Effective as of 25 May 2018.
We are committed to protecting and respecting your privacy. Your personal information privacy is important to us. As our customer, we respect your right to be aware of who has information about you, what they are doing with it and why, and who else they are sharing it with. We have adopted a privacy compliance culture that cements this relationship with you.
- what information we collect;
- how we use that information;
- how this information is shared;
- your rights; and
- other useful privacy and security related matters.
Who is the Data Controller?
What about the Data Protection Officer?
2. Your rights
2.2 Access to personal data: You have a right to request a copy of the personal information that we hold about you. Should you wish to make such a request, please see the “How to contact us” section for information on how to contact us. You should include adequate information to identify yourself and such other relevant information that will reasonably assist us in fulfilling your request. Your request will be dealt with as soon as possible.
2.3 Correction of personal data: You can request us to rectify and correct any personal data that we are processing about you which is incorrect. We provide you with account settings and tools to access the information associated with your account.
2.4 Right to withdraw consent: Where we have relied upon your consent to process your personal data, you have the right to withdraw that consent. To opt out of marketing, you can use the unsubscribe link found in the marketing communication you receive from us.
2.5 Right of erasure: You can request us to erase your personal data where there is no compelling reason to continue processing. This right only applies in certain circumstances – it is not a guaranteed or an absolute right.
2.6 Right to data portability: This right allows you to obtain your personal data that you have provided to us with your consent or which was necessary for us to provide you with our products and services in a format which enables you to transfer that personal data to another organisation. You may have the right to have your personal data transferred by us directly to the other organisation, if this is technically feasible.
2.7 Right to restrict processing of personal data: You have the right in certain circumstances to request that we suspend our processing of your personal data. Where we suspend our processing of your personal data we will still be permitted to store your personal data, but any other processing of this information will require your consent, subject to certain exemptions.
2.8 Right to object to processing of personal data: You have the right to object to our use of your personal data which is processed on the basis of our legitimate interests. However, we may continue to process your personal data, despite your objection, where there are compelling legitimate grounds to do so or we need to process your personal data in connection with any legal claims.
3. What personal data do we collect?
3.1 Information you give us. You may give us information about you by filling in forms on our site at www.flexifi.com (Site) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide us when you utilise a product or service from us. The type of information you will typically provide includes your name, postal address, e-mail address, phone number, banking and employment details, and proof of identity. We may also require details of your referees, information about your financial circumstances and history, and products or service preferences you may have. Generally, we collect this from you. On occasions, we obtain information about you from others. While we will not specifically request this information from you, some of the information you voluntarily provide may be sensitive personal data, such as data revealing racial or ethnic origin, political opinions, religious and philosophical beliefs, health data or trade union membership, which requires higher levels of protection.
3.2 Information we collect about you. With regard to each of your visits to our Site we may automatically collect the following information:
(a) technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
(b) information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time), products and / or services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
3.3 Information we receive from other sources. We may receive information about you from the following sources:
(a) If you use any of the other websites we operate or other services we provide. Such data may be shared internally and combined with data collected on our Site. We also work closely with third parties (including, for example, business partners, sub-contractors in technical services, advertising networks, analytics providers and search information providers) and may receive information about you from them that is relevant to our business.
(b) If you are requesting services from us. We will request information from credit reporting agencies and/or any business providing information about commercial creditworthiness, including consumer credit report(s) about you for application(s) for commercial credit; and commercial credit report(s) about you for application(s) for consumer In particular, we may receive information about you from retailers who you access our services through, referees you nominate to us, or in some cases official authorities.
3.4 Failure to provide data. If you do not provide us with the data we request, the most likely consequence of this is that we cannot provide you with the services that you are requesting from us.
- number of people who visit the website;
- date and time of visits;
- number of pages viewed;
- amount of time spent on the website; and
- popular sections of the website.
5. What do we use your personal data for?
5.1 Information you give to us. We will use this information:
(a) to assess your application for our products and services, for account management, arrears enforcement and end of term communication to you;
(b) to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
(c) to assess your application for our services and whether you satisfy our eligibility requirements;
(d) to verify identity in accordance with our legal obligations in particular the Central Credit Register;
(e) to assess your creditworthiness including undertaking credit checks and reporting to credit referencing agencies who will retain any information we provide (including in relation to the ongoing status of your loan) and who will share this with third parties;
(f) to manage your Account;
(g) to deal with, assign or transfer any of our rights, interests and / or obligations under our agreement with you;
(h) to register you to use our Site, subscribe you to a service available via the Site and / or when you report a problem with our Site;
(i) subject to your marketing preferences, to provide you with details of products and services that may be relevant to you (see “Direct marketing” section);
(j) to respond to any queries or other communications you submit to us;
(k) to notify you about changes to our services;
(l) to ensure that content from our Site is presented in the most effective manner for you and for your computer; and/or
(m) to register or redeem for promotional campaigns.
5.2 Information about your use of the Site. We will use this information:
(a) to determine which pages are the most popular, what country users come from, peak usage times and similar information;
(b) to administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
(c) to improve our Site to ensure that content is presented in the most effective manner for you and for your device;
(d) to allow you to participate in interactive features of our Site when you choose to do so;
(e) as part of our efforts to keep our Site safe and secure;
(f) to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and/or
(g) to make suggestions and recommendations to you about goods or services that may interest you.
