INTRODUCTION
Choosing to enter into a relationship with GOCAP means you've placed a great deal of trust in us. In sharing your personal information, we hope you will benefit from a tailored and convenient experience. With trust comes responsibility and we take this responsibility very seriously.
This Privacy Notice helps you to understand how we use your personal information, who we share it with and the rights that you have. For more information on your rights and how to exercise them, head straight to the Your Rights section later in this document.
This Privacy Notice applies to any engagement you have with GOCAP or if you otherwise share your personal information with us, for example if you contact us with a query or we send you any marketing communications.
We change the terms of this Privacy Notice from time to time and you should check it regularly. The last updated date is shown at the end of the document. If we make any material changes, we will take steps to bring it to your attention.
OUR FIRM INFORMATION
By ‘We’ or ‘Us’, we refer to our firm, GOCAP LTD which uses the trading name ‘GOCAP’. We are registered in England and Wales at the Registered Address: Finchley Park, Emmet Hall Lane, Laddingford, Kent ME18 6BG.
By ‘You’, ‘your’ or ‘yours’ we mean the user of this website and the individual/customer that may seek to access, or has accessed, our services.
We are Authorised and Regulated by the Financial Conduct Authority. Our Firm Reference Number is 958804 and you can check our registration by going to the FCA’s register at https://register.fca.org.uk/s/.
For the purposes of the Data Protection Act (‘DPA’), we are the ‘Data Controller’ (i.e. the company who is responsible for, and controls the processing of, your personal data). As a controller, we are responsible for making sure it is kept safe, secure and handled legally.
INFORMATION COMMISSIONER'S OFFICE (ICO) REGISTRATION INFORMATION
We are registered with the Information Commissioner’s Office, Registration Number: ZA874067.
OUR CONTACT INFORMATION
Customers can contact us using the information provided below:
Alan Milne
Data Protection Officer
GOCAP LTD
Finchley Park,
Emmet Hill Lane,
Laddingford,
Kent, ME18 6BG
United Kingdom
or via customer@gocap.co.uk
PURPOSE OF THIS POLICY
Our Privacy Policy concerns the website and our internal systems, controls and processes in how your personal data is used. Your privacy is very important, and we have set out below how we process any personal data collected from, or provided by you.
Purposes for Processing Personal Data
We will process your data for any of the following purposes:
LAWFUL BASES FOR USE OF YOUR DATA
Basis | Description |
Contract | This is where we process your information to fulfil a contractual arrangement we have made with you. |
Consent | This is where we have asked you to provide explicit permission to process your data for a particular purpose. |
Legitimate Interest | This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. |
Legal Obligation | This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime or to meet responsible lending criteria. |
THE RIGHT TO WITHDRAW CONSENT AT ANY TIME, WHERE RELEVANT
To withdraw consent, please see the contact information detailed within this Policy. Should consent be withdrawn for a particular purpose that we are relying on that consent to perform, we may be unable to provide you with our services or may be unable to tailor our services to your needs which may subsequently impact the service we provide.
Should you wish to unsubscribe from any marketing methods, you may do so by selecting the ‘unsubscribe’ link or by contacting us using the contact information described within this Policy.
USE OF SPECIAL CATEGORY DATA
We will obtain personal data when you contact us for any reason or proceed with our services. In certain circumstances, we may hold special category data (also known as sensitive personal data) we will require this information to tailor our approach to how we can best assist you and your needs. For instance, you may have a medical condition which means that a third-party deal with your affairs or you may have an impairment which would mean we would be best to contact you via a different method.
Any special category data held will be treated with the strictest of confidence and will be held purely based on your explicit consent to aid us in providing the best service to you. If you do not provide your explicit consent relating to any impairment or vulnerability, the information will not be recorded and will also not be disclosed to any third-parties.
