Last updated May 2018
Under the GDPR, we can only hold and process your personal data on one or more of the grounds authorised by the GDPR.
By registering on this website, you consent to the collection, use and transfer of your information under the terms of this policy.
Our legal basis for processing your data legitimate interests
Article 6(1)(f) of the GDPR is the one that is relevant here – it says that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data in connection with exercising or defending legal claims. Article 9(2)(f) of the GDPR allows this where the processing “is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.
This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.
In summary the law says we must have one or more of these reasons:
- To fulfil a contract we have with you, or
- When it is our legal duty, or
- When it is in our legitimate interest,
- or When you consent to it.
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
How we collect your personal information
Your information will be collected and processed by ELBL during the use of our websites or when you communicate directly with us, such as through e-mail, phone or letter, for example:
- when you complete our online application form, your details will be stored, this usually includes name, postcode, vehicle registration number, telephone number and e.mail address;
- if you take out an agreement with us, we will ask for further information including full name, date of birth, marital status, residential status, contact telephone numbers, home, mobile and work, occupation and employment details and details of income and expenditure and bank name address and account number and sort code and any other information you choose to provide to us. It may also include details of the agreements you have had with us in the past or unsuccessful applications for further credit. You may also disclose sensitive information to us (such as, information about your physical and mental health, racial or ethnic origin, political opinions, religious beliefs, sexual life, medical information), which we may hold and process. Wherever possible we will always ask your explicit consent to process this information. You are responsible for providing valid, accurate and up to date information. When you give us information about another individual or organisation it is on the basis that you confirm that they have specifically agreed to this and understand how and why their information will be used.
- We will ask that you provide us with documents to support your application, such as proof of identity, address and income. We may also ask you for proof of insurance, proof of MOT and proof of purchase of your vehicle. Copies of those documents may be made and retained;
- during the currency of any agreement with us, we will make notes of any instances of contact between us, which will include any personal information disclosed to us during that contact;
- any calls made to us or our representatives may be recorded for training and monitoring purposes; and/or
- after your agreement has been completed, we may keep records of any feedback you give us about the service provided.
- We may also collect information from outside sources such as credit reference agencies and customer service providers in order to help us make decisions regarding credit.
- Information about your computer may also be collected if it is available, such as your IP address, type of browser you are using and computer operating system. This is in order to help us improve our systems and website.
Our use of your personal information
Your data will always be dealt with responsibly and in accordance with the Data Protection Act 1998 and the new laws. Information stored or collected about you helps us improve our service and helps to make sure that any agreement you have with us is run smoothly.
For example, your information may be used to:
- identify you when you contact us;
- carry certain credit checks through licensed credit-referencing agencies and a record of this search will be made on your credit profile;
- carry out business processes such as valuing your vehicle so we can provide or assist you in obtaining such products and services which you require;
- make credit decisions about you and check the details that you have provided to us are complete and accurate;
- administer and manage any application you make to us and, in the event you take out credit with us, to administer your account with us;
- monitor and analyse our business including conducting internal audits, using statistical analysis to develop and improve our products and services and conducting market research;
- to identify, prevent, detect or tackle fraud, money laundering, terrorism and other crimes;
- trace your whereabouts and recover any debt you owe us; and/or
- comply with our regulatory obligations.
Groups of Personal Information
We use many different kinds of personal information as given below.
|Type of personal information||Description|
|Financial||Your financial position, status and history.|
|Contact||Where you live and how to contact you.|
|Socio-Demographic||This includes details about your work or profession, nationality where you fit into general social or income groupings.|
|Transactional||Details about payments to and from your accounts including bank statements.|
|Contractual||Details about the products or services we provide to you.|
|Locational||Data we get about where you are, such as may come from your mobile phone, the IP address where you connect a computer to the internet.|
|Behavioural||Details about how you use our products and services.|
|Technical||Details on the devices and technology you use to interact with us.|
|Communications||What we learn about you from letters, emails and conversations between us.|
|Social Relationships||Your family, friends and other relationships.|
|Open Data and Public Records||Details about you that are in public records and information about you that is openly available on the internet.|
|Documentary Data||Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence or birth certificate.|
|Special types of data||The law and other regulations treat some types of personal information as special. We will only collect and use these types of data if the law allows us to do so:|
• Health data including gender
|Consents||Any permissions, consents or preferences that you give us. This includes things like how you want us to contact you, whether you get paper statements, or prefer large-print formats.|
|National Identifier||A number or code given to you by a government to identify who you are, such as a National Insurance number.|
Where we collect personal information from
We may collect personal information about you using the information you give to us:
- When you talk to us on the phone or in person.
