Privacy Policy

ADHERING TO GENERAL DATA PROTECTION REGULATION

The following privacy policy provides an overview how your data is recorded and processed. This policy applies to GRENKE Group and its United Kingdom entities including GRENKE Leasing Ltd, GC Factoring Ltd – GRENKE Franchise and GC Financial Solutions Ltd (GRENKE Belfast Agency).

 

With the following information, we would like to give you an overview of how we process your personal data as well as your rights under the Data Protection Act. What specific data is processed in detail and how it will be used depends on the requested or agreed services.

 

1. Who is responsible for data processing and who can I contact?

 

Contact details as follows:

GRENKE

No.2 London Square

Cross Lanes

Guildford

Surrey GU1 1UN

E-mail: dataprotection@grenke.co.uk or dataprotection@grenkefactoring.co.uk 

 

 

You can reach our operational data protection officer at:

GRENKE

Data Protection Officer

No.2 London Square

Cross Lanes

Guildford

Surrey GU1 1UN

E-mail: dataprotection@grenke.co.uk or dataprotection@grenkefactoring.co.uk 

 

2. What sources and data do we use? 

 

We process personal data that we receive from our customers as part of our business relationship. In addition, we process – as far as necessary for the provision of our services – personal data that we might collect from publicly accessible sources (e.g. debtor directories, land registers, trade and association registers, press, internet) or that was obtained from our distribution partners or from other third parties (e.g. a credit agency). Finally, we process personal data of our shareholders, shareholder representatives, guests of the Annual General Meeting and analysts on the basis of our legal obligations.

 

Relevant personal data includes:

  • Personal details (name, address, birthday, place of birth and nationality)
  • Contact details (telephone, e-mail address)
  • Verification data (e.g. ID data)
  • Authentication data (e.g. signature sample)
  • Order data (e.g. payment order)
  • Data from the fulfilment of our contractual obligations (e.g. sales data in payment transactions)
  • Information about your financial situation (e.g. creditworthiness data, scoring/rating data, source of assets)
  • Advertising and sales data (including advertising scores), documentation data (e.g. consultation minutes)
  • Data in connection with the shareholder position, such as the number of shares, type of shares, type of share ownership or information on the bank olding your shares.
  • Data in connection with the Annual General Meeting of GRENKE AG such as the number of the admission ticket, powers of attorney, instructions, etc.

and other data comparable to the aforementioned categories.

 

 3. What do we process your data for (purpose of processing) and on what legal basis? 


We process personal data in accordance with the provisions of the European General Data Protection Regulation and the Data Protection Act 2018 (GDPR):


a. For the fulfilment of contractual obligations (Article 6 (1) (b) of the GDPR) 


Data is processed in order to provide financial services as part of the execution of our contracts with our customers or to carry out pre-contractual actions, which are carried out upon request. The purposes of data processing are primarily geared towards the specific product (e.g. leasing, factoring) and may include, but are not limited to, needs analysis, consulting and to perform transactions. Further details on the purposes of data processing can be found in the relevant contract documents and terms and conditions. 


b. For the purposes of legitimate interests (Article 6 (1) (f) of the GDPR)
As far as necessary, we process your data beyond the actual fulfilment of the contract for the protection of our legitimate interests or those of third parties, in particular: 

  • Consultation and exchange of data with credit agencies (e.g. Experian) to identify credit risk or default risk
  • For the purposes of checking any credit or default risks, and to defend ourselves against any criminal acts, we provide data to credit reference agencies data concerning the request and the applicant. The agencies will make the data saved about you available to us through direct electronic mail provided that we have given convincing evidence that our interest in this is legitimate.


The credit agencies will process the data received and use this to create a profile (scoring), in order to provide their contractual partners in the European Economic Area and in Switzerland and, where necessary, other third party countries (provided there is an adequacy decision from the European Commission for this) with information so they can assess the creditworthiness of natural persons, among others.

 

For detailed information as described in Article 14 GDPR regarding activities undertaken by the credit agencies, please refer to the information provided about the respective agencies using the following links:
For Experian, go to https://www.experian.co.uk/
For Equifax, go to https://www.equifax.co.uk/credit_score
For CoCredo, go to http://www.cocredo.co.uk/ 

 

  • Prevention and clarification of criminal acts, assertion of legal claims and defence during legal disputes

We will send personal data collected for the request for, execution and ending of this business relationship to an asset management company, collection agents or bailiffs. For behaviour not in compliance with the contract or for fraudulent behaviour to our solicitors.

