We have put measures in place to ensure that any personal information or data that we obtain from you is processes in accordance with the accepted principles of good information handling.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the European Data Protection Regulations (‘GDPR’) and the Data Protection Act 2018 (the Act), the data controller is London & Surrey Motor Finance Ltd, of 2-3 Rectory Lane, Woodmansterne, Banstead, Surrey SM7 3PP, incorporated under the Companies Acts (Registered No.3373126) and having its registered office at C/O Venthams, The Old Tannery, Oakdene Road, RH1 6BT.
This Privacy Statement explains how we process your information and your rights under both DPA and GDPR.
Information We May Collect:
We may collect and process the following data about you:
Information We Collect From You: We may collect information: (i) when you visit our website; (ii) that you provide to us in your application form; (iii) that you provide to us when you contact us (e.g. to make a complaint or an enquiry); that you provide when you update information we already hold about you; and (iv) that you provide when you give us an instruction in relation to your account or application (e.g. to change your address, or make a payment on your account). Where you apply for, or have a, joint account or a joint application we may collect information that relates to both you and the other joint hirer. Where the applicant is a company or other incorporated entity, we may collect information about the applicant's directors, partners, shareholders, members or employees.
Including your name, your business name, postal address, date of birth, e-mail address, telephone/mobile number, financial details, security questions, employment status, income details, physical forms of identity verification, payment car details and bank details of your nominated account and any information you proved when you contact us or to make an enquiry. During your application process we may ask for additional information, either because we require it or a third party, credit reference agency or fraud prevention agency requires it.
LSMF may also record and monitor our telephone calls and electronic communications.
Information We Collect From Third Parties: If you apply to us for a product or service we may also obtain information about you from third parties, such as credit reference agencies as to your financial status.
Information We Collect About You: Any contact you may have with us or to each of your visits to our website we may collect the following information: (i) electronic messages, recordings or transcripts of recordings of telephone conversations made between us; (ii) technical information, including, without limitation, the Internet Protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, and time zone setting.
Use made of the information:
Once you have applied to London & Surrey Motor Finance Ltd you are no longer anonymous to us. We use information held about you in the following ways:
Provide Our Services To You: We will process, transfer and disclose your information in order to verify your identity, perform credit and anti-fraud checks against you, decide whether to go ahead with your application.
Once you become our customer, we will process, transfer and disclose your information to: provide you with a service; to collect payment from you; to manage our relationship with you (including sending you information relevant to your account; details of any changes and sending you marketing if you have agreed to it); trace any debtors; collect unpaid debts and deal with your payments; for internal operational requirements; and to detect any fraud or website abuses.
We may transfer such data to third party and administration companies and any entity providing funding to us either now or in the future and their professional representatives.
We may transfer such data to third party companies were we unable to help with an application or thought another credit lender on our panel would offer you more favourable terms. In these cases they would carry out their own credit and anti-fraud checks against you.
Respond To Your Enquiries: We may also collect and store some of the above information and the nature of your enquiry when you make an enquiry. We use that information for responding to your enquiry. If you contact us we may keep a record of that correspondence.
Prevention and Credit
Risk Reduction: We
may exchange information with third parties for the purposes of credit
fraud prevention and credit risk reduction. This information may be
part of our application process or as part of our ongoing monitoring of
When reviewing your record at a credit reference or fraud prevention agency, the agency will add to the record of the person searched, details of the search and the application and this will be seen by other organisations that make searches. We may also search the record of any person financially associated with the applicant or account holder.
Currently, these agencies are: Experian Limited and Equifax Limited, but they may change over time. Please contact us if you want to receive details of the relevant fraud prevention agencies. You have a legal right to these details.
Post: PO Box 9000, Nottingham, NG80 7WF
Web address: http://www.experian.co.uk/consumer/contact-us/index.html
Phone: 0344 481 0800 or 0800 013 8888
Post: Customer Service Centre, PO Box 10036, Leicester, LE3 4FS
Web address: https://www.equifax.co.uk/Contact-us/Contact_us_Personal_Solutions.html
Phone: 0333 321 4043 or 0800 0142955
see Credit Reference Agency Information Notice (CRAIN) defining the
that all three Credit Reference Agencies will apply across all products
in relation to processing consumer data; [CRAIN]
reserve the right to pass
information about you or your account to third parties for
purposes, fraud prevention, terrorism prevention, money laundering,
tracing, preventing, investigating or fighting crime or where we are
to do so by law. We may disclose it to HM Revenue & Customs and
We may also disclose your information in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users, or anyone else that could be harmed by such activities. We may disclose your information when we believe in good faith that the law requires it and for administrative and other purposes that we deem necessary to maintain, service, and improve our products and services offering.
Sale of Our Business: We may transfer our databases containing your personal information if we sell our business or part of it. In such circumstances, we will notify you of any change in ownership.
