Data protection legislation (which includes the General Data Protection Regulation or GDPR) places obligations on us (Satsuma) in relation to the way that we handle your personal information. We must process your information fairly and lawfully. This also means you are entitled to know how we intend to use your information. You can then decide whether or not you want to give it to us so that we can provide the product you require. All our employees are responsible for maintaining customer confidentiality. We provide training to all our colleagues to remind them about their obligations. In addition, our policies and procedures are regularly audited and reviewed.
The identity of the controller and their contact details
Your information will be held by Satsuma which is a trading name of Provident Personal Credit Limited. Provident Personal Credit is part of the Provident Financial Group, which includes other lending companies such as Vanquis Bank Ltd and Moneybarn Ltd. More information on the Provident Financial Group can be found at www.providentfinancial.com
The identity of the Data Protection Officer
Satsuma has a Data Protection Officer to ensure that your personal data is being treated fairly and lawfully and protected at all times. If you need to contact the DPO please email email@example.com, write to The Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 6944962
Categories of personal data processed
We only collect the data we need to provide you with the product or service you require and to administer your account(s) with us. In most cases this will mean that we are processing personal data such as:
- Information required on your application form such as name, address, income, outgoings etc.
- Information provided to us by the Credit reference agencies on your finance with other credit/lending organisations.
- Any additional information you provide whilst we are administering your account such as income & outgoings and personal circumstances.
Where we obtain your personal data from
Your personal information will be held securely on Provident systems so that we and any other companies in our Group that you have dealings with either now or in the future can manage your relationship with us. This will include information you provide when you apply to us and any additional information provided by you or others in various ways, including but not limited to;
- In applications, emails, letters, phone calls and conversations, when registering for services, in customer surveys, when you participate in competitions, through our websites and during conversations about your loan account.
- From analysis of your payments and use of our services and others in the Group.
- From information we receive from others such as credit reference agencies and fraud prevention agencies.
- From agents and brokers.
- From the use of data obtained from social media sites by matching email address with social media accounts.
Why we process your data
As a business we use data we obtain from you and data we collect about you to perform a number of activities. Under data protection legislation we are only permitted to use your personal information when we have a legal basis that permits us to do so. We set out below an overview of the purposes for which we use your personal information and, in each case, the legal basis that permits us to use that information.
As mentioned above, Satsuma is part of a wider group of companies all offering different lending products. In most cases any data we and the other companies obtain are shared amongst each other to ensure that we are lending responsibly and that we have all the data available to manage your relationship with us in the most informed way.
Processing your data as a Legitimate Interest
The Provident Group companies as outlined above will share your information amongst each other for the following administrative activities where we have a legitimate business need;
1. Managing your relationship with each company and notifying you of any changes to those products and services.
2. Responding to your queries and complaints.
3. Administering offers, competitions and promotions so that you are provided with the most appropriate product or service enhancement for your needs.
4. Updating, consolidating and improving the accuracy of our records by sharing any updates to your personal data, for example if you change address.
In addition, we will share and individually use each other's customer data for the following legitimate data usage across all companies in our group;
5. Transactional analysis.
6. Arrears and debt recovery and debt sale activities including where we may need to trace your whereabouts.
7. Crime detection, prevention and prosecution.
8. To evaluate the effectiveness of marketing, and for market research and training.
9. To support customer modelling, statistical and trend analysis, with the aim of developing and improving products and services.
10. To enable assessment of lending risks by considering all products you have across the group of companies and also taking into consideration your payment history with any products you previously held for assessing your income and expenditure and periodically updating this information to enable us to make responsible lending decisions.
11. For direct marketing activities (see below).
12. Where we want to share with market research companies to help us understand how we can improve our products and service offered to you.
13. Using your information for profiling to help ensure that if we market to you, this will be relevant to the information we hold about you.
Some of this sharing will be done on an individual basis, in other cases the data is shared using secure data transfer or is uploaded into a central database repository where we are able to apply strict controls over the security and access to the data. By sharing this information it enables our group companies to better understand your needs and run your account(s) responsibly and in the efficient way you expect.
Sharing your information with brokers
We will undertake this processing under a legitimate business interest. If you were introduced to us by a broker we will give them your contact details and sufficient information to help them with their accounting and administration. Brokers and Introducers sometimes use your information that you provided to them initially to contact you about products and services unless you have asked them directly not to do so.
Sharing your information to assist with asset buying or selling
We will undertake this processing under a legitimate business interest. Satsuma may in the future wish to sell, transfer or merge part or all of its business assets or to acquire a business. If so, we sometimes disclose your personal information to a potential buyer, merger partner or seller so long as they agree to keep it confidential and to use it only to consider the potential transaction.
Recording phone calls
We will undertake this processing under a legitimate business interest. We may monitor or record phone calls with you in case we need to check we have carried out your instructions properly, to resolve queries or issues, for regulatory purposes, to help improve our quality or service and to help prevent or detect fraud or other crimes. Conversations may also be recorded for staff training purposes.
