Privacy statement
Use of personal information
We are V12 Retail Finance Limited, registered in England and Wales 4585692, authorised and regulated by the Financial Conduct Authority. We use the trading names V12 Retail Finance, V12 Personal Finance and AppToPay.
V12 Retail Finance Limited act as a credit broker and will introduce you to Secure Trust Bank PLC and other lenders or brokers if you opt to check your eligibility for loans. Details of our panel can be found here.
When we use "we" in this notice we mean us or anyone acting on our behalf. When we use "you", we mean the customer or applicant acting on their own behalf or for a business; or individuals associated with our commercial clients, retailers, partners and suppliers.
Please read this Privacy Statement carefully as it contains important information to help you understand our practices regarding any personal information that you give to us.
In relation to customers or applicants
We process your personal information including:
- the personal information that you give us during an eligibility check or an application, or that you have given to us during a previous application or as a customer;
- the personal information that we obtain about you from the retailer who helps arrange the application for you;
- the personal information that we receive from third parties such as credit reference agencies and fraud prevention agencies (see below), companies you ask to share your 'Open Banking' information with us, where we need to contact these third parties as part of your application, in servicing your account with us, or for profiling purposes;
- the personal information that you give us while servicing your account via our website, App, in writing or over the phone; and
- the personal information that you give us if you register interest in a product and/or service, request information or assistance from us or make a complaint.
This personal information includes your:
- name;
- date of birth;
- address including address history;
- telephone numbers;
- email address;
- nationality;
- credit history and records relating to your partner or anyone else you are financially linked with (we receive this information from the credit reference agencies and fraud prevention agencies);
- transaction information on payments into and out of an account, and debit or credit card information;
- marital status
- information about your requirements (including the amount of finance, term and purpose);
- your consumer classification profile;
- passport, driving licence, national identity card, HM Forces ID card or fire arms licence details when you provide this as proof of identity;
- details about whether you own your property, rent it or live with others;
- financial information (including details of expenditure, bank details and credit history);
- employment/self-employment details (including income and taxation);
- information regarding whether you have any dependants;
- identifiers assigned to your computer or other internet connected device including your IP address;
- information linked to your mobile telephone number;
- publicly available information (for example on the internet, social media and on public registers);
- information relating to how you conduct your account and our dealings on it;
- information about unspent criminal convictions or pending prosecutions relating to any aspect of dishonesty, which may have a bearing on your future employment or the likely conduct of the account;
- the personal information that you give us during an eligibility check or an application for or purchase of any product or service from us, when registering for our app, or that you have given to use during a previous application or as a customer.
If you authorise a third party to act on your behalf, for example setting up a Power of Attorney for your account, we record the individual's name, date of birth, address, telephone number, email address, solvency status for Powers of Attorney, and bank details if the third party makes payments by direct debit for your account.
In the unfortunate circumstance that one of our customers passes away, we record the following details of the next of kin and any executors, administrators and legal representatives of the estate: name, address, telephone number and email address.
If you make an application on behalf of a business, we will process personal information about shareholders, directors, partners, beneficial owners, authorised signatories or other associated persons, including name, date of birth, address, credit history and publicly available information (for example on the internet, social media and on public registers).
Where information fields are marked as mandatory on any application form that you complete, you will need to provide such information in order for us to continue with your application.
Special categories of personal data include information about an individual’s physical or mental health or condition and other categories of personal information which are closely protected (e.g. biometric data).
We process such information, when you, or a third party provide that information to us. For example, where you notify us or a third party of a health issue that would mean, due to your personal circumstances or personal characteristics, you are especially vulnerable to financial detriment.
We use the information to make adjustments to support you in managing your account or protect your economic wellbeing. We process the information on the lawful basis of explicit consent or substantial public interest. You have the right to withdraw your consent or object to us holding details of your special category personal data at any time by contacting us by telephone, email or in writing.
Criminal offence information is not defined as special categories of personal data; however, this information does require additional protections. Criminal offence information covers information related to convictions and offences, including alleged offences, court proceedings, and sentencing.
Where permitted by law, we process criminal offence information for specific and limited activities and purposes, such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions, or substantial public interest. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data between banks, with law enforcement and regulatory bodies.
In summary, we use your personal information for the purposes of:
- servicing and internal processing (ie To assess and/or provide the loan and to service your account, including by way of automated decision making);
- management relationship (e.g. to develop your relationship with us);
- tracing customers and recovering debts;
- resolving queries/problems (e.g. responding to complaints or contacting you if you do not complete your application);
- training and service review (e.g. to help us enhance our services);
- statistical analysis (e.g to help enhance our products and services);
- developing our products and services;
- understanding our customers and potential customers (e.g to understand whether our products and services are distributed to the expected target market); and
- complying with legal obligations (e.g. to prevent, investigate and prosecute crime, fraud and money laundering).
