- The type of personal data we may collect from you
- how we will use, store and protect your personal data
- with whom we may share personal data and
- your rights under relevant data protection laws
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
The personal data you have provided, we have collected from or about you, or we have received from third parties will, where appropriate, be used to assess your application for finance, provide our products or services to you, prevent fraud and money laundering to verify your identity and/or notify you about services and products we supply.
Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
For more information or to exercise your data protection rights, please contact us by email [email protected] or by telephone 01633 415222.
These rights include:
Right to Access
You have a right of access under the UK GDPR to information we hold about you on our records.
Right to Rectification
If you become aware that we are holding information about you which is in any way incorrect, please let us know immediately so that we may amend it as quickly as possible. Please note we may need to verify the accuracy of the new data you provide to us.
Right to Erasure
You have the right to require us to delete your data, subject to certain legal requirements. Please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Right to Restriction of Processing
You have the right to require us to restrict the way in which we process your personal data. You may wish to restrict processing if, for example: You contest the accuracy of the data and wish to have it corrected; You object to processing but we are required to retain the data for reasons of public interest; or if you would prefer restriction to erasure.
Right to Data Portability
You have the right to obtain from us easily and securely the personal data we hold on you for any purpose you see fit.
Right to Object to Processing
You have the right to require us to stop processing your personal data should you wish the data to be retained but no longer processed.
Right to opt-out
You have the right at any time to opt-out of allowing us to process your personal data.
Any person wishing to exercise any of the rights listed above can make a request in writing to [email protected]. You do not have to pay a fee to access your data (or to exercise any of the other rights). Please be aware that we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We aim to comply with access requests as soon as possible but must do so within one month of receipt of the request unless there is good reason for a delay. If so, the reason for the delay will be explained in writing to the individual making the request.
Information which we may collect and process about you
We limit the collection and use of your information. We only collect such information as is required to deliver our high standards of service, to inform you about the products and services we offer, and to administer our business.
What is Personal Data
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed, for example anonymous data.
What does “Processing” mean?
The processing of personal data includes any activity that involves the use of personal data, including collecting, recording or storing, organising, amending, retrieving, using, disclosing, erasing or destroying, or transmitting or transferring the personal data to third parties.
Details of the personal information that will be processed include, for example: name, address, date of birth, personal appearance, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
We may collect and process the following personal data about you:
- Information which you provide to us or anyone acting on your behalf (e.g. a supplier) or information about you which is publicly available. The information may be supplied to us in the form of:
- a written application, or an enquiry as to our services, goods or financing
- information requested as part of the identity verification process,
- information supplied via the Propel website or information supplied verbally to Propel
- information contained within public registers or available publicly otherwise
The information may include such details as:
- your date of birth
- residential address
- contact details
- employment details
- visual images and personal appearance (such as your photograph or video image)
- bank details and other financial information
- passport and other identity documents such as driving licences
- vehicle registration details
- records of written/verbal communication/correspondence from/to you (or anyone acting on your behalf)
- details of transactions which you carry out with us; and
- your credit history, where you have applied for credit or where we have agreed to provide credit to you
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
How we collect information?
We collect your personal data in several ways:
contact, financial and identity data directly provided by you when you fill in online forms or correspond with us in any way and through our application and verification processes. For example when:
- creating online accounts
- applying for services, goods or financing
- submitting a query
- requesting or consenting to marketing materials being sent to you
- providing us with feedback
From third parties/public sources:
- contact, financial and transaction data may be obtained from providers of technical, payment, credit referencing, and delivery services such as credit reference agencies and fraud prevention agencies
- identity and contact data from publicly available sources such as Companies House and the Electoral Register based inside the European Union
- identity verification may be carried out through a specified third-party digital identity verification provider as appointed by Propel from time to time
- we have installed CCTV systems in some of our premises used by customers and suppliers, for the purposes of public and employee safety and crime prevention and detection. CCTV is also installed on the outside of some of our buildings for the purposes of monitoring building security and crime prevention and detection. Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated
In some circumstances, Propel will have no direct contact with the customer, where a supplier provides customer personal data directly to us.
