name
• address
• email address
• phone numbers
• bank details
• car registration

Dependent on the nature of your relationship with Blue, it may also collect information about you from third parties, including Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FPAs). Please refer to the with whom will Blue share your information? section below for clarification as to whether this applies to you. The information that Blue receives from CRAs and FPAs includes:

• criminal record and background information
• sanctions, politically exposed persons, or special interest persons status
• credit score
• current and previous addresses
• credit history, including:
  • current credit commitments
  • historic credit commitments ending in the last six years
  • credit payment history
• electoral roll details
• details of credit searches undertaken by other organisations
• information from fraud databases

 

If you refuse to provide Blue with this information, it may be unable to enter a business relationship with you.

What legal basis does Blue have for using your information?

As the data controller, Blue is legally responsible for ensuring that it has a legal basis for processing your information. The UK GDPR sets out several legal bases for processing personal data, and Blue relies on the following of those bases:

• Contract:
  • Blue relies on contract as its lawful basis for taking the necessary steps so that it can enter a contract with you or the organisation you represent (e.g. to negotiate the terms of a contract)
  • Blue relies on contract as its lawful basis for delivering its contractual obligations to you or the organisation you represent (e.g. to pay your invoices)
• Legitimate Interests:
  • Blue relies on legitimate interests where it has a legitimate interest in performing the processing (e.g. where it records your phone calls for training purposes or where it enables you to visit its premises)
  • Where Blue relies on legitimate interests, it performs assessments to ensure that it considers the impacts of its processing on you and balances its interests against yours
• Legal Obligation:
  • Blue relies on legal obligation where it has an identifiable legal obligation to process your information (e.g. to fulfil a Data Subject Access Request)
• Consent:
  • Blue may rely on consent as its lawful basis for specific activities including performing a credit check on you (if applicable) and marketing to you.
  • You may withdraw your consent at any time by contacting Blue’s DPO at dpo@bluemotorfinance.co.uk . However, even if you withdraw your consent, Blue may still have a legal obligation to process your personal data.

For what purposes will Blue use your information?

Blue may use your information to:

• Determine whether to enter a contract with you or the organisation you represent
• Conduct searches against CRAs and FPAs’ records
• Enter a contract with you or the organisation you represent
• Create a business file
• Perform its contractual obligations to you or the organisation you represent
• Contact you via email, SMS, letter, or telephone
• Comply with its statutory and regulatory obligations, including with regards to fraud
• Provide you with facilities or services while you are on Blue’s premises

How will Blue use your information?

Blue may process your information in various ways, using automated and manual systems.

Blue does not use automated decision making or profiling to process your data.

Blue also processes your information for security purposes through the operation of CCTV within its premises.

With whom will Blue share your information?

Please note: Blue will only share your information with Credit Reference Agencies and Fraud Prevention Agencies if you fall into the following categories:

• Motor Vehicle Dealers
• Motor Finance Brokers

Credit Reference Agencies

Blue may share your information with Credit Reference Agencies (CRAs) for the purpose of gathering information about you to inform its decision to enter a contract or business relationship with you or the organisation you represent. If Blue searches your record at a CRA, the CRA will add to your record the details of its search. Blue may also share your information with CRAs on an ongoing basis. This information will be available to other organisations that search your CRA record. Other organisations may use this information and other information about you to make contractual or other decisions about you.

For more information on CRAs, including their relationship with Fraud Prevention Agencies, please refer to the Credit Reference Agency Information Notices below.