As detailed below, we process your personal information where we have a legitimate interest to do so (except where it would override your interests or fundamental rights and freedoms which require the protection of personal information), where otherwise permitted by law, or to comply with applicable law and regulation.
PURPOSE | LAWFUL BASIS (As set out under applicable data protection law - for more details visit the Information Commissioner's Office (ICO) website |
Servicing and Internal Processing | |
to provide the product or service that you applied for; | Necessary for entering into, or the performance of a contract. |
to evaluate risk in connection with the provision of our services, in particular loans, including as noted in the section below 'Automated Decision Making'; | To comply with legal obligations to manage and control risk; Automated Decision Making is necessary for entering into, or the performance of a contract |
to verify the identity of our customers and potential customers; | To comply with legal obligations in financial services regulations for prevention of money laundering |
to report on the performance of an account; (see 'Sharing with Credit Reference Agencies' section) | Legitimate interests to share performance information with credit reference agencies |
to confirm, update and improve our customer records; | To comply with legal obligations in the Data Protection regulations |
to assess what options are appropriate if you are in financial difficulties; | To comply with legal obligation to treat customers in financial difficulties fairly |
to trace customers and recover debts; (see Debt Recovery section) | Legitimate interests to collect debts you owe us |
to respond to any queries or complaints that you raise; | To comply with legal obligations for complaint handling |
to prevent, investigate and prosecute crime, fraud money laundering or sanctions violations; (see 'For crime and fraud prevention and anti-money laundering' section) | To comply with legal obligations for prevention of financial crime and money laundering |
to protect our legal rights and interests; |
Legitimate interests to protect financial position and reputation |
to conduct identity and bankruptcy checks on powers of attorney; |
To comply with legal obligations to validate the fitness of attorneys |
to inform you if an application you have started is incomplete or to pre-populate any future applications where you have told us we can keep your information for this purpose; | Legitimate interests to aid customers in completing applications |
to troubleshoot problems with the Website, or to customise your experience on the Website; | Legitimate interests to optimise customers' experience on the Website. Please see our Cookie Policy |
to provide you with any information on the products or services you have requested, by completing an expression of interest form or otherwise (including to give you advanced notice of new products); | Legitimate interests to provide information on the products or services as requested |
Management of Relationship | |
to manage, analyse, understand and develop your relationship with us, for example, to understand how often you access our services; | Legitimate interests to service customers' accounts, optimise customers' experience with us and develop our products and services |
to inform you about improvements to the Website; | Legitimate interests to optimise customers' experience on the Website |
to keep you informed of any of our other/new products and services and identify and market products and services that may be of interest to you, where you have chosen to be made aware of this; (see 'Marketing' section) | With consent |
to request feedback or conduct research on our products and services (see 'Customer Survey' section) | Legitimate interests to optimise customers' experience with us and develop our products and services |
Training and Service Review | |
for training purposes and to enhance or review the service we provide or have provided to you; | Legitimate interests to optimise customers' experience with us, to manage performance and develop our employees |
Develop products and services | |
to conduct statistical analysis and research (see 'Statistical analysis' section); | Legitimate interests to develop our products and services |
to test scorecards and systems (see 'Testing' section); | Legitimate interests to develop our products and services |
To better understand our customers and potential customers, and whether they are from the expected target markets for each product; | Legitimate interests to develop our products and services |
Other | |
for financial managements, treasury, risk management or auditing purposes; | To comply with legal obligations including accounting, audit, risk management standards, and requirements for listed companies |
if we are obliged to disclose information by reason of any law, regulation or court order; | To comply with legal obligations |
to transfer information to any entity which may acquire rights in us; | Legitimate interests in restructuring or selling parts of our business |
to transfer information to any entity which may purchase your account; | legitimate interests in restructuring or selling part of our business or any of our debt |
to monitor access to and use of the Group’s IT systems, including electronic communications and video conferencing technology; | Legitimate interests to manage and control information security risk and the risk of misconduct and to comply with legal obligations for prevention of crime |
for contacting individuals in the event of a Health & Safety emergency; | Legitimate interests to provide information to relevant authorities |
• for any other purpose to which you agree. | With consent |
The personal information that you provide will be retained by us in accordance with applicable laws. We take reasonable steps to destroy or anonymise personal information we hold if it is no longer needed for the purposes set out above.
