1. Policy Statement
Where we are in control of deciding how and why your Personal Data is processed, we are Data Controllers of your Personal Data. The terms Data Controller and Personal Data are defined within the General Data Protection Regulation. We undertake to act in accordance with the General Data Protection Regulation (including having in place adequate levels of security in respect of such Personal Data).
2. Who are we?
We are Oodle Financial Services Limited trading as Oodle Car Finance (“Oodle Car Finance” “we”, “us” or “our”). We are registered with the Information Commissioner’s Office with registration number ZA121323 and you can search our registration details on the Public Register of Data Controllers at www.ico.org.uk.
Our Data Protection Officer is: Oodle Car Finance General Counsel who can be contacted by writing to Oodle Car Finance, 1st Floor, Fletcher House, Oxford Science Park, Oxford, OX4 4GE or by emailing email@example.com .
3. What information do we hold about you and why do we collect it?
Customers and prospective customers
When you register an interest to use our Services and/or our sites, we may ask you to provide certain information such as your name, address, email address, and a contact number.
We may also request contact details so that we can communicate with you about our services, for example if you submit an enquiry for information or to send marketing communications.
The main reason we use the information that you provide and that is provided by third parties is to consider whether Oodle Car Finance should enter into a finance agreement with you, either now or in the future, and this information will be entered onto the Oodle Car Finance, finance proposal system. It is important that you provide accurate information on your application.
We may also use your information:
- in the normal course of our business, to allow us to register you to receive our Services and to provide you with our Services;
- for the purpose of verifying your identity and preventing fraud and money laundering by carrying out checks with fraud prevention and credit reference agencies;
- to allow us to manage your account;
- to allow us to analyse your personal preferences and personalise our Services to you so that we can provide a more tailored experience to you;
- to ask you to complete surveys that we use for research purposes, although you do not have to respond to them;
- to record details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access on the basis that processing is necessary in order to perform our contract with you to provide our Services;
- to communicate with you, including sending you information about products and Services which we think may be of interest to you (details of how to manage your marketing preferences are covered below under Marketing);
- to validate your Personal Data (and, in some cases, match it against information that has been collected by a third party) to check that the Personal Data we hold about our customers/users is accurate, consistent and up to date on the basis that you have consented to such processing by agreeing to share your Personal Data with us for such purposes;
- to provide customer service, including answering questions and responding to feedback and complaints;
- to make automated decisions, including profiling (further details regarding automated decision making are set out below)
This might include details of your medical data. We may require such information if we consider you have specific requirements, your needs change or you experience vulnerabilities which we need to consider as part of the management of your agreement with us.
We may also require details regarding criminal records and proceedings for compliance with legal obligations (including safeguarding against fraud and anti-money laundering requirements).
When you visit our site, in addition to information you provide to us on the site (such as name and contact details) we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws. Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information.
We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked. We may also collect information about the website from which you came before vising our site. Collecting this information enables us to better understand the visitors who come to our site, where they come from, and what content on our site is of interest to them. We may also use the information to pre-populate fields to make it easier for you to provide information when you return to our sites (using cookies – see more on this at section 11 below).
We use this information for our internal analytics purposes and to improve the quality and relevance of our site to our visitors.
Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and other websites” at section 11 below.
If you are a business contact we may, for the purpose of conducting business with you (or your employer), collect contact information such as name, address, telephone number, email address as well as name of your employer. In addition we may correspond with you and that may contain certain Personal Data that we exchange in the ordinary course of business such as to schedule meetings and calls and for the purpose of services we provide to you (or your employer) or you (or your employer) provide to us.
Generally, whether you are a customer or prospective customer, business contact or a visitor to our site, we may use your Personal Data for the following purposes:
- to comply with any legal obligations to which we are subject on the basis that processing is necessary to comply with our legal obligations;
- in pursuit of our legitimate interests, such as developing and/or consolidating our business, defending our legal rights and/or seeking advice from our professional advisors;
- to respond to requests from law enforcement agencies.
Your Personal Data may be converted into anonymised form in a way which means you cannot be identified from it and then used for the purposes of information security testing, statistical analysis and to enhance our provision of products and services. Our use of all such data will be in line with our responsibilities under the General Data Protection Regulation and other applicable data protection laws and we would always anonymise it before using it for these additional purposes.
4. Legal basis for processing personal information
Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from you only (i) where we need the Personal Data to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
If we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicate with you as necessary to provide our Services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
From time to time we would like to send you details of products and services, which may be of interest to you. The provision of Personal Data for the purposes of direct marketing is voluntary and you do not need to provide such Personal Data in order to receive our Services. Where you have consented, we may:
- use your Personal Data to send you information about our own products and services and those of our group companies and other carefully selected third parties which may be of interest to you; and
- pass your details to our group companies and other carefully selected third parties including anyone who introduced you to us, so that they may send you information about their products and services via e-mail, SMS text message, post and / or telephone
You can change your marketing contact preferences at any time by Contacting Us or unsubscribing from the relevant communication (email firstname.lastname@example.org). To do this in relation to marketing from our group companies and third parties please write to them. Their contact details should be specified in the marketing communication itself which you have received from them.
5. Fraud Prevention and creditworthiness (including automated credit and fraud risk assessments)
When you register or apply to use our Services we may also collect information about you to assess your creditworthiness.
This information will be collected:
- from checks that we carry out with fraud prevention and credit reference agencies for the purpose of verifying your identity and preventing fraud and money laundering
- from enquiries we may make about you with relevant third parties for example confirming your employment status with your employer
- from information we hold in relation to your performance of any other agreement you have or have previously had with Oodle Car Finance.
