This Privacy Statement applies to The Just Loans Group PLC and all its Group Companies, (herein generically referred to as ‘JLG’ and/or ‘We’ or ‘Us’) and concerns the collection, processing and use of your personal data.
We take your privacy very seriously and treat all your personal data with great care. We act in accordance with the applicable data protection legislation.
When you visit our websites (or subdomains) (the “Website”), contact us, and contractually engage with us, we collect information from and about you. Some of the information we collect may be classed as personal data under data protection legislation, that is, “any information relating to an identified or identifiable natural person”. It may be collected any time you submit it to us, whatever the reason may be.
This Privacy Statement describes which personal data is collected and for which purposes such personal data is processed by us. It also states which rights you have under applicable data protection legislation.
Must read sections We draw your attention in particular to the sections entitled “Sharing your data” and “Your Rights.”
Collecting your personal data
We collect information about you in the following ways:
Information you give to us.
This includes personal data collected:
Through our Website when you register, login, commence or complete an online transaction to apply to use our products and services.
When you contact our team to further any application for a credit facility.
When you have provided your consent, in order to conduct credit checks and/or other aspects of due diligence in connection with your application to include names and addresses (including business details, details of your assets, income and liabilities), telephone and email details.
We collect payment card information from you in certain circumstances.
We may also collect your birthdate and other significant dates.
We also request proof of identity by way of copy passports, driving licenses or by other means.
We also conduct Anti Money Laundering checks in connection with your application.
Information Automatically Collected.
This includes personal data collected:
Through our Website; we may automatically log information about you and your computer or mobile device when you access Website.
We use voice-recording technology to record calls for training and quality assurance purposes; these recordings are maintained on our computer servers.
Why do we process your personal data?
Your personal data will be stored in our centralized systems which are under our control and are accessible by authorized staff of JLG and/or our suppliers acting in accordance with our approval.
We use the information we collect about you to process your applications, answer your queries, manage your account and enable you to manage your website user account.
With your consent, we will contact you via our marketing and sales channels (email/ phone/ post) about other related products and services we provide which we think may be of interest to you. Our marketing communications are generally sent by email but we may sometimes use other methods of delivery such as by post or SMS.
We mainly collect, store and process personal data at two different stages: (i) before you decide to enter into a loan agreement with us and (ii) when you enter into a contract with us.
When you visit our Website, we collect information about your use of the Website. This includes both information we collect directly from you, and information we collect about your behaviour. This information may constitute 'personal data' under applicable law. We use this information to assess your application for credit finance. Where we gather personal data about persons who are directors of corporate applicants we will such data only for the purpose of credit checking in relation to the corporate application.
Consent; where required to enter into or perform a contract to which you are a party.
We may at each stage outlined above use your personal data but only when and to the extent the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. (Our legitimate interests include the performance of contracts we enter into with third party Affiliates which may include the assignment of your debt.)
- Where we need to comply with a legal or regulatory obligation.
- Where you have provided your consent.
For your convenience, we have made an overview of activities that involve the processing of your personal data, and the corresponding legal basis/legal bases that allow us to process this data:
|First of all, we store the personal data you provide to us in our systems for administrative purposes.||Consent; where required enter into or perform a contract to which you are a party.|
|Government regulations require us to ask you to provide us with certain information. This may include information such as: birth date, nationality, place of residence and profession.||Compliance with a legal obligation|
|We will have to verify your identity. We will use your passport or other identification document. We will not store a copy of your passport, except to the extent permitted by law.||Enter into or perform a contract to which you are a party for the purposes of our, or a third party's, legitimate interests, including keeping our records up to date|
|We store your personal data in our database(s), also after your transaction has been completed and after you have stayed in one of our properties to the extent required by law, and if you have signed up a loyalty programme, to be able to contact you and welcome you again in the future.||Compliance with a legal obligation for the purposes of our legitimate interests, including keeping our records up to date and managing our on-going relationship with you.|
|For many of our business purposes we use cloud-based services. Therefore, for technical and organizational reasons, it is necessary that your personal data is transferred to our servers; we will not move to servers located in countries outside of the European Economic Area ('EEA').||Enter into or perform a contract to which you are a party for the purposes of our, or a third party's, legitimate interests, including the provision of administration and IT services and network security preventing fraud.|
|We offer and provide services and products you request from us or which we may think you are interested in, via email, telephone or other media.||Consent, where required, enter into or perform a contract to which you are a party for the purposes of our, or a third party's, legitimate interests|
|We use credit card data or other payment data for invoicing purposes.||Enter into or perform a contract to which you are a party.|
|We endeavour to provide a high level of security of both the information we store as well as our facilities, (IT) systems by means of encryption, physical security measures, passwords, company procedures and policies and professional IT support. Personal data may be processed in this context by JLG and its vendors/suppliers.||For the purposes of our, or a third party's, legitimate interests, including maintaining appropriate physical and IT/network security.|
|We engage in activities required for compliance with legal obligations, third party claims or requests from public authorities, such as (i) the mandatory storage/containment of certain information because of a criminal investigation, (ii) requests from third parties for access to information (iii) any further instructions from third parties, such as supervisory authorities, that involve data processing.||Consent (if required) to enter into or perform a contract to which you are a party for the purposes of our, or a third party's, legitimate interests or compliance with a legal obligation.|
Sharing your personal data
We may share your personal data as follows
Third Parties Designated by You.
