Nextcredit Ltd. is committed to protecting your information when you use our services, obtain our products or otherwise interact with us.
This privacy notice was last updated on 28 May 2018.
Nextcredit Ltd. collects, processes and stores certain personal data about you. When we do so we are required to comply with data protection legislation.
For the purposes of the Data Protection Act 2018, Nextcredit Ltd is a data controller. Our registered and trading address is:
Unit 10, Basepoint Business Centre, Oakfield Close, Tewkesbury GL20 8SD
This notice applies to personal information we collect about you when you apply for any of our products or services, when you use our website, when you otherwise interact with us (for example when you contact us) or that we collect from third parties, as described in this privacy notice. It tells you:
We keep our privacy notice under regular review. We encourage you to review this page regularly for the latest information on our privacy practices. If we make material changes, we will notify you by updating our website together with any other methods as may be appropriate.
You may give us your personal information when you:
Please note that telephone calls to and from our office are recorded for monitoring and training purposes and to store customer feedback and information.
We, or the companies which work on our behalf, collect certain related data of visitors to our website automatically, including:
For further information please see our Cookies notice.
We also collect information from other companies, for example to supplement the data we hold. Where this happens, we will take appropriate steps to assure ourselves that your information was collected legally.
For example, we collect information from credit reference agencies (CRAs) in order to assess your loan application, to trace your whereabouts and we may also verify information you’ve given us in the same way. You can find out more information about CRAs in section 7.
We collect information when you’ve agreed to be referred to us (for example, credit brokers).
We also collect information from those working on our behalf, for example, our debt recovery partners who may share information with us in relation to the repayment of your loan/s.
Your personal information may be available to us from external publicly available sources, for example, public registers such as the insolvency register and press reports. Depending on your privacy settings for social media services, we may also access information from those services.
We collect, store and use the following types of information:
We use information we collect and receive for a number of purposes, including to:
We rely on the following legal grounds:
When we rely on our legitimate interests, these are usually for:
Where we process information that is particularly sensitive (“special category data”), such as health data, we process that information on the basis that you have provided explicit consent for us to do so or on the basis that processing is necessary in the establishment, exercise or defence of legal claims.
We process personal data related to health:
We, or individuals and companies working on our behalf, share your information as follows:
In order to fulfil contracts and to pursue our legitimate interests, we may share your information with third parties who provide services to us. For example, debt recovery partners, IT suppliers, payment processors and other financial institutions.
We do not authorize these companies to use or disclose your personal information except for the purpose of providing the service. Nextcredit is based in the UK but some data processors may be based outside of the European Economic Area (EEA). See section 13 for more information.
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). We may also verify some of the information you gave to us when you applied, for example your income and credit commitments.
We will also share information with CRAs while you have a relationship with us, for example, how you manage your loan account/s with us.
And, we will inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, we will notify CRAs and they will record any adverse payment markers (such as late or missed payments or default) and the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you require more information about how the CRAs use your personal data, please look here:
We may share your information between companies in our group in order to provide you with our products and services and to develop and enhance our products and services. Nextcredit Ltd. is wholly owned by NC Norway AS, a company based in the EEA and with similarly high standards in the treatment of your information.
We may share information with third parties involved in any reorganisation, restructuring, merger or sale, or other transferring of assets (including assigning any of our rights or obligations under any agreement we may have with you), provided the receiving party gives appropriate assurances of compliance with the general data protection regulation.
We may share information with individuals or companies you have instructed to act on your behalf, for example, debt management companies, debt advice organisations, family and friends.
We may also disclose your information to regulators such as the FCA and ICO, law enforcement agencies and courts and tribunals where we have a legal obligation to do so or where we believe compliance with the request to be fair, reasonable and lawful, for example, to prevent or investigate security breaches fraud and other crimes.
We will also disclose information:
You have the following rights in relation to the personal data we hold about you. In order to help us to respond efficiently to your request, we may ask you to verify your identity. You can exercise your rights by emailing us at email@example.com or writing to us at the address in section 1.
It is normally free to exercise your rights. However, in some circumstances we may charge a reasonable fee, for example, if your request is manifestly unfounded or excessive or repetitive. We will tell you if this is the case.
We may refuse to act on your request to exercise a right. Where we do so we will explain why and tell you about any further rights you may have.
We will do our best to respond to you as quickly as possible and within one month of the receipt of your written request. If we need longer to respond, for example, due to the complexity of your request, we will tell when you can expect to hear from us.
