PrivacyPolicy

Privacy Policy

This security and privacy policy sets out how Carmoola Group Limited (which includes Carmoola Limited) uses and protects any information that you give when you use the site.

How we use the information we hold about you

This policy applies to information we hold about you. This security and privacy policy sets out how Carmoola and its associated entities uses and protects any information that you give when you use the site, who we share it with and your rights in relation to it. Carmoola Group Limited, registered number 13011635, registered office 33 Cannon Street, London, England, EC4M 5SB.

This policy applies to information held about customers and possible future customers, suppliers and possible future suppliers, contacts and all other people we hold information about. By ‘information’ we mean personal and financial information about you that we collect, use, share and store. This may include your name, date of birth, address, contact information, financial information, credit rating, car information, and device identifiers including internet protocol (IP) address and mobile device ID. It includes information about any other Carmoola products and services (or products and services provided by our partners) you currently have, you’ve applied for or you’ve had in the past.

Where This Information Comes From

We collect, use, share and store information about you to provide you with the services you have asked us for and to share information with you about services that may be of interest to you.
You may provide this information direct to us, for example by the way you communicate or do business with us, such as:

  • applying for our products or services;
  • using our telephone services, websites or mobile applications;
  • writing to us;
  • entering competitions or promotions;
  • downloading any of our mobile applications or using our websites or digital services, in which case we may gather information about how you access and use these services, such as your IP address and information about the devices or software you use (we may also make other requests or give you more details about how we use your information, for example, we may ask for your location to help find nearby services);
  • using and managing your accounts, (we may take information such as the date, amount and currency of payments made to your account); and
  • giving information to us at any other time, including through social media.


This information may also come from other organisations or people, such as other Carmoola companies, other organisations you have a relationship with, joint account holders, credit reference agencies (who may search the Electoral Register), employers, fraud prevention agencies or other organisations.

If you do not provide the information that we tell you you must provide, this may mean that we are unable to properly provide you with our services or carry out all our obligations under our agreement with you.

How We Use Your Information

We use this information:

  • to provide our services to you;
  • help us develop new and improved products and services to meet our customers’ needs;
  • to carry out checks for security purposes, to prevent fraud and money laundering, and to confirm your identity before we provide services to you;
  • for training;
  • to communicate with you;
  • to meet the obligations we have by law and under any regulations that apply;
  • where we have a legitimate interest in using your information, for example to protect our business interests or to prevent fraud; and
  • to keep you informed about products and services you hold with us and to send you information about products or services (including those of other companies) which may be of interest to you.

Under data protection laws, whenever we process your personal information, we must meet at least one set condition for processing. These conditions are set out in data protection law and we rely on a number of different conditions for the activities we carry out.

Specifically, we and other Carmoola companies may use your information for the following purposes and under the following legal bases.

How we use your information

Legal basis

To provide and manage your accounts and our relationship with you.

  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you.
  • Where the law requires that.
  • Where it’s in our legitimate interests to make sure that our customer accounts are well-managed, so that our customers are provided with a high standard of service, to protect our business interests and the interests of our customers.
  • In some cases, we may rely on your consent. 

 

To give you statements and other information about your account or our relationship with you.

  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you.
  • Where the law requires that.

To handle enquiries and complaints.

  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you.
  • Where the law requires that.
  • Where it’s in our legitimate interests to make sure that complaints are investigated, for example, so that our customers receive a high standard of service and so that we can prevent future complaints.
  • In some cases, we may rely on your consent. 

To provide our services to you.

  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you.

To improve the user experience of the Carmoola App and website, such as recording contact details to auto populate fields. 

  • Where it’s in our legitimate interests to improve the functionality and user experience of our website and app for the benefit of customers. 

For assessment, testing (including systems tests) and analysis (including credit or behaviour scoring (or both)), statistical, market and product analysis and market research. 

  • Where it’s in our legitimate interests to develop, build, put in place and run business models and systems which protect our business interests and provide our customers with a high standard of service.

