How we use the information we hold about you
This policy applies to information held about customers and possible future customers, suppliers and possible future suppliers, contacts and all other people we hold information about. By ‘information’ we mean personal and financial information about you that we collect, use, share and store. This may include your name, date of birth, address, contact information, financial information, car information, details about your health and lifestyle, employment details and device identifiers including internet protocol (IP) address and vehicle details. It includes information about any other Carmoola products and services (or products and services provided by our partners) you currently have, you’ve applied for or you’ve had in the past.
Where this information comes from
We collect, use, share and store information about you to provide you with the services you have asked us for and to share information with you about services that may be of interest to you.
You may provide this information direct to us, for example by the way you communicate or do business with us, such as:
This information may also come from other organisations or people, such as other Carmoola companies, other organisations you have a relationship with, joint account holders, credit reference agencies (who may search the Electoral Register), employers, fraud prevention agencies or other organisations.
If you do not provide the information that we tell you you must provide, this may mean that we are unable to properly provide you with our services or carry out all our obligations under our agreement with you.
How we use your information
We use this information:
Under data protection laws, whenever we process your personal information, we must meet at least one set condition for processing. These conditions are set out in data protection law and we rely on a number of different conditions for the activities we carry out.
Specifically, we and other Carmoola companies may use your information for the following purposes and under the following legal bases.
|How we use your information||Legal basis|
|To provide and manage your accounts and our relationship with you.||
|To give you statements and other information about your account or our relationship with you.||
|To handle enquiries and complaints.||
|To provide our services to you.||
|For assessment, testing (including systems tests) and analysis (including credit or behaviour scoring (or both)), statistical, market and product analysis and market research. We may use this information to prepare statistical reports to be shared internally or externally with others, including non-Carmoola companies. We produce these reports using information about you and our other customers. The information used and shared in this way is never personal and you will never be identifiable from them.||
|To evaluate, develop and improve our services to you and other customers.||
|To protect our business interests and to develop our business strategies.||
To contact you, by post, phone, text, email and other digital methods.
This may be:
|To make sure any marketing messages we send you are more relevant to you.||
|To collect any debts you owe to us.||
|To prevent, detect, investigate and prosecute fraud and alleged fraud, money laundering and other crimes, and to check your identity. We may record your image on CCTV when you visit our premises.||
|To assess any application you make, including checking for fraud and money laundering, confirming your identity, and carrying out any other regulatory checks. We may compare your details with the details of countries, organisations and people who sanctions apply to, to decide whether we are prevented from doing business with you or processing a transaction under sanctions law.||
|To monitor, record and analyse any communications between you and us, including phone calls.||
|To check that your mobile phone is in the same place as your payments are being made from.||
|To transfer your information to or share it with any organisation your account has been or may be transferred to following a restructure, sale or takeover of any Carmoola company or debt.||
|To share your information with UK or other relevant tax authorities, credit reference agencies, fraud prevention agencies, and UK and overseas regulators and authorities.||
|To share your information with our partners and service providers.||
|To share your information in an encrypted format with social-media companies. They can then match this to personal information they already hold about you so they can display messages to you about our products and services.||
Data protection law allows us to use personal information for our genuine and legitimate reasons as long as we respect your rights and freedoms. This lawful basis for using your information is called ‘legitimate interests’. When we rely on our legitimate interests as the legal basis for processing your personal information for the purposes set out above, we will carefully consider and balance any possible effect this may have on you and your rights.
We will occasionally need to use sensitive information about you in the following ways. We will use information about your health if this is relevant for us to help you if you are struggling with a debt, it is relevant to a complaint you are making about us, it is relevant to how you want us to contact you, or it provides us with relevant information about how you are spending your money. We will also use sensitive information about you if this is considered to be in the public interest (for example, to support you if you are a vulnerable customer) or if you agree.
We may also process some information that relates to criminal convictions if this is in the public interest (for example, to prevent or detect financial crime).
If you apply to us for a product or service, we have an automated decision-making process which will carry out fraud, credit and affordability assessment checks to decide whether we will accept your application. The automated processes may decline or refer your application. If your application is referred, this means we will manually review your application before making a final decision.
We will also use automated decision-making to:
How the automated processes make decisions
Affordability: the processes will consider your income, spending and credit history to decide how easily you will be able to manage repaying credit. We may compare you with other people in a set (for example, people who are in a certain age bracket may be more likely to be able to manage credit).
Regulatory assessment: certain details in your information may suggest that you are likely to become financially vulnerable and we may need to help you.
Financial crime checks: the processes will compare your details with the details of countries, organisations and people who sanctions apply to, to decide whether we are prevented from doing business with you under sanctions law. This means that we may automatically decide that you present a fraud or money-laundering risk, or risk of breaking financial sanctions, if the processing reveals your behaviour to be consistent with money laundering or known fraudulent behaviour, is inconsistent with information you have previously provided, or you appear to have deliberately hidden your true identity.
