Personal information means any information relating to an identified or identifiable natural person. This includes data which either by itself or with other data held by us or available to us, can be used to identify you.
Your personal information comprises personal and financial information that we have obtained from you, the Intermediary(s), your Service Provider(s), credit reference agencies, fraud prevention agencies or similar companies who carry out identity, verification or other checks.
We collect your personal information directly from you and we obtain it indirectly from these other sources. We also keep information about the conduct of your Account and any communications between us.
By entering into this Credit Agreement, you confirm that all information provided to us or to the Intermediary(s) by you or on your behalf, and either as part of your application for credit or at any time afterwards, is true, complete and accurate in all respects.
If your personal information such as your marital status, contact details, or home address changes you must inform us without delay. See ‘Contact us’ below.
Personal information also includes special categories of personal data. This is data about your;
We do not usually ask you for this type of information nor do we obtain it from third party sources (such as the Intermediary(s)). The exception is data concerning your health – this may be processed if you volunteer this information when we ask you about the conduct of your Account, for instance, if you tell us that you are unable to meet repayments because you have a health condition.
Personal information also includes criminal convictions and offence details, and we may process these if fraud prevention agency checks reveal a fraud or if we identify a fraud on your Account.
We are required by data protection (DP) law to indicate to you the legal basis which relates to our use and processing of your personal information. This may include (as relevant):
(in particular a Credit Agreement)
or in order to take steps at your request prior to entering into a contractProcessing that is necessary for our own legitimate interests or those of third parties provided these are not overridden by your interests and fundamental rights and freedoms – such as;
(a) to protect our business information, our premises and our staff;
(b) for management and audit of our business operations including auditing;
(c) for market research and analysis including developing statistics (we may anonymise your personal information prior to this – see below);
(d) to administer your Account and to provide customer service and support functions including those made available on our website and over the telephone;
(e) for direct marketing (subject always to your consent, where that is required);
(f) when there is a sale or reorganisation of our business assets (in that scenario purchasers may be able to obtain personal information from us where necessary for their own legitimate interests of preparing for completion of the sale or reorganisation);
(g) for systems or other testing and analysis to help us with systems and product development (we may anonymise your personal information prior to this – see below);
(h) for the monitoring purposes described below; and
(i) for our corporate governance related purposes including compliance oversight and sample checking.
Processing that is necessary to comply with a legal obligation (other than a contractual obligation) – such as:
(a) to process your request for information or when you exercise your rights against us under data protection law;
(b) for compliance with legal and regulatory requirements;
(c) for establishment and defence of legal rights;
(d) for activities relating to the prevention, detection and investigation of crime;
(e) to verify identity/ies; and
(f) to perform checks at credit reference agencies and fraud prevention agencies.
Processing that is based on your freely given, specific, informed and unambiguous consent – such as:
(a) when you consent to direct marketing;
(b) when you give your explicit consent in relation to data concerning your health if you volunteer this information when we ask you about the conduct of your Account; and
(c) when you specifically request that we share your personal information with a third party such as your next of kin or another person to whom you have given a power of attorney in connection with the credit you have obtained from us.
You are entitled to withdraw your consent at any time. If you do this and if there is no alternative lawful reason which justifies our processing of your Personal Information for a particular purpose, this may affect what you are entitled to receive from us. For instance, if you withdraw your consent to direct marketing, we will stop using it for that purpose and we will not inform you about our other products and services unless you alter your preferences again in future.
This information is condensed. For full details about our sharing of your personal information with the credit reference agencies (CRAs) please contact us (details below).
We may use your personal information to help us assess your eligibility for credit as part of your application for credit and, if you obtain credit, in managing your Account, as well as to confirm and verify your identity and other details, and by entering into this Credit Agreement you agree that we may:
search your records at CRAs when you first enter into this Credit Agreement and periodically during the term of this Credit Agreement such as if you apply to increase the credit amount.
These searches will tell us about your credit history. When the CRAs receive a search from us they will place a footprint on your credit file and in this way they will add to their record about you details of our search which will be seen by other organisations making searches (for example, other lenders or providers of credit).
These details will be used by those other organisations when assessing your applications for credit.
Credit searches and other personal information about you which we provide to the CRAs will be used by the CRAs and shared with those other organisations to trace your whereabouts, recover debts that you owe and to verify your identity.
Records remain on file at the CRAs for 6 years after they are closed, whether settled by you or defaulted.
