Blue Motor Finance Limited Third-Party Privacy Notice

Introduction

Blue Motor Finance Limited (Blue) has prepared this Notice to explain how it uses any personal data it collects about you. Blue’s contact details are:

If you are a customer, please refer to the customer privacy notice. This page is our third party notice, which applies to the following (non-exhaustive) list of parties:

  • Suppliers including sole traders
  • Motor Vehicle Dealers
  • Professional advisers
  • Brokers
  • Insurers
  • Lenders
  • Visitors to our premises
  • Auditors or assessors
  • Goods and services providers

What information does Blue collect?

Blue collects your information for a variety of reasons, primarily regarding its proposed or actual business relationships with you. The information that you provide to Blue will depend on the nature of the relationship and therefore may include your:

  • name
  • address
  • email address
  • phone numbers
  • bank, payment, invoice details
  • vehicle registration details
  • CCTV
  • Employer/organisation details
  • Representative details

We may also collect special categories of personal data or other sensitive information in order to suitably accommodate you in line with particular requirements such as health and safety obligations.

Depending on the nature of your relationship with Blue, we may also collect information about you from third parties, including Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FPAs). Please refer to ‘whom will Blue share your information section below, for clarification as to whether this applies to you. The information that Blue receives from CRAs and FPAs includes:

  • criminal record and background information
  • sanctions, politically exposed persons, or special interest persons status
  • credit score
  • current and previous addresses
  • credit history, including:
    • current credit commitments
    • historic credit commitments ending in the last six years
    • credit payment history
  • electoral roll details
  • details of credit searches undertaken by other organisations
  • information from fraud databases

If you choose not to provide this information to Blue, we may be unable to enter into, or continue, a business or other relevant relationship with you.

What lawful basis does Blue have for using your information?

As the data controller, Blue is legally responsible for ensuring that it has a lawful basis for processing your information. Data protection laws set out several legal bases for processing personal data, and Blue relies on the following of those bases:

  • Contract:
    • Taking necessary steps, to enter a contract with you or the organisation you represent including, to negotiate the terms of a contract.
    • Delivering its contractual obligations to you, or the organisation you represent (e.g. to pay your invoices).
    • Grant and manage necessary systems and access to our premises as needed.
    • Provide the necessary information (including employee and/or customer data) for the performance of contract.
  • Legitimate Interests:
    • Manage and administer arrangements, relationships, visits, and accounts.
    • Facilitate communicational channels and methods, as necessary.
    • Record keeping requirements.
    • Maintaining audit trail for accountability and risk management.
    • Ensuring the security of our premises, systems, assets, employees, and visitors.
    • Manage business operations efficiently.
    • Processing of CCTV footage and recordings.
    • Administer and manage optional surveys and feedback.
  • Legal Obligation:
    • To fulfil rights requests such as a Data Subject Access Request (DSAR).
    • Health and safety requirements including visitor and accident logs.
    • Comply with statutory audits, assessments, and inspections.
    • Perform the required background, identity, security, and screening checks.
    • To comply with legal requirements such as financial and regulatory.
    • Preventing fraud and misconduct.
  • Consent:
    • Blue may rely on consent as its lawful basis for specific activities, including the collection of certain sensitive information or marketing to you.
    • You may withdraw your consent at any time by contacting Blue at dpo@bluemotorfinance.co.uk. However, even if you withdraw your consent, Blue may still have a legal obligation to process your personal data. Where this is the case, we will inform you accordingly.

For what purposes will Blue use your information?

Blue may use your information to:

  • Determine whether to enter a contract with you or the organisation you represent
  • Conduct searches against CRAs and FPAs’ records
  • Create a business file
  • Perform contractual obligations to you or the organisation you represent
  • Contact you via email, SMS, letter, or telephone
  • Comply with its statutory and regulatory obligations, including with regards to fraud
  • Provide you with facilities or services while you are on Blue’s premises
  • Manage and record access to premises
  • Ensure security and safety
  • Respond to incidents and emergencies
  • Facilitate audits, compliance checks, and inspections
  • Maintain organisational records
  • Perform the required screening, background, online, digital, social, legal, and verification checks
  • Validate information for contractual and business purposes

How will Blue use your information?

Blue may process your information in various ways, using automated and manual systems.

Blue does not use automated decision making or profiling to process your data.

With whom will Blue share your information?

Please note: Blue will only share your information with Credit Reference Agencies and Fraud Prevention Agencies if you fall into the following categories:

  • Motor Vehicle Dealers
  • Motor Finance Brokers

Credit Reference Agencies

Blue may share your information with Credit Reference Agencies (CRAs) for the purpose of gathering information about you, to inform its decision to enter a contract or business relationship with you or the organisation you represent. If Blue searches your record at a CRA, the CRA will add to your record the details of its search. Blue may also share your information with CRAs on an ongoing basis. This information will be available to other organisations that search your CRA record. Other organisations may use this information and other information about you to make contractual or other decisions about you.

