Hitachi Capital (UK) PLC (Company) is committed to protecting the privacy of your personal information. For the purpose of applicable data protection law, including the Data Protection Act 1998 and, from its entry into force on 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/679) (together, DP Law), the Company is the data controller. You will see the Company referred to as Hitachi and Hitachi Capital European Vendor Solutions on our website (Site). Our Privacy Notice explains what we do with any personal information which we collect from you, including when you use our Site and when you interact with us in other ways offline, for example during the credit application process. If you have any questions regarding our Privacy Notice, please contact us at email@example.com
This Privacy Notice explains how we collect, use and disclose personal information about you when you visit the Site and when you contact us, whether by e-mail, post, fax or telephone using the contact options on the Site. The information you provide to us may then be shared with other companies in the Hitachi Capital (UK) PLC group (see below all companies that form the “Group”). Where we refer to the Company, this will also include the Group unless we explain otherwise.”
Our business is diverse so we have created a separate privacy notice for each of the following Hitachi Capital business units:
The personal information we collect from you is used primarily to enable us to provide the specific service you require and to help you access your account securely.
Personal information can include the following:
This information will be collected primarily from you as information voluntarily provided to us, but (as explained above) we may also collect it where lawful to do so from (and combine it with information from) credit reference and fraud prevention agencies, public sources, third party service providers, tax or law enforcement agencies and other third parties. Also, some of the personal information obtained from Credit Reference Agencies will have originated from publicly accessible sources. In particular, Credit Reference Agencies draw on court decisions, bankruptcy registers and the electoral register (also known as the electoral roll). We explain more about Credit Reference Agencies below. We have also mentioned above in the lists of personal information that we process some of the Credit Reference Agencies’ other sources of information (which are our own source of information too). We may also collect personal information about you from your use of other Company or Group websites or services.
The legal basis for our use and other processing of your personal information under DP Law
This will include (as relevant):
In summary, we need certain categories of personal data in order to provide you with our services. Certain other personal data is processed for our Legitimate Interests in cases where this does not result in prejudice to you. Certain other personal data is processed based on a consent.
In this section we explain the personal information we collect from you when you interact with us online and offline. Where we explain why we use this information, we have also referred to the relevant legal basis which we consider applies to the processing, as explained in the section above. Presenting the information in this way will make it easier for you to understand your rights in relation to your personal information, and this is explained further below in the sections headed “Your rights to access your personal information” and “Your rights under DP Law”.
We automatically collect standard internet and website log information to understand how our website visitors behave, which we use to improve your experience online. This may include information about your Internet Service Provider, your operating system, browser type, domain name, the Internet Protocol (IP) address of your computer (or other electronic Internet-enabled device), your access times, the website that referred you to us, the web pages you request and the date and time of those requests.
When you use any of the services below or contact us by email using the information on the Site, you may need to provide us with some additional personal information so that we can liaise with you in order to deal with your request, query, application and/or customer account registration. If you do choose to provide us with your personal information, we will collect that information for our own use and for the purposes described in this Notice.
Our Legal Obligations and/or Legitimate Interests
Your Contract and/or Legitimate Interests
How we use your personal information
We have explained below the purposes for which we may use information about you. As with the section above, we have explained why we use your information with reference to the relevant legal basis. Presenting the information in this way will make it easier for you to understand your rights in relation to your personal information, and this is explained further below in the sections headed “Your rights to access your personal information” and “Your rights under DP Law”:
We may use your personal information for the following Legitimate Interests:
Our Legal Obligations
This list is not intended to be exhaustive and may be updated from time to time as business needs and legal requirements dictate. Some of the personal information that we maintain will be kept in paper files, while other personal information will be included in computerised files and electronic databases.
We may convert your personal data into statistical or aggregated data in such a way as to ensure that you are not identified or identifiable from that data. We may use this aggregated data to conduct market research and analysis, including to produce statistical research and reports. For example, we may produce reports on which of our product and services are most popular. We may share aggregated data in several ways, including for the same reasons as we might share personal data (see below).