We, the Intermediary and a Service Provider may use information about you and the conduct of your Account to help make credit, credit-related and Service-related decisions about you or to trace debt and to fight fraud, money-laundering, terrorism and other crimes and to keep to any laws or regulations in any country;
(b) use a credit scoring or other automated decision-making system (this means that we will do automated credit scoring using details obtained from you, the Intermediary, and from the CRAs, to make decisions without human intervention based on about whether or not you are likely to meet the repayments on your Account – we will do this when assessing your application for credit and periodically after that if you apply to increase your credit limit then a decision will be taken based on the credit score).
If you tell us that you have a spouse or financial associate, which creates a joint financial unit in a similar way to a married couple – for example if you share the same address, we may search, link and/or record information at the CRAs about you both; link any individual identified as your financial associate in our own records, take both your and their information into account in future applications by either or both of you; and continue this linking until one of you notifies us that you are no longer in a financial unit together.
Information held about you by CRAs may be linked to records relating to any such person.
When we search for information about you at credit reference agencies we may also search for information about the people with whom you are linked, and use that information about you when deciding whether or not to go ahead with this Credit Agreement.
We may also use information about you when making a decision about a person with whom your records are linked.
Whether or not we go ahead with this Credit Agreement your records may become linked to any person revealed to be linked to you by this Credit Agreement (for example a joint applicant).
When the CRAs receive a search from us they will link together your records and these links will remain on their files until such time as you or the other person successfully files for a disassociation at the CRAs.
If your circumstances change such that you are no longer a financial unit with another person you should contact the CRAs about this.
You can contact us at Premium Credit Ltd, Ermyn House, Ermyn Way, Leatherhead, Surrey, KT22 8UX to request:
(a) details of the credit reference agencies we use (as mentioned above, you will need to contact the credit reference agency directly about the information they hold about you for which you will have to pay them a fee); and
(b) Aa copy of the personal information we hold about you (further details below on this – see “Your rights under applicable data protection law”).
The CRAs operating in the UK are CallCredit, Equifax and Experian. You can contact them to find out what information they hold about you.
The information they hold may not be the same so you may wish to contact more than one. They are entitled to charge a small statutory fee. The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, their data retention periods and your data protection rights with the CRAs are explained in more details at the websites below:
Call Credit, Consumer Services, PO Box 491, Leeds, LS3 1WZ or visit www.callcredit.co.uk/crain
Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS or visit www.equifax.co.uk/crain
Experian, Consumer Support Centre, PO Box 9000, Nottingham, NG80 7WF or visit www.experian.co.uk/crain
We will check your personal information with fraud prevention agencies (FPAs) when you first enter into this Credit Agreement and periodically during the term of this Credit Agreement such as if you apply to increase the credit amount.
If false or inaccurate information is provided and fraud is identified details will be passed to FPAs. Law enforcement agencies may access and use this information.
We and other organisations may use this information to prevent crime including fraud and money-laundering, for example when checking details on applications for credit related or other facilities, managing credit and debt related accounts or facilities and recovering debt.
We may monitor and record telephone calls and monitor email communications with you for the purpose of quality control, security and training, resolving complaints and/or to evidence the nature and contents of such conversations.
In addition, we may do this where necessary for compliance with regulatory rules or self-regulatory practices or procedures relevant to our business and to prevent or detect crime.
We may give information about you, your Account (including, where relevant, the bank details we hold) and the conduct of your Account to credit reference agencies and fraud prevention agencies (see above), any Intermediary (including an Intermediary who no longer acts for you or an Intermediary to whom you have transferred including by your own volition or as part of a business sale), any Service Provider, any agent or administrator acting on our, an Intermediary or Service Provider’s behalf, any wholesale intermediary that arranges the Service from a Service Provider on behalf of an Intermediary, any network, cooperative or similar association which an Intermediary is a member of, any of our suppliers (this would include for instance IT software providers and providers of IT support services), debt collection agents, any party to which we transfer, assign or charge this Credit Agreement or our interest in this Credit Agreement (or any party to who we are considering transferring, assigning or charging this Credit Agreement or our interest in this Credit Agreement) and their insurers and advisers, or any third party from whose bank accounts you make payments from under the Credit Agreement (we may provide a copy of this Credit Agreement to your bank, in this way, to evidence that we are able to take payment from your account).
We may disclose your personal information where necessary to providers of indemnity insurance to our business.
We may also give information to the police, fraud prevention agencies or other regulatory authorities, government agencies if required to do so by law or where we are required to do so in response to requests from all such persons, or if you give us false or inaccurate information and we suspect fraud (further details above).
We will disclose it where compelled to do by the Courts and for the administration of justice. We may share your personal information with our professional advisors and our auditors.
