Privacy Policy

We collect personal information about you when you visit one of our stores, use one of our websites, or if you communicate with us by phone, e-mail and social media. We collect Personal Data directly from you via communications between us when you use or apply to use our services, including when you apply to us for a loan to purchase goods from us. We refer to our websites and social media pages as “Online Services”.

The types of information we collect are:

• Personal details such as your name, address, date of birth, email address, phone number and other contact information.
• Transaction information, such as the product you purchased, its price, your method of payment and your payment details, which are anonymised as per Payment Card Industry Security Standards (PCI DSS).
• Information about you, like your employment details, financial position and information taken from identification documents, like your passport or driving licence, when we review your application for a loan.
• Your account information, such as dates of payments owed and received.
• Other personal Data you voluntarily provide, which may include special category personal data, for example data which you provide about your health where this relates to your ability to meet your obligations under the agreement.

When you’re using our Online Services, the information we may collect includes:

• Account information and details you use to apply for our products and services, details of your shopping preferences from product searches, such as your favourite brands and products.
• Information that you provide in your dealings with us.
• Details of your visits to one of our website. Examples include ads that you click, device information and location.
• IP address, type of device you are browsing from and cookie information.
• If you interacted with our Online Services from an email we sent you we will have a record of that.

More information is available in our Cookie Policy. The situations when you provide personal information could include when you:

• Purchase products at our store or apply online.
• Speak to someone at our contact centre.
• Request to receive marketing or other communications.
• Enter one of our competitions or when you complete one of our customer surveys.
• Submit information when you’re providing feedback or making an enquiry.
• Use interactive features of our Online Services.

Data protection law sets out a number of different lawful reasons for which a company may collect and process your personal information. These are:

• Where we have entered into a contract with you;
• Where we have your consent;
• Where we are legally obligated to;
• Where we have determined a legitimate interest that does not impact your rights and freedoms; and
• Where it is in your vital interests to.

Below provides examples of when we might rely on these lawful reasons:

Contract

• We use your personal information to process your purchase, loan application and payments or to give you a refund.
• We enter into a contract with you to facilitate an agreement between you and our lending partner when you make a credit application.
• To meet our legal, regulatory and contractual obligations arising from any loan agreement you enter into with us.
• To manage your account, make collections, trace you and recover debts owed by you.
• To send you an annual statement.

Consent

• We use email and text messages to communicate with you about our products and services, including to obtain feedback and notify you of competitions, offers, promotions or special events. For example:
  • To ask you to provide feedback on our products and services so we can adapt and improve
  • To communicate with you about offers you may be interested in
• To personalise your experience on our Online Services. This could include providing you with relevant content, or making navigation to our websites easier (more information is available in our Cookie Policy).
• To enter you into competitions
• To record if you have additional needs due to vulnerable circumstances or need extra support when communicating with us

Legitimate Interest

• To provide customer support and to respond to, and communicate with you, about your requests.
• To contact you if we need to obtain or provide additional information in relation to your account or query.
• To obtain feedback about how we are doing (e.g. customer surveys).
• For marketing activities (other than where we rely on your consent), such as marketing permissions captured during the course of a sale and personalising marketing messages through social media and other third party platforms.
• To monitor how our email marketing campaigns are performing and personalise email content.
• To comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request).
• To send communications to you about your account.
• To let you post on our blogs and interact with us through social media.
• To ensure a smooth experience on our Online Services.
• To provide and improve customer service and support.
• To provide you with information about other products and services we offer that are similar to those that you have already entered into, requested or enquired about.
• To enhance operational capabilities and for internal operations.
• To verify or enforce compliance with this Privacy Policy and applicable laws.
• To show you relevant ads by using information collected from your devices, if you have provided your consent for such collection, including your searches, location, ads that you have seen and personal information that you have given us, such as your age range, gender and topics of interest. Dependant on your ad settings, this information informs the ads that you see across your devices. So if you visit our website on your computer at work, you might see ads about our products or services on your phone later that night.
• To perform a trace where you fail to pay your account and we are no longer able to contact you we may need to trace your whereabouts (sometimes using a Tracing Agent).
• To protect against, identify and prevent fraud and other criminal activity such as money laundering.
• For network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access.
• To help reduce the overall fraud and credit risk for our customers and ensure a duty of care for customers who apply for financial products and services.
• To engage in the sale of anonymised sales and analytics data, ensuring that individuals cannot be identified from it. Anonymisation is performed using robust methods that comply with applicable data protection laws.

Where we process your information under Legitimate Interest, we will have assessed this processing and balanced it against your rights and freedoms.

