Hitachi Capital (UK) PLC (the Company) is committed to protecting the privacy of your personal information. For the purpose of applicable data protection law, including the Data Protection Acts 1998 and 2018 and the General Data Protection Regulation (Regulation (EU) 2016/679) (together, DP Law), the Company is the data controller. You will see the Company referred to as Hitachi and Hitachi Personal Finance on the site. Our Privacy Notice explains what we do with any personal information which we collect from you, including when you use our website and when you interact with us in other ways offline, for example during the credit application process. If you have any questions regarding our Privacy Notice, please contact us at the address on the Contact Us page of this site or email us at email@example.com.
This Privacy Notice explains how we collect, use and disclose personal information about you when you visit the site and when you contact us, whether by e-mail, post, fax or telephone using the contact options on the site. The information you provide to us may then be shared with other companies in the Hitachi Capital (UK) PLC group (see below all companies that form the “Group”). Where we refer to the Company, this will also include the Group unless we explain otherwise.”
Our business is diverse so we have created a separate privacy notice for each of the following Hitachi Capital business units:
What type of personal information do we collect?
The personal information we collect from you is used primarily to enable us to provide the specific service you require and to help you access your account, securely.
Personal information can include the following:
- your title, forename and surname and gender;
- your personal or work related (depending on which you choose to submit) e-mail address and your password (which allow us to create your user account and your unique agreement number);
- your personal or work related contact details (depending on which you choose to submit) such as your telephone number(s), fax numbers and postal address;
- your date of birth and national insurance number;
- your marital status;
- your residential status and address details for the last 3 years;
- occupation, salary and annual income information;
- employment status;
- employer details and time periods in that occupation and with that employer and any other employers within a 3 year period;
- your bank details, including your bank name and address, sort code, account number, account type and time period at your bank;
- personal information which we obtain from Fraud Prevention Agencies (see the section on ‘Fraud Prevention Agencies’ below);
- personal information about your credit history which we obtain from Credit Reference Agencies including data which originates from Royal Mail (UK postal addresses), local authorities (electoral roll), the insolvency service, Companies’ House, other lenders and providers of credit (who supply data to the CRAs), court judgments decrees and administration orders made publicly available through statutory public registers (see the section on ‘Credit Reference Agencies’ below);
- your contact and marketing preferences;
- if you take a survey or interact with us in various other ways - demographics information and information about subjects that may interest you;
- information necessary for compliance with law and regulation; and/or
- where you "like" us or make posts on our pages on social networking websites, such as Facebook, Twitter, YouTube and Instagram.
Personal information also includes special categories of personal data. This is data about your racial or ethnic origin, political opinions, religious or philosophical believes, trade union membership, genetic data, biometric data, and data concerning your health, sex life or sexual orientation. In the unlikely event that any of this is collected from you during your use of the website or during any other offline interaction with us you may be asked at the point of collection to provide your explicit consent where needed in order to justify our processing of it.
This information will be collected primarily from you as information voluntarily provided to us, but (as explained above) we may also collect it where lawful to do so from (and combine it with information from) credit reference and fraud prevention agencies, public sources, third party service providers (such as Experian Limited trading as HD Decisions who will conduct a soft credit search as part of our “Check my Eligibility” service), tax or law enforcement agencies and other third parties. Also, some of the personal information obtained from Credit Reference Agencies will have originated from publicly accessible sources. In particular, Credit Reference Agencies draw on court decisions, bankruptcy registers and the electoral register (also known as the electoral roll). We explain more about Credit Reference Agencies below. We have also mentioned above in the lists of personal information that we process some of the CRAs’ other sources of information (which are our own source of information too). We may also collect personal information about you from your use of other Company or Group websites or services.
The legal basis for our use and other processing of your personal information
This will include (as relevant):
- processing your personal information so that we may perform our obligations under a contract with you (such as a loan agreement with you) (“Your Contract”);
- processing for legitimate interests provided these are not overridden by your interests and fundamental rights and freedoms (this includes our own legitimate interests and those of other entities and branches in our Group). For example, this is relevant when we use and process your personal data to deal with our legal and regulatory and internal governance obligations; and in addition to/together with the processing condition described below (“Legitimate Interests”),
- processing which is necessary for compliance with our legal obligations laid down by European Union law (where relevant) and by laws and regulation applicable to us in the United Kingdom (“Our Legal Obligations”).
