Vanarama is committed to protecting the privacy and security of your personal information. Please read the following carefully to understand our practices regarding your personal information and how we will treat it.
This Policy continues to apply even if your agreement for leasing, insurance and/or any other products and services with us ends. It outlines the choices you have including how to access and update information. It should be read alongside your lease and insurance terms and conditions, as these include sections relating to the use and disclosure of information.
Whenever we've said "you" or "your", this means you, our customer, or any authorised person/s acting on your behalf. If you're an insurance customer, it also means you, any named insured parties or beneficiaries under your policy, dependants, claimants and other third parties involved in an insurance policy or claim (such as witnesses).
Who we are
Vanarama, a trading style of Autorama UK Ltd (referred to using "We", "Us", "Our" or the "Company"), is a company registered in England and Wales under company registration number (05137709) whose registered office address is Maylands Avenue, Hemel Hempstead, HP2 7DE, United Kingdom.
We are an award winning personal and commercial vehicle leasing credit broker. Whether you're looking for your dream car, a new van for your business, or a pick-up truck... we've got you covered. We also act as an insurance intermediary, providing insurance products for our customers.
Our products are available to all UK residents, our Head Office is located in Hemel Hempstead and we have other Regional locations throughout the UK. For further information on all our UK locations please click here: http://www.vanarama.co.uk/contact-us.html
We are regulated for the above activities with the Financial Conduct Authority (FCA), under registration number (630748). Please click here for further information: https://register.fca.org.uk/ShPo_FirmDetailsPage?id=001b000000bWPAOAA4
We are also regulated by the Information Commissioner's Office (ICO), under registration number (Z9535254) for Data Protection. Please click here for further information: https://ico.org.uk/ESDWebPages/Entry/Z9535254
Some of the links on our website ("Website") may lead you to third party websites with their own privacy policies, which may be different from this policy. You'll need to make sure you're happy with their privacy policies when using those other sites.
What information we collect
We'll only collect your information in line with the Data Protection Legislation. We may collect your information from a range of sources, and it may relate to any of our products and services you apply for, currently hold, or have held in the past.
Some of it will come directly from you when you interact with us, e.g. when you use our website, provide identification to lease a vehicle or take out an insurance policy. It may also come from your insurance company which provides the insurance policies we offer, from your financial advisor, broker or mortgage intermediary, or other sources you've asked us to obtain information from. We may also get some of this information from publicly available sources.
The types of information we collect may include:
- personal details e.g. your name, previous names, address history, gender, date of birth, email address, landline and mobile numbers, and any other contact information;
- information concerning your identity e.g. passport, driving licence, other photo identification, National Insurance number, nationality, employment details, financial position including credit and fraud checks, information from the DVLA, and information taken from identification documents for the purposes of reviewing your application for credit or insurance products / services offered by selected third party partners;
- market research e.g. information and opinions expressed when participating in market research;
- user login information and subscription data including account information e.g. login credentials for your account and other identifiers or credentials you use to access our online services or to buy our products and services including product / service preferences, dates of payments owed and received, any subscription services you use, or any other information related to your account;
- financial information e.g. the product / service you purchased, its price, your payment methods and history, the channels you use and your ways of interacting with us, your ability to get and manage your credit, payments into your account including salary details and information concerning complaints and disputes;
- details of your visits to our Website or our Mobile Apps and the resources that you access e.g. device information, location, and advertisements that you've clicked;
- information we use to identify and authenticate you e.g. your signature and biometric information e.g. your voice for voice ID, or additional information received from external sources required for compliance purposes.
If our relationship arises out of an insurance policy or claim, we may also collect:
- information which is relevant to your insurance policy including any details of previous policies and claims history;
- information from other parties involved in your insurance policy or claim;
- information relating to your insurance application where you apply for a policy via a comparison website or aggregator;
- information regarding your family members or other third parties who might be covered by or benefit from your insurance policy, or be financially dependent on you;
- information pertaining to any criminal convictions you have or any related information about you, this includes information relating to any offences or alleged offences;
- details about your physical or mental health which are seen to be relevant to your insurance policy or claim e.g. if you make a claim, we may ask you for medical information relating to the claim;
- any other information which is relevant to a claim made including information from publicly available sources.
