Where we are in control of deciding how and why your Personal Data is processed, we are Data Controllers of your Personal Data. The terms Data Controller and Personal Data are defined within the General Data Protection Regulation. We undertake to act in accordance with the General Data Protection Regulation (including having in place adequate levels of security in respect of such Personal Data).
We are Oodle Financial Services Limited trading as Oodle Car Finance (“Oodle Car Finance” “we”, “us” or “our”). We are registered with the Information Commissioner’s Office with registration number ZA121323 and you can search our registration details on the Public Register of Data Controllers at www.ico.org.uk.
Our Data Protection Officer is: Oodle Car Finance General Counsel who can be contacted by writing to Oodle Car Finance, 1st Floor, Fletcher House, Oxford Science Park, Oxford, OX4 4GE or by emailing firstname.lastname@example.org .
Customers and prospective customers
When you register an interest to use our Services and/or our sites, we may ask you to provide certain information such as your name, address, email address, and a contact number.
We may also request contact details so that we can communicate with you about our services, for example if you submit an enquiry for information or to send marketing communications.
The main reason we use the information that you provide and that is provided by third parties is to consider whether Oodle Car Finance should enter into a finance agreement with you, either now or in the future, and this information will be entered onto the Oodle Car Finance, finance proposal system. It is important that you provide accurate information on your application.
We may also use your information:
This might include details of your medical data. We may require such information if we consider you have specific requirements, your needs change or you experience vulnerabilities which we need to consider as part of the management of your agreement with us.
We may also require details regarding criminal records and proceedings for compliance with legal obligations (including safeguarding against fraud and anti-money laundering requirements).
When you visit our site, in addition to information you provide to us on the site (such as name and contact details) we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws. Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information.
We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked. We may also collect information about the website from which you came before vising our site. Collecting this information enables us to better understand the visitors who come to our site, where they come from, and what content on our site is of interest to them. We may also use the information to pre-populate fields to make it easier for you to provide information when you return to our sites (using cookies – see more on this at section 11 below).
We use this information for our internal analytics purposes and to improve the quality and relevance of our site to our visitors.
Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and other websites” at section 11 below.
If you are a business contact we may, for the purpose of conducting business with you (or your employer), collect contact information such as name, address, telephone number, email address as well as name of your employer. In addition we may correspond with you and that may contain certain Personal Data that we exchange in the ordinary course of business such as to schedule meetings and calls and for the purpose of services we provide to you (or your employer) or you (or your employer) provide to us.
Generally, whether you are a customer or prospective customer, business contact or a visitor to our site, we may use your Personal Data for the following purposes:
Your Personal Data may be converted into anonymised form in a way which means you cannot be identified from it and then used for the purposes of information security testing, statistical analysis and to enhance our provision of products and services. Our use of all such data will be in line with our responsibilities under the General Data Protection Regulation and other applicable data protection laws and we would always anonymise it before using it for these additional purposes.
Our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from you only (i) where we need the Personal Data to perform a contract with you, (ii) where the processing is in our legitimate interests and not overridden by your rights, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contact with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
If we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicate with you as necessary to provide our Services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and if appropriate we will make clear to you at the relevant time what those legitimate interests are.
From time to time we would like to send you details of products and services, which may be of interest to you. The provision of Personal Data for the purposes of direct marketing is voluntary and you do not need to provide such Personal Data in order to receive our Services. Where you have consented, we may:
You can change your marketing contact preferences at any time by Contacting Us or unsubscribing from the relevant communication (email email@example.com). To do this in relation to marketing from our group companies and third parties please write to them. Their contact details should be specified in the marketing communication itself which you have received from them.
When you register or apply to use our Services we may also collect information about you to assess your creditworthiness.
This information may be collected:
When you register or apply to use our Services we will share your Personal Data with fraud prevention agencies. This is because we have a legitimate interest in preventing fraud and money laundering and we are required to verify your identity in order to protect our business. The agreement that you have with us also allows us to share your Personal Data with fraud prevention agencies.
We will also continue to exchange information about you with credit reference agencies on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. Credit reference agencies will share your information with other organisations.
Oodle Car Finance and fraud prevention agencies may also allow law enforcement agencies to access your Personal Data if they need this to detect, investigate or prevent crime.
Please note that fraud prevention agencies can hold your Personal Data for different periods of time and if you are considered to pose a fraud or money laundering risk, your data may be held by them for up to six years.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please refer to the “Automated Decisions” section below.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.
Whenever fraud prevention agencies transfer Personal Data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your Personal Data to the standard required in the European economic Area. They may also require the recipient to subscribe to “international frameworks” intended to enable data sharing.
Please see http://www.experian.co.uk/crain/index.html for further information on credit reference agencies.
When you register an interest to use our Services or make use of our Services you consent to us sharing your data with the following parties:
In order to ensure fair and transparent processing, we will, taking into account our processing activities, adopt appropriate procedures for the processing of Personal Data, which shall include implementing technical and organisational measures which take into account the harm that may be suffered, and correct inaccuracies identified in Personal Data processed, so that risk of errors are minimised and your Personal Data is processed in a fair and secure manner.
All information you provide to us is stored on our secure servers which are located in England. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Some of our service providers and other organisations that we work with (including credit reference agencies), may be located outside the European Economic Area in countries that do not have the same standards of protection for Personal Data as the UK. We will, however, always use every reasonable effort to ensure sufficient protections are in place to safeguard your Personal Data. We will also ensure that our service providers enter into compliant processing agreements, including for transfers of data outside of the European Economic Area, with us to ensure that your Personal Data is processed in accordance with the General Data Protection Regulation and other applicable data protection laws.
In the event that you make an application to use our Services or use our Services, we will only store your Personal Data whilst you continue to use our Services and for a period of 6 years thereafter (or such longer period as is necessary for the proper performance of our regulatory obligations to you).
When we have no ongoing legitimate business need to process your Personal Data, we will either delete or anonymise it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
If you wish to contact us in relation to any of your rights, you can email us at firstname.lastname@example.org or contact us by telephone on 01865 477826. Please note that we may ask you to provide a form of identification verification before we can give effect to any such request made by you.
Any material changes we make to our privacy notice in the future will be posted on this page and, if appropriate, sent to you by email.
Our Cookies Policy can be located via the following link
Links to Other Websites
Our site may, from time to time, contain links to and from the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.
In some instances, our use of your Personal Data may result in automated decisions being taken (including profiling) that legally affect you or similarly significantly affect you.
Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. For example, we use automated decisions to make decisions about creditworthiness. We have implemented measures to safeguard the rights and interests of individuals whose Personal Data is subject to automated decision-making.
When we make an automated decision about you, you have the right to contest the decision, to express your point of view, and to require a human review of the decision. You can exercise this right by contact us using the contact details provided under the “Any questions” heading below.