Privacy Policy
CAMCO Finance Limited and its parent CAMCO Group Limited (‘we’, ‘us’ or ‘our’), is required to process your personal information in a fair and legal way. You are entitled to know how we may use any information you may provide to us. We take the privacy of our customers very seriously. We ask that you read this Privacy Policy (‘the Policy’) carefully as it contains important information about how we will use your personal data.
References to “Data Protection Law” mean the Data Protection Act 1998 and the General Data Protection Regulation 2016 (Regulation (EU) 2016/679) and any other applicable law, regulation or code relating to data protection in the United Kingdom. References to “your information” are a reference to personal data as defined under the applicable Data Protection Law.
For the purposes of the Data Protection Law, we are the ‘Data Controller’ (i.e., the company who is responsible for, and controls the processing of, your personal data).
1. Personal data we may collect about you
We will obtain personal data about you and those whose personal data you have with express authority disclosed to us. We may collect, use, store and transfer different kinds of information about you which we have grouped together below.
Types of Personal Information:-
- Identity – includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact – includes postal address, email address and telephone numbers.
- Financial and Credit – includes bank account number and sort code, bank statements, digital access to view your bank transactions – if you consent to this (known as “open banking”), payment card details, income information, employment status, benefits status, credit history and debt profile.
- Transactional – includes details about payments to and from you.
- Technical – details on the technology and devices you use to interact with us and use our website, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
- Profile – includes your username, your interests, preferences, feedback and survey responses.
- Usage – includes information about how you use our website, products, and services.
- Marketing and Communications – includes your preferences in receiving marketing from us and our third parties and your communication preferences.
The law states that certain potentially sensitive information should be treated differently and offered greater protection. This is called Special Category Data and includes such things as information on an individual’s: –
- Race or ethnic origin;
- Religious or political beliefs;
- Trade Union membership;
- Health;
- Genetic or biometric information;
- Certain lifestyle information, such as sexual orientation;
- Details on criminal conviction or allegations.
If you apply to us for a loan, or to enable us to service that loan, we may ask you for some “sensitive” personal information. We will ask you for explicit consent to allow us to collect and keep this information. We may need to share this information with other parts of the group and our sub-contractors to keep your records up to date.
We will not, without your consent, use or disclose any sensitive personal information about you, such as information about any injury or medical condition.
2. How we collect your personal data
We will collect your personal data:
- whenever you complete an online or paper form, send emails and texts, during telephone, or face to face conversations (with us or our agents, customer surveys)
- when you request marketing to be sent you, or enter a promotion or survey;
- when you give us feedback, including complaints or compliments;
- from information that we receive from or through other organisations (for example, the DVLA, Credit Reference Agencies, fraud prevention agencies, insurance companies, social networks, employers, debt collection agencies, debt management companies, insolvency services)
- from analysis of management information from data recording information about your payments and other transactions which are used to help us combat financial crime and other illegal activities
If you submit an online enquiry, you will be required to agree to the terms of this Policy which include permitting us to contact you for the purposes of the finance related enquiry, via the contact means that you provide us i.e., email address, telephone number, etc.
In addition to the data you directly provide to us, we will obtain information from Third Parties or Publicly Available sources, including:
- Finance brokers and dealers who have referred your application for finance to us
- Credit reference agencies
- Insurers
- The Land Registry
- Companies House
- Data brokers or aggregators
- Technical information from analytics providers, advertising networks and search information providers
- Fraud prevention agencies
- Social networks
- Employers
- Publicly available information such as the Electoral Register
- Government and law enforcement agencies
- Open banking platforms
- Third parties who check the accuracy of data and verify the identity of individuals or verify the authenticity of the information provided.