Set out below are our retention periods
Type of personal information | Retention period |
General personal data - this includes the categories of normal personal data, personal identity and personal financial data |
Completed and live retail finance applications - 7 years after end of relationship Credit agreements cancelled under the Right to Withdraw - 7 years from the last activity on the application or agreement Incomplete or declined applications - up to 7 years If you have registered for V12 AppToPay but have not made a retail finance application, your app log in information will be removed after 12 months. |
Special categories and criminal offence personal data may be captured if voluntarily provided to us. Criminal offence information could be disclosed to us by a third party or through screening checks. | 7 years after end of relationship Special categories of personal data will be erased if you no longer want us to retain the information |
Call recordings |
Up to 6 years, although some recordings are kept for shorter periods. Recordings may be retained as evidence of a complaint investigation for 7 years after the resolution of the complaint |
If you visit one of our offices:
|
90 days 3 years |
The recipients with whom we share personal information are:
- lenders with whom we have a relationship including Secure Trust Bank PLC (we are part of the Secure Trust Bank Group) and other lenders or brokers if you opt to check your eligibility for loans. Details of our panel can be found here. If you want any information about how Secure Trust Bank process your information, please visit their website at https://www.securetrustbank.com/privacy-statement;
- our third party service providers who act on our instruction and need to know the information in order to provide us or you with a product or service;
- payment service providers including Adyen, Mastercard, Barclaycard, Pay360, in order to process payments to and from your account with us;
- Open Banking providers when instructed by you;
- our third party service providers who act on our instruction and process information on our behalf to help run some of our business operations including email distribution, electronic signature processing, storage of customer documentation, IT services and websites, diallers, for statistical analysis and profiling;
- our partners including introducers and retailers we work with;
- our affiliates, for the purpose of managing our customer relationships, administering our business and to provide you with information about other products and services which might be of interest to you;
- our advisors, for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations;
- our regulators (including the Financial Conduct Authority and Information Commissioner's Office) to comply with our legal and regulatory obligations;
- entities who may or do acquire any rights in us for the purpose of a business sale or reorganisation;
- credit reference agencies (including TransUnion and Equifax) and fraud prevention agencies (including Cifas and Synectics Solutions) - see sections below 'Sharing with credit reference agencies','For crime and fraud prevention and anti-money laundering', 'Statistical analysis' and 'Testing');
- HMRC, who may then pass information on to a relevant overseas tax authority;
- law enforcement bodies in order to comply with any legal obligation or court order;
- where you have agreed to receive such marketing, we may make your details available to reputable suppliers of credit and insurance related services that we feel may be of interest to you;
- we reserve the right to sell accounts. In some circumstances, the firm to whom we sell accounts may require us to continue to process personal information. We will inform you if we do this; and
- for season ticket finance, if you fail to keep to the terms of the agreement we share information with the club if they have arrangements in place to cancel the season ticket in these circumstances.
If you are an existing or new customer of V12 Retail Finance Limited and opt to check your eligibility for a loan with our panel of lenders and brokers, we will confirm or collect some personal information about you and the loan you require and share that information with our panel. Details of our panel can be found here.
Our panel of lenders and brokers will use the information we share with them to conduct a credit check (which will involve them collecting information from third parties, such as credit reference and fraud prevention agencies, to learn about your credit history). A soft credit check is not visible to third parties on your credit report and does not affect your credit score. A lender or broker will use this information to assess your eligibility for a loan.
When you leave our website, we encourage you to read the privacy policy of the partners' website you visit to understand how they handle your personal information. Each partner's privacy policy can be found here. All lenders on the panel will retain records of these checks.
Recipients with whom we share your personal information, for example our service providers, may be located in the UK, countries in the European Economic Area or elsewhere in the world. Different privacy laws may apply in these countries and you understand and unambiguously agree to the transfer of personal information to these countries and parties.
If we or our service providers transfer your personal information outside of the UK, there is either a legal framework in that country which has been assessed as providing adequate protection for people’s rights and freedoms about their personal information or other appropriate measures are in place, such as we or service providers impose standard data protection obligations to make sure that personal information is sent and received in line with any laws that apply. More details on the standard contractual obligations and the international frameworks are available on the ICO's website, or you can contact our Data Protection Officer on the details below.
We record and monitor communications with us, including electronic communications and calls, to improve the quality of our service and for your protection and security.
Before we offer retail finance, we undertake checks with credit reference agencies for the purposes of assessing whether to lend to you. These checks require us to process personal information about you and include credit scoring. We continue to undertake these checks after we have given you retail finance to evaluate our risk and for statistical analysis (see 'Statistical Analysis' section).
Automated decision making is used for some retail finance applications (see 'Automated Decision Making' section).
