My Account

Use of your data

Introduction

We are Advantage Finance Limited (company number 03773673) and we are the data controller in respect of your personal data. This policy explains when and why we collect personal data, how this information is used, the conditions under which it may be disclosed to others, and how it is kept secure. If you have any queries about our handling of your personal data, we can be contacted by writing to our Data Protection Officer, Niall Dunn, at Unit 7, Acorn Business Park, Moss Road, Grimsby, DN32 0LW or by email to dataprotection@advantage-finance.co.uk.

This policy explains how we will use the personal data that you provide to us when you apply for motor finance via an online application or via a broker, or that we have obtained about you through our use of your information when you make such an application and, where applicable, when you enter into a finance agreement with us.

Where this policy refers to "we", "our" or "us", unless it mentions otherwise, it's referring to Advantage Finance Limited. Where this policy refers to "you" it's referring to the person applying for motor finance.

What personal data we collect and how we collect it

The personal data you have provided to us: This is information about you that you give to us during your online application or via your broker. This consists of the following categories of information:

The personal data we may receive from other sources: We obtain certain personal data from credit reference and fraud prevention agencies. Please see "Use by credit reference and fraud prevention agencies" below for further information.

If you fail to provide us with any mandatory information that we request from you, we will not be able to proceed with the credit reference and fraud prevention checks described below and, subsequently, we will not be able to consider your application nor propose an offer to you.

How we use your personal data

The purposes for which we use your data and the legal basis under data protection laws on which we rely to do this are as follows:

Special Category Data

You may notify us of Special Category Data as part of managing your account. Special Category data as defined in Article 9 GDPR/Schedule 1 of Data Protection Act as personal data concerning health matters.

Use by credit reference and fraud prevention agencies

In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (CRAs). To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.

We will use this information to:

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.

If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before making an application to us. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at www.experian.co.uk/crain/index.html and/or www.transunion.co.uk/crain and/or www.equifax.co.uk/crain.html

Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process your information. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.

Automated decisions

As part of the processing of your personal data, decisions may be made by automated means.

Your information will be used to assess your credit risk using an automated decision-making technique called "credit scoring". Various factors help us to assess the risk; a score is given to each factor and a total credit score obtained, which will be assessed against a confidential pre-set pass score.

In regard to fraud prevention checks, we may automatically decide that you pose a fraud, credit or money laundering risk if:

Use by third parties

We disclose your information to the following third parties:

Any third party who is restructuring, selling or acquiring some or all of our business or assets or otherwise in the event of a merger, re-organisation or similar event. Third party service providers, agents and sub-contractors acting on our behalf. This may also include providers of data storage and database hosting services, IT hosting, IT software and maintenance services, professional advisors, and third parties that provide income verification services, affordability checks and communication fulfilment services. Courts in the United Kingdom or abroad as necessary to comply with a legal requirement, for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.

These third parties may share your information with us, which we will use in accordance with this policy. In some cases they will be acting as a controller of your information and therefore we would advise you to read their privacy policy in these instances.

When we use third party service providers, we only disclose to them any personal data that is necessary for them to provide their service.

Where we will store your data / data transfers to third parties

We store your personal data on servers located within the United Kingdom. If at any time we transfer your personal data to, or store it in, countries located outside of the United Kingdom or in The European Economic Area (EEA) (for example, if our hosting services provider changes) we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law.

The third parties listed under "Use by third parties" may be located outside of the UK or they may transfer your information outside of the UK. Those countries may not have the same standards of data protection and privacy laws as in the UK. Whenever we transfer your information outside of the UK, we impose contractual obligations on the recipients of that information (Standard Contractual Clauses (SCCs) to protect your personal data to the standard required in the UK. Any third parties transferring your information outside of the UK or EEA must also have in place appropriate safeguards as required under data protection law.

Whenever fraud prevention or credit reference agencies transfer your personal data outside of the UK or EEA, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the UK. They may also require the recipient to subscribe to 'international frameworks' intended to enable secure data sharing.

Retention of your personal data

If we collect your personal data, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.

If your application for finance is declined or if your application is accepted but you do not proceed, we keep your information for 3 years or as long as necessary to deal with any queries you may have.

If your application is accepted and you proceed, we hold your information for 10 years from the date at which your agreement is closed, where settled by you or upon default or as long as necessary thereafter to deal with any queries you may have.

Fraud prevention agencies can hold your data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to 6 years. Credit reference agencies will retain the account information that we give to them for 6 years after your account is closed. Please see "Use by credit reference and fraud prevention agencies" for more information about the information that we give to them.

We may hold your information for a longer or shorter period from that described above where:

Marketing

When you enter into an agreement with us, we will send marketing information by post, email or text to you about contract renewals and/or our similar products and services that we think will be of interest to you.

You have the right to opt-out of our use of your personal data to provide marketing to you in any of the ways mentioned above. Please see the "Withdrawing your consent" and "Objecting to our processing of your personal data and automated decisions made about you" sections for further details on how you can do this.

Your rights

You have a number of rights in relation to your personal data under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal data. Except in rare cases, we will respond to you within one month after we have received this information or, where this is not required, after we have received your request.

For more information or to exercise your data protection rights, please contact us using the contact details above.

Changes to this policy

We may review this policy from time to time and any changes will be notified to you in writing. Any changes will take effect 7 days after the date of our notification. If you do not agree with any aspect of the updated policy you must immediately notify us and cease using our services.