Blue Motor Finance Limited Third Party Privacy Notice

Introduction

We are Blue Motor Finance Limited (BLUE), and we have prepared this Fair Processing Notice (FPN) to explain how we use any personal data we collect about you. Our contact details are:

• Blue Motor Finance Limited, Darenth House, 84 Main Road, Sundridge, Kent, TN14 6ER
• customerservices@bluemotorfinance.co.uk
• 0203 005 9332

BLUE has dedicated FPNs for Customers and Staff & Applicants. This FPN applies to all individuals who do not fall within the scope of either the Staff or Customer FPNs. If you are unsure whether you fall within the categories of Staff or Customers, please contact our Data Protection Officer and we will help you identify which FPN applies to you.

This is a non-exhaustive list of parties who we consider 3rd Parties and who fall within the scope of this FPN:

• Suppliers including sole traders
• Motor Vehicle Dealers
• Professional advisers
• Brokers
• Insurers
• Lenders
• Visitors to our premises

What information do we collect?

We collect your information for a variety of reasons, primarily regarding our proposed or actual business relationships with you. The information that you provide to us will depend on the nature of the relationship and therefore may include your:

• name
• address
• email address
• phone numbers
• bank details
• car registration

Dependent on the nature of your relationship with us, we may also collect information about you from third parties, including Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FPAs). Please refer to the With whom will we share your information? section below for clarification as to whether this applies to you. The information that we receive from CRAs and FPAs includes:

• criminal record and background information
• sanctions, politically exposed persons, or special interest persons status
• credit score
• current and previous addresses
• credit history, including:
  • current credit commitments
  • historic credit commitments ending in the last six years
  • credit payment history
• electoral roll details
• details of credit searches undertaken by other organisations
• information from fraud databases

If you refuse to provide us with this information, we may be unable to enter a business relationship with you.

What legal basis do we have for using your information?

As the data controller, we are legally responsible for ensuring that we have a legal basis for processing your information. The UK GDPR sets out several legal bases for processing personal data, and we rely on the following of those bases:

• Contract:
  • We rely on contract as our lawful basis for taking the necessary steps so that we can enter a contract with you or the organisation you represent (e.g. to negotiate the terms of a contract)
  • We rely on contract as our lawful basis for delivering our contractual obligations to you or the organisation you represent (e.g. to pay your invoices)
• Legitimate Interests:
  • We rely on legitimate interests where we have a legitimate interest in performing the processing (e.g. where we record your phone calls for training purposes or where we enable you to visit our premises)
  • Where we rely on legitimate interests, we perform assessments to ensure that we consider the impacts of our processing on you and balance our interests against yours
• Legal Obligation:
  • We rely on legal obligation where we have an identifiable legal obligation to process your information (e.g. to fulfil a Data Subject Access Request)
• Consent:
  • We may rely on consent as our lawful basis for specific activities including performing a credit check on you (if applicable) and marketing to you.
  • You may withdraw your consent at any time by contacting our DPO at dpo@bluemotorfinance.co.uk. However, even if you withdraw your consent, we may still have a legal obligation to process your personal data.

For what purposes will we use your information?

We may use your information to:

• Determine whether to enter a contract with you or the organisation you represent
• Conduct searches against CRAs and FPAs’ records
• Enter a contract with you or the organisation you represent
• Create a business file
• Perform our contractual obligations to you or the organisation you represent
• Contact you via email, SMS, letter, or telephone
• Comply with our statutory and regulatory obligations, including with regards to fraud
• Provide you with facilities or services while you are on our premises

How will we use your information?

We may process your information in various ways, using automated and manual systems.

We do not use automated decision making or profiling to process your data.

We also process your information for security purposes through the operation of CCTV within our premises.

With whom will we share your information?

Please note: we will only share your information with Credit Reference Agencies and Fraud Prevention Agencies if you fall into the following categories:

• Motor Vehicle Dealers
• Motor Finance Brokers

Credit Reference Agencies

We may share your information with Credit Reference Agencies (CRAs) for the purpose of gathering information about you to inform our decision to enter a contract or business relationship with you or the organisation you represent. If we search your record at a CRA, the CRA will add to your record the details of our search. We may also share your information with CRAs on an ongoing basis. This information will be available to other organisations that search your CRA record. Other organisations may use this information and other information about you to make contractual or other decisions about you.

