Privacy Notice – Instant Cash Loans Limited
The Money Shop is a trading name of Instant Cash Loans Limited. We are registered in England and Wales under company number 2685515 and we have our registered office at 6 Bevis Marks, London, EC3A 7BA. Data Protection registration number Z6250344. We are responsible under data protection laws for our processing of your personal information which we also refer to as personal data in this Policy. Your personal information means any data which, either by itself or with other data held by us or available to us, can be used to identify you. Further details of the personal information we process about you is set out below in this Policy.
We understand that your privacy is extremely important to you. As a result we have put in place a number of measures to ensure that any personal data we obtain from you visiting this website is processed and maintained in accordance with accepted principles of good information handling and also in accordance with the data protection laws. This Policy provides you with details of the type of personal information we may hold about you, how we obtain and use any personal information and how we protect your privacy.
|1||OBTAINING YOUR PERSONAL INFORMATION|
|1.1||You are free to browse the website www.themoneyshop.com (the “Website”) without providing any personal information to us (although, please see section 1.4.2 where we mention an exception relating to information gathered by some cookies used on the Website which may constitute your personal information).|
We may as a result of your interaction with the Website, store and process your personal information. It is collected by us from the following sources:
(a) from you;
(b) from third parties, such as credit reference agencies (CallCredit, Experian, Equifax, who may search the Electoral Register), or fraud prevention agencies when you apply for an account or any other product or service or which you or they give to us at any other time; and
(c) from the way you use and manage your account(s), from your transactions and from the payments made to your account.
|1.3||If you e-mail a question to firstname.lastname@example.org or register your interest in our product(s) or services(s), then it will be necessary for us to collect and process your personal information about you in order to e-mail a reply or otherwise respond to you.|
The categories of your personal information that we may collect are as follows:
|2||USE OF COLLECTED INFORMATION AND THE LEGAL BASIS FOR THIS|
The information we collect about you may be used in the following ways:
|3||SHARING YOUR INFORMATION WITH THIRD PARTIES|
|3.1||We may share your personal information with any member of our group of affiliated companies for the reasons set out above who may process your personal information for the purposes described in section 3.2.1 (onwards) below. Our group of affiliated companies include Instant Cash Loans Limited, T.M. Sutton Limited, Peac (UK) Limited, Aurajoki Europe Limited and Aurajoki Holdings UK Limited. The list of our group of affiliated companies with whom your data may be shared will change from time so please ensure that you revisit this page regularly.|
Sometimes (and with your approval where required), we will share your information with carefully selected third parties outside our group. We may do this for the following reasons:
|4||CREDIT REFERENCE AND FRAUD PROTECTION AGENCIES|
CREDIT REFERENCE AGENCIES
How do credit reference agencies use your personal information?
The identities of the CRAs, their role as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at Is also accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document: Callcredit www.callcredit.co.uk/crain; Equifax www.equifax.co.uk/crain; Experian www.experian.co.uk/crain
How and why do we share your personal information with credit reference agencies?
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). We may also make periodic searches at CRAs to manage your account with us.
To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
· Assess your creditworthiness and whether you can afford to take the product;
· Verify the accuracy of the data you have provided to us;
· Prevent criminal activity, fraud and money laundering;
· Manage your account(s);
· Trace and recover debts; and
· Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
FRAUD PREVENTION AGENCIES
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
The personal data you have provided, we have collected from you, or we have received from third parties may include your:
• date of birth
• residential address and address history
• contact details such as email address and telephone numbers
• financial information
• employment details
• identifiers assigned to your computer or other internet connected device including your Internet Protocol (IP) address
When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Your personal data is protected by legal rights, which include your rights to:
• object to our processing of your personal data;
• request that your personal data is erased or corrected;
• request access to your personal data.
For more information or to exercise your data protection rights please contact us using the contact details below in section 17.
If you are unhappy about how your personal data has been used please refer to our complaints policy. https://www.themoneyshop.com/complaints-handling/ You also have a right to complain to the Information Commissioner's Office, which regulates the processing of personal data https://ico.org.uk/.
Automated decision making including profiling
|5||TRANSFERRING YOUR PERSONAL INFORMATION OUTSIDE THE UK/EEA.|
Some companies within our group of affiliated companies, and sometimes other third parties with whom we share personal information, are or may be located outside the UK and the EEA (as it is made up from time to time). In addition, some of our service providers may be located outside the UK and the EEA or use data processing locations outside the UK and the EEA.
