DATA PROTECTION: FAIR PROCESSING NOTICE
IN-SYNC Credit Services Ltd takes the protection and privacy of personal data seriously. This Fair Processing Notice explains how we use, protect and store personal data before, during and after being a customer of IN-SYNC Credit Services.
Our contact details
4 The Millennium Centre,
Surrey, GU9 7XX
Telephone number: 01252 70 22 70
Our Data Protection Officer is Kristy Gouldsmith and she can be emailed at [email protected].
What personal data do we collect about you, how do we use that personal data, and what is our legal basis?
We need a legal basis in order to process your personal data. Any data we process is because we either have a contract with you (or you wish to obtain a contract with us), we have a legal obligation to do so, or because it is a legitimate activity. On occasion, we will seek your consent to process your personal data, but you are free to refuse.
When you are a client or wish to become a client of IN-SYNC Credit Services, we collect and process your personal data:
- in order to fulfil our contract for services with you;
- to assess your application for a financial services agreement;
- to fulfil our legal obligations to prevent money laundering, fraud and terrorist financing;
- where the activity is a legitimate one for a business; and
- with your consent for marketing.
We process your personal data because we have a contract with you, you would like to enter into a contract with us or it is a legitimate business activity.
We collect your name, address, date of birth, NI number, home phone, mobile, email address, your financial data and your employment details in order to provide you with the agreed service and to contact you. Our legal basis to do so is because we have a contract with you or you would like to enter into a contract with us.
Once you become a client of IN-SYNC Credit Services, we will assign you a client unique identifier number as this is a legitimate activity in order to avoid any system errors or mistakes in making payments.
We process your pay data to work out how much credit we can provide to you and also whether you can afford to repay the credit.
We will send you consumer credit and cash advance updates and useful information as part of our contractual service with you.
If you have a conditional sales agreement for vehicle finance and you have a tracker device installed in the vehicle, the following applies to you:
As the legal owner of the vehicle, we will have a tracker device installed in the vehicle. The tracker will be installed at the dealership before you take possession of the vehicle. This is a contractual obligation and you cannot have the loan unless you agree to having the tracker device installed in the vehicle.
The tracker will remain active for the duration of your loan agreement. The purpose of the tracker is to locate the vehicle if it is stolen, if you fall into arrears on your payments and or if you default on the loan agreement.
While we have the ability to track the vehicle 24/7, we will only access the location data of the vehicle if it is stolen, if we need to locate the vehicle due to payments being in arrears or if we need to repossess the vehicle because you have defaulted on the loan agreement. We will not track the vehicle for any other reason.
The tracker will alert us if you cross a virtual geofence at any customs port in England, Scotland, Wales or Northern Ireland.
At the end of the agreement, the tracking facility will cease. The physical tracker device will remain in the vehicle and you can have it removed if you wish or you can enter into an agreement with Movolytics and continue to use the tracker.
As we are part of a group of companies (IN-SYNC Group), we will share your data with our other companies for administrative and reporting purposes only. This is legitimate activity for us.
If you make a subject access request, a deletion request or object to our processing, we will keep a record of this request on a Smartsheet spreadsheet. It is a legitimate interest of ours to keep a record of all actions pertaining to such requests. We will keep these records using your name, your NI and a record of what personal data was requested or deleted using generic wording eg. contact details but not your actual phone number or address.
We process your personal data because we have a legal obligation to do so.
In order to comply with our legal obligations to prevent money laundering, fraud and terrorist financing, we will process some of the following data:
- passport (name, DOB, facial biometrics, passport number, nationality, gender, place of birth, signature);
- Biometric Residents Permit (name, date and place of birth/ biometrics - fingerprints and a photo of face/ immigration status / access to public funds);
- valid photo card driving license (name, DOB, signature);
- recent evidence of entitlement to a state- or local authority-funded benefit, including housing benefit, council tax benefit, tax credits, state pension, educational or other grant (name, address, DOB, NI number);
- current council tax letter or statement (name, address);
- HMRC-issued tax notification (name, address, DOB, NI number);
- end of year tax deduction certificates (name, address, DOB, NI);
- current bank statements or credit/debit card statements (name, address);
- current utility bill (name, address);
- date of birth (for age verification and general identity).
In order to process your application for credit or a loan, we will perform credit, identity and affordability checks on you with one or more credit reference agencies (“CRAs”). These checks are regulatory requirements.
Where you take banking services from us we may also make periodic searches at CRAs to manage your account with us.
To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
In-Sync Credit Services uses Callcredit as our CRA. Callcredit’s role is also as a fraud prevention agency, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with Callcredit are explained in more detail at www.callcredit.co.uk/crain.
Automated Decision Making
The credit application process is automated and will result in you either being accepted, declined or referred to us where more information is required. The automated process will do a credit check, an affordability check and an identification check.
If you are successful, you will able to sign your loan documents.
If you are declined and want to speak to us about the decision, please contact using the details at the start of this notice.
If you are referred for more information, we will contact you via email.
We process your personal data with your consent and where it is a legitimate business activity.
