Personal Data & Privacy Policy
This Privacy Policy explains what personal information The Aftersales Network Limited collects from you, how we use it, what our lawful basis is for processing your information, who we share it with, how we protect it and how you can both access and control the information we hold about you.
If after reading the Policy you have any additional questions about how we use your information please write to the Data Protection Officer, The Aftersales Network Limited, 10, Deer Park Way, Waltham Abbey, Essex EN9 3YL.
Our Promise about your personal information
We promise:
- We will not sell your personal information;
- We will maintain our security systems to keep your information safe;
- We will make it easy for you to access and control your information;
- We will comply with all relevant Regulatory requirements governing the use of personal information
Our status with the Information Commissioners Office (ICO)
The Aftersales Network Limited is registered as a Data Controller with the ICO under registration reference Z3044431. We review our registration status periodically to ensure it accurately reflects the information we collect and how we use it.
- What personal information do we collect?
- How do we use your personal information?
- What lawful bases do we have for processing your information?
- Who do we share your information with?
- How do we protect your information?
- How can you access and control the information we hold about you?
- Your right to withhold information
- Our use of Cookies
- How can you restrict us sending you marketing material?
- How do you make a complaint about how we have used your personal information?
- Our use of third parties
- Changes to our Business Ownership and Control
- Our review of this Policy
What personal information do we collect?
The personal information we collect depends on how you interact with us, ranging from browsing our website to formally engaging us to source an appropriate financial solution to meet your requirements.
Personal information will be collected when you use our website, when you contact us by telephone (or when we contact you by telephone), and throughout the application process, from making an initial enquiry to drawing down funds and our aftercare service. Please note calls between us are recorded and securely retained for training and compliance purposes.
Information will usually be collected directly from you or someone you have authorised to provide information to us such as a joint applicant or perhaps where you are acting as a guarantor. Information may however be collected from an Introducer or a Broker. When we are approached by an Introducer or a Broker on your behalf we undertake checks to ensure that you have been made aware of how your information will be used.
Where you request us to identify a Lender who can provide an appropriate financial solution, the information collected will be stipulated by the Lender to enable them to make an informed lending decision. The Lender will become a joint Data Controller and we recommend that you read the Privacy Policy of the Lender before submitting an Application.
The information usually collected can be categorised as:
- Identification data – including your name, title, date of birth, national insurance number;
- Documentary information – including Passports, Driving Licences and any other documentary evidence we request to verify your identity, residency and source of any deposit;
- Contact information – including your address (and previous address if relevant), your telephone number and email address;
- Employment information – including your employment status, income, employer name, length of employment, details of previous employment;
- Financial information – including your income and expenditure, assets and liabilities, financial status, financial history, bank details, bank/credit card/mortgage statements, and debit / credit card details;
- Transactional information – including the type of finance you have applied for (or are guaranteeing), repayments, term, exit strategy;
- Public domain information – including information held at Companies House, in electoral rolls, and widely available on the internet;
- Behavioural information – including details about your usage of our products and services;
- Marketing preference information – details of any preferences you have advised us of regarding receipt of marketing literature, details of how and when you gave us “consent” (where this is required) to contact you;
- Technical data – including IP address, web browser type and version, operating system, a list of URLs starting with a referring site, your activity on this Web Site, the site you exit to and cookie information (see “our use of cookies” below).
There are separate safeguards for the use of some personal information for example personal information about criminal convictions or offences. Legislation is currently being reviewed as to how this information can be processed and we will comply with such new legislation.
We do not collect information classified as Special Category data, such as racial or ethnic origin, religious beliefs etc unless it is lawful to collect such information and it is relevant to the transaction.
How do we use your personal information?
Any personal information we collect will be retained by The Aftersales Network Limited for as long as you are a client of The Aftersales Network Limited.
After you cease being a client of The Aftersales Network Limited we may retain your information for up to 6 years in order to respond to complaints or questions you may have, to demonstrate we have observed our Treating Customers Fairly principles and to fulfil any legal or regulatory requirements.
We may retain your information for longer than 6 years if we are required to do so by law, or for research and statistical purposes where we can prove a “legitimate interest”. Where we do retain your information for more than 6 years we will ensure your information is used only for these stated purposes.
What lawful bases do we have for processing your information?
