We believe your personal information deserves the utmost respect when it comes to security and use, so we have described as clearly as possible how we use and care for your personal information below.
For the purpose of the Data Protection Act 1998, the data controller is Pay Smart Carpets Limited.
We know how important it is to manage and protect the information you share with us. When you share data with us through our website, that information is protected by secure socket layer (SSL) encryption.
To prevent any unauthorised disclosure or access to your information, we have implemented strong electronic and physical security safeguards.
We also follow stringent procedures to ensure we work with all personal information in line with the Data Protection Act 1998.
Collecting your information
We collect information about you in numerous ways:
- information that you provide to us through our website; and
- information that you provide via communications with us.
In addition to the personal information you submit (or we collect), we may also collect information about your computer including, where available, your IP Address, operating system and browser type for the purpose of system administration and product improvement. Details on this are avaliable in our Cookies.
We may also record and/or monitor calls for training and quality purposes. Recordings may also be used to help us combat fraud.
Use of your information
Information we hold
We will hold and use the following details about you:
- your name address, phone numbers, email address and date of birth;
- information we receive when making a decision about you, your application or agreement;
- details of all agreements you have and have had with us, along with all transactions; and
- details of when we contact you and you contact us.
As well as any other information which we reasonably need to operate your account or fulfil our regulatory obligations.
We may keep details of any phone number(s) that you call us from and use them to contact you.
While managing your account, we may be given sensitive information such as medical information. We will store and process this information in order to allow us to make decisions about you and your accounts with us.
We will store your data on our systems for the following durations:
- If you have been accepted for a agreement - 6 Years
- If you have been declined for a agreement - 3 Years
- All other scenarios - 3 Months*
* If you have opted into marketing we will store your contact details (email address, phone numbers, name and address) for up to 36 months from the time of last interaction with us. You may opt out at anytime by contacting us at email@example.com or by clicking unsubscribe on any marketing communications from us.
Information we share
We will keep all of your personal information confidential and only share it with others for the purposes explained in this policy. We have trusted relationships with carefully selected third parties who perform services on our behalf. All third parties are bound by contract to maintain the security of all of your personal information and only to use it as permitted by us.
We may share information about you:
- with any person, organisation or company that we use in order to help us operate our lending business, to provide services on our behalf, collect payments and recover depts on our behalf;
- with any person, organisation or company who provides us with products and services;
- with any person who has told us and who we reasonably believe to be your carer, helper or parent where you are unable to handle your own affairs due to mental capacity or other similar issues;
- with any payment system that we may use;
- with any person to whom we sell or transfer (or enter into negotiations to transfer or sell) our business or any of our obligations or rights under any agreement we may have with you. If the sale or transfer goes ahead, the purchaser or transferee may use your personal information in the same way as us; and
- with regulatory and governmental authorities ombudsmen, or other authorities, including tax authorities, where we are requested by them to do so.
How we use your information
We will use your information to:
- make, or assist in making, credit decisions about you, assess lending and insurance risks, and to check the details that you have let us and others have;
- operate and manage your account and manage any application, agreement or correspondence you may have with us;
- contact you by email, SMS, letter or telephone about our products and services, unless you tell us that you prefer not to receive marketing;
- to form a view of you as an individual and to identify, develop or improve products, that may be of interest to you;
- carry out market research, business and statistical analysis;
- carry out, monitor and analyse our business;
- carry out audits;
- recover any debt you owe us; and
- comply with our regulatory obligations.
Your data may also be used for other purposes for which you give your permission, or where we are permitted to do so by law, or it is in the public interest to disclose the information or is otherwise permitted under the terms of the Data Protection Act 1998.
Access to your information
Under the Data Protection Act 1998, you have the right to access certain personal records that we hold about you. This is called a Data Subject Access Request, which you can make by writing to firstname.lastname@example.org. A £10 fee is payable.
We want to make sure that your information is as up to date and accurate as possible. You may ask us to correct or remove any information that you think is inaccurate.
Third party links
Our website may contain links to third party websites. If you choose to follow a link to any of these websites, please note that these websites have their own terms and privacy policies and we do not accept any responsibility or liability for them.
Social media features
Personal information provided as part of a redress programme
The personal data that you provide as part of any redress programmes will only be used for the purposes of communicating relevant updates and will not be used for marketing purposes. We will not pass the data to any third parties unless required to do so by law, regulation or a regulatory body. We will retain such data for a period of 6 years.
Last updated: November 2017