Who We Are
Vendor Finance Ireland Ltd (herein called ‘Vendor Finance’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection regulation and law – the General Data Protection Regulation (GDPR) (EU)2016/679) and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) regulations 2011. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your personal data. It is important that you take the time to read this notice so that you understand how we will use your personal data and your rights in relation not your personal data.
Vendor Finance’s registered office is at Unit 2, St. Vincent’s Business Park, Finisklin Road, Sligo F91 N243. Our Company Registration Number is 547939 and we are registered on the Data Protection Commissioner’s register of Data Controllers under registration number 15564/A. Our designated Data Protection Officer/Compliance Officer for the organisation is Lynn Crumley and we can be contacted by writing to Unit 2, St. Vincent’s Business Park, Finisklin Road, Sligo F91 N243, by calling (071) 931-0137 or by emailing email@example.com.
Information That We Collect
Vendor Finance processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than already specified in this notice.
The personal data that we collect from you is: –
- Date of Birth
- PPS Number
- Country of Birth
- Current Home Address
- Length of time at this address
- Previous address if at current address for less than 3 years
- Personal Email
- Home Telephone Number
- Mobile Telephone Number
- Marriage Status
- Number of Dependant Children
- Age of youngest dependant child
- Age of oldest dependant child
- Employer Name
- Employer Address
- Employment Status (i.e. full-time, part-time)
- Length of time with current employer
- Previous employer if at current employer for less than 3 years
- Net monthly Income (after tax)
- Name of Bank
- Bank Account details (IBAN, Account Number and Sort Code, and/or Bank Statements)
We collect information in the below ways:
- Information you give us – this is information you give us by filling in forms (enquiry, application,contact forms, ) or by communicating with us by telephone, email, or by any other means.
You must ensure that in respect of any information you provide us with which does not relate to you (for example, information about your associates), you have provided the individual to whom the information relates with a copy of this Privacy Notice and obtained any necessary consents to disclose such information.
- Information we collect or generate about you – our website uses Google Analytics to automatically gather certain statistical information such as the number and frequency of visitors and their IP addresses. This information is used as aggregated statistical information about users, providing usage by IP address. This information helps us to measure how individuals use the website and ourservices, so that we can continually improve
We record all telephone conversations to process applications, manage facilities, resolve complaints, improve our service and for training, verification and quality assurance purposes.
- Financial Information – we will use information provided by your professional advisors, includingaccountants where applicable and where you have given your consent to do so, when assessing and preparing your application for finance and to verify your, or if applicable, your associate’s identity. Such information may include some details about your finance status and other loans you have taken out.
- Information we receive from other Intermediaries – We will receive information from dealers and introducers, which will include your personal details, contact details and relevant asset and financialdetails for the purposes of preparing and submitting your finance application to the appropriate lender.
We may obtain information about individuals from public databases, which include (but is not limited to) the electoral register and Companies Registration Office. We may also avail of information which is published within the public domain.
- Fraud Prevention – When verifying your identity as part of our application process, we may access information recorded by fraud agencies within Ireland. This may include information about any criminal convictions and any allegations regarding criminal activity that relate to you.
- Failure to provide personal data – Where you do not provide us with your personal data, we maynot be able to provide you with our services or respond to any questions or requests you submit to us. We will tell you when we ask for personal data which is a contractual requirement or needed to comply with our legal obligations.
How We Use Your Personal Data
Vendor Finance takes your privacy very seriously and will never disclose, share or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purposes specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw consent at any time. The purposes and reasons for collecting, processing and storing your personal data are detailed below:
- To provide you with information, products or services that you may request from us
- To provide a broker service and to ensure that finance applications are completed as per Lender requirements for underwriting purposes
- To fulfil our legal obligation for business accounting and tax purposes
- To communicate with, inform and answer queries from prospective, current or past clients.
- To identify and offer you tailored products and services that are suitable for you and improve our service e.g. quality control research
- To fulfil obligations under law. E.g. the Consumer Protection Code 2012, SI 336 2007, (GDPR)(EU)2016/679.
- To inform clients of further relevant information in line with what they have previously agreed. E.g. Information about a selection of financial products which may be of interest to them in line with preferences supplied earlier for that same purpose.
- To carry out lawful business viably (company legitimate interests)
- To facilitate necessary communications between relevant parties and systems to process and progress a legitimate sale. E.g. Credit checks and ratings or other relevant processes.