- investigations data e.g. due diligence checks, intelligence reports, sanctions and anti-money laundering checks, content and metadata related to relevant exchanges of information between and among individuals and/or organisations including email, voicemail, live chat, instant messages and social media communications;
- risk rating information e.g. credit risk rating, transactional behaviour, and any underwriting information;
- information required to support our regulatory obligations e.g. information about transaction details, detection of any suspicious and unusual activity and information about parties connected to you or these activities;
- records of correspondence and other communications between us, including email, voicemail, live chat, instant messages and social media communications;
- information from third party providers e.g. information that helps us to combat fraud or that relates to your social interactions (including your communications via social media, between individuals, organisations, prospects, investors, and other stakeholders acquired from companies that collect combined information).
How we use your information
Data Protection Legislation sets out a number of different reasons for which we may collect or process your personal information and we will only use your personal information where we have your consent to do so for a specific purpose, or where we have another lawful basis for using it. These lawful bases are where the processing is necessary:
- to enter into or carry out an agreement we have with you, or because you have asked us to take specific steps before entering into an agreement;
- for us to comply with a legal obligation;
- for vital interests e.g. to protect an individual's life;
- for us to pursue our legitimate interests.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above legal bases, where this is required or permitted by law.
The reasons why we use your information are to:
- deliver our products and services e.g. to administer your accounts or process your transactions;
- carry out checks in relation to your creditworthiness;
- support our operations including your information to enable the provision and function of our service in line with regulation, laws, and customer rights and interests e.g. complaints management, exit management, system or product development and planning, insurance, audit and other administrative purposes;
- understand how you use products and services;
- improve our products and services including through analysing how you use them;
- manage our relationship with you, including (unless you tell us you have not consented or have revoked your consent) telling you about products and services we think may be relevant for you, customer surveys, and to provide customer support;
- carry out instructions e.g. to fulfil a payment request or make a change to your insurance policy;
- recover money which you owe e.g. where you haven't paid for a rental or insurance payment for your insurance policy;
- send promotional information to you about our products and services e.g. renewals by telephone, through traditional and online advertising;
- market our activities (other than where we rely on your consent) e.g. marketing permissions captured during the course of a sale, personalising marketing messages through social media and other third party platforms to show you relevant ads by using data collected from your devices, including your searches, location, ads that you have seen and personal information that you have given us, such as you're age, gender, and topics of interest;
- comply with a request from you where you have exercised your rights under Data Protection Legislation e.g. where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists;
- analyse data to better understand your circumstances and preferences;
- provide Mobile Apps and other Digital Products or online service platforms which allow you to directly or indirectly communicate with us and apply for products and services with us through these mediums;
- prevent or detect crime including fraud and financial crime, e.g. financing for terrorism, human trafficking, and money laundering, claims and other liabilities;
- protect our legal rights and comply with our legal obligations;
- correspond with solicitors, lenders, other third party intermediaries;
- manage and mitigate risk to measure, detect, and prevent the likelihood of financial, reputational, legal, compliance or customer risk including credit risk, operational risk, and insurance risk (e.g. for underwriting or claims management purposes);
- where you fail to repay what you owe us or return our property, we may need to trace your whereabouts (sometimes using a Tracing Agent) in order to recover payment or reclaim property;
- ensure network and information security to protect your information against loss or damage, theft or unauthorised access, and business continuity;
- if our relationship arises from an insurance policy or claim, we will also use your information to:
- evaluate your insurance application and provide you with a quotation;
- handle or monitor any claims made by you or which arise under your insurance policy;
- where relevant, bring a claim against a third party;
- apply for a claim on our own insurance policies.
If you fail to provide certain information when requested, we may not be able to enter into an agreement with you, or perform an agreement we have entered into with you, or we may be prevented from complying with our legal obligations.