3. How we use your personal data
Personal information, or personal data, means any information about an individual from which that person can be identified. We will use the personal data you disclose to us for the purposes described in Our Terms. These purposes include:
- assisting us in processing your enquiries and obtaining the services which you require;
- helping us identify you and any accounts that you hold with us;
- undertaking credit checks;
- undertake affordability reviews;
- general administration;
- research, statistical analysis, and behavioural analysis;
- customer profiling and analysing your preferences;
- marketing (providing you have opted-in) for further information see ‘Marketing and opting-in’ below;
- fraud prevention and detection;
- billing and order fulfilment;
- providing access to online platforms that we may offer;
- customising our website and its content to your preferences;
- to notify you of any changes to our website or to our services which may affect you;
- security vetting;
- responding to queries and complaints;
- improving our services;
- crime detection, prevention, and prosecution;
- undertaking transactional analysis;
- arrears and debt recovery activities;
- customer modelling, statistical and trend analysis, with the aim of improving or developing products and services offered; and
- evaluation of the effectiveness of training and quality control.
We have a legitimate interest in verifying your identity when considering loan applications, and we will:
- ask you to provide a physical form of identity documentation;
- use a Credit Reference Agency to help us verify your identity from electronic records of other information taken from other public information sources such as Electoral Register (please note that the agency keeps a record of this search it is not seen or used by lenders to assess your ability to obtain credit);
- use your personal information to request and verify details of your driver record with the Driver and Vehicle Licensing Agency (DVLA) or any such agency that may replace it from time to time; and
- if you have a joint agreement, this may mean that your personal data is shared with the other applicant, for example the joint agreement holder will be able to see transactions made by you and vice versa.
4. Automated decision making
When you make an application for finance with us, in certain instances we may solely rely on automated systems to determine if:
- you pose a fraud or money laundering risk or if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity.
- you meet our lending criteria. In such cases, a lending decision is made by our systems without human involvement. Our automated decision-making process will assess two types of data relating to you:
- Your credit score – your credit score is calculated from information obtained from your credit file, which includes payment and the history of your other loans and credit accounts. This will tell us if the finance product you have applied for is likely to be suitable or not for you.
- Your Affordability assessment – this review looks at the information you have given us, information from your credit file and other information held by the Credit reference Agency, which we use to assess if you meet our lending criteria.
Automated systems help us make a quick decision. We regularly review the accuracy of these systems. The law gives you certain rights regarding decisions made in this way, including:
- The right to not have decisions made by automated means alone;
- The right to challenge any decisions made in this way; and
- The right to an explanation as to how the decision was reached.
Please contact us is you would like to know more about these rights.
5. Consequences of processing your data
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing, or employment to you. If you have any questions about this, please contact us on the details provided.
6. Opting Out
If you have opted-in to receive our marketing material we may share your personal data with organisations as set out in section 7 of this policy, we will ensure that it is in line with the terms you agreed to. We or they may contact you or others (unless you have asked us or them not to do so) by mail, telephone, text message, email. The nature of these marketing communications relates to information on products, services, promotions, and special offers which we believe may be of interest to you or others. You can ask us or third parties to stop if you would prefer not to receive any further direct marketing communications from us or our business partners at any time.
Where you opt out of receiving these marketing communications, this will not apply to personal information provided to us because of a product/service purchase, product/service experience or other transactions.
.
7. Who we may share your information with
Under this policy and where you have provided consent, we may share your personal information or disclose it outside CAMCO Finance Ltd (and CAMCO Group Limited), with a third party, when required to deliver our service to you and by law or permitted under the Data Protection Laws.
Third parties we may share your data with include:
- Anyone who is a joint customer on your application for finance and account;
- Our advisers, agents or others involved in the running of your agreement or those collecting monies on our behalf;
- Credit Reference Agencies (see section 7 of this policy);
- Agents who help us collect what we are owed;
- Geolocation service providers who may share the location of our asset with us for debt collection and asset recovery purposes;
- Companies who assist us in verifying information about you to consider your application or manage your account;
- Finance brokers and dealers who have referred your application for finance to us;
- Companies we work with who offer products and services we think may be of interest to you (but only if you have given us your permission to do so);
- External organisations that conduct customer satisfaction research on our behalf. We may share your name, email address, phone number and agreement number with such an organisation so that they can email you to invite you to review the service you have received from us;
- Our legal or business advisors;
- Banking schemes we use to manage your payments, such as Direct Debit, BACS, and our card payment providers;
- Law enforcement and crime prevention agencies;
- Our insurers and financial institutions;
- Regulatory bodies such as the Financial Conduct Authority;
- Organisations which offer dispute resolution services, such as the Financial Ombudsman Service.
