Privacy Policy

Future Finance Privacy Policy

Future Finance is the trading name of Future Finance Loan Corporation Limited (we, us, Future Finance). This Policy describes the privacy practices of Future Finance and its subsidiaries and affiliated companies in accordance with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR) with respect to the personal data we collect about you when you use the Future Finance website www.futurefinance.com (the Website) or when we provide our services to you. In particular, this Policy explains what information we collect about you, what we use that information for, the lawful basis on which that information is used and who we give that information to.  It also sets out your rights in relation to your information and who you can contact for more information or queries.

Future Finance is a data controller and is registered in the UK with the Information Commissioner’s Office (the ICO) under registration number ZA134468. Our lead supervisory authority in the EU is the Data Protection Commission in Ireland.

By visiting and using our Website, you acknowledge the practices described in this Policy.

It is important that you revisit this Policy regularly as we may update it (and any supplemental privacy notice) from time to time to reflect changes to our operations or any legal or regulatory requirements.

If you have any questions about any aspect of this Policy you can contact us using the information provided below or by emailing us at privacy@futurefinance.com

Personal information we may collect about you

Information you give us when you contact us (for example, through this Website or e-mail):  your name, email address, home address, date of birth age, gender, identification documents, country of residence and other information such as financial and tax related information, bank account details or demographic information when you complete forms, loan applications and/or surveys.

Information we collect about you and your device: each time you visit the Website we may automatically collect information about you from the way you interact with us or others such as:

  • Details of your usage of the Website, including what pages of the Website you have visited and whether you have clicked on images or links on those pages (this may be user specific or aggregate); and
  • Technical information (including the type of device you are using, your IP address, and type of web browser) and cookie information;

Information we receive from other sources:

We work closely with third parties and may receive information about you from those third parties, for example, information about your enrolment and course from your educational institution, your credit history from Credit Reference Agencies (CRAs) and/or employment history from your current or former employers. We may view any records about you which are in the public domain (for example electoral roll or social media accounts).

We do not seek or knowingly collect any personal data about children under 18 years of age.

How we use your personal information

We use your information in various ways, such as:

  • To communicate with you: Where you provide us with an email address, we shall rely on it as the main method of communication for all communications with you, including but not limited to any communications relating to contractual documentation (which will be sent to you via email, signed electronically and available to you online), notices (both contractual and regulatory) and other communications during the ordinary course of business, unless you tell us otherwise via email or post.
  • To satisfy applicable legal or regulatory requirements and respond to requests/communications from competent public or judicial authorities; and
  • To protect our rights and those of our customers.

Disclosure of your information

While we do not generally request or seek special categories of personal data, in certain limited circumstances where you freely volunteer such information (including health or medical data) to us by phone or in writing, based on your explicit consent we may use this data for the purposes outlined in the Policy. Such consent can be withdrawn at any time by using the contact details in the contact section below. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

We may share your information with selected third parties including:

Service Providers: We contract with service providers to perform certain functions on our behalf. Examples include:

  • Database service providers that help us with identity verification or fraud checks like CIFAS;
  • Site analysis providers, IT support providers and customer services platform providers (including Zendesk, Inc. and Hubspot);
  • Professional advisers (including lawyers and accountants);
  • Cloud computing power and storage providers like Microsoft Azure;
  • Companies that help us with marketing (but we won’t share identifiable personal data with third parties for their own direct marketing), comparison websites or aggregators and software companies that we use for emailing you like Mailchimp;

Their access is limited only to the personal data needed to perform the functions carried out on our behalf, and only for the purpose of performing those functions.

  • Verify the accuracy of the data you have provided to us;
  • Prevent criminal activity, fraud and money laundering;
  • Ensure any offers provided to you are appropriate to your circumstances.
  • We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
  • When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
  • More information about CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the CRA information notice (CRAIN) available at:
  • https://www.experian.co.uk/crain/index.html
  • https://www.equifax.co.uk/crain.html
  • https://www.callcredit.co.uk/crain

Other disclosures

We may also disclose your personal information to third parties for the following legitimate business purposes:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  • If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
  • To our professional advisers where required to advise us from time to time and always subject to a duty of confidentiality;
  • To other members of our group where required for management information and forecasting purposes;
  • If we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request, this includes exchanging information with other companies and organisations for the purposes of fraud prevention; and
  • To fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and fraud prevention agencies, and your data protection rights, can be found at:
  • https://www.cifas.org.uk/fpn

Our legal basis for using your personal information as outlined above

We use your personal information for a variety of reasons, upon different legal bases including:

  • Where necessary for our legitimate interests, for example in managing and monitoring our website operation, preventing fraud, for our business compliance purposes, responding to any requests or queries that you submit to us, benefiting from cost effective services and exercising our rights under Articles 16 and 17 of the Charter of Fundamental Rights in the EU, including our freedom to conduct a business and right to property.
  • Where necessary in order to comply with a legal obligation, for example making reports to our regulatory authorities or to law enforcement agencies.