You have rights relating to automated decision-making. If you want to know more, please contact us using the details set out in the ‘Contact us’ section.
If we, or a fraud prevention agency, decide that you present a fraud or money-laundering risk:
If you have any questions about this, please contact us using the details set out in the ‘Contact us’ section.
Sharing your information with others
We’ll keep your information confidential but we may share it in certain circumstances, for the purposes set out in this policy, with:
The people and organisations listed above will also have to keep it secure and confidential.
We may share limited information (for example, your mobile phone number or email address), in an encrypted format, with social-media companies. The social-media companies can match this to personal information they already hold about you, so that they can display messages to you about our products and services.
We may be required to share your information as follows:
Sharing your information with credit reference and fraud prevention agencies
When processing your application, we will carry out credit and identity checks on you with one or more credit reference agencies. To do this, we will give the credit reference agencies your personal information and they will give us information about you. This may make it difficult for you to get credit in the future. We will also continue to exchange information about you with credit reference agencies while you have a relationship with us, for example, if we have asked you to pay an amount you owe us and we do not receive a satisfactory reply from you within our stated time limit, or if you give us false or inaccurate information. The credit reference agencies may share your personal information with other organisations. The credit reference agencies, and the ways in which they use and share personal information, are explained in more detail at www.experian.co.uk/crain/. Examples of circumstances when we may share your information or information relating to your partner or other members of your household include when we are:
Records we share with credit reference agencies will stay on your file for six years after your file is closed, whether you’ve settled the debt or failed to pay it off.
If you’d like to know about the information credit reference agencies hold about you, you should contact them direct (please note, they will charge you a fee for this service). Not every agency will hold the same information, so you should consider contacting them all. Their contact details are as follows:
You may be charged to call the credit reference agencies. Please check with your phone provider.
We will share your information with fraud prevention agencies who will use it to prevent fraud and money laundering, and to confirm your identity. We and fraud prevention agencies may also allow law enforcement agencies to access and use your personal information to detect, investigate and prevent crime. If fraud is detected, you could be refused certain services or finance.
Fraud prevention agencies can hold your personal information for different periods of time, and if you are considered to present a fraud or money-laundering risk, they can hold your information for up to six years.
Information about other people
If you give us information about other people (such as people who depend on you financially or additional cardholders), which we will use to provide services as set out in this policy, you are confirming that you have provided those people with a copy of this policy.
Your information may be linked to people who are associated with you, such as your partner or other members of your household. These linked records are called associated records. If we contact a credit reference agency with an enquiry about you, they may answer it by referring to the records of anyone associated with you. Another person’s records will be associated with yours if:
If you are associated with another person, we will take this association into account in all future applications either or both of you make. The association will continue until one of you applies to the credit reference agencies and is successful in filing a ‘disassociation’, which allows your information to be unlinked.
Sharing your information outside the European Economic Area
When we or fraud prevention agencies transfer your information outside the European Economic Area, we or the fraud prevention agencies will:
If we are transferring your information, we may also transfer it to either a country considered by the European Commission to provide adequate protection of your information, or to a different country if you agree to that. If we transfer your information outside the European Economic Area in other circumstances (for example, because we have to reveal the information to help prevent or detect a crime), we’ll make sure we share that information lawfully.
You can ask for copies of the appropriate protection we have in place by contacting us as set out in the ‘Contact’ section.
How long we will keep your information
We will keep your information for as long as is needed for the purposes set out above or as required by any laws that apply.
If you close your account, if we refuse your application for an account or product, or you decide not to go ahead with your application for an account or product, we’ll still keep your information. We may also continue to collect information from credit reference agencies to use after your account is closed. We’ll do this for as long as we’re allowed to for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons.
You have rights relating to the way that we use your information. You have the right to:
We analyse your personal information to allow us to send you personalised offers, discounts or recommendations based on various things, such as your credit history, the way you use your account and the products you hold with us. We will stop using your personal information for these purposes if you ask us to stop sending you all types of marketing messages (that is, marketing messages by post, email, phone and text message).
To use any of the rights set out above, or to discuss any other issue relating to your information, please contact us using the methods set out in the ‘Contact’ section.
If you have any concerns about the way we use your information, you have the right to complain to the Information Commissioner’s Office, which regulates the use of personal information in the UK. You can contact them by:
We may make changes to this notice and how we use your information in the future. If we do this, we’ll post an updated version of this notice on our website. You can find the current version of this notice, which explains how we’ll use your information, by visiting our website at https://www.carmoola.co.uk/privacy-policy.
Please go to https://www.carmoola.co.uk/contact-us if you have any questions about privacy issues. If you would like more information on your rights, or you want to exercise them, please send a request through our website at https://www.carmoola.co.uk/contact-us
You can contact our data protection officer at: The Data Protection Officer, Carmoola, 4th floor, 33 Cannon Street, London, EC4M 5SB or email: email@example.com