This policy explains when and why we collect personal information about individuals, how this information is used, the conditions under which it may be disclosed to others and how it is kept secure.

Privacy Policy - Snap Finance

It is important to us that you feel safe when you use Snap Finance Products. Therefore, we are providing all the information about how we use your personal data in this privacy notice.

Snap Finance Limited registered at Companies House under company number 08080202, 1 Vincent Avenue, Crownhill, Milton Keynes, England, MK8 0AB (“Snap”, “we”, “our” or “us”), are each a controller of your personal data in accordance with the EU Data Protection Regulation (the “GDPR”) and UK data protection laws (including the retained EU Regulation 2016/679 as incorporated into UK domestic law and as amended from time to time (the “UK GDPR”) and the Data Protection Act 2018. If you have any questions regarding the processing of your personal data, please contact our data protection team by writing to customer@snapfinance.co.uk

1. Who is responsible for your personal data?

section-1

left

You have several rights under the UK GDPR related to you having control of your personal data and to receive information directly from us on how we process personal data about you. In the following you can read about your rights. If you want to know more or come in contact with us to exercise your rights, the easiest way is to email us on customer@snapfinance.co.uk. If you want to receive information about the data Snap holds about you through subject access, or have certain data deleted, you can send a request to us by email, post or phone, contact details are available on our homepage. For other types of questions please use the contact details in Section 12.

Right to have personal data deleted (“Right to be forgotten”). In some cases, you have the right to have us delete personal data about you. For example, you can request us to delete personal data that we (i) no longer need for the purpose it was collected for, or (ii) process based on your consent and you revoke your consent. There are situations where Snap is unable to delete your data, for example, when the data is still necessary to process for the purpose for which the data was collected, Snap’s interest to process the data overrides your interest in having them deleted, or because we have a legal obligation to keep it. You can read more about our legal obligations to keep data in Section 4 and 9 in this Privacy Notice. The laws described there prevent us from immediately deleting certain data. You also have the right to object to us using your personal data for certain purposes such as direct marketing, which you can read more about in this list of your rights.

Right to be informed. You have the right to be informed of how we process your personal data. We do this through this privacy notice, by service-specific FAQs, and by answering your questions.

Right to receive access to your personal data (“Data Subject access”). You have the right to know if Snap processes personal data about you, and to receive a copy (“data extract”) of such data, data subject access. Through the data extract you will receive information about what personal data Snap holds about you and how we process it.

Right to access, and request a transfer, of your personal data to another recipient (“Data portability”). This right means that you can request a copy of the personal data relating to you that Snap holds for the performance of a contract with you, or based on your consent, in a machine-readable format. This will allow you to use this data somewhere else, for example to transfer your personal data to another controller/recipient.

Right to rectification. You have the right to request that we rectify inaccurate information or complete information about you that you consider is inaccurate or incomplete.

Right to restrict processing. If you believe that your personal data is inaccurate, that our processing is unlawful or that we do not need the information for a specific purpose, you have the right to request that we restrict the processing of such personal data. You also have the possibility to request that we stop processing your personal data while we assess your request. If you object to our processing per your right described directly below, you may also request us to restrict processing of that personal data while we make our assessment.

Right to object against our processing of your personal data. You have the right to object to processing of your personal data which is based on our legitimate interest (Article 6(1)(f) UK GDPR), by referencing your personal circumstances. You can also always object to our use of your personal data for direct marketing purposes. When you let us know that you no longer wish to receive direct marketing from us, we will turn off marketing for you and stop sending it to you.

Right to object to an automated decision that significantly affects you. You have the right to object to an automated decision made by Snap if the decision produces legal effects or significantly affects you in a similar way. See Section 6 on how Snap makes use of automated decisions.

Right to withdraw your consent. As described in section 5 below, where we process your personal data based on your consent or explicit consent, you have the right to revoke that consent at any time. When you revoke your consent, we will stop processing your data for such purposes.

Right to lodge a complaint. If you have complaints about Snap’s processing of your personal data, you may lodge a complaint with (the Information Commissioner’s office (the UK’s data protection authority), which can be reached using this link: https://ico.org.uk/.

2. Your data protection rights as a data subject

section-2

In this section, we describe the types of personal data that we collect or create. In Section 4 we describe for what purposes we use these types of personal data.