To prepare statistical reports to be shared internally or externally with others, including non-Carmoola companies. We produce these reports using information about you and our other customers. The information used and shared in this way is never personal and you will never be identifiable from them.

  • Where it’s in our legitimate interests to produce reports and statistical data for our own use or to share with other companies to identify market trends, and industry insights.

To evaluate, develop and improve our services to you and other customers.

  • Where it’s in our legitimate interests to continually evaluate, develop or improve our products as well as the experiences of users of our sites, so that we provide our customers with a high standard of service.

To protect our business interests and to develop our business strategies.

  • Where it’s in our legitimate interests to protect our people, business and property and to develop our strategies.

To contact you, by post, phone, text, email and other digital methods.

This may be:

  • to help you manage your accounts;
  • to meet our regulatory obligations;
  • to provide you with details of other products, including those provided by other companies if you’re not eligible for a credit card; or
  • to keep you informed about products and services you hold with us and to send you information about products, services, rewards, offers, promotions and competitions (including those of other companies) which may be of interest to you.
  • Where the law requires that.
  • Where we have agreed to contact you in our agreement.
  • Where you agree.
  • Where it’s in our legitimate interests to share information with you about products or services that may be relevant and beneficial to you. Where we send you marketing messages, you can always tell us if you no longer want to receive them. Please see more information in the ‘Contact us’ section.

To make sure any marketing messages we send you are more relevant to you.

  • Where we have a legal basis to send you marketing messages as set out above, because it’s in our interests to make sure that our marketing messages are relevant to you, and where you agree.

To collect any debts you owe to us.

  • Where it’s in our legitimate interests to collect any debts you owe us.

To prevent, detect, investigate and prosecute fraud and alleged fraud, money laundering and other crimes, and to check your identity. We may record your image on CCTV when you visit our premises.

  • Where the law requires that.
  • Where it’s in our legitimate interests to prevent and investigate fraud, money laundering and other crimes, and to check your identity in order to protect our business and to keep to any laws that apply to us.

To assess any application you make, including checking for fraud and money laundering, confirming your identity, and carrying out any other regulatory checks. We may compare your details with the details of countries, organisations and people who sanctions apply to, to decide whether we are prevented from doing business with you or processing a transaction under sanctions law.

  • Where you have made the information public.
  • Where it’s in our legitimate interests to protect our business interests and comply with regulatory requirements.
  • Where the law requires that.

To monitor, record and analyse any communications between you and us, including phone calls.

  • Where it’s in our legitimate interests, to check your instructions to us, to prevent and detect fraud and other crime, to analyse, assess and improve our services to customers, and for training purposes, to improve the services we provide to our customers and to protect our business interests

To check that your mobile phone is in the same place as your payments are being made from.

  • Where it’s in our legitimate interests to prevent fraud. We won’t use this information for any other purpose. You can ask us to stop doing this by contacting us using the details set out in the ‘Contact us’ section.

To transfer your information to or share it with any organisation your account has been or may be transferred to following a restructure, sale or takeover of any Carmoola company or debt.

  • Where we have a legitimate interest in restructuring or selling part of our business or any Carmoola debt.

To share your information with UK or other relevant tax authorities, credit reference agencies, fraud prevention agencies, and UK and overseas regulators and authorities.

  • Where the law requires that.
  • Where we have a legitimate interest in carrying out certain credit checks so that we can make responsible business decisions. As a responsible organisation, we need to make sure that we only provide certain products to companies and individuals if the products are appropriate, and that we continue to manage the services we provide, for example if we believe that you may have difficulties making a payment to us.
  • Where we have a legitimate interest in helping to prevent and detect fraud and other crime.
  • Where we have a legitimate interest in helping UK and overseas regulators, who monitor banks and financial services providers to make sure that they work within the law and regulations.

To share your information with our partners and service providers.

