Privacy & Cookie Policy

This Policy applies to: Allium Money Limited (Company number: 10977963), Allium Lending Group Limited (Company number: 10028311), GDFC Services plc (Company number: 08271985), GDFC HoldCo Limited (Company number: 08272183), and GDFC Assets Limited (Company number: 08272354). These are referred to as the Allium Lending Group in this notice, and are all registered at:

Imperial House,
15 – 19 Kingsway,
London, WC2B 6UN

The Owner and Data Controller can be contacted at: dpo@gdfc.co.uk. Alternatively, a letter addressed to the Allium Lending Group Data Controller can be sent to the address above. Any enquiries regarding the contents of this Privacy Notice can be directed here.

Last updated: 17th July 2019

TYPES OF DATA WE COLLECT


The types of Personal Data collected by us, directly or through third parties, include:

  • Internet Cookies that track your use of our website or application, known as Usage Data

  • First and last name

  • Email address

  • Physical addresses

  • Date of birth

  • Records of calls/emails between us

  • National Insurance numbers

  • Data to assess credit risk

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed before the Data collection.

Usage Data is collected automatically when using our website or application.  All other Personal Data is only required to be provided by the User to access a service or information.

Users who are unsure about which Personal Data is mandatory are welcome to contact us.
We use Cookies – or other tracking tools – for:

  • Providing the service required by the User

  • Making use of our websites easy, including remembering your preferences on our websites

METHODS OF PROCESSING, STORING, RETAINING DATA


The Data Controller processes the Data of Users by following this Privacy Notice and shall take appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.

The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. Please email us at dpo@gdfc.co.uk for further details, or write to us in the address listed on page 1 of this notice.

The User can always request that the Data Controller suspend or remove the data. The Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document.

USING INFORMATION ABOUT YOU


1. To provide you with products and services we need to collect, use, share and store personal and financial information about you. This includes information which we:

a) obtain from you or third parties, such as retailers from whom you are considering making a purchase, credit brokers, Green Deal Providers, Green Deal Assessors, employers, energy suppliers, credit reference agencies (who may check the information against other databases, public or private, to which they have access), or fraud prevention agencies. This information may come from your interactions with us or them, for example through applying for a loan, Green Deal Plan or another consumer finance product; or

b) ascertain from the way in which the loan is administered and managed, for example, information relating to the payments which are made to your account with your energy supplier.

2. Where you provide personal and financial information about others (such as dependents, other family members and a joint energy account holder, where applicable) you confirm that you have obtained their consent or are otherwise entitled to provide this information to us, and for it to be used in accordance with this notice.

3. You authorise us to process and disclose your information including relating to lifestyle, income and criminal offences alleged or otherwise that is provided by you or that we obtain from third parties for the purposes of:

a) assessing and identifying products and services;

b) applying for a credit product, a product of an insurance company/organisation or finance provider;

c) detecting and preventing crime (including without limitation fraud and money laundering);

d) transferring your information following Paragraph 11 of this document; and

e) otherwise meeting our obligations under this privacy notice.

4. Subject to applicable law, we may use your information to:

a) manage your Credit Agreement;

b) carry out regulatory checks and meet our obligations to our regulators;

c) protect ourselves against harm to our rights and property interests;

d) develop and improve our services through assessment and analysis of the information (including credit or behavioural scoring (or both), market and product analysis, and market research);

e) prepare high-level anonymised statistical reports which would contain details such as, for example, the percentage of people paying their energy supply by direct debit or the percentage of people changing energy supplier. We compile these reports from information about you and others. The information in these reports is never personal and you will never be identifiable from them. We may share these statistical and anonymised reports with third parties including non-Allium Lending Group companies;

f) prevent and detect fraud, money laundering and other crime (such as identity theft);

g) improve the relevance of marketing messages we may send you (which you can opt out of as stated below).

5. We may monitor or record any communications between you and us including telephone calls. We will use these recordings to check your instructions to us, to analyse, assess and improve our services to customers, deter fraud, and for training and quality purposes.

6. We may send you messages by post, telephone, text, email and other digital methods (including new methods that may become available in the future) in order to manage any financial product that you have applied for or hold with us.

7. We may send you messages by post, telephone, text, email and other digital methods (including new methods that may become available in the future) about products and services (including those of others) which may be of interest to you – these are marketing messages. You can ask us to stop or start sending you marketing messages at any time by writing to us or by replying to the messages we send you.