Use of information collected
We will use your personal data to assess your application for finance and, if your application is successful, to provide the requested financial services to you and for the ongoing administration of the service. We will rely on “performance of a contract” as the lawful basis for processing your personal data in these ways.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
We may also process special categories of data for the specific purpose of the prevention and detection of financial crime. We will only process special category data (which may include biometric information, relating to the physical, physiological or behavioural characteristics of a person, including for example using voice recognition or similar technologies to help us prevent fraud and money laundering) where we are legally permitted to do so.
We may also use your personal data to assist us in understanding individual needs and business trends to improve the products and services we offer. We may also be required to process the personal data of any person linked to your application for finance, including any joint applicants, any person with whom your finances are linked, any person with at least a 25% share in your business, or any director to assess your application for finance. We will rely on legitimate interests as the lawful ground for processing your personal data (and the personal data of any linked person) in these ways. Our legitimate interests include assessing your suitability for financing, helping to detect and prevent fraud, and providing the services to you. For more details on the ways in which we share your data with Credit Referencing Agencies please see the Credit Referencing Agencies section of this policy.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with goods or services). In this instance, we will contact you to inform you of the next steps.
Where your application has been submitted via a person or persons acting on your behalf (e.g. a supplier, broker or franchisor), we will inform them of the outcome of your application and whether we have agreed it. We may also disclose information about you and your relationship with us throughout the term of that relationship. If you do not wish us to disclose this information, please inform us in writing.
We may be required to use and process your information for adherence with anti-money laundering or other regulatory/legal requirements and to detect, prevent and report on fraudulent activities, or money laundering.
Other ways we may use your data are for the following purposes:
- dealing with your enquiries and providing customer services
- providing you with a service
- improving current services and offer new services
- following your instructions
- authenticating your identity
- making/obtaining a credit decision (where you have applied for credit or we have agreed to provide you with credit)
- complying with regulatory obligations, legal requirements, court order or government agency
- monitoring and/or recording your phone calls to check we have carried out your instructions correctly, to resolve queries/complaints and to help improve our quality of service (conversations may also be monitored for staff training purposes). Call recordings are retained for six months from date of call)
- statistical purposes, i.e. to improve our business and services which we provide
- to carry out market research
- in accordance with our legitimate interests (in circumstances where your interests and fundamental rights do not override our interests)
- to personalise your experience on the Propel website
- to send you important information regarding our services and/or other technical notices, updates, security alerts, and support and administrative messages
- as we believe to be necessary or appropriate to comply with a legal obligation. This applies where the processing is necessary for us to comply with the law
- to protect our legitimate rights, privacy, property or safety, and/or those of a third party and your rights do not override those interests.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details above.
Consequences of Processing
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us by email [email protected] or by telephone 01633 415222
Where you apply for credit, we will tell you, where legally permitted, if we make an assessment based on your credit scoring or suitability which has been done based exclusively using an automated decision-making process. You can then ask us to review the decision using alternative means if you feel that this will result in a more satisfactory outcome.
We will treat all your personal information as private and confidential (even when you are no longer a customer). Nothing about your accounts or your name and address will be disclosed to anyone, except:
- where we are legally compelled to do so
- where there is a duty to the public to disclose
- where disclosure is required to protect our interest
- where disclosure is made at your request
From time to time, we will employ agents and sub-contractors to process your information on our behalf. The same duty of confidentiality and security will apply to our agents and subcontractors and all processing will only be carried out under our instruction and will be supported by written contract.
Credit referencing agencies and fraud agencies
As part of your application for finance with us, we may obtain further personal data about you from credit reference agencies or fraud prevention agencies.