- When you use our websites, mobile device apps, emails us and send us letters.
- In insurance claims or other documents.
- In financial reviews and assessments.
- Payment and transaction data.
Data from third parties we work with:
- Companies that introduce you to us.
- Credit reference agencies.
- Comparison websites.
- Fraud prevention agencies.
- Payroll service providers.
- Land agents.
- Public information sources such as Companies House.
- Agents working on our behalf.
- Market researchers.
- Medical practitioners*.
- Government and law enforcement agencies.
*For some financial assessment, we may ask you to ask your GP or other medical professional to send us a report. We will only use this if we get your consent.
Who we share your personal information with
We may share your personal information with these organisations:
- With any company that we use to collect payments or debts on our behalf.
- Credit reference agencies.
- Any authorised third party linked with you such as Citizen Advice Bureau, Payplan etc.
- Organisations that introduce you to us.
- With any law enforcement authorities involved in terrorism prevention, this also pertains to authorities outside the United Kingdom.
- Where we are requested by government bodies and organisations, authorities, tax authorities, and ombudsmen, not just in the UK but overseas if requested.
- To prevent fraud by sharing with agencies that detect fraud.
- Your data may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law or where permitted under the terms of the Data Protection Act 1998.
- To help us to establish, exercise or defend legal claims
- If ELBL merges with or is acquired by another business or company in the future, (or is in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.
How we use your information to make online decisions
We use a system to decide whether to lend money to you. This is called credit scoring. It uses past data to assess how you’re likely to act while paying back any money you borrow. This includes data about accounts you may have had before. Credit scoring will take account of information you provide on your application, information provided by credit reference agencies and information already held on our system. If you submit an application and it is declined through this process, you can contact us within 14 days to have the decision reviewed.
Credit Reference Agencies (CRAs)
We may carry out credit checks when you apply for credit. We may use Credit Reference Agencies to help us with this. If we choose to do so we will provide you with the details of the CRA we use. Your loan application will be registered on your credit report under the name Easylogbookloans.tv. If we undertake a search with a credit reference agency, the agency will review your credit records as well as anyone financially associated with you. The agency will keep a record of this search and place a “footprint” on your file, whether or not your application proceeds. If we undertake a credit check we will report regularly to the CRAs on your payment history.
If we use a CRA we will share your personal information with them and they will give us information about you.
The data we exchange can include:
- Name, address and date of birth.
- Credit application.
- Details of any shared credit.
- Financial situation and history.
- Public information, from sources such as the electoral register and Companies House.
We’ll use this data to:
- Assess whether you are able to afford to make repayments.
- Make sure what you’ve told us is true and correct.
- Help detect and prevent financial crime.
- Manage accounts with us.
- Trace and recover debts.
- Make sure that we tell you about relevant offers.
- Inform you about new services an changes.
If we use a CRA, we will go on sharing your personal information with CRAs for as long as you are a customer. This will include details of your repayments and whether you repay in full and on time. The CRAs may give this information to other organisations that want to check credit status. We will also tell the CRAs when you settle your accounts with us.
When we ask CRAs about you, they will note it on your credit file. This is called a credit search. Other lenders may see this and we may see credit searches from other lenders.
You can find out more about the CRAs on their websites, in the Credit Reference Agency Information Notice. This includes details about:
- Who they are
- Their role as fraud prevention agencies
- The data they hold and how they use it
- How they share personal information
- How long they can keep your data
Fraud Prevention Agencies (FPAs)
We may need to confirm your identity before we provide products or services to you. Once you have become a customer of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks. We use Fraud Prevention Agencies to help us with this.