8. We may give your information to and receive information from credit reference agencies and fraud prevention agencies. We and other organisations may access and use this information to prevent and detect fraud, money laundering and other crimes, and to make credit assessments. Examples of circumstances when your information or information relating to your partner or other members of your household may be shared include:

a) checking details on applications for products and services, and credit and credit related, or other, facilities;

b) managing credit and credit-related accounts or facilities;

c) recovering debt;

d) checking details on proposals and claims for all types of insurance;

e) checking details of job applicants and employees; and

f) making enquiries when you ask for any lending products.

9. Information held about you by the credit reference agencies may already be linked to records relating to your partner or members of your household where a financial “association” has been created. Any enquiry we make at a credit reference agency may be assessed with reference to any “associated” records. Another person’s record will be “associated” with yours when:

a) you make a joint application;

b) you advise us of a financial association with another person; or

c) if the credit reference agencies have existing linked or “associate” records.

This “association” will be taken into account in all future applications by either or both of you and will continue until one of you applies to the credit reference agencies and is successful in filing a “disassociation”.

10. Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

The personal data you have provided, we have collected from you, or we have received from third parties, will be used to prevent fraud and money laundering, and to verify your identity.

Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.

11. We may use credit scoring and automated decision making systems when considering any application from you for lending products and managing your loan, which may involve further searches at credit reference agencies which may affect your ability to obtain credit. Please email us at dpo@gdfc.co.uk for further details, or write to us in the address listed on page 1 of this notice.

12. We may disclose appropriate information about you and the management of the loan to the following, wherever located in the world:

a) other companies within the Allium Lending Group (that are subject to a similar duty of confidentiality);

b) our partners, and companies and organisations that provide marketing services to us at our request and under our direction (that are subject to a similar duty of confidentiality);

c) other companies or organisations that assist us in reviewing your financial position, to process transactions in the exercise of our discretion under the loan where applicable or arising from recommendations made by us to you; for example, to obtain product quotes and recommend and complete a product purchase with a product provider;

d) our service providers and agents (including their sub-contractors). This may include, for example, where we pass your details to someone who will print your statements; companies and organisations that assist us to process transactions under the loan;

e) anyone to whom we may transfer our rights and/or obligations under the loan;

f) any third party as a result of any restructure, sale or acquisition of any company within the Allium Lending Group, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us;

g) your advisers (including, but not limited to, accountants, lawyers or other professional advisers) where authorised by you;

h) public authorities, where the Allium Lending Group has a duty to do so, or if law or regulation allows us to do so.

13. Where we are sharing information with organisations in another jurisdiction, we will ensure they agree to apply equivalent levels of protection as we do. If this is not possible – for example because we are required by law to disclose information – we will ensure the sharing of that information is lawful.

Your data may need to be shared with parties that are based outside the European Economic Area (EEA). When we do so, this will be done in line with current data protection legislation by only transferring your data to jurisdictions where there is a European Commission adequacy decision, or by using model clauses which have been approved by the European Commission.

Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

14. We may use cookies and similar technologies on our websites and in our emails. Cookies are very small text files that may be stored on your computer or mobile device when you visit a website or enable images or click on a link in an email. These technologies do many different things, such as letting you navigate between web pages efficiently and remembering your preferences. In emails they help us to understand whether you have opened the email and how you have interacted with it.

15. If you end your relationship with us, or if your application for a loan or product is declined or you decide not to go ahead with it, we will keep your information afterwards. We may also continue to collect information from credit reference agencies to use after your account is closed or your relationship with us ends. We will do so for as long as we are allowed to for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons.

16. You can ask for a copy of your information we hold about you by writing to us, or contacting the Data Controller at: dpo@gdfc.co.uk.

COOKIES

In this policy, where we say ‘cookies’ it can also mean other software that collects data while you use our website.
The data we collect will be held by Allium Lending Group and we use this data to:


•    Protect you from fraud and keep improving security;
•    Study how people use our website, so we can improve them;
•    Decide which of our products, services and offers may be relevant for you;
•    Tailor the marketing you see on social media and other websites.


We may share this data with other companies in the Group. We also share some data with outside organisations. You can find out more about how we share data – and who we share it with – in our Privacy Notice.


We do not sell data to organisations outside our Group.


What is a cookie?


A cookie is a small file of letters and numbers that we put on your computer or mobile device if you consent to them. These cookies allow us to distinguish you from other users of the website which helps us to provide you with a good experience when you browse our website and allows us to improve our site.


We use two types of cookie on our website:


Session Cookies


Our website uses a single session cookie only as required to ensure the correct functionality of the site’s technical features (such as online forms).


This session cookie is automatically generated by the server software that this site relies on and contains no information that can be used to identify you.


The cookie is destroyed upon exiting your browser or on the expiry of your user session.