5.3 Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
5.4 Lawful bases for processing. Our lawful bases for processing personal data for the above purposes are the performance of contracts that we have with you, or otherwise as necessary for the purposes of our legitimate interest in presenting an effective website, ensuring our financial stability by assessing your creditworthiness, providing our services efficiently and carrying out effective marketing and customer research activities. We may also process personal data to the extent it is necessary for compliance with a legal obligation, including complying with requests from a regulator or any court order.
5.5 If you require further information about the balancing test that we have undertaken to justify our reliance on the legitimate interest legal basis under the GDPR, please see “How to contact us” section for further details on how to contact us.
6. Sharing your personal data
6.1 We may share your personal information with any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
6.2 We may share your information with selected third parties including:
(a) our business partners, product and services suppliers, service providers and sub-contractors for example VE Interactive Ireland Ltd;
(b) advertisers and advertising networks that require the information to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience;
(c) our assignees or potential assignees;
(d) credit reporting agencies or any business providing information about commercial creditworthiness; other credit providers; insurers;
(e) any guarantor or proposed guarantor of your obligations to us; your assignees or proposed assignees;
(f) debt collection agencies; our banks and financial advisers;
(g) any person specifically authorised by you in writing to obtain your personal information from us; and/or
(h) analytics and search engine providers that assist us in the improvement and optimisation of our Site.
6.3 We may also disclose your personal information to third parties:
(a) in order to enforce our rights under any contracts entered into between you and us;
(b) if we are acquired or we sell or buy, or propose to sell or buy, any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
(c) if we assign, transfer or otherwise dispose of a debt that you owe us to another party or if we or such third party want to enforce such a debt;
(e) to protect our (or our customers or other relevant parties’) rights, property or safety.
7. Direct marketing
7.1 We may (subject to your preferences) use your personal data to make suggestions to you about goods or services that may interest you. Those communications will give you the opportunity to opt out of receiving similar communications in the future. You can also choose to opt out of such future communications by contacting us, namely by:
(a) email, at firstname.lastname@example.org; or
(b) post, at FlexiFi Europe Limited of Level 4, No. 5 Custom House Plaza, Harbourmaster Place, IFSC, Dublin 1, Ireland.
8. Where we store your personal data
8.2 Where you have chosen (or where we have given you) a password which enables you to access certain parts of our Site, you are responsible for keeping the password confidential. We ask you not to share your password with anyone.
8.3 Please be aware that the transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our Site which you transmit at your own risk. Once we have received your information, we will apply procedures and use security features to try to prevent unauthorised access.
9. Quality, access and correction
9.1 Information about you is integral to decisions we make about our products and services for you. It is essential that your information is correct. You are encouraged to assist us to ensure this by alerting us to any changes in your particular circumstances.
10. Data retention and deletion
10.1 We keep your personal data only as long as necessary to provide you with our products and services Service and for legitimate and essential business purposes, such as maintaining the performance of products and services, making data-driven business decisions about new features and offerings, complying with our legal obligations, and resolving disputes. We will keep your personal data on file for as long as you have a contract with us, and we will also retain some records (including personal data relating to your use of our products and services) for a period of no longer than six years and two months.
10.2 If you request, we will delete or anonymise your personal data so that it no longer identifies you, unless, we are legally allowed or required to maintain certain personal data, including situations such as the following:
(a) if there is an unresolved issue relating to your account (e.g. outstanding credit on your account or an unresolved claim or dispute we will retain the necessary personal data until the issue is resolved);
(b) where we are required to retain the personal data for our legal, tax, audit, and accounting obligations, we will retain the necessary personal data for the period required by applicable law; and/or,
(c) where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our customers.
11. Transfer to other countries
11.2 Our transfers to New Zealand are made on the basis of a decision by the European Commission that New Zealand law provides an adequate level of protection to personal data rights. Our transfers to Australia, the Philippines and other countries are made on the basis of the Standard Contractual Clauses approved by the European Commission (or, where necessary, on the basis of your consent).
11.3 Your personal data, therefore, may therefore be subject to privacy laws that are different from those in your country of residence, but you will still have protection in relation to that data based on the contracts we have entered into with data recipients or sub-processors.
11.4 Personal data collected within the European Union may, for example, be transferred to and processed by third parties located in a country outside of the European Union. In such instances we will ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place (e.g. such as the Standard Contractual Clauses approved by the EU Commission).
13. Keeping your personal data safe
13.1 We are committed to protecting your personal data. We implement appropriate technical and organisational measures to help protect the security of your personal data. However, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.
14. Automated decision-making
14.1 Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. We may use automated decision-making to process your personal data where it is necessary for the entering into a credit services contract.
14.2 If you are requesting credit services from us, you must input your demographic and financial details to our online system. This will involve an initial stage of automatic decision making, and in particular your application may be automatically declined if the information you provide fails to meet our minimum requirements, including in relation to:
(a) your income;
(b) your place of residency; or
(c) your age.
14.3 If you submit any special categories of personal data to us as part of this process, such as data revealing racial or ethnic origin, political opinions, religious and philosophical beliefs, health data or trade union membership, you consent to our processing that information for the purpose of evaluating your application and receiving credit services from us.
16. How to contact us
(a) email, at email@example.com; or
(b) post, at FlexiFi Europe Limited of Level 4, No. 5 Custom House Plaza, Harbourmaster Place, IFSC, Dublin 1, Ireland.
You can also contact our Customer Care team by calling 01 9601601.