Privacy Notice

 

This is the Privacy Notice of electriccarscheme.com. In this document, "we", "our", or "us" refer to electriccarscheme.com

Introduction

This Privacy Notice outlines how we collect and process information that we collect from you or that you provide to us at The Electric Car Scheme.

Our policy complies with the Data Protection Act 2018 (Act) and the applicable General Data Protection Regulation (GDPR). You can find out more about your rights in regard to the processing and control of  your personal data at http://www.knowyourprivacyrights.org.

We are committed to protecting your privacy and the confidentiality of your personal information. Our policy is not just an exercise in complying with the law, but a continuation of our respect for you and your personal information. We undertake to preserve the confidentiality of all information you provide to us.

How are we regulated

This Privacy Notice covers how we collect and process the information that we collect from you, which may include “personal information” that can identify you and information that cannot identify you. For the purpose of data privacy laws, “processing” means to collect, store, transfer, use or otherwise act on information provided and we are a "data controller" of any personal information that we collect.

We are regulated by the Information Commissioner's Office (ICO) with regards to data protection, and our registration details are below:

Our ICO reference: ZB252629 (The Electric Car Scheme Holdings Limited) and ZB030706 (The Electric Car Scheme Limited)

ICO Register: https://ico.org.uk/ESDWebPages/Search 

We have a data protection officer, who is responsible for ensuring that our policy is followed. If you have any questions about this Privacy Notice or would like to exercise any of your legal rights outlined in this Privacy Notice, please contact us at info@electriccarscheme.com

We are also regulated by the Financial Conduct Authority (FCA) in relation to consumer credit and you can find out more information through our website (see our Information Notice). 

Any external or third-party websites that may be linked or accessible from our website will have their own privacy policies. It is your responsibility to make sure you're happy with their privacy policies when using those other sites.

What data do we collect

Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.

Data groups

We may collect, use, store and transfer different kinds of personal data about you. We have collated these into the below groups, which may include the following information:

  • Identity data: your first name, last name, title, date of birth, business and other identifiers that you may have provided at some time

  • Contact information: your billing address, delivery address, email address, telephone numbers and any other information you have given to us for the purpose of communication or meeting

  • Transaction data: details about payment, communications to and from you, information about products and services you have purchased from us, credit and underwriting information 

  • Technical data: your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website

  • Profile data: your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses

  • Marketing data: your preferences in receiving marketing from us, communication preferences, responses and actions in relation to your use of our services

  • Special personal information: your race or ethnicity, criminal convictions, health information and biometric data, and such information may be collected to check the status of your driving licence or eligibility for insurance

Aggregated data

We may also aggregate anonymous data (such as statistical or demographic data) for any purpose. Anonymous data is data that does not identify you as an individual. Aggregated data may be derived from your personal data but is not considered personal information in law because it does not reveal your identity (for example, we may aggregate profile data to assess interest in a product or service). However, if we combine or connect aggregated data with your personal information so that it can identify you in any way, we treat the combined data as personal information and it will be used in accordance with this Privacy Notice.

Failure to provide information 

If you are not willing or fail to provide certain information when requested, we may not be able to enter into an agreement with you (or may have to stop providing you with certain services).  If so, we will notify you of this at the time.

How we process your information

There are a number of different reasons why we collect your information, and this may include instances where we have your consent and others where we are required to do so by law or regulation. 

It is important also to note that we may process your personal information without your knowledge or consent if it is required or permitted by law. Examples include where we need to carry out an agreement, where there is a legal obligation, in order to pursue our legitimate interests or for a critical reason that could impact someone’s life. 

We will only use your personal information for the purposes that we have collected it for. If we need to use it for any other purpose, we will ensure the use is reasonable and that it is in keeping with the original reason for collecting the data. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

Using your information 

The main uses of your information are to:

  • Offer and administer our products and services

  • Enable credit checks via the lender

  • Carry out know your customer (ID and address) checks

  • Support our administration and operations

  • Analyse and understand the usage of our products and services

  • Continuously improve our services available to you

  • Manage our communication and interactions effectively

  • Notify and instruct

  • Send communications about our products and services

  • Send service led communications where explicit consent is not required

  • Analyse data to better understand your circumstances and preferences

  • Provide digital solutions

  • Prevent financial crime

  • Comply with a request from you

  • Protect legal rights

  • Comply with legal obligations

  • Correspond with legal professionals and legal authorities (e.g. solicitors)

