We always put the safeguarding of you and your personal information first. So, it’s reassuring to know that everything you need to manage your data with us is here in one place. Update your communication preferences, understand your customer rights better or learn about the ways to stay safe online. It’s all here at your fingertips.
From 25th May 2018 your data will be better protected under a brand-new European law.
If you’ve purchased a Renault, Dacia, Nissan or Infiniti vehicle, you will have a finance agreement with us.
At RCI Financial Services, looking after your personal data has always been really important to us and our customers love receiving the latest promotions, helpful information and relevant offers.
We know that lots of companies will be contacting you at this time about changes in data protection regulations that will come into force on 25 May 2018. The General Data Protection Regulation – or GDPR for short – is designed to keep your personal information even more safe and secure and give you more control over how your data is used. The GDPR is Europe’s new framework for data protection laws and is the biggest change to UK data privacy law for 20 years.
In line with GDPR, we’d like to know how to communicate with you in the future and how you’d like us to stay in touch. So be sure to update your communication preferences in our online portal here.
It is important that you provide accurate information on your application.
The categories of information that we may collect about you during your application for finance from RCIFS are as follows: name, address, e-mail address, telephone number, address history, residential status, date of birth, marital status, driving licence number, vehicle information (including VIN, service reminders, warranty and service information), bank details, employer’s name and address, occupation, time in employment, income, expenditure, any ID documents, the date and time you used our services, telematics and location information relating to your vehicle, website information, transactions with the Dealer, information relating to your business, voice recordings made to our customer service centres and any other information or documentation you may provide in relation to your application or otherwise. If you do not provide us with required information that we request from you as required to consider your application, we will not be able to proceed with the credit reference and fraud prevention checks described below and, subsequently, we will not be able to enter into an agreement with you.
In addition to the information that you provide in your application for finance from RCIFS, we may also collect information about you from enquiries we may make about you (including from the searches we do with fraud prevention and credit reference agencies and enquiries we may make internally, or with any other RCI Group company, about your performance of any other agreement you have with us or an RCI Group company).
We may also collect other information such as information you provide through customer surveys, feedback, complaints and correspondence. Some information is required information but other information is optional and if you do not want to give it to us, you do not need to. We are always grateful for information you do provide though because this helps us to improve our products and services.
If you have purchased an electric vehicle from us, we may also collect additional information about you and your use of the electric vehicle, which will be transmitted to us by the telematics box installed in the vehicle. This information includes mileage data, battery performance and charge data. The reason we collect this information is to monitor your battery, its use and performance, to manage battery stocks and maintain hire payments at a competitive level. We will use the data as it is necessary for our legitimate interests for management, statistical and analytical, administration and accounting purposes. Please note that if you have opted to have a connection pack installed, we will also receive data about your location. If you do not wish us to receive location data you may disconnect the telematics box in accordance with the instructions supplied with the connection pack.
The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are as follows:
Please note that your Dealer will enter your information onto our Finance Proposal System when you apply for finance with us.
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (CRAs). To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
We will use this information to:
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before making an application to us. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at www.experian.co.uk/crain.
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process your information. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
Further details explaining which fraud prevention agencies we use and how the information held by fraud prevention agencies may be used can be obtained by contacting us at RCI Financial Services Limited, P.O. Box 495, Watford, Hertfordshire, WD17 1GL.
RCIFS may use a credit-scoring system and fraud detection and prevention system, i.e. an automated system to assess your credit worthiness and decide whether to enter into a finance agreement with you and an automated fraud detection and prevention system. You may ask us to ensure that, when we are evaluating your application for finance, we don’t base any decisions solely on an automated process. You must notify us of this request in writing using the contact details above.
If you make such a request, you will then have the right to be notified where such a decision is or will be based on an automated process. If we notify you that we have taken such a decision, you may request us to review that decision other than by automatic means by writing to us within 21 days of receiving the notification.
We will create a profile of you based on the information that we hold about you and the vehicle(s) that you are interested in in order to send you tailored offers (if you have agreed to receive marketing communications from us) from time to time.
Your information may be converted into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from it. Aggregated data cannot be linked back to you as a natural person. We might pass on this information to companies in our Group for analytical and statistical purposes or to other companies, such as advertisers, to use for our business and research purposes.
We may share your information with:
Please be aware that we engage third party agencies, who on occasion, may contact customers by post, e-mail, telephone or SMS message on our behalf (for example, to discuss your options prior to the expiry of your finance agreement or customised offers based on information we hold about you and your vehicle). Any information that you provide to the agency or any requests that you make for further information will be passed onto RCIFS and we will deal with your query. Please be assured that any information that you provide to the agency will be kept secure and confidential.
We would like to contact you with exciting and relevant information about RCIFS’s promotions, events, information, products and services which may be of interest to you. We may do this by post, e-mail, SMS and/or telephone, unless you have told us not to contact you specifically for this purpose.
