For the purposes of the Data Protection Act (‘DPA’), we are the ‘Data Controller’ (i.e., the company who is responsible for, and controls the processing of, your personal data).
This Policy was last updated May 2021 in line with requirements as set out under the GDPR and the Data Protection Act 2018. The reform sets out more rights for individuals and greater transparency in how personal data is processed by Data Controllers, such as consent, distribution, marketing, and deletion. As we are a credit intermediary, we undertake several financial tasks that relate to consumer credit and insurance mediation. Our firm’s lawful basis for processing your personal data is done so under a Legitimate Interest - Article 6(1)(f) – “the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.”
The Legitimate Interest relates to legal requirements for us to hold your personal data and financial information on record for up to a total of six years from the end date of your credit agreement. This six-year period satisfies the requirement of our regulator, The Financial Conduct Authority. Additionally, there is also a legal requirement to hold accounting information with Her Majesty’s Revenue & Customs (HMR&C). This is in line with other financial industry retention periods. Please also refer to a separate document - “Legitimate Interest Assessment” which can be provided to you by requesting it from us.
Personal Data We May Collect
We will obtain personal data about you, (including your name, address, date of birth, contact information, interests, payment details, financial information, and opinions), and those whose personal data you have with express authority disclosed to us, (‘others’), whenever you complete an online form or make a telephone enquiry with us to receive our services. If you submit an online enquiry, you will be required to agree to the terms of this Policy which include permitting us to contact you for the purposes of the finance related or insurance enquiries via the contact means of which you provide us with the details of. i.e., email address, telephone number etc.
For example, we will obtain personal data when you contact us for any reason, or purchase services. In certain circumstances, we may hold sensitive personal data if you provide us with such information if you feel that it is relevant for the purpose of your enquiry, but we will not ask for such information. Any sensitive personal data obtained and recorded will only be done so with your explicit consent.
How We Use Personal Data
We will use the personal data you disclose to us for the purposes described in Our Terms. These purposes include:
Marketing and Opting-in
We may share your personal data with organisations as set out in the ‘Disclosure of Personal Data’ section below. If you have opted-in to receive our marketing material, we will ensure that it is to your requirements and granular. We or they may contact you or others, (unless you have asked us or them not to do so), by mail, telephone, text message, or email, (each contact method requires its own consent via an opt-in selection). The nature of these marketing communications relates to information on products, services, promotions and special offers which we believe may be of interest to you or others. If you or others would prefer not to receive any further direct marketing communications from us or our business partners, it is possible to opt out at any time. See further ‘Your rights’ below.
Disclosure of Personal Data
When acting as a credit intermediary for vehicle finance and associated insurance products, there would be a reasonable expectation for us to share your personal data with finance houses and funding partners for the purposes of arranging finance for your new vehicle(s).
We may disclose personal data which you provide to us to:
Keeping Data Secure
We currently safeguard personal data by storing it on a CRM protected by password and shall ensure that from time to time we use no lesser technical and organisational measures to safeguard personal data which is disclosed to us. Whilst we will use all reasonable efforts to safeguard such personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which are transferred from you or to you via the internet.
We may monitor and record communications with you, (such as telephone conversations and emails), for the purpose of quality assurance, training, fraud prevention, compliance or charitable purposes.
Information About Other Individuals
If you give us information about others, you confirm that the other third-party person has appointed you to act on his/her behalf. This is also relevant where others are concerned if you indeed ask another person to act on your behalf as a third party.
Under the third-party authorisation, the other person can:
Such authorisation will remain in place until this has been revoked, either by verbal or written communication.
Use of Google Analytics Advertising
We use Google Analytics Advertising Features (‘GAAF’) through our website, which means that certain information about the traffic on our website is collected. In light of using GAAF, we will not facilitate the merging of personally identifiable information with non-personally identifiable information collected through GAAF unless we receive your express consent to that merger.
Furthermore, we are hereby notifying you that:
You have the right to request access to your personal data which we process. This formal request is made under the DPA and is referred to as a Subject Access Request. If you wish to exercise this right and make a Subject Access Request, you should:
You have the right to require us to correct any inaccuracies in your data free of charge. If you wish to exercise this right, you should:
You also have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right, you should:
The retention period for your personal data will be up to a total of six years from the end data of the credit agreement. If you do not proceed with an enquiry for finance, or, you do not obtain a finance agreement under which we have arranged for you with our panel of lenders, your personal data is likely to be subject to a shorter retention period and in line with Article 5(1)(c) of the GDPR – “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)”.
In the normal course of business there may be a need for Motorfinity Leasing Limited or any other firm associated to the business, usually when processing an application for credit, personal data would have to be transferred outside of the European Economic Area (EEA) where those countries do not typically have the same protections and safeguards in place for the protection of personal data to those countries within the EEA.
Motorfinity Leasing deal with a number of large, international corporations where data is likely to be transferred in this way. Assurances and processes will always be put in place and considered before any international transfer to a non-EEA country is undertaken to ensure the protection and security of the personal data.
Our Contact Details
We welcome your feedback and questions. If you wish to contact us, please send an email to firstname.lastname@example.org or you can write to us at 1-3 the Coach House, 36a Castle Gate, Newark, Nottinghamshire, NG24 1BG or call us on 01636 558 885. We may change this Policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version which will apply each time you deal with us.