Welcome to our privacy centre

We always put the safeguarding of you and your personal information first. So, it’s reassuring to know that everything you need to manage your data with us is here in one place. Update your communication preferences, understand your customer rights better or learn about the ways to stay safe online. It’s all here at your fingertips.

From 25th May 2018 your data will be better protected under a brand-new European law.

If you’ve purchased a Renault, Dacia, Nissan or Infiniti vehicle, you will have a finance agreement with us.

At RCI Financial Services, looking after your personal data has always been really important to us and our customers love receiving the latest promotions, helpful information and relevant offers.

We know that lots of companies will be contacting you at this time about changes in data protection regulations that will come into force on 25 May 2018. The General Data Protection Regulation – or GDPR for short – is designed to keep your personal information even more safe and secure and give you more control over how your data is used. The GDPR is Europe’s new framework for data protection laws and is the biggest change to UK data privacy law for 20 years.

In line with GDPR, we’d like to know how to communicate with you in the future and how you’d like us to stay in touch. So be sure to update your communication preferences in our online portal here.

Please read this Privacy Policy carefully as it explains how RCIFS and our related businesses within RCI Group (“we”, “our” or “us”) uses the personal information that you provide to us via your Dealer or that we have obtained about you through our use of the personal data that you have provided (referred to as your “information” in this Privacy Policy). RCIFS is part of the RCI Group of companies whose intermediate parent company is RCI Banque SA trading as “RCI Bank and Services” and whose ultimate parent company is Renault SA which is part of the Renault-Nissan-Mitsubishi Alliance and includes your selected vehicle manufacturer’s group companies including Renault UK Limited, Dacia, Nissan Motor (GB) Limited, Infiniti and Alpine (all of which comprise the, “RCI Group” or “Group”). The RCI Group therefore includes, RCIFS, RCI Bank UK, the RCIFS ultimate parent company’s group of companies, the Renault-Nissan-Mitsubishi Alliance and your selected vehicle manufacturer’s group companies and brands. If the RCI Group changes from time to time, we shall inform you of such changes. If you would like more information on the companies that make up the RCI Group, please do get in touch or go online to www.rcibs.com and www.group.renault.com.

Where this Privacy Policy refers to your "Dealer", this means the car dealership that has contacted us on your behalf regarding vehicle finance. Please be aware that the Dealer is not part of RCIFS or the RCI Group. Your Dealer may retain your information for its own purposes, for example, to contact you about its products and services. If you would like to know more about how the Dealer may use your information, please ask the Dealer for a copy of its Privacy Notice.

The contents of this Privacy Policy may change from time to time. We will notify you by of any changes to this Privacy Policy and the use of your information described herein.

Please read this Privacy Policy in conjunction with the Privacy Notice – Application, which you would have received when you made an application for finance from RCIFS, as this explains how we use your information when you made the application.

It is important that you provide accurate information on your application.

The categories of information that we may collect about you during your application for finance from RCIFS are as follows: name, address, e-mail address, telephone number, address history, residential status, date of birth, marital status, driving licence number, vehicle information (including VIN, service reminders, warranty and service information), bank details, employer’s name and address, occupation, time in employment, income, expenditure, any ID documents, the date and time you used our services, telematics and location information relating to your vehicle, website information, transactions with the Dealer, information relating to your business, voice recordings made to our customer service centres and any other information or documentation you may provide in relation to your application or otherwise. If you do not provide us with required information that we request from you as required to consider your application, we will not be able to proceed with the credit reference and fraud prevention checks described below and, subsequently, we will not be able to enter into an agreement with you.

In addition to the information that you provide in your application for finance from RCIFS, we may also collect information about you from enquiries we may make about you (including from the searches we do with fraud prevention and credit reference agencies and enquiries we may make internally, or with any other RCI Group company, about your performance of any other agreement you have with us or an RCI Group company).

We collect information about you and/or your vehicle when you use RCIFS websites, applications and our customer service centres. We also obtain information about you or your vehicle from our authorised Dealers and repairers. Some of this information does not identify you personally, but provides us with information about how you use our services and engage with us (we use this information to improve our services and make them more useful to you). We may also receive information from third parties, suppliers and partners – such as the Third Parties named in this Privacy Policy – about the products and services you have purchased.

We may also collect other information such as information you provide through customer surveys, feedback, complaints and correspondence. Some information is required information but other information is optional and if you do not want to give it to us, you do not need to. We are always grateful for information you do provide though because this helps us to improve our products and services.