DATA WE COLLECT, CONTROL AND PROCESS |
DIRECT INTERACTIONS: |
You may provide us with your identity, contact and financial data by completing online forms or by corresponding directly with us via post, email or otherwise. This includes the personal data you provide when you:
When opening an account with us, we will ask for various pieces of information from you. This includes everything from your name and address, to your date of birth, email address (which will be the primary communication channel throughout the term of an Agreement) and more. Every piece of information we take has its purpose. The table below shows how we use your information:
Purpose/Activity | Type of data | Lawful basis for processing data |
To register you as a new customer | (a) Identity (b) Contact |
Performance of a contract |
To deliver our service: Accessing your open banking to verify that you can afford the repayments for a loan for which you have applied for and to track your ongoing salary. We will use this data to ensure affordability. Delivery documentation to you e.g. pre-contractual information and credit agreement. Credit/debit card details for collection of payments Carry out Anti Money Laundering checks. |
(a) Identity (b) Contact (c) Financial (d) Transaction |
Performance of a contract |
To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy |
(a) Identity (b) Contact (c) Profile |
(a) Performance of a contract (b) Necessary to comply with a legal obligation |
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical |
(a) Legitimate Interest (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation |
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical |
Legitimate Interest (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences. | (a) Technical (b) Usage |
Legitimate Interest (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy) |
To make suggestions and recommendations to you about goods or services that may be of interest to you. | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile |
Consent |
THIRD PARTIES OR PUBLICLY AVAILABLE SOURCES |
We also collect personal data about you from third party sources. The data collected from third party sources are as follows (please note, this is a general list and does not necessarily indicate that the below data will be obtained from third party sources, only that it may be obtained and if available and relevant to the service provided):
Data Collected | Examples of Data Collected | Gathered From | When |
Personal Identity Information | Name, surname, gender, Date of Birth, birth country, UK landline, | You | Generated as a result of providing our services to you |
Personal Credit Rating | Your Credit Rating, including CallValidate, CallReport and Affordability data blocks | TransUnion International UK Limited (04968328) | Obtained as part of the lending application in order to assess your creditworthiness and affordability |
Financial information | Income, debt level, credit limit, account numbers, adverse financial history including CCJs and contractual Open Banking access with 12 months financial history | TransUnion / AccountScore | Obtained as part of the lending application in order to assess your creditworthiness and affordability |
Technical Information | Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating systems and platform | Cookies | From you when using our websites and in accordance with our Cookie Policy. |
RECIPIENTS OF PERSONAL DATA |
Throughout the provision of our service, we may need to disclose personal data to third parties. We have contracts in place with all suppliers that help us to ensure security and privacy of your personal information, these are reviewed and updated regularly and always in line with data protection laws. The categories of recipients of personal data are as follows:
We will continue to exchange information about you with CRA’s while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full or on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse of a financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as your partner successfully files for a disassociation with the CRAs to break the link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at TransUnion CRAIN or Equifax CRAIN . CRAIN is the Credit Reference Agency Information Notice as is common across all main CRAs.
GOOGLE ANALYTICS |
Google Analytics is a service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyse how users use our website and our mobile site. The information generated by these cookies (including your truncated IP address) is transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your, and other users’, use of our website. Compiling reports for us on website activity and providing other services relating to website activity and internet usage. The Google Analytics advertising features we use, and the insights they provide are:
AdWords Remarketing — uses behaviour, demographic, and interest data to identify users who are likely to convert, and then allows them to target those users with remarketing campaigns through Google Ads
Demographics and Interests Reporting — provides insight into the age, gender, and purchase interests of users, which they can use to better target your advertisements
Google Display Network (GDN) Impression Reporting — measures the impact of unclicked GDN Display ad impressions on conversions and site behaviour
Please note that Google receives your truncated IP address. This is sufficient for Google to identify (approximately) the country from which you are visiting our sites or accessing our website but is not sufficient to identify you, or your computer or mobile device, individually. You can find more information here, including a link to Google’s privacy policy.
To opt-out of analysis by Google Analytics on our website and other websites, please visit http://tools.google.com/dlpage/gaoptout.
INTERNATIONAL TRANSFERS |
We do not transfer data outside of the United Kingdom (UK) or European Economic Area (EEA). Personal Data shared with third-party operational providers, required for the provision and operation of our services (as described within Recipients of Personal Data), may transfer personal data outside of the UK and EEA. Should this be the case, the international transfer will be made in accordance with an adequacy decision or subject to appropriate and documented safeguards.