Both we and fraud prevention agencies can only use your personal information if we have a proper reason to do so. It must be needed either for us to obey the law, or for a ‘legitimate interest’.
We will use the information to:
- Confirm identities
- Help prevent fraud and money-laundering
- Fulfil any contracts you have with us.
- We or an FPA may allow law enforcement agencies to access your personal information. This is to support their duty to detect, investigate, prevent and prosecute crime.
FPAs can keep personal information for different lengths of time. They can keep your data for up to six years if they find a risk of fraud or money-laundering.
The information we use
These are some of the kinds of personal information that we use:
- Date of birth
- Residential address
- History of where you have lived
- Contact details, such as email addresses and phone numbers
- Financial data
- Employment details
- Vehicle details
- Automated decisions for fraud prevention
The information we have for you is made up of what you tell us, and data we collect when you use our services, or from third parties we work with.
We and FPAs may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you. Either of these could indicate a possible risk of fraud or money-laundering.
How this can affect you
If we or an FPA decide there is a risk of fraud, FPAs will keep a record of the risk that you may pose. This may result in other organisations refusing to provide you with products or services, or to employ you.
Data transfers out of the EEA
FPAs may send personal information to countries outside the European Economic Area (‘EEA’). When they do, there will be a contract in place to make sure the recipient protects the data to the same standard as the EEA. This may include following international frameworks for making data sharing secure.
Sending data outside of the EEA
We will only send your data outside of the European Economic Area (‘EEA’) to:
- Follow your instructions.
- Comply with a legal duty.
If we do transfer information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA.
If you choose not to give personal information
We may need to collect personal information by law, or under the terms of a contract we have with you. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts or policies. It could mean that we cancel a product or service you have with us. Any data collection that is optional would be made clear at the point of collection.
We may use your personal information to tell you about relevant products and offers. This is what we mean when we talk about ‘marketing’.
We need your consent for some aspects of these activities which are not covered by our legitimate interests (in particular, the collection of data via cookies, and the delivery of direct marketing to you through digital channels) and, depending on the situation, we’ll ask for this via an opt-in or soft-opt-in.
Soft opt-in consent is a specific type of consent which applies where you have previously engaged with us, and we are marketing other loan-related services. Under ‘soft opt-in’ consent, we will take your consent as given unless or until you opt out. For most people, this is beneficial as it allows us to suggest other financial products to you. For other types of e-marketing, we are required to obtain your explicit consent.
You can also ask us to stop sending you marketing messages by contacting us at any time. Whatever you choose, you’ll still receive your contractual letters and annual statements related to your agreement.
We may ask you to confirm or update your choices, if you take out any new products or services with us in future. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business.
If you change your mind you can update your choices at any time by contacting us.
Our contact details are as follows:
ELBL, P.O. Box 450, Macclesfield, Cheshire, SK11 9WS
Tel: 01625860555; E-mail: firstname.lastname@example.org
If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time. Even if you have opted out from our marketing communications through our preference centre, it is possible that your details may be recaptured through public sources in an unconnected marketing campaign. We will try to make sure this doesn’t happen, but if it does, we’re sorry. We’d just ask that in those circumstances you opt out again.
All our marketing is based on what we think will serve our borrowers best, but we know we won’t always get it right for everyone. We may use your data to show you ELBL adverts and other content on other websites. If you do not want us to use your data in this way, please turn off the “Advertising Cookies” option. Even where you have turned off advertising cookies, it is still possible that you may see an ELBL advert, but in this case it won’t have been targeted at you personally, but rather at an anonymous audience.
Security and data retention
We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach.
If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately by:-
Sending an email to email@example.com or
By telephoning 01625860555 and asking for Christian Gachet; or
By writing to us at ELBL, P.O. Box 450 Macclesfield Cheshire SK11 9WS
How long we keep your personal information
We will keep your personal information for as long as you are a customer of ELBL.
After you stop being a customer, we may keep your data for up to 6 years for one of these reasons:
- To respond to any questions or complaints.
- To show that we treated you fairly.
- To maintain records according to rules that apply to us.