We may share your personal data with third parties where you have provided your consent to do so.
Our Third Party Service Providers.
We may share your personal data with our third party service providers who provide services such as payment processing, information technology and related infrastructure provision, business support (operational, administrative and financial), customer service, the processing and delivery of marketing communications to you, email delivery, auditing and other similar services. These third parties are only permitted to use your personal data to the extent necessary to enable them to provide their services to us. They are required to follow our express instructions and to comply with appropriate security measures to protect your personal data. Third parties are subject to confidentiality obligations and may only use your personal data to perform the necessary functions and not for other purposes.
We may share some or all of your personal data with our affiliates, in which case we will require our affiliates to comply with this Privacy Statement. In particular, you may let us share personal data with our affiliates where you wish to receive marketing communications from them.
We may share personal data when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or insolvency transaction or proceeding.
We may share personal data as we believe necessary or appropriate: (a) to comply with applicable laws; (b) to comply with lawful requests and legal process, including to respond to requests from public and government authorities to meet national security or law enforcement requirements; (c) to enforce our Privacy Statement; and (d) to protect our rights, privacy, safety or property, and/or that of you or others.
We do not share your data with any third parties outside of the above processing arrangements and we do not share your data with any business external to our group for their own marketing purposes. From the data we collect, you should only ever receive marketing communications from us.
Each Parties Rights
The General Data Protection Regulations (‘GDPR’) provides the following rights.
Right to revoke consent
If we process personal data on the basis of your consent, you have the legal right to revoke such consent at any time. Any such revocation must be in writing and submitted to us at email@example.com. On receipt of such notice we will then cease the relevant processing activity
Right of access to your information
If you want to know what personal data we have collected or process about you, you may request us to provide a copy of your personal data by sending an email to firstname.lastname@example.org. We will ask you to identify yourself. We will not provide you with a copy of your personal data to the extent that the rights and freedoms of others are or may be adversely affected.
Right to rectification and erasure of data, and restriction of processing
If you believe that our processing of your personal data is incorrect, inaccurate, unlawful, excessive, incomplete, no longer relevant, or if you think that your data is stored longer than necessary, you may ask us to change or remove such personal data or restrict such processing activity, by sending an email to email@example.com
Right to data portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format, in accordance with Article 20 of the GDPR.
Right to object
You have the legal right to object, on grounds relating to your particular personal situation, at any time to processing of your personal data. Furthermore, you have the right to object at any time to our processing of your personal data for direct marketing purposes or profiling. You can do this by sending an email to firstname.lastname@example.org or writing to The Customer Service Team
For the sake of clarity: without prejudice to the foregoing we are at all times entitled to send you messages that do not constitute direct marketing, i.e. service messages.
General information relevant for all requests and queries
Nothing in this Privacy Statement is intended to provide you with rights beyond or in addition to your rights as a data subject under applicable mandatory data protection law.
Insofar as we can lawfully respond we will do so in accordance with the time limits prescribed by the GDPR. We will use reasonable endeavours to respond to your request or query within one month. We are entitled to extend this term by another two months if the complexity of the situation so requires.