 

Please refer to the information provided about the respective companies using the following links:
For EBM Plc, go to http://ebmplc.com/ 
For Lester Aldridge, go to https://www.lesteraldridge.com/ 
For PDT Solicitors, go to https://www.pdt.co.uk/

  • Checking business needs for the purposes of direct sales approaches and marketing opportunities
  • Guaranteeing IT security and safeguarding IT operations at our company
  • Building and plant safety measures (e.g. access control)
  • Measures to guarantee domestic authority
  • Business management measures and measures to develop products and services

 

c. On the basis of your consent (Article 6 (1) (a)  GDPR)
Insofar as you have given us your consent to process your personal data for specific purposes (e.g., disclosure of data within the Group, or analysis of payment transaction data for marketing purposes), the legality of this processing is assured on the basis of your consent. Consent that has been issued can be revoked at any time. This also applies to the revocation of declarations of consent that were issued to us before the GDPR came into effect, i.e. before 25 May 2018. The revocation of consent does not affect the legality of the data processed until the revocation.
 
d. Based on legal requirements (Article 6 (1) (c) GDPR), legitimate interest (Art. 6 (1) (f) GDPR) or in the public interest (Article 6 (1) (e) GDPR)
If we are required to meet various legal requirements (i.e. the provisions of the Banking Act 2009, Money Laundering Act, tax laws) and banking supervisory specifications (e.g. the European Central Bank, the European Banking Authority, the Bank of England and Financial Supervisory Authority). The purposes of the processing include, but are not limited to, the creditworthiness check, identity and age checks, prevention of fraud and money laundering, the fulfilment of tax auditing and reporting obligations, and the assessment and management of risks.

Due to legal obligations as well as due to the legitimate interests in the context of the organization and orderly conduct of Annual General Meetings, we also process personal data of shareholders, shareholder representatives and, if applicable, guests at the Annual General Meeting of GRENKE AG (in particular name and contact details). The processing of this data is necessary for the participation of shareholders, shareholder representatives and possible guests in the Annual General Meeting or the holding of analyst events. Personal data is stored in accordance with legal obligations and then deleted.

 

4. Who receives my data?


Within our organisation, the entities that gain access to your data are those who need it in order to fulfil our contractual and legal obligations. Our service providers and vicarious agents may also receive data for these purposes. These are companies in the categories of financial services, IT services, logistics, printing services, telecommunications, debt collection, advising and consulting, as well as sales and marketing.


With respect to the disclosure of data to recipients outside our company, we may only disclose information about you if we are required to do so by law or if you have given us your consent to do so. Under these conditions, recipients of personal data may be, for example: 

  • Public bodies and institutions (e.g. the Bank of England, Financial Supervisory Authority, the European Banking Authority, the European Central Bank, tax authorities) if there is a statutory or official obligation to do so. 
  • Other credit and financial service providers or similar institutions to whom we send personal data in order to maintain the business relationship with you (e.g. correspondent banks, credit agencies).
  • Other companies within our Group conducting a risk controlling process because of a statutory or official requirement to do so.
  • Other companies within our Group from which information can be provided that are suitable to the company’s interests and are confirmed as a legitimate interests.

 Other data recipients may be those to whom you have given us your consent for your data to be submitted.

 

5. Is data transmitted to a third-party country or to an international organisation? 


A transfer of data to bodies in countries outside the European Economic Area (so-called third-party countries) takes place, as far as:

  • this is required in order to execute your orders (e.g. payment orders),
  • this is required by law (e.g. in order to comply with tax reporting obligations), or
  • you have given us your consent. 

