This policy explains when and why we collect personal information about individuals, how this information is used, the conditions under which it may be disclosed to others and how it is kept secure.

Snap Finance - Privacy Policy

pink

Snap Finance UK is the data controller in relation to the processing activities described below. This means that Snap Finance UK decides why and how your personal information is processed. 

This policy explains when and why we collect personal information about individuals, how this information is used, the conditions under which it may be disclosed to others and how it is kept secure. 

This policy may change from time to time so please check this page occasionally to ensure that you’re happy with any changes. 

This policy was last updated on 12th March 2020.

green

Before We enter into the agreement with You, We will collect personal data relating to You and third parties which may include a spouse or partner, family members, and/or member(s) of Your household, joint applicant(s), or other individuals with whom You have a financial connection (“financial associates”). You must be sure You have Your financial associate’s agreement to disclose their personal data. This personal data may be collected from You or other sources such as credit reference agencies, fraud prevention agencies (including those based outside the EU), Your insurer, regulatory bodies and public registers including the electoral roll. Whether or not Your application proceeds, these sources will link Your records and those of Your financial associates, including any previous and subsequent names. These links will remain on Your and their files until You or they tell these sources You are no longer financially linked and the source accepts this. If you do not provide this information then We may not be able to proceed with your application.

A scoring or other automated decision-making system may be used to assess Your application. Your personal data will be used to assess Your credit risk using an automated decision-making technique called ‘credit scoring’. Various factors (such as previous account conduct and payment arrears) help us to assess the risk; a score is given to each factor and a total credit score obtained, which will be assessed against a confidential pre-set pass score. The consequence is that your application may be declined . This process is necessary for the performance of a contract as it helps Us make fair and responsible lending decisions. We regularly test credit scoring methods to ensure they remain fair, effective and unbiased. You have the right to obtain human intervention. You also have the right to challenge a decision and request that any declined decision is reconsidered. Our contact details for exercising these rights are located in the ‘Contact Us’ section of the Privacy Policy.

Before entering into the Agreement

left

Providing and administering the services under, and transacting, this agreement. 

Processing and administering personal data is necessary for the performance of a contract with You.

Assessing lending risks, credit and other funding decisions. 

Assessing lending risks, credit and other functioning decisions is necessary for the performance of a contract with You.

To understand your needs and provide a better service to You.

To help us to develop and improve our products and services.

We have a legitimate interest in understanding Your needs so that We provide a better service to You, and to help Us develop and improve our products and services.

Monitoring communications between us (calls, letters, emails and texts) to prevent and detect crime

Monitoring communications is necessary for compliance with our legal obligations to prevent fraud and detect crime. 

Credit, market, account and operational risk management 

Processing personal data relating to the identification and management of financial and market risk is necessary for the performance of a contract during the contract with You.

Processing personal data relating to debt recovery is necessary for the performance of a contract as We need to ensure payment of debt owed to Us. 

Assigning our rights and obligations to a third party

We have a legitimate interest to process personal data when assigning our rights and obligations to a third party.

We have a legitimate interest to process personal data when disposing of our business or assets.

Funding, capital markets orsecuritisation arrangements 

This is necessary for the purposes of our legitimate interests to ensure that We or our business remains commercially viable. 

Complying with regulatory and compliance obligations - for example anti money laundering and counter terrorism checks.

Processing is necessary for compliance with legal obligations to complete anti-money laundering and counter terrorism checks.

Processing is necessary for compliance with legal obligations relating to the administration of tax. 

Auditing, reporting and accounting functions

Processing is necessary for compliance with legal obligations relating to auditing and accounting.

To protect the security of our communications,systems and procedures

Processing is necessary for compliance with legal obligations to protect the security of personal data within our communications, systems and procedures.

We have a legitimate interest in understanding the customer journey so that We understand your needs and provide a better service to You, and to help Us develop and improve our products and services.

We may monitor and record telephone calls for the purposes of training and quality control. 

Processing is necessary for the purposes of our legitimate interests to enable us to properly resolve complaints, to improve our service standards and for staff training purposes.

We may monitor and record telephone calls for the purposes ofsecurity and for legal claims.

Processing is necessary for compliance with legal obligations relating to legal claims and security of personal data.

We may process personal data prior to sending for a marketing purpose.

We have a legitimate interest in processing data prior to sending in order to effectively provide marketing from Us and from third parties.