If your request is manifestly unfounded or excessive we may either (i) charge you a fee, or (ii) refuse to process your request. With respect to access requests we may also charge you for extra copies. If we decide not to honour your request or answer your query, we will explain our reasons for doing so in our reply.
Protection and storage of your data
We have used and will continue to use reasonable endeavours to protect your personal data against loss, alteration or any form of unlawful use. Where possible, your personal data will be encrypted and stored on a virtual private server that is secured by means of state of the art protection measures. A limited amount of people have access to your personal data.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retention of Information
We will only retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Statement. This may be up to 4 years, unless a longer retention period is required or permitted by law (which is typically the case in the context of our obligations under tax law).
Should you choose to unsubscribe from our mailing list, please note that your personal data may still be retained on our database to the extent permitted by law.
We are committed to resolve any complaints about our collection or use of your personal data. In case you have any questions in relation to this Privacy Statement or our practices in relation to your personal data you may send an email to email@example.com. We hope to resolve any complaint brought to our attention, however if you feel that your complaint has not been adequately resolved, you reserve the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office.
We have done our best to make sure that this Privacy Statement explains the way in which we process your personal data, and rights you have in relation thereto. We may change this Privacy Statement from time to time to make sure it is still up to date and we will notify you if we make any significant or material updates. We may also notify you in other ways from time to time about the processing of your personal information. Otherwise publication of any amended Privacy Statement is deemed effective for all purposes by being placed on our website and you should always check for the current version before making any subject access request.
Credit Reference Agencies and Fraud Prevention Agencies
When you apply to us for a Revolving Cash Facility, we will check the following records about the director, partner or member that signs this agreement on behalf of the organisation (the "main applicant"):
- i. our own records;
- ii. records of credit reference agencies (CRAs);
- iii. records of fraud prevention agencies (FPAs).
We will make checks such as assessing this application for credit and verifying identities to prevent and detect crime and money laundering. We may also make periodic searches at CRAs and FPAs to manage our relationship with you.
The agencies will link your records to those of your financial associate(s), including any previous names. These links will remain on your files until you or they tell the agency that you are no longer financially linked and the agency accepts this.
When CRAs receive a search from us they will place a search footprint on the credit file of the main applicant whether or not the application proceeds, that may be seen by other lenders. They supply to us both public (including the electoral register) and shared credit and fraud prevention information.
Information on applications will be sent to CRAs and will be recorded by them.
Where you borrow from us or guarantee a loan, we will give details of your loan(s)/account(s) and how you manage it/them to CRAs. If you borrow or guarantee a loan, and do not repay in full and on time, CRAs will record the outstanding debt and, in some cases, the length of time that the debt remains outstanding. This information may be supplied to other organisations by CRAs and FPAs to perform similar checks and to trace your whereabouts and recover debts that you owe. Records remain on file for 6 years after they are closed, whether settled by you or defaulted.
We will give you prior notice of a default being registered on your credit reference file.
We and other organisations may access and use from other countries the information recorded by fraud prevention agencies. We may transfer your personal data abroad to countries whose data protection laws are less strict than in the UK. If so, we will ensure the information is held securely to standards as least as good as those in the UK and only used for the purposes set out in this clause.
If you give us false or inaccurate information and we have reasonable grounds to suspect fraud or we identify fraud we may record this and will also pass this information to fraud prevention agencies and it may also be passed onto other organisations involved in crime and fraud prevention.
We and other organisations may also access and use such information to prevent fraud and money laundering, for example, when:
- (i) checking details on applications for credit and credit related or other facilities;
- (ii) managing credit and credit related accounts or facilities;
- (iii) recovering debt;
- (iv) checking details on proposals and claims for all types of insurance and
- (v) checking details of job applicants and employees.
You can contact us on firstname.lastname@example.org if you want to receive details of the relevant fraud prevention agencies. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
If you commence an application with us but this application is not completed, we will retain your data for no more than 30 days in order for us to proceed with your application should you return to it within the 30 day time period.
We do use them.
Terms of Usage
What you need to know about using this site.
More information about our Terms of Usage, you can read it in full.