Sharing your information
We may share your information with other parties where required by law, where it is necessary to administer the relationship with you, or where we have another legitimate interest in doing so or it is otherwise lawful to do so including where we, or the parties we share your information with:
- have asked you for your consent to share it and you've agreed;
- have a public or legal duty to do so e.g. to assist with detecting and preventing fraud and financial crime;
- have a legitimate business reason for doing so, e.g. to manage risk, verify your identity, enable another company to provide you with the products or services you've requested, or assess your suitability for products and services;
- choose to send marketing information to you or others, where you've given your consent, or where it's within our legitimate interest to do so;
- need to in order to provide you with your insurance policy or to administer your claim;
- need to in order to provide you with the products or services you've requested e.g. when you apply for credit or purchase an insurance product, we'll pass your information to trusted third party partners responsible for these products or services. Please note, we act as a credit broker and not as a lender in respect of our insurance products credit facility.
We may share your personal information for these purposes with others including:
- Our service providers - our partners, suppliers, insurers, and agencies (including their employees, sub-contractors, service providers, directors, and officers) to process your personal information on our behalf, but this is only where they have met our standards on the processing of data and security. This information is only shared to help them provide their services to us or to help them provide their services to you. Some of our service providers, for example, place adverts for us online, about our products and services and those of our partners, suppliers, and third parties. Consequently, where you have provided your consent to receiving marketing communications from us, you may see online adverts that we've placed on the web sites you visit, or the interactive services you use.
- Other companies and individuals including:
- trusted third party partners and Credit Reference Agencies for any credit or insurance products and services you purchase with us;
- third party vendors who help us to manage and maintain the Group IT Infrastructure;
- companies who provide insights and analytics services for us so we can stock the right products, send the right marketing campaigns and understand our business and customers better;
- advertisers for marketing purposes: we can provide your information to our advertising and social media partners (including Facebook and Twitter, where you choose) where they require the data to select and serve relevant adverts about our and our partners' products and services to you and others
- where required by law, under any code of practice by which we are bound, or we're asked to do so by a public or regulatory authority such as the Police or the Department for Work and Pensions;
- information may also be shared with fraud prevention agencies to prevent fraudulent claims;
- companies that enable us to collect your reviews and comments, both online and offline;
- in response to requests from individuals, or their representatives, seeking to protect their legal rights or the rights of others;
- where we need to do so in order to exercise or protect our legal rights, users, systems and services.
Special categories of personal information and criminal information
Where authorised by law and where consent has been provided voluntarily, we may collect some personal data about your health, racial or ethnic origin. This data is subject to additional rights and is described as special category data. The information we may hold in this regard includes the following:
- Equality & Diversity Information:
- gender, age, nationality, sexual orientation, political opinions, race, religion or belief.
- Medical Information
- physical or mental health conditions, lifestyle information, work-related injury and illness, disability data to help us ensure we can make reasonable adjustments, any spouse/dependents with medical or health conditions.
We may also collect information from the results of any criminal or police record checks which can include details of offences, alleged offences, and sentences and information from other intelligence sources (subject to local laws and record retention periods).
Special category data and criminal offences data will only be processed by us if you have given us your consent to do so, or where we are legally permitted or required to process this information without seeking your consent. For special category data and criminal offences data that you have consented to providing us, you are entitled to withdraw your consent to us processing this at any time. Please contact us if you wish to do so. We will not continue to process information where you have withdrawn your consent and where we are not otherwise legally permitted to process such data. This will not impact the validity of any processing undertaken before you withdrew your consent.
When we collect, use or disclose to third parties (such as insurers, intermediaries, and reinsurers) any special category data or criminal offence data for the reasons set out above and for profiling as set out in the "using your information to make automated decisions" section of this policy, we typically do so because it is necessary in our legitimate interests for the proper and efficient provision of the wide range of insurance-related activities that we undertake or because it is necessary for insurance purposes or for fraud prevention purposes.
Before you provide us with special categories of personal information and criminal records information about a person other than yourself, you agree to notify such person of our use of their personal information and, if requested by us, to obtain their consent to our use of their special categories of personal information and criminal records information e.g. by requiring the individual to sign a consent form.