Contact and identification data - Name, date of birth, social security number, title, occupation, gender, billing and delivery address, e-mail address, mobile phone number, nationality, age, employment and employment history, audio recordings, photos and video recordings of you and your ID card etc.

Information about goods/services - Details concerning the goods/services you have bought or ordered, such as type of item or delivery tracking number.

Information about your financial standing - Information about, for example, your income, any credits, negative payment history and previous credit approvals.

Payment information - Credit and debit card details (card number, expiry date and CVV code), bank account number, bank name.

Information about your use of Snap’s services - Which service(s) and what different functions in these services you have used and how you have used them. This includes information about outstanding and historical debt, your repayment history, and your personal preferences.

Technical information generated through your use of Snap’s services - Technical data such as response time for web pages, download errors and date and time when you used the service.

Information about your contacts with Snap’s customer service - Recorded phone calls, chat conversations and email correspondence.

Your contacts with the stores you shop at or visit - Information about how you interact with stores, such as whether you have received goods and the type of store you shop at.

Device information - Device ID, IP address, language settings, browser settings, time zone, operating system, platform, screen resolution and similar information about your device and device settings/usage.

Information from external sanction lists and PEP lists - Sanction lists and lists of persons constituting politically exposed persons (“PEP”) include information such as name, date of birth, place of birth, occupation or position, and the reason why the person is on the list in question.

Sensitive personal data - Sensitive personal data are data that reveal religious beliefs, political or philosophical views, trade union membership, or constitute information about health, sex life or sexual orientation as well as biometric data.

Service-specific personal data - Within the framework of our services through the payment accounts, and Personal Finance, we use additional personal data that are not covered by the types listed above. Information regarding each service is listed here: Payment accounts: Information about your transactions and deposits and information about where your money comes from or will be used for. Snap will also process data about third parties (such as payees or payers) for this service; Personal Finance: Information from your other bank accounts and other types of accounts (such as card accounts) that you choose to connect to the service, as well as information such as account number, bank, historical transactions from your connected accounts and balances and assets; Event registration on social media: Information about your profile from your social media account and business information such as your employer’s name, address and type of company.

3. What types of personal data do we collect?

section-3

What we will use your personal data for (the purpose),

Which types of personal data we use for that purpose, and if the personal data comes directly from you or from another source. In the cases where we have received personal data about you from another source, we provide the source in brackets,

What legal rights we have under current data protection legislation, such as the UK GDPR, to process the data about you, referred to as our “legal basis”, and

When Snap stops using the personal data for each purpose.

4.1 Purposes for which your personal data is always used, regardless of the service you use.

Purpose of the processing - what we do and why.

To manage our customer relationship with you in accordance with our agreements, for each product you use. This includes creating and sending information to you in electronic format (not marketing).

To be able to perform customer satisfaction surveys and market surveys, conduct consumer research as well as ask for reviews from you, through email, text messages, phone or via other communication channels.

If you do not want us to perform this processing, please contact us to let us know. See section 2 for more information about your rights. See section 12 for our contact information.

To ensure network and information security in Snap’s services.

To be able to help you as a vulnerable customer (i.e. if you need extra support when contacting us due to particular circumstances). This means that we can offer you special support, for example, when you contact customer service.

To be able to perform risk analysis, prevent fraud, and carry out risk management.

We perform the processing to confirm your identity and that the data you provide is correct, as well as to counter criminal activities. 

This processing constitutes profiling and automated decision-making. We use automated decision-making for this purpose, to be able to determine if you constitute a risk of fraud. See section 6 for more information about profiling and automated decisions. 

To anonymise your personal data in order to improve our services and products and to analyse customer behaviour.

To perform data analysis for product development and testing to improve our risk and credit models and to design and improve our services (if possible, we first anonymise the data, which means that no personal data processing is performed thereafter).

To perform data analysis to measure and improve our marketing and advertising channels (if possible, we first anonymise the data, which means that no personal data processing is performed thereafter).

To calculate payment commissions to suppliers (if possible, we first anonymise the data, which means that no personal data processing takes place thereafter).

To produce statistics and reports for economic analysis or analysis of payment trends or payment volumes in certain regions or industries (if possible, we first anonymise the data, which means that no personal data processing takes place thereafter).