Credit reference agencies add to the record about you, and your partner or anyone else with whom you are financially linked, information about your application and repayment history, including any default or failure to keep to the terms of an agreement with us.
Credit reference agencies hold your personal information for up to six years.
Any information you disclose to us that is false or inaccurate will also be recorded by the credit reference agencies. These records will be shared with other organisations and may be used and searched by us and them to:
- consider applications for credit and credit related services, such as insurance, for you and any associated person; and
- trace customers, recover debts, prevent or detect money laundering and fraud, and to manage accounts.
We use Equifax, TransUnion and Experian as our credit reference agencies. More information about the credit reference agencies and how they process your personal information is available at:
You can also find information about the credit reference agencies on the website of the ICO's website.
Before we offer a product or service, we will undertake checks for the purposes of detecting and preventing crime, fraud, money laundering and sanctions violations, and to verify your identity. These checks require us to process your personal information with the credit reference agencies or fraud prevention agencies. We may ask you to provide additional information. We continue to undertake these checks even after we have given you an account, for the same purposes. We will undertake checks for the purpose of detecting and preventing fraud when processing payments.
The consequences of these checks may mean that:
- if we determine that you pose a risk of non or late repayment, we may refuse to lend to you
- if we, or a fraud prevention agency, determine that you pose a fraud, money laundering or sanctions risk, we may refuse to open an account for you or to lend to you, or we may require repayment of your loan or we may stop providing existing services to you
- we may reject a payment.
If you have an agreement with us then the terms of that agreement will dictate how we do this.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services or financing or employment to you. If you have any questions about this, please contact the fraud prevention agencies on the details below.
We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal information to detect, investigate and prevent crime.
Fraud prevention agencies hold your personal information for up to two years, and if you are considered to pose a fraud or money laundering risk, your information is held for up to six years.
The fraud prevention databases we use are provided by CIFAS - The UK's Fraud Prevention Service, Synectics Solutions, TransUnion, Lexis Nexis and Iovation. Further information can be found at:
As part of the processing of your personal information, some decisions for retail finance are made by automated means. The lawful basis for automated decision making is that it is necessary for entering into, or the performance of a contract.
Our processes to verify your identity and undertake checks to detect and prevent money laundering checks can result in an automated decision. This means we automatically decide that you pose a fraud or money laundering risk if:
- our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers;
- is inconsistent with your previous submissions; or
- you appear to have deliberately hidden your true identity.
In some cases, we also use automated decision making to decide whether to offer you a retail finance loan, whether we think that you can afford the loan and will abide by the terms of any loan agreement including whether you will repay the loan. This will involve us using logic to process different sources of information about you, such as from credit reference agencies, as well as our own algorithms to control our risk. Credit scores are produced from information such as credit commitments, whether you have made repayments on time, whether you have any history of insolvencies or court judgements, and how long you have lived at your current address. Our automatic decision may also be affected if we do not have enough statistically significant data about others who have similar circumstances to you to confidently assess our risk.
In some cases, if you are in financial difficulties, we use automated decision making to decide the most appropriate option to assist you.
If we make a decision solely on the basis of automated decision making, you have rights, for example, you can request human intervention and ask us to reconsider your application. If you want to know more please contact us.
Data Protection Officer for Secure Trust Bank PLC trading as V12 Retail Finance and V12 Retail Finance Limited
V12 Retail Finance
25-26 Neptune Court
Vanguard Way
Cardiff
CF24 5PJ
Telephone: 029 2046 8900
Email:
If you owe us money, or if we suspect fraud, we process your personal information in connection with pursuing the recovery of that money or prevention of that fraud. We disclose information about non-payment, late payment or suspected or actual fraud to credit reference agencies, fraud prevention agencies, and law enforcement or government agencies in accordance with the law. We may share your personal information with independent debt recovery agencies or service providers, tracing agents or investigators, solicitors or other agents in order to recover monies you owe us. We use additional sources of personal information such as data obtained from providers of debt recovery agencies or fraud prevention agencies and we also process other personal information about you such as CCTV footage and information that you make public, for example on social media.
In the unfortunate circumstance that one of our customers passes away, we share the name, address, telephone number, and email address of the next of kin and any executors of the estate with our third party service provider in order to recover monies from the estate.
We use personal information of individuals who have applied for a product with us (whether accepted or declined) for statistical analysis to create scorecards in connection with the assessment of creditworthiness, fraud, and risk, to refine lending, risk, collections, fraud, anti-money laundering and financial crime strategies, and for analysis such as loss forecasting.
Statistical analysis can involve personal information being shared with and obtained from our third party service providers, credit reference agencies and fraud prevention agencies. Wherever possible, this information is processed on an anonymised basis. The credit reference agencies will not add a record to your credit file of processing conducted for this purpose.