We will also share your personal data with credit reference agencies to check that your details are accurate and that you are eligible to receive finance. In addition, we will update your record with credit reference agencies with details of your agreement with us, the payments you make under it, any default or failure to keep to its terms, and any change of address you fail to tell us about where a payment is overdue.
We may undertake searches with credit reference agencies for the purposes of verifying your identity and for anti-money laundering purposes. To do so credit reference agencies may check the details you supply against any particulars on any database (public or otherwise) to which they have access. They may also use your details in the future to assist other companies for verification purposes. A record of the search will be retained. If you are a joint applicant, such as a partnership, unincorporated association or if you are a body corporate, such as a limited company or LLP or charity, you confirm to us that you have obtained the relevant consent to authorise us to create an identity search against any partner/ trustee /officer/ director/shareholder (as so required) at the credit reference agencies.
We have systems in place which protect both our customers and Propel against fraud and other crime. Customer information will be used to prevent crime and to locate those who are responsible.
The three main credit reference agencies (“CRAs”) in the UK (Callcredit, Equifax and Experian) have produced a Credit Reference Agency Information Notice which explains how these agencies use and share personal data which they receive about you.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain/index.html
We may use your personal data to advise you about the services and products we provide which may be of interest to you or your business. Where necessary, we may transfer your personal data to third-party marketing companies who provide marketing services for us. We or our marketing agents may contact you for these marketing purposes by post, telephone or electronic means (email or SMS).
The method by which we will contact you will depend on whether you are an individual (such as a sole trader or private individual) or a business contact (such as a limited company or one of its employees). In the case of electronic communications, and where you are an individual (and not a business contract), we will only contact you by electronic means with information about goods and services similar to those which we have discussed with you and/or offered you (at which point you will be or have been offered the opportunity to opt-out from such communications). Where you are a business contact, then we may contact you to notify you of the services and products we offer by any means, including electronic communications, on the basis of our legitimate interest. Whether you are an individual or a business contact, if you do not want us to use your data in this way, please (i) tick the relevant box situated on the form on which we collect your data or (ii) contact us to let us know or (iii) let us know if we call you.
You may choose to opt out of receiving marketing communications from us at any time by contacting us at [email protected] . We will process your request to be opted-out of marketing within 30 days of receipt.
Third party links
The Propel website may contain links to and from other applications, plug-ins and websites of other networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services.
Please check these policies before you submit any personal data to these websites or use such services.
Retention of your data
We will implement and adhere to retention policies relating to your personal data and will ensure that your personal data is only retained for as long as it is still required to provide you with services or is necessary for legal reasons. When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed.
Even if your application is unsuccessful, we will keep a record of all data we obtain, and any credit searches we carry out will be recorded by the credit reference agencies as part of your credit record. In addition, the credit reference agencies and fraud prevention agencies will also use the records for statistical analysis about credit, insurance, and fraud. Records remain on file with credit reference agencies for 6 years after they are closed, whether settled by you or defaulted and we may also make periodic searches with credit reference agencies to manage your account with us. As such, it is important that you give us accurate information.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
When we determine that personal data can longer be retained (or where you request us to delete your data in accordance with your right to do so), we ensure that your data is securely destroyed. All call recordings are deleted after a period of six months from date of call. This deletion is completed automatically through the telephony management system without any manual intervention.
How we protect your data
We will take all appropriate steps to safeguard the security and confidentiality of any information you provide to us. These steps include restricting access to your personal data to certain employees, ensuring our internal IT systems are suitably secure, and implementing procedures to deal with any suspected data breach.
All employees are made aware of the principles of our policies through their induction process and through yearly affirmations. Internal monitoring takes place to ensure compliance with our Policies. Any employee found to be in violation of this policy may be subject to disciplinary action, up to and including termination of employment.
In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.
Finally, we will ensure that, if we outsource any processes, the supplier has appropriate technical and organisational security measures in place and will contractually require them to comply with these.
In addition to the security measures implemented by us, it is also of the utmost importance that you take appropriate measures to protect your own personal data. For example, it is generally inadvisable to divulge passwords/access codes to third parties and such information should be kept safe and secure at all times.
