Privacy Policy

At Essential Finance Management Ltd (t/a bopay), we are committed to protecting and respecting your privacy. We know that you care about how your information is used and shared and we appreciate your trust in us to do that carefully and sensibly. This notice describes our privacy policy and forms part of our website terms and conditions (“Website Terms”).

bopay believes it is important to protect your Personal Data (as defined in the UK GDPR and the Data Protection Act 2018) and we are committed to giving you a personalised service that meets your needs in a way that also protects your privacy. This policy explains how we may collect and process Personal Data about you. It also explains some of the security measures we take to protect your Personal Data and tells you certain things we will do and not do. You should read this policy in conjunction with the Website Terms.

By accepting our Website Terms or by visiting (‘the Website) you are accepting and consenting to the practices described in this Privacy Policy.

This Policy may be changed from time to time therefore, please ensure you regularly check this page to see if you are happy with any of the changes made.

Who are we?

Essential Finance Management (t/a bopay) of Ollerbarrow House 209-211 Ashley Road, Hale, Altrincham, England, WA15 9SQ. Reg. 13041288.

Registered under the Data Protection Act 2018 with the Information Commissioner’s Office: Registration Number: ZB492727.

Financial Conduct Authority Registration number: 966198.

We are a Data Controller and responsible for the personal information we collect about you.
If personal information is not provided to us through our Website, App or from a Third Party we will not be able to offer you any of our products.

How do we collect information from you?

We collect Personal Data from you:

– When you apply for a product from us through our website or app.
– When you contact us, or if you have replied to a communication from us.
– When you submit a form either on our website from a third-party website or social media platform.
– When you submit a feedback form via our email, telephone, or our online contact us form.
– If a third party sells your data to us.
– When we use Credit Reference Agencies and other third parties to verify your information.

What type of information is collected from you?

This includes (but is not limited to):

– Identity Data including first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, number of dependents.
– Residential Status and Time at address.
– Contact data including home telephone, mobile telephone, address(es) and postcode(s).
– Customer income source and pay amount.
– Employment Data including employer name, employer job title, time at employer, employer pay frequency, employer payment type, employer industry, work telephone.
– Financial Data includes bank account, time at bank and payment card details;
– Payment card details are tokenised (not stored), if approved for credit to facilitate ad-hoc or regular repayments via Continuous Payment Authority (CPA).  Our CPA policy can be found here.
– CRA information;
– Loan outcome data.
– Any sensitive information you share with us (special category).
– Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose.
Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

What is our lawful basis for collecting this data and why do we need this?

In order for us to process your data we have to have a lawful basis to do so. We are relying on the following basis to
do so:

(a) Consent: you have given clear consent for us to process your personal data for a specific purpose. For example, when we ask for your consent it allows you to have the right of control over your data and how it is processed. You will find these consent boxes at different opportunities in the application and you will find an opt out on all our marketing communications and through our app and website.

(b) Contract: the processing is necessary to enter into the Credit Agreement with you, or because you have asked us to take specific steps before entering into a contract. For example, we would use this lawful basis so we could process your personal data, in order for the terms and obligations of the Credit Agreement to be carried out. This will also be relevant even if you have been unsuccessful.

(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual
obligations).

(d) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests. For example, once you have repaid your Loan to us, we may retain some form of your data for statistical analysis so that we can ensure compliance and improve our products for the future.

How is your information used?

We use your information so that:

– We can find the most appropriate product for you.
– We can verify your identity when you contact us.
– We can identify accounts, services and products you may have from us.
– We can access your credit history.
– We can process your application.
– We can assess your affordability for the product.
– We can offer you other products.
– We can ensure we do not pass your details to the same third-party twice in a short period and so third parties can avoid unnecessary credit searches.
– We can improve your account administration.
– We can undertake marketing analysis, credit strategy and customer profiling.
– We can continue to market to you with relevant offers.
– We can identify and prevent consumer vulnerability.
– We can manage your account as and when needed.
– It can help us prevent and detect fraud and loss.
– We can confirm with your bank or financial institutions the accuracy of your data.
– We can manage risk and prevent crime; and
– It will improve our business overall and develop better ways we can serve our customers.

Why do you use Credit Reference Agencies?

We use Credit Reference Agencies to make searches about you and supply us with your credit information. The search details will be recorded whether or not the application proceeds.

We may ask them for credit-scoring methods to be used to assess the application and verify your identity.

Credit searches and other information gathered about you and anyone you may be financially linked to, may be used for credit decisions made about you or any other members of your household.

Any occasional checks and updates to your credit file that we do, will not impact your credit file.

When we ask CRAs about you, they will note it on your credit file. This is called a credit search.

You can find out more about CRAs on their websites, in the Credit Reference Agency Information Notice (CRAIN). This includes details about;

– Who they are
– Their role as fraud prevention agencies
– The data they hold and how they use it
– How they share personal information
– How long they can keep data
– Your data protection rights

Here is the link to the information for each of the three main Credit Reference Agencies;

TransUnion
Equifax
Experian

Do you record calls or emails?