 

6. How is my data processed on the website?


Unless otherwise stated, we process your data on our website either to action your request (Article 6 (1) (b) GDPR) or based on our legitimate interests (Article 6 (1) (f) GDPR) as follows:


a. Usage data
Every time you access a page and retrieve a file, this process automatically saves general data to a log file. The storage is exclusively system-related and is purely for statistical purposes or to report criminal offences in exceptional circumstances.
We use this data to improve our websites and to present content tailored to your interests on various sites on the internet and on multiple devices. As part of this process, usage data is not merged with personalised data. Should you decide to provide us with your data, this data will be backed up securely during the entry process. The same applies to the storage in our system. For security reasons, we store your IP address. This can be accessed in case of a legitimate interest.


We do not save your browser history. A transfer of data to third parties or any other evaluation does not take place, unless there is a legal obligation to do so.


In detail, the following data record is saved for each access: 

  • Device used
  • Name of the accessed file
  • Date and time of access
  • Time zone
  • Transferred data volume
  • Report as to whether the access was successful
  • Description of the type of web browser used
  • Operating system used
  • The previously visited site
  • Provider
  • User's IP address  

 

b. Contact forms and other enquiries
In order to be able to give you the best possible advice as part of a request via our contact forms, the appropriate group company that is best suited to respond to your request will be identified after inquiring about your specific interest at the top of the page. If you contact us (e.g. via contact forms), the designated company will save your data in order to process your request (Article 6 (1) (b) GDPR) or in case any further correspondence is required. If several companies are listed there, they will process your personal data as joint controllers within the meaning of Art. 26 DS-GVO.  Further information on joint controllership can be obtained by sending an e-mail to dataprotection@grenke.co.uk or dataprotection@grenkefactoring.co.uk.

 

If you provide specific information about your needs or your person in the context of other enquiries (e.g. during our leasing test), we will save your data for the purpose of processing your request (Article 6 (1) (b) GDPR) and in the event that further correspondence should take place.


If you expressly agree to be contacted by e-mail, telephone or post (according to Art. 6 Para. 1 a GDPR) within the scope of the contact form or another enquiry, you grant GRENKE AG, GRENKE Leasing Ltd (UK), GC Financial Solutions Ltd (GRENKE Belfast) and GC Factoring Ltd the opportunity to inform you in future by telephone, e-mail or post about current products and services, in the selected category. We may also store your data for the purpose of sending you our newsletter. In addition, we store your IP address and the date of your registration in order to be able to prove your newsletter subscription in case of doubt. You can object to the use of your data for advertising purposes at any time or unsubscribe from the newsletter at any time by clicking on the unsubscribe link in the footer of the newsletter. 
 

If you do not give your consent, your data will be deleted after your request has been processed. Excluded from this is data for which legal or otherwise prescribed storage obligations exist. 

Within the framework of our contact forms we work with the Eloqua, a service of the provider ORACLE Nederland B.V., Hertogswetering 163, 3543 AS Utrecht, P.O. Box 40387, 3504 AD Utrecht, The Netherlands. For further information on the processing of data by Eloqua, please refer to the additional notes under g.


c. Registration 
The data provided during registration will only be used by us to enable you to use our services (Article 6 (1) (b) GDPR).
 We collect the following data for the registration process: 

  • E-mail address
  • Username
  • Password 

 

d. Newsletter 
We are happy to inform you on the basis of your consent (Article 6 (1) (a) GDPR) about the latest news with our newsletter. 
In order to receive the newsletter, you must enter your name and e-mail address. You can also enter and submit further optional information. After you have submitted your e-mail address, you will receive an e-mail from us to the e-mail address you have specified, in which you must click a confirmation link to verify the e-mail address you provided. 
Your data will be stored by us only for the purposes of sending our newsletter. In addition, we store your IP address and the date of your registration in order to be able to prove the newsletter subscription in case of doubt. 

In addition, in order to measure the success of our newsletter, we collect data on whether the newsletter is opened, when it is opened and which links are clicked.

For the delivery of our newsletter we work with the Eloqua service of the provider OR-ACLE Nederland B.V., Hertogswetering 163, 3543 AS Utrecht, P.O. Box 40387, 3504 AD Utrecht, The Netherlands. Newsletters sent with the help of Eloqua use tracking technologies. We use this data primarily to find out which topics are of interest to you by tracking whether our emails are opened and which links you click on. We then use this information to improve the e-mails we send you and the services we provide, and to link them to existing tracking or profiling information. We will not be able to track your emails if you have disabled the display of images in your email program by default. In this case, however, the newsletter will not be displayed in full and you may not be able to use all the features. If you display the images manually, the above-mentioned tracking will take place. For further information on using Eloqua, please refer to the additional notes under g. 
 