For more information on CRAs, including their relationship with Fraud Prevention Agencies, please refer to the Credit Reference Agency Information Notices below.

Fraud Prevention Agencies

Blue may share your information with Fraud Prevention Agencies (FPAs) to detect and prevent fraud. This may include details of fraud, unlawful or dishonest conduct, malpractice, or other seriously improper conduct (“Relevant Conduct”). Blue may use the information it receives from FPAs (including details of any Relevant Conduct) to:

  • Determine whether to enter a contract with you or the organisation you represent
  • Determine whether to terminate a contract with you or the organisation you represent (subject to the terms of the contract and any applicable law)
  • Determine whether to bring legal action against you or the organisation you represent (subject to the terms of the contract and any applicable law)

FPAs will share their records with other organisations. Those organisations may use this information to make decisions about you and other persons connected to you, including in relation to employment, credit, or insurance.

Blue uses CIFAS as its primary FPA. For further information, please refer to their Fair Processing Notice below:

Legal, Governmental, and Regulatory Bodies

Blue may share your information with legal, governmental, and regulatory bodies to meet its compliance obligations. These may include the Financial Conduct Authority, the Financial Ombudsman Service, the Information Commission, His Majesty’s Revenue & Customs, or any other legal, governmental, or regulatory body.

Service Providers

Blue may share your information with professional advisers (including legal advisers), outsourcing providers (including IT service providers, consultancy services, auditors), financial institutions (such as banks), or with any other type of organisation or person that it uses to help it conduct its business and internal administration.

Authorised Third Parties

Blue may share your information with any person that you have authorised to engage with it on your behalf or that otherwise has a legal authorisation to do so. Blue may share your information with any organisation you have appointed to act on your behalf or authorised to receive your information, such as law firms.

Restructure, sale, or acquisition

Blue may share your information with any person to whom it sells or transfers (or enter negotiations to sell or transfer) its business, or any potential or actual transfer of its rights or obligations under any contract it may have with you or the organisation you represent. If the transfer or sale goes ahead, the transferee or purchaser may use your information as set out in this Notice.

Other parties

We may share personal information with third parties where this is necessary, reasonable, legitimate, or lawful to do so. This includes:

  • Insurance providers or organisation of this nature (e.g. to support, manage or respond to claims).
  • Transport and logistics companies (e.g. to support/manage enquires, or to organise vehicle collections/removals).
  • Garage, repair, or other vehicle services/providers (e.g. to support, manage, or organise vehicle related matters).
  • Governmental, public, or local authorities (e.g. to support, manage, investigate, or respond to enquiries accordingly).

Where will Blue transfer your information?

Blue may transfer your information outside the United Kingdom (UK). If Blue transfers your information outside the UK to a country that is not subject to an adequacy decision in respect of its data protection laws, it will conduct the required checks and risk assessment and put in place the necessary safeguards to ensure that your information receives an appropriate level of protection.

How long will Blue keep your information?

If Blue has a contract with you, it will keep your information for 6 years from the end of the contract.

Blue will not retain your personal information for longer than necessary or where it is contractually or legally required to retain information, or for as long as we have a relationship with you. If there are any disputes or complaints, we may retain data for a longer period to ensure that the required information is accessible, until a dispute or complaint is settled and where information is no longer required.

What rights do you have with regard to your information?

The following rights are available to you:

  • The right to be informed about the collection and use of your information, as set out in this Notice
  • The right of access to or a copy of your information
  • The right to rectify incorrect or incomplete information
  • The right to the erasure of your information, which will not apply in some circumstances, including if Blue is under a legal obligation to retain your information
  • The right to restrict processing of your information (subject to limitations)
  • The right to data portability (subject to limitations and not including paper files)
  • The absolute right to object to the processing of your information for direct marketing, and the limited right to object to the processing of your information in some circumstances, including to the processing of your information on the basis of legitimate interests.
  • The right to withdraw consent, where Blue is relying on your consent.

While these rights are available to you, they may not apply in all circumstances. Where this is the case, this will be communicated to you accordingly.

If you have questions regarding the above or other rights, or wish to exercise a right, please contact dpo@bluemotorfinance.co.uk.

How can you complain about our processing of your information?

If you are dissatisfied with Blue’s processing of your information, please first contact the Data Protection Team. The team may be able to resolve your complaint or address your concerns.

You have the right to complain to the Information Commission about Blue’s processing of your information. You can contact the Information Commission by visiting their website or following this link https://ico.org.uk/make-a-complaint/.

Updates

This Notice is updated from time to time and in line with the law. Where there are any significant changes to the way in which Blue processes your information, we will communicate this with you accordingly.