Premium Credit Limited ("we", “us”) are committed to protecting and respecting your privacy.
This notice is made available to you on our homepage and on every other page of www.premiumcredit.com (our site). By continuing with your visit to our site you are accepting and expressly consenting to the practices described in this notice. This notice (together with our terms of website use and any other documents referred to in it) sets out the basis on which any personal data we collect from you or that you provide to us, via our site, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of applicable data protection law including the Data Protection Act 2018 and the General Data Protection Regulation (Regulation (EU) 2016/679) (together, the DP Law), the data controller is Premium Credit Limited of Ermyn House, Ermyn Way, Leatherhead, Surrey KT22 8UX.
When this privacy notice applies
Any personal data we collect from you or that you provide to us via other sites or as a result of you subscribing to any of our services made available to you otherwise than through our site will be processed in accordance with separate privacy notices and terms made available to you at that time.
For instance, if you download our mobile software application (our app) a separate privacy notice will apply to the collection and processing of your personal data in connection with our app. Similarly, this privacy notice does not apply to the personal data we collect from you when you apply to obtain our credit-related products or services or when we sign up to written terms with you in connection with the same (please refer to the separate privacy notice(s) issued to you in the credit agreement on those occasions).
The meaning of personal information/personal data
Some of the information we collect about you will be able to identify you directly or indirectly as an individual, either when we use it on its own or when we combine it with other information in our possession. This includes identifiers such as your name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you) or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity. This information is personal information (also known as personal data) and the way we use it is governed by the DP Law and it is processed pursuant to this privacy notice.
Personal Information also includes special categories of personal data. This is data about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health, sex life or sexual orientation. In the unlikely event that any of this is collected from you during your visit to our site – you may be asked at the point of collection to provide your explicit consent where needed in order to justify our processing of it.
Information we may collect from you when you use our site
We may collect and process the following data about you:
Information you give us.
You may give us information about you by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise in connection with your use of our site. This includes information you provide when you register to use our site, subscribe to our service, report a problem with our site or in any other instances you provide information through our site. The information you give us may include, without limitation, your name, address, e-mail address, phone number, date of birth and financial information meaning salary/earnings details, bank account details including sort code and account number and payment card data.
Information we collect about you.
With regard to each of your visits to our site we may automatically collect the following information:
1. technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; some of this may be personal data i.e. data which identifies you or which is capable of identifying you; and
2. information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number; some of this may be personal data i.e. data which identifies you or which is capable of identifying you.
Information we receive from other sources.
We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case, we will inform you when we collect that data that it may be shared internally and combined with data collected on this site such as cookies. We are also working closely with third parties (including, for example, credit intermediaries, insurers, sub-contractors in technical, payment and delivery services and other suppliers of services to us, and, where permitted by DP Laws, advertising networks, analytics providers, search information providers, credit reference agencies) and we may receive personal information about you from any or all of these third parties. Whilst we have our own obligations under DP Laws in respect of this personal information, it is the obligation of third parties, such as your intermediary or service provider, under DP Law to obtain your consent (where relevant) and to give you notice prior to disclosing your information to us. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for some or all of the purposes set out below (depending on the types of information we receive).
How we use your personal information including the purposes for which we use it
In circumstances where you are not obliged to provide the personal information, we request from you in order to use our site, we will make this clear. Our usual practice is not to request any personal information unless this is necessary.
We use information held about you in the following ways:
• To communicate with you to provide you with information about the products and services that you request from us;
• To perform any contract we have with you;
• To review, analyse and evaluate your use of (or your decision not to use) our products and services in order to develop and improve the quality of our offering and strengthen our relationship with you and our other existing and potential customers. We may do this through the use of market research surveys, or such other methods as may be appropriate (with your consent where relevant);
• To notify you about changes to our site, our services or our products;
• To ensure that content from our site is presented in the most effective manner for you and for your computer;
• To allow you to participate in interactive features of our service, such as messaging and live chat, if available and when you choose to do so;
• As part of our efforts to keep our site safe and secure;
• To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• To administer our legitimate internal management analysis, audit, forecasts and business planning and transactions;
• To help prevent fraud and reduce credit risk;
• To establish, defend or exercise our legal rights;
• To comply with our legal, regulatory and internal governance obligations;
• For monitoring and recording of telephone calls and email communications where necessary for compliance with regulatory rules or self-regulatory practices or procedures relevant to our business, to prevent or detect crime, for quality, training and security purposes; and
• For market research and analysis and developing statistics.
The legal basis for our use and other processing of your personal information under DP Law
This will include (as relevant):
• Processing of your personal information in order that we may perform our obligations under a contract with you (such as the contract between us consisting of the terms governing your use of our site);
• Processing for legitimate interests provided these are not overridden by your interests and fundamental rights and freedoms (this includes our own legitimate interests and those of other entities and branches in our group of companies); for instance, this is relevant when we use and process your personal data to deal with our legal and regulatory and internal governance obligations; and
• (In addition / in conjunction with the processing condition described above) processing which is necessary for compliance with our legal obligations laid down by English Laws applicable to us in the United Kingdom.
