MAN Financial Services is a trading name of Volkswagen Financial Services (UK) Ltd (“VWFS”, “we”, “us”, “our”) with company registration number 02835230.
For data protection purposes, in respect of the personal information that you share with us, or that we collect (for example, via “our website”), the data controller is VWFS. This policy explains when and why we collect personal information, how this information is used, the conditions under which it may be disclosed to others, and how it is kept secure.
Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it. By visiting this website, you are accepting and consenting to the practices described in this policy.
We will always give you the option to opt out of receiving marketing communications from us. We will never send you unsolicited ‘junk’ email or communications, or share your data with anyone else who might. We do not sell your information to third parties, but we do work closely with our Group companies, companies that provide services to us and our franchised retailers (known collectively as our selected third parties) who help us to provide you with the information, products and services that you request from us.
Our site may, from time to time, contain links to and from the websites of these selected third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
The contents of this policy may change from time to time so you may wish to check this page occasionally to ensure you are still happy to share your information with us. Where possible, we may also contact you directly to notify you of these changes.
Personal data we collect and how we collect it
Personal information you give to us: This is information about you that you give to us. This consists of the following categories of information:
- Residential address and address history
- Contact details such as email address and telephone numbers
- Financial information
- Identification documentation (passports, driving licenses, utility bills, bank statements)
This includes personal and financial information relating to directors, employees, officers, shareholders, or other relevant parties whose details are provided to us as part of an application for finance or during the term of the agreement we have with you.
Personal information we may receive from other sources: We obtain certain personal information from credit reference and fraud prevention agencies. Please see ‘Use by credit reference agencies’ and ‘Use by fraud prevention agencies’ below for further information.
If you fail to provide us with any mandatory information that we request from you, we will not be able to proceed with the credit reference and fraud prevention checks described below and, subsequently, we will not be able to consider your application nor propose an offer to you.
How we collect personal data
We may collect information about you (and/or your vehicle) from the following sources:
- You, including if you contact us (including any email address, Internet Protocol (IP) address or telephone number supplied by your electronic service provider) or if you use our products or services, or engage with our website or other online applications;
- Third parties, such as credit reference agencies (we will supply your personal information to credit reference agencies (“CRAs”) and they will give us information about you, such as your financial history); and/or
- Other companies who provide services to us, such as insurance companies.
We may also collect information about you (and/or your vehicle) when you use:
- Our websites and applications: This online information includes some or all of the following:
- information you provide when you register to use the sites, browse content on the sites or use other functionality;
- details of your visits to the sites including, but not limited to traffic data, location data and other communication data, and the resources that you access; and/or
- Our customer services center: In particular, we may record telephone calls for training, monitoring, service delivery and internal compliance purposes. Similarly, all email, other electronic correspondence and any postal mail between us will also be stored for the same purposes.
How we use your information
The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are as follows:
- Legitimate interests or that of a third party. This is:
- to respond to enquiries received from the contact forms on our website, or by any other means, to ensure that we are providing you with information that you have requested and for good customer service;
- where you apply for a job vacancy advertised on our website, to assess your CV and application to determine whether your experience is suitable to take you to the next stage of the recruitment process;
- to ensure the physical, IT and network security of our systems for our legitimate interest of operating our website securely;
- to improve the services we offer you on our website for our legitimate interest of ensuring that we are offering relevant services based on the needs of our customers;
- to comply with a request from you in connection with the exercise of your rights;
- for the establishment and defence of our legal rights for our legitimate interest of ensuring that our business interests are protected; and
- for the management of queries, complaints or claims for our legitimate interest of ensuring that we are providing you with the necessary support and to improve our services.
- Compliance with a legal obligation. This includes when you exercise your legal rights under data protection law, to verify your identity, for the establishment and defence of our legal rights, for activities relating to the prevention, detection and investigation of crime and for compliance with our legal and regulatory responsibilities.
- Performance of a Contract. We may use and process your personal information where this is necessary to perform and manage a contract with you, for example, if you are a finance customer, to enable us to manage your account, including responding to your enquiries and complaints and to recover debts.
Please note, you can withdraw your consent at any time by contacting us on the details stated in the section below titled 'How can you manage the information we hold about you' or, in relation to any marketing messages you receive, by using the unsubscribe option included in those messages.
Sharing your personal data
From time to time, we may disclose your information to companies or organisations for the reason set out below:
- Where the law says we may or must do so;
- Where we have ongoing reporting obligations to credit reference agencies;
- To comply with our ongoing obligations to prevent fraud and money laundering by allowing law enforcement and fraud prevention agencies to access and use your personal information to detect, investigate and prevent crime;
- To companies that provide services to us so we can perform activities relating to your contract and/or to enforce any contract we have with you and/or to protect our rights and/or property;
- Third party service providers, agents and sub-contractors acting on our behalf. This may also include providers of data storage and database hosting services, it hosting, it maintenance services, professional advisors, marketing agencies and third parties that provide communication fulfilment services;
- To our advisors, and investors and their advisors for corporate finance purposes, for example, in the event that we sell or buy any business or assets, or if VWFS or substantially all of its assets are acquired by a third party.
