Terms Used

For the purposes of this Privacy Policy,

1. “Business Partner” means any subcontractor, supplier or other entity with which we have an ongoing business relationship to provide our services or information.
2. “Personal Data” means information that may directly or indirectly identify/identify you, such as your name, telephone number, email address, IP (Internet Protocol) address and location data.
3. “Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

General Information

Our use of your Personal Data is subject to both the UK`s Data Protection Act (“DPA”) and the EU's General Data Protection Regulation (“GDPR”), and of course we process your Personal Data accordingly.

Auto Finance Technology is the responsible party within the meaning of the DPA and the GDPR. If you have any questions about this policy or our data protection practices, please contact us using [email protected] or write to us at the above address.

Data we collect

We may ask you to provide us with Personal Data:

1. When you use our website and CRM.
2. When you request offers, services, support, or information.
3. When you use our services or register for our CRM.
4. When you participate in our promotional activities.
5. When you subscribe to newsletters, advertising and promotional emails or other materials.
6. When you interact with us on third party social networks (subject to that third party's terms of use and privacy policies).
7. When you contact us.

The Personal Data we collect may include your name, email address, business address, telephone numbers. They may also include information about your work such as your title and other business or corporate information.

We may also collect demographic information, such as information about your interests and preferences.

In order to provide you with a more consistent and personalised experience in your interactions with us, information collected through one source may be combined with information we receive from other sources. This may include information that allows us to recognize you across multiple devices through which you access our website.

We may also supplement the information we collect with information we receive from other parties, including our Business Partners and other third parties.

When using our CRM Services

We may also and depending on how you use our CRM process the full finance application from your customer. Including name, address, address history, employment current and historical, income details, financial outgoings, vulnerability and any special needs.

Also please note that when using our CRM, you become the data controller and we become the data processor in accordance with Part 3 Chapter 4 of the DPA and Chapter 4 of the GDPR. Where we process Personal Data as data processor or in other words on behalf of you, we will process the Personal Data involved in your use of our services in accordance with your instructions and shall use it only for the purposes agreed between you and us.

We ensure that access by our employees to your data is only available on a need-to-know basis, restricted to specific individuals, and is logged and audited. We communicate our privacy and security guidelines to our employees and enforce privacy and protection safeguards strictly.

Further, please be advised that:

1. some jurisdictions may require you to disclose your use of our services as your processor in your privacy policy and/or data processing agreement as applicable. For that Purpose all Personal Data processed by us will be stored using the services of Datapacket operated by DataCamp Limited, 9 Coldbath Square, London, United Kingdom.
2. if you are providing us with Personal Data relating to a third party, you agree a) that you have in place all necessary appropriate consents and b) that such third party has read this Privacy Policy. You agree to indemnify us in relation to all and any liabilities, penalties, fines, awards, or costs arising from your non-compliance with these requirements.

Information we collect automatically

We may automatically collect behavioural and usage information about your visits to our website, including the pages you view, the links you click, and other actions you take in connection with our website and our services. We may also collect certain information from the browser you use to access our website, such as your IP address, device ID, location data, browser type and language, access times.

We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies may be small files or other types of information storage.

There are different types of cookies:

1. Essential Cookies. Essential cookies are cookies to provide a correct and user-friendly website; and
2. Non-essential Cookies. Non-essential Cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyse your behaviour on a website (“analytical” cookies).

As set out in the UK`s Privacy and Electronic Communications Regulations (“PECR”) and the EU`s Privacy and Electronic Communications Directive (“PECD”), we need to obtain consent for the use of Non-essential Cookies. For further information on the cookies we use, please refer to our Cookie Policy. The legal basis for processing is our legitimate interest and your consent. For further information on the cookies we use, please refer to our Cookie Policy.

Information from Third Party Sources

We may receive information about you from third party sources such as services and contents we have integrated in our website, our Business Partners, social media platforms and other third parties. We may use the data to better understand you in order to improve our ability to offer you relevant advertising, products and services, and to help prevent and detect fraud.

How we use Personal Data

We may use your Personal Data for the following purposes:

1. Providing our services and support or carrying out our services and providing our CRM.
2. Sending communications to you, including information and the stages of your transactions with us.
3. Facilitating your use of our website and our CRM and communication tools and services.
4. Help via online chat and communication tools and services to answer your queries.
5. Facilitate communication from our Business Partners.
6. Customise, analyse and improve our services (including content and our advertising
campaigns), technologies, communications and relationship with you.
7. Better understanding of our customers and website users, including their interests and
interactions with our site.
8. Content personalization and application of your preferences.
9. Enforce our terms of service, website terms and separate agreements (where applicable) with you.
10. Preventing Fraud and Other Prohibited or Illegal Activities.
11. Protecting the security or integrity of our websites, our businesses, and our services.
12. Perform other functions or serve other purposes as communicated to you at the point of collection, or as required or permitted by law.

