Data Protection Fair Processing Notice
Last updated: August 2020
Blue Star Business Solutions Limited t/a Bluestar
We are committed to protecting your privacy during your relationship with Blue Star Business Solutions Ltd t/a Bluestar and when you visit our website. We recognise our responsibility to keep the information you provide to us confidential at all times.
This privacy notice covers:
- How and why we process your personal information;
- The sources of information about you;
- The parties we may disclose it to;
- How long we will retain your information;
- What rights you have in respect of your personal data; and
- How you can contact us with any further queries or concerns.
The Data Controller
Blue Star Business Solutions Ltd t/a Bluestar is the Data Controller for the purposes of the Data Protection Act 2018 and in relation to all the personal data provided to us.
The legal basis for processing your data
The Data Controller may process personal data when any of the following apply:
- For the performance of contracts we enter (or may enter) into with you for our services or finance products;
- For compliance with legal obligations to which the Data Controller is subject;
- For your and our legitimate interests.
Use of Personal Data
We will use your personal data for: provision of products and services via a lending partner. Our lending partner may also use your data for credit and AML risk assessment, assessing ongoing credit performance, recoveries, collections, insurance administration, profiling for marketing purposes, market research and product development, statistical analysis, marketing, fraud prevention and detection and otherwise as necessary to comply with applicable laws, regulations and/or codes of practice. The processing of personal data may be necessary for the performance of a contractual relationship, compliance with a legal obligation, or where it is in our legitimate interests, or those of a company within any group of companies of which we are a member.
It is ultimately your decision as to whether to provide us with any of your personal information, however, please note that if you fail to provide information we have requested, or you fail to provide accurate information, we may not be able to engage with you further.
What information do we collect and how do we collect it?
To fulfil the purposes above, we will need to collect your personal information. We collect it from you when you initially provide it to us, every time you contact us during the administration of your relationship with us, and from additional sources such as background checks and/or references. Information is collected when you meet with us, complete forms, correspond with us, telephone us, or send us an email. We may also get your personal information from an intermediary, for example, a car dealership if you are seeking finance for a vehicle or financial advisor if you have engaged them to find you suitable finance options.
This information can include all, or a combination, of any of the items listed below:
- General personal details including your name, date of birth, place of birth, nationality, gender, marital status;
- Your contact details (address, telephone numbers, e-mail);
- Employment details such as employment status, employer contact details, benefits and salary information;
- Information about previous products and/or services you may have had relevant to your current requirements;
- Financial details such as bank account details and/or tax information;
- Character references if you are applying for a job with us;
- Publicly available information (generally obtained through internet searches) such as news articles or public register information; which is obtained from background searches or reference checks.
Sensitive Information
Certain types of personal information are classed as “sensitive” under the Data Protection legislation, or otherwise referred to as “special categories” of data. This includes information about your health, race, ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, trade union membership and genetic and biometric data.
We do not need to collect your sensitive personal data during the normal course of our business. However, sometimes we may indirectly come across sensitive information such as your health data. In order to be able to process any sensitive personal data, we will need your consent. In the event we are likely to (or do) come into possession of your sensitive personal data, we will contact you separately to seek your consent for its processing.
How do we use your personal information
We will use your personal data for: provision of products and services via a lending partner. Our lending partner may also use your data for credit and AML risk assessment, assessing ongoing credit performance, recoveries, collections, insurance administration, profiling for marketing purposes, market research and product development, statistical analysis, marketing, fraud prevention and detection and otherwise as necessary to comply with applicable laws, regulations and/or codes of practice. The processing of personal data may be necessary for the performance of a contractual relationship, compliance with a legal obligation, or where it is in our legitimate interests, or those of a company within any group of companies of which we are a member.
Disclosure of personal information
We may disclose certain personal data: (i) within any group of companies of which we are a member and to other affiliates in that group; (ii) to our lending partners, professional advisors and service providers (including, information technology systems providers and recovery agents); (iii) to courts, governmental and non-governmental regulators and ombudsmen; (iv) to fraud prevention agencies and law enforcement agencies; (v) to any third party that acquires, or is interested in acquiring, all or part of our assets or shares, or that succeeds us in carrying on all or a part of our business, whether by merger, acquisition, reorganization or otherwise; and (vi) as otherwise required or permitted by law.