To share your personal data with the categories of recipients described in section 7.1 (suppliers and subcontractors, companies within Snap, persons with authority over your financial transactions, authorities and buyers of receivables, businesses or assets).

To decide what kind of marketing we will provide to you. 

If you do not want us to perform this processing of your data, please contact us. We will then cease to use your data for marketing. Contact information is available in section 12.

The processing may constitute profiling. See section 6 for more information about profiling. 

To provide marketing materials and offers to you about other products and services we offer that are similar to those you have already used and that are part of Snap and its network.

If you do not want to receive marketing from us, please contact us to let us know. We will then stop processing your data for sending marketing. See section 12 for our contact information.

Provide you with direct marketing about offers, products, or services from Snap, and our stores/partners.

To protect Snap from legal claims and safeguard Snap’s legal rights.

Type of personal data used for the purpose, and where they come from (the source). See section 3 to read more about the different types of personal data.

Information about goods/services. (The store) 

Information about your financial standing. (Snap and credit information bureaus)

Information about your use of Snap’s products. (Snap)

Technical information generated through your use of Snap’s services. (Snap)

Your contacts with the stores you shop at or visit. (The store)

Information about your use of Snap’s services.

Information about goods/services. (The store)

Information about your use of Snap’s services. (Snap)

Sensitive personal data (in the form of information on your health). 

Information about your financial standing. (Snap and credit information bureaus) 

4. What personal data are used for what purposes and with which legal basis?

section-4

When Snap uses your personal data based on your consent, you can withdraw your consent at any time. You can do this by sending an e-mail to customer@snapfinance.co.uk or via the contact information you find in Section 12.

Lastly: As described in Section 2 above you also have the right to object against certain personal data processing (for example you may turn off marketing). You also have a right to have certain personal data erased, which is also described in Section 2.   

5. How do you withdraw your consent?

section-5

6.1 Snap’s profiling of you as a customer.

“Profiling” means an automated processing of personal data to evaluate certain personal matters, for example, by analysing or predicting your personal preferences, such as buying interests. At the same time, we compare your data with what our other customers, with similar use of our products, have preferred.

The purpose of Snap’s profiling and the personal data types used for each occasion and for each profiling are described in detail in Section 4 above. The profiling for these purposes does not have a significant impact on you as a customer.

We use profiling for the following purposes:

to deliver customised marketing to you across both our own and external platforms and services.

If you have any questions about how the profiling process works, please contact us. Contact information is available in Section 12. You may object to our marketing profiling at any time by contacting us (and we will then cease profiling for marketing purposes). You may also end our profiling for our services by terminating the service.

6.2 Snap’s automated decisions that significantly affect you.

Automated decisions with legal effect, or automated decisions that similarly significantly affect you, means that certain decisions in our services are completely automated, without our employees being involved. These decisions have a significant effect on you as a customer, comparable to legal effects. By making such decisions automatically, Snap increases its objectivity and transparency in the decision to offer you these services. At the same time, you have the right to object to these decisions at all times. You can read about how to object to these decisions at the end of this Section 6.2.

Automated decisions that significantly affect you also mean that profiling is performed based on your data before the decision is made. This profiling is made to assess your financial situation (before the decision to grant credit) or to identify whether your use of our services involves a risk of fraud or money laundering. We profile your user behaviour and financial standing and compare this data with behaviours and conditions that indicate different risk levels for us.

The different user behaviour and conditions are evaluated and weighted into our automated decision-models, so that we end up with a totalling score, which then results in either accepting or rejecting your use of our finance products. We can also choose to request further identification from you, if we are not sure who you are.

When does Snap take automated decisions that significantly affect you?

We make this kind of automated decision when we:

decide to approve your application to use a finance product.

decide not to approve your application to use a finance product. These automated credit decisions are based on the data you provide to us, data from external sources such as credit bureaus' credit worthiness reports, and Snap’s own internal information about you if we have lent you money before. In addition to information about you, Snap’s credit model includes a large number of other factors, such as Snap’s internal credit risk levels and our customers’ general repayment rates (based on, for example, the current product category).

decide whether you pose a risk of fraud, if our processing shows that your behaviour indicates possible fraudulent conduct, that your behaviour is not consistent with previous use of our services, or that you have attempted to conceal your identity. Automated decisions whereby we assess whether you constitute a fraud risk are based on information you have provided yourself, data from fraud prevention agencies (see section 7.2.3. for details of which ones, we use), and Snap’s own internal information. Snap continuously develops our fraud models to keep our services secure and closely investigate how fraudsters operate on different markets (for example which merchant categories or products are mostly subject to fraud attempts).

decide whether there is a risk of money laundering, if our processing shows that your behaviour indicates money laundering. In relevant cases, Snap also investigates whether specific customers are listed on sanction lists.