Yes, we do record calls. Calls and Emails are retained for a period of time and then destroyed in accordance with
our Data Retention Policy.

Who has access to your information?

– all our staff;
– third parties including police, government or regulatory agencies should they request it;
– if any officials request it for legal proceedings.
– credit brokers or affiliates
– if we sell your data.
– if our company and all of its assets are bought by a third party your personal data will also be transferred to this third party.
– if we need to pass on personal data to others who offer administration services, marketing information and
– customer services; and
– Debt collectors or law firms if you fall behind with payments to us.

What type of third parties do you share my data with?

Third Parties including but not limited to:

-credit brokers
-debt management providers (inc. IVA providers);
-credit report information service providers;
-Utility savings to include: broadband, telephone, gas & electric and mobile; and
-reward scheme providers;
-Debt Collectors
-Law Firms

For a detailed list of these third parties you can write to us at [email protected].

You have a legal right to object to your data being shared with third parties.

Who are the third parties you share my data with?

– TransUnion

We carry out comprehensive due-diligence on each party that we work with to ensure your personal data is secure and that the communication you receive is relevant to your needs.

– We use encrypted software.
– We continually test our systems to see whether it can be penetrated by malicious software and outside third parties looking to steal data. Our regulators expect us to do this to ensure our systems are secure.
– We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information.

We will not disclose your Personal Data to any third party except in accordance with this Privacy Policy. Any third party we share your data with must ensure they provide the necessary assurances that they meet and maintain the same level of high standards we provide in security and privacy.
– We invest heavily in data security so you should be assured that your data is safe.

Do you sell data?

Yes.

Why do you sell data?

We are a licensed Lender. If you apply on our website for a loan and we are unable to assist you, with your consent, we may pass your details to one of our panel of credit brokers. You will be matched according to your requirements. We will be paid a fee for the introduction by the credit broker. We will only do this if you have specifically consented to us passing on your data.

Can I refuse my data being sold?

Yes you can. If you do not wish for your data to be sold, please do not consent to your application being passed to a third party.

Do you buy data?

Yes, we purchase data in a number of ways but always perform full due diligence on our partners to ensure that they Treat Consumers Fairly before we purchase.

Will I receive any marketing?

You may be sent some direct marketing communications via SMS or email. However, only through the channels you have agreed to and only if you have given us your explicit consent. This may be for a short period of time after your loan agreement has ended or if, whilst your agreement is live, we need to update you on new services.

Can I change my mind about marketing?

If you consented to receiving marketing communication from us, there will be an opt-out on every marketing correspondence you receive. You can also change your mind at any time by emailing us at [email protected] or visiting the website or our app.

How can I update and access my information?

To update your information you may do so online in your own account or emailing us at [email protected].
You have the right of access to your personal data. You may complete a Subject Access Request to get a copy of your personal information.  Please email us at [email protected].
There will be no fee for us to provide you with this information as long as it is not manifestly unfounded or excessive.

Do you use Cookies?

bopay only uses first party Strictly Necessary cookies for the purposes of allowing the site to function normally, and for security purposes (known as a ‘cross-site request forgery token’).

bopay does not use cookies for preferences, statistics or marketing.

Do we profile your information?

We do limited profiling so that we can match your specific needs to the loan product you require. Our panel of credit brokers may carry out their own profiling. To find out what information we hold on you, you can write to us at [email protected].

What age must I be?

18.

Do we review our Privacy Policy?

Yes, we can update our privacy policy without letting you know. We will review this at a minimum annually.

We store your data for up to six years after the last interaction. If we pass your details to a third party they will have their own data processing policy and data retention policy. You should contact the third party directly as to how they will treat your data.

How long do we store your data?

We store your data for up to six years after the last interaction.
If we pass your details to a third party they will have their own data processing policy and data retention policy. You should contact the third party directly as to how they will treat your data.

What are my rights?

You have the following rights for your data:

– The right to be informed
– The right of access
– The right to rectification
– The right to erasure
– The right to restrict processing
– The right to data portability
– The right to object
– Rights in relation to automated decision making and profiling;

— bopay uses a consistent method of automated decision making only to perform a credit risk and affordability assessment, in order to make a decision on whether to grant or decline approval for a credit application.  Where an application is declined, no data is shared externally with any other organisation.

For further information in relation your rights visit www.ico.org.uk

Will you transfer my personal data to a country outside the European Economic Area?

No.

Who can I write to get more information about this Privacy Policy?

If you have any questions about this privacy policy or our privacy practices, please contact our DPO in the following ways:

– Full name of legal entity: Essential Finance Management Ltd
– Email address: [email protected]
– Postal address: Ollerbarrow House 209-211 Ashley Road, Hale, Altrincham, England, WA15 9SQ
– Telephone number: 0161 676 7924 (Standard geographic rates apply)

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.