If you have more than one Credit Agreement with us, we may hold and update information relating to your name, address and contact details on our central database and disclose such information to any organisation who submits an application for credit to us on your behalf for the purposes of such application and any related credit agreement, so they can update their records about you to continue providing you with services, identify products and services which might be suitable for you, recover amounts owing from you and to prevent fraud.
We may transfer your personal information to countries outside of the UK which do not have adequate protections for personal information under their own applicable laws.
For instance, this may happen if we use service providers. Where we transfer your data outside the UK, we will only do so in accordance with our obligations under applicable data protection law.
Steps will be taken to put in place safeguards (including around security) to protect your personal information when it is outside the UK.
Safeguards may include the Standard Data Protection Clauses (also known as Standard Model Clauses).
Transfers may also happen based on the US Privacy Shield. Details here:
https://www.privacyshield.gov/welcome.
You can contact us for a copy of EU Model Clauses.
We will keep your personal information for as long as we need it to fulfil the purposes for which it was collected (see above).
We will keep certain personal information after that in order to comply with legal and regulatory requirements.
The criteria we use to determine data retention periods for Personal Information includes the following:
If you would like further information about our data retention practices you can ask for this at any time (contact details below).
There are various rights under data protection law, and these will not always be relevant to you. We have described below what the rights are but please do be aware that they will not be engaged in all circumstances. If you wish to exercise any of these rights please contact us (details below).
If you have questions or queries about this data protection notice you can contact us by writing to us (see address above) or by telephone 0344 736 9836.
Alternatively, please visit the ‘my support’ pages of our website at https://www.premiumcredit.com/faq/frequently-asked-questions where you can choose from a number of options including ‘Changing my details’ or ‘Contact us’.
The contact details of our DPO are
dataprotectionofficer@pcl.co.ukPlease note that here we mean the Information Commissioner’s Office (details below) – this is entirely distinct from the supervisory authority referenced in the Credit Agreement.
Without prejudice to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the data protection supervisory authority in the UK.
You may do this if you consider that we have infringed the applicable data protection law.
In the UK, the supervisory authority who is empowered to investigate whether we are complying with the data protection law is called the Information Commissioner’s Office.
For more details including how to contact the ICO please visit its website: https://ico.org.uk/
How we use your personal information
Personal information means any information relating to an identified or identifiable natural person. This includes data which either by itself or with other data held by us or available to us, can be used to identify you.
Your personal information comprises personal and financial information that we have obtained from you, the Intermediary(s), your Service Provider(s), credit reference agencies, fraud prevention agencies or similar companies who carry out identity, verification or other checks.
We collect your personal information directly from you and we obtain it indirectly from these other sources. We also keep information about the conduct of your Account and any communications between us.
By entering into this Credit Agreement, you confirm that all information provided to us or to the Intermediary(s) by you or on your behalf, and either as part of your application for credit or at any time afterwards, is true, complete and accurate in all respects.
If your personal information such as your marital status, contact details, or home address changes you must inform us without delay. See ‘Contact us’ below.
Personal information also includes special categories of personal data. This is data about your;
We do not usually ask you for this type of information nor do we obtain it from third party sources (such as the Intermediary(s)). The exception is data concerning your health – this may be processed if you volunteer this information when we ask you about the conduct of your Account, for instance, if you tell us that you are unable to meet repayments because you have a health condition.
Personal information also includes criminal convictions and offence details, and we may process these if fraud prevention agency checks reveal a fraud or if we identify a fraud on your Account.
What we may use and process your personal information for and the legal basis for our use and processing
We are required by data protection (DP) law to indicate to you the legal basis which relates to our use and processing of your personal information. This may include (as relevant):
Processing that is necessary for performance of a contract (in particular a Credit Agreement) or in order to take steps at your request prior to entering into a contract
Processing that is necessary for our own legitimate interests or those of third parties provided these are not overridden by your interests and fundamental rights and freedoms – such as;
(a) to protect our business information, our premises and our staff;
(b) for management and audit of our business operations including auditing;
(c) for market research and analysis including developing statistics (we may anonymise your personal information prior to this – see below);
(d) to administer your Account and to provide customer service and support functions including those made available on our website and over the telephone;
(e) for direct marketing (subject always to your consent, where that is required);
(f) when there is a sale or reorganisation of our business assets (in that scenario purchasers may be able to obtain personal information from us where necessary for their own legitimate interests of preparing for completion of the sale or reorganisation);
(g) for systems or other testing and analysis to help us with systems and product development (we may anonymise your personal information prior to this – see below);
(h) for the monitoring purposes described below; and
(i) for our corporate governance related purposes including compliance oversight and sample checking.
