Fraud Victim Privacy Notice

Fraud Victim Privacy Notice

This Privacy Notice explains how we collect, use and disclose personal information about you upon disclosure to us. The information you provide to us may then be shared with other companies in the Hitachi Capital (UK) PLC group (which incorporates, Hitachi Capital Consumer Finance, Hitachi Capital Vehicle Solutions, Hitachi Capital Business Finance, Hitachi Capital Invoice Finance, Hitachi Capital European Vendor Solutions, the “Group”). Where we refer to the Company, this will also include the Group unless we explain otherwise.”

We have a legal duty to comply with relevant laws, prevent financial crime, protect consumers and help to bring perpetrators to justice.

The personal information we collect from you, is used to enable us to fully investigate any cases of fraud reported to us, help to protect the victim from future frauds by undertaking protective CIFAS loadings and to complete necessary law enforcement reporting.  

Personal information may include, but is not limited to the following:

    • your title, forename and surname and gender;
    • your current residential address;
    • your date of birth;
    • your personal telephone number(s);
    • your work telephone number;
    • your email address;
    • your occupation;
    • employment status;
    • employer details;
    • financial details – these will only be gathered for evidence corroboration purposes;
    • where you have evidence available to support our investigation, we may request these, for example Facebook Group posts, Facebook messenger communications, WhatsApp communications;
    • your IP address;
    • MAC address;
    • your device ID;
    • any other information necessary for compliance with law and regulation;

We will also request any information in relation to suspects in the case, this includes name, address, DoB and contact details. It may also include a request for images of the suspect if these are available.

In order to undertake our investigation it is necessary to process personal information from the victims of fraud, this will include:

    • protecting victims;
    • fraud investigations;
    • preventing and detecting further financial crime;
    • identifying and assisting in the prosecution of offenders;

We are aware of how important it is to you that we keep your data safe, so when you make a report of fraud to us, we have standard procedures for handling and sharing your data.

The legal basis for our use and other processing of your personal information

This will include (as relevant):

    • processing for legitimate interests provided these are not overridden by your interests and fundamental rights and freedoms (this includes our own legitimate interests and those of other entities and branches in our Group). For example, this is relevant when we use and process your personal data to deal with our legal and regulatory obligations;
    • processing which is necessary for compliance with our legal obligations laid down by European Union law (where relevant) and by laws and regulation applicable to us in the United Kingdom (“Our Legal Obligations”).

Our Legal Obligations

    • Monitoring and recording of telephone calls and email communications where necessary for compliance with regulatory rules or self-regulatory practices or procedures relevant to our business, to prevent or detect financial crime, for quality, training and security purposes;
    • where we carry out checks and remedial actions in relation to cases of fraud, we will share your personal information with Fraud Prevention Agencies;
    • for compliance with our legal, regulatory and other good governance obligations;
    • to respond and/or deal with your case; and
    • for internal record keeping;

How long do we keep your personal information for?

The list above is not intended to be exhaustive and may be updated from time to time as business needs and legal requirements dictate. Some of the personal information that we maintain will be kept in paper files, while other personal information will be included in computerised files and electronic databases.

Your personal data will not be kept for longer than is necessary to comply with our legal or regulatory requirements.

If you would like further information about our data retention practices, please contact us at the address on the Contact Us page of this site or email us at dataprotection@hitachicapital.co.uk .

How do we share your information with Fraud Prevention Agencies?

We share information with fraud prevention agencies including CIFAS and National Hunter, as part of our fraud investigation process.

We, and fraud prevention agencies, will use this information to prevent fraud. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal information to detect, investigate and prevent crime.

Fraud prevention agencies can hold your personal information for different periods of time, depending on how that data is being used. You can contact them for more information. If you are considered to pose a fraud or money laundering risk, your data can be held by fraud prevention agencies for up to six years.

Information on these fraud prevention agencies, including their contact information and information on their Data Protection Officers, can be found at:

www.cifas.org.uk/fpn
www.nhunter.co.uk/privacypolicy

Upon conclusion of a fraud investigation, victims will be offered the option of a protective marker placed with the fraud prevention agencies, this will act as a way of highlighting and preventing any further fraud attempts made. 

Data transfers for identity and fraud checks

Some fraud prevention agencies may transfer your personal information outside of the European Economic Area. They have obligations that require the recipient to protect your personal information to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing and where the framework is the means of protection for the personal information.

Does the Company share my personal information with third parties?

Your personal information will be made available for the purposes mentioned above (or as otherwise notified to you from time to time), on a ‘need-to-know’ basis and only to responsible management, accounting, legal, logistics, audit, compliance, information technology and other corporate staff who properly need to know these details for their functions within the Company.

We may disclose specific information upon lawful request by government authorities, law enforcement and regulatory authorities where required or permitted by law and for tax or other purposes. Your personal information may also be made available to third parties or partners where necessary as part of any restructuring of the Company or sale of the Company’s business or assets. Personal information may also be released to external parties in response to legal process, and when required to comply with laws or regulation.

We will not sell your personal information to any third party other than as part of any restructuring of the Company or Group or sale of a relevant Group business.

Your rights to access your personal information

You have a number of other rights in respect of your personal information under applicable Data Privacy (DP) Law. These include the right to access or obtain copies of your personal information and to have inaccurate information about you corrected. 

To exercise your right to access your personal data please contact us.

Please be aware, in circumstances of fraud, there may be some aspects of information that we are unable to release to you. This is to ensure that we do not prejudice any criminal investigations.

Your rights under DP Law

As well as the right to access the personal information we hold about you, you have a number of other rights in respect of your personal information under DP Law. These may include:

    • the right to access the personal information we hold on you,
    • the right to rectification, including to require us to correct inaccurate personal data;
    • the right to request restriction of processing concerning you or to object to processing of your personal data;
    • the right to request the erasure of your personal data where it is no longer necessary for us to retain it; and
    • the right to data portability including to obtain personal data in a commonly used machine-readable format in certain circumstances such as where our processing of it is based on your consent;

Please contact us at dataprotection@hitachicapital.co.uk or here if you would like to exercise any of your rights explained above in relation to your personal information.

Your right to complain to the Information Commissioner

Without prejudice to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the Information Commissioner if you consider that we have infringed applicable data privacy laws when processing your personal data. The Information Commissioner’s Office can be contacted using the following link: https://ico.org.uk/.

 

Keeping you informed

We will keep your details on record until we have completely dealt with your request, enquiry or application and then for a reasonable period afterwards, in accordance with DP Law and other applicable legislation and regulation.

The Company may keep your details on record for as long as is necessary for the purposes set out above and will then delete your details in accordance with DP Law and other applicable legislation and regulation.

Changes to this Privacy Notice

We keep this Notice under regular review. We may change this Notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices.

This Notice does not extend to your use of, provision of data to and collection of data on any website not connected to us to which you may link to by using the hypertext links within our websites.