- If the vehicle that has finance is the subject of any insurance claim by or against a third party we may exchange information about you with any applicable insurance company (including third party insurers) and/or third party in connection with the investigation and/or settlement of the claim
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We will share your personal information within our group companies (as defined in the Companies Act 2006). We may also disclose personal information on a discretionary basis for the purpose of, and in connection with, any legal proceedings or for obtaining legal advice.
We will not transfer your information outside of the United Kingdom at any time.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law.
8. Credit Reference Agency (CRA) searches
To process any application, you make, provide our services to and validate information you provide to us, your personal data will be used to search your record at Credit Reference Agencies (CRAs). Data shared may include, name, address, date of birth, identification details and bank account details.
The CRA will keep a record of this search whether or not the application proceeds.
Such search include records of your “financial associates” shown on your credit file (i.e. a person with whom you have, or have had, joint personal financial arrangements such as joint accounts or have made joint credit applications).
The information that we and other organisations share with the CRAs about you, your financial associates, and your business (if applicable) may be provided to other organisations and used by them and us to:
- Assist decision making, for example confirming details on applications for credit or other facilities, managing credit accounts or facilities, checking details on proposals and claims for insurance, recovering debt and checking details of job applicants and employees.
- Perform credit checks
- Verify your identity or someone financially linked to you when you apply for services, trace your whereabouts, and undertake research, statistical analysis, and system testing.
- Attempt to detect and prevent fraud
- We are also required by the UK Government to screen applications made to us to ensure that we are complying with the international fight against terrorism and other criminal activities. As part of this requirement we may need to disclose your personal information to government agencies.
CRAs collect and maintain information about consumers’ credit behaviour. This includes information about previous applications that you have made for credit and the conduct of your accounts. It also includes personal information from the Electoral Register, fraud prevention agencies and publicly available information such as County Court Judgements, bankruptcies, and decrees.
We will give details of how you conduct your agreement with us to CRAs, including information relating to if you borrow and do not repay in full and on time. Where you fall into arrears and this is not rectified within 28 days of a formal demand being issued, we may record a default notice with the CRAs. Any such records shared with CRAs will remain on file for six years after your agreement is closed. This information can be seen by other organisations who may conduct searches if you apply for credit in future and this may affect your ability to borrow further credit.
Should you wish to do so, you have a right to apply to the CRAs for a copy of your file.
The CRAs that we use is TransUnion, and they can be contacted as follows:
TransUnion,
One Park Lane,
Leeds,
West Yorkshire,
LS3 1EP
https://www.transunion.co.uk/consumer/consumer-enquiries
Email: consumer@transunion.co.uk
Phone: 0330 024 7574
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at TransUnion’s Credit Agency Notice (CRAIN) found at:
https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference.
9. Fraud Prevention Agency searches
Before we provide financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
Details of the personal information that will be processed, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
The personal information we have collected from you will be shared with Fraud Prevention Agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment.
The FRA that we use is CIFAS, and they can be contacted as follows:
Cifas
6th Floor, Lynton House,
7 – 12 Tavistock Square
London
WC1H 9LT
https://www.cifas.org.uk/individuals
Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found at Cifas’s website at the following location www.cifas.org.uk/fpn.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the financing you have requested.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
10. Data Security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal information to those employees, agents, and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
11. Data Retention
We will only retain your personal information for as long as in necessary to fulfil the purposes we collected your data, including for the purpose of providing services and products to you and any legal, accounting or reporting requirements. We also retain personal information in case it is required to establish, bring, or defend legal claims.
We will retain your data records for a period of 6 years after the last occasion on which we used it for the purpose required. We may keep your information for longer if it is required for legal, regulatory or technical reasons.