Credit reference checks, fraud, and money laundering
Credit Reference Checks
For us to be able to process your application, we'll supply your personal information to Credit Reference Agencies (CRA's), and they will provide us with information about you.
This will include information from your credit application and about your financial situation and financial history. CRA's will supply to us both public (including the electoral register) and shared credit, financial situation, financial history information, and fraud prevention information. This information will be used by us to:
- assess if we can offer you credit and to ascertain whether you can afford to purchase the product and/or service you applied for;
- verify the accuracy of the data you have provided to us;
- ensure any products offered to you are appropriate to your circumstances;
- trace and recover debts;
- prevent criminal activity, fraud and money laundering.
When CRA's receive a search request from us, they'll place a search footprint on your credit file that may be seen by other lenders. If you're making a joint application, CRA's will share your information with other organisations and your data will be linked to the data of your spouse, any joint applicants, or other financial associates. You should discuss this with them and share this information with them before submitting the application. These links will remain on your files and their files until you or the joint applicant successfully files for a disassociation with the CRA's to break that link.
The identities of the CRA's, including their role as fraud prevention agencies, and the ways in which they use and share personal information is explained in more detail on their websites. They've created a joint document called the Credit Reference Agency Information Notice (CRAIN) which you can access from the following CRA's:
Fraud Prevention Agencies
We will carry out checks with fraud prevention agencies for the purposes of preventing fraud and money laundering. We will also carry out checks to verify your identity before we provide any products and services to you. These checks require us to process personal information about you.
We will process personal information such as your full name and any previous names, your address history, date of birth, contact details, financial information, employment details, and device identifiers e.g. IP address.
We and any fraud prevention agencies we use may also share your personal information with law enforcement agencies to enable them to detect, investigate, and prevent crime.
Your personal information may also be processed by us where we have a legitimate interest to do so in preventing fraud and money laundering and to verify your identity. This processing is a condition of any of our products and services that you use and enables us to protect our business and comply with any laws that apply to us.
Fraud prevention agencies can hold your personal information for different periods of time. If they're concerned about a possible fraud or money laundering risk, your data can be held by them for up to six years.
Where we, or a fraud prevention agency, have reason to believe there's a fraud or money laundering risk, we may refuse to provide you with the products, services, and credit you've requested. We may also stop providing existing products and services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and this may result in other third parties refusing to provide services, financing or employment to you also. Information we hold about you may make it easier or harder for you to obtain credit in the future.
If you need any more information about our fraud prevention agencies and how they manage your information, you can access this from each agency directly:
International transfers of your information
Your personal information may be transferred to and stored in locations outside the European Economic Area (EEA), including countries that may not have the same level of protection for personal information as is provided in the UK and in countries In the EEA. When we do this, your personal information will continue to be subject to one of the appropriate safeguards set out in Data Protection Legislation and that safeguard that we'll typically use is to put in place a contract with the recipient that governs the protection of your personal information to the same standards as the United Kingdom.
Using your information to make automated decisions
We may use systems to make automated decisions about you based on your personal information or the information we are allowed to collect from others about you or your business e.g. when you apply for any of our products and services, to make credit decisions and to carry out fraud and money laundering checks. This helps us to make sure our decisions are quick, fair, efficient, and correct, based on what we know. These automated decisions can affect the products, services, or features we may offer you now or in the future, or the price that we charge you for them.
You may have a right to certain information about how we make these decisions including the right to request human intervention and to challenge the decision if appropriate. Further information on this can be found in the "your rights" section of this policy.
Tracking or recording your information
We may record details of your interactions with us including phone calls, face-to-face meetings, letters, emails, live chats, and any other kinds of communication. We may also capture additional information about these interactions with you, e.g. telephone numbers that you call us from and information about the devices or software that you use. Our Website, Mobile Apps, and other Digital Products may track and record your interactions with them.