Electric vehicles:

If you have purchased an electric vehicle from us, we may also collect additional information about you and your use of the electric vehicle, which will be transmitted to us by the telematics box installed in the vehicle. This information includes mileage data, battery performance and charge data. The reason we collect this information is to monitor your battery, its use and performance, to manage battery stocks and maintain hire payments at a competitive level. We will use the data as it is necessary for our legitimate interests for management, statistical and analytical, administration and accounting purposes. Please note that if you have opted to have a connection pack installed, we will also receive data about your location. If you do not wish us to receive location data you may disconnect the telematics box in accordance with the instructions supplied with the connection pack.

The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are as follows:

  • It is necessary for the performance of the contract with you or to take steps to enter into it. This includes verifying your identity and assessing your application for finance (including fraud prevention checks) when you first enter into the contract and/or any subsequent applications, variations or modifications to the contract and administering the agreement between us (including tracing your whereabouts to contact you and recover debt) and to provide you with the service under that agreement (i.e. managing your account, communicating with you, providing updates on the status of your account, dealing with any complaints and notifying you of any changes to this statement).
  • It is necessary for our legitimate interests or that of a third party. This includes:
    • creating a profile of you to decide what products and services to offer to you for direct marketing purposes;
    • making available personalised offers and promotions to you;
    • identifying trends to develop new products and services;
    • contacting you prior to the expiry of your finance agreement to discuss your options;
    • advising you about the products and services that we are providing to you in response to a request from you about this;
    • in some cases we may use automated methods to analyse, combine and evaluate information that you have provided to us (including the sharing of your personal information within our RCI Group of companies as mentioned in this Privacy Policy) which includes Renault UK Limited, Dacia, Nissan Motor (GB) Limited, Infiniti and RCI Bank UK;
    • collecting and analysing information so that we can deliver the most appropriate customer experience to you by tailoring and making relevant all our service and communications (for example, when your finance contract options are available);
    • preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us;
    • for product development, statistical analysis and market research and customer surveys so that we can better understand you as a customer and provide tailored offers, products and services that we think you will be interested in (we may want to contact you from time to time for market research, however you can ask us not to contact you for this purpose at any time);
    • providing you with customer support and services, including answering questions and responding to feedback and complaints;
    • monitoring communications between us (calls, letters, emails and texts) to prevent and detect crime, to protect the security of our communications, systems and procedures, and for quality control and training purposes;
    • for management and audit of our business operations including accounting and analysis of applications made to us;
    • to verify the accuracy of information that we hold about you and create a better understanding of you as a customer;
    • for network and information security purposes i.e. in order for us to take steps to protect your information against loss, damage, theft or unauthorised access;
    • to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);and
    • for improving our systems, operations, processes and services (including their testing) and for business continuity and disaster recovery purposes.
  • We only collect information which is necessary, relevant and adequate for the purpose you are providing it for.
  • It is necessary for compliance with a legal obligation. This includes when you exercise your legal rights under data protection law, to verify your identity, for the establishment and defence of our legal rights, for activities relating to the prevention, detection and investigation of crime, to conduct credit, fraud prevention and anti-money laundering checks and for compliance with our legal and regulatory responsibilities. We may process your personal information to comply with our other legal requirements (for example, to register your car with the DVLA).
  • You have given us your consent to use it for direct marketing communications (by us, the RCI Group and the other third parties listed at the end of this Privacy Policy). Please see ‘Marketing’ below for more information on marketing, including details on how to stop receiving marketing communications.

Please note that your Dealer will enter your information onto our Finance Proposal System when you apply for finance with us.

In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (CRAs). To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.

We will use this information to:

  • assess your creditworthiness and whether you can afford to take the product you have applied for;
  • verify the accuracy of the data you have provided to us;
  • prevent criminal activity, fraud and money laundering;
  • manage your account(s);
  • trace and recover debts; and
  • ensure any offers provided to you are appropriate to your circumstances.

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.

If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before making an application to us. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at www.experian.co.uk/crain.

Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process your information. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.

Further details explaining which fraud prevention agencies we use and how the information held by fraud prevention agencies may be used can be obtained by contacting us at RCI Financial Services Limited, P.O. Box 495, Watford, Hertfordshire, WD17 1GL.

RCIFS may use a credit-scoring system and fraud detection and prevention system, i.e. an automated system to assess your credit worthiness and decide whether to enter into a finance agreement with you and an automated fraud detection and prevention system. You may ask us to ensure that, when we are evaluating your application for finance, we don’t base any decisions solely on an automated process. You must notify us of this request in writing using the contact details above.

If you make such a request, you will then have the right to be notified where such a decision is or will be based on an automated process. If we notify you that we have taken such a decision, you may request us to review that decision other than by automatic means by writing to us within 21 days of receiving the notification.