In some circumstance we may retain your data on an anonymised basis (so that it can no longer be associated with you) for research and statistical purposes, in which case we may use this information indefinitely without further notice to you.
Details of how you can ask us to delete your information in certain circumstance can be found in the section 13, ‘Your Rights’, of this policy.
12. International Transfers
Your information that we process may be transferred to and stored in locations within the European Economic Area (“EEA”). Will take all steps to reasonably necessary ensure that your data is treated securely and in accordance with this privacy policy and that the appropriate legal safeguards are in place prior to the transfer.
Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
13. Your rights
Where you have given consent for us to hold and process your data, you have the following rights:
- to object to processing of your personal data;
- to withdraw your consent to processing your personal data;
- to be informed about the processing of your personal data (this is what this privacy notice sets out to do);
- to have your personal data erased;
- to restrict processing of your personal data;
- to request access to your personal data and information about how we process it;
- to specify which Credit Reference Agencies we have shared your personal data with;
- to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed; and
- to move, copy or transfer your personal data (“data portability”).
You may withdraw that consent at any time by notifying us in writing at the details provided in “How to contact us”.
You have the right to request access to your personal data which we process. This formal request is referred to as a Subject Access Request. If you wish to exercise this right and make a Subject Access Request, you should;
- Put your request in writing; either by email or by letter.
- Include proof of your identity and address (e.g., a copy of your driving licence or passport, and a recent utility or credit card bill);
- Specify the personal data you want access to, including any account or reference numbers where applicable.
You will not have to pay a fee to access your personal information (or exercise any of the other rights). However, we may charge a reasonable fee if your request is repetitive or excessive.
You have the right to require us to correct any inaccuracies in your data free of charge. If you wish to exercise this right, you should:
- Either speak to us via telephone or put your request in writing;
- Provide us with enough information to identify you (e.g. account/order number, username, registration details); and
- Specify the information that is incorrect and what it should be replaced with.
You also have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right you should:
- put your request in writing (an email sent to compliance@camcofinance.co.uk with a header that says ‘unsubscribe’ is acceptable);
- provide us with enough information to identify you (e.g. account/order number, username, registration details);
- if your objection is not to direct marketing in general, but to direct marketing by a particular channel (e.g. email or telephone) please specify the channel you are objecting to.
14. Complaints
You have the right to lodge a complaint with the supervisory authority if you believe your data has or is being used in a way that does not comply with the General Data Protection Regulation 2016 (Regulation. The Information Commissionaires Office (ICO) is the national supervisory authority responsible for the protection of personal data. A complaint can be made to the ICO via their website: ico.org.uk or through their helpline: 0303 123 1113. We encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
If you have a received an email or other communication sent by us that you believe is spam or in violation of our acceptable use policies, please contact us via one of the methods below.
15. Cookies
We use cookies to track visitor use of the website and to compile statistical reports on website activity. For further information visit: http://www.allaboutcookies.org/ You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
16. Other websites
Our websites may contain links to other websites. This privacy policy only applies to CAMCO websites so when you link to other websites you should read their own privacy policies.
17. Call recording and monitoring
We record and monitor phone calls with you for quality and training purposes and to ensure that we have carried out your instructions correctly, to help resolve queries or complaints, to detect or prevent fraud or other crimes and for regulatory purposes.
18. Changes to our privacy policy
We keep our privacy policy under regular review, and we’ll place any updates on our website (and/or) inform you of any changes when they occur. You should check this policy occasionally to ensure you are aware of the most recent version which will apply each time you deal with us. This privacy policy was last updated on 31st May 2024.
19. How to contact us
We welcome your feedback. Please contact us if you have any questions about our privacy policy, our handling of your personal data or information we hold about you by writing to our Data Protection Officer, Mike Toole, by email at compliance@camcofinance.com or post to Compliance and Risk, CAMCO Finance Limited, Office 1, Third Floor, Parsonage Chambers 3 Parsonage, Manchester, M3 2HW.