Transfer of your data
We may share your data with other members of the Propel Finance Group. Information may be disclosed to third parties that help maintain, service or process the customer transactions or accounts and products and services including companies that perform administrative, accounting, audit, funding and brokerage services to us. Further, if we place your business with another finance provider we will pass your details to them. We may therefore share or store your information (including the results of our credit search) with our funders and any person to whom we intend to assign our rights under your agreement. These third parties may wish to conduct their own credit search using your personal data in order to secure funding for you/your business, and if you agree to enter into a finance agreement with us, you will be agreeing that our funders can use your data in this way. A list of our Third-Party Funders and their respective Data Privacy Policies can be obtained in electronic format using this link “Third Party Funders”. You may also ask us to provide a copy by email on request. Your personal information may also be passed to certain third parties who administer or process the information on our behalf such as arrears agents acting for Propel or asset inspection agents appointed by us as appropriate.
We or our funders may also search linked records of your spouse or partner. In your agreement, we seek authority from you for us and our assignees to undertake and appoint credit reference agencies to undertake such searches. Such searches at credit references agencies may include searches against those to whom you may be linked, which may include your spouse/partner, your fellow directors (where you are a company) or other persons with whom you are linked financially.
For the purposes of your agreement/application, you agree that you may be treated as financially linked to such individuals and in such circumstances, you will be assessed by reference to all such “associated records”. Where you are a company, you will inform each director of the company of this notice. The credit reference agency will add to your records details of our search and your application and this will be seen by other organisations that make searches. We will use credit scoring or other automated decision-making systems when assessing your application. We may also undertake further searches against you and any associations for tracing and recovering debt.
We will also add to your records details of your agreement with us, the payments you make under it, any default or failure to keep to its terms, and any change of address you fail to tell us about where a payment is overdue. It is important that you give us accurate information.
Otherwise, we will not pass your details to anyone outside of the Propel Finance Group, except:
- to manage our relationship with you (including for Propel’s marketing purposes)
- to help prevent fraud
- if agreed by you, or
- to authorised parties if we are required to do so by law
You agree that we may disclose any information requested or required relating to you or, if relevant, any of your clients to any regulatory authority to which we are subject or otherwise in accordance with law.
The security of your data is important to us and we will, therefore, only transfer your data to such third parties if:
- we have previously informed you that this will happen through disclosures or agreement
- the third party needs to access the personal data for the purposes of providing any contracted services to you
- the third party has agreed to comply with Propel’s instructions, required data security standards, policies, and procedures and put adequate security measures in place
- the transfer complies with any applicable cross border transfer restrictions and suitable safeguards have been put in place, and
- a fully executed written contact that contains suitable obligations and protections has been entered into between the parties
We may also transfer your personal information outside the UK or the European Economic Area (EEA) to countries which may not offer the same level of data protection as the UK. Staff located in these countries may be engaged in, among other things, the processing of your payment details and the provision of support services. We will ensure a similar degree of protection is afforded to your data wherever it may be transferred by:
- only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the Secretary of State; or
- where your data will be transferred outside of those countries, entering into specific contractual terms which have been approved by the ICO and Secretary of State and which give personal data the same protection as within the UK.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
For more information about the cookies we use, please see our Cookies Policy www.propelfinance.co.uk/policies/cookies.
If you have any concerns, questions, or requests, please contact us using the details set out below.
Data Protection Team,
Propel Finance Group,
Langstone Business Village,
Newport, NP18 2LH
Our Data Protection Lead is Jennifer Bodey, Director of Compliance and Conduct Risk.
Telephone: 01633 415222
Amendments to this Policy
Transfer of your data If you have a concern or complaint
You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data. Their contact details are https://ico.org.uk/global/contact-us/. We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO, and we would kindly ask you to please contact us in the first instance using the contact information above.
V5.0 01 2023