We will not record any telephone calls with you where you have opted out of such recording. In any event, we do not record all calls; those calls recorded are typically customer facing staff / regulated customers (FCA / TCF) calls, which are recorded for the following purposes to:
- establish the existence of facts relevant to our activities; for example, to keep a record of information given via telephone by, or to, customers where it is necessary or desirable for us to record the information provided during that conversation;
- ascertain compliance with regulatory or self-regulatory practices or procedures relevant to us; for example, to ensure that we are complying with our own policies and procedures, with external regulatory guidelines, and with applicable laws;
- ascertain or demonstrate standards that are, or ought to be, achieved by our personnel; for example, for quality control and staff training; and
- prevent or detect crime; for example, to monitor for or to detect evidence of fraud or corruption.
We determine the nature and extent of call recording appropriate for the above purposes taking into account:(a)the importance we attach to the proper handling of all customer calls and the need for quality control and staff training to achieve this;(b) the results of our data protection impact assessment in relation to call recording; and(c) The advice of our Data Protection Officer.
We do not make call recordings available to any third parties, unless legally obliged to do so. We will not retain telephone recordings for any longer than necessary for the purposes for which they are collected or as required by our Data Retention Policy or other legal requirement, whichever is longer.
We have determined that we have a legitimate interest in recording calls in accordance with this Policy and that the importance we attach to such call recording as described in this Policy for the purposes set out in this Policy are not overridden by your privacy rights.
How long we'll keep your information
We will keep your personal information for as long as you're a customer. If you haven't made a purchase or engaged with us for 3 years or more, then we'll remove you from our marketing mailing lists. If you stop being a customer of ours, we may keep your data for up to 7 years from the last time you interacted with us. This could include one of the ways specified in "how we use your information" and for any of the following reasons where we are required to:
- maintain records;
- respond to any queries or complaints;
- show that we have treated you fairly;
- establish, bring or defend legal claims.
Your personal information may be kept for longer than 7 years if we cannot delete it for legal, regulatory or technical reasons. We may also keep it in order to help support product recalls or safety notices. If we do, we will make sure that your privacy is protected and only use it for those purposes.
Please note, we do not retain personal information in an identifiable format for longer than is necessary and we will only retain your personal information to fulfil the purpose for which it was collected or as stated, to comply with legal, regulatory or internal policy requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
How we keep your information secure
We use a range of appropriate technical and organisational security measures to protect the personal information supplied by you against accidental loss or destruction or alteration, and any accidental or unauthorised access or use by third parties, which may include encryption and other forms of security. We require our staff and any third parties who carry out any work on our behalf to comply with appropriate compliance standards including obligations to protect any information, applying appropriate I think that we can only say "which may include" if we do actually encrypt personal data in certain circumstances.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
You have a number of rights in relation to the information that we hold about you. These rights are summarised below:
- Right of Access - you have the right to access the personal information we hold about you and to obtain information about how we process it. This is sometimes called a Data Subject Access Request. If we agree that we have an obligation to provide personal information to you (or another party on your behalf), we will provide it to you free of charge. We may ask for specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also ask for sufficient information about your interactions with us so that we can locate your personal information prior to releasing such information; this is to try to assist you by ensuring that we can provide the Information requested but you are no obliged to do so. Except in rare cases, we will respond to you within one calendar month after we've received this information or, where no such information is required, after we have received your request;
- Right to Rectification - you can request the correction of inaccurate or incomplete personal information we hold about you;
- Right to Erasure - in some circumstances, the right to request we delete or remove your information where there is no good reason for us continuing to process it, for example where processing is no longer necessary for the purposes for which your information was collected. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below). Please note, we may continue to retain your information if we're entitled to or required to retain it;
- Right to Restriction of Processing - You can ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it;
- Right to Object - to us processing your personal information if we're not entitled to use it anymore. Please note, there may be situations where you object to our processing of your information but we're entitled to continue processing your information and/or refuse that request. You have the right to object where we are processing your personal information for direct marketing purposes. If we agree that your objection is justified in accordance with your rights under Data Protection laws, we will permanently stop using your data for those purposes or provide you with reasonable justification as to why we are required to continue using your information;
- Right to Withdraw your Consent - where we are processing your personal data based on your consent then you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- Automated Decision-Making and Profiling - you have the right not to be subject to a decision which is based solely on automated processing (including any profiling for such purposes), which would have a significant legal effect on you and you have the right to contact us to express your point of view and challenge the decision;
- Right to Data Portability - in some circumstances, you have the right to receive certain information you have provided to us in an electronic format and/or request that we transmit it to a third party in a format that can be easily re-used;
These rights are subject to certain exemptions including to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege) where we may be required or permitted by law to retain certain information about you.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights), except that we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
In order for us to provide you with any information or correct any inaccuracies, we may need to ask you to provide other details to help us respond to your request. This, for example, would include one proof of identity e.g. your driver's licence, utility bill, or other similar formal documents not older than 6 months from the date of request.