You can unsubscribe from the newsletter at any time by clicking the unsubscribe link at the bottom of the newsletter.  

e. Use of cookies 
i) General information
In order to make your visit to our websites more pleasant and to enable the use of certain functions, we use so-called cookies on various sites. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your device and allow us or our affiliates to recognise your browser on your next visit (so-called permanent cookies).
Cookies cannot access other files on your computer or identify your email address.


ii) Use of cookies
Like most websites you visit, our website also uses cookies to improve the user experience on both one-time and repeated website visits. This allows you to quickly and easily switch between sites, save your configurations, and use third-party tools (such as YouTube videos) on the website.


Cookies are either placed on our website (first party cookies) or on other websites whose content appears on our website (third-party cookies). These third-party providers (such as Facebook) may set cookies if you are logged in to their pages and visit our website. We have no influence on the cookie settings of these websites. Please visit the third-party websites for more information on their use of cookies.


iii) Legitimacy of the storage of cookies
The essential, functional and statistical cookies are stored on the basis of our legitimate interests (Article 6 (1) (f) GDPR) for the optimisation and needs-based design of our website.
Cookies are stored for marketing purposes on the basis of the user's consent (Article 6 (1) (a) GDPR). These cookies are therefore only set if the user agrees to the storage by issuing their consent to the cookie notification on the website.


iv) Deactivating and deleting cookies
The setting you choose on the first visit in response to the cookie notification will be saved. The selected settings can be adjusted here in the privacy settings at any time.
 

Call us

Get in touch with us via

+44 1 483 401 755

Mo - Fr 8 am - 6 pm

We are experiencing a high volume of calls. As an alternative please email customer.service@grenke.co.uk.

Privacy Settings


Name of the cookie
Purpose of the cookie
Storage time
Session or permanent cookie

Bloomreach

Technical cookie for the load balancer

For the duration of the session

Session

Onetrust

Onetrust uses cookies to record the user settings for cookies and to enable or pre-vent the collection of data from statistical or marketing cookies depending on the recorded user preferences.

12 months

Permanent

Statistical cookies

 

Statistical cookies collect information about how a website is used, e.g. the frequency of site visits and whether a user receives error messages from a page. These cookies do not store any information that would allow the user to be identified. The information collected is aggregated and therefore evaluated anonymously. These cookies are used exclusively to improve the performance of a website and thus the user experience.

Name of the cookie
Purpose of the cookie
Storage time
Session or permanent cookie

Piwik Pro

Piwik

Used to send data about the device and the visitor's behaviour to PIWIK.

30 minutes – 1 year

Session and permanent cookie

Cookies for marketing purposes

 

Cookies for marketing purposes are used to display ads that are relevant to the user and tailored to their interests. They are also used to limit the number of times an ad is shown and to measure the effectiveness of advertising campaigns. They register whether or not you have visited a website. This information can be shared with third parties, such as advertisers. Cookies to improve targeting and advertising are often linked to third party website functions.

 

 

Name of the cookie
Purpose of the cookie
Storage time
Session or permanent cookie

Facebook

These cookies enable behavioural advertising and analysis of Facebook

2 years

Permanent

Google Adwords

These cookies enable behavioural advertising and analysis on the Google AdWords platform.

30 days–2 years

Permanent

LinkedIn

These cookies enable behavioural advertising and analysis of LinkedIn

2 years

Permanent

Twitter

These cookies enable behavioural advertising and analysis of Twitter.

2 years

Permanent

Bloomreach

These cookies collect information that is either used to track the interests of our users resp. customers and to help improve the experience on their websites or to help us understand how our products and services are used.

12 months

Permanent

Eloqua

These cookies enable behavioural advertising and analysis within the context of email marketing and measuring the effectiveness of email advertising. Tracking is done anonymously until a user identifies him or herself by submitting a form.

13 months

Permanent

Bing

These cookies enable behavioural advertising and analysis in the context of online advertising.

30 minutes - 1 year

Session and Permanent

f. Range analysis using Piwik

If you consent (Article 6 (1) (a) GDPR), we use Piwik, a software for statistical evalua-tion of user access.