We will create a profile of you based on the information that we hold about you and the vehicle(s) that you are interested in in order to send you tailored offers (if you have agreed to receive marketing communications from us) from time to time.

Your information may be converted into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from it. Aggregated data cannot be linked back to you as a natural person. We might pass on this information to companies in our Group for analytical and statistical purposes or to other companies, such as advertisers, to use for our business and research purposes.

We may share your information with:

  • Companies and consultants providing services to us (for example, marketing agencies, mail outsourcing service providers, information technology service providers who provide and maintain our systems and our website host). Those companies and consultants providing services to us will only use your information to provide those services to us.
  • Our Dealer network and with third party suppliers who fulfil business activities for us (like roadside assistance, marketing, customer care, customer retention, contract and vehicle related offers and options, events and market research etc.)
  • Selected partners who help us to provide you with the information, products and services and services that you request such as roadside assistance.
  • Other members of the RCI Group for purposes set out in this Privacy Policy and for product development, statistical analysis and audit purposes.
  • A purchaser or potential purchaser of our business or otherwise in the event of a merger, acquisition, re-organisation or similar event.
  • A third party company that may take over your contract so that you can continue with your contract.
  • A third party involved in the funding, liquidity, capital or treasury and/or related services in relation to your contract with us, for example, asset backed securitisation services.
  • Any associated or connected motor manufacturer from whom we purchase or hire goods (and their group companies), including, without limitation, Renault UK Limited, Dacia, Nissan Motor (GB) Limited and Infiniti. For example, to handle complaints or provide you with services and information.
  • Franchise car dealers, including their business partners and when the Dealers opens, closes or moves premises.
  • Third party insurance and services providers.
  • Credit reference, identity authentication and fraud prevention agencies to help us make credit decisions and fraud prevention checks (they may also share information about you with us).
  • Debt collection agencies.
  • The police, fraud prevention and identity authentication entities, other law enforcement agencies, government and tax authorities in the United Kingdom or abroad in order to detect, investigate and prevent crime (please note that fraud prevention agencies may also enable law enforcement agencies to access and use your information to detect, investigate and prevent crime).
  • The courts in the United Kingdom or abroad as necessary to comply with a legal requirement, for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.
  • Our legal and other professional advisors.

Please be aware that we engage third party agencies, who on occasion, may contact customers by post, e-mail, telephone or SMS message on our behalf (for example, to discuss your options prior to the expiry of your finance agreement or customised offers based on information we hold about you and your vehicle). Any information that you provide to the agency or any requests that you make for further information will be passed onto RCIFS and we will deal with your query. Please be assured that any information that you provide to the agency will be kept secure and confidential.

We would like to contact you with exciting and relevant information about RCIFS’s promotions, events, information, products and services which may be of interest to you. We may do this by post, e-mail, SMS and/or telephone, unless you have told us not to contact you specifically for this purpose.

We may also share your personal information with our recommended third party partners, so that they can contact you with marketing information about their products and services.

You can change your marketing preference at any time by getting in touch with us. For e-mail and SMS, please follow the unsubscribe instructions in those communications.

Sometimes our service providers or other group companies may be located in other countries and in which case we may send your personal information to countries which have a different standard of data protection than the UK. We have put in place protections to ensure that your information is safeguarded.

We store your information on servers located within the European Economic Area (EEA). We may change the location of servers in the future to improve services to you but we shall always ensure that we put in place protections to ensure that your information is safeguarded. Due to the international nature of our business, there may be some instances where your information is processed or stored outside of the EU. In those instances, we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law.

Whenever fraud prevention agencies transfer your information outside of the EEA, they impose contractual obligations on the recipients of that information to protect your personal data to the standard required in the EEA. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

Please note that we are a member of National Hunter, a fraud prevention agency. The rules currently do not allow for processing National Hunter data outside of the EEA.

If your application for finance is declined or if your application is accepted but you do not proceed, we keep your information for 6 months or as long as necessary to deal with any ongoing queries you may have. If your application is accepted and you proceed, we hold your information for 7 years from the date on which your agreement with us ends.

Credit reference agencies will retain the information that we give to them for 6 years after your account is closed.

Fraud prevention agencies can hold your information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your information can be held for up to 7 years.

We will not hold your personal information in an identifiable format for any longer than is necessary. We hold your personal information for the periods mentioned to establish, bring or defend legal claims.

The only exceptions to the periods mentioned above are where:

  • the law requires us to hold your personal information for a longer period, or delete it sooner;
  • where you have raised a complaint or concern regarding a product or service offered by us, in which case we will retain your information for a period of 6 years following the date of that complaint or query; or
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law.

