Hymarc Limited is a registered Data Controller under the terms of the Data Protection Act 1998 with a registration number of ZA 098144.
You have the following rights in relation to the personal data we hold about you:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling
If you have any questions regarding these rights, please contact us.
Lawful basis for processing
We use your personal data, with your consent, to:
Make informed decisions as to whether to lend to you
Prevent fraud and other criminal intent
Administer your account and contact you about the account if necessary
Record details of your account with Credit Reference Agencies
Transfer to third parties (for example, Debt Collection Agencies) which we use to administer your account
Information we may collect from you
So that we may make informed decisions on whether we can lend to you and to administer your account, we require that you provide us with the relevant information requested on our sites and that you give your consent to its use as above. This data may include:
As part of this process we will request your online banking details including your online identification numbers and security passwords. By providing us with your online banking information the following provisions shall apply.
Provide Accurate Information
You, agree to provide true, accurate, current and complete information about yourself and your bank accounts (with us or third parties) and you agree to not misrepresent your identity or your account information. You agree to keep your bank account information up-to-date, accurate and complete.
We will access your Transaction History using the services of a credit reference agency called Perfect Data Solutions Limited (PDS) (FRN: 730062). We will use your Transaction History to assess your creditworthiness and whether the loan you seek is affordable for you.
Neither we nor PDS will store or have access to your internet banking credentials, PIN codes or passwords. That information is encrypted in transit and stored by a third party service provider upon their servers in a secure environment outside the EEA.
Third Party Accounts
By agreeing to allow us viewing access to your Transaction History, you authorise PDS and PDS's service providers to access third party sites designated by you, on your behalf, to retrieve information requested by us, and to register to view bank statements over a period of up to 90 days. You agree that PDS and PDS' service providers may, and are instructed by you as your agent and nominated representative, with full power of substitution and re-substitution, for you and in your name, place and stead, in any and all capacities, to access third party internet sites, servers or documents, retrieve information, and use your information, all as described above, with the full power and authority to do and perform each and every act and thing requisite and necessary to be done in connection with such activities, as fully to all intents and purposes as you might or could do in person. This will include the following purposes: copying Transaction History over a 90 day period and storing the copied Transaction History on our servers.
You agree that the Transaction History shall also be used by PDS for credit reference agency purposes and may be taken into account when producing your individual credit score which may be shared with other organisations as part of your credit record who may contact you to offer you products credit products that meet your credit score profile.
You acknowledge and agree that when we, PDS or PDS's service providers access and retrieve information and Transaction History from third party sites, this is undertaken as your agent, and not the agent on behalf of any third party (including the bank account provider). You should be aware that third party account providers shall be entitled to rely on this authorisation and agency granted by you. You should also be aware that this service is not endorsed or sponsored by any third party bank account providers. We would recommend that you refer to the terms and conditions of your internet banking provider if you would like more information.
You understand that allowing us to review your Transaction History is at your sole risk.
We are only able to review your Transaction History on an "as is" and "as available basis" as it is made available to us by service providers. It may not be available to us from time to time.
We cannot guarantee that allowing us to review your Transaction History will guarantee the success of your loan application or the rate at which the loan is available.
Other information that we will require from you
We will also require information submitted to us during the application process for our Running Account Credit facility located at www.stepstonecredit.co.uk. This information will include your name and contact details in addition to date of birth and banking details including bank account number, sort code and debit card number.
We may also request information when you contact us regarding a problem with our site or mobile application.
Information we gather from Third Parties
We may receive information about you from our third party suppliers. These suppliers include Credit Reference Agencies (‘CRAs’), payment providers, advertising networks, technical and systems partners and their sub contractors in technical, payment and delivery services.
We may collect information about your computer, including where available, your IP Address, operating system and browser type. This information will be used for the system administration and may be reported on an aggregated basis to our advertising partners identifying users browsing habits and activities. Any statistical information shared with these partners will not enable any individual to be identified.
A cookie is a small electronic file that distinguishes you from other users of our mobile apps and website. A cookie will help us to identify user activity on our sites and enable us to use this information to improve the client experience and the information and the way it is presented to the you.
We may use both ‘transient’ cookies that expire once you log off from your online session, and ‘persistent’ cookies which remain on your computer and help us identify you when you return to our site after a previous visit. It is the data from the persistent cookies that we may analyse to help identify trends and habits to improve your experience on the site. We do not store sensitive data including passwords and account numbers in persistent cookies. We are unable to personally identify you via the cookie until you provide us with your personal data as part of the application process.