The personal data types used in each decision are described in Section 4. See Section 7 for more information about whom we share information with as regards profiling during automated decisions.

If you are not approved under the automated decisions described above, you will not have access to Snap’s services, such as our payment methods. Snap has several safety mechanisms to ensure the decisions are appropriate and fair. These mechanisms include ongoing overviews of our decision models and random sampling in individual cases. If you have any concern about the outcome, you can always contact us, and we will determine whether the procedure was performed appropriately. You can also object in accordance with the following instructions.

Your right to object to these automated decisions

You always have the right to object to an automated decision with legal consequences or decisions which can otherwise significantly affect you (together with the relevant profiling) by sending an e-mail message to customer@snapfinance.co.uk. A Snap employee will then review the decision, taking into account any additional information and circumstances that you provide to us.

6. Snap’s profiling and automated decisions that significantly affect you.

section-6

When we share your personal data, we ensure that the recipient processes it in accordance with this notice, such as by entering into data transfer agreements or data processor agreements with the recipients. Those agreements include all reasonable contractual, legal, technical and organisational measures to ensure that your information is processed with an adequate level of protection and in accordance with applicable law.

7.1 Categories of recipients with whom Snap will always share your personal information, regardless of the service you use.

Description of the recipient: Suppliers and subcontractors are companies that only have the right to process the personal data they receive from Snap on behalf of Snap, i.e. processors. Examples of such suppliers and subcontractors are software and data storage providers, payment service providers and business consultants, providers of machine learning/artificial intelligence functionality and Snap Group companies.

Purpose and legal basis: Snap needs access to services and functionality from other companies where it cannot perform them itself. Snap has a legitimate interest in being able to access these services and functionality (Article 6(1)(f) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See Section 2 for more information about your rights.

https://enfuce.com/privacy-and-data-protection/

https://www.velmie.com/privacy-policy#:~:text=Velmie%2C%20LLC%20will%20take%20all,of%20your%20data%20and%20other

Description of the recipient: Companies in the Snap Group.

Purpose and legal basis: This is required for Snap to be able to provide you with its services and functionalities. Snap has a legitimate interest in being able to access and provide these services and functionalities (Article 6(1)(f) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See Section 2 for more information about your rights.

When you shop in a foreign store (meaning a store located outside of the UK/EEA area) that has an agreement with another company within the Snap Group, the disclosure of your personal information between Snap companies is required in order for the two Snap companies to manage your payment and enable the foreign store to administer your purchase. The legal basis for this processing is the performance of a contract (Article 6 (1)(b) UK GDPR).

The receiving Snap Group company will handle your personal data in accordance with the privacy notice that applies in that country. You can read more about how Snap safeguards your personal data when transferred outside of the UK/EEA in Section 8.

7.1.3 A person who holds a power of attorney for your financial affairs.

Description of the recipient: Snap may share your personal information with a person who has the right to access it under a power of attorney, or deputyship (property and financial affairs).

Purpose and legal basis: This processing is carried out to facilitate your contact with us (through agents), and takes place based on your consent (Article 6(1)(a) UK GDPR).

Description of the recipient: Snap may provide necessary information to authorities such as the police, financial authorities, tax authorities or other authorities and courts of law.

Purpose and legal basis: Personal data is shared with the authority when we are required by law to do so, or in some cases if you have asked us to do so, or if required to manage tax deductions or counter crime. An example of a legal obligation to provide information is when it is necessary to take measures against money laundering and terrorist financing. Depending on the authority and purpose, the legal bases are the obligation to comply with the law (Article 6(1)(c) UK GDPR), to fulfil the agreement with you (Article 6(1)(b) UK GDPR), or Snap’s legitimate interest in protecting itself from crime (Article 6(1)(f) UK GDPR).