Where you approach us for a quote for a financial product or request us to make an approach to a lender on your behalf, our lawful basis for processing your data is “contract” i.e. we are processing your data because you have asked us to do something before you enter into a contract.
For some of the data we process, we also have a “legitimate interest”, and / or a “legal obligation”. For example we have both a “legitimate interest” and a “legal obligation” to process information to prevent financial crime.
Where you have made an enquiry with us we have a “legitimate interest” to keep you informed about relevant products and solutions that may be of interest to you. When we first collect information from you, we will give you the option to restrict this processing i.e. prevent any marketing material being received. Where you do not exercise your right to restrict this processing, all marketing literature we send to you will have an option to unsubscribe. You can also exercise your right to restrict processing for marketing purposes, or withdraw any “consent” you have previously provided to us, at any time. Please see “how can you restrict us sending you marketing material?” below.
Who do we share your information with?
Where you request we provide you with a quote for a financial product, we will share information with our panel of lenders. The information we share will be restricted to the information required to obtain a quote.
Where we approach a lender for a decision in principle, we will share information with the appropriate Lender. The information we share will be restricted to the information required to obtain a decision in principle.
Once you have made an informed choice about the product you would like to formally apply for, we will collect and share the information required by the Lender in order to enable them to process your Application. Before you instruct us to submit an Application on your behalf to a Lender, we recommend you read the Lenders Privacy Policy. We will signpost you to this Policy should you require us to.
In addition to the lenders as outlined above, we may share your personal information with:
- Professionals appointed by yourself, appointed by the lender or appointed by ourselves to negotiate and execute the transaction;
- Fraud Prevention Agencies in order to verify your identity and address, and for fraud prevention purposes;
- Credit Reference Agencies. (CRAs) Usually the Lender will either undertake a Credit Reference search themselves or request that you supply a Credit report, but on occasion The Aftersales Network Limited may undertake this search;
Where we do, we will share your personal information with the CRAs and they will give us information about you. The data we exchange can include but is not limited to:
- Name, address and date of birth
- Credit application
- Details of any shared credit
- Financial situation and history
- Public information, from sources such as the electoral register and Companies House.
We’ll use this data to:
- Make sure what you’ve told us is true and correct
- Help detect and prevent financial crime
When we ask CRAs about you or your business, they will note it on your credit file. This is called a credit search. Other lenders may see this and we may see credit searches from other lenders.
If you apply for a product with someone else, we will link your records with theirs. We will do the same if you tell us you have a spouse, partner or civil partner – or that you are in business with other partners or directors. You should tell them about this before you apply for a product or service. It is important that they know your records will be linked together and that credit searches may be made on them.
CRAs will also link your records together. These links will stay on your files unless one of you asks the CRAs to break the link. You will normally need to give proof that you no longer have a financial link with each other.
You can find out more about the CRAs on their websites, in the Credit Reference Agency Information Notice. This includes details about:
- Who they are
- Their role as fraud prevention agencies
- The data they hold and how they use it
- How they share personal information
- How long they can keep data
- Your data protection rights.
Here are links to the information notice for each of the three main Credit Reference Agencies:
- Organisations that formally introduce you to us;
- Companies with The Aftersales Network Group of Companies where we believe they can contribute to a competitive bespoke financial solution. Any approach we make to a Group company will be with your knowledge or on a no names basis;
- Organisations you ask us to share your information with;
- Third parties specifically contracted by The Aftersales Network Limited to deliver products and services to you as referred to in “our use of third parties” below.
Fraud Prevention Agencies (FPAs)
Before we provide products, services or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, including verifying your identity. To do this, we may share your personal information with FPAs.
When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, in order to protect our business and to comply with laws. Such processing is also a contractual requirement of the services and financing you have requested. When appropriate, we and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
Fraud prevention agencies can hold your personal data for different periods of time and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
Data transfers
Should a fraud prevention agency transfer your personal data outside of the European Economic Area (EEA), they will impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
How we’ll keep your personal information secure
We have strict procedures for how and where we store and share your personal data, that comply with industry practices, for both electronic and paper formats. We store all the information you give us and will use new information to update existing records we hold for you. Where paper records are stored off site, they are done so with a storage company that adheres to the principles of GDPR.