Though most browsers are configured to accept cookies it is possible for you to reject their use by amending the settings in your browser. Should you wish to amend your cookie settings to no longer accept them, we can not guarantee that you will be able to access all pages in our site may appear to be slow and unresponsive at times.
List of Cookies that we use
Tells us if your browser has Java Script enabled
Helps us analyse the usage of our site for Google Analytics
Enables us to know when you are logged on to our site
Storage of your Personal Data
We take the storage of your personal data very seriously and is stored on secured servers. All client transactional data is encrypted using 256 bit bank level encryption.
All debit card details will be stored securely with our payments partners using PCI:DSS Level 1 compliance. Sensitive data concerning your debit card including long number and CVV codes are not seen by or stored by StepStone Credit servers. All card data captured during the account opening process is done through a secure site or ‘iframe’ hosted by our payments partner with all subsequent payment data sent via a secure tokenised system.
The transmission of data via the internet is not completely secure. We will always do our best to protect your personal data, however we can not guarantee the security of your data, all transmissions of data are done so at your personal risk. Both StepStone Credit and our service partners use strict security processes and features to try and prevent unauthorised access. Do not disclose the logon details of your StepStone Credit account to other parties.
Retention of your personal data
If we enter into a financial relationship with you, we will retain your data for 6 years after the end of this relationship.
If we are unable to offer you a financial product, we will retain your data for upto 6 months after the decision date.
Use of your personal data
We use your data to access the suitability of the StepStone Credit product for you and to access your creditworthiness as a statutory regulatory requirement. We may do this by means of an automated decision-making process, by which we decide on the basis of current information whether our product is suitable for you and whether you can afford repayments. If you disagree with the outcome of this process, you can contact us and we will manually reconsider the decision.
We may share this information with our third party providers including Credit Reference Agencies who may use this information to make additions to their existing records held on you. This information will become available for all subsequent searches made on you.
We may also use your personal data for the following purposes
To carry out our obligations under our terms and conditions
For marketing purposes including notification of products and services by ourselves and trusted third parties. This may include products that we feel may be suited you in the event that your application with StepStone Credit is not successful. We may provide the personal details that you have provided as part of your unsuccessful application to either or both of the following entities
Quint Group Limited (Trading as Monevo), Oxford House, Oxford Road, Macclesfield, Cheshire SK11 8HS, who are regulated by the Financial Conduct Authority (FRN: 669450) as a Credit Broker
TFLI Limited, 2nd Floor, The Adelphi Mill Grimshaw Lane, Bollington, Macclesfield, Cheshire, England. SK10 5JB, who are regulated by the Financial Conduct Authority (FRN: 723630) as a Credit Broker
StopGo Networks, 272 Bath Street, Glasgow, G2 4JR, who are regulated by the Financial Conduct Authority (FRN: 729572) as a Credit Broker
Quint, TFLI Limited and StopGo Networks will search their panel of credit providers for an appropriate credit provider who subject to approval, will provide you with a more suitable product. This will be subject to your marketing consent preferences.
For product analysis and the determining of client trends. This may be done both internally and with external partners. In the case of statistical analysis any data provided to third parties will be done on an anonymous basis.
If required to do so via any legal authority or when we believe that disclosure is necessary to protect to comply with judicial proceedings and or to protect our rights.
In the case our business is acquired in whole or part by a third party. At which point, the personal data will form part of the transferred assets.
Providing your personal data to Credit Reference Agencies
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”).
To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
•Assess your creditworthiness and whether you can afford to take the product;
•Verify the accuracy of the data you have provided to us;
•Prevent criminal activity, fraud and money laundering;
•Manage your account(s);
•Trace and recover debts; and
•Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
By visiting our website or mobile apps and providing consent via ‘Marketing Opt In’, you understand and agree that we may contact you via the email address and or phone number that you have provided to discuss other credit products that we feel may be suitable for you should the StepStone Credit facility not be suitable for you. Should you not wish to receive these communications that you can email us on email@example.com typing the heading “remove” in the title bar.
On receipt of the such communication, we will endeavour to update your profile with this request within 10 business days. Should you consent to allow StepStone Credit to share your information with trusted third parties, these parties may follow up with you directly with news and offers. To opt out of receiving communications from these companies you will have to contact them directly.
What shall I do if I have any questions or concerns?
If you have a question, complaint or query with regards to how we use your information, please contact us and we will do our best to resolve it as soon as possible. If it’s a complaint concerning your data security and we have failed to deal with it to your satisfaction, you can lodge your complaint with the Information Commissioner (go to www.ico.org for more information).
We take the quality of the service we provide seriously, and all our calls are therefore recorded for monitoring and training purposes.