There is also a requirement under UK law to withhold tax due on the payments. You will not need to do so, or take any action based on the agreement we have with the UK tax office (the HMRC), as we will disclose the necessary information to the UK tax office to support this agreement. If you have any questions regarding these arrangements, please contact the tax office.

information to a potential buyer of such business or assets. If Snap or a significant part of Snap’s assets is acquired by a third party, personal information about Snap’s customers may also be shared.

Purpose and legal basis: Snap has a legitimate interest in being able to perform these transactions (Article 6(1)(f) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See Section 2 for more information about your rights.

7.2 Categories of recipients with whom Snap shares your personal information when you use Snap’s payment methods, Snap at a store, or choose to pay by debit or with a credit card in Snap’s check-out at a store.

Description of the recipient: By stores we mean the stores you visit or shop at (which may include the store’s group companies if you have been informed thereof by the store).

Purpose and legal basis: In order for the store to be able to perform and manage your purchase and your relationship with the store or its group companies, e.g. by confirming your identity, handling questions and disputes, in order to prevent fraud and, where appropriate, send relevant marketing. The store’s privacy notice applies to the processing of your personal data that has been shared with the store and that the store processes. Normally, you will find a link to the store’s privacy notice on the store’s website. The legal basis for sharing data with stores is partly the performance of a contract (Article 6(1)(b) UK GDPR) insofar as the data sharing takes place to perform the contract between you and the store and partly based on Snap’s and the store’s legitimate interest (Article 6(1)(f) UK GDPR) or your consent (Article 6(1)(a) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.

7.2.2 Payment service providers and financial institutions.

Description of the recipient: Payment service providers and financial institutions provide services to you, stores and Snap to implement and administer electronic payments through a variety of payment methods, such as credit cards and bank-based payment methods such as direct debit and bank transfer.

Purpose and legal basis: Some stores use payment service providers with whom they share your information for managing your payment. This sharing takes place in accordance with the stores’ own privacy notices. The store may also let Snap share your information with the payment service provider they use for processing your payment. Some payment service providers also collect and use your information independently, in accordance with their own privacy notices. This is the case, for example, for electronic wallet suppliers. In addition, Snap may share your information with other financial institutions when conducting transactions with your account to complete the transactions. Sharing with payment service providers and financial institutions is performed to make a transaction initiated by you and it is done to fulfil the agreement with you (Article 6(1)(b) UK GDPR).

7.2.3 Fraud prevention agencies and companies providing identity checks.

Description of the recipient: Your personal data are shared with fraud prevention agencies and companies that provide identity checks.

Purpose and legal basis: Snap shares your information to verify your identity, the accuracy of the data you have provided, and to combat fraudulent and criminal activities. The companies with which we work are listed:

https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference, 

https://www.experian.co.uk/crain, Credit Reference Agency Information Notice (CRAIN)| Equifax UK and

Fair Processing Notices for Cifas' Databases | Cifas.  

Please note that these companies process your data in accordance with their own data privacy notices.

Snap shares your information based on Snap’s legitimate interest in conducting its business (Article 6(1)(f) UK GDPR), as the fraud prevention agencies and the companies providing identity checks have information on fraud activities and identity confirmation which are important for Snap to use as input to decrease its level of fraudulent transactions. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See Section 2 for more information about your rights. You can also contact the entities listed in the link above, to exercise the same rights as stated in Section 2 also against those entities.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details in Section 12 below.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

7.3 Categories of recipients with whom Snap shares your data when you use Snap’s Finance Products.

Description of the recipient: If you apply to use a service from Snap that involves us providing credit (see section 4.2 on which services from Snap involve credit), we will share your personal data with credit information bureaus. Sharing does not take place in the event of small amounts or where we already have sufficient information.

Purpose and legal basis: Your personal information is shared with credit bureaus in order to assess your creditworthiness, to confirm your identity and your contact information, and to protect you and other customers from fraud. This data sharing constitutes a credit report.

If you apply to use a credit Service (see Section 4.1 above for a specification of our credit Services), your personal data may be shared with Credit Reference Agencies (“CRAs”) to assess your creditworthiness in connection with your application, to confirm your identity and your contact information, and to protect you and other customers from fraud.