In addition, we may use pixels or transparent GIF files, to help manage online advertising.
The criteria we use to determine data retention periods includes the following:
(i) Retention in case of queries. We may retain it for a reasonable period (up to 12 months) after you have enquired about one of our products or services in case of follow up queries from you;
(ii) Retention in case of claims. We may retain it for the period in which you might legally bring claims against us (in the UK this means we will retain it for 6 years after the expiration of your contract or agreement) if and to the extent this is relevant; and
(iii) Retention in accordance with legal and regulatory requirements. We will consider whether we need to retain your personal data after the period described in (ii) (above) because of a legal or regulatory requirement. Some or all of these criteria may be relevant to retention of your personal data collected in connection with our products and services.
In order to process your application, we will perform credit and identity checks on you with one or more CRAs. Where you take services from us we may also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you take out a product or service and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail:
IDENTITY VERIFICATION AND FRAUD PREVENTION CHECKS
What we process and share for identity and fraud checks
As well as using your personal information to manage the product or service we have with you, we will also use and share that information about you with fraud prevention agencies including CIFAS and National Hunter who will use it to prevent fraud and money-laundering and to verify your identity. This includes by carrying out fraud checks. All this requires us to process your personal information. We will do these checks before we provide the product or service to you, and periodically at other stages after that. If fraud is detected at any time you could be refused the product or service or have it withdrawn from you.
The personal information you have provided, we have collected from you (whether directly or indirectly through our partners and brokers), or which has been received from third parties may include your name, date of birth, home address and address history, contact details such as email address, home and mobile telephone numbers, financial information, employment details, device identification including IP and/or MAC address.
We, and fraud prevention agencies, will use this information to prevent fraud and money laundering, and to verify your identity. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal information to detect, investigate and prevent crime.
Fraud prevention agencies can hold your personal information for different periods of time, depending on how that data is being used. You can contact them for more information. If you are considered to pose a fraud or money laundering risk, your data can be held by fraud prevention agencies for up to six years.
Information on these fraud prevention agencies, including their contact information and information on their Data Protection Officers, can be found at:
As part of our processing of your personal information, we may take decisions by automated means. You may automatically be considered to pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers, inconsistent with your previous submissions, or if you appear to have deliberately hidden your true identity.
You have rights in relation to automated decision making. There is more detail on this in the Your Rights section below.
As indicated, if we, or a fraud prevention agency, determine that you pose a fraud risk or money laundering risk, we may refuse to provide the product or service to you and open your account. If fraud or money laundering is detected at any time you could be refused the product or service or have it withdrawn from you. If you would like to know more you can contact the Data Protection Officer at the fraud prevention agencies (for details about what they do) or our Data Protection Officer (for details about what we do).”
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, you can contact the appropriate fraud prevention agency using the details provided above.
Some fraud prevention agencies may transfer your personal information outside of the European Economic Area. Where they do, they impose contractual obligations on the recipients of that data. Those obligations require the recipient to protect your personal information to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing and where the framework is the means of protection for the personal information.
When we and fraud prevention agencies process your personal information for the checks described in this section, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also or may also be a contractual requirement in order for us to provide the product you have applied for or to open your account relating to that product.
Your personal information is protected by legal rights which include (in the context of the checks described in this section) your rights to object to processing of your personal information, request that your personal information is erased or corrected, or request access to your personal information. If you want to exercise any of these rights, you can contact our Data Protection Officer using the details provided and you can also complain to the Information Commissioner’s Office.
Your personal information will be made available for the purposes mentioned above (or as otherwise notified to you from time to time), on a ‘need-to-know’ basis and only to responsible management, accounting, legal, logistics, audit, compliance, information technology and other corporate staff who properly need to know these details for their functions within the Company. Please note that certain individuals who will see your personal information may not be based at the Group or in your country (please see below).
