Purpose of this Policy
This policy describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’). This policy only applies to personal information collected or obtained by LoanOnYourCar.com.
What are your rights under data protection laws?
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
- Your right to access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process. To access your personal records and information that we hold about you, please send a written request to email@example.com or by post 2/F, 333 Edgware Road, London, NW9 6TD.
- Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
- Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances.
- Your right to object to processing
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.
- Your right to data portability
This only applies to the information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can read more about this right here.
If we are processing your information for criminal law enforcement purposes, your rights are slightly different.
You are not required to pay any charge for exercising your rights. We have one month to respond to you.
If you are not satisfied with any aspect of the way that we process your information or fulfil our obligations, you have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/
This policy only applies to personal information collected or obtained by LoanOnYourCar.com.
Your personal information may be anonymised by stripping any personal data of sufficient elements that mean the individual can no longer be identified. The GDPR does not apply to personal data that has been anonymised.
How long will we keep your information?
The GDPR does not dictate how long you should keep personal data. It is up to us to justify this, based on your purposes for processing. We must store data for the shortest time possible.
Unless we explain otherwise to you, we will hold your personal information for the following periods:
- Retention in case of queries. We will retain the information that we need to keep in case you have a query;
- Retention in case of claims. We will retain the information that we need to keep for the period in which you might legally bring claims against us. In practice, this means up to 6 years after your agreement has ended; and
- Retention in accordance with legal and regulatory requirements. We will retain the information that we need to keep even after the relevant contract you have with us has come to an end for a further 10 years and this will be to satisfy our legal and regulatory requirements.
We undertake an analysis of the risks presented by our processing and use this to assess the appropriate level of security we need to put in place.
- We have an information security policy and take steps to make sure the policy is implemented
- We make sure that we regularly review our information security policies and measures and, where necessary, improve them
- We use encryption and/or pseudonymisation where it is appropriate to do so
- We understand the requirements of confidentiality, integrity and availability for the personal data we process
- We make sure that we can restore access to personal data in the event of any incidents, such as establishing an appropriate backup process
- We conduct regular testing and reviews of our measures to ensure they remain effective and act on the results of those tests where they highlight areas for improvement
- Where appropriate, we implement measures that adhere to an approved code of conduct
- We ensure that any data processor we use also implements appropriate technical and organisational measures
The GDPR outlines six data protection principles that we must comply with when processing personal data. These principles relate to:
- Lawfulness, fairness and transparency - we must process personal data lawfully, fairly and in a transparent manner in relation to the data subject.
- Purpose limitation – we must only collect personal data for a specific, explicit and legitimate purpose. We must clearly state what this purpose is, and only collect data for as long as necessary to complete that purpose.
- Data minimisation - we must ensure that personal data we process is adequate, relevant and limited to what is necessary in relation to our processing purpose.
- Accuracy - we must take every reasonable step to update or remove data that is inaccurate or incomplete. Individuals have the right to request that we erase or rectify erroneous data that relates to them, and we must do so within a month.
- Storage limitation - We must delete personal data when we no longer need it. The timescales in most cases aren't set. They will depend on our business’ circumstances and the reasons why we collect this data.
- Integrity and Confidentiality - We must keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
What personal information do LoanOnYourCar.com use and when?
In order to process your application, we require to process various pieces of personal information at varying times
- Title, full name, your contact details, including your email address, telephone numbers;
- Current home address and past 3 years address history;
- Date of birth
- Personal information which we obtain from Fraud Prevention and Ant-Money laundering services
- Some special categories of personal data such as about your health or if you are a vulnerable customer
- Your financial details e.g. your salary and details of other income, details of your savings, details of your expenditure, and details of account(s) held with other providers if you repay your loan from those account(s)
- Bank account details
- Details about all of your existing borrowings and loans
- Information about your employment status including whether you are employed, retired or receive benefits
- Information about your occupier status, such as whether you are a tenant, live with parents or are an owner-occupier of the property in which you live at the time of your application Information which is relevant for your residency and/or citizenship status, such as your nationality, your length of residency in the UK and/or whether you have the permanent right to reside in the UK
- How you contacted LoanOnYourCar.com
How does LoanOnYourCar.com use your information
The information we collect about you will be used in the following ways:
- To check your identity and credit standing and to enable us to consider and process your application for a loan
- To assess your credit history and confirm your employment details
- To detect, prevent and investigate actual and potential fraud and related activities
- To collect unpaid loans and debt that may be owed by you to us
- To develop, manage and market products and services to meet your needs, to contact you for products and services that may be of interest, to determine your eligibility for different products and services that you may be interested in
- To help us to administer and service your account with us
- To contact you in connection with your enquiry
- To extract certain information for the purpose of generating statistics for our own internal purposes (including credit and/or behaviour scoring, and market and product analysis).