However, if you are approved for one of our unregulated or regulated finance products, a hard credit search (or “a hard credit lookup”) is performed in addition to soft searches. A hard credit search will be recorded on your credit file and may impact your credit score as follows:

The CRA will keep a record of our enquiry against your name, and which may be linked to your representatives (“associated records”). For the purposes of any application for Services from us, you may be assessed with reference to “associated records”. Where any search or application is completed, or agreement entered, involving joint parties, we may record details about this at the CRAs. As a result an “association” will be created that will link your financial records.

Details of which CRA we have used for a specific search are available on request.

In addition, if you open an agreement with any of our Finance products, we will share further information on your agreement with the CRAs. This will occur on a monthly basis until the agreement is closed. This will include details of your outstanding balance, payments made and any default or failure to meet the terms of your agreement. These records will remain on the CRAs’ files for 6 years after our agreement with you is settled or terminated, whether settled by you or, if applicable, your business or by way of default. This and other information about you (or, if applicable, your business and those with whom you are linked financially) may be used to make credit decisions about you in the future.

The ways in which CRAs use and share personal data are explained in more detail at; Credit Reference Information Notice (CRAIN) | An Information & Insights Company (transunion.co.uk), 

Credit Reference Agency Information Notice (CRAIN)| Equifax UK and

The CRAs will process your information in accordance with their own privacy notices.

Snap shares your information based on Snap’s legitimate interest in conducting its business (Article 6(1)(f) UK GDPR), as the credit information bureaus have information on your financial standing which is important for Snap to use as input to ensure a correct credit assessment and not grant credit to consumers who is unable to repay it. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See Section 2 for more information about your rights. You can also contact the entities listed in the link above, to exercise the same rights as stated in Section 2 also against those entities.

Snap retains credit information about you that we have received from a credit information bureau only in script data format. If you would like to have a readable version, we recommend that you directly contact the credit bureau that informed you that Snap requested a credit report.

7.3.2 Debt collection companies (for debts that are overdue).

Description of the recipient: Snap may need to share your information when we sell or outsource collection of unpaid overdue debts through a third party, such as a debt collection company.

Purpose and legal basis: This data is shared to collect your overdue debts. Debt collection companies process personal data in accordance with their own privacy notices, or only on behalf of Snap in their capacity as Snap’s processors. Debt collection companies may report your unpaid debts to credit information bureaus or authorities, which may affect your creditworthiness and your ability to apply for future credit. This data is shared based on our legitimate interest in collecting and selling debt (Article 6(1)(f) UK GDPR). When balancing interests, Snap has determined that we have a legitimate interest in collecting and selling debts. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled and may wish to object to this processing, for reasons connected to the circumstances in your particular case. See Section 2 for more information about your rights.

Description of the recipient: We share information about you and your purchases when you use the Snap Loan (virtual card) with VISA (https://www.visa.co.uk/legal/global-privacy-notice.html) and with members of VISA’s card network. If you also add the Snap card to your digital wallet, we may need to share your information with the supplier of that wallet. In such case, data will be processed in accordance with that supplier’s privacy notice.

Purpose and legal basis: The sharing takes place to the extent necessary to carry out card transactions, prevent fraud and follow the rules for VISA’s card network. If you renew your Snap card or receive a new card, we will transfer this information to VISA so that VISA can inform third parties with whom you have previously chosen to save your card information (for example, for recurring transactions). Sharing is performed to fulfil the agreement with you (Article 6(1)(b) UK GDPR).

Description of the recipient: Snap can transfer your open debt to debt acquirers.

Purpose and legal basis: Upon transfer of your debt to an acquirer and continuously until you pay off the debt, Snap will share your contact and identification information (name, date of birth, address, and phone number), information about your financial standing (such as residual credit, repayments and any negative payment history in relation to the current debt), as well as information about the goods or services associated with the debt. The buyer will process your personal data in accordance with its own privacy notice, which you will receive information about when the debt is transferred.

The sharing of personal data with different acquirers is based on our legitimate interest in selling outstanding debts as part of our business operations (Article 6(1)(f) UK GDPR). We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your personal data processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See Section 2 for more information about your rights.

7.4 Categories of recipients when using your Snap account (payment accounts).

7.4.1 Credit institutions and other financial institutions.

Description of the recipient: We share your information with credit institutions and other financial institutions (such as other banks) when you make transactions or payments to other accounts.

