GOCAP - privacy policy


INTRODUCTION

Choosing to enter into a relationship with GOCAP means you've placed a great deal of trust in us. In sharing your personal information, we hope you will benefit from a tailored and convenient experience. With trust comes responsibility and we take this responsibility very seriously.

This Privacy Notice helps you to understand how we use your personal information, who we share it with and the rights that you have. For more information on your rights and how to exercise them, head straight to the Your Rights section later in this document.

This Privacy Notice applies to any engagement you have with GOCAP or if you otherwise share your personal information with us, for example if you contact us with a query or we send you any marketing communications.

We change the terms of this Privacy Notice from time to time and you should check it regularly. The last updated date is shown at the end of the document. If we make any material changes, we will take steps to bring it to your attention.

OUR FIRM INFORMATION

By ‘We’ or ‘Us’, we refer to our firm, GOCAP LTD which uses the trading name ‘GOCAP’. We are registered in England and Wales at the Registered Address: Finchley Park, Emmet Hall Lane, Laddingford, Kent ME18 6BG.

By ‘You’, ‘your’ or ‘yours’ we mean the user of this website and the individual/customer that may seek to access, or has accessed, our services.

We are Authorised and Regulated by the Financial Conduct Authority. Our Firm Reference Number is 958804 and you can check our registration by going to the FCA’s register at https://register.fca.org.uk/s/.

For the purposes of the Data Protection Act (‘DPA’), we are the ‘Data Controller’ (i.e. the company who is responsible for, and controls the processing of, your personal data). As a controller, we are responsible for making sure it is kept safe, secure and handled legally.

INFORMATION COMMISSIONER'S OFFICE (ICO) REGISTRATION INFORMATION

We are registered with the Information Commissioner’s Office, Registration Number: ZA874067.

OUR CONTACT INFORMATION

Customers can contact us using the information provided below:

Alan Milne
Data Protection Officer
GOCAP LTD
Finchley Park,
Emmet Hill Lane,
Laddingford,
Kent, ME18 6BG
United Kingdom

or via  customer@gocap.co.uk

PURPOSE OF THIS POLICY

Our Privacy Policy concerns the website and our internal systems, controls and processes in how your personal data is used. Your privacy is very important, and we have set out below how we process any personal data collected from, or provided by you.

Purposes for Processing Personal Data

We will process your data for any of the following purposes:

  1. To contact you in relation to an online enquiry;
  2. To process your application for lending including for identity verification, fraud prevention, detection and anti-money laundering purposes;
  3. To assess whether it is appropriate to lend to you;
  4. To provide finance to you;
  5. To recover the monies we may lend to you;
  6. To provide you with requested services, including support, updates and communications regarding requested services;
  7. To record any information required for the tailoring of our services in consideration of any of your needs and requirements;
  8. To improve our services and customise our website and its content to your particular preferences; and
  9. To comply with any laws or regulations to which we are subject.

LAWFUL BASES FOR USE OF YOUR DATA

Basis Description
Contract This is where we process your information to fulfil a contractual arrangement we have made with you.
Consent This is where we have asked you to provide explicit permission to process your data for a particular purpose.
Legitimate Interest This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way.
Legal Obligation This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime or to meet responsible lending criteria.


THE RIGHT TO WITHDRAW CONSENT AT ANY TIME, WHERE RELEVANT

To withdraw consent, please see the contact information detailed within this Policy. Should consent be withdrawn for a particular purpose that we are relying on that consent to perform, we may be unable to provide you with our services or may be unable to tailor our services to your needs which may subsequently impact the service we provide.

Should you wish to unsubscribe from any marketing methods, you may do so by selecting the ‘unsubscribe’ link or by contacting us using the contact information described within this Policy.

USE OF SPECIAL CATEGORY DATA

We will obtain personal data when you contact us for any reason or proceed with our services. In certain circumstances, we may hold special category data (also known as sensitive personal data) we will require this information to tailor our approach to how we can best assist you and your needs. For instance, you may have a medical condition which means that a third-party deal with your affairs or you may have an impairment which would mean we would be best to contact you via a different method.

Any special category data held will be treated with the strictest of confidence and will be held purely based on your explicit consent to aid us in providing the best service to you. If you do not provide your explicit consent relating to any impairment or vulnerability, the information will not be recorded and will also not be disclosed to any third-parties.

DATA WE COLLECT, CONTROL AND PROCESS

DIRECT INTERACTIONS:

You may provide us with your identity, contact and financial data by completing online forms or by corresponding directly with us via post, email or otherwise. This includes the personal data you provide when you:

  • Engage our services;
  • Provide us with feedback; or
  • Request marketing to be sent to you.
Information Collected Directly From You, The Customer

When opening an account with us, we will ask for various pieces of information from you. This includes everything from your name and address, to your date of birth, email address (which will be the primary communication channel throughout the term of an Agreement) and more. Every piece of information we take has its purpose. The table below shows how we use your information:

Purpose/Activity Type of data Lawful basis for processing data
To register you as a new customer (a) Identity
(b) Contact
Performance of a contract
To deliver our service:

Accessing your open banking to verify that you can afford the repayments for a loan for which you have applied for and to track your ongoing salary. We will use this data to ensure affordability.