We may keep your data for longer than 6 years if we cannot delete it for legal, regulatory or technical reasons. If we do, we will make sure that your privacy is protected and only use it for those purposes.
If you made a loan application or enquiry which did not result in a loan, we may keep your data for up 1 year following your loan application/enquiry.
While we will endeavour to permanently erase your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so, some of your data may still exist within our systems, for example if it is waiting to be overwritten. For our purposes, this data has been put beyond use, meaning that, while it still exists on an archive system, this cannot be readily accessed by any of our operational systems or processes.
Your rights under GDPR
One of the GDPR’s main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us.
Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us by:-
Sending an email to firstname.lastname@example.org or
By telephoning 01625860555 and asking for Christian Gachet; or
By writing to us at ELBL, P.O. Box 450 Macclesfield Cheshire SK11 9WS
If your interests or requirements change, you can unsubscribe from part or all of our marketing content by emailing us at: email@example.com or by clicking the unsubscribe link in any marketing e-mail we send to you.
We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to object
This right enables you to object to us processing your personal data where we do so for one of the following four reasons:
- our legitimate interests;
- to enable us to perform a task in the public interest or exercise official authority;
- to send you direct marketing materials; or
- for scientific, historical, research, or statistical purposes.
If your objection relates to us processing your personal data because we deem it necessary for your legitimate interests, we must act on your objection by ceasing the activity in question unless:
- we can show that we have compelling legitimate grounds for processing which overrides your interests; or
- we are processing your data for the establishment, exercise or defence of a legal claim.
If your objection relates to direct marketing, we must act on your objection by ceasing this activity.
If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
Right to withdraw consent
Where we have obtained your consent to process your personal data for certain activities (for example, for our marketing arrangements), you may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.
Data Subject Access Requests (DSAR)
You may ask us to confirm what information we hold about you at any time, and request us to modify, update or Delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.
Right to erasure
You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria
- the data are no longer necessary for the purpose for which we originally collected and/or processed them
- where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing
- the data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR)
- it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
- if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
We would only be entitled to refuse to comply with your request for one of the following reasons:
- to exercise the right of freedom of expression and information;
- to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
- for public health reasons in the public interest;
- for archival, research or statistical purposes; or
- to exercise or defend a legal claim.
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to Delete the relevant data.
We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
Right of data portability
If you wish, you have the right to transfer your personal data between data controllers. In effect, this means that you are able to transfer the data held by ELBL to another online platform. To allow you to do so, we will provide you with your data in a commonly used machine-readable format. Alternatively, we may directly transfer the data for you. This right of data portability applies to:
- personal data that we process automatically (i.e. without any human intervention);
- personal data provided by you; and
- personal data that we process based on your consent or in order to fulfil a contract.
Right to restrict processing
You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either:
- one of the circumstances listed below is resolved;
- you consent; or
- further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or Member State public interest.
The circumstances in which you are entitled to request that we restrict the processing of your personal data are:
- Where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
- Where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;
- Where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
- Where we have no further need to process your personal data but you require the data to establish, exercise, or defend legal claims.
If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
Right to rectification
You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.
Links to third party websites
We do not accept any responsibility for third party websites that we link to. These websites have terms and conditions and privacy policies that are different to the one on this site and we have no control over these sites.
How to complain
Please let us know if you are unhappy with how we have used your personal information. To contact us please by writing to us at this address:
ELBL P.O. Box 450, Macclesfield, Cheshire, SK11 9WS
Right to lodge a complaint with a supervisory authority.
You also have the right to lodge a complaint with your local supervisory authority,
The Information Commissioner’s Office. You can contact them in the following ways:
- Phone: 0303 123 1113
- Email: firstname.lastname@example.org
- Live chat
Information Commissioner’s Office
Who is responsible for processing your personal data on the ELBL website?
ELBL controls the processing of personal data on its website.
– Sending an email to email@example.com or
– By telephoning 01625860555 and asking for Christian Gachet; or
– By writing to us at ELBL, P.O. Box 450 Macclesfield Cheshire SK11 9WS
We take privacy seriously so we’ll get back to you as soon as possible.