Where our use of your data is not necessary for one of the purposes outlined above we may seek your consent to use it in a particular way, for example if we ask you to complete a customer survey. Where we ask for your consent you are free to refuse our use of the data for those purposes and you may withdraw your consent at any time by contacting us using the details set out below. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

How we keep your information secure

We have measures in place to protect the security and confidentiality of your information and we strive to keep it accurate. Some of the security measures include:

  • We work to protect the security of your personal data during transmission by using Secure Sockets Layer (SSL) software, which encrypts personal data you input.
  • We store personal data in an encrypted database.
  • We transmit personal data in an encrypted format.
  • Our networks are secured with certified firewalls in a multi-layered fashion with redundancy.

International Transfer

We may occasionally transfer personal data outside the UK or the European Economic Area (EEA), such transfers will occur in accordance with appropriate safeguards such as the European Commission’s standard contractual clauses. If you would like more information regarding the relevant safeguards in place, please contact us using the contact details in the contact section below.

How long your personal information will be stored for

We only keep your personal information for as long as is necessary to fulfil the purposes for which we use it. We will normally retain your personal data for 6 years after our relationship with you has come to an end. Alternatively, we may retain your personal data for a shorter period after the end of requirements. Our relationship with you where such shorter retention period only is necessary to fulfil the purposes for which we use your personal data. We will delete all your personal data the end of its retention period unless we are subject to a legal requirement to retain it for longer or in other exceptional circumstances (for example where we need to retain the data in connection with legal proceedings).

Your rights

Your personal information is protected under data protection law and you have a number of rights (explained below) which you can seek to exercise. Please contact us using the details shown below if you wish to do so, or if you have any queries in relation to your rights. If you seek to exercise your rights, we will explain to you whether or not the right is available to you as these rights do not apply in all circumstances.

Right of access

Subject to certain exceptions, you have the right of access to information that we hold about you upon request. You can exercise this right by making a request using the contact details in the contact section below.

Right to rectify your personal information

If you discover that the information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e. corrected).

Right to be forgotten

You may ask us to delete information we hold about you in certain circumstances; this is often referred to as the ‘right to be forgotten’. This right is not absolute and only applies in particular circumstances. It may not therefore be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations or to exercise or defend legal claims.

Right to restriction of processing

In some cases you may have the right to have the processing of your personal information restricted. For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified. You can exercise the right at any time by contacting us by post or email using the details in the contact section of this Policy (see below).

Right to object to processing

You may object to the processing of your personal information (including profiling) when it is based upon our legitimate interests. You may also object to the processing of your personal information for the purposes of direct marketing (including profiling to the extent it relates to direct marketing). We will assess each request on a case by case basis as required by data protection law.

Right to data portability

Subject to certain exceptions, you have the right to receive, move, copy or transfer your personal information to a controller which is also known as ‘data portability’. You have the right to this when we are processing your personal information based on consent or on a contract and the processing is carried out by automated means. You should note that this right is different from the right of access (see above) and the types of information you can obtain under the two separate rights may be different.

Contact

If you have any questions about how we treat your personal data and protect your privacy or if you have any comments or wish to seek to exercise any of your rights as outlined above, please contact us:

By post to:

Future Finance UK: Future Finance Loan Corporation Limited, One Bedford Street, Covent Garden, London, WC2E 9HG

Alternatively, you can contact us by email to privacy@futurefinance.com.

Complaints

If you have a complaint, please contact us and we will investigate it and give reasonable redress if we consider it appropriate to do so.

You also have the right to complain to our main data protection supervisory authority, The Data Protection Commission in Ireland.

If you are in Ireland or if your complaint relates to cross border processing issues, our lead supervisory authority is The Data Protection Commission. The Data Protection Commission may be contacted via post (21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland) or via its website,, www.dataprotection.ie .

You also have the right to complain to your local data protection supervisory authority. In the UK, this is the ICO (https://ico.org.uk/make-a-complaint/). In the EEA, there are national and regional data protection authorities (a list is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en).

Conditions of use of this policy

If you choose to visit our Website, your visit and any dispute over privacy, is subject to this Policy.

November 2022