Delivery documentation to you e.g. pre-contractual information and credit agreement.

Credit/debit card details for collection of payments

Carry out Anti Money Laundering checks.
(a) Identity
(b) Contact
(c) Financial
(d) Transaction
Performance of a contract
To manage our relationship with you which will include:

Notifying you about changes to our terms or privacy policy
(a) Identity
(b) Contact
(c) Profile
(a) Performance of a contract
(b) Necessary to comply with a legal obligation
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical
(a) Legitimate Interest (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you. (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical
Legitimate Interest (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences. (a) Technical
(b) Usage
Legitimate Interest (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you. (a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
Consent

THIRD PARTIES OR PUBLICLY AVAILABLE SOURCES

We also collect personal data about you from third party sources. The data collected from third party sources are as follows (please note, this is a general list and does not necessarily indicate that the below data will be obtained from third party sources, only that it may be obtained and if available and relevant to the service provided):

Data Collected Examples of Data Collected Gathered From When
Personal Identity Information Name, surname, gender, Date of Birth, birth country, UK landline, You Generated as a result of providing our services to you
Personal Credit Rating Your Credit Rating, including CallValidate, CallReport and Affordability data blocks TransUnion International UK Limited (04968328) Obtained as part of the lending application in order to assess your creditworthiness and affordability
Financial information Income, debt level, credit limit, account numbers, adverse financial history including CCJs and contractual Open Banking access with 12 months financial history TransUnion / AccountScore Obtained as part of the lending application in order to assess your creditworthiness and affordability
Technical Information Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating systems and platform Cookies From you when using our websites and in accordance with our Cookie Policy.

RECIPIENTS OF PERSONAL DATA

Throughout the provision of our service, we may need to disclose personal data to third parties. We have contracts in place with all suppliers that help us to ensure security and privacy of your personal information, these are reviewed and updated regularly and always in line with data protection laws. The categories of recipients of personal data are as follows:

  1. Service Providers required for the provision of our service, such as IT companies who support us in maintaining our website and other business systems, including our account management platform, payment processors, to disburse funds and collect Direct Debits, or external debt collection agencies, in the event that a loan is not repaid in line with its contractual terms (specific service providers available upon request).
  2. Credit Reference Agencies (CRAs). In order to process your application, we will perform credit and identity checks on you with one or more CRA. We may also carry out further periodic searches at CRAs to allow us to manage your account with us.
    To do this, we will supply your personal information to CRAs. This will include your name, date of birth and residential address. It may also include additional information such as your salary, previous residential addresses and other information you provide as part of your credit application.
    The CRAs will match this information to the records they hold about you, and provide in return, both public information (including the electoral register) and shared credit information in relation to your financial situation and financial history.
    CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
    We will use this information to:

    • Assess your creditworthiness and whether you can afford to take the product;
    • Verify the accuracy of the data you have provided to us;
    • Prevent criminal activity, e.g fraud and money laundering;
    • Manage your account(s);
    • Trace and recover any debts; and
    • Ensure any offers provided to you are appropriate to your circumstances.

    We will continue to exchange information about you with CRA’s while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full or on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
    When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
    If you are making a joint application, or tell us that you have a spouse of a financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as your partner successfully files for a disassociation with the CRAs to break the link.
    The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at TransUnion CRAIN or Equifax CRAIN . CRAIN is the Credit Reference Agency Information Notice as is common across all main CRAs.

  3. Third party affiliates in accordance with this Privacy Policy
  4. HM Revenue & Customs, the Financial Conduct Authority, The Information Commissioner’s Office, other Regulators and authorities acting as processors based in the United Kingdom who require reporting of processing activities in certain circumstances.
  5. Accountants, Solicitors, Compliance Consultants and other like-services acting as processors based in the United Kingdom who require the reporting of processing activities in certain legal and compliance circumstances.
  6. Third parties to whom we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change in these circumstances occurs, your personal data will be used in the same way as set out within this privacy policy.

GOOGLE ANALYTICS

Google Analytics is a service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help us analyse how users use our website and our mobile site. The information generated by these cookies (including your truncated IP address) is transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your, and other users’, use of our website. Compiling reports for us on website activity and providing other services relating to website activity and internet usage. The Google Analytics advertising features we use, and the insights they provide are:

AdWords Remarketing — uses behaviour, demographic, and interest data to identify users who are likely to convert, and then allows them to target those users with remarketing campaigns through Google Ads
Demographics and Interests Reporting — provides insight into the age, gender, and purchase interests of users, which they can use to better target your advertisements
Google Display Network (GDN) Impression Reporting — measures the impact of unclicked GDN Display ad impressions on conversions and site behaviour

Please note that Google receives your truncated IP address. This is sufficient for Google to identify (approximately) the country from which you are visiting our sites or accessing our website but is not sufficient to identify you, or your computer or mobile device, individually. You can find more information here, including a link to Google’s privacy policy.