Marketing and research
With your consent, we may use your information to provide you with details about our products and services, and also products and services from our partners and other relevant third parties carefully selected by us. We may, with your consent, send you marketing messages by post, email, telephone, text, or through social media. You have the right to change your mind on how you receive marketing messages from us, or our affiliates and you can choose to opt out and stop receiving marketing messages from us at any time. To make that change, you can do this by the following options:
- Emails - you can click on the 'unsubscribe' link in any marketing email you receive, and this will take you to the 'Contact Preferences' section of your account so you can unsubscribe from that method of communication;
- Text Messages - you can text "stop" to the number provided within the communication and this will unsubscribe you from this method of communication;
- Any Other Method of Marketing - you can contact us using the details provided in the 'contact us' section of this policy. Once you do this, we will update our records to ensure that we update your preferences and you don't receive any further marketing messages.
Where you ask us to stop sending you marketing information, it may take us a short period of time to update our systems and records to reflect your request, so we would ask for your patience as you may continue to receive marketing messages during this time. Please note that opting out of marketing information will not stop service communications and we will continue to use your contact details to provide you with important information, such as changes to your terms and conditions or if we need to notify you to comply with our regulatory obligations.
We may use your information for market research and to identify trends. Market research agencies acting on our behalf may get in touch with you by post, telephone, email or other methods of communication to invite you to take part in research. We won't invite you to take part in research using a communication method if you've asked us not to get in touch in that way. Any responses that you provide whilst participating in market research will be reported back to us anonymously unless you give us permission for your details to be shared.
Legal and regulatory compliance obligations
We will use your personal information to meet our legal and compliance obligations, to comply with legislation and regulations and to share with regulators and other authorities that we may be subject to. This may include to help detect or prevent crime including but not subject to money laundering, terrorism financing, and other financial crimes. We will only do this where we are required to comply with a legal obligation, where it's in our legitimate interests and that of others, or to prevent or detect any unlawful acts.
Talk to me about website cookies
We use social plugins (buttons) of social networks such as Facebook, Google+, YouTube, Instagram, Pinterest and Twitter.
When a button is activated, the social network can retrieve data independently, whether you interact with the button or not. Where you have logged in to a social network, the network can assign any of your visits to the website to your user account.
If you're a member of a social network and do not want that social network to combine data retrieved from your visit to our websites with data, they hold on you, you will need to log out from the social network concerned before activating the buttons.
In the event of a breach whereby your information may have been compromised, or whereby the security of our systems has failed, we will notify the ICO and you in a timely manner where we are legally required to do so. We will also carry out an investigation into the matter to ensure steps have been taken in an effort to prevent future occurrences.
If you require any further information on anything in this policy or wish to contact us or our Data Protection Officer (DPO), our contact details are:
Registered Office Address: Vanarama
Telephone Number: 01442 838 192
Email Address: [email protected]
DPO Contact: Valerie Marot
DPO Email Address: [email protected]
Complaining to the Data Protection Regulator
If you are unhappy with the outcome of any of your requests to exercise your rights, or how we handle your personal information then please let us know. If we can't resolve this for you then you are also entitled to complain to the Information Commissioner's Office (ICO):
Information Commissioner's Office
Email: [email protected]
Telephone: 0303 123 1113
Changes to how we protect your privacy