Sending data outside of the EEA
We will only send your data outside of the European Economic Area (‘EEA’) to comply with a legal duty. We do not transfer information to agents or advisers outside of the EEA, but if we should need to, we will ensure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website.
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this here on the European Commission Justice website,
How do we protect your information?
Information security is of great importance to The Aftersales Network Limited and to protect your information we have put in place suitable physical, electronic and managerial procedures. For example access to information is restricted internally within our business so that only colleagues with a legitimate need to access the information are permitted to access it.
We also have policies in place to ensure we do not collect excessive or special category information from you and systems to securely dispose of information in line with our retention policy.
The Aftersales Network Limited also employs the services of third parties to control and protect your information and regularly reviews the security controls in place.
How can you access and control the information we hold about you?
You can access information we hold about you by writing to the Data Protection Officer at The Aftersales Network Limited, 10, Deer Park Way, Waltham Abbey, Essex EN9 3YL. To respond to your request, we may need to contact you to ensure we fully understand your request and we will also need to verify your identity to ensure we do not disclose information to a third party (unless you specifically authorise us to do so). Information will usually be provided to you free of charge, unless defined as unfounded, excessive or repetitious in accordance with current regulations.
In certain circumstances you can request us to:
- rectify any inaccurate data we hold,
- complete any incomplete data,
- erase personal data (“the right to be forgotten”),
- restrict or object to the processing of your personal data.
Should you wish to request any of the above, please contact the Data Protection Officer at The Aftersales Network Limited, 10, Deer Park Way, Waltham Abbey Essex EN9 3YL. In the event we do not believe your request meets the qualifying criteria or we are unable to comply with your request for any lawful reason, we will explain these reasons to you.
Your right to withhold information
You may access certain areas of this Web Site without providing any information at all. However, to use all Services and Systems available on the Web Site you may be required to submit personal information. You may also restrict your internet browser’s use of Cookies. For more information see “our use of cookies” below.
Our use of Cookies
Cookies are small text files placed on your computer to collect information such as visitor behaviour information to help us improve our Website. The Aftersales Network Limited has carefully chosen these Cookies and uses them to facilitate certain functions and features of the Web Site. We also use Cookies for analytical purposes.
For information about how you can delete and control cookies, visit www.aboutcookies.org or www.allaboutcookies.org. Please note deleting cookies may mean you lose any information that enables you to access the Web Site more quickly. It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your browser if you are unsure as to how to adjust your privacy settings.
How can you restrict us sending you marketing material?
You will be given the option to restrict processing for marketing purposes when we first collect personal information from you. If you do not exercise this right to restrict processing, every subsequent marketing message you receive will give you the option to unsubscribe. However, you can also withdraw your consent at any time by emailing marketing@theaftersalesnetwork.com, adding “STOP” to the email heading followed by the type of marketing you are seeking to stop i.e “STOP – email”, “STOP – telephone”, or “STOP – all”.
How do you make a complaint about how we have used your personal information?
If you are unhappy with how we have used your personal information you can submit a complaint to us by writing to the Complaints Manager, The Aftersales Network Limited, 10 Deer Park Way, Waltham Abbey, Essex EN9 3YL or contact us by phone on 0845 299 6668. You can also complain to the Information Commissioners Office via their website https://ico.org.uk/
Our use of third parties
The Aftersales Network Limited may, from time to time, employ the services of other parties for dealing with matters that may include, but are not limited to, payment handling, delivery of purchased items, search engine facilities, advertising and marketing. We also use third parties to provide IT security solutions.
The providers of such services only have access to the information required by them to perform the services that The Aftersales Network Limited requests. Any use for other purposes is strictly prohibited. Furthermore, any data handled by third parties must be processed within the terms of this Privacy Policy and in accordance with current legislation.
Changes to our Business Ownership and Control
The Aftersales Network Limited may, from time to time, expand or reduce its business and this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties. Information you have provided to us will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the information for the purposes for which it was supplied by you.
In the event that any information you have provided to us will be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your information deleted or withheld from the new owner or controller.
Our review of this Policy
The Aftersales Network Limited keep this Privacy Policy under regular review. This Policy was last reviewed on 25th May 2018. Any changes will be immediately posted on the Web Site and you are deemed to have accepted the terms of the Policy on your first use of the Web Site following the alterations.