  • Correspond with lenders and other third-party intermediaries and partners

  • Monitor associated risks

  • Recover money that you might owe

  • Assist tracing, where you fail to repay or return the property of a lender or supplier

  • Ensure information security

  • Ensure business continuity

Recorded calls and electronic tracking

It’s worth noting that we may also record phone calls, emails, electronic documents and any other types of communication with you. In addition, our website and other digital systems may track and store records of usage. Recorded calls are focussed on but not restricted to regulated roles such as sales staff having conversations about financial products. The main purpose of the recorded call is to maintain standards and support our staff training and monitoring . We may also use the recording to establish facts in the event of a dispute. We will not make call recordings available to any third parties, unless legally obliged to do so.

Sharing your information

We act as a credit broker and connect with other parties, who in turn may need to use your information.

When required by law, we may share your information with such other parties to meet legal requirements. We will also share your information where it is necessary to carry out and administer the relationship with you, where we have another legitimate interest in doing so or it is otherwise lawful to do so, including where we, or the parties we share your information with:

  • have your consent

  • have a public or legal duty to do so

  • have a legitimate business reason for doing so

  • send marketing where consent has been given

  • send service led marketing (within our legitimate interest)

Your personal information may also be shared with our partners and suppliers. This information is only shared to help them provide their services to us or to help them provide their services to you.

Other parties may include:

  • The lender or finance company

  • The supplying car dealership

  • The vehicle manufacturer (if they are also the supplier)

  • Third-party insurance companies

  • Trusted third-party partners (such as, chargor installation providers)

  • Credit reference agencies (via the lender)

  • Third-party vendors such as our IT provider & web hosting company

  • Advertising and social media partnersFraud prevention agencies (via the lender)

  • Third party providers that collect your reviews

  • Where required by law or to exercise or protect our legal rights

Credit reference checks

During your application process with us, we'll obtain your consent to supply your personal information to the lender who will in turn use credit reference agencies (CRA) to obtain further information about you. One of the CRA’s that our lenders may use is Experian. 

CRAs supply the lender with public and shared credit, financial situation, financial history information and fraud prevention information. This information is used by the lender to assess whether you can be offered credit. The lender is also obliged to lend responsibly and will use the CRAs to ascertain whether you can afford to purchase the product and/or service. CRAs also assist with verification of the data provided in your application and help with the prevention of financial crime.

When you apply with us and the lender carries out their checks, the CRAs will place a ‘search footprint’ on your credit file and this may be seen by other lenders. If you're making a joint application, the CRAs will share your information with other organisations and your data will be linked to the data of your spouse, any joint applicants, or other financial associates. It is important that you discuss this with the joint applicant and share any relevant information with the joint applicant before submitting your application. 

These links will remain on your files (and any joint applicant’s files) until you (or the joint applicant) successfully files for a disassociation with a CRA to break the link.

Financial crime checks

In addition to credit reference checks, our lenders will also carry out anti-fraud and anti-money laundering checks. As a credit broker, we are committed to working with our partners to prevent financial crime. The lender may also carry out checks with fraud prevention agencies for the purposes of preventing fraud and money laundering. Both ourselves and the lender will also carry out checks to verify your identity before we provide any products and services to you. 

What happens with your personal information

Data retention

We will not retain your personal information for longer than is necessary and we will only use your information for the purposes collected (and as stated earlier in this Privacy Notice). At a minimum, your information will be stored by us as long as you are our customer. For example, if you enter into a four-year lease contract, we will need to retain your information for this four year period.

We are permitted to retain your data for up to seven years after you stop being a customer of ours. Please refer to the earlier section for suggestions as to how we may continue to use your information, but examples might include record keeping, responding to a complaint, evidencing that we met regulatory requirements or dealing with legal claims. After the permitted data retention period, we may anonymise your personal information so that it can no longer be linked to you.

Information security

We treat information security very seriously. We use the latest technology and security in order to protect your information. All staff and any suppliers or contractors that provide services or carry out work on our behalf have to comply with our information security standards.We have processes in place so that we can effectively deal with any suspected data breach and to follow all the relevant regulations.