Using your details for service contact
We will undertake this processing under a legitimate business interest. Making sure we deliver excellent customer service is important to us and to do this various methods of communication may be used when sending you information about your account. Sometimes this may be by SMS, email or push notification in your app or log in area. For example this may include sending you reminders or receipts for payments or other information in relation to the administration/servicing of your loan. We will always ensure that we are not putting your data at risk. If you have requested that we email you information relating to your account we will ensure that we have explained the risks of sending an insecure email and that you are happy to accept that risk.
Using information on social networking sites
We will undertake this processing under a legitimate business interest. As part of our ongoing commitment to understanding our customers better, we sometimes research comments and opinions made public on social media sites. We sometimes also match information on these sites with the data we hold to undertake behavioural analysis and assist with credit decisioning. The information we collect may also assist use with looking at targeted advertising using Social media.
Using cookies and IP addresses
How we use Fraud prevention agencies
We will undertake this processing under a legitimate business interest. If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention Agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering.
- Before we we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
- The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
- Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
- We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
- We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
- Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
- As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details above.
Consequences of Processing:
- If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
- A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
- Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Please contact us if you want to receive details of the relevant fraud prevention agencies. We and other organisations may access and use the information recorded by fraud prevention agencies from other countries.
Processing your data for legal reasons
We will treat your information as private and confidential, but may share it with other Group companies and only disclose it outside the Group if we are legally obliged to do so or required to do so to satisfy a court order. Examples of this are:
- Passing information to HMRC where a court order is in place.
- Required by the Police and other law enforcement agencies to investigate or prevent crime.
- Required by the authorities when we report on any suspicious activity that could indicate money laundering.
- Undertaking affordability reviews, where we will use all the data across the group companies to ensure we are fully aware of your Group commitments.
- Required to provide information to our industry regulators.
How we check your identity and undertake money laundering checks
We will undertake this processing to satisfy a legal obligation. Sometimes we will ask you to provide physical forms of identity when you take a product with us. Alternatively we may use information from the CRAs. This type of search is not seen or used by other lenders to assess your ability to obtain credit.
Processing your data for contractual reasons
There are a number of activities that we will perform to either use your data to assess you for the product you have requested, to enable us to provide that product and to continue to administer it in line with the credit agreement you sign up to. Some examples of the contractual processing we undertake are;
- Undertaking credit searches to assess your suitability for a product, see below for further details.
- Assessing your application using an automated credit decisioning process, see below for further details.
- Sending regulatory communications such as annual statements.
- Affordability, to assess your ability to sustainably repay your loan, we may review your income and expenditure levels, based on data we hold, capture or you provide.
Using automated decision making - the logic involved and the consequences
We will undertake this processing under a contractual requirement. When you apply for credit we use credit scoring. This is or can be an automated system that helps us to understand behaviour and its impact on an individual's likelihood to pay their loan/credit commitments. Credit scoring will take account of information you provide on your application, information already held in the Provident Group about you, data from Credit reference agencies, data obtained from social media sites. Our credit scoring processes are regularly reviewed to ensure they remain fair, effective and unbiased. If you submit an application and it is declined through this automated process, you can contact us to have the decision reviewed. If you need to contact us please email firstname.lastname@example.org, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 6944962 and we will review your request and come back to you within 21 days.
How we use Credit Reference Agency data
We will undertake this processing under a contractual requirement. Your application will be registered on your credit report under the name Provident Personal Credit Limited and we are currently working with Experian, Call Credit and Equifax. If you would like more information on these Credit Reference Agencies (CRA), please visit www.experian.co.uk/crain, www.equifax.co.uk/crain or www.callcredit.co.uk/crain. We will undertake a search with at least two of these agencies when you apply for credit and this will review your records as well as anyone financially associated with you.
A footprint will not be left on your credit file, unless you continue to complete a full application.
Once you take a product with us, we will report regularly to the CRAs on your payment history. If you fall behind on your payments and satisfactory proposals are not received within 28 days of a formal demand being issued, then a notice may be recorded at the CRAs which could impact your ability to obtain further credit.
The information we and other organisations provide to the CRAs may be used by us and them to;
- Help make decisions when checking applications, managing credit related accounts and facilities, recovering debt, checking on insurance claims, checking job applications.
- Detect and prevent money laundering, crime and fraud.
- Verify identity.
- Trace your whereabouts.
- Check other credit applications you have made.
- Undertake research, statistical analysis and system testing.
- Assess your ability to repay your loan by looking at your income and expenditure levels
Any records shared with the CRAs will remain on your CRA file for 6 years after your account is closed.
Processing your data with your consent
There will be circumstances where we will only process your data if we have your consent to do so. For example, if you provide us with data that is classed as a special category of data such as health information, we will only process this with your permission (unless we feel the processing is necessary to protect your vital interests). You have a right at any time to ask us to stop the processing of that specific data.
We also seek your permission to use your data for direct marketing activities, see below for further details.
Using your data for direct marketing
With your permission, we and other companies in the Provident Group may contact you by email, phone, SMS, and post/mail about products and services we feel will be of benefit to you including whether you are eligible for additional lending. This will include activities such as competitions and specific offers. This permission is collected from you at the time of your application but we may also contact/speak to you about your preferences through any of our ongoing contact with you when administering your account.