Legal Obligation

• To identify you when you contact us.
• To verify the accuracy of information that we hold about you.
• To report positive, delinquent and default data to CRAs.
• To assist regulators including HMRC, the Police or others in relation to an investigation by a public authority.
• To complete any requests you make regarding your Data Subject Rights.
• For financial administration.
• Where necessary for health and safety purposes.
• To comply with our Financial Conduct Authority (FCA) obligations.

Vital Interest

• We may need to contact you if there are any urgent safety or product recall notices or if we reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you.

Under data protection law, some personal information is considered more sensitive, this includes information relating to race, health and financial information.

We only handle sensitive information if it is relevant to our dealings with you or you volunteer the information. Examples of this might be where you have a vulnerability or health condition which is relevant to our dealings with you; where you are involved in a medical emergency or accident; if the information is relevant to a legal dispute or complaint; or when assessing your ability to be able to afford a loan. When we handle sensitive information, we do so as allowed by data protection law (for example, where we have your consent, to protect someone’s vital interests or to prevent or detect crime) or as required by law.

We engage in advertising activity across all digital platforms with both targeted and non-targeted advertising. For targeted advertising, we may use information obtained through the use of cookies or similar technologies in your web browser to display ads to you, which you may see on other websites or digital platforms.

Our website
We will seek your consent to deploy these kinds of cookies and similar technologies through our website cookies consent mechanism. More information is available in our Cookie Policy.
In order to ensure that appropriate ads are displayed, we work with partners and agencies (e.g. Creo) to analyse and prepare the information and measure the effectiveness of our advertising. This may include matching and combining pseudonymised offline data (such as transaction data) with pseudonymised online data (cookies) to create an online profile for you, based on your cookies preferences. See below the section on ‘Who we share your personal information with’. Where applicable, we or our advertising partners will combine this information with your transaction information and other information, such as your cookie consent instruction, interactions with our emails, and information from external or publicly available sources. The aim is to make sure you see ads most relevant to you.
Our digital advertising includes advertising across social media platforms. The media owners we most commonly work with are Meta(which owns Facebook and Instagram) and Google (which owns YouTube). The individual privacy policies are linked for your information.

We share personal information within the Family Finance group of companies. Members of the group are not authorised to use or disclose the information except as provided in this Privacy Policy.
We may share your Personal Data with certain third parties where we have a legal basis to do so. Where we share your information with any third parties, we will undertake due diligence prior to sharing any information with them and will have in place robust contracts that cover the security of any information shared.

Third Parties
We work with third parties who process your personal information on our behalf.
These third-parties include:

• The finance company who provides the credit that enables you to purchase your goods.
• To the purchaser or seller of the asset (including the sale or transfer of a loan) which you are (or are contemplating) purchasing.
• Regulatory or legal bodies in connection with any legal proceedings or prospective legal proceedings or for establishing, exercising or defending legal rights.
• Law enforcement agencies or regulatory bodies where we are required to do so by law.
• CRAs and Fraud Prevention Agencies (FPAs).
• Financial institutions to improve levels of service, reduce risk and provide due duty of care to you and other customers.
• Providers that we work with to deliver our marketing campaigns and facilitate our competitions.
• Specialist providers of digital advertising and personalising content to provide customers with adverts tailored to them, such as Creo.
• Partners that support our services, such as where we need to arrange a specialist engineer visit or arrange a direct delivery of a product.
• Police or other crime prevention organisations, such as the National Crime Agency.
• Claims Managements Agencies that you have recruited to work on your behalf.
• Emergency services (if we believe you may be at risk).
• Trusted third party companies who have subscribed to our services to consume anonymised commercial data.

In order to process your application, we will share your personal information with credit reference agencies (“CRAs”) and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information, and fraud prevention information. We will use this information to:

• Assess your creditworthiness and whether you can afford to take the product.
• Verify the accuracy of the information you have provided to us.
• Prevent criminal activity, fraud and money laundering.
• Manage your account(s).
• Trace and recover debts.
• To make sure any offers provided to you are appropriate to your circumstances.

When CRAs receive a search from us they will place a search “footprint” on your credit file which can be seen by other lenders whether or not the application proceeds. If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

We will also continue to exchange information about you with CRAs on an on-going basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your information will also be linked to that of your spouse, any joint applicants or other financial associates.

Records remain on file with CRAs and FPAs for 6 years after they are closed, whether settled by you or defaulted.
More information about CRAs and how they use Personal Data is available at Experian or you can contact the agencies below:
Transunion One Park Lane, Leeds, LS3 1EP Tel: 0330 024 7574 or visit Transunion
Equifax PLC Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US Tel: 0870 010 0583 or visit Equifax
Experian Consumer Help Service, PO Box 8000, Nottingham, NG80 7WF Tel: 0870 241 6212 or visit Experian

We will share your information with our lending partners (where Family Vision is the credit broker and not the lender) when you apply for a credit account. We will do this in order to facilitate an agreement with you and administer the agreement throughout its term. Our lending partner, Family Finance and Family Vision will continue to exchange your information while you use the credit facility including information about your credit application, purchases and transactions history (not limited to credit purchases and including any that are not fully complete). We will share information on the lending decision, the status of your account and your remaining balance.