- To update our website to better meet our clients' needs in the future
- Sharing your information with third parties
- Sometimes (and with your approval where required), we'll share your information with carefully selected third parties outside our group. We may do this to provide you with a loan; to assist our agents, staff and approved third parties to carry out services for us; to facilitate the processing and collection of payments due from you under the loan agreement, we may also share your personal data with third party payment processing service providers.
- If you provide us with any debit card details we may keep those details, but will only ever take card payments on your specific authorisation
- To provide you with information about special promotions and offers
- To protect us or others, we may share your information with third parties when we believe its necessary to comply with the law or protect our or another person's rights, property, or safety. This includes exchanging information with third parties (such as other lenders, law enforcement agencies and regulatory authorities) to protect against fraud and reduce risks
- If there is (or is to be) any change in ownership of our business or assets then we may wish
- to share your information so that the new (prospective) owners may continue to operate our business effectively and continue to provide services to our customers. This may include new shareholders or any organisation that might take an assignment or transfer of any agreements we have entered into with our customers.
How do we collect your information?
We will collect your personal information from you directly. This will include information you provide when you apply, and any additional information provided by you in various ways, including originals and copies of financial and non-financial information for the purposes of affordability assessment, residential and personal identification; publicly available registers (e.g. land registry, bankruptcy registers, electoral register, and AML checks); information we may receive from other organisations, whether in the course of providing products and services to you or otherwise; and information obtained during the course of our business relationship with you. This may also be from the information we gather from your use of, and interaction with, our internet services and the devices you use to access them.
Data protection principles under the GDPR
Data protection principles underpin the General Data Protection Regulation (GDPR). These principles set out obligations for businesses and organisations that collect, process and store individuals' personal data.
Do you have to provide the information to us?
We are unable to provide you with an account or to process your application without having personal information about you. Your personal information is required before you can enter into the relevant contract with us, or it is required during the life of that contract, or it is required by laws that apply to us. If we already hold some of the personal information that we need – for instance, if you are already a customer – we may not need to collect it again when you make your application. In cases where providing some personal information is optional, we will make this clear.
Do we monitor any of your information?
In this section, where we refer to “monitoring” this means any listening to, recording of, viewing of, intercepting of, or taking and keeping records of calls, email, text messages, review web sites, social media messages and other communications.
We may monitor, where permitted by law, and we will do this where the law requires it. Some of our monitoring may be to comply with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures, to have a record of what we have discussed with you and actions agreed with you, to protect you and to provide security for you (such as in relation to fraud risks on your account) and for quality control and staff training purposes.
We may conduct short term carefully controlled monitoring of your activities on your account where this is necessary for our legitimate interests or to comply with our legal obligations. For instance, where we suspect fraud, money laundering or other crimes.
Telephone calls between us and you in connection with your account may be recorded to make sure that we have a record of what has been discussed and what your instructions are. We may also record these types of calls for quality control and staff training purposes on a variety of desktop browsers. We do not store passwords or any other information about a visitor in a cookie that could identify them, their location or their preferences.
An IP address in isolation is not personal data under the Data Protection Act, according to the Information Commissioner and is not subject to the GDPR. However, an IP address can become personal data when combined with other information or when used to build a profile of an individual, even if that individual's name is unknown and at that point will be treated under the GDPR. We use this information to investigate abuse of our website and its users, and to co-operate with law enforcement. We share this information with third parties, but only in aggregate.
How does LoanOnYourCar.com legally use your information?
LoanOnYourCar.com does not share information with third parties for marketing purposes. Data protection laws require us to explain what legal grounds justify us using your personal information (this includes sharing it with other organisations). The laws refer to “processing” of information – a term which includes everything we do with your personal information from its collection, right through to its destruction or deletion when we no longer need it. For some processing, more than one legal ground may be relevant (except where we rely on a consent). Here are the legal grounds that are relevant to us:
- Processing necessary to perform our contract with you for your account, or for taking steps before entering into it, during the application stage:
- Administering and managing your account and services relating to that, updating your records to contact you about your account and doing this for recovering debt;
- All stages and activities relevant to managing your account including enquiry, application;
- administration and management of accounts and
- For some of our profiling and other decision making as described in the relevant section below.
