Privacy Policy

 

Privacy Notice

1. Introduction and Scope

At Vendor Finance, we know that your privacy is important to you. This privacy notice (‘Notice’) describes the types of information we collect and use, who that information relates to, how and why we use such information, who we share it with, and your legal rights.

Vendor Finance complies with the requirements of the General Data Protection Regulation (GDPR) 2018, the Irish Data Protection Act 2018, and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) regulations 2011.

When we talk about ‘information’ in the Notice, we mean any information relating to you (your ‘personal data’).

Unless indicated otherwise, the Notice applies to all our website, domains, apps, and to arranging or offering to arrange the provision of credit from providers of credit through our online platform and the retrieval of transactional and financial information from your payment account provided (with your consent) to assist with your credit application (the ‘Services’).

2. Who We Are

Vendor Finance Ireland Ltd (herein called ‘Vendor Finance’, ‘we’, ‘us’ or ‘our’) is licensed by the Competition and Consumer Protection Commission to act as a credit intermediary pursuant to the Consumer Credit Act 1995. We are incorporated in Ireland and our company Registration Number is 547939. Our registered address is Unit 2, St. Vincent’s Business Park, Finisklin Road, Sligo F91 N243. We are also registered on the Data Protection Commissioner’s register of Data Controllers under registration number 15564/A.

3. Who is Responsible for Your Information

Vendor Finance is responsible for collecting information about you and looking after your personal data (your ‘data controller’). We are aware of our responsibility to handle your personal data with care, to keep it secure, and comply with applicable privacy and data protection laws.

4. Who This Notice Applies To

We collect and process information which relates to a variety of categories of individuals. These include individuals who may not have a direct relationship with Vendor Finance. We have described below the main types of individuals whose information we collect, use, and otherwise process:

  • Customers and related individuals: We collect and use information relating to our prospective, current, and former customers. We also collect and use information relating to individuals connected with customers, such as their employees, partners, directors, company secretaries, shareholders, or beneficial owners.
  • Vendors and related individuals: We collect and use information relating to our prospective, current, and former vendors, such as garages, who use the Services on behalf of customers seeking car finance. We also collect and use information relating to individuals connected with vendors, such as their employees, partners, directors, company secretaries, shareholders, or beneficial owners.
  • Business and marketing contacts: In the course of providing and marketing our Services, we also collect and use information relating to visitors to our website, domains, visitors to our office, event invitees or attendees, and other business and marketing contacts.

5. Information That We Collect

Vendor Finance processes your personal information to meet our legal, statutory, and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than already specified in this notice.

The personal data that we collect from you is:

  • Title and Full Name
  • Date of Birth
  • PPS Number
  • Country of Birth
  • Gender
  • Address Details
  • Length of time at address (3-year history required)
  • Residential Status
  • Email Address
  • Home Telephone Number
  • Mobile Telephone Number
  • Marital Status
  • Number of Dependants
  • Age of youngest dependant child
  • Age of oldest dependant child
  • Employer Name
  • Employer Address
  • Occupation
  • Employment Status (i.e., full-time, part-time)
  • Length of time with current employer
  • Previous employer if at current employer for less than 3 years
  • Net monthly Income (after tax)
  • Other monthly income
  • Mortgage/Rent Payments
  • Other monthly repayments
  • Name of Bank
  • Bank Account details (IBAN, Account Number and Sort Code, and/or Bank Statements, Transactional information)
  • Customer expected credit history

We collect information in the below ways:

  • Information you give us: This is information you give us by filling in forms (enquiry, application, contact forms, etc.) or by communicating with us by telephone, email, or by any other means. You must ensure that in respect of any information you provide us with which does not relate to you (for example, information about your associates), you have provided the individual to whom the information relates with a copy of this Privacy Notice and obtained any necessary consents to disclose such information. If you provide information to us about any person other than yourself, you should ensure that you have a legal basis for doing so and that you have complied with your transparency obligations under data protection law. We will only request information we require to provide our Services.
  • Information we collect or generate about you: Our website uses Google Analytics to automatically gather certain statistical information such as the number and frequency of visitors and their IP addresses. This information is used as aggregated statistical information about users, providing usage by IP address. This information helps us to measure how individuals use the website and our services, so that we can continually improve them. We record all telephone conversations to process applications, manage facilities, resolve complaints, improve our service, and for training, verification, and quality assurance purposes.
  • Financial Information: We will use information provided by your professional advisors, including accountants where applicable and where you have given your consent to do so, when assessing and preparing your application for finance and to verify your, or if applicable, your associate’s identity. Such information may include some details about your finance status and other loans you have taken out.
  • Information we receive from other Intermediaries: We will receive information from dealers and introducers, which will include your personal details, contact details, and relevant asset and financial details for the purposes of preparing and submitting your finance application to the appropriate lender. We may obtain information about individuals from public databases, which include (but is not limited to) the electoral register and Companies Registration Office. We may also avail of information which is published within the public domain.
  • Fraud Prevention: When verifying your identity as part of our application process, we and/or our lender partners may access information recorded by fraud agencies within Ireland. This may include information about any criminal convictions and any allegations regarding criminal activity that relate to you.
  • Failure to provide personal data: Where you do not provide us with your personal data, we may not be able to provide you with our services or respond to any questions or requests you submit to us. We will tell you when we ask for personal data which is a contractual requirement or needed to comply with our legal obligations.

6. Special Categories Data

Owing to the products and services that we offer, Vendor Finance does not need to request sensitive personal information from you to process your application. As such, Vendor Finance will never ask for information relating to your health, religion, sexual orientation, disability, race, or any other belief, membership, or personal choice.

All successful applicants, as part of their finance contract signing process, will undergo advanced technical checks on Proof of Identity documents provided. There are 12 technical checks performed in all – one of which entails Facial Match recognition which captures face biometrics, matching it to the facial image on the Drivers License or Passport provided. Vendor Finance will seek your explicit consent prior to running the Facial Match check.

7. How We Use Your Personal Data

Vendor Finance takes your privacy very seriously and will never disclose, share, or sell your data without your consent, unless required to do so by law. We only retain your data for as long as is necessary and for the purposes specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw consent at any time. The purposes and reasons for collecting, processing, and storing your personal data are detailed below:

