We believe you deserve the utmost respect when it comes to the security and use of your personal information, so we have described how we look after your information as clearly as possible.
TRUSTe's mission, as an independent third party, is to accelerate online trust among consumers and organizations globally through its leading privacy Trustmark and innovative trust solutions. Privacy is also very important to us as an organisation and we wish to be transparent and show our dedication to privacy.
For the purpose of the Data Protection Act 1998, the data controller is WDFC UK Limited.
We recognise how important it is to protect and manage the information you share with us. We use computer safeguards such as firewalls and data encryption, we enforce physical access controls to our buildings and files, and we only authorise access to those employees who require it to fulfil their job responsibilities. When you share data with us through the website, that information is protected by secure socket layer (SSL) encryption>
Our security systems meet or exceed industry standards and we are constantly monitoring internet developments to ensure our systems evolve as required.
2. Collecting your information
We collect information about you in a number of ways:
- Information you provide to us through our websites and applications;
- Information you provide through communications with us; and
- from outside sources such as credit bureaux and customer service providers to help us with customer verification and credit-related decisions
In addition to the personal and financial information you submit (or we collect), we may collect information about your computer including, where available, your IP address, operating system and browser type – for the purposes of system and loan administration and product improvement. For details on the information collected in this way please see our Cookies Policy.
We may also record and/or monitor calls for quality checks and staff training. Such recordings may also be used to help us combat fraud.
To register with us you must be 18 years of age or older. Minors are strictly forbidden from using the service.
3. Use of your information
Information we hold:
We will hold and use the following details about you:
- your name, address, phone numbers, email address, date of birth, employment and banking and financial details;
- demographic and lifestyle information;
- information we receive when making a decision about you, your loan or application (including information collected from the CRAs);
- details of the loans you have and have had with us and all transactions;
- details of when you contact us and when we contact you;
as well as any other information which we reasonably need to operate your account, make decisions about you or fulfil our regulatory obligations.
We may keep details of any phone number(s) that you call us from and use them to contact you.
If you provide us with any debit card details, either during the loan application or subsequently, we will keep those details and may use the details to take further payments both on your current loan and on any subsequent loans, unless you advise us otherwise.
If a card is identified as having been used fraudulently then we will maintain a record of its use for reporting and preventing fraud; the card details will be deactivated to ensure that they can no longer be used to take payment.
When we are managing your account, we may be given sensitive information such as medical information. We will hold and process this information to allow us to make decisions about you and your accounts with us.
References to personal information include all of the information above whether obtained from you, from a Credit Reference Agency or Fraud Prevention Agency, from the internet or from any other source.
We will hold your data on our systems as follows:
- If you have taken out a loan - 7 Years
- If you have had a loan declined - 3 Years
- All other scenarios - 3 months *
* If you have opted into marketing then we will hold your contact details (email address, telephone number, name and address) for up to 36 months from the time you last interacted with us. You may opt out of this at any time by updating your details through My Account or by clicking unsubscribe from any marketing communication you have received from us.
Information we share
We will keep your personal information confidential and only share it with others for the purposes explained in this policy. We have trusted relationships with carefully selected third parties who perform services on our behalf. All service providers are bound by contract to maintain the security of your personal information and to use it only as permitted by us.
We may share information about you:
- within the Wonga Group Limited group of companies;
- with any firm, organisation or person we use to help us operate our lending business, to collect payments and recover debts or to provide a service on our behalf;
- with any firm, organisation or person who provides us with products or services or who we provide products and services to;
- with any person who has told us and who we reasonably believe to be your parent, carer or helper where you are unable to handle your own affairs because of mental capacity or other similar issues;
- with any payment system we may use;
- certain authorities in order to detect and prevent terrorism (including to authorities outside the UK);
- with any person to whom we sell or transfer (or enter into negotiations to sell or transfer) our business or any of our rights or obligations under any agreement we may have with you. If the transfer or sale goes ahead, the transferee or purchaser may use your personal information in the same way as us;
- with regulatory and governmental authorities ombudsmen, or other authorities, including tax authorities, including those overseas, where we are requested by them to do so;
- with Credit Reference Agencies and Fraud Prevention Agencies or any similar organisation which provides a centralised application matching service that collects information from and about mortgage and/or credit applications, for the purpose of preventing and detecting fraud. We may also provide information to third parties to help them to make decisions about whether to lend to you, allow you extended payment terms or otherwise do business with you;
How we use your information
We will use your information to:
- search Credit Reference Agencies’ and Fraud Prevention Agencies’ records (including information from overseas);
- make, or assist in making, credit decisions about you, assess lending (and insurance risks and to check the details that you have let us and others have;
- operate and manage your account and manage any application, agreement or correspondence you may have with us;
- carry out, monitor and analyse our business;
- contact you by email, SMS, letter, telephone or in any other way about our products and services, unless you tell us that you prefer not to receive marketing;
- to identify, prevent, detect or tackle fraud, money laundering, terrorism and other crimes;
- to form a view of you as an individual and to identify, develop or improve products, that may be of interest to you;
- carry out market research, business and statistical analysis;
- provide information to independent external bodies such as governmental departments and agencies, universities and similar to carry out research;
- carry out audits;
- perform other administrative and operational purposes including the testing of systems;
- trace your whereabouts;
- recover any debt you owe us; and
- comply with our regulatory obligations.