Marketing consent & preferences

With your consent, we may use your information to market our products and services, along with those from our partners and other select third-parties. With your consent, we may also send you marketing via post, email, telephone, text or social media. We may also use your information for market research and to identify trends. You can change your marketing preferences, or completely opt out, at any time by clicking on the 'unsubscribe' link in any marketing email. Alternatively, you can text "stop" to the number provided within a text message communication. We will aim to update our records as quickly as possible if you unsubscribe. but please note that this may not be immediate.

Website cookies

We use cookies when you visit our website and you can control these through your browser settings. To understand what cookies are, why you are collecting them, and what information cookies store, please refer to our Cookies Policy (also found in the footer of our website). 

Social platforms and plugins

We use social plugins (buttons) of social networks such as Facebook, Instagram, Pinterest and Twitter. When a button is activated, the social network can retrieve data independently, whether you interact with the button or not. Where you have logged in to a social network, the network can assign any of your visits to the website to your user account. If you're a member of a social network and do not want that social network to combine data retrieved from your visit to our websites with data that they hold about you, you will need to log out from the social network concerned before activating the buttons. 

Your rights under data protection law in the UK

You have a number of rights under data protection law regarding the information that we hold about you, including:

  • Right of access: You have the right to access the personal information we hold about you and to obtain information about how we process it. This is referred to formally as a data subject access request (SAR) and the process is outlined further below. 

  • Right to rectification: You can request the correction of inaccurate or incomplete personal information we hold about you.

  • Right to restriction of processing: You can request that we stop processing personal information about you (for example, if you want us to establish its accuracy or the reason for processing it).

  • Right to object: You can object to us processing your personal information if we're not entitled to use it anymore. Please note, there may be situations where you object to our processing of your information, but we're entitled to continue processing your information and/or refuse that request. You  have the right to object where we are processing your personal information for direct marketing purposes. If we agree that your objection is justified in accordance with your rights under UK data protection laws, we will permanently stop using your data for those purposes or provide you with reasonable justification as to why we are required to continue using your information.

  • Right to erasure: In some circumstances, you can request that we delete or remove your information where there is no good reason for us continuing to process it (for example, processing is no longer necessary for the purposes for which your information was collected). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see above). Please note, we may continue to retain your information if we're entitled to or required to retain it.

  • Right to withdraw your consent: If we are processing certain personal data based on your consent, you also have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

  • Automated decision-making and profiling: You have the right not to be subject to a decision which is based solely on automated processing (including any profiling), which would have a significant legal effect on you. Note, that as we are the credit broker and not the lender this may apply more to the lender and their privacy policy.

  • Right to data portability: In some circumstances, you have the right to receive certain information you have provided to us in an electronic format and/or request that we transmit it to a third-party in a format that can be easily reused.

If you would like to exercise any of these rights, please contact us using the details provided at the end of this Privacy Notice.

These rights are subject to certain exemptions, including safeguarding the public interest (such as, the prevention or detection of crime) and our interests (such as, the maintenance of legal privilege) where we may be required or permitted by law to retain certain information about you. 

You will not have to pay a fee to access your personal information or to exercise any of the other rights. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive (or, we may refuse to comply with the request in such circumstances).

In order for us to provide you with any information or correct any inaccuracies, we may need to ask you to provide other details to help us respond to your request such as proof of identity checks.

Your right to submit a data subject access request (SAR)

To exercise your ‘right of access’, please make a formal data subject access request (SAR) by writing to our data protection officer via the details at the end of this Privacy Notice.We will respond to you within one calendar month of receiving your SAR . If this is not achievable for any reason, we will let you know the reason and how long it is expected to take. If we agree that we have an obligation to provide you with the personal information requested, then we will do so free of charge. We will always undertake ID and security checks before providing any personal information.

How to contact us and our data protection officer

Please contact our data protection office if you have any questions about this Privacy Notice or would like further information at info@electriccarscheme.com.

You can lodge a complaint about how we collect or process your personal information by following our Complaints process, which is outlined in the footer of our website.  We hope that you will agree to attempt to resolve your dispute by engaging in good faith with us in a process of mediation or arbitration.

If you are unhappy with the outcome of your complaint regarding your personal information, you can lodge a complaint with the Information Commissioner's Office (ICO) via https://ico.org.uk/make-a-complaint/. We would, however, appreciate the opportunity to talk with you about your concern before you approach the ICO.