When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
Sharing your personal data to other entities in our corporate group
There are circumstances where we share your information with our parent company (or other companies within our Group), where necessary, in order to:
- Fulfil orders;
- Facilitate transactions;
- Handle complaints;
- Provide you with service(s) or information that you have requested;
- Facilitate audit, statistical analysis, risk management and product and service development purposes;
- Co-ordinate and manage customer contract renewals (see ‘customer contract renewals’ section below); and
- Comply with legal requirements.
For example, we will share information with branded trading divisions of MAN Truck & Bus UK Limited where you enquire about their services through us, or where you make a complaint to us and later make the same or similar complaint to them.
Where we store your information and transfers to third countries
We take steps to ensure that any third party partners who handle your information comply with data protection legislation and protect your information just as we do. We only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf. We will aim to anonymise your information or use aggregated none specific data sets wherever possible.
Due to the international nature of our business, there may be some instances where your information is processed or stored outside of the EU. In those instances, we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law.
In addition, fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
Keeping your information secure
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and/or other third parties who have a business need to know it. They will only process your personal information on our instructions and are subject to a duty of confidentiality. Details of these measures may be obtained from the Data Protection Officer (please see contact details below).
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
Finally, we have established procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retention of your information
We do not retain personal information in an identifiable format for longer than is necessary.
If we have a relationship with you (e.g. you are a customer), we hold your personal information for 6 years from the date our relationship ends. We hold your personal information for this period to establish, bring or defend legal claims. Our relationship may end for a number of reasons including where the vehicle lease expires, or we have been made aware that you no longer own or drive that vehicle.
Where we have obtained your personal information following a request for information, such as a quotation for finance or any other information on any of our products or services, we hold your personal information for 1 year and 6 months from the date we collect that information, unless during that period we form a relationship with you e.g. you lease a vehicle. We hold your personal information for this period to give us an opportunity to form a relationship with you.
The only exceptions to the periods mentioned above are where:
- The law requires us to hold your personal information for a longer period, or delete it sooner;
- You have raised a complaint or concern regarding a product or service offered by us, in which case we will retain your information for a period of 6 years following the date of that complaint or query; or
- You exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further information below in relation to your rights).
In addition, fraud prevention agencies can hold your personal information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
You have the right as an individual to access the personal information that we hold about you and make corrections if necessary. You also have the right to withdraw any consent you have previously given us and ask us to erase information we hold about you. You can also object to our use of your personal information (where we rely on our business interests to process and use your personal information).
You have a number of rights in relation to your personal information under data protection law. In relation to most rights, we will ask you for information to confirm your identity and, where applicable, to help us search for your personal information. We will respond to you within 30 days (unless there are exceptional circumstances) after we have received any request (including any identification documents requested).
You have the right to:
- Ask for a copy of the information that we hold about you;
- Correct and update your information;
- Withdraw your consent (where we rely on it). Please see further 'How do we use your information';
- Object to our use of your information (where we rely on our legitimate interests to use your personal information) provided we do not have any continuing lawful reason to continue to use and process the information. When we do rely on our legitimate interests to use your personal information for direct marketing, we will always comply with your right to object;
- Erase your information (or restrict the use of it), provided we do not have any continuing lawful reason to continue to use and process that information; and/or
- Transfer your information in a structured data file (in a commonly used and machine-readable format), where we rely on your consent to use and process your personal information or need to process it in connection with your contract.
You can exercise the above rights and/or manage your information by contacting us using the details below:
Post: Volkswagen Financial Services (UK) Limited t/a MAN Financial Services, Frankland Road, Blagrove, Swindon, SN5 8YU
Raising a complaint
If you have concerns about the way we have handled your personal information, we encourage you to contact us and we will seek to resolve any issues or concerns you may have.
However, you also have the right to lodge a complaint with a data protection regulator, in particular in a country you work or live or where your legal rights have been infringed. . The contact details for the Information Commissioner’s Office, the data protection regulator in the UK, are below:
Information Commissioner's Office
Call: 0303 123 1113
If you wish to raise a complaint to the ICO, you can do so via their website under 'Make a complaint' at the following link: https://ico.org.uk/make-a-complaint/
If you would like further information about the identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs, this is explained in more detail and is accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document:
Call Credit: www.callcredit.co.uk/crain
If you would like further information regarding how the fraud prevention agencies process your personal data, you can view their privacy policies on their websites, as below:
In Ireland: Contact the Data Protection Commission’s Office (DPC) if you are concerned about the way that we have processed your personal information. You can contact the Irish Data Protection Commission via the following link: https://forms.dataprotection.ie/contact or by calling 1800 437 737.
You also have the right to raise a concern about our use of your data with your local supervisory authority in another EEA country in which you reside