Your data may also be used for other purposes for which you give your permission or where we are permitted to do so by law or it is in the public interest to disclose the information or is otherwise permitted under the terms of the Data Protection Act 1998.
4. Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FPAs)
When you apply to us for a loan, we will check the following records about you (and others where applicable):
- our own;
- those at CRAs;
- those at FPAs.
Whether or not your application is successful, when CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. Large numbers of applications within a short time period may affect your ability to obtain credit, this is applicable whether you have been accepted or declined.
They, and we, may also link your records with those of your financial associate(s) including any previous and subsequent names; these links will remain on your and their files until you or they tell the agency you are no longer financially linked and the agency accepts this. This is called a “disassociation” and if you need to request a disassociation, please contact the CRAs directly (contact details are set out below for both Call Credit and Experian).
The CRAs supply us with both public information (including the electoral register, county court judgements and bankruptcies) and shared credit and fraud prevention information including information about previous applications and the conduct of your accounts in your and your financial associate(s)’ name(s).
We may also make periodic searches at CRAs and FPAs to manage our relationship with you.
Information provided by you on our applications will be sent to CRAs and will be recorded by them. We and other organisations may access and use this information to prevent fraud and money laundering and CRAs and FPAs may use your information for statistical analysis. Information held by CRAs and FPAs will be disclosed to us and to other organisations in order to (for example):
- prevent fraud and money laundering and to check and assess applications for credit, credit related or other facilities;
- recover debts that you owe and trace your whereabouts;
- manage credit accounts and other facilities and decide appropriate credit limits;
- verify your identity;
- make decisions on credit and other facilities for you, your financial associate (s), members of your household or your business;
- check details on proposals and claims for all types of insurance; and
- check details of job applicants and employees.
When you borrow from us, we will give details of your loan and how you manage it to the CRAs. If you borrow and do not repay in full and on time, the CRAs will record the outstanding debt and, in some cases, the length of time that the debt remains outstanding; other organisations may see these updates and this may affect your ability to obtain credit in the future.
If you fall behind with your payments and a full payment or satisfactory proposal is not received within 28 days of a formal demand being issued, then a default notice may be recorded with the CRAs. Any records shared with CRAs will remain on file for 6 years after your account is closed, whether any outstanding sums have been settled by you or as following a default.
This information may be supplied to other organisations by CRAs and FPAs to perform similar checks and to trace your whereabouts and recover debts that you owe. Records remain on file for 6 years after they are closed, whether any outstanding sums have been settled by you or following a default.
If you give us false or inaccurate information and we have reasonable grounds to suspect fraud or we identify fraud we may record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention including law enforcement agencies who may then access this information.
We and other organisations may access and use the information recorded by fraud prevention agencies from other countries.
The Credit Reference Agencies that we use are Callcredit Limited (registration number 03961870) with registered office at One Park Lane, Leeds, West Yorkshire, LS3 1EP; and Experian Limited (registration number 00653331) with registered office at Landmark House, Experian Way, NG2 Business Park, Nottingham, NG80 1ZZ.
The Fraud Prevention Agency that we use is CIFAS, with registered office at 6th Floor Lynton House, 7-12 Tavistock Square, London, WC1H 9LT. You can contact CIFAS at www.cifas.org.uk/contact_us_form.
If you have any further questions about our use of CRAs or FPAs please email us at firstname.lastname@example.org.
5. Transfer of Information
6. Access to your information
Under the Data Protection Act 1998, you have a right to access certain personal records we hold about you. This is called a Data Subject Access Request, which you can make by writing to email@example.com. A £10 fee is payable.
We want to make sure that your information is accurate and up to date. You may ask us to correct or remove any information that you think is inaccurate or you can do this yourself by logging into “MyAccount”.
You have a right to request CRAs to provide you with information that they hold about you. You must contact them directly to do this. A fee may be payable.
7. Third party links
Our site may contain links to third party websites. If you follow a link to any of these websites, please note that these websites have their own terms and privacy policies and that we do not accept any responsibility or liability for them.
8. Social Media Features
9. Contact Us
You can contact us at: firstname.lastname@example.org
10. Personal Data provided as part of the redress programme of June 2014
The personal data that you have provided as part of this programme will only be used for the purposes of communicating relevant updates and will not be used for marketing purposes. We will not pass the data to any third parties unless required to do so by law, regulation or a regulatory body. We will retain such data for a period of 6 years.
Last updated in January 2015