We are the data controller in respect of the personal data that You give to Us and which We hold about You. Personal data means any identifiable information, whether directly or indirectly, relating to You. Personal data (including without limitation Your title, first name, middle name surname, mobile number, home address, email address date of birth, financial information (including your debit or credit card number, CV2, expiry date and name on debit or credit card), employment details and any unique device identifiers collected by Us, provided by You or received from third parties, will be used by Us at application stage and during the term of and after termination of this agreement for the following purposes:

Collecting and using Your personal data

For the purposes set out above, We may transfer personal data to carefully selected third parties: 


TransUnion International UK Limited, Experian Ltd, and/or other credit reference agencies; our service, system, support and outsource provider of credit reference services, where we will share personal data, including details of Your application to Your agreement with Us, the payments You make under it, any default or failure to keep to its terms and any change of name or address; 


Experian Ltd, who provide address verification; 


Equifax Ltd, where we will share personal data, including details of Your application to Your agreement with Us, the payments You make under it, any default or failure to keep to its terms and any change of name or address; 


Our collection agents in the event that You default on Your loan with Us; and 
Regulatory bodies 


Law enforcement and fraud prevention agencies (please see the section below headed ‘Fraud Prevention Agencies’ to see how we interact with fraud prevention agencies when processing your personal data). 

In order to process Your application We will supply Your personal information to credit reference agencies (CRAs) and they will give us information about You, such as about Your financial history. We do this to assess creditworthiness and product suitability, check Your identity, manage Your account, trace and recover debts and prevent criminal activity. 

We will also continue to exchange information about You with CRAs on an ongoing basis, including about Your settled accounts and any debts not fully repaid on time. CRAs will share Your information with other organisations. Your data will also be linked to the data of Your spouse, any joint applicants or other financial associates. 

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at: 


https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference 


https://www.experian.co.uk/legal/crain/ 


(please note that the Credit Reference Agency Information Notice is the same for each of the CRAs). 

Third parties 

We may share your personal data with other companies within Snap Finance group. They may use your personal data for providing and administering the services under, and transacting, this agreement. 

Group companies 

We may disclose your information to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. 

When we use third party service providers, we only disclose to them any personal data that is necessary for them to provide their service and we have a contract in place that requires them to keep your personal data secure and not to use it other than in accordance with our specific instructions. 

Our suppliers and service providers 

When you purchase any products or services online, your credit/debit card payment is processed by a third party payment provider, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us using the details at the end of this policy. 

Credit/debit card payment providers 

We may transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal data if we’re under a duty to disclose or decide to share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers. 

However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected. 

Other ways we may share your personal data 

All information you provide to us may be transferred to countries outside the European Economic Area (EEA) including the USA and Costa Rica. By way of example, this may happen where any of our Group companies are incorporated in a country outside of the EEA or if any of our servers or those of our third party service providers are from time to time located in a country outside of the EEA. 

These countries do not provide the same standard of data protection laws as the UK. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal data or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents. 

Overseas transfers of personal data 

If We collect Your personal information, the length of time We retain it is determined by a number of factors including the purpose for which We use that information and our obligations under other laws. 

We do not retain personal information in an identifiable format for longer than is necessary. For unsuccessful applications, We will remove Your data after twelve (12) months. 

We may need your personal information to establish, bring or defend legal claims, in which case We will retain your personal information for 7 years after the last occasion on which We have used your personal information in one of the ways specified in “Collecting and using Your personal data”. 

The only exceptions to this are where: 


the law requires us to hold Your personal information for a longer period, or delete it sooner; 



you exercise Your right to have the information erased (where it applies) and We do not need to hold it in connection with any of the reasons permitted in this “Data retention” section or required under the law; and 



in limited cases, the law permits Us to keep your personal information indefinitely provided We put certain protections in place. 

Data retention

Before We provide financing to You, We undertake checks for the purposes of preventing fraud and money laundering, and to verify Your identity. These checks require Us to process personal data about You. 


The personal data You have provided, We have collected from You, or We have received from third parties will be will be used to prevent fraud and money laundering, and to verify Your identity. 


Details of the personal information that will be processed include, for example: name, address, date of birth, address, contact details, financial information, employment details and device identifiers including IP address. 


We and fraud prevention agencies may also enable law enforcement agencies to access and use Your personal data to detect, investigate and prevent crime. 


