Why does this Policy exist?
Black Arrow Finance Limited (the Company) is committed to protecting the privacy of your personal information. For applicable data protection law, including the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR), the Company is the data controller. You will see the Company referred to as Black Arrow and Black Arrow Finance on the site.
What does this Policy cover?
Our Policy explains our treatment of personally identifiable information which we gather from you, including during your use of our website and when you interact with us in other ways offline. If you have any questions regarding our Policy, please contact us at the address on the Contact Us page of this site or email us at: firstname.lastname@example.org
We gather various types of information from our users, as explained in detail below, and we use this information in connection with our services, including to personalise, provide and improve our services, to fulfil your requests for certain services and in some cases, to analyse how you use those services.
We may update our policies from time to time for any of the following reasons:
- to provide for the introduction of new or improved systems, methods of operation, services, or facilities; to reflect an actual or expected change in market conditions or general banking practice.
- to comply with or anticipate any changes in any legal or regulatory requirement.
- to ensure that our business is run prudently.
- to make our policies clearer or more favourable to you; or to rectify any outdated information
You must not send us personal information about someone else without first getting the individual’s consent for it to be used and disclosed in the ways set out in our Policy. If you give us information (including personal information) on behalf of someone else, you confirm that the other person has given you permission to act on their behalf and has agreed that you can:
- provide their personal information to Black Arrow Finance.
- give consent on their behalf to the processing of their personal data.
- receive on their behalf any data protection notices; and
- give consent to the transfer of the individual’s personal data abroad should this be required
Where you provide information about someone else, or someone else discloses a connection with you, that information may be considered along with your other personal information when assessing your application to receive our services.
What type of personal information do we collect?
The personal information we collect from you is used primarily to enable us to provide the specific service you require.
Personal information can include the following:
- your title, forename and surname and gender.
- your personal or work related (depending on which you choose to submit) e-mail address
- your personal or work-related contact details (depending on which you choose to submit) such as your telephone number(s), fax numbers and postal address.
- your date of birth and national insurance number.
- your marital status.
- your residential status and address details for the past 3 years.
- occupation, salary, and annual income information.
- employment status.
- employer details and time periods in that occupation and with that employer and any other employers within a 3-year period.
- your bank details, including your bank name and address, sort code, account number, account name, account type and time at your bank.
- Health status and history, details of treatment and prognosis, medical reports.
- Any pre-existing investment, mortgage and/or finance products along with terms and conditions relating to these.
- personal information about your credit history which we obtain from Credit Reference Agencies including data which originates from Royal Mail (UK postal addresses), local authorities (electoral roll), the insolvency service, Companies’ House, other lenders and providers of credit (who supply data to the Credit Reference Agencies), court judgments decrees and administration orders made publicly available through statutory public registers (see the section on ‘Credit Reference Agencies’ below);
- your contact and marketing preferences.
- if you take a survey or interact with us in various other ways – demographics information and information about subjects that may interest you.
- information necessary for legal compliance.
- where you “like” us or make posts on our pages on social networking websites, such as Facebook, Twitter, YouTube, and Instagram.
This information will be collected primarily from you as information voluntarily provided to us on the basis that both parties are entering a contract for the supply of services/ provision of finance.
We may also collect information where lawful to do so from (and combine it with information from) credit reference and fraud prevention agencies, public sources, third party service providers, tax, or law enforcement agencies and other third parties. Some of the personal information obtained from Credit Reference Agencies will have originated from publicly accessible sources.
Credit Reference Agencies draw on court decisions, bankruptcy registers and the electoral register (also known as the electoral roll)
What other personal information do we collect and why?
In this section we explain the personal information we collect from you when you interact with us online and offline. Where we explain why we use this information, we have also referred to the relevant legal basis which we consider applies to the processing, as explained in the section above. Presenting the information in this way will make it easier for you to understand your rights in relation to your personal information, and this is explained further below in the sections headed “Your rights to access your personal information” and “Your rights under Data Protection Law”.
We automatically collect standard internet and website log information to understand how our website visitors behave, which we use to improve your experience online. This may include information about your Internet Service Provider, your operating system, browser type, domain name, the Internet Protocol (IP) address of your computer (or other electronic Internet-enabled device), your access times, the website that referred you to us, the web pages you request and the date and time of those requests.
Any domain name information that we collect is not used to personally identify you but is instead aggregated to measure the number of visits, average time spent on the Website, pages viewed. We use this information to measure the use of our Website and to improve its contents. However, additional services may be available if we have certain information about you.
When you use any of the services below, you may need to provide us with some additional personal information so that we can liaise with you to deal with your request, query, and/or application. If you do choose to provide us with your personal information, we will collect that information for our own use and for the purposes described in this Policy.
We record phone conversations to offer you additional security, resolve complaints, for staff training purposes and to improve our service standards.
You can easily delete any cookies that have been installed in the cookie folder of your browser. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
Please be aware that restricting cookies may impact on the functionality of the website.
How we use your personal information?
We have explained below the purposes for which we may use information about you. As with the section above, we have explained why we use your information with reference to the relevant legal basis. Presenting the information in this way will make it easier for you to understand your rights in relation to your personal information, and this is explained further below in the sections headed “Your rights to access your personal information”.