Website: We may also use information we collect about you to ensure that content from the site is presented in the most effective manner for you and for your computer.
Statistical Analysis: We and the credit reference agencies and fraud prevention agencies may also use your record and those of any director, shareholder, member, partner, employee or anyone financially associated with the application (e.g. a joint hirer or guarantor) for statistical analysis about credit.
Disclosure Of Your Information:
We may share your information with selected third parties including:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with [them or] you, including without limitation any data processor we engage.
- analytics and search engine providers that assist us in the improvement and optimisation of our site.
- credit reference and fraud prevention agencies for the purpose of performing our customer due diligence obligations and assessing your credit profile where this is a condition of us entering into a contract with you.
- any other parties connected with your application or account (e.g. joint hirer, guarantors, directors and partners).
- other third
(i) in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
(ii) if we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
(iii) if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the terms and conditions and other agreements; or to protect the rights, property, or safety of LSMF, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of credit risk reduction and fraud prevention;
(iv) for the purposes of our funding arrangements.
- required as part of our duty to protect your accounts or application (e.g. disclosure of your information to the Financial Ombudsman Service).
- where required by law to do so for reasons of fraud prevention, terrorism prevention, money laundering, debt tracing, preventing, investigating or fighting crime. This may involve disclosure of your information to Government bodies.
Where We Store Your Personal Data:
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at; email@example.com
Our site may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Your rights under Data Protection Law:
We operate under the Data Protection Act 2018 (‘DPA’) and the European General Data Protection Regulation (‘GDPR’).
The DPA and GDPR apply to ‘personal data’ we process and the data protection principles set out the main responsibilities we are responsible for.
We must ensure that personal data shall be:
a) processed lawfully, fairly and in a transparent manner;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and where necessary kept up to date;
kept for no longer than is necessary
purposes for which the personal
are processed. We operate a data retention policy that ensures we meet this obligation.
We only retain personal data for the purposes for which it was collected and for a reasonable period thereafter where there is a legitimate business need or legal obligation to do so. For detail of our current retention policy contact our privacy officer at firstname.lastname@example.org
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We ensure lawful processing of personal data by obtaining consent; or where there is a contractual obligation to do so in providing appropriate products and services; or where processing the data is necessary for the purposes of our legitimate interests in providing appropriate products and services.
In the majority of cases we process personal data based on your contract with us. In other cases, we process personal data only where there are legitimate grounds for so doing.
To meet our Data Protection obligations, we have established comprehensive and proportionate governance measures.
We ensure data protection compliance across the organisation through:
a) implementing appropriate technical and organisational measures including internal data protection policies, staff training, internal audits of processing activities, and reviews of internal HR policies.
b) maintaining relevant documentation on processing activities.
c) implementing measures that meet the principles of data protection by design and data protection by default including data minimisation, pseudonymisation, transparency, deploying the most up-to-date data security protocols and using data protection impact assessments across our organisation and in any third party arrangements.
Under the GDPR You have the following specific rights in respect of the personal data we process:
- The right to be
informed about how we use personal data.
This Privacy Statement explains who we are; the purposes for which we process personal data and our legitimate interests in so doing; the categories of data we process; third party disclosures; and details of any transfers of personal data outside the UK.
- The right of access to the personal data we hold. In most cases this will be free of charge and must be provided within one month of receipt.
- The right to rectification where data are inaccurate or incomplete. In such cases we shall make any amendments or additions within one month of your request.
- The right to erasure of personal data, but only in very specific circumstances, typically where the personal data are no longer necessary in relation to the purpose for which it was originally collected or processed; or, in certain cases where we have relied on consent to process the data, when that consent is withdrawn and there is no other legitimate reason for continuing to process that data; or when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
- The right to restrict processing, for example while we are reviewing the accuracy or completeness of data, or deciding on whether any request for erasure is valid. In such cases we shall continue to store the data, but not further process it until such time as we have resolved the issue.
- The right to data portability which, subject to a number of qualifying conditions, allows individuals to obtain and reuse their personal data for their own purposes across different services.
- The right to object in cases where processing is based on legitimate interests, where our requirement to process the data is overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling); or for processing for purposes of scientific / historical research and statistics, unless this is for necessary for the performance of a public interest task.
- Rights in relation to automated decision making and profiling.
Please contact our privacy officer at email@example.com for more information about the GDPR and your rights under Data Protection law.
If you have a complaint about data protection at London & Surrey Motor Finance Ltd contact our privacy officer at firstname.lastname@example.org
Alternatively contact our supervisory authority for data protection compliance (www.ico.org.uk):
Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Cookies are pieces of information that a website transfers to your computer’s hard disk for record-keeping purposes. Cookies can make the internet more useful by storing information about your preferences on a particular site, such as your personal preference pages.
If you would
may not be able to take full advantage of a website if you do so.
Last updated: 24/05/2018