  • Provision of our Services: If you use our services or request information, we will collect your personal data for use by Vendor Finance Ireland Limited and use information relating to you to provide the Services you have requested.
  • When required, we make your information available to third parties with whom we have a relationship – i.e., lenders, dealerships. We will only provide those third parties with information that is necessary for them to perform their services.
  • Lenders may perform a check on your credit history by seeking a credit report from the Central Credit Register (CCR). You can refer to the privacy statements on their websites for more information about their privacy practices.
  • We use your contact information to provide you with the products and services you have requested and to respond to complaints and enquiries. We will also use your contact information to contact you or interact with you in connection with the product you currently hold with us or service that we currently provide. To provide you with information, products, or services that you may request from us.
  • If you are a vendor who uses our Services to assist customers in arranging finance, we will collect and use information relating to you and individuals connected to your company (such as your employees, partners, directors, company secretaries, shareholders, or beneficial owners) in order to enable you to use the Services. While much of this information will relate specifically to the provision of Services, we will also use information as part of our administrative, financial, and operational processes.
  • We will occasionally use your personal details and finance information (but not your bank account details) as listed in the above list to match products to your demographic which provide us with insights as to future financial services you or others may require.
  • In carrying out this processing we rely on the following legal bases: contractual necessity, compliance with our legal obligations, and legitimate interests.
  • Improving Services together with third parties:
  • We will analyse your data together with lenders for the purpose of improving the efficiency of the Services such as by developing customer pre-screening. Specifically, we will analyse the following: occupation, monthly net salary, other monthly income, customer expected credit history, mortgage/rent payments, date and country of birth, other monthly repayments, time at current employer, marital status, transactional information, number of dependants, residential status.
  • In carrying out this processing we rely on the following legal basis: legitimate interests.
  • AML Compliance:
  • We may collect and use your personal details, photo ID, PPS number or IBAN (for identification purposes), and proof of address information in the context of compliance with anti-money laundering (AML) laws and our other regulatory obligations.
  • Shareholders of vendors with more than 25% interest in a company and individual applications may be required to provide information to determine if they are a Politically Exposed Person (PEP).
  • AML information may be sent to credit providers and to the CCR.
  • In carrying out this processing we rely on the following legal basis: Compliance with our legal obligations.
  • Websites and apps:
  • If you visit our website, we will collect certain information relating to you. Generally, unless you submit information to us, such as via an online application form, we only collect technical and device-related information from your use of our website. We do so to secure our website, understand how you use it, and analyse how we can improve it. See the Cookie Policy on our website for more details.
  • Also, with your consent, we may send you updates, invites, and marketing materials. We may also do this if you are a customer or a former customer and have provided your consent. You will always have the right to unsubscribe from such communications. If we do so, we will also collect information on your interaction with such communications.
  • In carrying out this processing we rely on the following legal basis: Legitimate Interests.
  • Events:
  • Where you register for or attend an event organized by or in conjunction with Vendor Finance, we will collect your contact details and the details of the event you attended.
  • If you ‘opt in’ to receiving marketing communications from us, we may send you emails and communications about the event and other events and information we think you might be interested in.
  • If you attend an event, we might capture your image in photographs and videos. It will be made clear at an event if photography or video recording is taking place. If you object to this, please inform a member of our staff at the event (for instance, you can tell the photographer at the time they are taking the photo).
  • In general, we use your information in the context of the event, and for future marketing and events, unless you have objected to such use.
  • In carrying out this processing we rely on the following legal basis: Legitimate Interests.
  • Call Recordings:
  • Calls to and from Vendor Finance may be recorded for training, security, compliance, and verification purposes.
  • In carrying out this processing we rely on the following legal basis: Legitimate Interests (quality and verification purposes).
  • CRM:
  • If you are a current or former customer or have agreed that we may stay in touch with you in relation to updates and events, we will include your personal details (listed in the table above) in our CRM database. We do so to 1) keep in touch with you such as to send you communications, surveys, and marketing about our events and Services, 2) identify what other events or Services we think you might be interested in, and 3) understand how you use our Services.
  • In carrying out this processing we rely on the following legal basis: Legitimate Interests.

If you provide information to us about any person other than yourself, you should ensure that you have a legal basis for doing so and that you have complied with your transparency obligations under data protection law. We will only request information we require to provide our Service.

8. Our Legal Bases

In order to collect, use, share, and otherwise process your information for the purposes described in this Notice, we rely on a number of legal bases, some of which are mentioned above, including where:

  • Necessary to perform a contract we have with you (i.e., the Services and Terms & Conditions) (‘Contractual Necessity’)
  • Necessary for us to comply with a legal obligation
  • Necessary for the purposes of Vendor Finance’s or a third party’s legitimate interests, such as those of customers and others. This is provided that those interests are not overridden by your interests or fundamental rights and freedoms; and
  • You have consented to the processing (in which case you may revoke your consent at any time).

9. Legitimate Interests

Where we collect, use, disclose, and otherwise process your information based on legitimate interests, we may rely on the following interests:

  • Credit Intermediary Services: We use your information to pursue our customers and other impacted individuals’ legitimate interests in arranging or offering to arrange the provision of credit from providers of credit through our online platform.
  • Keeping our Services safe and secure: We use your information in certain instances as necessary to pursue our, and your, legitimate interests of keeping some of our services, such as our domains, websites, apps, offices, and events, safe and secure. For example, we collect IP addresses and process log files to ensure our website is not subject to fraudulent access.
  • Marketing our Services: We use your information as necessary to pursue our legitimate interests in marketing our Services. For example, where permitted by digital marketing law, we may contact you by email to let you know of future events you might be interested in.
  • Providing, improving, and developing the Services: We use your information as necessary to pursue our legitimate interests in tailoring and improving our Services. For example, if you are a customer, we may send you a survey or questionnaire to understand your experience in obtaining services from Vendor Finance. It is also in our legitimate interests to use your information to help provide us with insights as to future financial services you or others may require.

10. Sharing and Disclosing Your Personal Information

In the course of providing our Services, we share information with various third parties, including financial institutions, data storage providers, and service providers. We do this based upon the legal bases and exceptions mentioned in the ‘Our Legal Basis’ section above. We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement.