At the end of the retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

Under data protection laws, you have the following rights in respect of your information:

  • to be informed about the processing of your information (this is what this Privacy Policy sets out to do);
  • to have your information corrected if it’s inaccurate and to have incomplete information completed. If you enter into an agreement with us, you can change your information via our customer online portal – it’s important that you keep your information up to date;
  • to object to processing of your information provided we do not have any continuing lawful reason to continue to use and process the information. When we do rely on our legitimate interests to use your personal information for direct marketing, we will always comply with your right to object;
  • to withdraw your consent at any time where we rely on it to process your information;
  • to restrict processing of your information provided we do not have any continuing lawful reason to continue to use and process that information;;
  • to have your information erased provided we do not have any continuing lawful reason to continue to use and process that information;
  • to request access to your information and information about how we process it;
  • from May 2018 only, to move, copy or transfer your information; and
  • rights relating to automated decision making, including profiling.

You have a number of rights in relation to your personal information as mentioned above under data protection law. In relation to most rights, we will ask you for information to confirm your identity to protect the confidentiality of your personal information and, where applicable, to help us search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received any request (including any identification documents requested).

The way we process your information and the legal basis on which we rely to process it may affect the extent to which these rights apply. If you would like to discuss or exercise any of these rights, please contact us using the details provided above.

You have the right to lodge a complaint with the Information Commissioner’s Office where your information has or is being used in a way that you believe does not comply with data protection laws. We encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have. You can also contact our Data Protection Officer with any data protection concerns.

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure of information we have physical, electronic and managerial procedures in place to keep your information safe. For more information on the security we have in place to protect information, please see our Security Policy which is available on request.

If you have any specific data protection questions, concerns or a complaint, you can address it to our Data Protection Team as follows:

Data Controller: RCI Financial Services Limited (“RCIFS”), Rivers Office Park, Denham Way, Maple Cross, Rickmansworth, WD3 9YS. Telephone: 0333 009 0231 Email: customerservices@rcibanque.com

Data Protection Officer: Data Protection Officer, RCI Financial Services Limited (“RCIFS”), Rivers Office Park, Denham Way, Maple Cross, Rickmansworth, WD3 9YS or E-mail: dataprotectionofficer-uk@rcibanque.com

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113.

Or go online to www.ico.org.uk/concerns

This Privacy Policy was last updated on 2nd May 2018.

Our online portal gives you instant access to your finance agreement and personal information. You can login here and amend any information that’s changed or update your communication preferences. If you haven’t already registered, it’s quick and easy to do. If you want to unsubscribe from our mailing lists, you can do so at any time by clicking the link in any email or text that we send to you. You can also read our privacy policy which states what data we collect and how we use it.

We all know the potential dangers of the internet, but the good news is you can do things to help protect your personal data. Try these tips to get you started:

How to build a strong password

Creating strong, unique passwords for all your critical accounts is the best way to keep your personal and financial information safe. We suggest using a password manager to help you store and create strong passwords. You can also see if your online accounts offer multi-factor authentication. This is where a few pieces of information are required to verity your identity. A code is normally sent to your phone before you can access the account.

How to protect yourself from Phishing

Phishing is one of the easiest forms of cyber attack and can provide hackers with everything they need to target your personal and working life. Normally carried out over email, although the scam has now spread to social media, messaging services and apps. The attacker will try to get you to do what they want like handing over passwords and providing bank details by posing as a company or individual that you trust. Here are some key things to look for:

• Poor spelling and grammar
Official messages from major organisations are unlikely to contain mistakes.

• Shortened or odd URLs in emails or texts
We suggest hovering over the link you are sent to see if the link matches the web address it goes to.

• The Sender address looks strange
If it’s a string of characters or looks strange in any way, it’s unlikely to be coming from an official source. Do not click on links, download files, or open attachments from unknown senders.

• How to recognise when a website is untrustworthy
If you’re not sure that a website is secure, there are a few quick and easy ways to check you aren’t putting your personal information at risk.

• Check the https:// details
If a website asks for personal information or log in details without taking you to a https:// connection, you should close the page immediately.

• Look for specific information in the browser
The company name should be displayed next to the URL, with a padlock symbol to indicate you are logged on to a secure connection. You should also be able to click on the company name to bring up more details of the company who owns the website.

• Find out who owns the web domain
It’s free to look up who has registered the URL or domain of the website. Enter the domain name on websites like Whois.net and LookWhoIs.

We may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. Some of the cookies we use are essential for our sites to operate.

What is GDPR and
how it influences our relationship?

Watch this simple and informative video about GDPR and how it puts you in better control of your personal information.