All our operations are located within the UK and we do not anticipate that we will transfer your Personal Data outside the UK.  However, in the event that we do need to transfer your Personal Data outside the UK, for example if we outsource any of our loan administration services to a party located outside the UK, then before we transfer your Personal Data outside the UK we will take all steps reasonably necessary to ensure that any such transfer is made securely and that there is adequate protection in place in order to protect your Personal Data, as required by the Act, including requiring the transferee to enter into model contractual clauses where the recipient is not located in a jurisdiction that has been deemed to provide an adequate level of protection under section 17A of the Act.  Please contact us if you wish to obtain a copy of the relevant safeguards.

We will keep your personal information for as long as you’re a customer. After you stop being a customer, in most cases, we will keep your information for up to 6 years after the last time you interacted with us. We may keep your information for longer than 6 years if we cannot delete it for legal, regulatory or technical reasons. We may also need to keep it in order to help support product recalls or safety notices. If we do, we will make sure that your privacy is protected and only use it for those purposes.
We do not retain personal information in an identifiable format for longer than is necessary.

The Data Protection Act 2018 gives individuals rights over their personal data, including:

• Right to be informed: Individuals have the right to know how and why their data is being used.
• Right of access: Individuals can request copies of their personal information.
• Right to rectification: Individuals can request that incorrect data be updated or incomplete data be completed.
• Right to erasure or restriction: Individuals can request that their data be erased or the processing of their data be restricted.
• Right to object: Individuals can object to how their data is processed in certain circumstances.
• Data portability: Individuals can get and reuse their data for different services.
• Right not to be subject to automated decision-making: Individuals have the right to not be subject to a decision based solely on automated processing.

Please contact us in writing, by email or telephone using the details shown under ‘Contact Us’ below if you wish to do so, or if you have any queries in relation to your rights. Please note these rights do not apply in all circumstances.

Unless you have opted out, we may contact you via email, SMS/text message or other electronic mail to inform you about other products or services provided by us that are similar to those that you have already agreed to, requested or enquired about.
We won’t send you direct marketing messages if you tell us not to. You have the right at any time to ask us not to use your Personal Data for marketing purposes by notifying us using the contact details set out in the “Contact us” section of this website.

We will take reasonable measures to protect Personal Data in our possession from loss, misuse and unauthorised access, disclosure, alteration and destruction. Personal Data is secured by us in the following ways:

• Personal Data is stored in a restricted access format;
• Personal Data will be transmitted in an encrypted format using Secure Sockets Layer (SSL) software;
• Following the Payment Card Industry Data Security Standard (PCI DSS) when handling debit and credit card information;
• Adhering to General Data Protection Regulation (GDPR) guidelines when collecting, processing and storing information;
• Relevant networks are secured with certified firewalls in a multi-layered manner with redundancy; and
• Network related equipment is secured with a password, and access is limited to authorised network engineers who support our equipment and systems.

We will require third parties acting on our behalf who collect or use your Personal Data under our instructions to agree to safeguard your Personal Data in accordance with this Privacy Policy and comply with data protection law.

Our websites (which includes this Privacy Policy) contain links to other websites run by other organisations which we do not control. These include websites which offer you support in times of crisis but also social media platforms. This Policy does not apply to those other websites and apps‚ so we encourage you to also read their privacy statements.

We use so-called social plugins (buttons) of social networks such as Facebook and Instagram. After activation of a button, the social network can retrieve information, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account. A social network cannot assign a visit to websites operated by our other group companies unless you activate the respective button there as well.

If you are a member of a social network and do not want that network to combine information retrieved from your visit to our websites with information they hold on you, you must log out from the social network concerned before activating the buttons.

If you have any questions about how we treat your personal data and protect your privacy, if you have any comments or wish to seek to exercise any of your rights as outlined above or to complain, please contact the Data Protection Officer:

• By post to Family Finance Ltd, 93 Commercial Street, Tredegar, Gwent NP22 3DN
• By email to enquiries@familyfinance.ltd.uk
• By telephoning us on 01495 726565

You can also contact the Information Commissioner’s Office (ICO) if you have any concerns or complaints with how Family Finance has handled your personal information: Ico Contact

This Privacy Policy was last updated January 2025 and replaces all previous versions. This Policy is regularly reviewed and if updates and changes are made we may notify you either by email or in writing.