Investec Asset Finance Group ("we", "us", "our") is committed to protecting the privacy and security of your personal data.  This notice aims to give you information on how your personal data (i.e. information which directly or indirectly identifies you) is processed by us. The Investec Asset Finance Group of companies includes Investec Asset Finance plc, Quantum Funding Limited, CF Corporate Finance Ltd, Mann Island Finance Limited, MI Vehicle Finance Limited, Investec Asset Finance (Channel Islands) Limited.  

For the purposes of EU data protection laws, the individual companies within the Group are data controllers. This means that we are primarily responsible for making determinations about how and why we process your personal data.

We are part of the Investec Group, which consists of Investec Bank plc, and Investec plc, together with holding companies (and other subsidiaries of those holding companies) and any direct or indirect subsidiaries of those two companies.

  • Collecting your personal data

    We may collect certain personal data with respect to you, including, without limitation:

     

    • All personal data provided by you such as:
    1. Name and contact details;
    2. Address
    3. Date of birth
    4. Credit reference data
    5. Financial and employment details
    6. Banking and credit card details ; and
    7. Details of your business
    • Information received from credit reference agencies, fraud prevention agencies and from other public sources such as Companies House; and
    • We may monitor and/or record your telephone calls. 

     

    Where a corporate entity is entering into this contract we will collect personal data about individuals who are directors and shareholders of the business from credit reference agencies where this data is held publicly, such as at Companies House. This notice also applies to the processing of such personal data and use of the word ‘you’ in this notice will encompass such individuals.

     

    We may process sensitive personal data (including, for example, information revealing an individual’s physical or mental health). Where sensitive personal data are processed we will obtain your explicit consent for the processing.

  • How we will use your personal data

    We will use your personal data for:
     

    • The provision of products and/or services;
    • Credit and AML risk assessment;          
    • Assessing ongoing credit performance;
    • Recoveries;
    • Collections;
    • Insurance administration;
    • Profiling for marketing purposes;
    • Market research and product development;
    • Statistical analysis;
    • Marketing;
    • Fraud prevention and detection; and
    • Otherwise as is necessary to comply with applicable laws, regulations and/or codes of practice.

     

    The provision of personal data by you may be necessary in order for us and other third parties ( to which personal data is disclosed) to provide you with the requested services, for the performance of any contractual relationship, compliance with a legal obligation, or where it is in the legitimate interests of the Investec Group.

  • How we will disclose your personal data

    We may disclose certain personal data:
     

    • To other affiliates in the Investec Group. Investec Group consists of Investec Bank plc (a company registered in the UK) and Investec Limited (a company registered in South Africa) and any of their direct or indirect subsidiaries and/or holding companies;
    • To our intermediaries; brokers, dealers and suppliers;
    • To our professional advisors, receivers and administrators (where applicable), and service providers (including, information technology systems providers and recovery agents);
    • To your professional advisors and any other organisations party to a financing deal;
    • To courts, governmental and non-governmental regulators and ombudsmen; 
    • To law enforcement agencies;
    • To Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FPAs);
    • To any third party, or their professional advisors, that acquires, or is interested in acquiring, all or part of our  assets or shares, or that succeeds us in carrying on all or a part of its business, whether by merger, acquisition, reorganisation or otherwise;
    • To other Investec Group Companies and/or any relevant third party and both we and/or they may use it for any purpose linked to any sale of and/or granting of security over the agreement we have with you. In such circumstances, such third parties may also use and/or disclose your Personal Data to any third party that they ask to assist them with the preparation for and/or completion of any such sale and/or granting of security; they may also, once such sale and/or granting of security is completed, use and/or disclose your Personal Data to third parties for any of the other purposes which we have outlined in this notice in the same way as if they had entered into the agreement with you instead of us.
    • As is required and/or permitted by law;
  • CRAs and FPAs

    The personal information we have collected will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights can be found on the Investec website at www.investec.com/en_gb/legal/UK/fraud-prevention-notice.html

     

    In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). To do this, we will supply your personal information to CRAs and they will give us information about you, even if your application does not proceed or is unsuccessful. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. 


    We will use this information to:

    • Assess your creditworthiness;
    • Verify the accuracy of the data you have provided to us;
    • Prevent criminal activity, fraud and money laundering;
    • Manage your account(s);
    • Trace and recover debts; and
    • Ensure any offers provided to you are appropriate to your circumstances.

     

    We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. 


    If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.


    The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at each of the three CRAs websites – any of these three addresses will take you to the same CRAIN document:
     

    Callcredit http://www.callcredit.co.uk/crain

    Equifax https://www.equifax.co.uk/crain

    Experian http://www.experian.co.uk/crain

  • Transfer of personal data outside the European Economic Area (“EEA”)

    We may transfer your personal data to recipients (including affiliates in the Investec Group) located in countries outside of the EEA, including in South Africa, which may not have data privacy laws equivalent to those in the EEA. In those instances, we will take all necessary steps to protect your personal data in accordance with applicable data privacy laws.

  • Your rights

    Under applicable EU data privacy laws, you may have a right to:
     

    • Request access to and rectification or erasure of your personal data;
    • Obtain restriction of processing or to object to processing of your personal data; and
    • Data portability (i.e. to request the transfer of personal data from one data controller to another in certain circumstances).  


    If you wish to exercise any of these rights you should contact the Data Protection Officer as described below.   You also have the right to lodge a complaint about the processing of your personal data with your local data protection authority. 


    We rely on automated credit assessment based on the personal data you provide to us and data which we obtain from our credit reference agency or similar sources about your credit profile or history. The outcome of this process can result in an automated decline of your application where it does not meet our acceptance criteria. We review this acceptance criteria regularly to ensure fairness in the decisions made. You have a right to ask us to manually review any decision taken in this manner.

     

    In addition, we may use automated profiling to identify whether other products or services may be of use to you when we consider marketing campaigns. You have a right to object to this automated profiling. This is separate to the right you have to object to receive marketing.

  • Security and data retention

    We will take steps to protect your personal data against loss or theft, as well as from unauthorised access, disclosure, copying, use or modification, regardless of the format in which it is held.

     

    We will normally retain your personal data for a period of 7 years from the latest date on which we have a financial arrangement in place with you. Under certain circumstances, this period may vary if we consider it necessary for good operational or commercial reasons, or in order to meet other legal obligations.

  • Marketing

    Investec Group may contact you periodically to provide information regarding events, products, services and content that may be of interest to you, unless you advise us that you do not wish to receive marketing or market research communications from us. If applicable law requires that we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent. If you wish to stop receiving marketing or market research communications from Investec you can contact the Data Privacy Officer as described below.

  • Changes to this Data Protection Statement

    We may revise and/or supplement our Data Protection Statement from time to time to reflect (including but not limited to), any changes in our business, law, markets and/or the introduction of any new technology.

  • Enquiries, requests or concerns

    All enquiries, requests or concerns regarding this Notice or relating to the processing of your personal data, should be sent to the Data Protection Officer at Investec Asset Finance Group, Reading International Business Park, Reading, RG2 6AA or by email to AFGDataprivacy@investec.co.uk.