Where you apply for a product or use our “Check my Eligibility” function, your personal information may be shared with the UK’s CRAs to carry out credit reference checks and with the UK’s fraud prevention agencies for the purposes of preventing fraud.
We may share personal information within the Group as needed for reasonable management, analysis, planning and decision making, including in relation to taking decisions regarding the expansion and promotion of our product and service offering, order or customer request fulfilment and for use by those companies for the other purposes described in this Notice.
Your personal information may also be made available to third parties (within or outside the Company or Group) providing relevant services under contract to the Company, or the Group (see below for further details) to help us provide our services and products to you. Third parties in this context means other corporate entities within the group, providers to the Company or Group of responsible management, accounting, legal, logistics, audit, compliance, information technology, marketing and other services. This may also include providers of call centres, data storage and database hosting services, IT hosting and IT maintenance services. These companies may use information about you to perform functions on our behalf.
We will not sell your personal information to any third party other than as part of any restructuring of the Company or Group or sale of a relevant Group business.
We have explained above how your personal information may be shared outside of the Company and the Group. As part of this, including for instance where we work with service providers, your personal information may be transferred to countries outside the European Economic Area which don’t have equivalent standards of protection under their legislation and on these occasions we take other steps to protect the data as required under DP Law.
The steps we take may include the use of European Model Clause contracts and (where relevant to our suppliers) US Privacy Shield. You can find out what these are by using the Contact Details below.
We may wish to provide you with information about new products, services, promotions and offers, which may be of interest to you. We may also invite you to take part in market research or request feedback on our products and services. This communication may occur by e-mail, telephone, post or SMS. We will seek your consent for this where necessary under DP Law. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data and if you do not wish to consent then please do pay attention to the marketing consent check boxes.
You also have the right to ask us not to process your personal data for marketing purposes at any time. This means you can change your mind about receiving marketing communications from us when you have previously consented to this. You can opt-out of receiving such communications by clicking the “unsubscribe” link on any email that we send to you or by emailing our marketing team at EVOperations@hitachicapital.co.uk at any time.
Please note that marketing communications are not the same as “information only” communications and that consents are not usually required in order for us to communicate with you about the products or services you have enquired about or have signed up to obtain, using contact details you have provided for this purpose.
You have a number of other rights in respect of your personal information under applicable DP Law. These include the right to access or obtain copies of your personal information and to have inaccurate information about you corrected.
To exercise your right to access your personal data please contact us at firstname.lastname@example.org.
Your rights under DP Law
As well as the right to access the personal information we hold about you, you have a number of other rights in respect of your personal information under DP Law. These may include (as relevant):
Please be aware that some of these rights will only become relevant when changes to DP Law come into force in May 2018.
Please contact us at email@example.com if you would like to exercise any of your rights explained above in relation to your personal information.
Without prejudice to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the UK’s Information Commissioner if you consider that we have infringed applicable data privacy laws when processing your personal data. In the UK the Information Commissioner’s Office can be contacted using the following link: https://ico.org.uk/.
We will keep your details on record until we have completely dealt with your request, enquiry or application and then for a reasonable period afterwards, in accordance with DP Law and other applicable legislation.
The Company may keep your details on record for as long as is necessary for the purposes set out above and will then endeavour to delete your details in accordance with DP Law and other applicable legislation.
We keep this Notice under regular review. We may change this Notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. The date at the top of this Notice will be updated accordingly and we encourage you to check this from time to time for any updates or changes. Where you have provided us with your email address, we may also contact you to let you know that we have updated the Notice. We may also take that opportunity to ask you if you would like to update your marketing preferences.
By using the Site, submitting your personal information to us, registering an account, registering a customer credit account or interacting with us in other ways, you consent to the use of your personal information as described in this Notice (as amended from time to time).
This Notice does not extend to your use of, provision of data to and collection of data on any website not connected to us to which you may link to by using the hypertext links within the Site.
If you have any questions about this Notice, please contact us at firstname.lastname@example.org