This Policy applies to: Allium Money Limited (Company number: 10977963), Allium Lending Group Limited (Company number: 10028311), GDFC Services plc (Company number: 08271985), GDFC HoldCo Limited (Company number: 08272183), and GDFC Assets Limited (Company number: 08272354). These are referred to as the Allium Lending Group in this notice, and are all registered at:
Allium Money Limited
40 Bernard Street,
The Owner and Data Controller can be contacted at firstname.lastname@example.org. Alternatively, a letter addressed to the Allium Lending Group Data Controller can be sent to the address above. Any enquiries regarding the contents of this Privacy Notice can be directed here.
Last updated: 21 February 2022
TYPES OF DATA WE COLLECT
The types of Personal Data collected by us, directly or through third parties, include:
Internet Cookies that track your use of our website or application, known as Usage Data
First and last name
Date of birth
Records of calls/emails between us
National Insurance numbers
Data to assess credit risk
Usage Data is collected automatically when using our website or application. All other Personal Data is only required to be provided by the User to access a service or information.
Users who are unsure about which Personal Data is mandatory are welcome to contact us.
Providing the service required by the User
Making use of our websites easy, including remembering your preferences on our websites
Special Category Data
We may need to process more sensitive data which data protection law categorises as Special Category Data. This could include:
Racial or ethnic origin
Religious or philosophical beliefs
Trade Union membership
Genetic or biometric data
Data concerning your health
Criminal records of convictions and offences
Allegations of criminal offences
We will only process Special Category Data if the law allows us to do so. The lawful bases we most commonly rely on are:
1. We have your explicit consent to use your data. We may look to record any information provided concerning your health so that we understand how best to support you and service your account.
2. It is necessary for reasons of substantial public interest to use your data. For example, we may record information about your health if it’s necessary to protect your economic well-being, if you’re at risk, and seeking consent would be unreasonable or negatively impact our ability to help you.
3. It is necessary to protect your or another person’s vital interests. We may share information about you to the emergency services if it is crucial to save either your or another’s life and you are unable to consent.
METHODS OF PROCESSING, STORING, RETAINING DATA
The Data Controller processes the data of Users by following this Privacy Notice and shall take appropriate security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of the data.
The data processing is carried out using computers and/or IT enabled tools, following organisational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases the data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.
The data is processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. Please email us at email@example.com for further details, or write to us in the address listed on page 1 of this notice.
The User can always request that the Data Controller suspend or remove the Data unless we are required to retain the Data by law. The Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document.
HOW WE USE YOUR DATA
1. To provide you with products and services we need to collect, use, share and store personal and financial information about you. This includes information which we:
a) obtain from you or third parties, such as retailers from whom you are considering making a purchase, credit brokers, Green Deal Providers, Green Deal Assessors, employers, energy suppliers, credit reference agencies (who may check the information against other databases, public or private, to which they have access), or fraud prevention agencies. This information may come from your interactions with us or them, for example through applying for a loan, Green Deal Plan or another consumer finance product; or
b) ascertain from the way in which the loan is administered and managed, for example, information relating to the payments which are made to your account with your energy supplier.
2. Where you provide personal and financial information about others (such as dependents, other family members or a joint energy account holder, where applicable) you confirm that you have obtained their consent or are otherwise entitled to provide this information to us, and for it to be used in accordance with this notice.
3. You authorise us to process and disclose your information including relating to lifestyle, income and criminal offences alleged or otherwise that is provided by you or that we obtain from third parties for the purposes of:
a) assessing and identifying products and services;
b) applying for a credit product, a product of an insurance company/organisation or finance provider;
c) detecting and preventing crime (including without limitation fraud and money laundering);
d) transferring your information following Paragraph 11 of this document; and
e) otherwise meeting our obligations under this privacy notice.
4. Subject to applicable law, we may use your information to:
a) manage your Credit Agreement;
b) carry out regulatory checks and meet our obligations to our regulators;
c) protect ourselves against harm to our rights and property interests;
d) develop and improve our services through assessment and analysis of the information (including credit or behavioural scoring (or both), market and product analysis and market research);
e) prepare high-level anonymised statistical reports which would contain details such as, for example, the percentage of people paying their energy supply by direct debit or the percentage of people changing energy supplier. We compile these reports from information about you and others. As the information in these reports is anonymised you never be identifiable from them. We may share these statistical and anonymised reports with third parties including non-Allium Lending Group companies;
f) prevent and detect fraud, money laundering and other crime (such as identity theft);
g) improve the relevance of marketing messages we may send you (which you can opt out of as stated below).