We process Your personal data on the basis that We have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to Us. Such processing is also a contractual requirement of the financing You have requested. 


Fraud prevention agencies can hold Your personal data for different periods of time, and if You are considered to pose a fraud or money laundering risk, Your data can be held for up to six years.

General 

As part of the processing of Your personal data, decisions may be made by automated means. This means We may automatically decide that You pose a fraud or money laundering risk or if our processing reveals Your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with Your previous submissions; or You appear to have deliberately hidden Your true identity. You have rights in relation to automated decision making: if You want to know more please contact Us using the details provided below. 

Automated Decisions 

If We, or a fraud prevention agency, determine that You pose a fraud or money laundering risk, We may refuse to provide the financing You have requested. 


A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to You. If You have any questions about this, please contact Us on the details provided. 

Consequences Of Processing 

Whenever fraud prevention agencies transfer Your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect Your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing. 

Data Transfers 

For information on your rights when we process your data in connection with information provided by a fraud prevention agency, please see below. 


You have the following rights (which may not always apply or be subject to certain circumstances and exemptions, and some only apply from 25 May 2018): 


The right to be informed - including about Our processing of Your personal data. That is the reason for this data protection statement. 


To have Your personal data corrected if it is inaccurate and to have incomplete personal data completed in certain circumstances. 


The right in some cases to object to processing of Your personal data (as relevant). This right allows individuals in certain circumstances to object to processing based on legitimate interests, direct marketing (including profiling) and processing for purposes of statistics. 


The right in some cases to restrict processing of Your personal data, for instance where You contest it as being inaccurate (until the accuracy is verified); where You consider that the processing is unlawful and where this the case; and where You request that Our use of it is restricted; or where We no longer need the personal data. 


The right to have Your personal data erased in certain circumstances (also known as the “right to be forgotten”). This right is not absolute – it applies only in particular circumstances and where it does not apply any request for erasure will be rejected. Circumstances when it might apply include where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed, if the processing is based on consent which You then withdraw, when there is no overriding legitimate interest for continuing the processing, if the personal data is unlawfully processed, or if the personal data has to be erased to comply with a legal obligation. Requests for erasure will be refused where that is lawful and permitted under data protection law for instance where the personal data has to be retained to comply with legal obligations or to exercise or defend legal claims. 


To request access to the personal data held about You and to obtain certain prescribed information about how We process it. This is more commonly known as submitting a “data subject access request”. This must be done in writing, and we may need confirmation of your identity. This right will enable You to obtain confirmation that Your personal data is being processed, to obtain access to it, and to obtain other supplementary information about how it is processed. In this way You can be aware of and You can verify the lawfulness of your processing of Your personal data. 


To move, copy or transfer certain personal data. Also known as “data portability”. You can do this where We are processing Your personal data based on a consent or a contract and by automated means. This right is different from the right of access (see above) and that the types of data You can obtain under the two separate rights may be different. You are not able to obtain through the data portability right all of the personal data that You can obtain through the right of access. 


Rights in relation to some automated decision making about You including profiling (as relevant) if this has a legal or other significant effect on You as an individual. This right allows individuals in certain circumstances to access certain safeguards against the risk that a potentially damaging decision is taken without human intervention. 

For more information or to exercise these rights, please contact Us using the details at the end of this policy. 

You have the right to lodge a complaint with the Information Commissioner’s Office where Your data has or is being used in a way that You believe does not comply with data protection laws. However, We encourage You to contact Us before making any complaint and we will seek to resolve any issues or concerns You may have. 

Your Rights 

We may collect Your preferences to receive marketing information directly by email, SMS, post and telephone.

Marketing from Us 

We will only share Your data with our recommended third party partners for them to contact You with marketing information about their products and services where You have indicated that You would like Us to do so. Once shared, the relevant third party’s privacy policy will apply to their processing of Your personal data, not ours. 

Marketing from third parties 

You have the right at any time to ask Us, or organisations You have allowed Us to share Your personal data with for marketing purposes, to stop contacting You or passing Your details to others for marketing purposes. Please contact Us using the details at the end of this policy. 

Changing Your Marketing Preferences 

Please contact our customer services department on 03300 109381 or by writing to Us at customer@snapfinance.co.uk or 1 Vincent Avenue, Crownhill, Milton Keynes, MK8 0AB, or use the tools on our website. 

Privacy Policy

Introduction