YOUR RIGHTS |
Right | Description |
Right to access | The right of access, commonly referred to as subject access, gives you the right to obtain a copy of your personal data as well as other supplementary information. It helps you to understand how and why we are using your data, and to check we are using it lawfully. |
Right to rectification | You have the right to have inaccurate personal data rectified. You may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. We may ask you for evidence to show that it is inaccurate. This may involve providing a supplementary statement to the incomplete data. |
Right to erasure | Under certain circumstances, you have the right to have personal data erased. Also known as ‘The right to be forgotten’. The right is not absolute. You have the right to request that we stop processing, or delete, all of your personal information that we hold. If you exercise this right, we will keep a note of your name linked to your request and it won’t prevent us from processing any new information you provide to us subsequently. |
Right to restrict processing | Under certain circumstances, you have the right to request that we stop processing, or delete, all of your personal information that we hold. If you exercise this right, we will keep a note of your name linked to your request and it won’t prevent us from processing any new information you provide to us subsequently. This right is not absolute. Restriction of processing means we are permitted to store your personal data, but we are unable to use it. |
Right to data portability | You have the right to obtain and reuse your personal data for your purposes across different services. This eases the copying or transferring of personal data easily from one IT environment to another, safely and securely, without affecting the usability of the data. |
Right to object | Under certain circumstances you have the right to object to the processing of your personal data, however, you do have the absolute right to object to direct marketing. |
Right with regard to automated decision making, including profiling | We sometimes use your personal information to make decisions by automated means. This involves us analysing your information including application data, data received from a Credit Reference Agency and also Open Banking. We do this to confirm your identity, prevent and detect crime, and lend responsibly and affordably. This automated decision making is necessary if you would like to continue to transact with us through our website. You have a right to reject automated decisions, but it may make it more difficult to ensure that we meet our obligations to lend responsibly and affordably. |
Right to be informed | You have the right to be informed about the collection and use of your personal data. Your right to be informed forms part of this policy, and provides the purposes for processing your data, our retention periods and who it will be shared with. |
The above rights may be limited in some circumstances. For example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
THE RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY |
In the context of your personal data, you have the right to lodge a complaint to the supervisory authority, the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. If you would like to make a complaint, see our complaint policy here .
DATA RETENTION |
HOW LONG WILL WE HOLD YOUR DATA |
We will only retain your personal data for as long as is necessary to fulfil our obligations under the provision of our service as well as any purposes necessary to satisfy any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk, of harm of unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, including applicable legal requirements.
Details of retention periods for different aspects of your personal data are available upon request. By law, we have to keep certain information about our customers and this data will be held solely and securely for those legal purposes.
SUBJECT ACCESS REQUESTS |
You have the right to access your personal information, also known as a Subject Access Request (SAR). This means you are entitled to obtain the following information about yourself:
HOW DO WE PROVIDE YOU WITH THE DATA YOU HAVE REQUESTED? |
If you make a request electronically (via electronic means), we will provide the information in a commonly used electronic format unless you have specified otherwise. Please note, we may extend the time to respond by a further two months if the request is complex or you have made multiple requests. As you have the right to be informed, we will always ensure you are notified within one month of receiving the request, accompanied by an explanation.
We must act on your subject access request without undue delay and at the latest within one month of receipt. This is calculated as beginning from the day following receipt of the request until the corresponding calendar data the following month. We may request your identity to satisfy the request, however, this will be proportionate to the request itself and if we have doubts of the authenticity of identification.
WILL IT COST ANYTHING? |
For the vast majority of requests, we cannot charge you a fee. Where the request is manifestly unfounded or excessive, we may charge a reasonable fee to cover the administrative costs of complying with the request. This also applies in the event that you request further additional copies of data following your initial request. This will again be charged as an administrative cost.
COOKIES |
A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things such as remembering your preferences and counting the volume of people accessing the website. We do use cookies. For more information on our use of cookies, please click here to view our Cookies Policy.
LINKS TO OTHER WEBSITES |
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
CHANGES TO OUR PRIVACY POLICY |
Any changes to our privacy policy in the future will be posted to our site and, where appropriate, through e-mail notification. This privacy policy was last updated Friday, 18 March 2022.