  • Keeping our Services Safe and Secure: We use your information in certain instances as necessary to pursue our and your legitimate interests of keeping some of our Services, such as our domains, websites, apps, offices, and events, safe and secure. For example, we collect IP addresses and process log files to ensure our website and apps are not subject to fraudulent access.
  • Legal and safety reasons:
  • We may retain, preserve, or share your information if we have a good faith belief that it is reasonably necessary to:
    • a) Respond, based on applicable law, to a legal request. For example, a subpoena, search warrant, court order, other request from government or law enforcement such as the Data Protection Commission, the Revenue Commissioners, the Central Bank of Ireland, and the Financial Services & Pension Ombudsman, Law Enforcement Agencies such as An Garda Síochána and The Criminal Assets Bureau
    • b) Detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues
    • c) Protect our rights, property, or safety
    • d) Enforce our Terms and Conditions or any other contracts we have with you
    • e) Prevent physical injury or other harm to any person or entity, including you and members of the public.
  • Service providers:
  • We may share your personal information to help us provide our services and communicate with you. Categories of service providers include IT software and hosting providers and records-storage companies. Where such third parties are processors, these third parties are contractually required to use it only to provide their service to us and are contractually barred from using it for their own purposes.
  • Marketing third party services:
  • Your personal data may be passed to a third party for consideration for alternative financial or insurance products. You can control whether this happens by opting into this as part of the marketing preference options detailed on your application form provided to you at registration. These third parties may carry out additional credit reference searches against you. Where you have given us permission (which you can withdraw at any time) to process your information, we may share your data with third parties who may contact you in relation to a product you have requested finance on – e.g., a dealership. We will only provide those third parties with information that is necessary for them to perform their services.
  • Business re-organisation:
  • In instances where our business is subject to a re-organisation, such as a merger or acquisition of some or all of its assets, we may, in accordance with our legitimate interests, need to share information in the course of the transaction. In such circumstances, your information may be disclosed, where permitted by applicable law, in connection with a corporate restructuring, sale, or assignment of assets, merger, or other changes of control or financial status of Vendor Finance Ireland Ltd.

11. Data Transfers

In certain circumstances, we may need to transfer your information to recipients outside the European Economic Area (“EEA”), such as where it is necessary to provide our Services. Where we transfer your information, we do so in accordance with EU data protection law. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise, or defence of legal claims or subject to safeguards that assure the protection of your information. We may rely on different legal mechanisms to ensure the transfer is lawful. If the recipient is in a country that is not deemed ‘adequate’ by the European Commission, we may enter into the ‘standard contractual clauses’ with the recipient. These are contracts that contain standard commitments approved by the EU Commission protecting the privacy and security of the information transferred.

Our third-party service providers may rely on Binding Corporate Rules for Processors (“BCR-P”), which are a global, company-wide privacy framework that allows the transfer of customer personal data outside of the EEA once approved by the European DPA’s.

Please note that the privacy protections and the rights of authorities to access your information in some of these countries may not be the same as in your home country. We will only transfer information as permitted by law.

12. Automated Decisions and Profiling

Automated Decision Making refers to a decision which is taken solely on the basis of automated processing of your personal data. This means processing using, for example, software code or an algorithm, which does not require human intervention.

Profiling means using automated processes without human intervention (such as computer programs) to analyse your personal data in order to evaluate your behaviour or to predict things about you which are relevant in a financial services context, such as your likely credit risk profile. As Profiling uses automated processing, it is sometimes connected with automated decision making. Not all profiling results in automated decision making, but it can do.

We may analyse your information using automated decision making to help us to offer you products and service information we believe may be of interest to you and to make assessments where you apply for finance, including affordability and creditworthiness. In an underwriting context, profiling is routinely carried out on your information provided in your credit application to assess your individual risk to make a prediction about the likelihood of success in obtaining credit and to determine which financial institutions are most suitable to send your application to. We may make a decision in relation to your application for credit based solely on an automated analysis of your information. The types of information we process by automated means about you are listed above in section 5. We may also use automated processing to assist in compliance with our legal obligations in connection with the prevention of money laundering and terrorist financing along with the prevention of fraud. Where we make solely automated decisions that affect you in a legal or a significant way, you have the right to provide your viewpoint and have such decision reviewed by a member of our team.