Processing that is necessary to comply with a legal obligation (other than a contractual obligation) – such as:
(a) to process your request for information or when you exercise your rights against us under data protection law;
(b) for compliance with legal and regulatory requirements;
(c) for establishment and defence of legal rights;
(d) for activities relating to the prevention, detection and investigation of crime;
(e) to verify identity/ies; and
(f) to perform checks at credit reference agencies and fraud prevention agencies.
Processing that is based on your freely given, specific, informed and unambiguous consent – such as:
(a) when you consent to direct marketing;
(b) when you give your explicit consent in relation to data concerning your health if you volunteer this information when we ask you about the conduct of your Account; and
(c) when you specifically request that we share your personal information with a third party such as your next of kin or another person to whom you have given a power of attorney in connection with the credit you have obtained from us.
You are entitled to withdraw your consent at any time. If you do this and if there is no alternative lawful reason which justifies our processing of your Personal Information for a particular purpose, this may affect what you are entitled to receive from us. For instance, if you withdraw your consent to direct marketing, we will stop using it for that purpose and we will not inform you about our other products and services unless you alter your preferences again in future.
Credit scoring and checks at credit reference agencies
This information is condensed. For full details about our sharing of your personal information with the credit reference agencies (CRAs) please contact us (details below).
We may use your personal information to help us assess your eligibility for credit as part of your application for credit and, if you obtain credit, in managing your Account, as well as to confirm and verify your identity and other details, and by entering into this Credit Agreement you agree that we may:
search your records at CRAs when you first enter into this Credit Agreement and periodically during the term of this Credit Agreement such as if you apply to increase the credit amount.
These searches will tell us about your credit history. When the CRAs receive a search from us they will place a footprint on your credit file and in this way they will add to their record about you details of our search which will be seen by other organisations making searches (for example, other lenders or providers of credit).
These details will be used by those other organisations when assessing your applications for credit.
Credit searches and other personal information about you which we provide to the CRAs will be used by the CRAs and shared with those other organisations to trace your whereabouts, recover debts that you owe and to verify your identity.
Records remain on file at the CRAs for 6 years after they are closed, whether settled by you or defaulted.
We, the Intermediary and a Service Provider may use information about you and the conduct of your Account to help make credit, credit-related and Service-related decisions about you or to trace debt and to fight fraud, money-laundering, terrorism and other crimes and to keep to any laws or regulations in any country;
(b) use a credit scoring or other automated decision-making system (this means that we will do automated credit scoring using details obtained from you, the Intermediary, and from the CRAs, to make decisions without human intervention based on about whether or not you are likely to meet the repayments on your Account – we will do this when assessing your application for credit and periodically after that if you apply to increase your credit limit then a decision will be taken based on the credit score).
Linked records
If you tell us that you have a spouse or financial associate, which creates a joint financial unit in a similar way to a married couple – for example if you share the same address, we may search, link and/or record information at the CRAs about you both; link any individual identified as your financial associate in our own records, take both your and their information into account in future applications by either or both of you; and continue this linking until one of you notifies us that you are no longer in a financial unit together.
Information held about you by CRAs may be linked to records relating to any such person.
When we search for information about you at credit reference agencies we may also search for information about the people with whom you are linked, and use that information about you when deciding whether or not to go ahead with this Credit Agreement.
We may also use information about you when making a decision about a person with whom your records are linked.
Whether or not we go ahead with this Credit Agreement your records may become linked to any person revealed to be linked to you by this Credit Agreement (for example a joint applicant). When the CRAs receive a search from us they will link together your records and these links will remain on their files until such time as you or the other person successfully files for a disassociation at the CRAs. If your circumstances change such that you are no longer a financial unit with another person you should contact the CRAs about this.
Obtaining details of credit reference agencies and copies of your data
You can contact us at Premium Credit Ltd, Ermyn House, Ermyn Way, Leatherhead, Surrey, KT22 8UX to request:
(a) details of the credit reference agencies we use (as mentioned above, you will need to contact the credit reference agency directly about the information they hold about you for which you will have to pay them a fee); and
(b) Aa copy of the personal information we hold about you (further details below on this – see “Your rights under applicable data protection law”).
The CRAs operating in the UK are CallCredit, Equifax and Experian. You can contact them to find out what information they hold about you.
The information they hold may not be the same so you may wish to contact more than one. They are entitled to charge a small statutory fee. The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, their data retention periods and your data protection rights with the CRAs are explained in more details at the websites below:
Checks at fraud prevention agencies
We will check your personal information with fraud prevention agencies (FPAs) when you first enter into this Credit Agreement and periodically during the term of this Credit Agreement such as if you apply to increase the credit amount.