Purpose and legal basis: If you have made payments to a Snap account, Snap will process the information we receive from the bank you used for the transaction, such as contact and identification data and payment information. If you make transactions or payments to accounts in other banks, Snap will also pass on some of your contact and identification data as well as payment information to the recipient and also to the recipient’s credit institution or financial institution. Sharing is performed to fulfil the agreement with you (Article 6(1)(b) UK GDPR).

7.5 Categories of recipients with whom Snap shares your personal information when you use Snap’s website store links.

Description of the recipient: When you choose to click on a sponsored link in the Snap website that links to a store, product or service, you will be redirected to another company’s website through a third party, known as an affiliate network. https://www.conectia.co.uk/privacy-policy/ The affiliate networks will process your device information in accordance with their own privacy notices. The store you visit through a sponsored link determines which affiliate network processes your information.

Purpose and legal basis: The affiliate network may place tracking technology on your device that contains information about you clicking on that link, which is then used to document your visit to the store to calculate a potential commission due to Snap.

The processing is based on a balancing of interests (Article 6(1)(f) UK GDPR). When balancing interests, Snap has determined that we have a legitimate interest in supplying you with sponsored links in order to market shops on the Snap website. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose.

You are entitled and may wish to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights.

Description of the recipient: Third party Google, LinkedIn and Meta. You can find the privacy policy for Google here, LinkedIn here and Meta here.

Purpose and legal basis: Snap will share your personal data with third party Google, LinkedIn and Meta in order to show you more relevant advertising outside of the Snap App, based on your interaction with Snap's products and services and your Snap profile. Snap will also share this data to assess the relevancy of certain third-party advertising services. Some third-party Google, LinkedIn and Meta will use your data for their own purposes and in accordance with their own privacy policies. You can also get more information about this sharing or how to exercise your rights in regard to these companies by contacting us.

This processing is based on your consent (under Article 6(1)(a) UK GDPR). You can object to this processing - to the same effect as revoking your consent. See Section 2 for more information about your rights.

This processing may constitute profiling which aims to customise the marketing based on what we think you may be interested in. You can read more about profiling in Section 6.

Description of the recipient: When you use Snap at a third-party site or service, Snap will share your personal data with the third-party.

Purpose and legal basis: Done to fulfil the agreement with you (Article 6(1)(b) UK GDPR).

7.5.4 Fraud prevention agencies and companies providing identity checks.

Purpose and legal basis: Snap shares your information to verify your identity, the accuracy of the data you have provided, and to combat fraudulent and criminal activities. The companies with which we work are listed;

 Credit Reference Information Notice (CRAIN) | An Information & Insights Company (transunion.co.uk) , 

Fair Processing Notices for Cifas' Databases | Cifas..

Snap shares your information based on Snap’s legitimate interest in conducting its business (Article 6(1)(f) UK GDPR), as the fraud prevention agencies and the companies providing identity checks have information on fraud activities and identity confirmation which are important for Snap to use as input to decrease its level of fraudulent transactions. We ensure that the processing this entails is necessary to pursue that interest, and that our interest outweighs your right not to have your information processed for this purpose. You are entitled to object to this processing, for reasons connected to the circumstances in your particular case. See section 2 for more information about your rights. You can also contact the entities listed in the link above, to exercise the same rights as stated in section 2 also against those entities.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details in Section 12 below. 

7.6 Categories of recipients with which Snap shares your personal information if you contact our customer service through social media.

Description of the recipient: Social media companies such as Meta (Facebook & Instagram), or Twitter.

Purpose and legal basis: If you contact us via social media such as Twitter or Meta, your personal data will also be collected and processed by these companies, in accordance with their privacy notices. Sharing is performed to fulfil the agreement with you (Article 6(1)(b) UK GDPR).

7. Who do we share your personal data with?

section-7

We always strive to process your personal data within the UK or EEA area. But in certain situations, such as when we share your information within the Snap Group or with a supplier, subcontractor or store which operates outside the UK/EEA, your personal data may be transferred outside the UK/EEA. Snap always ensures that the same high level of protection applies to your personal data according to the UK GDPR, even when the data is transferred outside of the UK/EEA. Your rights in respect to your personal data (described in detail in Section 2), are not affected when data is transferred outside of the UK/EEA. More information about the recipients Snap shares your data with you can find in Section 7.