We use personal information of individuals who have applied for a product with us (whether accepted or declined) to test scorecards and our internal systems and those of our third party service providers. Testing can involve personal information being shared with and obtained from our third party service providers, credit reference agencies and fraud prevention agencies. Wherever possible, this information is processed on an anonymised basis. The credit reference agencies will not add a record to your credit file of processing conducted for this purpose.
We share customers' postcodes with a third party supplier who then provides a profile based on their analysis of the customers’ address. We do this to understand our customer base and whether our products and services are distributed to the expected target markets.
You have the right to object to this activity. To do so, please call us or write to us:
Data Protection Officer for Secure Trust Bank PLC trading as V12 Retail Finance and V12 Retail Finance Limited
V12 Retail Finance
25-26 Neptune Court
Vanguard Way
Cardiff
CF24 5PJ
Telephone: 029 2046 8900
Email:
From time to time, we may send you information regarding our products and/or services or those from carefully selected third parties, such as lenders and brokers, that we think may be of interest to you where we have your consent. You opt to receive this information by letter, telephone, SMS, email and/or push notification.
Where we have your consent, we use profiling to help us identify products that may be on interest to you, ensure that our communications are relevant to you and improve your experience when engaging with us.
We may also create profiles using personal information from you and other customers. We use these profiles to decide what marketing may be if interest to those with similar characteristics to you.
If, at any time, you prefer not to receive further communications from us in any or all forms (except in connection with information, products or services that you specifically request), you will have the ability to unsubscribe from such communications by means of a link provided in every e-mail that is sent to you by us or by contacting us. To unsubscribe from such communications by SMS, reply 'STOP' to the SMS.
From time to time, we may send you a request to take part in a customer survey for feedback or research purposes. this is in order to improve our products, processes and/or service. You may receive this information by letter, telephone, SMS and/or email.
This website contains links to other websites. We accept no responsibility or liability for the content of other websites which are not under our strict control, in particular, we are not responsible for the protection and privacy of any information which you provide whilst visiting other websites and such sites are not governed by this Privacy Statement. Please see section titled 'Access to Website' in our Website Terms and Conditions for further details.
Emails sent via the internet can be subject to interception, loss or possible alteration, therefore we cannot guarantee their security. Although we will do our best to protect your personal information, we cannot guarantee the security of your information sent by email and therefore will have no liability to you for any damages or other costs in relation to emails sent by you to us via the internet.
The Website is not intended for use by individuals under the age of 18 without the agreement and involvement of a parent or guardian. We do not knowingly collect personal information from individuals under the age of 18.
We will keep this Privacy Statement under review and make updates from time to time. We will notify you of any major changes which will affect the processing of your personal data, for example if we change the credit reference agencies we use. We may make minor changes (such as to correct typographical errors, or to add information about other products or services which do not affect your personal information at this time) without notifying you.
Our website uses cookies (including Google Analytics cookies to obtain an overall view of visitor habits and visitor volumes to our Website). To view more information on what cookies we use and how we use them please review our separate Cookie Policy.
You have the right to request copies of certain of your personal information within our custody and control and details of how we use that information. Your request can be made verbally or in writing.
If you think any of the personal information we hold about you is inaccurate, you can also request it is corrected or erased.
You also have rights, in certain circumstances:
- to object to our processing of your personal information;
- to request human intervention if a decision has been made solely on the basis of automated decision making;
- to require us to stop processing your personal information; and
- to withdraw your agreement to processing based on 'consent'.
You have a right to port personal information you have provided to us to a different service provider. In relation to all of these rights, please call us or write to us;
Data Protection Officer
V12 Retail Finance Limited
25-26 Neptune Court
Vanguard Way
Cardiff
CF24 5PJ
Telephone: 02920 468900.
Email:
Please note that we may request proof of identity when we receive your request.
You also have a right to complain to the ICO, which regulates the processing of personal data.
Our aim is to please but we know that sometimes things go wrong. If you have a problem, we want to know. Our staff will be happy to help you either on the telephone or in writing. Should you need to write to us, please address your complaint to The Chief Executive, V12 Retail Finance Limited, 25-26 Neptune Court, Vanguard Way, Cardiff, CF24 5PJ or
If you are unhappy about how your personal information has been used, please contact our Data Protection Officer using the details set out below. You also have a right to complain to the ICO, which regulates the processing of personal data.
Our Data Protection Officer can be contacted by telephone or in writing:
Data Protection Officer
V12 Retail Finance Limited
25-26 Neptune Court
Vanguard Way
Cardiff
CF24 5PJ
Telephone: 02920 468900.
