This notice relates specifically to individuals who apply for roles within Vanquis Bank Limited, employees of Vanquis Bank Limited and individuals who act in the capacity of a self-employed contractor, working on behalf of Vanquis Bank Limited. It explains how we use your personal data, and describes the categories of personal data we process and for what purposes. It applies when you use this website or any of our apps or when you apply for roles with Vanquis Bank Limited. We are committed to collecting and using personal data fairly and in accordance with the requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
We are committed to ensuring that your information is kept safe, secure and used responsibly, and we have put in place appropriate technical and other security measures to protect it.
Who we are
Vanquis Bank Limited (Company Number 02558509) whose registered office is at 1 Godwin, Street, Bradford, West Yorkshire BD1 2SU, a member of the Provident Financial Group (the Group). You can get in touch with our Customer Services Department at Vanquis Card, Customer Services, PO Box 399, Chatham, ME4 4WQ or by telephone on 0330 099 3000. Please click here for opening hours and call charge information.
Other firms within the Provident Financial Group with which we may share your personal data are:
Provident Financial plc. Registered number 0668987 England.
Provident Personal Credit Limited. Registered number 146091 England.
Provident Financial Management Services Limited. Registered number 0328933 England
The registered address for these companies is: No. 1 Godwin Street, Bradford, West Yorkshire, BD1 2SU.
Moneybarn Limited. Registered number 02766324 England.
Moneybarn No. 1 Limited. Registered number 04496573 England.
The registered address for these companies is: The New Barn, Bedford Road, Petersfield, Hampshire, GU32 3LJ.
What kind of personal information we use
We use many different kinds of personal information depending on your role, your personal circumstances, our legal requirements, legitimate interests and our contractual obligations to you.
We need to use the following personal data: full name, address, email address, telephone number, date of birth, contact details, bank account details, education details, previous employment (where applicable and including self-employment), National Insurance numbers and identifier numbers from passports, driving licences, birth certificate and residence permits (where applicable), information about your credit history, statutory benefits, your performance in your roles with Vanquis, photographic images, information about your family members in order to provide colleague benefits and services, information we receive from credit reference and fraud prevention agencies, and other financial information. Where you use our websites, we will collect your Internet Protocol (IP) address and information about your browsing behaviour.
We might also need health information and to help us provide you with support, for instance making necessary adjustments to your working environment.
How we collect your personal data
We collect personal data:
How we use your personal data
Data protection law says that we can only use personal data if we have a proper reason to do so. For example, these reasons include fulfilling a contract we have with you, when we have a legal duty, when it is in our legitimate interest or when you consent to its use. When data protection law allows us to process your personal data for our own legitimate interests, it is only allowed provided those interests do not override your own interests and/or your fundamental rights and freedoms.
An example of us using your personal data when we have a legal duty, is where we must do so in order to comply with our obligations to you under employment law.
An example of where we would process your personal data for our legitimate interests would be to investigate potential fraud. Processing personal data in these circumstances would not only be in our legitimate interest but also yours.
Our purposes for processing your personal data
We will only ask you for your personal data where it is necessary to fulfil the following purposes. Where providing us with your personal data is optional, we will inform you of this. Our purposes are grouped under our legal bases for processing.
Entering into and fulfilling a contract between you and us
Fulfilling our legal obligations
For our legitimate interests
As a commercial organisation:
Please see the section headed ‘Your Privacy Rights’ for information on your right to object to processing of your personal data based on our legitimate interests.
Where we require your consent / explicit consent
To process about you, where necessary, ‘special categories of personal data’ – this includes data about your:
We may process personal data about your health or medical conditions, where we need to understand this to provide you with support, or to make adjustments in how we provide you with information.
Retaining your personal data
We will retain your personal data for as long as we are obliged, under relevant legislation and regulation, or where no such rules apply, for no longer than it is necessary for our lawful purposes even if this continues after your employment ends (e.g. if we need to administer a share award that you still hold after you have left). This will usually be no more than six years from the point at which the obligation to retain a record containing your personal data begins. The retention period of your personal data may need to be extended where we require this to bring or defend legal claims. We may also retain data for longer periods for statistical purposes, and if so we will anonymise or pseudonymise this.
Using data processors and transferring your personal data overseas
We may use service providers, agents and subcontractors to provide services on our behalf. This may require these organisations to access and process your personal data. We have listed our third party partners and categories of suppliers we use in Appendices 1 and 2
From time to time your personal data may be transferred to organisations that are based in countries outside the European Economic Area. In these circumstances, we will ensure they process your personal data only in accordance with the applicable data protection legislation and under strict organisational and contractual controls, specifically EU model clauses. We also use the EU Commission approved EU-US Privacy Shield framework, where appropriate, when personal data is processed on our behalf in the USA. For more information about these controls, please visit https://ico.org.uk and search for ‘International transfers’.
Your Privacy Rights
You have the right to object to how we process your personal data. You also have the right to see what personal data we hold about you. You can ask us to correct inaccuracies, delete or restrict personal data or ask for some of your personal data to be provided to someone else. These rights are explained in more detail below.
Requests to exercise your rights to your personal data can be made by:
By post: to HR Services, Vanquis Bank, 50 Pembroke Court, Chatham Maritime, Kent, ME4 4EL
By telephone: on 01274 962551
By email: to firstname.lastname@example.org
Our Data Protection Officer can be contacted using the above details.