Your IP address will be abbreviated before it is saved. However, Piwik uses cookies that are stored on users' computers and enable the user’s use of the website to be analysed. In this case, pseudonymous usage profiles of the users can be created from the processed data. The information generated by the cookie regarding your use of this online content is stored on our server and not passed on to third parties. 


You can revoke your consent to this data processing as follows:
 

Privacy Settings


g. Use of Eloqua

If you have consented to the use of cookies for marketing purposes, Eloqua will use corresponding cookies that are stored on your computer and that enable an analysis of the use of the website (hereinafter referred to as usage behavior) If you have already used a website that uses Eloqua, you may already have an Eloqua cookie. Even if this cookie is set on other websites, the information from your visit to our websites is only visible to us and is not shared with Oracle or any other users of the Eloqua system. It is also not possible for us to use this cookie to record or view information about your visits to any other websites.

The information generated by the cookie about your use of this website is transferred to a server and stored there. On our behalf, Eloqua uses this information to evaluate your use of the website and to compile reports on website activity. If you wish to prevent the use of Eloqua cookies or the evaluation of usage behavior on your device in the future, this is possible via the following link: Eloqua Opt-Out .

If you enter personal data (e.g. in the contact form) during your visit to the website, these data will be processed with the usage behavior in order to offer you content on the website and in our newsletter that is geared to your interests, as well as to be able to send you news and information about our company or our range of services based on your data, which are geared to your individual interests. For this purpose, it is technical-ly necessary that we combine your accrued and given data in user profiles and evalu-ate them for the aforementioned purposes. This is done internally and only for the aforementioned purposes.

The legal basis for the pseudonymous evaluation of the use of our website is your con-sent (Article 6 (1) (a) GDPR), which you may have given us in the course of using our website.

The information generated by the cookie about your use of this website is transferred to a server and stored there. On our behalf, Eloqua uses this information to evaluate your use of the website and to compile reports on website activity. If you wish to prevent the use of Eloqua cookies or the evaluation of usage behavior on your device in the future, this is possible via the following link: Eloqua Opt-Out .

You can find further information on data protection in connection with the use of Elo-qua here: Oracle Privacy Policy.


h. Use of Facebook Pixel


i) Processed Data

On our website we use the so-called “Facebook pixel” from “Facebook” (Facebook Ire-land Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland). With the Fa-cebook pixel we can classify the visitors of our website into certain target groups in or-der to be able to show you advertisements ("Ads") on Facebook. The recorded data (e.g. IP addresses, information about the web browser, the location of the website, buttons clicked, possibly pixel IDs and other features) cannot be viewed by us, but can only be used in the context of displaying certain advertisements. When the Facebook pixel code is used, cookies are also set.

If you have a Facebook account and are logged in, your visit to this website will be as-signed to your Facebook user account.

In order to exchange the respective data, your browser automatically establishes a di-rect connection with the Facebook server. We have no influence on the scope and fur-ther use of the data that is collected by Facebook through the use of this tool and there-fore inform you according to our level of knowledge: By integrating the Facebook Pixel, Facebook receives the information that you are visiting the corresponding site of our website and that you have accessed or clicked on one of our advertisements. If you are registered with a Facebook service, Facebook can assign the visit to your account. Even if you are not registered with Facebook or have not logged in, there is the possi-bility that the provider will find out and save your IP address and other identification features.

• You can find out how the Facebook pixel is used for advertising campaigns at https://www.facebook.com/business/learn/facebook-ads-pixel
• You can find more information on Facebook's privacy policy at https://www.facebook.com/policy.php
• Further information on data processing by Facebook is available at https://www.facebook.com/about/privacy
 
ii) Purposes of the processing of data

We use these functions in order to be able to present you with offers that match your interests.

iii) Legal basis

We process your data because you have given your consent (Article 6 (1) (a) GDPR). We obtain your consent when you visit our website via the cookie banner.

iv) Storage duration and control options

We store your data as long as we need it for the respective purpose (display of interest-based advertising), or as long as you have not objected to the storage of your data or have revoked your consent.

The deactivation of the “Facebook Custom Audiences” function is possible for logged-in users at https://www.facebook.com/settings/?tab=ads#.