Email:
In relation to commercial clients, retailers, partners and suppliers
When we use "you", we mean individuals associated with our commercial clients, retailers, partners and suppliers, including shareholders, directors, partners, beneficial owners, authorised signatories or other associated persons.
We process your personal information including:
- the personal information that you give us during an application to work with us;
- the personal information that we receive from third parties such as credit reference agencies and fraud prevention agencies (see below), where we need to contact these third parties as part of your application to work with us or in servicing your account with us;
- the personal information that you give us while servicing your account via our website, in writing or over the phone; and
- the personal information that you give us if you register interest in working with us, request information or assistance from us or make a complaint; and
- personal information captured in the course of doing business with us.
This personal information includes your:
- name;
- date of birth;
- address;
- telephone number;
- email address;
- passport, driving licence, national identity card or fire arms licence details when you provide this as proof of identity;
- nationality
- bank details - sort code, account number;
- credit history and records relating to your partner or anyone else you are financially linked with (we receive this information from the credit reference agencies and fraud prevention agencies);
- identifiers assigned to your computer or other internet connected device including your IP address;
- information linked to your mobile telephone number;
- publicly available information (for example on the internet, social media and on public registers);
- information about unspent criminal convictions or pending prosecutions relating to any aspect of dishonesty, which may have a bearing on your future employment or the likely conduct of the account.
Records are kept of meetings, including those via electronic communications and video conferencing technology.
Where information fields are marked as mandatory on any application form that you complete, you will need to provide such information in order for us to continue with your application.
Special categories of personal data include information about an individual's physical or mental health or condition and other categories of personal information which are closely protected (e.g. biometric data).
We process such information, when you, or a third party supporting you, provide that information to us. For example, where you notify us of a health issue that would mean due to your personal circumstances or personal characteristics, you are especially vulnerable to financial detriment. We use the information to make adjustments to support you in managing your account. We process the information on the lawful basis of consent. You have the right to withdraw your consent for us to hold details of your special category personal data at any time by contacting us by telephone, email or in writing.
Criminal offence information is not defined as special categories of personal data, however, this information does require additional protections. Criminal offence information covers information related to convictions and offences, including alleged offences, court proceedings, and sentencing.
Where permitted by law, we process criminal offence information for specific and limited activities and purposes, such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data between banks, with law enforcement and regulatory bodies.
In summary, we use your personal information and the personal information of individuals associated with you for the purposes of:
- servicing and internal processing;
- management of our relationship with you (e.g. to develop your relationship with us);
- resolving queries/problems (e.g. responding to complaints or contacting you if you do not complete your application);
- training and service review (e.g. to help us enhance our services);
- developing our services; and
- complying with legal obligations (e.g. to prevent, investigate and prosecute crime, fraud and money laundering).
As detailed below, we process your personal information where we have a legitimate interest to do so (except where it would override your interests or fundamental rights and freedoms which require the protection of personal information), where otherwise permitted by law, or to comply with applicable law and regulation.
PURPOSE | LAWFUL BASIS (As set out under applicable data protection law - for more details click here) |
Servicing and Internal Processing | |
to provide the product or service that you applied for; | Necessary for entering into, or the performance of a contract |
to verify the identity of our customers and potential customers; | To comply with legal obligations in financial services regulations for prevention of money laundering |
to confirm, update and improve our customer records; | To comply with legal obligations in the Data Protection regulations |
to respond to any queries or complaints that you raise; | To comply with legal obligations for complaint handling |
to detect, prevent, investigate and report actual or suspected ciminal activity such as, fraud money laundering or sanctions violations; (see 'For crime and fraud prevention and anti-money laundering' section) | To comply with legal obligations for prevention of financial crime and money laundering |
to protect our legal rights and interests; | Legitimate interests to protect financial position and reputation |
to troubleshoot problems with the Website, or to customise your experience on the Website; | Legitimate interests to optimise customers' experience on the Website. Please see our Cookie Policy |
Management of Relationship | |
to manage, analyse, understand and develop your relationship with us, for example, to understand how often you access our services; | Legitimate interests to service customers' accounts, optimise customers' experience with us and develop our products and services |
to inform you about improvements to the Website; | Legitimate interests to optimise customers' experience on the Website |
to keep you informed of any of our other/new products and services and identify and market products and services that may be of interest to you, where you have chosen to be made aware of this; (see 'Marketing' section) | With consent |
to request feedback or conduct research on our services (see 'Customer Survey' section) | Legitimate interest to optimise experience with us and develop our services |
Training and Service Review | |
for training purposes and to enhance or review the service we provide or have provided to you; | Legitimate interests to optimise customers' experience with us, to manage performance and develop our employees |
Develop services | |
to conduct statistical analysis and research; | Legitimate interests to develop our services |
to test systems (see 'Testing' section); | Legitimate interests to develop our services |
Other | |
for financial management, treasury, risk management or auditing purposes; | To comply with legal obligations including accounting, audit and risk management standards, and requirements for listed companies |
if we are obliged to disclose information by reason of any law, regulation or court order; | To comply with legal obligations |
to transfer information to any entity which may acquire rights in us; | Legitimate interests for commercial interests |
to monitor access to and use of the Secure Trust Bank Group's IT systems, including electronic communications and video conferencing technology; | Legitimate interests to manage and control information security risk and the risk of misconduct and to comply with legal obligations for prevention of crime. |
for contacting individuals in the event of a Health & Safety emergency | Legitimate interests to provide information to relevant authorities. |
for any other purpose to which you agree. | With consent |
The personal information that you provide will be retained by us in accordance with applicable laws. We take reasonable steps to destroy or anonymise personal information we hold if it is no longer needed for the purposes set out above.