Your data protection rights are subject to certain restrictions and conditions. We will assess your request and where we decide not to act upon this, we will notify you of our reasons for this. We will not make a charge for handling your rights request, unless we consider this to be manifestly unfounded or excessive (particularly if this is repetitive).
You have the right to complain to us and to the data protection regulator, the Information Commissioner’s Office, whose address is: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113. You can find out how to report a concern on their website at: https://ico.org.uk/reportaconcern
Your rights are:
To be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. We fulfil this right by giving you this notice.
Access to your personal data: You can request access to a copy of your personal data that we process as a data controller, together with details of why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making.
Right to withdraw consent: If you have given us your consent, you can withdraw that consent at any time. Please contact us if you want to do so. If you withdraw your consent, we may not be able to provide certain support or act on employment rights. If this is the case, we will tell you.
Right to object: You may object to our processing of your personal data by us, where this processing is based on our legitimate interests or in the public interest. We will assess whether our interest in continuing to process your personal data overrides your rights and freedoms. If not, we will stop processing your personal data. Either way, we will inform you of the outcome.
Rectification: You can ask us to change or complete any inaccurate or incomplete personal data held about you.
Erasure: This is also known as “the right to be forgotten” and this means that you can ask us to delete your personal data where it is no longer necessary for us to use it, you have withdrawn consent (where applicable), or where we have no lawful basis for keeping it or otherwise using it. There are limited exceptions, for example where we need to use the information to bring or defend a legal claim.
Portability: You can ask us to provide you or a third party with some of the personal data that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred. This is limited to personal data you have provided with your consent or in relation to the products you have with us, and which we process by automated means, such as your account transaction data.
Restriction: You can ask us to restrict the personal data we use about you where:
When you have asked us to restrict the use of your personal data we may still store your information but will not use it further without your consent, unless we need to process it:
Automated decision making and profiling
We may use your personal data in automated processes to make decisions about you. You have the right not to be subject to a decision based on solely automated processing, including profiling, if this will have a legal or other significant effect on you (unless certain exceptions apply).
We will tell you where we will make such decisions and you have the right to ask for these to be reconsidered manually;
Credit Reference Agencies
In order to confirm your employment, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”).
To do this, we will supply your personal data to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
Assess your creditworthiness to ensure you meet the criteria required for your role;
Verify the accuracy of the data you have provided to us;
Prevent criminal activity, fraud and money laundering;
Ensure any offers provided to you are appropriate to your circumstances.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal data, data retention periods and your data protection rights with the CRAs are explained in more detail on the Credit Reference Agency Information Notice (‘CRAIN’), which may be accessed via the links to the CRAs detailed below.
Fraud Prevention Agencies
We will check your details against the Cifas databases established for the purpose of allowing organisations to record and share data on their fraud cases, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct (“Relevant Conduct”) carried out by their staff and potential staff. “Staff” means an individual engaged as an employee, director, trainee, homeworker, consultant, contractor, temporary or agency worker, or self-employed individual, whether full or part time or for a fixed-term.
The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and other relevant conduct and to verify your identity.
Details of the personal information that will be processed include: name, address, date of birth, any maiden or previous name, contact details, document references, National Insurance Number, and nationality. Where relevant, other data including employment details will also be processed.
We and Cifas may also enable law enforcement agencies to access and use your personal data to detect, investigate, and prevent crime.
We process your personal data on the basis that we have a legitimate interest in preventing fraud and other Relevant Conduct, and to verify identity, in order to protect our business and customers and to comply with laws that apply to us. This processing of your personal data is also a requirement of your engagement with us.
Cifas will hold your personal data for up to six years if you are considered to pose a fraud or Relevant Conduct risk.
Consequences of processing
Should our investigations identify fraud or any other Relevant Conduct by you when applying for or during the course of your engagement with us, your new engagement may be refused or your existing engagement may be terminated or other disciplinary action taken (subject to your rights under your existing contract and under employment law generally).
A record of any fraudulent or other Relevant Conduct by you will be retained by Cifas and may result in others refusing to employ you. If you have any questions about this, please contact us using the details provided.
Should Cifas decide to transfer your personal data outside of the European Economic Area, they will impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Links to other websites
Certain hypertext links in this website may lead you to websites which are not under our control. Once you have left our website we are unable to accept responsibility for the protection of any personal data you provide to the owner of that website. You should look at the privacy information applicable to that website.
Keeping up to date
We keep our Privacy Notice under regular review. This notice was last updated in April 2019.
Appendix 1: List Third Party Partners
We do not currently have any Third Party partners
Appendix 2: Categories of supplier with whom we may share personal data for our business purposes.
Under data protection legislation, we must inform you of the categories of organisations with which we may share your personal data. We have listed these below.
* Calls to 01 and 03 numbers from UK landlines and mobiles are usually included in free plan minutes if available; otherwise call to 03 numbers cost no more than calls to 01/02 prefix numbers. Call cost information correct as at May 2018
Vanquis Bank Limited registered office: No. 1 Godwin Street, Bradford, West Yorkshire BD1 2SU. Registered number 02558509 England. Vanquis Bank Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register No. 221156).