When we share your personal information with these and certain other third parties, your personal information will be transferred outside of the UK (and in some cases outside of the EEA). Where adequate protections for your personal information do not exist under applicable laws, steps will be necessary to ensure that appropriate safeguards apply to maintain the same levels of protection as are needed under UK data protection laws.
Safeguards include contractual obligations imposed on the recipients of your personal data. Those obligations require the recipient to protect your personal data to the standard required under UK data protection laws. Safeguards also include requiring the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing and where the framework is the means of protection for the personal information. For more information about these appropriate safeguards, and others as may be relevant from time to time, including to obtain a copy of them or to find out where they have been made available, you can contact us using the details below (see section 17).
METHODS OF CONTACT
Unless you have advised us to the contrary, we may contact you by telephone, SMS, post, e-mail or fax to send you information communications about your application and the product or service that you obtain from us under the contract between us if that application is successful. These are service communications not marketing. (Please see the ‘Keeping You Informed’ section below regarding how you may be contacted for direct marketing purposes).
|7||WHAT CRITERIA DO WE USE TO DETERMINE HOW LONG WE KEEP YOUR PERSONAL INFORMATION?|
How long we keep your personal information for depends on the basis on which it was provided and what we use it for, generally however:
|8||KEEPING YOU INFORMED|
|8.1||From time to time we would like to contact you by SMS, post, email or telephone, with offers relating to products of ours which we think you might be interested in.|
|8.2||When you submit your application, you will be asked whether you want to provide your consent to receive marketing communications from us about our products and services. If you do want these then you can tick an opt-in box to provide your consent. This means that your consent will be the lawful reason for all such marketing communications.|
If you do not indicate in the way described at section 8.2 that you want to receive marketing communications from us, please note that this will not prevent us from being able to provide you with the products or services you are applying for – this is separate to the issue of marketing communications. You will not receive any marketing from us and we will not share your details with anyone else for them to send marketing to you.
If you provide us with your consent, you have the right to withdraw it at any time by contacting email@example.com We will process your request to withdraw consent for marketing communications as promptly as possible, however this may take up to 5 working days, during which time you may still receive marketing communications from us. In addition certain rights under privacy law can be relevant where processing of your contact details is based on consent such as erasure and portability – please see below.
YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION
The rights explained in this section apply to you in relation to the company which is data controller of your information. The data controller is the entity which determines the purposes and means of the processing of your personal information. We are a data controller of your personal information and therefore you are entitled to make requests to us to exercise your rights in relation to your personal information controlled by us. However, we can only comply with your requests to the extent that we are a data controller of your personal information – if your request relates to any other companies (including affiliated companies within our group), you must make a separate request to them to exercise your rights.
Under data protection laws, you have the right to make the following requests in relation to your personal information. Please be aware that these rights do not apply in all circumstances. If you seek to exercise one against us we will explain to you at that stage whether or not the right does apply to you based on the facts.
· Access: You have the right of access to your personal information that we hold about you as a data controller (although certain exceptions may apply). In certain instances you may be required to pay a reasonable fee based on our administrative costs if requesting further copies. You will need to make a separate request and pay a separate fee for each company within our group of affiliated companies whose records you wish to access. This right will enable you to obtain confirmation that your personal data is being processed, to obtain access to it, and to obtain other supplementary information about how it is processed. In this way you can be aware of and you can verify the lawfulness of your processing of your personal data.