  • Where necessary to carry out our agreement.
  • Where we have a legitimate interest in using other organisations to provide some services for us or on our behalf.

To share your information in an encrypted format with social-media companies. They can then match this to personal information they already hold about you so they can display messages to you about our products and services, or create lookalike audiences for our products. 

  • Where we have a legitimate interest in using social-media companies to share information with you about our products or services that may be relevant and beneficial to you, or to create lookalike audiences.

Data protection law allows us to use personal information for our genuine and legitimate reasons as long as we respect your rights and freedoms. This lawful basis for using your information is called ‘legitimate interests’. When we rely on our legitimate interests as the legal basis for processing your personal information for the purposes set out above, we will carefully consider and balance any possible effect this may have on you and your rights.

Sensitive Information and Criminal Convictions

We will occasionally need to use sensitive information and criminal convictions information about you in the following ways.


We will use information you provide to us about your health if this is relevant for us to help you when using our services, for example if you are struggling to repay a debt due to health reasons, or if it is relevant to a complaint you are making about us, or it is relevant to how you want us to contact you. When we process your data in this way, we will usually be relying on your consent.

When you make an application to us, we will conduct certain financial crime checks, and as a result of doing so, we may receive information that relates to your criminal convictions, and may be required to disclose that information to fraud prevention bodies.

Automated Decision-Making

If you apply to us for a product or service, we have an automated decision-making process which will carry out fraud, credit and affordability assessment checks to decide whether we will accept your application. This process is necessary for us to decide whether to enter into a contract with you, and the terms of that contract.

Within our automated process, we will use automated decision-making to:

  • decide credit limits;
  • decide whether we need to help you (as required by law) if the information we have about you suggests that you may become financially vulnerable;
  • determine whether you can afford the loan you are applying for;
  • determine the interest rate applicable to any loan offered to you;
  • decide whether the vehicle you wish to purchase, and the merchant you wish to purchase it from, are suitable and meet our lending criteria;
  • determine whether you are or may be seeking to commit a fraud or criminal act, or may be committing money laundering offences

The automated processes may decline or refer your application. If your application is referred, this means we will manually review your application before making a final decision.

How the automated processes make decisions

Affordability: the processes will consider your income, spending and credit history to decide how easily you will be able to manage repaying credit. We may compare you with other people in a set (for example, people who are in a certain age bracket may be more likely to be able to manage credit). If the process decides that you cannot afford the financial facility requested, your application may be declined.

Regulatory assessment: certain details in your financial information may suggest that you are likely to become financially vulnerable and we may need to help you. This financial information may include credit checks, or details of income which can be obtained from open banking data.

Financial crime checks: the processes will compare your details with the details of countries, organisations and people who sanctions apply to, to decide whether we are prevented from doing business with you under sanctions law. This means that we may automatically decide that you present a fraud or money-laundering risk, or risk of breaking financial sanctions, if the processing reveals your behaviour to be consistent with money laundering or known fraudulent behaviour, is inconsistent with information you have previously provided, or you appear to have deliberately hidden your true identity.

If we, or a fraud prevention agency, decide that you present a fraud or money-laundering risk:

  • we may refuse to provide the services you have applied for or refuse to employ you, or we may stop providing existing services to you; and
  • the fraud prevention agencies will keep a record of any fraud or money-laundering risk, and this may result in others refusing to provide services or employment to you.

You have rights relating to automated decision-making, including the right to request a review of any automated decision made about you. If you want to know more, or to request a review, please contact us using the details set out in the ‘Contact us’ section.

If you have any questions about this, please contact us using the details set out in the ‘Contact us’ section.