We may also share your personal information with our recommended third party partners, so that they can contact you with marketing information about their products and services.
You can change your marketing preference at any time by getting in touch with us. For e-mail and SMS, please follow the unsubscribe instructions in those communications.
Sometimes our service providers or other group companies may be located in other countries and in which case we may send your personal information to countries which have a different standard of data protection than the UK. We have put in place protections to ensure that your information is safeguarded.
We store your information on servers located within the European Economic Area (EEA). We may change the location of servers in the future to improve services to you but we shall always ensure that we put in place protections to ensure that your information is safeguarded. Due to the international nature of our business, there may be some instances where your information is processed or stored outside of the EU. In those instances, we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law.
Whenever fraud prevention agencies transfer your information outside of the EEA, they impose contractual obligations on the recipients of that information to protect your personal data to the standard required in the EEA. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Please note that we are a member of National Hunter, a fraud prevention agency. The rules currently do not allow for processing National Hunter data outside of the EEA.
If your application for finance is declined or if your application is accepted but you do not proceed, we keep your information for 6 months or as long as necessary to deal with any ongoing queries you may have. If your application is accepted and you proceed, we hold your information for 7 years from the date on which your agreement with us ends.
Credit reference agencies will retain the information that we give to them for 6 years after your account is closed.
Fraud prevention agencies can hold your information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your information can be held for up to 7 years.
We will not hold your personal information in an identifiable format for any longer than is necessary. We hold your personal information for the periods mentioned to establish, bring or defend legal claims.
The only exceptions to the periods mentioned above are where:
At the end of the retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Under data protection laws, you have the following rights in respect of your information:
You have a number of rights in relation to your personal information as mentioned above under data protection law. In relation to most rights, we will ask you for information to confirm your identity to protect the confidentiality of your personal information and, where applicable, to help us search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received any request (including any identification documents requested).
The way we process your information and the legal basis on which we rely to process it may affect the extent to which these rights apply. If you would like to discuss or exercise any of these rights, please contact us using the details provided above.
You have the right to lodge a complaint with the Information Commissioner’s Office where your information has or is being used in a way that you believe does not comply with data protection laws. We encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have. You can also contact our Data Protection Officer with any data protection concerns.
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure of information we have physical, electronic and managerial procedures in place to keep your information safe. For more information on the security we have in place to protect information, please see our Security Policy which is available on request.
If you have any specific data protection questions, concerns or a complaint, you can address it to our Data Protection Team as follows:
Data Controller: RCI Financial Services Limited (“RCIFS”), Rivers Office Park, Denham Way, Maple Cross, Rickmansworth, WD3 9YS. Telephone: 0333 009 0231 Email: firstname.lastname@example.org
Data Protection Officer: Data Protection Officer, RCI Financial Services Limited (“RCIFS”), Rivers Office Park, Denham Way, Maple Cross, Rickmansworth, WD3 9YS or E-mail: email@example.com
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns
We all know the potential dangers of the internet, but the good news is you can do things to help protect your personal data. Try these tips to get you started:
Creating strong, unique passwords for all your critical accounts is the best way to keep your personal and financial information safe. We suggest using a password manager to help you store and create strong passwords. You can also see if your online accounts offer multi-factor authentication. This is where a few pieces of information are required to verity your identity. A code is normally sent to your phone before you can access the account.
Phishing is one of the easiest forms of cyber attack and can provide hackers with everything they need to target your personal and working life. Normally carried out over email, although the scam has now spread to social media, messaging services and apps. The attacker will try to get you to do what they want like handing over passwords and providing bank details by posing as a company or individual that you trust. Here are some key things to look for:
• Poor spelling and grammar
Official messages from major organisations are unlikely to contain mistakes.
• Shortened or odd URLs in emails or texts
We suggest hovering over the link you are sent to see if the link matches the web address it goes to.
• The Sender address looks strange
If it’s a string of characters or looks strange in any way, it’s unlikely to be coming from an official source. Do not click on links, download files, or open attachments from unknown senders.
• How to recognise when a website is untrustworthy
If you’re not sure that a website is secure, there are a few quick and easy ways to check you aren’t putting your personal information at risk.
• Check the https:// details
If a website asks for personal information or log in details without taking you to a https:// connection, you should close the page immediately.
• Look for specific information in the browser
The company name should be displayed next to the URL, with a padlock symbol to indicate you are logged on to a secure connection. You should also be able to click on the company name to bring up more details of the company who owns the website.
• Find out who owns the web domain
It’s free to look up who has registered the URL or domain of the website. Enter the domain name on websites like Whois.net and LookWhoIs.
We may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. Some of the cookies we use are essential for our sites to operate.
Watch this simple and informative video about GDPR and how it puts you in better control of your personal information.