• TransUnion CRAIN https://www.transunion.co.uk/crain
• Experian CRAIN https://experian.co.uk/crain
• Equifax CRAIN https://www.equifax.co.uk/crain

Fraud Prevention Agencies

Blue may share your information with Fraud Prevention Agencies (FPAs) to detect and prevent fraud. This may include details of fraud, unlawful or dishonest conduct, malpractice, or other seriously improper conduct (“Relevant Conduct”). Blue may use the information it receives from FPAs (including details of any Relevant Conduct) to:

a. Determine whether to enter a contract with you or the organisation you represent

b. Determine whether to terminate a contract with you or the organisation you represent (subject to the terms of the contract and any applicable law)

c. Determine whether to bring legal action against you or the organisation you represent (subject to the terms of the contract and any applicable law)

FPAs will share their records with other organisations. Those organisations may use this information to make decisions about you and other persons connected to you, including in relation to employment, credit, or insurance.

For more information on FPAs, please refer to the CIFAS Fair Processing Notices:

• https://www.cifas.org.uk/fpn

Legal, Governmental, and Regulatory Bodies

Blue may share your information with legal, governmental, and regulatory bodies to meet its legal and regulatory obligations. These may include the Financial Conduct Authority, the Financial Ombudsman Service, the Information Commissioner’s Office, Her Majesty’s Revenue & Customs, or any other legal, governmental, or regulatory body.

Service Providers

Blue may share your information with professional advisers (including legal advisers), outsourcing providers (such as IT service providers), financial institutions (such as banks), or with any other type of organisation or person that it uses to help it conduct its business and internal administration.

Authorised Third Parties

Blue may share your information with any person that you have authorised to engage with it on your behalf or that otherwise has a legal authorisation to do so. Blue may share your information with any organisation you have appointed to act on your behalf or authorised to receive your information, such as law firms.

Other

Blue may share your information with any person to whom it sells or transfers (or enter negotiations to sell or transfer) its business, or any potential or actual transfer of its rights or obligations under any contract it may have with you or the organisation you represent. If the transfer or sale goes ahead, the transferee or purchaser may use your information as set out in this FPN.

Where will Blue transfer your information?

Blue may transfer your information outside the United Kingdom. If Blue transfers your information outside the United Kingdom to a country that is not subject to an adequacy decision in respect of its data protection laws, it will conduct a transfer risk assessment and put in place the necessary safeguards to ensure that your information receives an equivalent level of protection. For more information on international data transfers, including details of safeguards, please contact Blue’s Data Protection Officer.

How long will Blue keep your information?

If Blue has a contract with you, it will keep your information for 6 years from the end of the contract. However, it may retain your information for longer than 6 years where the need arises, such as in connection with ongoing legal matters. Please contact the Data Protection Officer if you have any questions or concerns about Blue’s retention of your information.

If Blue does not have a contract with you, it will keep your information for 1 year from the end of the contract. However, it may retain your information for longer than 1 year where the need arises, such as in connection with ongoing legal matters. Please contact the Data Protection Officer if you have any questions or concerns about Blue’s retention of your information.

What rights do you have with regard to your information?

You may have the following rights in regard to your information:

• The right to be informed about the collection and use of your information, as set out in this FPN
• The right of access to a copy of your information
• The right to rectify incorrect or incomplete information
• The right to the erasure of your information, which will not apply in some circumstances, including if Blue is under a legal obligation to retain your information
• The right to restrict processing of your information (subject to limitations)
• The right to data portability (subject to limitations and not including paper files)
• The absolute right to object to the processing of your information for direct marketing, and the limited right to object to the processing of your information in some circumstances, including to the processing of your information on the basis of legitimate interests.
• The right to withdraw consent, where Blue is relying on your consent.

If you have questions regarding your rights or wish to exercise a right, please contact the Data Protection Officer.

How can you complain about our processing of your information?

If you are dissatisfied with Blue’s processing of your information, please first contact the Data Protection Officer. Blue’s Data Protection Officer may be able to resolve your complaint or address your concerns. The Data Protection Officer can be contacted at dpo@bluemotorfinance.co.uk 

You have the right to complain to the Information Commissioner’s Office about Blue’s processing of your information. You can contact the Information Commissioner’s Office using the following details. Web: https://ico.org.uk/make-a-complaint/

Telephone: 0303 123 1113