Rectification: You have the right to request that we rectify any inaccurate personal information about you (we also require you to information us if your personal data is inaccurate or out of data – see section 10.1 below). This includes the right to have any incomplete personal data completed (taking into account the purposes of the processing), including by means of providing a supplementary statement;
Erasure (‘right to be forgotten’): In certain circumstances, you have the right to request that we erase your personal data. This right is not absolute – it applies only in particular circumstances and where it does not apply any request for erasure will be rejected. Circumstances when it might apply include where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed, if the processing is based on consent which you then withdraw, when there is no overriding legitimate interest for continuing the processing, if the personal data is unlawfully processed, or if the personal data has to be erased to comply with a legal obligation. Requests for erasure will be refused where that is lawful and permitted under data protection law for instance where the personal data has to be retained to comply with legal obligations or to exercise or defend legal claims;
Restriction; In certain circumstances you have the right to request that we restrict our processing of your personal information, for instance where you contest it as being inaccurate (until the accuracy is verified); where you consider that the processing is unlawful and where this the case; and where you request that our use of it is restricted; or where we no longer need the personal data;
Data portability: You have the right to request that we provide you with a copy, in a machine-readable and portable format, of the personal information that you have provided to us, and to request that we transmit it directly to another data controller. This right is only relevant where we are processing personal data based on a consent or a contract and by automated means; this right is different from the right of access (see above) and the types of data you can obtain under the two separate rights may be different; you are not able to obtain through the data portability right all of the personal data that you can obtain through the right of access;
Right to object: in certain circumstances you may have the right to object to our processing of your personal information. This right allows individuals in certain circumstances to object to processing based on legitimate interests, direct marketing (including profiling) and processing for purposes of statistics. However, in such a case we may be able to demonstrate that the processing is required on compelling legitimate grounds or for the establishment, exercise or defence of legal claims;
Rights in relation to some automated decision making about you including profiling (as relevant) if this has a legal or other significant effects on you as an individual. This right allows individuals in certain circumstances to access certain safeguards against the risk that a potentially damaging decision is taken without human intervention.
Please note that where we process your information for direct marketing purposes, you always have the right to object to that processing. Furthermore, where we are processing your personal information based on your consent, you have the right to withdraw your consent to the processing at any time. If you do this and if there is no alternative lawful reason which justifies our processing of your personal information for a particular purpose, this may affect what we can do for you. For instance, it may mean that we cannot take into account the data concerning your health in connection with arrears of payments or that you cannot receive any marketing from us about third party products and services and those of our group of companies (as relevant).
You have the right to complain to the Information Commissioner’s Office at any time (see below for more details).
|10||UPDATE YOUR DETAILS/PREFERENCES|
|10.1||If any data or information we hold about you is inaccurate or out of date then please let us know and this will be corrected where appropriate. Please see section 9.1 above for more details about the right to rectification.|
|10.2||To exercise your rights as described in section 9, please contact us as set out at section 17.1.|
|11||SECURITY AND CONFIDENTIALITY|
|11.1||We take the steps required by UK data protection law to protect your personal information. However, please be aware that there are inherent security risks of providing information and dealing online over the internet and we cannot therefore guarantee the security of any data disclosed online, particularly during transmission from you to us. We ask that you do not provide us with any sensitive personal information online (please see the ‘Special Categories of Personal Information’ Section below) unless we specifically ask for this.|
|11.2||To help protect your personal information, we take steps where possible to anonymise your personal information where it is not necessary for the information to be identifiable for the purposes of the processing – for example we anonymise your personal information before using it to test our IT systems.|
LINKS TO OTHER SITES
This Website may from time to time include links to other sites. We make every effort to provide links to high quality, reputable sites but we're not responsible for their privacy practices or, site content, or the services they offer. Please always check the privacy policies of any linked sites.
SPECIAL CATEGORIES OF PERSONAL INFORMATION
Information about you which is considered special categories of (or ‘sensitive’) personal information under the data protection legislation, includes information about your medical or health conditions, racial or ethnic origin, genetic data, biometric data (for the purpose of uniquely identifying you), political opinions or trade union membership, religious or philosophical beliefs, sex life and sexual orientation. (In addition there is a separate category called criminal convictions and offences data which may be relevant if fraud or other crimes are suspected). (Please note that financial information is not considered by data protection legislation to constitute a special category of information). If we need to process special categories of personal information about you, you will be notified of such processing and asked to specifically give explicit consent to the use of such information as appropriate and where explicit consent is needed. Otherwise we ask that you do not provide us with such information where we do not request it, for example in emails to us, on telephone calls or in free text boxes on our Website.
If you call any of the telephone numbers quoted on this Website, in our literature or in correspondence, we may record your call. These recordings are used for training, regulatory and quality control purposes to ensure that we continuously monitor and improve our customer service standards.
By email at firstname.lastname@example.org
By post at The Money Shop, Unit 1, Castle Marina Road, Nottingham, NG7 1TN.
If you have any complaints about our processing of your personal information, we encourage you to contact us initially so we can seek to discuss the complaint with you.
You have the right to lodge a complaint about our processing of your personal information with the Information Commissioner’s Office https://ico.org.uk/ who is the supervisory authority who regulates our processing of your personal information in compliance with data protection laws.