13. How Long We Keep Your Data

We will maintain appropriate technical and organisational measures to protect against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your information. We will provide a level of security that is proportionate to the risks that are presented by the processing activity, having regard to the state of the art, the cost of implementation, and the nature, scope, context, and purposes of the processing.

We will retain your personal data for as long as is necessary for the purposes set out in this Notice for as long as your account is active or as needed to provide you services or to perform our contract with you. We will retain and use your personal data to the extent necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. Vendor Finance must retain certain records for six years from the date on which we ceased to provide any product or service to you, unless we are required by law to keep it for a longer period of time (in which case, we will keep it until the expiry of the period required by law). This is in line with the requirements of the Consumer Protection Code 2012.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We also consider regulatory and guidance issued by the Central Bank of Ireland and the Data Protection Commission – i.e., Central Bank of Ireland codes of conduct and regulations and Anti-Money Laundering obligations.

14. Your Rights

You have a number of rights in relation to your information that we process. While some of these rights apply generally, certain rights apply only in specific circumstances as outlined below.

  • Access:
  • You have the right to request access to your information that we control. You can ask:
    • a) What personal data we hold about you and whether we are processing it
    • b) Give you a copy of that data
    • c) The purposes of the processing
    • d) The categories of personal data concerned
    • e) The recipients to whom the personal data has/will be disclosed
    • f) How long we intend to store your personal data for
    • g) If we did not collect the data directly from you, information about the source
  • Data Portability:
  • You have the right to request that some of your personal information that you initially provided to us is returned to you or another controller in a structured, commonly-used, and machine-readable format.
  • Rectify, Restrict, and Delete:
  • You have the right to ask us to restrict the processing of your information or to rectify or delete your information. Please note that despite a deletion request, we may continue to process your information if we have a legal basis to do so.
  • Object:
  • If we process your information based on our legitimate interests explained above, or in the public interest, you can object in certain circumstances. In such cases, where legally required to do so, we will cease processing your information unless we have compelling legitimate grounds to continue processing or where it is needed for legal reasons. Where we use your data for direct marketing, you can always object using the unsubscribe link in such communications or by contacting us on info@vendorfinance.ie.
  • Revoke Consent:
  • Where you have previously provided your consent, you have the right to withdraw your consent to our processing of your information at any time. You can withdraw your consent to email marketing by using the unsubscribe link in such communications. In certain cases, we may continue to process your information after you have withdrawn consent if we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities.
  • Complain:
  • If you are not satisfied with how we store your data or we fail to satisfy a Data request, you have the right to submit a complaint to the Data Protection Commissioner. See contact details below.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the relevant request. This is to ensure that your data is protected and kept secure.

15. Lodging A Complaint

Vendor Finance only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however, you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.

Vendor Finance Ireland Ltd
Data Protection
Unit 2, St. Vincent’s Business Centre, Finisklin Road, Sligo F91 N243
Ph: +353 (0) 71 9310137
Email: info@vendorfinance.ie

Data Protection Commissioner
21 Fitzwilliam Square South, Dublin 2, D02 RD28 Ireland
Ph: +353 (1890) 252 231
Email: info@dataprotection.ie

16. Changes to Our Privacy Notice

We may amend this Notice from time to time. This might happen, for example, where we make changes to our Services. When such a change is made, we will post a revised version online. The Notice was last updated at the date indicated further below. Changes will be effective from the point at which they are posted. You have a responsibility to review this privacy notice periodically, so you are aware of any changes. By using our services, you agree to this privacy notice.

17. Contact Us

If you want to exercise your rights (as described above), or if you have any questions about this Notice, please contact us as follows:

Vendor Finance Ireland Ltd
Unit 2, St. Vincent’s Business Centre
Finisklin Road
Sligo
F91 N243
Email: info@vendorfinance.ie
Ph: (071) 931-0137

This Notice was last updated: February 2025

 

Back To Top