For more information on CRAs, including their relationship with Fraud Prevention Agencies, please refer to the Credit Reference Agency Information Notices below

• TransUnion CRAIN https://www.transunion.co.uk/crain
• Experian CRAIN https://experian.co.uk/crain
• Equifax CRAIN https://www.equifax.co.uk/crain

Fraud Prevention Agencies

We may share your information with Fraud Prevention Agencies (FPAs) to detect and prevent fraud. This may include details of fraud, unlawful or dishonest conduct, malpractice, or other seriously improper conduct (“Relevant Conduct”). We may use the information we receive from FPAs (including details of any Relevant Conduct) to:

• Determine whether to enter a contract with you or the organisation you represent
• Determine whether to terminate a contract with you or the organisation you represent (subject to the terms of the contract and any applicable law)
• Determine whether to bring legal action against you or the organisation you represent (subject to the terms of the contract and any applicable law)

FPAs will share their records with other organisations. Those organisations may use this information to make decisions about you and other persons connected to you, including in relation to employment, credit, or insurance.

For more information on FPAs, please refer to the CIFAS Fair Processing Notices:

• https://www.cifas.org.uk/fpn

Legal, Governmental, and Regulatory Bodies

We may share your information with legal, governmental, and regulatory bodies to meet our legal and regulatory obligations. These may include the Financial Conduct Authority, the Financial Ombudsman Service, the Information Commissioner’s Office, Her Majesty’s Revenue & Customs, or any other legal, governmental, or regulatory body.

Service Providers

We may share your information with professional advisers (including legal advisers), outsourcing providers (such as IT service providers), financial institutions (such as banks), or with any other type of organisation or person that we use to help us conduct our business and internal administration.

Authorised Third Parties

We may share your information with any person that you have authorised to engage with us on your behalf or that otherwise has a legal authorisation to do so. We may share your information with any organisation you have appointed to act on your behalf or authorised to receive your information, such as law firms.

Other

We may share your information with any person to whom we sell or transfer (or enter negotiations to sell or transfer) our business, or any potential or actual transfer of our rights or obligations under any contract we may have with you or the organisation you represent. If the transfer or sale goes ahead, the transferee or purchaser may use your information as set out in this FPN.

Where will we transfer your information?

We may transfer your information outside the United Kingdom. If we transfer your information outside the United Kingdom to a country that is not subject to an adequacy decision in respect of its data protection laws, we will conduct a transfer risk assessment and put in place the necessary safeguards to ensure that your information receives an equivalent level of protection. For more information on international data transfers, including details of safeguards, please contact our Data Protection Officer.

How long will we keep your information?

If we have a contract with you, we will keep your information for 6 years from the end of the contract. However, we may retain your information for longer than 6 years where the need arises, such as in connection with ongoing legal matters. Please contact the Data Protection Officer if you have any questions or concerns about our retention of your information.

If we do not have a contract with you, we will keep your information for 1 year from the end of the contract. However, we may retain your information for longer than 1 year where the need arises, such as in connection with ongoing legal matters. Please contact the Data Protection Officer if you have any questions or concerns about our retention of your information.

What rights do you have with regard to your information?

You may have the following rights in regard to your information:

• The right to be informed about the collection and use of your information, as set out in this FPN
• The right of access to a copy of your information
• The right to rectify incorrect or incomplete information
• The right to the erasure of your information, which will not apply in some circumstances, including if we are under a legal obligation to retain your information
• The right to restrict processing of your information (subject to limitations)
• The right to data portability (subject to limitations and not including paper files)
• The absolute right to object to the processing of your information for direct marketing, and the limited right to object to the processing of your information in some circumstances, including to the processing of your information on the basis of legitimate interests.
• The right to withdraw consent, where we are relying on your consent.

If you have questions regarding your rights or wish to exercise a right, please contact our Data Protection Officer.

How can you complain about our processing of your information?

If you are dissatisfied with our processing of your information, please first contact our Data Protection Officer. Our Data Protection Officer may be able to resolve your complaint or address your concerns. Our Data Protection Officer can be contacted at: dpo@bluemotorfinance.co.uk.

You have the right to complain to the Information Commissioner’s Office about our processing of your information. You can contact the Information Commissioner’s Office using the following details.

Web: https://ico.org.uk/make-a-complaint/

Telephone: 0303 123 1113