We will send you information pertaining to IN-SYNC Credit Services because you are a client of ours as this is a legitimate business activity. We will also send you this information for one year after you have left IN-SYNC Credit Services as you may wish to come back to us and this is a legitimate activity.
We will send you marketing information and newsletters from other companies in the IN-SYNC Group only when you consent for us to do so.
We will ask for feedback on our products or services in order to monitor and improve our service delivery, and this is a legitimate activity for us. You can complete these questionnaires if you wish to, however you are not obliged to do so. These questionnaires are not anonymous.
You have the right to unsubscribe to marketing at any time. If you do choose to unsubscribe, we will keep your name and email address on a suppression list so that we don’t email you again by accident and this is a legitimate activity for us.
If you are on our suppression list, you will still receive communications that are necessary to the performance of your chosen services, or notifications to avoid you missing deadlines and/or incurring penalties.
How long do we hold your personal data?
We will hold your personal data that was collected for anti-money laundering purposes for five years from when you ceased a relationship with IN-SYNC Credit Services Ltd, after which it will be destroyed. This is in accordance with Anti-Money Laundering Regulations.
We will hold the personal data that was collected for the purposes of providing you with financial services while you are a customer and for seven years, after which it will be destroyed. This is in accordance with HMRC requirements.
If your credit application was declined, we will hold your data for two years, after which it will be destroyed. We hold it for two years in case it is required for by law enforcement agencies or for legal reasons.
We will hold your name, email and phone number to send you marketing information as long as you would like us to do so. If you withdraw your consent, we will hold this data for five years in a suppression list so that we don’t market to you against your wishes.
We will hold your name, NI and information pertaining to your subject access request, deletion request or objection for a period of seven years in case of any ICO investigations or legal claims.
If you have a tracker device in your vehicle, we will have access to your data for the duration of your loan agreement. Once your agreement is over, the tracking will cease and we will no longer have access to any data.
Who do we share your personal data with?
Depending on your chosen services or our requirements, we may share your personal data with the following recipients:
- HMRC for the purpose of providing our cash advances product;
- National Crime Agency, Action Fraud and any other competent and authorised body for the prevention, detection and investigation of money laundering, fraud or terrorist financing;
- our software, technology applications, database providers (Anchor Computer Systems Ltd), Campaign Monitor Pty Ltd, Docusign UK Ltd, Microsoft, SmartSheet Inc, TextAnywhere Ltd, Fast SMS, PCA Predict) necessary for recording, securing and updating your personal details and administering services internally as well as external communications;
- Feefo Holdings Limited for the purposes of consumer feedback;
- Northgate Plc (Trading as Van Monster) for the purpose of vehicle financing;
- Anglia UK for the purpose of vehicle repossession;
- CAP HPI Ltd for the purpose of vehicle financing;
- Callcredit Information Group Ltd for the purpose of credit reports, affordability checks and identification checks
- Barclays Bank Plc for the purpose of making payments;
- Capita Pay360 for the purpose of administering payments;
- companies that verify publicly available documents and information (e.g. Credit Reference Agencies, Home Office);
- ARC (Europe) Ltd for the purposes of collecting aged debtors;
- Ellison Ray Ltd for the purposes of consumer credit consultancy;
- Compliancy Services Ltd for the 3rd party auditing of FCA and general compliance;
- High Court Enforcement Officers Association for the purposes of enforcing High Court writs to seize and sell assets to settle unpaid judgements;
- Information Commissioners Office in the event of a request for information or breach;
- IN-SYNC Group Companies (only with your consent) for marketing relevant services;
- Legal advisors and consultants;
- Insurance companies.
Do we transfer your personal data outside of the EU or EEA?
Your data is kept in the EU or EEA except for data that is processed by SmartSheet Inc, a technology application used by us to create administrative spreadsheets.
SmartSheet Inc is located in the USA, which is non-adequate country for data transfer as determined by the European Commission. Your data is protected by SmartSheet Inc as they participate in and have certified their compliance with the EU-U.S. and US-Swiss Privacy Shield Frameworks and Principles (collectively, the “Privacy Shield Principles”). Smartsheet will comply with the Privacy Shield Principles with respect to the personal data that it receives in the United States from the European Economic Area and Switzerland. You can review the Privacy Shield Principles, learn more about Privacy Shield, and view SmartSheet Inc’s Privacy Shield certification at https://www.privacyshield.gov/. Smartsheet’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
You have a number of rights in respect of our processing of your personal data which are:
- To access to your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
- To rectify incorrect personal data that we are processing.
- To request that we erase your personal data if:
- we no longer need it;
- if we are processing your personal data by consent and you withdraw that consent;
- if we no longer have a legitimate ground to process your personal data; or
- we are processing your personal data unlawfully.
- To object to our processing if it is by legitimate interest;
- To restrict our processing if it was by legitimate interest;
- To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.
If you want to exercise any of these rights, please contact us on 01252 70 40 30 or email our Data Protection Officer on [email protected]
You also have the right to lodge a complaint about our processing with the UK's Information Commissioner's Office.