- To contact you via post, e-mail or telephone in relation to the administration of your account
- If we are acquired by a third-party, in which case personal data held by us about you will be disclosed to the third-party
This use of the data is necessary for our legitimate interest in managing our business including legal, personnel, administrative and management purposes such as improving customer service, market research, quality assurance, training staff and for the prevention and detection of crime provided our interests are not overridden by the data subject’s interest. Please note, that in certain circumstances you have a right to object to processing of your personal data where that processing is carried on for our legitimate interest.
The above list is not exhaustive given the nature of the business and therefore this statement will be reviewed to reflect this as required.
You have the right to access any personal information that Vendor Finance processes about you and to request information about: –
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If we are processing your data on the legal basis of Consent, you are entitled to withdraw your consent at any time. However, the withdrawal of your consent will not invalidate any processing we carried out prior to your withdrawal and based on your consent.
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to update/correct it as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data (‘Right to be Forgotten’) in certain circumstances, including where:
- Your data is no longer needed for the purpose for which it was collected
- You withdraw your consent (where processing was based on consent)
- You object to the processing and there are no overriding legitimate grounds justifying us processing your personal data (see Right to Object below)
- Your data was unlawfully processed, or
- To comply with a legal obligation (however, this right does not apply where, for example, theprocessing is necessary to comply with a legal obligation or the establishment, exercise or defence of legal claims).
You can ask that we restrict your personal data being processed in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that the lender uses including profiling, which produce legal effects concerning you or similarly significantly affects you other than where the decision is:
- Necessary for entering into a contract, or for performing a contract with you
- Based on your explicit consent, which you may withdraw at any time
- Is authorized by EU or Member State law
Where a lender bases a decision solely on automated decision-making, you will always be entitled to have a person review the decision so that you can contest it and put your point of view and circumstances forward.
Where you have provided personal data to us, you have a right to receive such personal data back in a structured, commonly-used and machine-readable format and to have that data transmitted to a third-party controller without hindrance but, in each case, only where the processing is carried out by automated means and where the processing based on your consent or on the performance of a contract with you.
You have a right to object to the processing of your personal data in those cases where we are processing your personal data in reliance on our legitimate interests. In such a case, we will stop processing your personal data unless we can demonstrate compelling legitimate interests which override your interests and you have a right to request information on the balancing test we have carried out. You also have the right to object where we are processing your personal data for direct marketing purposes.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request. This is to ensure that your data is protected and kept secure.
Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Vendor Finance uses third-parties to provide the below services and business functions, however all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures. We share your personal data with the following categories:
For tax and purposes, we share your personal data with our accountant and bookkeeper. This includes sharing invoices displaying your name for the purpose of completing our end of year accounts. Our accountant and bookkeeper is located in Ireland
For insurance and legal purposes, we will share your personal data with our insurance companies when required to do so. This includes supplying personal data under the requirements of our contract with the insurance company or in relation to a claim that we make or receive. Our insurance company is located in Ireland
In order to provide you with our broker service, we work with a suite of different Lenders. We will share your personal data with one or more of these lenders, depending on the type of finance you are seeking and the asset you wish to finance. These lenders are located in Ireland and include:
- AIB Finance & Leasing
- First Citizen Finance
- Bluestone Motor Finance
- Finance Ireland
- Maquarie Equipment Finance
- Flender Finance
- Close Brothers Commercial Finance
- Braemar Finance
- Linked Finance
- GRID Finance
- Finance 4 You
- LM Operations
The Central Credit Register (CCR) was established by the Central Bank of Ireland under the Credit Reporting Act 2013 and is a secure system for collecting personal and credit
information on loans of €500 or more. From 1st October 2019, all Irish lenders are required to run a CCR Enquiry during their credit applications. A CCR Enquiry involves lenders transferring your personal and credit application data to the CCR. As such, in assessing the suitability of your finance application, our lenders will submit your personal and credit application data to the CCR as part of their application process. For the foreseeable future, our lenders may also forward your data to the Irish Credit Bureau (ICB) for a credit check, until such a time as this agency is wound down. The legal basis upon which the CCR and ICB relies to process your data is their ‘Legitimate Interests’ (GDPR Article 6 (f)). For more information regarding the CCR and how it works, please visit www.centralcreditregister.ie.
The ICB’s Fair Processing Notice documents who they are, what they do, details of their Data Protection Officer, how it gets the data, why they take it, what personal data they hold, what they do with it, how long they retain it, who they share it with, what entitles them to process the data (legitimate interests), what happens if your data is inaccurate and your rights.
