Mann Island Finance Limited Data Protection Notice to Individuals Involved in Finance Applications
Mann Island Finance Limited (”we”, “us” “our”) is a finance broker which helps applicants obtain finance for transactions, mainly for motor vehicles. If you apply for finance through us, this process will involve the processing of your personal data. We are committed to processing your personal data in accordance with EU data protection laws, so this Data Protection Notice is intended to give you information on how this personal data (i.e., information which directly or indirectly identifies you) will be processed by us and/or any company to which we submit a finance application on your behalf. You will be given details of the identity of those companies, but for present purposes we will refer to any such company in this notice as “the Company”.
Where the Company is MI Vehicle Finance Limited (MIVF), a finance company linked to MIF, further details of how MIVF will manage and use your data can be found at https://www.mannisland.co.uk/mivf-data-protection, where you can also find details of the credit reference and fraud prevention agencies that MIVF uses, and information about your data protection rights. Both MIF and MIVF are members of the Investec Group of Companies, and may pass your data on to other companies within that group, some of which are located in countries outside the EEA (including in South Africa).
For the purposes of EU data protection laws, we and the Company will each be a data controller.
Data That May Be Collected. We and the Company may each collect certain personal data with respect to you, including, without limitation, your name, address, date of birth, contact details, credit reference data, financial and employment details, banking and credit card details, director or shareholder roles, income and similar details. We and/or the Company may collect some of this data from third parties, for example credit reference agencies.
Where a corporate entity is applying for finance, we and the Company may collect personal data about the individuals who are directors and shareholders of the business from credit reference agencies (CRAs) where this data is held publicly, such as at Companies House. Where a partnership is applying, we and the Company may similarly collect personal data about the individual partners. This notice also applies to the processing of such personal data and use of the word ‘you’ in this notice will encompass such individuals.
We and the Company may process sensitive personal data (including, for example, information revealing an individual’s physical or mental health). Where sensitive personal data are processed we will obtain your explicit consent for the processing.
Use of Personal Data. We and/or the Company will use your personal data for: provision of products and services, credit and AML risk assessment, profiling for marketing purposes, market research and product development, statistical analysis, marketing, fraud prevention and detection and otherwise as necessary to comply with applicable laws, regulations and/or codes of practice. The processing of personal data may be undertaken with your consent, or where it is necessary for the performance of a contractual relationship or compliance with a legal obligation, or where it is in our legitimate interests, and/or those of the Company or a member of any group of companies to which we and/or the Company belongs.
Disclosure to Certain Third Parties. We and/or the Company may disclose certain personal data: (i) within any group of companies to which we and/or the Company belongs (we and MIVF belong to the Investec Group); (ii) to our and/or the Company’s brokers and dealers / suppliers, professional advisors and service providers (including, information technology systems providers); (iii) to courts, governmental and non-governmental regulators and ombudsmen; (iv) to fraud prevention agencies and law enforcement agencies; (v) to any third party that acquires, or is interested in acquiring, all or part of our assets or shares, or those of the Company , or that succeeds us and/or the Company in carrying on all or a part of our and/or its business, whether by merger, acquisition, reorganization or otherwise; and (vi) as otherwise required or permitted by law.
In particular, we and/or the Company may share the personal data we and/or it collect(s) with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies for these purposes can be found on the Investec website at www.investec.com/en_gb/Legal/UK/fraud-prevention-notice.html or by contacting our Data Privacy Officer at 5, St Paul’s Square, Liverpool L3 9SJ or by email to email@example.com. Similar information regarding who to contact at the Company will be given to you at the same time as you are informed about the identity of the Company.
In addition, in order to process your application for finance, your personal data will be shared with CRAs. We and/or the Company will send information about your applications to CRAs and they will record this, even if your application does not proceed or is unsuccessful. This will include information from your credit application and about your financial situation and financial history. CRAs can give us and/or the Company both public information (e.g. electoral register) and shared credit, financial situation and financial history information and fraud prevention information
We and/or the Company may use the data received to:
- Assess your creditworthiness:
- Verify the accuracy of the data you have provided:
- Prevent criminal activity, fraud and money laundering:
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
The Company may continue to exchange information about you with CRAs while you have a relationship with them, and may also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from us and/or the Company they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us and/or the Company that you have a spouse or financial associate, we and/or the Company may link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at each of the three CRAs websites – using any of these three addresses will take you to the same CRA Information Notice (CRAIN) document:
Transfer of Personal Data Outside the European Economic Area (“EEA”). We and/or the Company may transfer your personal data to recipients (including affiliates) located in countries outside of the EEA, which may not have data privacy laws equivalent to those in the EEA. In such a case, we and/or the Company will be under a duty to take all necessary steps to ensure the safety of your personal data in accordance with applicable data protection laws.
Your rights. Under applicable EU data privacy laws, you may have a right to: (i) request access to and rectification or erasure of your personal data; (ii) obtain restriction of processing or to object to processing of your personal data; (iii) withdraw your consent to the processing of your personal data; and (iv) data portability (i.e. to request the transfer of personal data from one data controller to another in certain circumstances). If you wish to exercise any of these rights against us, you should contact our Data Privacy Officer at 5 St Paul’s Square, Liverpool, L3 9SJ or email firstname.lastname@example.org ; if you wish to do so against the Company, you should contact the Data Privacy Officer(s) whose details will be given to you at the same time as you are informed about the identity of the Company. Where the Company is MIVF, please email AFGDataprivacy@investec.co.uk. You also have the right to lodge a complaint about the processing of your personal data by us and/or the Company with the UK data protection authority, the Information Commissioner’s Office, whose contact details can be found at https://ico.org.uk/.
We and/or the Company may rely on automated credit assessment based on the personal data which we receive from you and/or obtain from a credit reference agency or similar sources about your credit profile or history. The outcome of this process can result in an automated decline of your application where it does not meet the acceptance criteria which we and/or the Company apply. We and/or the Company have a duty to review these acceptance criteria regularly to ensure fairness in the decisions made, and you have a right to ask us or it to manually review any decision taken in this manner.
In addition we may use automated profiling to identify whether other products or services may be of use to you when we consider marketing campaigns. You have a right to object to this automated profiling. This is separate to the right you have to object to receive marketing.
Security. We and/or the Company are under a duty to take steps to protect your personal data against loss or theft, as well as from unauthorized access, disclosure, copying, use or modification, regardless of the format in which it is held.
Retention. We will retain your personal data for seven years from the date on which our relationship with you ends. When you are informed of the identity of the Company, you will also be informed of the policy it adopts regarding the retention of your personal data.
Enquiries, Requests or Concerns. All enquiries, requests or concerns regarding this Notice or relating to the processing of Personal Data, should be sent to our Data Privacy Officer at 5 St Paul’s Square, Liverpool L3 9SJ, by emailing email@example.com or by telephoning 0370 600 6668. Alternatively, you may contact the Data Privacy Officer(s) whose details will be given to you at the same time as you are informed about the identity of the Company.