This privacy notice explains how we use your personal information, sets out your rights under the new laws and explains how the law protects you. “Personal information” means information about a living individual who can be identified from that information (either by itself or when it is combined with other information). If we provide you or a business in which you are financially linked with a product or service, then we will use your personal information in the ways set out in this notice.
We are unable to provide you with a product or service or to process your application without having personal data about you. Your personal data is required before you can enter into the relevant contract with us, or it is required during the life of that contract, or it is required by laws that apply to us. If we already hold some of the personal data that we need – for instance if you are already a customer – we may not need to collect it again when you make your application.
If you make an application for your business, we will also collect the personal data about all individuals who are linked to the business, for example beneficial owners, directors or officers of your company, who you must include on the application form. You must show the Privacy Notice to all the linked individuals and ensure they know you will share their personal data with us for the purposes described in it.
We may update our Privacy Notice from time to time. When we do we will publish the updated Privacy Notice on our website. We would encourage you to visit our website regularly to stay informed of the purposes for which we process your information and your rights to control how we process it.
Who are we?
DF Capital is a trading name of Distribution Finance Capital Ltd, registered in England and Wales (company number 10198535) and a subsidiary of Distribution Finance Capital Holdings plc (the Group). Our registered office is at 2nd Floor, 12 Groveland Court, London, EC4M 9EH.
We are registered with the Information Commissioner Office (ICO) (registration no ZA286044) and we are the “controller” for the purposes of data protection laws in relation to any personal information we hold about you.
Our Privacy Promise
DF Capital wants to be a trusted financial partner and is committed to protecting and respecting your privacy. We will always treat your information as confidential, even when you are no longer a customer.
How the law protects you?
As well as our Privacy Promise, your privacy is protected by law. Under Data Protection Laws we can only process your personal information where we have a proper reason for doing so. This includes sharing it outside the Group. The law says we must have one or more of these reasons:
- it is in our own legitimate interests to do so
- we are required to do so by law i.e. a legal obligation
- you have entered or you are considering entering into a contract with us for a financial product or service
- you have granted us consent to process your personal information
A legitimate interest is when we have a business or commercial reason to use your information for example to prevent abuse and loss, to strengthen IT and payment security or for marketing purposes. But even then, it must not unfairly go against what is right and best for you.
What personal data do we collect?
Depending on the product and services you have requested or you are interested in, we collect and process different kinds of personal data, including:
- basic personal information, including name and address, date of birth and contact details.
- documentary data, e.g. details about you that are stored in documents in different formats, or copies of them. this could include things like your passport, driver’s license, or birth certificate.
- financial information, e.g. your financial position, status and history.
- socio-demographic information, e.g. details about your work or profession, nationality, and where you fit into general social or income groupings;
- transactional information, e.g. details about payments to and from your accounts with us.
- social relationships, e.g. information about your family, friends and other relationships;
- contractual information, e.g. details about the products and services we provide to you and your preferences towards them.
- communications, e.g. what we learn about you from letters, emails, and conversations between us.
There may be times when the information we hold about you includes sensitive personal data, such as information relating to racial or ethnic background, criminal convictions or legal proceedings. We will only hold this data when we need to for the purposes of the product or services we provide or where we are legally required to do so. We will always seek your explicit consent to process sensitive personal data.
Letting us know if your personal information is incorrect
We want our service to always meet your expectations and therefore need the information we hold about you to be accurate and up to date. Please help us by telling us straightaway if there are any changes to your personal information. It is important that you tell us about any changes to your contact details, including your email address or mobile number.
Where do we collect your information from?
We hold personal and financial information about you (or your business) which you have provided to us or which we have collected/received from elsewhere such as:
- information you give us on application forms;
- information we get from how you use your facilities;
- details of who supplies goods and services to you;
- when you use our website, including secure messages online;
- information from other organisations, such as credit reference, fraud prevention agencies, data aggregators, comparison websites;
- government and law enforcement agencies;
- information that we gather from publicly available sources, such as the press, social networks, the electoral register, Company House and online search engines;
- when you talk to us on the phone;
- when you use our websites or mobile device apps;
- in emails and letters;
- in customer surveys;
- if you take part in a competition or promotions;
- information from people or businesses you are financially linked to;
- information that other people give us such as your advisors, brokers, introducers or agents working on our behalf; and
- information we get from analysing your financial situation and transaction history.
Why do we collect your information?
DF Capital stores and uses your information to manage your facilities and to provide services that suit your needs. This includes making payments, loan advances, customer services, customer administration, credit assessment and marketing as well as compliance with statutory obligations. Additionally, we may need to use your data for several other reasons including the following:
- Assessing the suitability of products or services
We will use your information to assess whether our products and services are suitable for you or for a business you are financially linked to, including making credit decisions. This may involve credit scoring and regular statistical analysis to produce management information relating to risk. We may look at your information when deciding whether to approve an application for credit by a person you are linked to, including when that person applies on behalf of a business. We may also link your information to the information relating to other people you are financially linked to, if you make a joint application or if you tell us that you have a husband, wife, civil partner or partner. You should make sure you have shared the relevant information from this notice with them.