We will also obtain permission from you to advise you about our products and services when you access any of our log in areas or download any of our mobile app. We will not contact you about everything, only if we think it is appropriate and relevant to you. This contact may continue after your relationship with us ends and for a period of up to 2 years after you last access your login account. If you decide not to take out a loan with us after beginning an application, we may continue to contact you for a period of up to 6 months from the date you started your application.
You may opt out of receiving this information at any time by calling 0800 694 0004 or writing to us at email@example.com or Customer Relations – Satsuma Loans, 1 Godwin Street, Bradford, BD1 2SU.
If you have a Satsuma log in area you can manage your preferences through this.
As a customer if you decide to opt out of marketing, you'll still receive important information such as payment receipts, regulatory letters and statements.
How we manage your special categories of personal data
Data Protection Legislation defines certain information as special categories (racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life, biometric and genetic data). As part of your ongoing relationship with us we may be provided with such information. We will always ask your explicit consent to process this information (unless we feel the processing is necessary to protect your vital interests). We may share it with other parts of the Provident Group and our subcontractors to keep your records up to date.
Third parties using your data for direct marketing
Unless you have given us your consent, we will not provide information about you to other companies outside the Provident Group to use for their own marketing purposes.
Important please read:
You have a number of rights in relation to your personal data. For example you can ask for a copy of your personal data through a Subject Access Request, you can ask for your information to be corrected if it is inaccurate, you can ask for the processing of your data to be restricted whilst we may be resolving an issue, you can ask for your data to be deleted, and you have the right to data portability.
See below for further details. If you wish to exercise one of your rights please email firstname.lastname@example.org, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 6944962 and we will review your request and come back to you within 30 days.
Your right to object
You have a right to object to any processing activity where the business states it has a legitimate business need to use your data in the way described. If you need to contact us please email email@example.com, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 6944962 and we will review your request and come back to you within 30 days.
Your right to data portability
Data Protection legislation contains a right to data portability that may give you a right in some data processing contexts, to receive your personal data in a portable format when it is processed on certain grounds, such as consent. If you wish for this limited data to be "ported" to another organisation direct, please contact us at firstname.lastname@example.org, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 6944962 and we will review your request and come back to you within 30 days.
Obtaining a copy of your data
You have a right of access to a copy of the personal data we hold about you. Please email email@example.com, write to the Rights Request Team, Provident Personal Credit Limited, No 1 Godwin Street, Bradford, BD1 2SU, or call 0800 6944962 providing as much information as possible to enable us to locate your information. Once we have everything we need to locate your information we will supply this to you within 30 days of this date.
Your right to lodge a complaint with the regulatory authority
We hope that we provide you with the service you expect in relation to how we manage your personal data. Please contact us if there is anything you are concerned about and we will endeavour to address this. If you are still not satisfied then you have the right to contact the Information Commissioner on 0303 123 1113
Who do we share your data with
We use a number of third party companies to help us to manage your account and to deliver the service you expect. Examples of where we may employ the services of a third party are;
- To help send out electronic, written or voice communications to you.
- To provide IT support.
- To provide us with software and systems to help manage your account and the activities we need to complete.
- To help prevent fraudulent transactions or online security/fraud threats.
- To help collect outstanding payments.
- To help process certain account activities such as arrears, collection and debt recovery we sometimes employ the services of other Provident Group companies.
Satsuma will ensure that it and any third parties whom it engages to process Personal Data on its behalf will process the Personal Data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Satsuma will ensure that a written contract (a “Data Processor Agreement”) is put in place with third party processors and the terms of that Data Processor Agreement will comply with requirements of the Data Protection Legislation.
Processing your data outside the EEA
We sometimes use third parties based outside the European Economic Area. For example some of our IT administrative activities are supported by third parties based in India and Israel. We will always ensure they will protect your information to EU standards.
If we do transfer information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website.
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this here on the European Commission Justice website.
- Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website.
Sometimes these organisations may disclose information to foreign authorities in the fight against crime and terrorism where they are legally obliged to do so.
How long do we keep your data for
As a regulated business we are often required to hold personal data for set periods of time. There may also be certain legal requirements to hold onto data. We have a legitimate business need to keep data for a certain period of time. We operate to an approved set of retention schedules which identify the type of data held and for how long. Some of the key retention periods are;
- Most customer data will be held for up to 6 years after the end of the relationship.
- Home visit recordings will be held for up to 6 years from the date of the recording.
- Contact centre sales call recordings will be held for up to 6 years from the date of the recording.
- All other contact centre call recordings will be held for up to 2 years from the date of the recording.
- Marketing permissions will be kept and used for up to 2 years after the loan has been paid up or you last access your 'Login' account.
If you require details on retention periods for any other type of data held please contact us on email firstname.lastname@example.org, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 08006944962
Changes to this notice
Representative example: £480 loan repayable over 9 months. 9 monthly repayments of £106.56. Rate of interest 133.1% p.a. fixed. Representative 535% APR. Total amount payable is £959.04