We are committed to protecting and respecting your privacy.
- the information we collect;
- how we use that information;
- how this information is shared;
- your rights; and
- other useful privacy and security related matters.
FlexiFi Europe Limited is the Data Controller and is located at Level 4, No. 5 Custom House Plaza, Harbourmaster Place, IFSC, Dublin 1, Ireland.
Who is the Data Protection Officer?
2. Your rights
2.1 Access to personal data (Article 15 GDPR): You have a right to request a copy of the personal information that we hold about you. Should you wish to make such a request, please see the “How to contact us” section for information on how to contact us. This right to information concerns, among other things, the categories of data processed, the purposes for which the data is processed, the source of the data, if not collected directly from you, and, if applicable, the recipients to whom your data has been transmitted. You can also obtain a copy of your data.
2.2 Correction of personal data (Article 16 GDPR): You can request us to rectify and correct any personal data that we are processing about you which is incorrect.
2.3 Right to withdraw consent (Article 7(3) GDPR): Where we have relied upon your consent to process your personal data, you have the right to withdraw that consent. This does not affect the lawfulness of processing based on your consent until withdrawal.
2.4 Right of erasure (Article 17 GDPR): You can request us to erase your personal data where there is no compelling reason to continue processing. This right only applies in certain circumstances – it is not a guaranteed or an absolute right.
2.5 Right to restrict processing of personal data (Article 18 GDPR): You have the right in certain circumstances to request that we suspend our processing of your personal data. Where we suspend our processing of your personal data we will still be permitted to store your personal data, but any other processing of this information will require your consent, subject to certain exemptions.
2.6 Right to data portability (Article 20 GDPR): This right allows you to obtain your personal data that you have provided to us with your consent or which was necessary for us to provide you with our products and services in a format which enables you to transfer that personal data to another organisation. You may have the right to have your personal data transferred by us directly to the other organisation, if this is technically feasible.
2.7 Right to object to processing of personal data (Article 21 GDPR): You have the right to object to our use of your personal data which is processed on the basis of our legitimate interests. However, we may continue to process your personal data, despite your objection, where there are compelling legitimate grounds to do so or we need to process your personal data in connection with any legal claims.
3. What personal data do we collect?
3.1 Information you give us. You may give us information about you by filling in forms on our site at www.shophumm.com (Site) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide us when you utilise a product or service from us. The type of information you will typically provide includes your name, postal address, e-mail address, phone number, banking and employment details, and proof of identity. We may also require details of your referees, information about your financial circumstances and history, and products or service preferences you may have. Generally, we collect this from you. On occasions, we obtain information about you from others. While we will not specifically request this information from you, some of the information you voluntarily provide may be sensitive personal data, such as data revealing racial or ethnic origin, political opinions, religious and philosophical beliefs, health data or trade union membership, which requires higher levels of protection.
3.2 Information we collect about you. With regard to each of your visits to our Site we may automatically collect the following information:
(a) technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
(b) information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time), products and / or services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
3.3 Information we receive from other sources. We may receive information about you from the following sources:
(a)If you use any of the other websites we operate or other services we provide. Such data may be shared internally and combined with data collected on our Site. We also work closely with third parties (including, for example, business partners, sub-contractors in technical services, advertising networks, analytics providers and search information providers) and may receive information about you from them that is relevant to our business.
(b) If you are requesting services from us. We may request information from credit reporting agencies and/or any business providing information about creditworthiness, including credit report(s) about you for your application(s). In particular, we may receive information about you from retailers who you access our services through, referees you nominate to us, or in some cases official authorities.
3.4 Failure to provide data. IIf you do not provide us with the data we request, the most likely consequence of this is that we cannot provide you with the services that you are requesting from us.
- number of people who visit the website;
- date and time of visits;
- number of pages viewed;
- amount of time spent on the website; and
- popular sections of the website.
5. What do we use your personal data for?
5.1 Information you give to us. We will use this information:
(a) to assess your application for our products and services, for account management, arrears enforcement and end of term communication to you;
(b) to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
(c) to assess your application for our services and whether you satisfy our eligibility requirements;
(d) to verify identity in accordance with our legal obligations in particular the Central Credit Register;
(e) to assess your creditworthiness including undertaking credit checks and reporting to credit referencing agencies who will retain any information we provide (including in relation to the ongoing status of your loan) and who will share this with third parties;
(f) to manage your Account;
(g) to deal with, assign or transfer any of our rights, interests and / or obligations under our agreement with you;
(h) to register you to use our Site, subscribe you to a service available via the Site and / or when you report a problem with our Site;
(i) subject to your marketing preferences, to provide you with details of products and services that may be relevant to you (see “Direct marketing” section);
(j) to respond to any queries or other communications you submit to us;
(k) to notify you about changes to our services;
(l) to ensure that content from our Site is presented in the most effective manner for you and for your computer; and/or
(m) to register or redeem for promotional campaigns.
5.2 Information about your use of the Site. We will use this information:
(a) to determine which pages are the most popular, what country users come from, peak usage times and similar information;
(b) to administer our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
(c) to improve our Site to ensure that content is presented in the most effective manner for you and for your device;
(d) to allow you to participate in interactive features of our Site when you choose to do so;
(e) as part of our efforts to keep our Site safe and secure;
(f) to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and/or
(g) to make suggestions and recommendations to you about goods or services that may interest you.
5.3 Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
5.4 Lawful bases for processing. Our lawful bases for processing personal data for the above purposes are the performance of contracts that we have with you, or otherwise as necessary for the purposes of our legitimate interest in ensuring our financial stability by assessing your creditworthiness, security of IT systems (including system performance) and carrying out effective marketing and customer research activities. We may also process personal data to the extent it is necessary for compliance with a legal obligation, including complying with requests from a regulator or any court order.
