Privacy Policy
This policy was last updated on 26/09/2023.
Where this policy refers to “we”, “our” or “us” below, unless it mentions otherwise, it’s referring to CA Auto Finance.
For some activities, we are joint data controllers – this means we share control of your personal information with others as follows:
– When you provide your personal information to your dealer before they propose your finance application to us, your dealer is the data controller. They may also process your data on their own IT/paper systems. We are not responsible for this. We are responsible for any of your personal information we receive from the dealer.
– Both we and your dealer are joint controllers of your personal data up to the point you take delivery of your vehicle.
We may collect and process the following personal information about you:
– Personal information you give to us: this is information about you that you give to us by entering information on our websites, social media pages, corresponding with us by phone, email or otherwise and is provided entirely voluntarily. It also includes information provided to your dealer when purchasing a vehicle or financial product (including making enquiries about purchasing a vehicle or financial product). We record all of our telephone calls for the performance of our contract with you. The information you give to us includes your name, contact details (such as phone number, email address and address), banking details, and enquiry details and may include your opinions about our products.
– Personal information we collect about you: we may automatically collect the following personal information: our web servers store as standard details of your browser and operating system, the website from which you visit our website, the pages that you visit on our website, the date of your visit, and, for security reasons, e.g. to identify attacks on our website, the Internet protocol (IP) address assigned to you by your internet service. We collect some of this information using cookies – please see Cookies for further information. We may also collect any personal information which you allow to be shared that is part of your public profile on a third party social network.
– Personal information we may receive from other sources: we obtain certain personal information about you from sources outside our business which may include our dealers or other third party companies. The personal information received is as described above.
– Special categories of personal data: this is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. We do not routinely process such data about you but during the performance of our contract with you, we may receive such data about you and process it.
HOW WE USE YOUR PERSONAL INFORMATION
We may use and process your personal information where it is necessary for the performance of a contract with you or in order to take steps, at your request, before entering into a contract with you, including for the following purposes:
– When you enquire about our financial products and services
– When you are a customer of one of our financial products or services
– When we make reasonable enquiries to assess your credit application and to confirm your identity
– We may from time to time share your personal data with some of our suppliers
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
– for analysis, and profiling to inform our marketing strategy, and to enhance and personalise your customer experience
– for market research in order to continually improve the products and services that we, our dealers, brokers and manufacturer partners deliver to you
– to administer our websites and for internal operations, testing, statistical purposes and pricing
– for marketing activities (other than where we rely on your consent) e.g. to tailor marketing communications or send targeted marketing messages via social media and other third party platforms
– for the prevention of fraud, crime and money laundering
– to undertake credit checks for finance
– to correspond and communicate with you
– to create a better understanding of you as a customer or visitor
– for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access
– to comply with a request from you in connection with the exercise of your rights, for example, where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request
– for the purposes of a corporate restructure or re-organisation or sale of our business or assets
– for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we or our group companies hold about you
– to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings
– for general administration including managing your queries, complaints, or claims.
– It may be necessary from time to time share your personal data with our regulators including, the Financial Conduct Authority and the Information Commissioner’s Office.
We may use and process your personal information where you have consented for us to do so for the following purposes:
– to enable us to carry out a credit reference search
– to enable us to process special categories of personal data
– for direct marketing purposes where you have chosen not to opt-out of receiving marketing communications.
We will use your personal information to comply with our legal obligations including:
– to assist HMRC, the Police, the Driver and Vehicle Licensing Agency (DVLA), any other public authority or criminal investigation body
– to identify you when you contact us, and
– to verify the accuracy of data that we hold about you.
We may use your personal information to contact you if there are any urgent safety or product recall notices to communicate to you or where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you. It is in your vital interests for us to use your personal information in this way.
OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION
We may share your information with other companies within CA Auto Finance.This would usually be for reporting or statistical purposes or as part of an investigation of a complaint.
We may disclose your information to our suppliers and third party service providers for the purposes of providing services to us or directly to you on our behalf. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their services and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
We work with a number of dealers, brokers and manufacturers around the UK. We may share and they may use your personal information in connection with the financial products and services you take out with us.