- Verifying identity, preventing fraud or recovering debt
We may use your information to verify your identity, prevent money-laundering, detect fraud and recover debts. We may use credit reference and fraud prevention agencies to help us make decisions when you apply for a product which allows you to obtain credit. If you provide false or inaccurate information and we find that you have committed fraud, we will pass your details to fraud prevention agencies. Law enforcement agencies may also access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
- checking details on applications for credit and credit related facilities;
- managing credit related facilities;
- recovering debt; and
- checking details on proposals
If you want to receive details of the relevant fraud prevention agencies, please use the contact details at the end of this notice. We and other organisations may access and use information recorded by fraud prevention in other countries. Before we provide you with credit, we will carry out credit searches using credit reference agencies. These checks are necessary before we enter into a contract for credit related products or other services with you. We will share your personal information with credit reference agencies and they will give us information about you. During our business relationship with you, we may also go on sharing your information with credit reference agencies, from time to time, as part of our legitimate interests to promote responsible lending and prudent risk management. To learn more about what credit reference agencies do, please use the contact details at the end of this notice. We will provide you with further information when you ask us for credit.
- Protecting you
We may use your information to protect you in the following ways:
- We may record or monitor phone calls for security and compliance purposes.
- Before we provide any product or service, we will carry out anti-money laundering checks, which may include searches to confirm your identity. Using your personal information in this way help us to protect you from identify fraud, as well as allow us to comply with our legal obligations and meet our legitimate interests.
- Research purposes
We may also use your information for research purposes and to undertake automated decision making including profiling to understand your buying preferences. Using your personal information in this way allows us to develop, improve and market our products and services to meet our legitimate interests.
Sharing your information
We do not sell or trade your information to third party organisations. There are circumstances where we need to provide information to other people who assist us in conducting our business or servicing you or your business or in identifying potential financial crime or where we are under a legal or regulatory obligation to do so. For these reasons we may share your personal information with, for example:
- Credit reference agencies
- Data aggregators
- HM Revenue & Customs, regulators and other statutory bodies and authorities
- UK Financial Services Compensation Scheme and the Financial Ombudsman Service
- Our regulators and certain statutory bodies as required by law
- Any trustees, beneficiaries, administrators or executors associated with your account
- Someone you nominate or authorise to act on your behalf
- People who give guarantees or other security for any amounts you owe us
- Companies we have a joint venture or agreement to co-operate with
- Our professional advisors and auditors
- Organisations that introduce you to us
- Companies that we introduce you to
- Independent market researcher organisations
- Your financial advisors or agents working on our behalf
- Price comparison websites and similar companies that offer ways to research and apply for financial products and services
- People you ask us to share your information with
- Direct Debit scheme, if you use direct debits
- Other lenders who also hold a charge on the asset, if you have a secured loan with us
- Other companies in the Group to assess credit risk, to prevent fraud or manage risk, or to help us run your facilities. We may also share your information within the Group to prepare research and analyse statistics (including analysing risk and credit) so that we can improve our services.
We will sometimes arrange for service providers, agents and subcontractors, including those from outside the European Economic Area (EEA), to provide services and process your information on our behalf. We will make sure that these service providers, agents and subcontractors have a duty to keep your information confidential and secure, and that they only process your information as set out in a written contract. Where we use third parties from outside the EEA, we will ensure that your rights under Data Protection Laws are safeguarded through the appropriate protections, including model clauses where appropriate.
To meet our duties to regulators, we may allow authorised people to see our records (which may include information about you) for reporting, compliance and auditing purposes. For the same reason, we will also hold the information about you when you are no longer a customer.
We may also share your personal information with other organisations if we sell, transfer, or merge parts of our business or our assets, or if we seek to acquire other businesses or merge with them. If any such change to our business happens, these other parties may then use your information in the same way as set out in this Privacy Notice.
Any parties we share your information with agree to keep all information supplied secure and protected from unauthorised access.
Credit Reference Agencies
If you apply for a new product or service from us, we may perform credit and identity checks on you and certain individuals connected to you or your business with one or more credit reference agencies (“CRAs”) or data aggregators. We may also make periodic searches at CRAs to manage your account with us and to detect and prevent fraud.
To do this, we will supply your personal information to CRAs and they will give us information about you. This may include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take a product
- Verify the accuracy of the information you have provided to us
- Confirm identities
- Prevent criminal activity, fraud and money laundering
- Manage your account(s)
- Trace and recover debts
- Ensure any offers provided to you are appropriate to your circumstances
We may continue to exchange information about you with CRAs while you have a relationship with us. We may also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other organisations. The type of footprint left is dependent upon the search that is conducted.
If you are making a joint application, or tell us that you have a spouse or financial associate, we may link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application.
We need to confirm your identity before we provide products or services to you or your business.
Once you have become a customer of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks. We use CRAs to help us with this.
We or a CRA (in their fraud prevention role) may allow law enforcement agencies to access your personal information. This is to support their duty to detect, investigate, prevent and prosecute crime.