5. We may monitor or record any communications between you and us including telephone calls. We will use these recordings to check your instructions to us, to analyse, assess and improve our services to customers, deter fraud, and for training and quality purposes.
6. We may send you messages by post, telephone, text, email and other digital methods (including new methods that may become available in the future) in order to manage any financial product that you have applied for or hold with us.
7. We may send you messages by post, telephone, text, email and other digital methods (including new methods that may become available in the future) about products and services (including those of others) which may be of interest to you – these are marketing messages. You can ask us to stop or start sending you marketing messages at any time by writing to us or by replying to the messages we send you.
8. We may give your information to and receive information from credit reference agencies and fraud prevention agencies. We and other organisations may access and use this information to prevent and detect fraud, money laundering and other crimes, and to make credit assessments. Examples of circumstances when your information or information relating to your partner or other members of your household may be shared include:
a) checking details on applications for products and services, and credit and credit related, or other, facilities;
b) managing credit and credit-related accounts or facilities;
c) recovering debt;
d) checking details on proposals and claims for all types of insurance;
e) checking details of job applicants and employees; and
f) making enquiries when you ask for any lending products.
9. Information held about you by the credit reference agencies may already be linked to records relating to your partner or members of your household where a financial “association” has been created. Any enquiry we make at a credit reference agency may be assessed with reference to any “associated” records. Another person’s record will be “associated” with yours when:
a) you make a joint application;
b) you advise us of a financial association with another person; or
c) if the credit reference agencies have existing linked or “associate” records.
This “association” will be taken into account in all future applications by either or both of you and will continue until one of you applies to the credit reference agencies and is successful in filing a “disassociation”.
10. Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process Personal Data about you.
The Personal Data you have provided, we have collected from you, or we have received from third parties, will be used to prevent fraud and money laundering, and to verify your identity.
Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your Personal Data to detect, investigate and prevent crime.
We process your Personal Data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
Fraud prevention agencies can hold your Personal Data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing, or employment to you. If you have any questions about this, please contact us on the details above.
11. We may use credit scoring and automated decision making systems when considering any application from you for lending products and managing your loan, which may involve further searches at credit reference agencies which may affect your ability to obtain credit. Please email us at firstname.lastname@example.org for further details, or write to us in the address listed on page 1 of this notice.
12. We may disclose appropriate information about you and the management of the loan to the following, wherever located in the world:
a) other companies within the Tandem Money Group (that are subject to a similar duty of confidentiality);
b) our partners, and companies and organisations that provide marketing services to us at our request and under our direction (that are subject to a similar duty of confidentiality);
c) other companies or organisations that assist us in reviewing your financial position, to process transactions in the exercise of our discretion under the loan where applicable or arising from recommendations made by us to you; for example, to obtain product quotes and recommend and complete a product purchase with a product provider;
d) our service providers and agents (including their sub-contractors). This may include, for example, where we pass your details to someone who will print your statements; companies and organisations that assist us to process transactions under the loan;
e) anyone to whom we may transfer our rights and/or obligations under the loan;
f) any third party as a result of any restructure, sale or acquisition of any company within the Allium Lending Group, provided that any recipient uses your information for the same purposes as it was originally supplied to us and/or used by us;
g) your advisers (including, but not limited to, accountants, lawyers or other professional advisers) where authorised by you;
h) public authorities, where the Allium Lending Group has a duty to do so, or if law or regulation allows us to do so.
13. Where we are sharing information with organisations in another jurisdiction, we will ensure they agree to apply equivalent levels of protection as we do. If this is not possible – for example because we are required by law to disclose information – we will ensure the sharing of that information is lawful.
Your data may need to be shared with parties that are based outside the European Economic Area (EEA). When we do so, this will be done in line with current data protection legislation by only transferring your data to jurisdictions where there is a European Commission adequacy decision, or by using model clauses which have been approved by the European Commission.
Whenever fraud prevention agencies transfer your Personal Data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your Personal Data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
15. If you end your relationship with us, or if your application for a loan or product is declined or you decide not to go ahead with it, we will keep your information afterwards. We may also continue to collect information from credit reference agencies to use after your account is closed or your relationship with us ends. We will do so for as long as we are required to for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons.
16. You can ask for a copy of your information we hold about you by writing to us, or contacting the Data Protection Officer at: email@example.com.
In this policy, where we say ‘cookies’ it can also mean other software that collects data while you use our website.
The data we collect will be held by Allium Lending Group and we use this data to:
• Protect you from fraud and keep improving security;
• Study how people use our website, so we can improve them;
• Decide which of our products, services and offers may be relevant for you;
• Tailor the marketing you see on social media and other websites.