5.5 If you require further information about our use of your personal data and lawful bases for processing, please see section 16 “How to contact us” below.
6. Sharing your personal data
We may share your personal data with a member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries. for instance if we have a customer who has committed fraud and we suspect that customer is applying to another part of our group, we may need to inform the other company.
We may share your information with the selected third parties listed below as far as this is necessary to fulfil contractual and legal obligations or covered by our legitimate interest:
- our professional advisors (including lawyers, accountants and auditors), our business partners, product and services suppliers, service providers and sub-contractors and this includes suppliers of IT services, payment processing, data back up and data hosting services;
- advertisers and advertising networks that require the information to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users. We may also use such aggregate information to help advertisers reach the kind of audience they want to target. We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement subject to ePrivacy and GDPR requirements;
- our assignees or potential assignees;
- credit reporting agencies or any business providing information about creditworthiness; other credit providers; insurers;
- any guarantor or proposed guarantor of your obligations to us; your assignees or proposed assignees;
- debt collection agencies; our banks and financial advisers;
- any person specifically authorised by you in writing to obtain your personal information from us; and/or
- analytics and search engine providers that assist us in the improvement and optimisation of our App or Site.
- in order to enforce our rights under any contracts entered into between you and us;
- if we are acquired or we sell or buy, or propose to sell or buy, any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if we assign, transfer or otherwise dispose of a debt that you owe us to another party or if we or such third party want to enforce such a debt;
- to protect our (or our customers or other relevant parties’) rights, property or safety.
7. Direct Marketing
We may (subject to your preferences) use your personal data to make suggestions to you about goods or services that may interest you. Those communications will give you the opportunity to opt out of receiving similar communications in the future. You can also choose to opt out of such future communications by contacting us, namely by:
(a) email, at [email protected]; or
(b) post, at FlexiFi Europe Limited of Level 4, No. 5 Custom House Plaza, Harbourmaster Place, IFSC, Dublin 1, Ireland.
When we send you marketing information we will always give you the option to opt-out of any future marketing.
8. Where we store your personal data
9. Quality, access and correction
9.1 Information about you is integral to decisions we make about our products and services for you. It is essential that your information is correct. You are encouraged to assist us to ensure this by alerting us to any changes in your particular circumstances.
10. Data retention and deletion
10.1 We will store your personal data for as long as it is necessary for the purposes for which they were collected, in particular as long as it is necessary for the implementation of our offering and services, including any legal retention periods and documentation obligations and any relevant statute of limitations. In addition, longer retention of your data may be necessary for the assertion, exercise or defence of legal claims. We will therefore generally retain your data during ongoing legal proceedings or if such proceedings are imminent.
10.2 If you request, we will delete or anonymise your personal data so that it no longer identifies you, unless, we are legally allowed or required to maintain certain personal data, including situations such as the following:
(a) if there is an unresolved issue relating to your account (e.g. outstanding credit on your account or an unresolved claim or dispute we will retain the necessary personal data until the issue is resolved);
(b) where we are required to retain the personal data for our legal, tax, audit, and accounting obligations, we will retain the necessary personal data for the period required by applicable law; and/or,
(c) where necessary for our legitimate business interests such as fraud prevention or to maintain the security of our customers.
11. Transfer to other countries
11.2 Our transfers to the UK and New Zealand are made on the basis of a decision by the European Commission that UK and New Zealand law provide an adequate level of protection to personal data rights. Our transfers to Australia, the Philippines and other countries are made on the basis of the Standard Contractual Clauses approved by the European Commission (or, where necessary, on the basis of your consent).
11.3 Your personal data, therefore, may therefore be subject to privacy laws that are different from those in your country of residence, but you will still have protection in relation to that data based on the contracts we have entered into with data recipients or sub-processors.
11.4 Personal data collected within the European Union may, for example, be transferred to and processed by third parties located in a country outside of the European Union. In such instances we will ensure that the transfer of your personal data is carried out in accordance with applicable privacy laws and, in particular, that appropriate contractual, technical, and organisational measures are in place (e.g. such as the Standard Contractual Clauses approved by the EU Commission).
13. Keeping your personal data safe
We are committed to protecting your personal data. We implement appropriate technical and organisational measures to help protect the security of your personal data. However, please note that no system is ever completely secure. We have implemented various policies including pseudonymisation, encryption, access, and retention policies to guard against unauthorised access and unnecessary retention of personal data in our systems.
Where you have chosen (or where we have given you) a password which enables you to access certain parts of our App or Site, you are responsible for keeping the password confidential. We ask you not to share your password with anyone.
Please be aware that the transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our App or Site which you transmit at your own risk. Once we have received your information, we will apply procedures and use security features to try to prevent unauthorised access.
14. Automated decision-making
14.1 Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. We may use automated decision making to process your personal data where it is necessary for the entering into a credit services contract.
14.2 If you are requesting credit services from us, you must input your demographic and financial details to our online system. This will involve an initial stage of automatic decision making, and in particular your application may be automatically declined if the information you provide fails to meet our minimum requirements, including in relation to:
(a) your income;
(b) your place of residency; or
(c) your age.
14.3 If you submit any special categories of personal data to us as part of this process, such as data revealing racial or ethnic origin, political opinions, religious and philosophical beliefs, health data or trade union membership, you consent to our processing that information for the purpose of evaluating your application and receiving credit services from us.
16. How to contact us
(a) email, at [email protected]; or
(b) post, at FlexiFi Europe Limited of Level 4, No. 5 Custom House Plaza, Harbourmaster Place, IFSC, Dublin 1, Ireland.
You can also contact our Customer Care team by calling 01 9601601