This notice explains how we use your personal data, and for what purposes. It applies to when you use our website or use any of our products or services.
We are committed to collecting and using your data fairly and in line with General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
1. Who we are
We are Chatsbrook Vehicle Leasing (“we”, “our”, “us”). We are committed to protecting and respecting your privacy.
If you have a question or concern about this notice or your data protection rights please contact us by emailing us at email@example.com or by writing to us at Ketteringham Hall, Church Road, Ketteringham, Wymondham, Norfolk, NR18 9RS.
We are registered with the Information Commissioner’s Office under number ZA457540.
2 Our legal grounds for handling your personal data:
The UK’s data protection laws allows us to use your personal data provided we have a lawful basis to do so. This includes sharing it in certain circumstances, as described below.
We consider we have the following reasons (legal bases) to use your personal data:
- Performance of contract with you: we need to use your personal data to be able to successfully legally contract with you;
- Compliance with our legal obligations: we need to use your personal data so as to comply with certain legislation such as financial crime legislation;
- Legitimate interests: we have legitimate interests in using your data to help prevent and detect financial crime, fraud and money laundering, to promote responsible lending and to assist our compliance with the legal and regulatory requirements placed upon us;
- Your consent: we may also use your data when you consent to it. You can withdraw this consent at any time, in which case we will cease to use it, unless we have a right and a need to continue processing it for one of the other reasons set out above.
3. What personal data is collected from you:
(I) DATA PROVIDED BY YOU:
- When you apply for our services and throughout the course of our dealings with you: for example, your name, maiden name, postal address, previous postal addresses, your email address, your IP address, telephone numbers, date of birth, a photo of you (selfie) marital status, dependents, employment details, employment history, bank account details, driving license details, home ownership status and details, your income, your assets and liabilities, details of your proof of identity documentation and proof of address documentation;
- When you talk to us: for example on the phone or in person including call recordings and voice messages. We may monitor or record calls with you to check we have carried out your instructions, to resolve queries or disputes, to improve the quality of our service, or for regulatory or fraud prevention purposes;In
- writing: for example letters, proposal forms, survey responses, emails, chat messages and texts;
- Online: for example when you use our website and information from any accounts you share with us;
- Through your phone: for example your photos, geolocation and data from your camera.
(II) DATA WE COLLECT WHEN YOU USE OUR SERVICES:
- Transaction data: for example when we deal with or manage your account;
- Pay data: for example, the amount, origin, frequency etc. of your payments;
- Usage and profile data: for example, from your use of our website. We gather this data from the devices you use using cookies and other software;
(III) DATA PROVIDED BY THIRD PARTIES:
- Data from persons that may introduce you to us: for example introducers, financial advisers, agents or other third parties;
- Data from credit reference agencies;
- Data from fraud prevention agencies;
- Publicly available information: for example, from the land registry, companies house, the electoral register, other information available online or in the media, including social media;
- Data from your representatives where relevant: for example your legal and financial advisers such as lawyers and accountants.
4. Why personal data is collected by us
We collect personal data from you for many reasons including:
From time to time we may contact you to ask for your consent to use your personal data for other purposes. Your personal data may
5. Fraud Prevention Agencies
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, and vehicle / asset details.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
(II) AUTOMATED DECISIONS
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details above.
(III) CONSEQUENCES OF PROCESSING
If we or a fraud prevention agency determine that you pose a fraud or money laundering risk, we may refuse to provide the services of financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
(IV) DATA TRANSFERS
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
(V) YOUR RIGHTS
Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data. See ‘Your Rights’ at section 11 below.
6. Credit Reference Agencies (CRAs)
In order to process your application, we may supply your personal information to credit reference agencies (CRAs). We do this for the lender(s) to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. When CRAs receive a search from us they may place a search footprint on your credit file that may be seen by other lenders and used to assess applications for finance from you and members of your household. The CRA may also share your personal information with other organisations.
Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. The CRA we use and information on how it uses your personal data is available at https://www.transunion.co.uk/crain.
From time to time we may provide your information to our partners, third parties and customer service agencies for research and analysis purposes so that we can monitor and improve the services we provide. We may contact you by post, e-mail or telephone to ask you for your feedback and comments on our services.
From time to time we may contact you about our other goods or services similar to those that you have engaged with us about previously that may be of interest to you.
7. When personal data is shared
We may share your personal information with:
- Anyone who works for us when they need it to do their job;
- Any organisation which supports any of our services you use, when they need it to offer those services. That includes:
- Card producers and networks;
- Credit reference agencies (for information on how they use data please read the Credit Reference Agency Information Notice);
- Analytical, Know Your Customer (KYC) and cyber security service providers;
- Companies that do advertising for us (but we won’t share identifiable personal data with third parties for their own direct marketing unless you give us permission, and you can opt out any time);
- Certain authorities that detect and prevent terrorism (including authorities outside the UK if one of your payments is processed through a worldwide payment system);
- Anyone who you give us explicit permission to share it with. We will also share it to comply with the law; to enforce our Terms and Conditions or other agreements; or to protect the rights, property or safety of us, our customers or others.
If, in the future, we sell, transfer or merge all or part of our business or assets, including the acquisition of other businesses, we may share your data with other parties. We will only do this if they agree to keep it safe and private and to only use it in the same ways as set out in this notice.
8. How long we keep your personal data
We keep your data as long as you are a customer of ours. In some circumstances, like cases of anti-money laundering or fraud or in the case of a dispute, we may keep data longer if we need to and/or the law says we have to.
We may also retain your data for research and statistical purposes in which case we will ensure it is kept private and used only for these purposes.
Data about live and settled accounts is kept on credit files for six years from the date they are settled or closed. If the account is recorded as defaulted, the data is kept for six years from the date of the default.
9. When personal data is transferred outside the European Economic Area (EEA)
Whenever fraud prevention agencies transfer your personal data outside of the EEA, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
We do not currently share your personal data with anyone outside of the EEA.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.
If you fail to provide us with data we require, this may delay or prevent us from entering into a contract with you and or complying with our obligations. Depending on the importance of the data, it may mean that we are entitled to terminate an agreement with you.
If you have any questions about the above, please contact us on the details in section 1.
11. Your rights
Your personal data is protected by legal rights which include your right to:
- Access the personal data we hold about you, or to get a copy of it;
- Request that we amend, update or correct inaccurate data;
- Request that your personal data is erased or that its processing be restricted;
- Object to our controlling and processing your personal data;
- Request that we transfer your personal data to another lender;
- Object to our sharing of your personal data with others or with certain organisations;
- Request that we confirm what personal data we currently control and/or process in relation to you;
- Withdraw any consent you have previously given us.
To do so, please contact us by emailing us at firstname.lastname@example.org or by writing to us at Ketteringham Hall, Church Road, Ketteringham, Wymondham, Norfolk, NR18 9RS.
There may be reasons why we need to keep or use your data, but please tell us if you think we should not be processing your data.
If you are unhappy about how your personal data has been used, you may raise a complaint. Our complaints procedure is available on our website or you can contact us on the details above and we will send you a copy of it or you can email us on email@example.com.
You also have a right to complain to the Information Commissioner's Office which regulates the processing of personal data. You can contact them at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, on 0303 123 1113 or by email to firstname.lastname@example.org. See also https://ico.org.uk/global/contact-us/.
We will post any changes we make to our privacy notice on this page and, if they are significant changes we will let you know by email.
13. Direct Marketing
We can only use your personal information to send you marketing information if we have your consent or a legitimate interest. A legitimate interest will usually be a commercial reason which cannot be used unfairly against you.