When you register or apply to use our Services we will share your Personal Data with fraud prevention agencies. To find out which Fraud Prevention Agencies we use, please use the ‘Any Questions’ section below. This is because we have a legitimate interest in preventing fraud and money laundering and we are required to verify your identity in order to protect our business and to comply with laws that apply to us. The agreement that you have with us also allows us to share your Personal Data with fraud prevention agencies.
We will also continue to exchange information about you with credit reference agencies on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. Credit reference agencies will share your information with other organisations.
Oodle Car Finance and fraud prevention agencies may also allow law enforcement agencies to access your Personal Data if they need this to detect, investigate or prevent crime.
Please note that fraud prevention agencies can hold your Personal Data for different periods of time and if you are considered to pose a fraud or money laundering risk, your data may be held by them for up to six years.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please refer to the “Automated Decisions” section below.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.
Whenever fraud prevention agencies transfer Personal Data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your Personal Data to the standard required in the European economic Area. They may also require the recipient to subscribe to “international frameworks” intended to enable data sharing.
Please see; http://www.experian.co.uk/crain/index.html for further information on credit reference agencies.
6. Who will we share your information with?
When you register an interest to use our Services or make use of our Services you consent to us sharing your data with the following parties:
- service providers and other third parties who process and store data on our behalf;
- car dealers and brokers, including their business partners
- fraud prevention agencies and credit reference agencies;
- third parties who provide maintenance and servicing of any vehicles you hire as part of the Services;
- professional advisors;
- individuals who you nominate as referees to verify certain information;
- in the event that our business, either in whole or in part, is acquired by a third party (in which case Personal Data about customers will be one of the transferred assets);
- if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce any contract with you; or to protect our rights, property, or the safety of our employees, customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction.
- companies and consultants providing services to us (for example, marketing agencies, mail outsourcing service provider, Information Technology service providers who provide and maintain our systems and our website host). Those companies and consultants providing services to us will only use your information to provide those services.
- a third-party company that may take over your contract, so that you can continue with your contract.
- third party insurance providers.
- debt collection agencies.
- the courts in connection with court proceedings.
7. Where is your information stored?
In order to ensure fair and transparent processing, we will, taking into account our processing activities, adopt appropriate procedures for the processing of Personal Data, which shall include implementing technical and organisational measures which take into account the harm that may be suffered, and correct inaccuracies identified in Personal Data processed, so that risk of errors are minimised and your Personal Data is processed in a fair and secure manner.
All information you provide to us is stored on our secure servers which are located in England. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Some of our service providers and other organisations that we work with (including credit reference agencies), may be located outside the European Economic Area in countries that do not have the same standards of protection for Personal Data as the UK. We will, however, always use every reasonable effort to ensure sufficient protections are in place to safeguard your Personal Data. We will also ensure that our service providers enter into compliant processing agreements, including for transfers of data outside of the European Economic Area, with us to ensure that your Personal Data is processed in accordance with the General Data Protection Regulation and other applicable data protection laws.
8. How long do we hold your information for?
In the event that you make an application to use our Services or use our Services, we will only store your Personal Data whilst you continue to use our Services and for a period of 6 years thereafter (or such longer period as is necessary for the proper performance of our regulatory obligations to you).
When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
9. What rights do you have in relation to way in which we hold and/or process your data?
- Access to your Personal Data (Subject Access Requests): You may contact us to request access to a copy of the Personal Data that we hold on you.
- Right to withdraw consent: You may withdraw your consent to us processing your data at any time. We will confirm the outcome of your request and where relevant our records will be updated accordingly. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- Rectification: You may ask us to rectify inaccurate Personal Data held about you at any time. Your request will be actioned subject to you providing us with any relevant information that we may ask you to provide.
- Erasure: You may ask us to delete your Personal Data at any time by contacting us and specifying why you would like us to delete your Personal Data. We will action your request UNLESS we have a lawful basis that allows us to continue to hold and process your data. We will confirm the outcome of your request and where relevant our records will be updated accordingly.
- Portability: You may ask us to provide you with the Personal Data that we hold about you in a structured, commonly used, machine readable form, or ask for us to send such Personal Data to another data controller.
- Make a complaint: You may make a complaint about our data processing activities to a supervisory authority. For the UK, this is the Information Commissioner’s Office, at ico.org.uk.
- Automated Decisions: We may use a credit-scoring system, i.e. an automated system to assess your credit worthiness and decide whether to enter into a finance agreement with you. You may contact us to ask that, when we are evaluating your application for finance, we do not base any decisions solely on an automated process and that human intervention is permitted. Please see further information on this at section 12
- Marketing: We may use a credit-scoring system, i.e. an automated system to assess your credit worthiness and decide whether to enter into a finance agreement with you. You may contact us to ask that, when we are evaluating your application for finance, we do not base any decisions solely on an automated process and that human intervention is permitted. Please see further information on this at section 12
If you wish to contact us in relation to any of your rights, you can email us at email@example.com or contact us by telephone on 01865 477826. Please note that we may ask you to provide a form of identification verification before we can give effect to any such request made by you.
10. What happens if there are any changes?
Any material changes we make to our privacy notice in the future will be posted on this page and, if appropriate, sent to you by email.
11. Cookies and other websites
Our Cookies Policy can be located via the following link
Links to Other Websites
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.
12. Automated decision-making
In some instances, our use of your Personal Data may result in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you.
Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. For example, we use automated decisions to make decisions about creditworthiness. We have implemented measures to safeguard the rights and interests of individuals whose Personal Data is subject to automated decision-making.
When we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision. You can exercise this right by contact us using the contact details provided under the “Any questions” heading below.