Set out below are our retention periods
Type of personal information | Retention period |
General personal data - this includes the categories of normal personal data, personal identity and personal financial data | 7 years after end of relationship |
Special categories and criminal offence personal data may be captured if voluntarily provided to us. Criminal offence information could be disclosed to us by a third party or through screening checks. | 7 years after end of relationship Special categories of personal data will be erased if you no longer want us to retain the information |
Call recordings
Recordings of video conferencing technology
|
Up to 6 years, although some recordings are kept for shorter periods. Recordings may be retained as evidence of a complaint investigation for 7 years after the resolution of the complaint. 6 months Recordings may be retained as evidence of a complaint investigation for 7 years after the resolution of the complaint. |
If you visit one of our offices:
|
90 days 3 years |
The recipients with whom we share personal information are:
- our third party service providers who act on our instruction and need to know the information in order to provide us or you with a product or service;
- our third party service providers who act on our instruction and process information on our behalf to help run some of our business operations including email distribution, electronic signature processing, storage of customer documentation, IT services and websites;
- our partners including introducers and retailers we work with;
- our affiliates, for the purpose of managing our customer relationships, administering our business and to provide you with information about other products and services which might be of interest to you;
- our advisors, for the purpose of assisting us to better manage, support or develop our business and comply with our legal and regulatory obligations;
- our regulators or other relevant authorities (including the Financial Conduct Authority and Information Commissioner's Office) to comply with our legal and regulatory obligations or for our legitimate interests;
- entities who may or do acquire any rights in us for the purpose of a business sale or reorganisation;
- credit reference agencies (including TransUnion and Equifax) and fraud prevention agencies - see sections below 'Sharing with credit reference agencies', and 'For crime and fraud prevention and anti-money laundering', 'Statistical analysis' and 'Testing' );
- HMRC, who may then pass information on to a relevant overseas tax authority;
- law enforcement bodies in order to comply with any legal obligation or court order;
Recipients with whom we share your personal information, for example our service providers, may be located in the UK, other countries in the European Economic Area or elsewhere in the world. Different privacy laws may apply in these countries and you understand and unambiguously agree to the transfer of personal information to these countries and parties.
If we or our service providers transfer your personal information outside of the UK, there is either a legal framework in that country which has been assessed as providing adequate protection for people’s rights and freedoms about their personal information or other appropriate measures are in place, such as we or service providers impose standard data protection obligations to make sure that personal information is sent and received in line with any laws that apply. More details on the standard contractual obligations and the international frameworks are available on the ICO's website, or you can contact our Data Protection Officer on the details below.
We record and monitor communications with us, including electronic communications, video conferencing technology and calls, to improve the quality of our service and for your protection and security.
In order to process the application for a business of which you are shareholder, director, partner, beneficial owner, authorised signatory or other associated person, we will undertake checks on you for the purposes of detecting and preventing crime, fraud, money laundering and sanctions violations, and to verify your identity. These checks require us to process your personal information with the credit reference agencies and fraud prevention agencies. We may ask you to provide additional information. We continue to conduct regular or extraordinary checks for the same purposes while you have a relationship with us, for example an annual check with credit reference agencies and fraud prevention agencies or for a change in company structure. We will undertake checks for the purpose of detecting and preventing fraud when processing payments, the consequence of these checks may mean that we reject a payment.
Credit reference agencies will supply us with information about you. This will include both public information (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. They will add information about our search to the record about you.
If we determine that you pose a fraud, money laundering or sanctions risk, we may refuse to work with you or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services or financing to you. If you have any questions about this, please contact the fraud prevention agencies on the details below.