Persistent Cookies


We use Google Analytics to monitor and review our website traffic. This enables us to identify how our website is used and to make changes to improve your online experience.


Google Analytics requires the use of persistent cookies to monitor traffic. This cookie tracks anonymous data and does not identify or capture any personal information.


We also use a persistent cookie to identify whether you have already clicked to consent to cookies on our website. This means we can hide the cookie acceptance notice from you on future visits. This cookie is stored in a file on your computer for 365 days before being deleted .


First and third-party cookies


Whether a cookie is first or third-party depends on where it comes from.


First party cookies are set by websites you go to.


Third party cookies are set by outside organisations. For instance, you may be on a website that has ‘Like’ and ‘Share’ buttons for social network sites. If you click one, the social network site will put a ‘third party’ cookie on your device. That cookie may then collect data about you and send it to them too. You will need to set your privacy choices on their site, to tell them how they can use your data.


We use our own cookies and others from companies we work with such as social media, search engines and other advertising networks.


Essential cookies and cookies you can choose


Different types of cookies do different jobs on our website. Some are needed to make the website work. We need your consent to use others that are not essential. You can change your choices at any time. Just click the ‘Cookies’ link at the end of any page:


Strictly Necessary  

 

These cookies are needed to run our website, to keep it secure if you are logged on and to comply with any regulations that apply to us. If you are a customer, they help us know who you are so that you can log on and manage your accounts. They also help us keep your details secure.


Other important jobs they do are:


– Help you move around the site;
– Tell us if you’ve been to it before and which pages you went to;
– Tell us how the site is working, so we can find and fix any problems.    You can’t turn off these cookies


Functional  

 

 These cookies are used for remembering things like:


– Your user ID on the log on page;
– Your region or country;
– Your preferred language;
– Accessibility options like large font or high contrast pages.    You can’t turn off these cookies


Performance    

 

These cookies tell us how you and our other customers use our website. We combine all this data together and study it.

 

This helps us to:


– Improve the performance of our services;
– Improve the products we provide.    We will ask for your consent for use of these cookies


Marketing    

 

These cookies help us decide which of our products, services and offers may be relevant for you.

We may use this data to tailor the marketing and ads you see on our own and other websites, including social media. For instance, you may see our ads on other sites after you have been to our website.


If you turn off marketing cookies, you will still see ads online, but they will not be tailored to things that may interest you.    We will ask for your consent for use of these cookies


Use of Cookies on our site.


By using our website, you give us your consent and accept the use of cookies as described in this policy, in addition to any other terms and conditions that may apply. We reserve the right to change our Cookie Policy at any time. Such changes will appear on this page and are effective immediately.


Disabling/Enabling Cookies.


You have the ability to consent to or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled.
 

INFORMATION NOT CONTAINED IN THIS POLICY


More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.

THE RIGHTS OF USERS


Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to request for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above. This website/application does not support “Do Not Track” requests.

Users also have the right to complain to the Information Commissioner’s Office (ICO), which regulates the processing of personal data. The ICO’s contact details can be found below.

CHANGES TO THIS PRIVACY POLICY


The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at near the top of this page. If a User objects to any of the changes to the Policy, the User should stop using this website/application and can request that the Data Controller remove the Usage Data. Unless stated otherwise, the current privacy policy applies to all Personal Data the Data Controller has about Users.

HOW TO FIND OUT MORE


Please contact us at:

  • Allium Money Limited, Data Controller, Imperial House, 15-19 Kingsway, London, WC2B 6UN, or email dpo@gdfc.co.uk

You can contact the credit reference agencies (CRAs) currently operating in the UK; the information they hold may not be the same so it is worth contacting them all.

  • TransUnion, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ or call 0870 0601414

  • Equifax PLC, Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US or call 0870 010 0583 or log on to www.myequifax.co.uk

  • Experian, Consumer Help Service, PO Box 8000, Nottingham NG80 7WF or call 0844 4818000 or log on to www.experian.co.uk

Further information regarding the CRAs can also be found in the Credit Reference Agency Information Notice, which is available on request, or can be found here: https://www.callcredit.co.uk/crain

If you want to receive details of the relevant fraud prevention agencies, please contact the Data Controller listed above, or:

  • Cifas, 6th Floor, Lynton House, 7-12 Tavistock Square, London, WC1H 9LT or call 0330 100 0180

The Information Commissioner’s Office, which regulates the processing of personal data, can be found at:

  • ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF, or call 0303 123 1113

Allium Money Limited. Registered in England and Wales (Number 10977963) Registered Office: Imperial House, 15 - 19 Kingsway, London, England, WC2B 6UN Authorised and Regulated by the Financial Conduct Authority Firm Reference Number: 812143