CRAs can keep personal information for different lengths of time. For example, they can keep your information for up to six years if they find a risk of fraud or money-laundering.
We and CRAs may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you or your business. Either of these could indicate a possible risk of fraud or money-laundering.
If we or a CRA decide there is a risk of fraud, we may stop activity on the accounts or block access to them. CRAs will also keep a record of the risk that you or your business may pose.
This may result in other organisations refusing to provide you with products or services, or to employ you.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at https://www.experian.co.uk/crain.
How long do we keep your information?
We will only keep your personal information for as long as is necessary to administer any relationships that you hold with us. This means that we may hold your personal information after your relationship with us ends for up to seven years.:
We may do this for the following reasons:
- to respond to any questions or complaints;
- to show that we treated you fairly;
- to maintain records according to regulatory and statutory rules that apply to us; and
- To allow us to preserve, defend or enforce any relevant legal rights we may have.
We may keep your data for longer than seven years if we cannot delete it for legal or regulatory reasons. If we do, we will make sure that your privacy is protected and only use it for those purposes.
Your Privacy Rights
You have a number of rights under the Data Protection Laws in relation to the way we process your personal data, which are set out below. We will aim to respond to any request received from you in relation to exercising your rights within 30 days from your request, although this may be extended in some circumstances in line with Data Protection Laws.
- Access – You have the right to access the information that we are processing about you and to be told where the information comes from and what we use it for. You also have the right to be informed about how long we store your information and about those with whom we share your information. Your right of access may, however, be restricted by law, the need to protect another individual’s privacy or consideration for the DF Capital commercial business strategies and operations. You must write to us if you want to see this information. Access to your data will usually be provided free of charge, although in certain circumstances we may make a small charge where we are entitled to do so under Data Protection Laws.
- Rectification – You have a right to rectification of inaccurate personal information and to update incomplete personal information.
- Restriction – You have a right to request us to restrict the processing of your personal information. You may request us to restrict processing your personal information if you believe that:
- any of the information that we hold about you is inaccurate;
- we no longer need to process your information for the purposes for which it was provided; or
- we are not using your information in a lawful manner
- Erasure – You have a right to request that we delete your personal information. You may request that we delete your personal information if you believe that:
- we no longer need to process your information for the purposes for which it was provided;
- we have requested your permission to process your personal information and you wish to withdraw your consent; or
- we are not using your information in a lawful manner.
- Objection – You have a right to object to the processing of your personal information, unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests.
- Portability – You have a right to receive the personal information you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible.
Rights with respect to personal data are bound by the legitimate need for DF Capital to process data for statuary, regulatory and contractual purposes. Thus, certain of the above rights will be limited e.g. we’re required by law to retain some of your data for at least 6 years.
If you wish to exercise any of these rights or if you have any queries about how we use your personal information that are not answered here, you can contact our Data Protection Office at the address at the end of the Privacy Notice.
Profiling and automated decision making
DF Capital may use automated decision making, including profiling, to approve applications for loans or credit, to prevent fraud and, in the case of profiling, to be able to offer you specific services and products that meet your preferences and to target our marketing in general. You have the right not to be subject to automated decision making (including profiling), where it affects your legal rights or has an adverse impact on you, for example, the refusal of an online credit application. If you have given us your consent to process your data and the processing is automated, you have the right to get your personal information from us in an electronic format that can easily be reused. You can also ask us to pass your information in this format to other organisations. If you wish to exercise any of these rights, please write to our Data Protection Officer at the address at the end of this notice.
We are keen to keep you up to date with changes to the service we provide or interruptions to our service, or also to remind you to activate and use the online services for which you have registered. If you have given us your email address or mobile number, we may use these to send you messages. If you do not want us to contact you by text message or email, please contact us and we will delete these details from our records.
Through our marketing programme, we may identify and tell you about products and services supplied by us that we consider may be of interest to you. We may do this by phone, mail, email, text or through other digital media where you have given us your consent to being marketed by these methods. You can decide how much direct marketing you want to accept. You can contact us at any time if you do not want to receive marketing information. Whatever you choose, you will still receive statements, and other important information such as changes to your existing products and services.
How to withdraw your consent?
Once you have given us your consent you can withdraw it at any time, unless there is another legal reason under the Data Protection Laws that allows us to process your information. Please note that if you withdraw your consent, we might not be able to provide you our products or services. If this is so, we will tell you. You can withdraw your consent at any time by getting in touch with us at email@example.com or using the contact details at the end of this notice. The withdrawal of your consent will be processed as soon as possible.
How to complain
If you are unhappy with how we have handled your personal information, you can contact our Data Protection Office at the address at the end of this notice.
You also have the right to complain to the Information Commissioner’s Office. You can call their helpline on 0303 123 1113, or you can visit their website (www.ico.org.uk) for information on how to make a data protection complaint.
Data Protection Officer
We have appointed a Data Protection Officer to advise us about our data protection obligations and to monitor compliance. You can contact the Data Protection Officer by writing to the Data Protection Officer, DF Capital, 2nd Floor, 12 Groveland Court, London, EC4M 9EH or by emailing us at firstname.lastname@example.org