Legal Basis for Processing

Our legal basis for collecting and using your Personal Data as described in this Privacy Policy will depend on the Personal Data involved and the specific context in which we collect it. In general, we collect and process your Personal Data based on one or more of the following:

1. Your consent, for example where we have obtained your consent to process your Personal Data for specific activities (such as the use of cookies for online tracking and analysis).
   You have the right to withdraw your consent at any time by contacting us at any time. If you withdraw your consent, this will not affect the lawfulness of any processing based on your consent prior to its withdrawal. Where applicable, we may ask for your consent for processing at the point of providing your Personal Data.
2. To comply with a contractual obligation. We will inform you at the time of collection whether the provision of your Personal Data is mandatory and the possible consequences if you do not provide us with your data.
3. To comply with our legal obligations where other laws require us to process your Personal Data (for example, health and safety, tax and other applicable laws and regulations such as and among others HMRC).
4. In our legitimate interest which include providing this website and/or related services, and/or conducting marketing and advertising activities, provided always that our legitimate interests do not override any reservation or prejudice your rights and freedoms.

If you have questions or need more information about the legal basis under which we collect your Personal Data, please contact us.

Retention of your data

We will retain your Personal Data as necessary, in connection with the purposes described in this Privacy Policy, for as long as your account is active, and in accordance with our data retention policies and applicable law.

International transfers

We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organisational measures to protect the Personal Data we transfer.

How we may share your Personal Data

We may share your Personal Data with our Business Partners for the purposes described in this Privacy Policy, including (but not limited to) conducting the services you request, or customising our business to better meet your needs.

We share your Personal Data only with Business Partners who agree to protect and use your Personal Data solely for the purposes specified by us.

We may also disclose your Personal Data for any purpose with your consent or for law enforcement, fraud prevention or other legal actions as required by law or regulation, or if we reasonably believe that we must protect us, our customers or other business interests.

Except as described above of which you will be informed in advance, we will not disclose your Personal Data.

Privacy rights

Under the DPA and the GDPR, you can exercise the following rights:

1. Right to information
2. Right to rectification
3. Right to deletion
4. Right to data portability
5. Right of objection
6. Right to withdraw consent
7. Right to complain to a supervisory authority
8. Right not to be subject to a decision based solely on automated processing.

If you have any questions about the nature of the Personal Data we hold about you, or if you wish to exercise any of your rights, please contact us.

Updating your information

If you believe that the information we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.

Withdrawing your consent

You can revoke consents you have given at any time by contacting us. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Access Request

In the event that you wish to make a Data Subject Access Request, you may inform us in writing of the same. We will respond to requests regarding access and correction as soon as reasonably possible.

Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

Complaint to a supervisory authority

You have the right to complain about our processing of Personal Data to a supervisory authority responsible for data protection. The supervisory authority in relation to our services is The Information Commissioner's Office (ICO), Wycliffe House, Water Ln, Wilmslow SK9 5AF, UK www.ico.org.uk. However, we would appreciate the opportunity to address your concerns before you contact the ICO.

How we secure your Personal Data

We take all reasonable steps to protect your Personal Data from misuse, interference and loss, and from unauthorised access, modification or disclosure. The ways we achieve this are:

1. The use of encryption when collecting or transferring Personal Data.
2. The existence of technical and organisational measures designed to ensure the continued integrity, availability and resilience of processing systems and services.
3. Limiting physical access to our offices.
4. Limiting access to the information we collect about you.
5. Ensuring that we and our Business Partners have appropriate security measures in place to protect your Personal Data.
6. Where required by law, destroying or de-identifying your Personal Data.

Collection and Use of Children's Personal Data

We take children's privacy seriously. We do not knowingly collect Personal Data from children through our websites. If you are a child, as defined by the laws of your country, do not submit Personal Data through our websites without the express consent and participation of your parent or guardian.

Links to third-party websites and services

Please note that we provide links to other websites that, if you click on them, may collect your Personal Data. The data management practices of these third-party websites linked to are not covered by this Privacy Policy.

Validity and questions

This Privacy Policy was last updated on Tuesday 31st October 2023, and is the current and valid version. However, we want to point out that from time to time due to actual or legal changes a revision to this policy may be necessary.

If you have any questions about this policy or our data protection practices, please contact us using [email protected] or write to us at the above address.