We work closely with various third parties to bring you a range of products and services which are complimentary to ours. Examples of these include: our GAP insurance provider, breakdown assistance, etc. When you enquire about or purchase one or more of these products or services through us or our dealers or directly with us, the relevant third party may use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them. These third party product providers may share your information with us which we will use in accordance with this policy. In some cases, they will be acting as a controller of your information and therefore we advise you to read their privacy policy.
We may transfer your personal information to a third party as part of a sale (or a preparation for sale) of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation.
We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation (e.g. by sharing your personal information with the DVLA or our regulators), to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers. However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
During the underwriting process, we will share your personal data with Experian and Equifax. If you electronically sign your finance agreement, we will share your personal data with TransUnion.
The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
Examples of personal information that will be processed,include name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
Automated Decisions
As part of the processing of your personal data, decisions may be made by automated means. This means our processing may reveal that your behaviour is consistent with money laundering or known fraudulent conduct, is inconsistent with your previous submission; or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making, if you want to know more please contact us.
Consequences of Processing
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us.
Data Transfers
Whenever fraud prevention agencies transfer your personal data outside of the United Kingdom, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the United Kingdom. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Your Rights
Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected and/or request access to your personal data.
For more information or to exercise your data protection rights, please contact us.
You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data.
For information regarding the fraud prevention agencies used by CA Auto Finance, you may email or write to us (contact details here) or by visiting www.nhunter.co.uk.
All information you provide to us may be transferred to countries outside the UK. We are working with some third party service providers who are located in a country outside of the UK (for example some of our IT providers have service centres in Australia, Canada and India). These countries may not have similar data protection laws to the UK. In such cases, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on these providers, including the appropriate model contractual clauses that aim to ensure adequate protection. Please contact us using the details at the end of this policy if you would like more information about the protections that we put in place. If you use our services whilst you are outside the UK, your information may be transferred outside the UK in order to provide you with those services.
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We have documented this in our Data Retention Policy. We do not retain personal information in an identifiable format for longer than is necessary. We may need your personal information to establish, bring or defend legal claims, in which case we will usually retain your personal information for 6 years after the last occasion on which we have used your personal information in one of the ways specified in How we use your personal information. The only exceptions to this are where:
– the law requires us to hold your personal information for a longer period, or to delete it sooner
– you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted in this policy, or because we are required under the law and
– in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
YOUR RIGHTS
You have a number of rights in relation to your personal information under data protection laws. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. We aim to respond to you within 30 days after we have received this information or, where no such information is required, after we have received your request.
We intend to deliver the data you request, however it may not always be possible. If your request is excessive, unfounded or would require a disproportionate effort to meet, a reasonable fee may be charged. Unfortunately in some cases we may not be able to provide you with all of the data you request. In such circumstances, we will provide an explanation as to why we were unable to do so.
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us (contact details here). We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
The accuracy of your information is important to us. If you change any of your personal details or if you want to correct any inaccuracy in your personal data, please contact us and we will be happy to assist. Alternatively, you can log on to the Customer Area on our website here.
Where we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details provided here.
If you would like to withdraw your consent to receiving any direct marketing, please refer to ‘Marketing’.
Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), as set under how we use your personal information, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy.
Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Alternatively, we will provide you with an explanation as to why we are required to continue to process your data.
When we underwrite our customers, as part of our investigations and assessments into the suitability of our finance products for them, we may automatically accept or decline your application based on a set of predefined criteria.
We also use automated data processing to assist in compliance with our legal obligations in connection with prevention of money laundering, fraud and terrorist financing, for example, to screen for suspicious transactions.
You may contest a decision made about you based on automated processing and request a natural person to make this decision, by contacting your dealership. If your finance application is automatically declined, you will be provided with details on how to object.
In certain circumstances, you may ask for your personal information to be removed from our systems by contacting us using the details we have provided on our contact us page. We will make reasonable efforts to comply with your request unless there is a legal requirement to process your personal information for a longer period. You may also ask us to restrict processing your personal information in the following situations:
– where you believe it is unlawful for us to do so; or
– where you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your personal information if we have your consent or are legally permitted to do so; for example, for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under how we use your personal information, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly-used and machine-readable form, such as a Comma Separated Value (CVS) file.
If possible, we may also be able to send your personal information directly to another service provider. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
You have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.
SECURITY
We use technical and organisational security measures to protect the personal information supplied by you and managed by us against manipulation, loss, destruction, and access by third parties. Our security measures are continually improved in line with technological developments. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information whilst in transit to our website and any transmission is at your own risk. Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
‘Cookies’ are text files with small pieces of data sent to your device and stored on its hard drive to allow our websites to recognise you when you visit. Information on the cookies that we use and their features can be found under the “Cookies Policy” section of our website.
Our website may contain links to other websites run by other organisations which we do not control. This policy does not apply to those other websites and applications and so we encourage you to read their privacy notices. We are not responsible for the privacy policies and practices of other websites and applications (even if you access them using links that we provide). We provide links to those websites solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements or representations regarding their accuracy or content. Your disclosure of personal information to third party websites is at your own risk. In addition, if you have reached our website from a third party link, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the applicable policies.
From time-to-time, we or our marketing agents and/or suppliers such as dealers, may use social plugins (buttons) of social networks such as Facebook, LinkedIn, Google and Twitter. Please see ‘Cookies’ for further details. If you are a member of a social network and do not wish to combine data retrieved from your visit to our websites with your membership data, you must log out from the social network concerned before activating the buttons. We have no influence on the scope of data that is collected by the social networks through their buttons. The data use policies of the social networks provide information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy.
Unless you object, we or our marketing agents and/or suppliers may use your personal information to contact you with targeted advertising delivered online through social media and platforms (operated by other companies). We may also use your personal information to tailor our advertising to improve its relevance to you.
MARKETING
For marketing purposes, CA Auto Finance UK Ltd is the data controller and we rely on our legitimate interests to market similar products and services to you.
When you sign your finance agreement, you are giving us your permission for the duration of your agreement to communicate with you about products and services we may think are of interest to you. You may opt-out of receiving marketing communications before you sign the agreement or at any time afterwards.
We may contact you by telephone, email, SMS and/or post. We may also analyse our customer databases to enable us to carry out targeted marketing (known as ‘profiling’).
Communications via SMS, telephone and email are known as ‘electronic marketing’ and we require your permission to communicate with you in these ways. Before you sign your agreement, you will be given an opportunity to opt-out. If you do not opt-out, we will continue to contact you for the duration of your agreement. Of course, you may still opt-out at any time.
From time to time we carry out marketing activities which are targeted towards a selected group of customers. In order to select those customers, we may use what is known as ‘profiling’, for example selecting our customers by age, gender or location.
As well as being able to opt-out of marketing communications when you signed your agreement, you may also opt-out of at any time in the following ways:
Customer Area: if you are registered to use our customer self-service portal, you may use it to update your marketing preferences at any time
Email: please send an email to unsubscribe@ca-autobank.com and include your name and the registration number of your vehicle
Telephone: please call us at 0344 5614738
Post: please write to us at this address – PO Box 4465, Slough, SL1 0RW
If you request a quote for one of our products or services on our website, we may collect your preferences to send you marketing information by email / post / telephone / SMS.
We have appointed many of our dealers and brokers as our processors to carry out marketing activities on our behalf. These may include analysing marketing data on our behalf in order to determine the best offer for you. If you have not opted out of marketing communications, they may contact you on our behalf.
We may review this policy from time to time and any changes will be published on our website. We may also contact you by email. Any changes will take effect 7 days after the date of our email or the on the date on which we post the modified terms on our website, whichever is the earlier. We recommend that you regularly check for changes and review this policy when you visit our website.
If you have any queries about any aspect of our policies, please do not hesitate to contact us.
If you want to contact us about anything in this policy or for any further query, please contact our Data Protection Officer (DPO) at:
Email: dataprotectionoffice@ca-autobank.com
Telephone: 0344 5614738; one of our customer service team will answer and will redirect the call to the DPO
Post: PO Box 4465, Slough, SL1 0RW, indicating “for the attention of the Data Protection Officer”