If false or inaccurate information is provided and fraud is identified details will be passed to FPAs. Law enforcement agencies may access and use this information. We and other organisations may use this information to prevent crime including fraud and money-laundering, for example when checking details on applications for credit related or other facilities, managing credit and debt related accounts or facilities and recovering debt.
Monitoring
We may monitor and record telephone calls and monitor email communications with you for the purpose of quality control, security and training, resolving complaints and/or to evidence the nature and contents of such conversations. In addition, we may do this where necessary for compliance with regulatory rules or self-regulatory practices or procedures relevant to our business and to prevent or detect crime.
Data anonymisation and use of aggregated information
We may convert your personal information into statistical or aggregated form to mean you are not identified or identifiable from it. We may use this aggregated data to conduct research and analysis and to produce statistical research and reports. For instance, this may help us to understand how many of our customers’ Accounts are in arrears at any given time. Aggregated data may be shared with our affiliates.
Who we may give your personal information to
We may give information about you, your Account (including, where relevant, the bank details we hold) and the conduct of your Account to credit reference agencies and fraud prevention agencies (see above), any Intermediary (including an Intermediary who no longer acts for you or an Intermediary to whom you have transferred including by your own volition or as part of a business sale), any Service Provider, any agent or administrator acting on our, an Intermediary or Service Provider’s behalf, any wholesale intermediary that arranges the Service from a Service Provider on behalf of an Intermediary, any network, cooperative or similar association which an Intermediary is a member of, any of our suppliers (this would include for instance IT software providers and providers of IT support services), debt collection agents, any party to which we transfer, assign or charge this Credit Agreement or our interest in this Credit Agreement (or any party to who we are considering transferring, assigning or charging this Credit Agreement or our interest in this Credit Agreement) and their insurers and advisers, or any third party from whose bank accounts you make payments from under the Credit Agreement (we may provide a copy of this Credit Agreement to your bank, in this way, to evidence that we are able to take payment from your account). We may disclose your personal information where necessary to providers of indemnity insurance to our business.
We may also give information to the police, fraud prevention agencies or other regulatory authorities, government agencies if required to do so by law or where we are required to do so in response to requests from all such persons, or if you give us false or inaccurate information and we suspect fraud (further details above). We will disclose it where compelled to do by the Courts and for the administration of justice. We may share your personal information with our professional advisors and our auditors.
If you have more than one Credit Agreement with us, we may hold and update information relating to your name, address and contact details on our central database and disclose such information to any organisation who submits an application for credit to us on your behalf for the purposes of such application and any related credit agreement, so they can update their records about you to continue providing you with services, identify products and services which might be suitable for you, recover amounts owing from you and to prevent fraud.
Transfers outside the UK
We may transfer your personal information to countries outside of the UK which do not have adequate protections for personal information under their own applicable laws. For instance, this may happen if we use service providers. Where we transfer your data outside the UK, we will only do so in accordance with our obligations under applicable data protection law. Steps will be taken to put in place safeguards (including around security) to protect your personal information when it is outside the UK.
Safeguards may include the Standard Data Protection Clauses (also known as Standard Model Clauses).
Transfers may also happen based on the US Privacy Shield. Details here:
https://www.privacyshield.gov/welcome.
You can contact us for a copy of EU Model Clauses.
Retention period or criteria used to determine the retention period
We will keep your personal information for as long as we need it to fulfil the purposes for which it was collected (see above). We will keep certain personal information after that in order to comply with legal and regulatory requirements. The criteria we use to determine data retention periods for Personal Information includes the following:
If you would like further information about our data retention practices, you can ask for this at any time (contact details below).
Your rights under applicable data protection law
There are various rights under data protection law, and these will not always be relevant to you. We have described below what the rights are but please do be aware that they will not be engaged in all circumstances. If you wish to exercise any of these rights please contact us (details below).
Contact us
If you have questions or queries about this data protection notice you can contact us by writing to us (see address above) or by telephone 0344 736 9836.
Alternatively, please visit the ‘my support’ pages of our website at http://www.support.mypremiumcredit.com/ where you can choose from a number of options including ‘Changing my details’ or ‘Contact us’.
Our Data Protection Officer
The contact details of our DPO are dataprotectionofficer@pcl.co.uk
Your right to lodge complaints with the data privacy supervisory authority
Please note that here we mean the Information Commissioner’s Office (details below) – this is entirely distinct from the supervisory authority referenced in the Credit Agreement.
Without prejudice to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the data protection supervisory authority in the UK. You may do this if you consider that we have infringed the applicable data protection law.
In the UK, the supervisory authority who is empowered to investigate whether we are complying with the data protection law is called the Information Commissioner’s Office.
For more details including how to contact the ICO please visit its website: https://ico.org.uk/