You can ask us to confirm whether or not we have and are using your personal data. You can also ask to get a copy of your personal data from us and for information on how we process it.
We may need to verify your identity to provide information to you and, if a third party is acting on your behalf, we may need to check you have given your consent to us disclosing this information to them.
Sometimes, we may release the information to you directly rather than your third party so as to give you the opportunity to choose what information you may share with them.
We want to make sure that your personal information is up to date and accurate. Please always let us know if you think it is not and needs updating. You can contact us by emailing us at firstname.lastname@example.org or by writing to us at the address in section 1.
We may need to verify the accuracy of any information you provide.
You can ask us to pause processing your information in certain circumstances, for example, when you are disputing its accuracy.
you can object to any use of your personal data in the following situations:
Please be aware that you do not have a right to object to our processing your data where we are doing so in order to enter into a contract with you or when exercising our rights and obligations under our credit agreement with you.
In some circumstances you may have a right to erasure (to be “forgotten”).
If there are legitimate grounds for us to continue processing your information or if the processing is for the establishment, exercise or defence of legal claims or to comply with a legal obligation then we may not be able to comply with your request.
You can ask us to transfer your data electronically to you or another organisation in certain circumstances. You may only exercise this right where we use your personal data in order to perform a contract with you, or where we asked for your consent to use your personal data. This right does not apply to any personal data which we hold or process outside automated means.
You can find out more information at: https://ico.org.uk/for-the-public/.
Please be aware that you are under no obligation to provide us with your personal information. However, failure to do so may prevent us from being able to provide you with products and services or to communicate with you.
The way we analyse personal data in relation to our services may involve profiling. This means that we may process your data using software that is able to evaluate your personal aspects and predict risks or outcomes.
We may also use automated means to make decisions about you related to:
We may make automated decisions about you where such decisions are necessary for entering into a contract, where such decisions are required or authorised by law (for example, for fraud prevention purposes) or where it is as reasonably way of complying with regulation.
You can contact us to request an automated decision be reviewed by a human being.
We will only keep information about you for as long as we need to fulfil the purposes for which we are processing your information. After that we will either delete or anonymise your data.
The criteria we use to determine how long to retain data includes:
We take security of your information very seriously indeed and we maintain appropriate safeguards to prevent the information you have provided from being accidentally lost, used or accessed in an unauthorised way.
However, since the internet is not a 100% secure environment, we cannot ensure or warrant the security of any information you transmit to us. We have controls and processes to minimise the risk of a data breach occurring. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you’ve previously indicated to us that you’d like to hear about the products and services of our group, or other carefully selected companies, we or they may contact you by post, telephone, email or SMS. You can change your preferences / unsubscribe at any time – just send us an email to email@example.com . We’ll action your request as soon as we reasonably can.
Although we do not routinely transfer personal information outside the EEA, we may need to transfer your personal data to companies within our group or to one of our suppliers (“data processors”) who are based outside of the EEA. We will take appropriate steps to ensure that your data is protected.
Please see section 7 for more information on who we share information with.
It is your responsibility to provide us with honest, accurate and up to date information both when you apply for a loan with us and during our relationship with you.
If false or inaccurate information is provided to us and fraud is identified, details may be passed to fraud prevention agencies, or other law enforcement agencies . Further details explaining how the information held by fraud prevention agencies may be used can be found in the credit agreement we will provide you with prior to your applying for a loan with us. Once you have been approved for a loan, your credit agreement can be accessed via your online account, by using the login details we will provide you with.
You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications at all times. There are some simple steps that you can take to keep your information secure; www.getsafeonline.org provides practical advice on how to protect yourself, your computers and mobile devices against fraud, identity theft, viruses and many other problems encountered online.
Our site may contain links to other websites. The information contained within this notice does not cover those links. You should read the privacy notices on the other websites you visit, or contact those companies for information on how they collect and use your information.
A cookie is a small file of letters and numbers that is downloaded to your computer or device when you visit a website. Cookies are used by many websites and can do a number of things such as remembering your preferences and counting the number of people visiting a website.
Those under the age of 18 are not eligible for our services.
If you have a question, complaint or query with regards to how we use your information, please contact us and we will do our best to resolve it as soon as possible. If it’s a complaint concerning your data security and we have failed to deal with it to your satisfaction, you can lodge a complaint with the Information Commissioner’s Officer (ICO) or other relevant supervisory authority. You can complain to the ICO at www.ico.org.uk/global/contact-us/email.
You can contact us by emailing us at firstname.lastname@example.org, calling us on 01631 708602 or writing to us at the address in section 1.