one time passcode sent again via text message.
Contis Group Limited or third party acting on its behalf (“we”, “us” or “our”) is committed to protecting and respecting your privacy.
This policy together with our Cookie Policy, our Terms and Conditions and any other documents referred to in them, sets out the basis on which any personal data we collect from you, or that we collect about you, on www.credecard.com (our “Website”), on our credEcard App (our “App”)or when you communicate with us by email, telephone or post will be processed by us.
We will be the data controller of your personal data which you provide to us or which is collected by us about you. This means that we are responsible for deciding how we hold and use personal data about you and that we are required to notify you of the information contained in this policy. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
If you have any queries, you can contact us using the details provided at the end of this policy in the “Contacting Us” section.
Ensuring the lawful use of your personal dataWe will only use your personal data where we have a lawful basis to do so. We will usually only use your data:
Further details of how we will use your personal data are provided below.
What information we collect from you and how we use it
When you apply to create an account
When you apply to create an account on our Website or App, we will need to collect the following details about you:
We will use this information for the purposes of processing your application and, if your application is successful, creating and managing your account and providing any products or services you request to you. If you have consented, we will also send our newsletter to you by email.
You will not be able to apply to create an account or order products or services from us without providing this information.
Fraud and money laundering checksIn order to process your application and before we fulfil your order and provide services, goods or financing to you, we will use the information you provided to create your account to undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. This may involve sharing your personal data with fraud prevention agencies. We will continue to carry out these checks on a regular basis while you are a customer of ours.
When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
Automated decisionsAs part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if:
You have rights in relation to automated decision making: if you want to know more please contact us using the details below.
Consequences of processingIf we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details below.
Other than the automated processing set out above, we shall not carry out solely automated decision-making using your personal data.
When you contact usWhen you contact us, we will need to collect personal data about you to verify your identity before we disclose any information to you for data security purposes. We will be unable to deal with your query unless you provide the information we request. We may also collect any other personal data you choose to provide to us when communicating with us. We will only use that personal data for the purposes of dealing with your enquiry.
Other uses of our Website or AppWe will also collect any other personal data that you provide to us when you use our Website or App, such as when you participate in discussion boards, social media functions or competitions.
Each time you visit our Website or App, we may automatically collect the following information:
We are also working closely with third parties (including, for example identity verification agencies, marketing agencies and fraud prevention agencies) and we may receive information about you from them for the purposes of identity verification, marketing and fraud prevention.
Change of purposeWe will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will usually notify you and we will explain the legal basis which allows us to do so.
Disclosures of your informationWe will disclose your information to:
Your data is secured by encryption, firewalls and Secure Socket Layer (SSL) technology. This is industry standard encryption technology which manages the security of messages transmitted across the internet. When we receive your data, we store it on secure servers which can only be accessed by us. We store your passwords using one way encryption which means we do not know what your password is.
Storing your data within and outside the EEAOur third party data host provider uses servers located in the US to store personal data. As a result, when you use our Website or App, your personal data will be transferred to the US which is located outside of the European Economic Area and so is not governed by European data protection laws.
However, we have entered into the standard contractual clauses (Model Clauses) adopted by the European Commission with OrcsWeb Inc, in order to safeguard personal data when it is accessed from outside of the European Economic Area . We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy when it is transferred, stored or processed in this way.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose the standard contractual clauses (Model Clauses) adopted by the European Commission on the recipients of that data in order to safeguard personal data when it is accessed from outside of the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
More information about the Model Clauses is available here http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX:32010D0087.
Social mediaIf you connect or integrate any social media services with services we provide, you may receive social notifications either from us or from third party companies providing social media services on our behalf. You can manage these social notifications through changing your privacy settings on the relevant social media site or discontinuing any interaction. If you register and provide information to a forum or blog on our Website or App, the information you provide will be published and will be publicly available on our Website or App. It may also be used to address any concerns or complaints about our services directly with you if you are an account holder.
Future changesAny changes we make to our policy will be put on our Website and App and, where appropriate, notified to you by e-mail. Please check for updates from time to time.
Retention of your DataWe will retain your personal data for as long as you continue to use our services. Thereafter, we may retain your information for an additional period as is permitted or required under applicable laws. For example:
Data protection laws provide you with the following rights to:
You also have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Where we rely on your consent to process your personal data, for example if we need your consent to send you any direct marketing, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using any of the details set out below in the “Contacting Us” section. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
If you are unhappy about how your personal data has been used please refer to our complaints procedures, details of which can be found in your account Terms and Conditions. You also have a right to complain to the supervisory authority, which in the United Kingdom is the Information Commissioner's Office https://ico.org.uk/, which regulates the processing of personal data.
Contacting usIf you have any questions about this policy, you can contact us by using the ‘Contact us’ facility on our Website or in the following ways:
By post at:
Data Protection Officer
Contis Financial Services
Navigation House
Belmont Wharf
Skipton
North Yorkshire
BD23 1RL
DPO@contis.com
By telephone at:01756 693245
Calls are charged at the standard network rate and may be included in package minutes
Monday to Friday 8am - 8pm and Saturday 8am - 4pm
Navigation House, Belmont Wharf, Skipton, North Yorkshire, BD23 1RL
Phishing is the name given to cyber fraud relating to an email/SMS message/phone call that is disguised to trick the user into clicking a link or open an attachment. This is done by the fraudster making the email something that you may want or need like, a request from your bank or a message from a friend/trusted person or even a company that you have dealings with.
Ultimately, the end goal is to gather personal information that the fraudster can use to commit fraud. Information such as Date of Birth, email password, payment card information etc. Phishing is a global problem and growing very fast in the internet world.
By taking certain precautions you can prevent one from falling prey to such attacks. In Phishing, it requires co-operation from the victim – it needs you to initiate some sort of action or provide sensitive information. Below are the steps through which you can follow to avoid such scams:
For your security your account is now blocked. Please contact customer services on 0330 100 4855 or support@ffrees.co.uk
Open Ffrees application directly from your mobile device and verify