Your consent may also be a lawful reason for processing your personal data in relation to your use of our site, in certain cases. This means your freely given, specific, informed and unambiguous consent which may be collected from you for instance when you agree to receive marketing communications from us or when you agree to take part in surveys or market research (as relevant). You should be aware that you are entitled under DP Law to withdraw your consent, where that has been given, at any time. If you do this and if there is no alternative lawful reason for us to rely on to justify the relevant use or other processing on your personal data, this may affect the use you are able to make of our site. For instance, if you are a registered user of our site and if you tell us that you do not want us to use your personal data in respect of the login facility provided on our site, we will abide by your decision, but you will not be able to use the login facility since it cannot be operated without your personal data including your user ID and password.
In summary, we need certain categories of personal data in order to deal with requests made through our site. Certain other personal data is processed for our legitimate interests in cases where this does not result in prejudice to you. Certain other personal data is processed based on a consent.
We may convert your personal data into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from that data. We may use this aggregated data to conduct market research and analysis, including to produce statistical research and reports. For example, we may produce reports on which of our product and services are most popular with users of our site. We may share aggregated data in several ways, including for the same reasons as we might share personal data (see below).
Retention period or criteria used to determine the retention period
Your personal data will not be kept for longer than is necessary to fulfil the specific purposes outlined in this notice and to allow us to comply with our legal requirements.
The criteria we use to determine data retention periods includes the following:
(i) Retention in case of queries. We may retain it for a reasonable period (up to 6 months), for instance after you have ceased to use the login facility on our site, in case of queries from you about the term of your use;
(ii) Retention in case of claims. We may retain it for the period in which you might legally bring claims against us (in the UK this means we will retain it for 6 years) if and to the extent this is relevant to your use of our site; and
(iii) Retention in accordance with legal and regulatory requirements. We will consider whether we need to retain your personal data after the period described in (ii) (above) because of a legal or regulatory requirement. Some or all of these criteria may be relevant to retention of your personal data collected in connection with your use of our site.
If you would like further information about our data retention practices please contact us (see below).
Disclosure of your personal information
We may share your personal information with any member of our group of companies, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your personal information with selected third parties including:
• Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you or in connection with your use of our site;
• Analytics and search engine providers that assist us in the improvement and optimisation of our site.
• Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you. The CRAs operating in the UK include CreditKudos, Equifax, Experian and TransUnion. You can contact them to find out what information they hold about you. The information they hold may not be the same so you may wish to contact more than one. The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, their data retention periods and your data protection rights with the CRAs are explained in more details at the websites below:
- CreditKudos Limited, 4 Bath Pl, Shoreditch, London, EC2A 3DR or visit www.creditkudos.com/legal/privacy/services- Equifax Limited, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS or visit www.equifax.co.uk/crain
- Experian Limited, Customer Support Centre, PO Box 9000, Nottingham, NG80 7WF or visit www.experian.co.uk/crain
- TransUnion International UK Limited, One Park Lane, Leeds, LS3 1EP or visit www.transunion.co.uk/crain
• In the event that we sell or buy any business or assets, or sell any companies in our group, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets or companies in our group.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of website use and other agreements; or to protect the rights, property, or safety of Premium Credit Limited, our customers, or other persons with whom we do business, such as credit intermediaries. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
• With regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements and government requests.
• Our legal and other professional advisers.
Webbot/webchat privacy statement
In order to enable you to use the Webbot/webchat, Premium Credit Limited will process information about you (“Personal Data”) in accordance with the below provisions. Without the processing of your Personal Data, you will not be able to access the Webbot/webchat. This privacy notice explains how Premium Credit Limited processes your Personal Data when you use the Webbot/webchat.
1. Who is involved in the processing of your Personal Data?
The data controller collecting the data described herein is Premium Credit Limited (“PCL”, “we”, “us”, “our”, “ours”).
2. Which Personal Data will be processed, for what purposes and for how long?
We collect only personally identifiable information that is specifically and voluntarily provided by visitors to the Webbot/webchat. PCL receives limited identifiable information, such as Credit Agreement D Reference; Date of Birth; Sort Code and Post Code, from Webbot/webchat users.
Typically, identifying information is collected for the purposes of:
• Directing you to the most relevant answers and information to suit your requirements, including by referring to details of your existing Credit Agreement(s) with PCL;
• Introducing you to PCL’s products and services that may be of interest to you; and
• Helping you to navigate our website.
Our intention is not to seek any sensitive information through the Webbot/webchat. Sensitive information includes a number of types of personal data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sex life or sexual orientation; and data relating to criminal convictions and offences. We suggest that you do not provide sensitive information of this nature using the Webbot/webchat. If you do wish to provide sensitive information for any reason, PCL accepts your explicit consent to use that information in the ways described in this privacy statement or as described at the point where you choose to disclose this information.