- Your consent may also be a lawful reason for processing your personal data in certain cases (“Your Consent”). This means your freely given, specific, informed and unambiguous consent which may be collected from you, for instance when you agree to receive marketing communications from us or when you agree to take part in surveys or market research. You should be aware that you are entitled under DP Law to withdraw your consent where you have given it to us at any time. If you do this and if there is no alternative lawful reason for us to rely on to justify our use or other processing on your personal data, this may affect our ability to provide you with some of our services.
In summary, we need certain categories of personal data in order to provide you with our services. Certain other personal data is processed for our Legitimate Interests in cases where this does not result in prejudice to you. Certain other personal data is processed based on a consent.
What other personal information do we collect and why?
In this section we explain the personal information we collect from you when you interact with us online and offline. Where we explain why we use this information, we have also referred to the relevant legal basis which we consider applies to the processing, as explained in the section above. Presenting the information in this way will make it easier for you to understand your rights in relation to your personal information, and this is explained further below in the sections headed “Your rights to access your personal information” and “Your rights under DP Law”.
We automatically collect standard internet and website log information to understand how our website visitors behave, which we use to improve your experience online. This may include information about your Internet Service Provider, your operating system, browser type, domain name, the Internet Protocol (IP) address of your computer (or other electronic Internet-enabled device), your access times, the website that referred you to us, pages on our website that you request and the date and time of those requests.
When you use any of the services below, you may need to provide us with some additional personal information so that we can liaise with you in order to deal with your request, query, loan application and/or customer account registration. If you do choose to provide us with your personal information, we will collect that information for our own use and for the purposes described in this Notice.
- use our 'live chat' facility to speak to one of our Personal Loans Advisors;
- contact us by email using the information on our websites;
- create a My Hitachi Personal Finance account;
- check your eligibility for a loan by using our “Check your Eligibility” service (which will mean you request a soft search of your credit file from Experian Limited, trading as HD Decisions, and on which there is more information below);
Our Legal Obligations and/or Legitimate Interests
- contact us by phone where we may record phone conversations to offer you additional security, resolve complaints, for staff training purposes and to improve our service standards;
Your Contract and/or Legitimate Interests
- apply for any of our loans, including our personal loans, car loans, home improvement loans, small loans, loans over 25K and leisure loans;
Your Consent and/or our Legitimate Interests
- sign up to receive our various newsletters by email; and
- be notified of products and/or services that may be of interest to you (based on your purchase history or browsing of our Websites).
How we use your personal information
We have explained below the purposes for which we may use information about you. As with the section above, we have explained why we use your information with reference to the relevant legal basis. Presenting the information in this way will make it easier for you to understand your rights in relation to your personal information, and this is explained further below in the sections headed “Your rights to access your personal information” and “Your rights under DP Law”:
We may use your personal information for the following Legitimate Interests:
- to respond and/or deal with your request, enquiry or “Live Chat” questions;
- to process and administer your loan application and/or your “Check my Eligibility” search;
- to carry out searches at Credit Reference Agencies pre-application, at the application stage, and periodically after that, and when we share your personal information with Credit Reference Agencies (see below where we explain more and refer to a separate leaflet to more information);
- to improve our products and services and to ensure that content from the websites is presented in the most effective manner for you and for your computer (or other electronic Internet-enabled device);
- to administer the websites;
- for internal record keeping;
- to contact you (directly, either by the Company, Group or through a relevant partner or agent) by e-mail or phone for any of the above reasons;
- where necessary as part of any restructuring of the Company or sale of the Company's business or assets;
- to analyse trends and customer journeys in using and accessing our websites;
- to carry out direct marketing and/or e-mail marketing where we collected your contact details prior to 25 May 2018 whilst you were enquiring about or taking a product from us and where you were given the opportunity to opt out at the time and in every communication after that.
- to perform any contract the Company has with you;
- subject to your consent where required under applicable laws, to carry out direct marketing and/or e-mail marketing where we collected your contact details on or after 25 May 2018.
Our Legal Obligations
- where we carry out identity checks, anti-money laundering checks, and checks with Fraud Prevention Agencies pre-application, at the application stage, and periodically after that, and where we share your personal information with Fraud Prevention Agencies for these purposes;
- monitoring and recording of telephone calls and email communications where necessary for compliance with regulatory rules or self-regulatory practices or procedures relevant to our business, to prevent or detect crime, for quality, training and security purposes; and
- for compliance with our legal, regulatory and other good governance obligations.
This list is not intended to be exhaustive and may be updated from time to time as business needs and legal requirements dictate. Some of the personal information that we maintain will be kept in paper files, while other personal information will be included in computerised files and electronic databases.