To opt-out of analysis by Google Analytics on our website and other websites, please visit http://tools.google.com/dlpage/gaoptout.

INTERNATIONAL TRANSFERS

We do not transfer data outside of the United Kingdom (UK) or European Economic Area (EEA). Personal Data shared with third-party operational providers, required for the provision and operation of our services (as described within Recipients of Personal Data), may transfer personal data outside of the UK and EEA. Should this be the case, the international transfer will be made in accordance with an adequacy decision or subject to appropriate and documented safeguards.

YOUR RIGHTS

Right Description
Right to access The right of access, commonly referred to as subject access, gives you the right to obtain a copy of your personal data as well as other supplementary information. It helps you to understand how and why we are using your data, and to check we are using it lawfully.
Right to rectification You have the right to have inaccurate personal data rectified. You may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. We may ask you for evidence to show that it is inaccurate. This may involve providing a supplementary statement to the incomplete data.
Right to erasure Under certain circumstances, you have the right to have personal data erased. Also known as ‘The right to be forgotten’. The right is not absolute. You have the right to request that we stop processing, or delete, all of your personal information that we hold. If you exercise this right, we will keep a note of your name linked to your request and it won’t prevent us from processing any new information you provide to us subsequently.
Right to restrict processing Under certain circumstances, you have the right to request that we stop processing, or delete, all of your personal information that we hold. If you exercise this right, we will keep a note of your name linked to your request and it won’t prevent us from processing any new information you provide to us subsequently. This right is not absolute. Restriction of processing means we are permitted to store your personal data, but we are unable to use it.
Right to data portability You have the right to obtain and reuse your personal data for your purposes across different services. This eases the copying or transferring of personal data easily from one IT environment to another, safely and securely, without affecting the usability of the data.
Right to object Under certain circumstances you have the right to object to the processing of your personal data, however, you do have the absolute right to object to direct marketing.
Right with regard to automated decision making, including profiling We sometimes use your personal information to make decisions by automated means. This involves us analysing your information including application data, data received from a Credit Reference Agency and also Open Banking. We do this to confirm your identity, prevent and detect crime, and lend responsibly and affordably. This automated decision making is necessary if you would like to continue to transact with us through our website. You have a right to reject automated decisions, but it may make it more difficult to ensure that we meet our obligations to lend responsibly and affordably.
Right to be informed You have the right to be informed about the collection and use of your personal data. Your right to be informed forms part of this policy, and provides the purposes for processing your data, our retention periods and who it will be shared with.

The above rights may be limited in some circumstances. For example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

THE RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY

In the context of your personal data, you have the right to lodge a complaint to the supervisory authority, the Information Commissioner’s Office (ICO). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. If you would like to make a complaint, see our complaint policy here .

DATA RETENTION

HOW LONG WILL WE HOLD YOUR DATA

We will only retain your personal data for as long as is necessary to fulfil our obligations under the provision of our service as well as any purposes necessary to satisfy any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk, of harm of unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, including applicable legal requirements.

Details of retention periods for different aspects of your personal data are available upon request. By law, we have to keep certain information about our customers and this data will be held solely and securely for those legal purposes.

SUBJECT ACCESS REQUESTS

You have the right to access your personal information, also known as a Subject Access Request (SAR). This means you are entitled to obtain the following information about yourself:

  • Confirmation that we are processing your personal data;
  • A copy of your personal data; and
  • Other supplementary information;
Our security procedures mean that we may need to request proof of identity before we disclose personal information to you in response to any request.

A third party may make a request on your behalf. We will require evidence from the third party as to evidence this entitlement. This may take the form of a written authority or be a more general power of attorney.

HOW DO WE PROVIDE YOU WITH THE DATA YOU HAVE REQUESTED?

If you make a request electronically (via electronic means), we will provide the information in a commonly used electronic format unless you have specified otherwise. Please note, we may extend the time to respond by a further two months if the request is complex or you have made multiple requests. As you have the right to be informed, we will always ensure you are notified within one month of receiving the request, accompanied by an explanation.

We must act on your subject access request without undue delay and at the latest within one month of receipt. This is calculated as beginning from the day following receipt of the request until the corresponding calendar data the following month. We may request your identity to satisfy the request, however, this will be proportionate to the request itself and if we have doubts of the authenticity of identification.

WILL IT COST ANYTHING?

For the vast majority of requests, we cannot charge you a fee. Where the request is manifestly unfounded or excessive, we may charge a reasonable fee to cover the administrative costs of complying with the request. This also applies in the event that you request further additional copies of data following your initial request. This will again be charged as an administrative cost.

COOKIES

A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things such as remembering your preferences and counting the volume of people accessing the website. We do use cookies. For more information on our use of cookies, please click here to view our Cookies Policy.

LINKS TO OTHER WEBSITES

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

CHANGES TO OUR PRIVACY POLICY

Any changes to our privacy policy in the future will be posted to our site and, where appropriate, through e-mail notification. This privacy policy was last updated Friday, 18 March 2022.