We will process your Personal Data in order to be able to grant you access to and allow your use of the Webbot/webchat and provide you with information relating to your Credit Agreement.
We will only Process your Personal Data for as long as it is necessary for the purposes listed above and as long as your access to the Webbot/webchat is not deactivated. In this respect, we will typically store your Personal Data for a maximum of 24hrs.
3. How we may share the data we collect with third parties
In order to access and communicate with the Webbot/webchat, you will need to be a customer of PCL. This is because the Webbot/webchat is only accessible by identified customers of PCL in order to provide further details about the status of your account. Your Personal Data may also be transferred to other third-party service providers who process such information on PCL’s behalf, including providers of information technology, identity verification, website hosting and management, data analysis, data back-up, security and storage services. PCL may disclose your personal information to law enforcement, regulatory, or other government agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
4. Data Security and Confidentiality
PCL has implemented generally accepted standards of technology and operational security in order to protect Personal Data from loss, misuse, alteration or destruction. Only authorised PCL personnel are provided access to personally identifiable information and these employees have agreed to ensure confidentiality of this information.
5. What rights do you have with respect to your Personal Data?
By contacting us (see our contact details below), you may, at any time request:
• confirmation as to whether or not Personal Data concerning you are being processed by us and, where that is the case, you may request access to or copies of your Personal Data;
• to rectify inaccurate Personal Data concerning you;
• to complete incomplete Personal Data concerning you;
• to erase or to restrict the processing of Personal Data relating to you, in certain circumstances;
• to transmit your Personal Data to another controller or processor, in certain circumstances;
• to object, on grounds relating to your particular situation, to any of our particular processing activities where you feel this has a disproportionate impact on you; and
• where our processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of our processing based on consent before its withdrawal.
We will investigate whether it is feasible to respond to your request and whether we are legally obliged to do so. Please note that none of these rights are absolute, and PCL may be entitled or required to apply exemptions or exceptions when responding to or acting on your request.
6. Any further questions or complaints with respect to the processing of your Personal Data?
In case you have any questions with respect to the Processing of your Personal Data, you can contact us: DataProtectionOfficer@pcl.co.uk
Please note that you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the regulator for our processing of personal data. You may do this at any time if you are of the opinion that the processing of your Personal Data by PCL infringes applicable data protection laws.
PCL reserves the right to modify or amend this Privacy Statement at any time.
Where we store your personal data (including transfers outside the United Kingdom)
The data that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom which may not offer the same protections for personal data as is relevant under the DP Law or afford you the same data protection rights you enjoy in the United Kingdom under DP Law. It may also be processed by staff operating outside the United Kingdom who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you will be taken to have agreed to this transfer, storing and processing outside of the United Kingdom in cases where the transfer is necessary for the performance of a contract between you and us (in our capacity as data controller) or for the implementation of pre-contractual measures taken at your request.
Where we transfer your data outside the United Kingdom we will only do so in accordance with our obligations under the DP Law. Steps will be taken to put in place safeguards (including around security) to protect your personal data when it is outside the United Kingdom.
Security of your personal data
We take steps to safeguard the personal data we process and make sure it is held securely and in accordance with the DP Law. In particular, we endeavour to maintain appropriate organisational and technical measures to help us safeguard your personal data including that which is transmitted, stored or otherwise processed, from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include computer safeguards and secured files and facilities.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Your rights under DP Law
You have the right to ask us not to process your personal data for marketing purposes at any time. This means you can change your mind about receiving marketing communications from us when you have previously consented to this. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes and we will seek your consent for this. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. If you do not wish to consent then please do pay attention to the marketing consent checkboxes. You can also exercise the right to prevent our own use of your personal data for direct marketing purposes at any time by contacting us at firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to personal information
The DP Law gives you the right to access information held about you. Your right of access can be exercised in accordance with the DP Law. A data subject access request is usually free of charge. You can exercise this right by using the Contact Us information below.
Consequences of failure to provide personal data
You have the right to be informed about the possible consequences of failure to provide the personal data we ask you for directly in connection with your use of our site. Any failure to provide personal may affect our ability to enable your use of our site. You would still be able to read the pages of our site but you would not be able to use all of the functions on our site – such as the login facility.
Your right to lodge complaints with the data privacy supervisory authority
We take our data protection obligations seriously and if you have any complaint we will investigate and do everything we can to find an appropriate resolution. If we feel we have complied with the DP Law, we will explain to you in as much detail as possible why this is.
Without prejudice to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the UK's Information Commissioner if you consider that we have infringed applicable data privacy laws when processing your personal data. You should contact us in the first instance, so that we can try to resolve your complaint, and only raise a complaint with the UK's Information Commissioner once you have exhausted our internal complaints procedure.
UK: Information Commissioner’s Office, https://ico.org.uk/
Changes to our privacy notice
Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy notice.
To find out more about your data protection rights, how we safeguard your data when transferring it outside the United Kingdom, or how to contact us with any data protection queries, please visit this page: https://www.premiumcredit.com/yourdatarights
Last updated August 2021