Sharing your information with others

We’ll keep your information confidential but we may share it in certain circumstances, for the purposes set out in this policy, with:

  • other Carmoola companies;
  • other companies who provide a service to you, for example if you use our products to make a purchase or payment;
  • any company we are providing services with or whose name or logo appears on our products;
  • our service providers and agents, including their subcontractors;
  • anyone we transfer or may transfer our rights, duties, debts or assets to;
  • credit reference agencies; and
  • fraud prevention agencies and organisations, including CIFAS
    organisations to help us verify your identity
    organisations who provide open banking services and information;
  • social media businesses for marketing purposes.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We may be required to share your information as follows:

  • With UK and overseas regulators and authorities in connection with their duties (such as preventing crime).
  • With any other person or organisation after a restructure, sale or takeover of any Carmoola company or debt, as long as that person uses your information for the same purposes as it was originally given to us or used by us (or both).
  • If we have a duty to reveal it, if it is needed to manage your accounts, or if a law or regulation allows us to do so for legitimate business purposes or with your permission.
  • If we have reason to think that you have to report your income or pay tax in another country, in which case, we may have to share information about your accounts with the UK or relevant tax authorities.

 

Sharing your information with credit reference and fraud prevention agencies

When processing your application, we will carry out credit and identity checks on you with one or more credit reference agencies. To do this, we will give the credit reference agencies your personal information and they will give us information about you. This may make it difficult for you to get credit in the future. We will also continue to exchange information about you with credit reference agencies while you have a relationship with us, for example, if we have asked you to pay an amount you owe us and we do not receive a satisfactory reply from you within our stated time limit, or if you give us false or inaccurate information.

The credit reference agencies may share your personal information with other organisations. The credit reference agencies, and the ways in which they use and share personal information, are explained in more detail at https://www.transunion.co.uk/legal/privacy-centre.

Examples of circumstances when we may share your information or information relating to your partner or other members of your household include when we are:

  • checking details on applications for products and services, and credit and credit-related, or other, facilities;
  • checking your details and credit history and confirming your identity, understanding your financial position by sharing and receiving information, for example, about any borrowing (including any borrowing outside Carmoola) and how you manage it (including the amount you borrow and your payment history, any outstanding debts, payment arrangements, and whether you’ve borrowed money and not repaid it in full and on time);
  • managing credit and credit-related accounts or facilities;
    recovering debt;
  • checking details on proposals and claims for all types of insurance; and
  • making enquiries when you ask for any lending products and to help us manage your account.

Records we share with credit reference agencies will stay on your file for six years after your file is closed, whether you’ve settled the debt or failed to pay it off.

If you’d like to know about the information credit reference agencies hold about you, you should contact them directly (please note, they will charge you a fee for this service). Not every agency will hold the same information, so you should consider contacting them all. Their contact details are as follows:

TransUnion, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ.
Phone: 0870 060 1414 (personal credit information only)
Website: www.transunion.co.uk

Equifax PLC, Credit File Advice Centre, PO Box 1140, Bradford, BD1 5US
Phone: 0844 335 0550
Website: www.equifax.co.uk

Experian, Consumer Help Service, PO Box 8000, Nottingham, NG90 7WF
Phone: 0344 481 8000
Website: www.experian.co.uk

 

You may be charged to call the credit reference agencies. Please check with your phone provider.

We will share your information with fraud prevention agencies who will use it to prevent fraud and money laundering, and to confirm your identity. We and fraud prevention agencies may also allow law enforcement agencies to access and use your personal information to detect, investigate and prevent crime. If fraud is detected, you could be refused certain services or finance.

Fraud prevention agencies can hold your personal information for different periods of time, and if you are considered to present a fraud or money-laundering risk, they can hold your information for up to six years.

Marketing and Promotional Offers

We analyse your personal information to allow us to send you personalised offers, discounts or recommendations based on various things, such as your credit history, the way you use your account and the products you hold with us.

You will receive marketing communications from us if you have requested information from us or taken out a loan with us and you have not opted out of receiving that marketing.

We may also share your email address with Facebook and other social media providers to create lookalike audiences for our products. During this process, Facebook will link your email address with your Facebook profile, and then create an audience of potential customers for us, based on similarities to your (and other customers’) profiles. We will enter into a legal contract with Facebook and any other social media provider to require them to only use your data for the purpose of creating an audience for us.