In addition, some lenders may use Profiling, or auto-decision processes, in assessing finance applications.
Vendor Finance have always been committed to securing and protecting our customer’s data. In order to process and store your data securely and to deliver an efficient service to you, we must use the services of our IT partners. Our IT provider is ISO27001 (information Security Standard) aligned and fully GDPR compliant. Our IT partners are located in Ireland.
There are times, such as when a finance application has been approved, when Vendor Finance may need to share some of your personal data with the dealership the vehicle is being purchased from. This is essential in order for the dealer to provide an invoice to the lender, which is used in the preparation of the finance documents. We are also ensuring that all dealers we work with have also taken the necessary steps to become GDPR compliant. All Car Dealerships are located within the Republic of Ireland only. Commercial Dealerships are located in Republic of Ireland, The UK and Mainland Europe.
Due to the nature of our business and services, paper formats of confidential information are received by Vendor Finance on occasion. Electronic copies are only printed when necessary. Where paper information is no longer required, Vendor Finance uses a confidential shredding process via a secure waste disposal provider. This Provider is located in Ireland.
To ensure all Proof of Identities provided as part of a successful finance application are thoroughly authenticated and verified, Vendor Finance uses the services of a Provider that runs a suite of advanced technical checks, including biometric face recognition, to ensure compliance. This service provider is located in Ireland.
Vendor Finance takes your privacy seriously and we take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures in place, including: –
- SSL-VPN connections
- Encryption of personal data
- Restricted access
- Reviewing, auditing and improvement plans for the ongoing confidentiality, integrity, availability and resilience of processing systems and services
- Disaster Recovery and Business Continuity Plan to ensure up-to-date and secure backups and the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
- Audit procedures and stress testing on a regular basis to test, assess, review and evaluating theeffectiveness of all measures and compliance with the data protection regulations and codes ofconduct
- Frequent and rolling training programs for all staff in the GDPR, its principles and applying those regulations to each role, duty and the company as a whole
- Staff assessments and testing to ensure a high level of competency, knowledge and understanding of the data protection regulations and the measures we have in place to protect personalinformation
- Recheck processes to ensure that where personal information is transferred, disclosed, shared or is due for disposal, it is rechecked and authorised by the Data Protection Officer (DPO)/Compliance Officer
Although all reasonable steps have been taken to store your data securely, Vendor Finance cannot ensure that your data is not intercepted by third parties in the course of being transmitted to us. In the event that any information is intercepted when being transmitted to us via the internet we bear no responsibility or liability to you for the manner in which any such intercepted data is used by any third parties.
Consequences of Not Providing Your Data
You are not obligated to provide your personal information to Vendor Finance however, as this information is required for us to provide you with our services to secure finance on your behalf, we will not be able to offer any of our services without it.
How Long We Keep Your Data
Vendor Finance retains your personal data for as long as necessary to provide you with our services as our client. How long we hold it will vary. The retention period will be determined by the purpose for which we are using it and our legal obligations – i.e. Central Bank of Ireland codes of conduct and regulations and Anti-Money Laundering obligations.
Vendor Finance are required under the Consumer Protection Code 2012, to hold your data for 6 years after the date your finance application has been discontinued or completed., unless we are required by law to keep it for a longer period of time (in which case, we will keep it until the expiry of the period required by law).
Special Categories Data
Owing to the products and services that we offer, Vendor Finance does not need to request sensitive personal information from you to process your application. As such, Vendor Finance will never ask for information relating to your health, religion, sexual orientation, disability, race or any other belief, membership or personal choice.
All successful applicants, as part of their finance contract signing process, will undergo advanced technical checks on Proof of Identity documents provided. There are 12 technical checks performed in all – one of which entails Facial Match recognition which captures face biometrics, matching it to the facial image on the Drivers License or Passport provided.
Vendor Finance will seek your explicit consent prior to running the Facial Match check.
Lodging A Complaint
Vendor Finance only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.
Vendor Finance Ireland Ltd
Unit 2, St. Vincent’s Business Centre, Finisklin Road, Sligo F91 N243
+353 (0) 71 9310137
Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, Ireland R32 AP23
+353 (0) 57 8684800
Changes to our privacy notice
Vendor Finance may change this notice from time to time. All changes will be posted and updated here. We will notify you directly by email (if we hold one for you) if any significant changes occur. We advise you to check back here frequently to review the most current version of this notice.
This Statement was last updated on 11/06/2020