We may convert your personal data into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from that data. We may use this aggregated data to conduct market research and analysis, including to produce statistical research and reports. For example, we may produce reports on which of our product and services are most popular. We may share aggregated data in several ways, including for the same reasons as we might share personal data (see below).
How long do we keep your personal information for (and the criteria used to determine this)?
Your personal data will not be kept for longer than is necessary to fulfil the specific purposes outlined in this Notice and to allow us to comply with our legal requirements.
The criteria we use to determine data retention periods includes the following:
(i) Retention in case of queries. We may retain it for a reasonable period after you have enquired about one of our products or services in case of follow up queries from you;
(ii) Retention in case of claims. We may retain it for the period in which you might legally bring claims against us (in the UK this means we will retain it for 6 years after your contract ends) if and to the extent this is relevant; and
(iii) Retention in accordance with legal and regulatory requirements. We will consider whether we need to retain your personal data after the period described in (ii) (above) because of a legal or regulatory requirement. Some or all of these criteria may be relevant to retention of your personal data collected in connection with our products and services.
If you would like further information about our data retention practices please contact us (see below).
How do we share your information with Credit Reference Agencies?
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). Where you take services from us we may also make periodic searches at CRAs to manage your account with us. To do this, we may supply your personal information to CRAs and they may give us information about you. This may include information from your credit application and about your financial situation and financial history. CRAs may supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in our Credit Reference Agency Information Notice which we refer to later on in this privacy notice.
How do we share your information with Fraud Prevention Agencies?
IDENTITY VERIFICATION AND FRAUD PREVENTION CHECKS
We process and share your information for identity and fraud checks.
As well as using your personal information to manage the product or service you have with us, we will also use and share that information about you with fraud prevention agencies including CIFAS and National Hunter who will use it to prevent fraud and money-laundering and to verify your identity. This activity includes carrying out fraud checks. All this requires us to process your personal information. These checks will be undertaken before we provide the product or service to you, open your account and periodically at other stages after that. If fraud is detected at any time, you could be refused the product or service or have it withdrawn.
The personal information you have provided, we have collected from you (whether directly or indirectly through our partners and brokers), or which has been received from third parties may include your name, date of birth, home address and address history, contact details such as email address, home and mobile telephone numbers, financial information, employment details, and device identification including IP and/or MAC address.
We, and fraud prevention agencies, will use this information to prevent fraud and money laundering, and to verify your identity. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal information to detect, investigate and prevent crime.
Fraud prevention agencies can hold your personal information for different periods of time, depending on how that data is being used. You can contact them for more information. If you are considered to pose a fraud or money laundering risk, your data can be held by fraud prevention agencies for up to six years.
Information on these fraud prevention agencies, including their contact information and information on their Data Protection Officers, can be found at:
As part of our processing of your personal information, we may take decisions by automated means. You may automatically be considered to pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers, inconsistent with your previous submissions, or if you appear to have deliberately hidden your true identity.
You have rights in relation to automated decision making. There is more detail on this in the Your Rights section below.
Consequences of processing for identity and fraud checks
As indicated, if we, or a fraud prevention agency, determine that you pose a fraud risk or money laundering risk, we may refuse to provide the product or service to you and open your account. If fraud or money laundering is detected at any time you could be refused the product or service or have it withdrawn from you. If you would like to know more you can contact the Data Protection Officer at the fraud prevention agencies (for details about what they do) or our Data Protection Officer (for details about what we do).
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, you can contact the appropriate fraud prevention agency using the details provided above.
Data transfers for identity and fraud checks
Some fraud prevention agencies may transfer your personal information outside of the European Economic Area. Where they do, they impose contractual obligations on the recipients of that data. Those obligations require the recipient to protect your personal information to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing and where the framework is the means of protection for the personal information.
Lawful processing for identity and fraud checks
When we and fraud prevention agencies process your personal information for the checks described in this section, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws and regulations that apply to us. Such processing is also or may also be a contractual requirement in order for us to provide the product you have applied for or to open your account relating to that product.
Your rights in the context of identity and fraud checks
Your personal information is protected by legal rights which include (in the context of the checks described in this section) your rights to object to processing of your personal information, request that your personal information is erased or corrected, or request access to your personal information. If you want to exercise any of these rights, you can contact our Data Protection Officer using the details provided and you can also complain to the Information Commissioner’s Office.
Does the Company share my personal information with third parties?
Your personal information will be made available for the purposes mentioned above (or as otherwise notified to you from time to time), on a ‘need-to-know’ basis and only to responsible management, accounting, legal, logistics, audit, compliance, information technology and other corporate staff who properly need to know these details for their functions within the Company. Please note that certain individuals who will see your personal information may not be based at the Group or in your country (please see below).