We may also pass your Personal Data on to other companies within any group of companies of which we are a member and/or any relevant third party and both we and/or they may use it for any purpose linked to any sale of and/or granting of security over the agreement we have with you. In such circumstances, such third parties may also use and/or disclose your Personal Data to any third party that they ask to assist them with the preparation for and/or completion of any such sale and/or granting of security; they may also, once such sale and/or granting of security is completed, use and/or disclose your Personal Data to third parties for any of the other purposes which we have outlined in this notice in the same way as if they had entered into the agreement with you instead of us.
The personal information we have collected may be shared by our lending partners with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights can be found on our website at http://www.bluestarleasing.com/customer-privacy-notice/.
Credit reference agencies
To process your application, our lenders will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). To do this, our lenders may supply your personal information to CRAs and they will give them information about you, even if your application does not proceed or is unsuccessful. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to them both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
Our lending partners will use this information to:
- Assess your creditworthiness;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
Our lending partners may continue to exchange information about you with CRAs while you have a relationship with them. They may also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from one of our lending partners they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application or tell us that you have a spouse or financial associate, your records may be linked together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at each of the three CRAs websites – any of these three links will take you to the same CRAIN document:
Equifax www.equifax.co.uk/crain
Experian www.experian.co.uk/crain
TransUnion www.transunion.co.uk/legal/privacy-centre
Fraud prevention agencies
We have a legal obligation and legitimate interest to report suspected fraud to law enforcement and fraud prevention agencies, and we are not permitted to share the detail of any disclosure with you.
We may share your personal information with fraud prevention agencies if we feel fraud has been or might be committed. We will use the information to confirm identities, help prevent fraud and/or money laundering or fulfil any contracts you or your business has with us.
These agencies collect, maintain and share data on known and suspected fraudulent activity for the purposes of fraud prevention. These records may be searched and shared with other organisations by the fraud prevention agencies. This is to support their duty to prevent, detect, investigate and prosecute crime.
If fraud is detected, you could be refused certain services, finance or employment.
The fraud prevention and law enforcement agencies we may share data with are:
- CIFAS – https://www.cifas.org.uk/fpn
- Dun & Bradstreet – https://www.dnb.com/utility-pages/privacy-policy.html
- Equifax – www.equifax.co.uk/crain
- Experian – www.experian.co.uk/crain
- TransUnion – https://www.transunion.co.uk/legal/privacy-centre
- Isle of Man Financial Intelligence Unit
Please telephone or write to us at the address stated below if you would like further details of the fraud prevention agencies.
How long do we retain your personal information?
We are permitted by law to retain your information for as long as is necessary in relation to the purposes for which the information was originally provided. This includes our legal requirement to hold some information for at least six years following the termination of a customer relationship or transaction.
We will hold the personal information of our customers, your accounting records, client due diligence (CDD) and transaction records for a minimum of six years, except where records are required for investigation by law enforcement, where they will be retained for as long as required by the Constable or competent authority.
If you have been declined our services, we will retain your personal information for a maximum of 3 months from the date we received it, unless you give us permission to retain it for longer.
If you have been unsuccessful in applying for a job with us, we will retain your information for a maximum of 6 months unless you give us permission to retain it for longer.
Once your information is no longer necessary in accordance with the above, it shall be destroyed in line with Data Protection legislation.
Your rights
Under Data Protection legislation you have the following rights free of charge:
- Access to Personal Data
Subject to exceptions detailed in Data Protection legislation, you have a right of access to all personal data we hold about you. If you wish to exercise this right, or you have any questions regarding your personal data, please write to the Data Protection Officer at the address below. We will respond within one month from receipt of a valid request, and in any event, without undue delay.
- Automated Decision Making:
If you are applying for a loan with us, your application may be decided using purely automated decision-making technology. This means that the personal information you provide (or is collected through background and credit checks) is fed through our computer systems and marked against a list of parameters we are prepared to accept if your loan application is to be successful. If your information does not meet pre-programmed criteria, your loan application may be declined. The decision as to whether to grant you a loan, is therefore “automatically determined”.