We may share this data with other companies in the Group. We also share some data with outside organisations. You can find out more about how we share data – and who we share it with – in our Privacy Notice.
We do not sell data to organisations outside our Group.
What is a cookie?
A cookie is a small file of letters and numbers that we put on your computer or mobile device if you consent to them. These cookies allow us to distinguish you from other users of the website which helps us to provide you with a good experience when you browse our website and allows us to improve our site.
We use two types of cookie on our website:
Our website uses a single session cookie only as required to ensure the correct functionality of the site’s technical features (such as online forms).
This session cookie is automatically generated by the server software that this site relies on and contains no information that can be used to identify you.
The cookie is destroyed upon exiting your browser or on the expiry of your user session.
We use Google Analytics to monitor and review our website traffic. This enables us to identify how our website is used and to make changes to improve your online experience.
Google Analytics requires the use of persistent cookies to monitor traffic. This cookie tracks anonymous data and does not identify or capture any personal information.
We also use a persistent cookie to identify whether you have already clicked to consent to cookies on our website. This means we can hide the cookie acceptance notice from you on future visits. This cookie is stored in a file on your computer for 365 days before being deleted .
First and third-party cookies
Whether a cookie is first or third-party depends on where it comes from.
First party cookies are set by websites you go to.
Third party cookies are set by outside organisations. For instance, you may be on a website that has ‘Like’ and ‘Share’ buttons for social network sites. If you click one, the social network site will put a ‘third party’ cookie on your device. That cookie may then collect data about you and send it to them too. You will need to set your privacy choices on their site, to tell them how they can use your data.
We use our own cookies and others from companies we work with such as social media, search engines and other advertising networks.
Essential cookies and cookies you can choose
Different types of cookies do different jobs on our website. Some are needed to make the website work. We need your consent to use others that are not essential. You can change your choices at any time. Just click the ‘Cookies’ link at the end of any page:
These cookies are needed to run our website, to keep it secure if you are logged on and to comply with any regulations that apply to us. If you are a customer, they help us know who you are so that you can log on and manage your accounts. They also help us keep your details secure.
Other important jobs they do are:
– Help you move around the site;
– Tell us if you’ve been to it before and which pages you went to;
– Tell us how the site is working, so we can find and fix any problems. You can’t turn off these cookies
These cookies are used for remembering things like:
– Your user ID on the log on page;
– Your region or country;
– Your preferred language;
– Accessibility options like large font or high contrast pages. You can’t turn off these cookies
These cookies tell us how you and our other customers use our website. We combine all this data together and study it.
This helps us to:
– Improve the performance of our services;
– Improve the products we provide. We will ask for your consent for use of these cookies
These cookies help us decide which of our products, services and offers may be relevant for you.
We may use this data to tailor the marketing and ads you see on our own and other websites, including social media. For instance, you may see our ads on other sites after you have been to our website.
If you turn off marketing cookies, you will still see ads online, but they will not be tailored to things that may interest you. We will ask for your consent for use of these cookies
You have the ability to consent to or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled.
INFORMATION NOT CONTAINED IN THIS POLICY
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.
THE RIGHTS OF USERS
Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to request for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above. This website/application does not support “Do Not Track” requests.
Users also have the right to complain to the Information Commissioner’s Office (ICO), which regulates the processing of Personal Data. The ICO’s contact details can be found below.
HOW TO FIND OUT MORE
Please contact us at:
Allium Money Limited, Data Controller, 40 Bernard Street, London, WC1N 1LE or email
You can contact the credit reference agencies (CRAs) currently operating in the UK. The CRAs may hold slightly varied information about you and so it is worth contacting them all.
TransUnion, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ or call 0870 0601414 or log on to https://www.transunion.co.uk/
Equifax PLC, Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US or call 0870 010 0583 or log on to www.equifax.co.uk
Experian, Consumer Help Service, PO Box 8000, Nottingham NG80 7WF or call 0844 4818000 or log on to www.experian.co.uk
Further information regarding the CRAs can also be found in the Credit Reference Agency Information Notice, which is available on request, or can be found here:
If you want to receive details of the relevant fraud prevention agencies, please contact the Data Controller listed above, or:
Cifas, 6th Floor, Lynton House, 7-12 Tavistock Square, London, WC1H 9LT, call 0330 100 0180 or fill out their general enquiry form at www.cifas.org.uk
The Information Commissioner’s Office, which regulates the processing of Personal Data, can be found at:
ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF, call 0303 123 1113 or live chat on their website www.ico.org.uk