When you shop with a store placed in a country outside of the UK/EEA area, our sharing of your personal data with that store means that your personal data will be transferred to this country outside of the UK/EEA area.

Certain suppliers of Snap use Binding Corporate Rules (“BCR”) when they transfer personal data outside of the UK/EEA area within their own company group. Such BCR have been approved by an EU or UK data protection authority and ensures that the same high level of protection applies to your personal data when it is transferred.

If you want more information about our safety measures you can always contact us. You can find our contact information in Section 12. You find more information about which countries are deemed to have an “adequate level of protection” on the European Commission’s website, and you can read more about the European Commission’s standard clauses here, and about binding corporate rules (“BCR”) here. The Information Commissioner's Office has information about data transfers here.

Safety measures which Snap uses when transferring personal data outside of the UK/EEA

Countries outside of the UK/EEA may have laws that allow public authorities to request access to personal data stored in the country for the purpose of combating crime or safeguarding national security. Regardless of whether we or any of our providers process your personal data, we will ensure that a high level of protection is guaranteed when transferring that data and that appropriate protection measures have been taken, in accordance with applicable data protection requirements (such as the UK GDPR). Such appropriate safeguards include, but are not limited to, ensuring:

if the European Commission or UK authority has decided that the country outside of the UK/EEA to which your personal data are transferred has an adequate level of protection, which corresponds to the level of protection afforded by the UK GDPR. This means for example that the personal data is still protected from unauthorized disclosure, and that you may still exercise your rights in regard to your personal data, or

the European Commission’s standard clauses (with required UK addendums) have been entered into between Snap and the recipient of the personal data outside the UK/EEA. This means that the recipient guarantees that the level of protection for your personal data afforded by the UK GDPR still applies, and that your rights are still protected. In these cases, we also assess whether there are laws in the recipient country that affects the protection of your personal data. Where necessary, we take technical and organisational measures so that your data remain protected during the transfer to the relevant country outside the UK/EEA, or

that the transfer is covered by the EU-US Data Privacy Framework, with the UK extension. This is an opt-in certification scheme for US companies, administered by the US Department of Commerce. This Privacy Framework includes a set of enforceable principles and requirements that must be certified to by the US company, ensuring that your data is still being sufficiently protected.

8. When can we transfer your personal data outside of the UK and the EEA, and how do we protect it then?

section-8

How long Snap stores your personal data depends on the purposes for which Snap uses the personal data:

Personal data used for the contractual relationship between you and Snap is generally stored for the duration of the contractual relationship and thereafter for a maximum of up to 6 years based on statutes of limitations rules.

Personal data that Snap is under a legal obligation to retain, for example under anti-money laundering laws or regulatory rules, is generally retained for 6 years respectively.

We process the recordings of telephone conversations for a time period of 31 days for quality assurance purposes. We will also retain recordings of inbound and outbound calls for up to 6 years, as well as Snap employees’ notations from these calls for up to ten years, in order to document what has been discussed and decided on the call.

Personal data which is not used for the purposes of your contractual relationship with Snap or where Snap does not have a legal obligation to retain the data is only retained as long as necessary to fulfil the respective purpose for our data processing ten years. More information can be found in the table in Section 4.

The legal obligations referred to above means that Snap cannot delete your personal data, even if you request us to delete it, as described in Section 2. If we don’t have a legal obligation to retain the personal data, we instead have to make an assessment if we may require the personal data in order to protect Snap from legal claims.

Please note that just because we have a legal obligation to store your personal data, this does not mean that we are also permitted to use this data for any other purpose. Snap will make an assessment for each specific purpose of how long we may use your personal data. You can read more about this in Section 4.

1. Who is responsible for your personal data?

2. Your data protection rights as a data subject

3. What types of personal data do we collect?

4. What personal data are used for what purposes and with which legal basis?

5. How do you withdraw your consent?

6. Snap’s profiling and automated decisions that significantly affect you.

7. Who do we share your personal data with?

8. When can we transfer your personal data outside of the UK and the EEA, and how do we protect it then?

9. How long we store your personal data

10. How we use cookies and other types of tracking technology

11. Updates to this Privacy Notice

12. Snap contact information