We may use your personal information for the following Legitimate Reasons
- to respond and/or deal with your request or enquiry.
- to process and administer your application.
- to carry out searches at Credit Reference Agencies pre-application, at the application stage, and periodically after that, and when we share your personal information with Credit Reference Agencies.
- to improve our products and services and to ensure that content from the websites is presented in the most effective manner for you and for your computer (or another electronic Internet-enabled device).
- to administer the websites.
- for internal record keeping.
- to contact you (directly, either by the Company, Group or through a relevant partner or agent) by e-mail or phone for any of the above reasons.
- where necessary as part of any restructuring of the Company or sale of the Company’s business or assets.
- to analyse trends and customer journeys in using and accessing our websites.
- to validate that any electronic or paper-training materials we provide to you are relevant to your business requirements.
- to perform a business health check, to help you define your business requirements.
- to visit your premises
- to perform any contract the Company has with you.
- subject to your consent where required under applicable laws, to carry out direct marketing and/or e-mail marketing.
Our Legal Obligations
- monitoring and recording of telephone calls and email communications where necessary for compliance with regulatory rules or self-regulatory practices or procedures relevant to our business, to prevent or detect crime, for quality, training, and security purposes; and
- for compliance with our legal, regulatory, and other good governance obligations.
This list is not intended to be exhaustive and may be updated from time to time as business needs and legal requirements dictate. Some of the personal information that we maintain will be kept in paper files, while other personal information will be included in computerised files and electronic databases.
How long do we keep your personal information for?
Your personal data will not be kept for longer than is necessary to fulfil the specific purposes outlined in this Policy and to allow us to comply with our legal requirements.
The criteria we use to determine data retention periods includes the following:
- Retention if you have enquired about a service or your application does not proceed with us. We will retain your personal data for a reasonable period (up to 3 years) after you have enquired or requested a service from us.
- Retention in case of claims. We may retain it for the period in which you might legally bring claims against us (in the UK this means we will retain it for a minimum 6 years after the expiration of your contract or agreement) if and to the extent this is relevant; and
- Retention in accordance with legal and regulatory requirements. We will consider whether we need to retain your personal data after the period described above because of a legal or regulatory requirement. Some or all these criteria may be relevant to retention of your personal data collected in connection with our products and services.
How do we share your information with credit reference agencies?
To process your service requirements, we will perform credit and identity checks on you with one or more CRAs. To do this, we will supply your personal information to CRAs, and they will give us information about you. This will include information about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Verify your identity.
- Assess your creditworthiness and affordability.
- Verify the accuracy of the data you have provided to us.
- Prevent criminal activity, fraud, and money laundering.
- Manage your account(s).
- Ensure any offers provided to you are appropriate to your circumstances.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other finance companies/lenders.
Does the Company share my personal information with third parties?
We may disclose specific information upon lawful request by government authorities, law enforcement and regulatory authorities where required or permitted by law and for tax or other purposes.
Your personal information will be made available for the purposes mentioned above (or as otherwise notified to you from time to time) and third parties who we identify are able to assist us with your enquiry or application and support your needs as identified.
Third parties in this context means providers to the Company or Group of responsible management, accounting, legal, logistics, audit, compliance, information technology, marketing, and other services. This may also include providers of call centres, data storage and database hosting services, IT hosting and IT maintenance services. These companies may use information about you to perform functions on our behalf.
We may share personal information within the company as needed for reasonable management, analysis, planning and decision making, including in relation to taking decisions regarding the expansion and promotion of our product and service offering, customer request fulfilment and for use by those companies for the other purposes described in this Policy.
We will not sell your personal information to any third party other than as part of any restructuring of the Company or Group or sale of a relevant Group business.
Managing your marketing preferences
We may wish to provide you with information about new products, services, promotions and offers, which may be of interest to you. We may also invite you to take part in market research or request feedback on our services. This communication may occur by e-mail, telephone, post, or SMS. We will seek your consent for this where necessary under Data Protection Law.
You also have the right to ask us not to process your personal data for marketing purposes at any time. This means you can change your mind about receiving marketing communications from us when you have previously consented to this. You can opt-out of receiving such communications by clicking the “unsubscribe” link on any email that we send to you or by emailing our Customer Service team at email@example.com at any time.
Please note that marketing communications are not the same as “information only” communications and that consents are not usually required for us to communicate with you about the products or services you have enquired about or have signed up to obtain, using contact details you have provided for this purpose.
Your rights to access your personal information
You have several other rights in respect of your personal information under applicable Data Protection Law. These include the right to access or obtain copies of your personal information and to have inaccurate information about you corrected.
To exercise your right to access your personal data please write to us at Black Arrow Finance Limited, Profile West. 950 Great West Road, Brentford, Middlesex, TW8 9ES.
You have the right to:
- request copies of your personal information that we hold (see above).
- the right to rectification, including to require us to correct inaccurate personal data.
- ask us to send an electronic copy of your Personal Data t another organisation should you wish
- the right to withdraw your consent to any processing for which you have previously given that consent.
Your right to complain to the data privacy supervisory authority
Without prejudice to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the UK’s Information Commissioner if you consider that we have infringed applicable data privacy laws when processing your personal data. In the UK the Information Commissioner’s Office can be contacted using the following link: https://ico.org.uk/
If you have any questions about this Policy, please contact us at