You can change your settings for advertisements in Facebook at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen,%20provided%20you%20are%20logged%20into%20Facebook

i.  Use of Google Remarketing and Double Click 

i) Processed data

Google Remarketing and Double Click (now Google Ad Manager): We use Google Re-marketing and Google Double Click from Google Ireland Limited, Gordon House, Bar-row Street, Dublin 4, Ireland. With this technology, cookies are set which evaluate how you use our website and which enable your browser to be recognized when you visit websites that belong to the Google advertising network. For this purpose, the Google Analytics tracking code uses so-called double click cookies in addition to the Google Analytics cookies. These collect data on which third-party websites in the Google Dis-play Network you have visited and which advertisements you have clicked on. In addi-tion, data from first-party cookies (e.g. Google Analytics cookies) and third-party cookies (e.g. Google cookie for display preferences) are linked. This enables us to evaluate the display of advertisements and your interaction with these advertisements.

Google Ads Conversion Tracking: We use Google Ads Conversion Tracking. With this technology, cookies are set when you interact with one of our advertisements, e.g. click on it. Cookies are used to analyze what happens after you have interacted with an ad-vertisement, e.g. whether you have bought our product, viewed the ad from a mobile phone, downloaded our app or signed up for a newsletter.

ii) Purposes of the processing of data

Google Remarketing and Double Click (now Google Ad Manager): We use this tech-nology to present you with interest-based advertisements on other websites in the Google advertising network. The advertisements relate to content that you have previ-ously viewed on our website.

Google Ads Conversion Tracking: We use this technology to improve our offers.

iii) Legal basis

We process your data because you have given your consent (Article 6 (1) (a) GDPR). We obtain your consent when you visit our website via the cookie banner.


iv) Storage duration and control options

The data that are collected via the Google functions are saved and regularly deleted.

You can prevent the storage of cookies by making the appropriate setting in your browser.

You can also prevent Google from collecting the data and processing the data by down-loading and installing the browser add-on available under the following link.

Google Dynamic Remarketing and Double Click as well as Google Ads Conversion Tracking: You can object to the storage of cookies and the associated data processing by deactivating personalized advertising via your advertising settings. You can deacti-vate the use of cookies by third-party providers via the deactivation website of the net-work advertising initiative. Alternatively, you can deactivate double-click cookies by in-stalling a browser plug-in.

This can restrict the functionality of our website.

You can find further information in the Google privacy policy.


j. Use of Linkedin Insights and Conversion Tracking

i) Processed data

We use the LinkedIn Insight Tag of the provider LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA for this website. The LinkedIn Insight Tag creates a LinkedIn "browser cookie" which collects the following data:

• IP address,
• time stamp,
• page activities,
• demographic data from LinkedIn, if the user is an active LinkedIn member.

This technology enables us to generate reports on the performance of our advertise-ments and information on website interaction. For this purpose, the LinkedIn Insight Tag is integrated on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.

ii) Purposes of the processing of data

We process your data in order to evaluate campaigns and to collect information about website visitors who may have reached us through our campaigns on LinkedIn.

iii) Legal basis

We process your data because you have given your consent (Article 6 (1) (a) GDPR). We obtain your consent when you visit our website via the cookie banner.


iv) Storage duration and control options

We store your data as long as we need it for the respective purpose (campaign evalua-tion), or you have not objected to the storage of your data or have revoked your consent.

The collected data is encrypted. More information can be found here. Here you will find the LinkedIn privacy policy and the LinkedIn opt-out.
 

i. Integration of Google Maps 
We integrate the maps of the service "Google Maps" provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data processed may include, but is not limited to, the IP addresses and location data of users, which, however, are not collected without their consent (usually performed as part of the settings of their mobile devices). Unless you have expressly consented to the use, our legal basis for this data processing is our legitimate interest (Art. 6 Para. 1 S. 1 lit. f DS-GVO) in order to design our website to meet your needs. The data could also be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated

 

7. How long will my data be stored? 


Unless explicitly stated in this privacy statement, the usage and registration data stored with us is deleted as soon as it is no longer required for its intended use and the deletion does not conflict with any statutory retention obligations. 