You have the right to request that your application is assessed instead by a physical person. If you would like to exercise this right, or you would like further information about this, please write to the Data Protection Officer at the address below.
- Rectification
You have the right to the rectification of inaccurate data, and to obtain completion of incomplete personal data. To correct or amend your personal data, please contact the Data Protection Officer at the address below with the details. We will make the required changes as soon as possible.
- Erasure
In certain situations, you have the right to request that your personal data is erased, however, there are limitations to this right.
Examples of grounds for exercising your right to erasure include:
- Personal data is no longer necessary for the purpose of the performance of a contract between us and you;
- Where data has been unlawfully processed;
- Where data has to be erased to comply with a legal obligation;
- Where a right to object to direct marketing or the right to object to processing has been exercised.
Examples of limitations to your right of erasure include:
- It is necessary for the performance of a contract between us and you;
- Our compliance with legal obligations to retain client records for certain periods of time (as detailed above); and
- Establishment, defence or exercise of legal claims.
- Restriction of Processing
You have the right to restrict our processing of your personal data in the following circumstances:
- If you contest the accuracy of personal data processed by us, (we may restrict processing for a limited period to enable us to verify the accuracy and amend the data as necessary);
- We no longer require your information for the purposes we originally obtained it;
- We have no legitimate grounds for processing your information or your information has been processed unlawfully.
If you wish to exercise this right, please contact the Data Protection Officer at the address below with the full details.
- Data Portability
You have a right to receive your personal information that you have provided to us, in a structured, commonly used and machine-readable format. You also have a right to have this personal data transmitted to another data controller (i.e. another business), where technically feasible to do so.
- Right to Object
You have the right to object to us processing your personal data in the following circumstances:
- For direct marketing purposes;
- Profiling in relation to direct marketing.
- Right to Lodge a Complaint
If you have a complaint regarding the way we are processing your personal data, please address it with us in the first instance in the hopes that we will be able to resolve the matter with you. However, if you do not want to address your concerns to us, or we have failed to satisfactorily respond to your data protection complaint, you have the right to complain to the Data Protection Supervisor. The contact details are below:
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: +44(0) 303 123 1113
Marketing
If you wish to receive information about our products or services, please let us know by any of the contact options provided below.
Cookies
If you use our website, for information about our cookie usage please see the information below. In line with the statutory requirements for cookie usage we make you aware that we will use cookies and that you agree to our use of cookies.
Cookies can be used to recognise your Internet Protocol (“IP”) address, saving you time while you are on, or want to enter, the website. We use cookies for your convenience in using the Website (for example to remember who you are without you having to re-enter your password) and we may use cookies to ensure the advertising you receive is as relevant as possible for you. They help us to improve the website and to deliver a better and more personalised service. They enable us to, for example (but without limitation):
- To estimate our audience size and usage pattern;
- To store information about your preferences, and so allow us to customise the website according to your individual interests and spending patterns;
- To speed up your searches;
- To recognise you when you return to the website; and
- To enable us to target opportunities in accordance with your interests and spending patterns and to collate the information you have provided in order to strengthen our buying power with third party suppliers.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of the website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you access the website.
If you want to find out more information about cookies, go to http://www.allaboutcookies.org or to find out about removing them from your browser, go to http://www.allaboutcookies.org/manage-cookies/index.html.
Please note that our suppliers and advertisers may also use cookies, over which we have no control.
What is aggregate information?
Aggregate information is used to show us the total number of visits to our website and which parts of the site are used and most. Aggregate information does not identify individuals, as it does not contain any personal data. This information helps us in developing our website and improving the service we offer you.
Changes to our privacy policy
We keep this privacy policy under regular review, and we may amend it periodically by updating this on our website. We will indicate at the top of this privacy policy when it was last updated.
The Data Protection Officer and contact details
If you have any questions or concerns regarding this notice or you wish to exercise your rights, please contact us, addressing your query to the Data Protection Officer:
Writing: Blue Star Business Solutions Ltd, Fourth Floor East, Matrix House, Basing View, Basingstoke, Hampshire RG21 4FF
Telephone: +44 (0)1256 581 111