You have the right to object to us carrying out profiling activities – see further details below in the section “Your Rights” .

Third Party Marketing

We do not share your information with third parties for the purposes of them marketing their products and services to you.

Opting Out

You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you, by updating your preferences in the Carmoola App or by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of any loan or transaction we have entered into with you.

Information about other people

If you give us information about other people (such as people who depend on you financially or additional cardholders), which we will use to provide services as set out in this policy, you are confirming that you have provided those people with a copy of this policy.

Your information may be linked to people who are associated with you, such as your partner or other members of your household. These linked records are called associated records. If we contact a credit reference agency with an enquiry about you, they may answer it by referring to the records of anyone associated with you. Another person’s records will be associated with yours if:

  • you are making a joint application;
  • you tell us about a financial association with another person; or
  • the credit reference agencies have existing associated records.

If you are associated with another person, we will take this association into account in all future applications either or both of you make. The association will continue until one of you applies to the credit reference agencies and is successful in filing a ‘disassociation’, which allows your information to be unlinked.

Sharing your information outside the United Kingdom

We may transfer your information outside the United Kingdom.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed by the UK government or data protection authorities to provide an adequate level of protection for personal data.
  • Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.

You can ask for details of the appropriate protection we have in place by contacting us as set out in the ‘Contact’ section.

How long we will keep your information

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

If you close your account, if we refuse your application for an account or product, or you decide not to go ahead with your application for an account or product, we’ll still keep your information. We may also continue to collect information from credit reference agencies to use after your account is closed. We’ll do this for as long as we’re allowed to for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons.

Your rights

You have rights relating to the way that we use your information. You have the right to:

  • ask us to send you (or someone you nominate) a copy of the information we hold about you;
  • ask us to correct or delete any incorrect or incomplete information we hold about you (we will correct any information we believe is incorrect or incomplete);
  • ask us to stop using your information (we will stop using your information if there is no legal reason for us to continue to hold or use it);
  • object to any automated decision-making;
    ask us to transfer certain personal information to you or to another organisation, including service providers, in a format they can use where this is technically possible (known as the ‘right to data portability’);
  • ask us to transfer a copy of some of your information to you or to another organisation, including service providers, where this is technically possible;
  • withdraw any permission you have previously given to allow us to use your information;
  • ask us to stop or start sending you marketing messages at any time by:
    • logging in to your account and updating your preferences;
    • writing to us at Carmoola, 4th floor, 33 Cannon Street, London, EC4M 5SB;
    • or visiting our website at https://www.carmoola.co.uk/privacy-policy

We analyse your personal information to allow us to send you personalised offers, discounts or recommendations based on various things, such as your credit history, the way you use your account and the products you hold with us. We will stop using your personal information for these purposes if you ask us to stop sending you all types of marketing messages (that is, marketing messages by post, email, phone and text message).


To use any of the rights set out above, or to discuss any other issue relating to your information, please contact us using the methods set out in the ‘Contact’ section.

If you have any concerns about the way we use your information, you have the right to complain to the Information Commissioner’s Office, which regulates the use of personal information in the UK. You can contact them by:

  • going to their website at https://ico.org.uk;
  • calling them on 0303 123 1113;
  • or writing to the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.


Changes to this notice

We may make changes to this notice and how we use your information in the future. If we do this, we’ll post an updated version of this notice on our website. You can find the current version of this notice, which explains how we’ll use your information, by visiting our website at https://www.carmoola.co.uk/privacy-policy

Contact us

Please go to https://www.carmoola.co.uk/contact-us if you have any questions about privacy issues. If you would like more information on your rights, or you want to exercise them, please send a request through our website at https://www.carmoola.co.uk/contact-us 

You can contact our data protection officer at: The Data Protection Officer, Carmoola, 4th floor, 33 Cannon Street, London, EC4M 5SB or email: support@carmoola.co.uk