We process and store other personal data as long as it is necessary for the fulfilment of our contractual and legal obligations. It should be noted that our business relationship is a continuing obligation, which is designed to last for years. If the data is no longer required for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its - temporary - further processing is necessary for the following purposes: 

  • Fulfilment of a duty to preserve the data under commercial and tax laws, i.e. the UK Commercial Law, UK Company Law, HM Revenue & Customs, the UK Banking Act (2009), the Money Laundering Act and the UK Securities Trading Act (2001). These laws require data to be kept/documented for 6 years after the end of the finance agreement.
  • Retaining evidence in accordance with the statutory periods of limitation that apply.  

 

8. Which data protection rights do I have?


 Every affected person has with respect to us

  • the right of access under Art. 15 GDPR,
  • the right to rectificationunder Art. 16 GDPR,
  • the right to erasureunder Art. 17 GDPR,
  • the right to restrict the processing under Art. 18 GDPR,
  • the right to object from Art. 21 GDPR,
  • and the right to data portability under Art. 20 GDPR.

Each individual also has a right to complain to the Information Commissioner’s Office https://ico.org.uk/concerns.

You may withdraw your consent to your personal data being processed by us at any time. This also applies to the withdrawal of declarations of consent received before GDPR came into effect, i.e. before 25 May 2018. Please note that this withdrawal will apply going forward. It will not apply to any data processed before the withdrawal.


You have the right, at any time, to opt out of any processing of your personal data taking for reasons relating to your own particular situation. 


9. Am I obligated to provide data?


As part of our business relationship, you must provide the personal data required in order to enter into a business relationship and perform its associated contractual obligations, or the personal data that we are required to collect by law. Without this information, we will generally not be able to conclude or execute the contract with you.
 
In particular, according to the money laundering regulations, we are obligated to identify you prior to entering into a business relationship with you on the basis of your identification document and to record and save your name, place of birth, date of birth, nationality, address and identification data. In order for us to be able to fulfil this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and immediately notify us of any changes during the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue your desired business relationship.


 10. To what extent is there an automated decision-making process?


In principle, we do not use any fully automated decision-making processes pursuant to Art. 22 GDPR in order to justify or maintain the business relationship. If we do use these procedures in individual cases, we will inform you about this separately, if this is required by law. If you disagree with a decision that we have made based on your credit score, you have the right to require the decision to be reviewed by human evaluation, taking into account your point of view.


 11. Does profiling take place?


We sometimes process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases:

  • Due to legal and regulatory requirements, we are committed to combating money laundering, the financing of terrorism, and property-related offences. At the same time, data evaluations are also carried out (inter alia in payment transactions). These measures are also in place for your protection.
  • In order to provide you with targeted information and advice on products, we use evaluation tools. These enable needs-based communication and advertising, including market and opinion research.
  • We use the scoring to assess your creditworthiness. This calculates the probability with which a customer will meet their payment obligations in accordance with the contract. The calculation may include, for example, income, expenses, existing liabilities, occupation, employer, duration of employment, past business experience, past repayment of the loan, and information from credit reporting agencies. The scoring is based on a mathematically-statistically recognised and proven procedure. The calculated scores help us make decisions within the context of product sales and are part of ongoing risk management.

 Information about your right of revocation according to Art. 21 GDPR


1. Case-specific right to object
You have the right at any time, for reasons arising from your particular situation, to revoke your consent for the processing of personal data relating to you, which takes place on the basis of Article 6 (1) (e) GDPR (data processing in the public interest) and Article 6 (1) (f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 (4) GDPR.
 
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing serves the establishment, exercise or defence of legal claims.


2. Right to revoke your consent to the processing of data for direct advertising purposes
In individual cases, we process your personal data in order to perform direct advertising. You have the right to object at any time to the processing of personal data concerning you for such advertising, which includes profiling to the extent that it is related to such direct advertising.
 
If you object to the processing for direct advertising purposes, your personal data will no longer be processed for such purposes.
 
You can revoke your consent to this by sending a correspondingly worded letter to GRENKE, Data Protection Officer, No.2 London Square, Cross Lanes, Guildford, Surrey GU1 1UN or email dataprotection@grenke.co.uk or dataprotection@grenkefactoring.co.uk.