Where you apply for a loan or use our “Check my Eligibility” function, your personal information may be shared with the UK’s CRAs to carry out credit reference checks and with the UK’s fraud prevention agencies for the purposes of preventing fraud.
We may share personal information within the Group as needed for reasonable management, analysis, planning and decision making, including in relation to taking decisions regarding the expansion and promotion of our product and service offering, order or customer request fulfilment and for use by Group companies for the other purposes described in this Notice.
Your personal information may also be made available to third parties providing relevant services under contract to the Company or the Group (see below for further details) to help us provide our services and products to you. Third parties in this context means other corporate entities within the Group, providers to the Company or Group of management, accounting, legal, logistics, audit, compliance, information technology, marketing and other services. This may also include providers of call centres, data storage and database hosting services, IT hosting and IT maintenance services. These companies may use information about you to perform functions on our behalf.
We will not sell your personal information to any third party other than as part of any restructuring of the Company or Group or sale of a relevant Group business.
Will my personal information be transferred abroad?
We have explained above how your personal information may be shared outside of the Company and the Group. As part of this, including for instance where we work with service providers, your personal information may be transferred to countries outside the European Economic Area which don’t have equivalent standards of protection under their legislation and on these occasions we take other steps to protect the data as required under DP Law.
The steps we take may include the use of European Model Clause contracts and (where relevant to our suppliers) US Privacy Shield. You can find out what these are by contacting us at firstname.lastname@example.org.
Managing your marketing preferences
We may wish to provide you with information about new products, services, promotions and offers, which may be of interest to you. We may also invite you to take part in market research or request feedback on our products and services. This communication may occur by e-mail, telephone, post or SMS. We will seek your consent for this where necessary under DP Law.
You have the right to ask us not to process your personal data for marketing purposes at any time. You can opt-out of receiving such communications by clicking the “unsubscribe” link on any email that we send to you or by emailing our Customer Service team at HCCF.NoMarketing@hitachicapital.co.uk at any time.
Please note that marketing communications are not the same as “information only” communications and that consents are not usually required in order for us to communicate with you about the products or services you have enquired about or have signed up to obtain, using contact details you have provided for this purpose.
Your rights to access your personal information
You have a number of other rights in respect of your personal information under applicable DP Law. These include the right to access or obtain copies of your personal information and to have inaccurate information about you corrected.
To exercise your right to access your personal data please write to our Customer Contact Team at Hitachi Personal Finance, 2 Apex View, Leeds, LS11 9BH
Your rights under DP Law
As well as the right to access the personal information we hold about you, you have a number of other rights in respect of your personal information under DP Law. These may include:
- the right to rectification, including to require us to correct inaccurate personal data;
- the right to request restriction of processing concerning you or to object to processing of your personal data;
- the right to request the erasure of your personal data where it is no longer necessary for us to retain it;
- the right to data portability including to obtain personal data in a commonly used machine readable format in certain circumstances such as where our processing of it is based on your consent;
- the right to object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual; and
- where you have an option to provide us with your personal data or not in connection with your use of our website or in connection with any of our products or services, you have the right to be informed about the possible consequences of not giving it to us;
- the right to withdraw your consent to any processing for which you have previously given that consent.
Please contact us at email@example.com if you would like to exercise any of your rights explained above in relation to your personal information.
Your right to complain to the Information Commissioner
Without prejudice to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the Information Commissioner if you consider that we have infringed applicable data privacy laws when processing your personal data. The Information Commissioner’s Office can be contacted using the following link: https://ico.org.uk/.
Keeping you informed
We will keep your details on record until we have completely dealt with your request, enquiry or application and then for a reasonable period afterwards, in accordance with DP Law and other applicable legislation and regulation.
The Company may keep your details on record for as long as is necessary for the purposes set out above and will then delete your details in accordance with DP Law and other applicable legislation and regulation.
Changes to this Privacy Notice
We keep this Notice under regular review. We may change this Notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. The date at the top of this Notice will be updated accordingly and we encourage you to check this from time to time for any updates or changes. Where you have provided us with your email address, we may also contact you to let you know that we have updated the Notice. We may also take that opportunity to ask you if you would like to update your marketing preferences.
This Notice does not extend to your use of, provision of data to and collection of data on any website not connected to us to which you may link to by using the hypertext links within our websites.
If you have any questions about this Privacy Notice, please contact us at firstname.lastname@example.org.