We, and fraud prevention agencies, may also enable law enforcement agencies or relevant authorities to access and use your personal information to detect, investigate and prevent crime.
Credit reference agencies hold your personal information for up to six years. These records will be shared with other organisations and may be used and searched by us and them to consider applications for credit and credit related services, such as insurance, for you and any associated person; and to trace debtors, recover debts, prevent or detect money laundering and fraud, and to manage accounts.
Fraud prevention agencies hold your personal information for up to two years, and if you are considered to pose a fraud or money laundering risk, your information is held for up to six years.
We use Equifax, TransUnion and Experian as our credit reference agencies. More information about the credit reference agencies and how they process your personal information is available at:
You can also find information about the credit reference agencies on the ICO's website.
The fraud prevention databases we use are provided by CIFAS - The UK's Fraud Prevention Service, Synectics Solutions, TransUnion, Lexis Nexis and Iovation. Further information can be found at:
GBG website
We use personal information of individuals associated with our commercial clients, partners and suppliers to test our internal systems and those of our third party service providers.
Testing can involve personal information being shared with and obtained from our third-party service providers, credit reference agencies and fraud prevention agencies. Wherever possible, this information is processed on an anonymised basis. The credit reference agencies will not add a record to your credit file of processing conducted for this purpose.
From time to time, we may send you information regarding our products and/or services or those from carefully selected third parties, such as lenders and brokers, that we think may be of interest to you where we have your agreement. You opt to receive this information by letter, telephone, SMS and / or email.
If, at any time, you prefer not to receive further communications from us in any or all forms (except in connection with information, products or services that you specifically request), you will have the ability to unsubscribe from such communications by means of a link provided in every e-mail that is sent to you by us or by contacting us. To unsubscribe from such communications by SMS, reply 'STOP' to the SMS.
From time to time, we may send you a request to take part in a customer survey for feedback or research purposes. this is in order to improve our products, processes and/or service. You may receive this information by letter, telephone, SMS and/or email.
This website contains links to other websites. We accept no responsibility or liability for the content of other websites which are not under our strict control, in particular, we are not responsible for the protection and privacy of any information which you provide whilst visiting other websites and such sites are not governed by this Privacy Statement. Please see section titled 'Access to Website' in our Website Terms and Conditions for further details.
Emails sent via the internet can be subject to interception, loss or possible alteration, therefore we cannot guarantee their security. Although we will do our best to protect your personal information, we cannot guarantee the security of your information sent by email and therefore will have no liability to you for any damages or other costs in relation to emails sent by you to us via the internet.
The Website is not intended for use by individuals under the age of 18 without the agreement and involvement of a parent or guardian. We do not knowingly collect personal information from individuals under the age of 18.
We will keep this Privacy Statement under review and make updates from time to time. We will notify you of any major changes which will affect the processing of your personal data, for example if we change the credit reference agencies we use. We may make minor changes (such as to correct typographical errors, or to add information about other products or services which do not affect your personal information at this time) without notifying you.
Our website uses cookies (including Google Analytics cookies to obtain an overall view of visitor habits and visitor volumes to our Website). To view more information on what cookies we use and how we use them please review our separate Cookie Policy.
You have the right to request copies of certain of your personal information within our custody and control and details of how we use that information. Your request can be made verbally or in writing.
If you think any of the personal information we hold about you is inaccurate, you can also request it is corrected or erased.
You also have rights, in certain circumstances:
- to object to our processing of your personal information;
- to require us to stop processing your personal information; and
- to withdraw your agreement to processing based on 'consent'.
In relation to all of these rights, please call us or write to us;
Data Protection Officer
V12 Retail Finance Limited
25-26 Neptune Court
Vanguard Way
Cardiff
CF24 5PJ
Telephone: 029 2046 8900
Email:
Please note that we may request proof of identity when we receive your request.
You also have a right to complain to the ICO, which regulates the processing of personal data.
Our aim is to please but we know that sometimes things go wrong. If you have a problem, we want to know. Our staff will be happy to help you either on the telephone or in writing. Should you need to write to us, please address your complaint to The Chief Executive, V12 Retail Finance Limited, 25-26 Neptune Court, Vanguard Way, Cardiff, CF24 5PJ or
If you are unhappy about how your personal information has been used, please contact our Data Protection Officer using the details set out below. You also have a right to complain to the ICO1, which regulates the processing of personal data.
Our Data Protection Officer can be contacted by telephone or in writing:
Data Protection Officer
V12 Retail Finance Limited
25-26 Neptune Court
Vanguard Way
Cardiff
CF24 5PJ
Telephone: 029 2046 8900
Email: