We are Volkswagen Financial Services (UK) Ltd trading as MAN Financial Services (company number 02835230 and registered as a branch in Ireland (Branch Number: 908546)) and we are the data controller in respect of your personal information. This policy explains when and why we and companies in our group (which includes our subsidiaries, ultimate holding company and its subsidiaries from time to time) collect personal information, how this information is used, the conditions under which it may be disclosed to others, and how it is kept secure.
If you have any queries about our handling of your personal information, you can contact us by writing to our Data Protection Officer at Volkswagen Financial Services (UK) Limited t/a MAN Financial Services, Clearwater House, Clearwater Business Park, Frankland Road, Blagrove, Swindon, SN5 8YZ or by email to DPO@vwfs.co.uk or you can call us on +44 (0)370 900 6040. Please ensure you state that you are a customer of MAN Financial Services so that we can deal with your query promptly.
Where this policy refers to “we”, “our” or “us”, unless it mentions otherwise, it’s referring to Volkswagen Financial Services (UK) Ltd trading as MAN Financial Services. Where this policy refers to “you” it’s referring to the person or company applying for finance.
Personal data we collect and how we collect it
The personal information we collect and the way in which we collect it are as follows:
Personal information you give to us: This is information about you that you give to us. This consists of the following categories of information:
- residential address and address history
- marital status
- contact details such as email address and telephone numbers
- financial information
- identification documentation (passports, driving licences, utility bills, bank statements)
This includes personal and financial information relating to directors, employees, officers, shareholders, or other relevant parties whose details are provided to us as part of an application for finance or during the term of the agreement we have with you.
Personal information we may receive from other sources: We obtain certain personal information from credit reference and fraud prevention agencies. Please see ‘Use by credit reference agencies’ and ‘Use by fraud prevention agencies’ below for further information.
If you fail to provide us with any mandatory information that we request from you, we will not be able to proceed with the credit reference and fraud prevention checks described below and, subsequently, we will not be able to consider your application nor propose an offer to you.
How we use your information
The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are as follows:
- Performance of the contract with you or to take steps to enter into it if you are a guarantor and entering a guarantee agreement with us, or if your business is a partnership or sole trader. We may use personal information relating to you which we acquire in connection with any application for finance, or any agreement that you enter into with us, to manage, administer and take decisions regarding your agreement(s) with us. This includes verifying your identity, assessing your application, underwriting and claims handling (where you apply for insurance), and, if we enter into an agreement with you, administering the agreement including tracing your whereabouts to contact you and recover debt if you have provided your personal guarantee to us in respect of our lending to your business, or if your business is a partnership or sole trader, and to provide you with the service under that agreement (i.e. managing your account, communicating with you, providing updates on the status of your account, dealing with any complaints and notifying you of any changes to this statement).
- Legitimate interests or that of a third party. This includes
- to assess and process your application to provide you with products and services, and to assess lending and insurance risks;
- to administer the agreement between us and your company (if applicable) and to provide the service under that agreement;
- if you are a director of our corporate customer then we may send your identity and contact data to our funders so that they may complete a credit and fraud check as applicable;
- to administer and manage your relationship between us including for customer service purposes and to administer the agreement;
- for marketing activities (other than where we rely on your consent to contact you with information about our products and services or share your details with third parties to do the same, as explained below), including tailoring marketing communications to you or your business;
- where you are acting in a business capacity, to contact you at your business address, email address and/or telephone number with information about our products and services, and to provide your information to C&C Insurance Brokers Ltd for them to contact you about their products and services (this does not apply to those acting in their capacity as personal guarantor, a sole trader or partnership);
- to protect the rights, property or safety of our business including enforcing our agreements, carrying out financial (including credit) and insurance risk assessments and for risk reporting and risk / arrears management and to uniformly evaluate risk within our corporate group (e.g. for the purpose of credit ratings);
- making decisions about you on credit, insurance and other facilities;
- preventing fraud and money laundering, and to verify your identity, in order to protect our business and to comply with laws that apply to us;
- to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
- carrying out statistical analysis to help with decisions about credit and account management and about credit and insurance fraud;
- monitoring communications between us to prevent and detect crime, to protect the security of our communications, systems and procedures, and for quality control and training purposes;
- to develop, test, monitor and review the performance of products, services, internal systems and security arrangements; and
- for assessing the quality of the our service and to provide staff training within the business.
- Compliance with a legal obligation. This includes when you exercise your legal rights under data protection law, to verify your identity, for the establishment and defence of our legal rights, for activities relating to the prevention, detection and investigation of crime, to conduct credit, fraud prevention and anti-money laundering checks and for compliance with our legal and regulatory responsibilities. This is in order for us and other entities in our corporate group to confirm ownership identity, identify any “politically exposed persons” with whom you (or any of its directors or shareholders) are associated, prevent and detect crime, including fraud, money laundering, terrorist financing, and ensure sanctions compliance. It may also include processing special categories of data about you, for example for our compliance with our legal obligations relating to vulnerable people.
- Consent. This includes:
- contacting you via post, email and/or telephone with marketing information about our products and services or those of other corporate entities within our corporate group if you make an application for finance and indicate that you would like to receive such marketing from us and/or our group companies; and
- sharing your information with our recommended third party partners (who will be notified to you at the time of obtaining your consent) for them to contact you with marketing information about their products and services.
You have the right to withdraw your consent for us to use your information in any of these ways at any time. Please see ‘Withdrawing your consent’ for further details.
Use by credit reference agencies
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (CRAs). To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
Searches will also be made in respect of directors, employees, officers, shareholders, partners or other relevant parties of a company applying for credit. Information held about you by the credit reference agencies may already be linked to records relating to other people with whom you have or have had financial association. In connection with your application you may be treated as financially linked with them and assessed with reference to any such associated records.
We will use this information to:
- assess your creditworthiness and whether you can afford to take the product you have applied for;
- verify the accuracy of the data you have provided to us;
- prevent criminal activity, fraud and money laundering;
- manage your account(s);
- trace and recover debts; and
- ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before making an application to us. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at www.equifax.co.uk/crain (please note that the Credit Reference Agency Information Notice is the same for each of the CRAs).
Use by fraud prevention agencies
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process your information. If we or a fraud prevention agency, as a result of our processing of your personal data, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details provided above.
Use by third parties
We work closely with various third parties to bring you a range of products and services that are complementary to those that we provide. In particular, we may offer finance or insurance products in relation to our own products and services.
When you enquire about or purchase one or more of these products or services through us, the relevant third party may use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with them.
We disclose your information to the following third parties:
To other corporate entities within our corporate group (including Volkswagen AG, Volkswagen Financial Services AG and their subsidiaries). We are part of Volkswagen Financial Services AG. We may pass on your details to any company within our group in the ways set out in the ‘How do we use your personal information’ section, in connection with services that complement our services or for internal processes.
- C&C Insurance Brokers Ltd if you are acting in a business capacity (please see ‘How we use your information’ above) or, if not, including where you are a guarantor, sole trader or partnership, where you have consented to us passing your information to them (using the tick boxes in the ‘Use of your information for marketing purposes’ section).
- Credit reference, fraud prevention agencies, anti-money laundering agencies and/or counter-financial crime organisations (as detailed above).
- Third parties acting on our behalf with respect to vehicle maintenance and other services relating to the servicing, operation and maintenance of vehicles.
- HMRC, government authorities, regulatory or law enforcement agencies if we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, to enforce or apply the terms of our contracts, to protect the rights, property or safety of our visitors and clients, in order to comply with any applicable law or order of a court, or in connection with legal proceedings.
- Third party debt collecting and repossession agencies engaged by us to recover monies owed to us or vehicles owned by us.
- Any third party to whom we sell your debt. If we do this, you will be notified and that third party will become the data controller of your information.
- Your dealer or broker to assist us with administering your application and your agreement with us. Their privacy notice will apply to any processing of information they carry out about you.
- Financing companies, security agents and data trustees as well as rating agencies for corporate finance purposes.
- Third party service providers, agents and sub-contractors acting on our behalf. This may also include providers of data storage and database hosting services, IT hosting, IT maintenance services, professional advisors, marketing agencies and third parties that provide income verification services, affordability checks and communication fulfilment services.
- Courts in the United Kingdom or abroad as necessary to comply with a legal requirement, for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.
- Any third party who is restructuring, selling or acquiring some or all of our business or assets or otherwise in the event of a merger, re-organisation or similar event.
When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
As part of our processing of your personal information, we may take decisions by automated means.
In regard to fraud prevention checks, this means that we may automatically decide that you pose a fraud or money laundering risk if:
- our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers, or is inconsistent with your previous submissions; or
- you appear to have deliberately hidden your true identity.
Where we store your information and transfers to third countries
We store your information on servers located within the European Economic Area (EEA). If at any time we transfer your personal information to, or store it in, countries located outside of the EEA (for example, if our hosting services provider changes) we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law.
The third parties listed under ‘Use by third parties’ may be located outside of the EEA or they may transfer your information outside of the EEA. Those countries may not have the same standards of data protection and privacy laws as in the UK. Whenever we transfer your information outside of the EEA, we impose contractual obligations on the recipients of that information to protect your personal data to the standard required in the UK. Any third parties transferring your information outside of the EEA must also have in place appropriate safeguards as required under data protection law.
Retention of your information
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.
If your application for finance is declined or if your application is accepted but you do not proceed, we keep your information for 1 year or as long as necessary to deal with any queries you may have.
If your application is accepted and you proceed, we hold your information for 6 years from the date at which your agreement is closed, where settled by you or upon default or as long as necessary thereafter to deal with any queries you may have.
Credit reference agencies will retain the account information that we give to them for 6 years after your account is closed (please see ‘Use by credit reference agencies’ for more information about the information that we give to them).
Fraud prevention agencies can hold your information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your information can be held for up to 6 years.
We may hold your information for a longer or shorter period from that described above where:
- the law requires us to hold your personal information for a longer period, or delete it sooner;
- we need your personal information to establish, bring or defend legal claims;
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law; and
- in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month after we have received this information or, where this is not required, after we have received your request.
- To be informed about the processing of your information. This is what this privacy notice sets out to do.
- Accessing your personal information. You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address above. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
- Correcting and updating your personal information. The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us on the details provided above.
- Withdrawing your consent. Where we rely on your consent as the legal basis for processing your personal information, as set out under ‘Use of your information’, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so by clicking the unsubscribe link in the email. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
- Objecting to our use of your personal information. Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purposes, as set out under Use of your information, you may object to us using your personal information for these purposes by emailing or writing to us at the address above. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data. You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please email us at MFSContact@vwfs.co.uk.
- Erasing your personal information or restricting its processing. In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address above. Provided we do not have any continuing lawful reason to continue processing or holding your personal information, we will make reasonable efforts to comply with your request. You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. We may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
- Transferring your personal information in a structured data file. Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with a contract with have with you, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file. You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
If you have concerns about the way we have handled your personal information, we encourage you to contact us and we will seek to resolve any issues or concerns you may have. If you want to exercise any of these rights, please contact us using the details provided above.
Complaining to the data protection supervisory authority. You have the right to complain to your supervisory authority.
In the UK: Contact the Information Commissioner’s Office (ICO) if you are concerned or wish to complain about the way that we have processed your personal information. The contact details for the Information Commissioner’s Office, the data protection regulator in the UK, are below:
Information Commissioner's Office
Call: 0303 123 1113
In Ireland: Contact the Data Protection Commission’s Office (DPC) if you are concerned about the way that we have processed your personal information. You can contact the Irish Data Protection Commission at firstname.lastname@example.org or LoCall 1890 25 22 31.
You also have the right to raise a concern about our use of your data with your local supervisory authority in another EEA country in which you reside – which may be different to the supervisory authorities detailed above.
Changes to this policy
We may review this policy from time to time and any changes will be notified to you in writing. Any changes will take effect 7 days after the date of our notification. If you do not agree with any aspect of the updated policy you must immediately notify us and cease using our services.