- Where we consider that, on balance, it is appropriate for us to do so, processing necessary for the following legitimate interests are:
- Administering and managing your account and services relating to that, updating your records to
- contact you about your account and doing this for recovering debt;
- To test the performance of our products, services and internal processes;
- To adhere to guidance and best practice under the regimes of governmental and regulatory bodies such as the Financial Conduct Authority and the Information Commissioner’s Office;
- For management and audit of our business operations including accounting;
- Although not current LoanOnYourCar.com policy, to carry out searches at Credit Reference Agencies pre-application, at the application stage, and periodically after that;
- To carry out monitoring and to keep records;
- To administer our good governance requirements (such as internal reporting and compliance obligations);
- For market research and analysis and developing statistics;
- For some of our profiling and other decision making, in particular where this does not have a legal effect or otherwise significantly affect you; and
- When we share your personal information with these other people or organisations;
- Any person with power of attorney over your affairs (in each case only if relevant to you);
- Our legal and other professional advisers and auditors;
- Financial institutions and trade associations;
- Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, and the Information Commissioner’s Office;
- Tax authorities who are overseas for instance if you are subject to tax in another jurisdiction, we may share your personal information directly with relevant tax authorities overseas (instead of via HMRC);
- Other organisations and businesses who provide services to us such as debt recovery agencies,
- back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back-office functions;
- Actual or prospective buyers or financiers and their professional and other advisers (including providers of insurance or rating agents) in connection with any sale of financing transaction such as a restructuring or sale of our business or assets or any securitisation or other funding transaction;
- Credit Reference Agencies (not currently LoanOnYourCar.com policy); and
- Market research organisations who help us to develop and improve our products and services.
- Processing necessary to comply with our legal obligations:
- For compliance with laws that apply to us;
- For the establishment, defence and enforcement of our legal rights, or those of any other member of our group;
- For activities relating to the prevention, detection and investigation of a crime;
- To carry out identity checks, anti-money laundering checks, and checks with Fraud Prevention Agencies pre-application, at the application stage, and periodically after that;
- To carry out monitoring and to keep records;
- To deal with requests from you to exercise your rights under data protection laws;
- To process information about a crime or offence and proceedings related to that (in practice this will be relevant if we know or suspect fraud); and
- When we share your personal information with these other people
- When we share your personal information with other people and organisations if they need to know that you are a vulnerable customer and your relatives, social services, your carer or any person who has power of attorney over your affairs.
How and when can you withdraw your consent?
As set out in the previous section, much of what we do with your personal information is not based on your consent, instead, it is based on other legal grounds. For processing that is based on your consent, you have the right to take back that consent for future processing at any time. You can do this by contacting us at firstname.lastname@example.org. If you do, you should tell us which of the relevant uses you want to withdraw your consent to when you contact us. Withdrawal of your consent will not prevent our using your personal information where we are doing so on one or more of the other legal grounds.
How do we share your information with fraud prevention agencies?
We have systems that protect our customers and ourselves against fraud and other crime. Customer
information can be used to prevent crime and trace those responsible. We’ll share your personal information from your application with fraud prevention agencies. If false or inaccurate information is provided and fraud is identified, details of this fraud will be passed to these agencies. Law enforcement agencies may access and use this information.
What should you do if your information changes?
You should tell us without delay so that we can update our records, by getting in touch at email@example.com.
Links to other sites
This website may from time to time include links to other sites. We're not responsible for their privacy practices or, site content, or the services they offer. Please always check the privacy policies of any linked sites.
LoanOnYourCar.com (LOYC) is the trading name of J2P Autos Limited, registered office is 1238 High Road, London N20 0LH; it is regulated by the Financial Conduct Authority [TBC once approved]; and registered with the Information Commissioner’s Office, in compliance with the Data Protection Act 1988 under registration A8453659. LOYC is committed to protecting the security of your information and takes reasonable precautions to protect it, in accordance with the General Data Protection Regulation (GDPR). LOYC as data controller and our Data Protection Officer can be contacted at firstname.lastname@example.org. Your personal information will be held securely by LOYC. LOYC is the data controller of your information under data protection laws because, in the context of our business relationship with you, we decide how and why it is processed in the ways explained in this policy.
Contact our Data Protection Officer
If you have a privacy concern, complaint or a question for the Data Protection Officer, please contact us by email to email@example.com, or by post to 2/F, 333 Edgware Road, London, NW9 6TD. We will respond to questions or concerns within 30 days.