1. Personal data VW Bank UK collects
1.1 Personal data is information or a combination of pieces of information that could reasonably allow an individual to be identified. VW Bank UK will collect and process certain personal data about the following individuals associated with the Customer (referred to as “Related Parties”):
- The Customer itself, such as where the Customer consists of individual members of a partnership or a sole trader;
- Individual directors, company secretaries or other equivalent individual office holders and beneficial owners of the Customer;
- Individuals associated with the directors and beneficial owners of the Customer’s business (e.g. trustees);
- Guarantors and indemnifiers and third-party security providers;
- Employees, contractors, representatives, officers or agents of the Customer;
- Individuals who are authorised to act on behalf of the Customer (e.g. individuals who are appointed by the Customer to operate any of its accounts and/or facilities with VW Bank UK from time to time); and
- Website users, including if you contact us (including any email address, Internet Protocol (IP) address or telephone number supplied by your electronic service provider) or if you use our products or services, or engage with our website or other online applications.
1.2 VW Bank UK collects personal data directly from the Customer and Related Parties and also from other sources including those described below:
- VW Bank UK may carry out searches using credit reference agencies and financial crime prevention agencies for information relating to the Customer’s business and Related Parties;
- VW Bank UK will check its own records for information about:
- Any accounts or facilities belonging to the Customer or any of its associated businesses or group companies,
- The Customer’s shareholder(s) who are beneficial owners of these businesses or companies; and
- Related Parties’ such as guarantors and security providers or their associated businesses or companies.
- VW Bank UK may search publically available sources, such as media stories, for information relating to the Customer’s business and Related Parties; and
- VW Bank UK may receive information from other members within the Volkswagen Group (e.g. from Volkswagen Financial Services (UK) Limited (“VWFS UK”) and Volkswagen Group United Kingdom Limited (“VWG UK”).
1.3 The categories of information that VW Bank UK collects about the Customer and Related Parties include:
- Personal details (e.g. name, date of birth, passport information, driving licence information, and biographical information);
- Customer-related details (e.g. relationship with the Customer or Related Parties, business information, information about any shareholdings, directorships, business contact details;
- Financial details (e.g. information about facilities (including credit limits and utilisation), financial history and information from credit reference agencies and fraud prevention agencies);
- Contact details (e.g. phone numbers, email addresses, postal addresses and mobile phone numbers); and
- Transactional details (e.g. information about payment requests received, queries or complaints).
1.4 Some of the information that VW Bank UK collects are special categories of personal data (also known as sensitive personal data). For example, Customer due diligence checks that VW Bank UK carries out that may reveal political opinions or information about criminal convictions or offences about Customers and Related Parties. In addition, if incorrect information is provided or fraud is suspected VW Bank UK will record this and may also pass this information to financial crime prevention agencies, such as Cifas, where it may be accessed by law enforcement agencies globally.
2. The purpose and lawful basis for processing personal data
2.1 VW Bank must have a legal basis to process Customer and Related Parties’ personal data. The table below sets out the purposes for which VW Bank UK uses personal data about Customers and Related Parties and its legal basis for doing so. Where VW Bank UK is relying on a legitimate interest, these are set out in the table below:
Purpose of processing
Lawful basis for processing
Reporting and complying with legal obligations to which it is subject and co-operating with regulators and all relevant law enforcement bodies
Customer administration and management, including relationship management, and for account administration purposes
Transaction processing, monitoring and analysis of activities to develop and manage VW Bank UK’s products and services.
Undertaking Customer due diligence checks for the prevention and detection of financial and other crimes and undertaking checks, including on Related Parties, in relation to verification, application checks, anti-money laundering, compliance and risk screening.
Exercising VW Bank UK’s legal rights were it is necessary to do so, for example to protect VW Bank UK rights, security and property interests (e.g. to funded vehicles in which it retains title or over which it has a charge) to detect, prevent and respond to fraud or other violations of law, for and legal and dispute management purposes, and for debt collection and recovery processes.
Communicating with the Customer from time to time about products, services, events offered by VW Bank UK and/or other members of VW Bank’s group and other communication such as research and insights that may be of interest to the Customer.
2.3 When VW Bank UK processes Customer and Related Parties’ personal data to meet its legitimate interests, it puts in place robust safeguards to ensure that the Customer and Related Parties’ privacy is protected and to ensure that its legitimate interest do not override the Customer and Related Parties’ interests or fundamental rights and freedoms.
2.4 Where VW Bank UK processes any information about Customers and Related Parties that is not personal data, VW Bank UK will comply with its obligations of confidentiality and establish and maintain adequate security measures to safeguard confidential information from unauthorised access or use.
3. Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
4. Individuals’ rights over their personal data
You have the right as an individual to access the personal information that we hold about you and make corrections if necessary. You also have the right to withdraw any consent you have previously given us and ask us to erase information we hold about you. You can also object to our use of your personal information (where we rely on our business interests to process and use your personal information).
You have a number of rights in relation to your personal information under data protection law. In relation to most rights, we will ask you for information to confirm your identity and, where applicable, to help us search for your personal information. We will respond to you within one month (unless there are exceptional circumstances) after we have received any request (including any identification documents requested). You have the right to:
- Ask for a copy of the information that we hold about you;
- Correct and update your information;
- Withdraw your consent (where we rely on it).
- Object to our use of your information (where we rely on our legitimate interests to use your personal information) provided we do not have any continuing lawful reason to continue to use and process the information. When we do rely on our legitimate interests to use your personal information for direct marketing, we will always comply with your right to object;
- Erase your information (or restrict the use of it), provided we do not have any continuing lawful reason to continue to use and process that information; and/or
- Transfer your information in a structured data file (in a commonly used and machine readable format), where we rely on your consent to use and process your personal information or need to process it in connection with your contract.
5. Information sharing
Where necessary VW Bank UK may provide personal data about the Customer and Related Parties:
- To other members of the Volkswagen Group, and Volkswagen Bank GmbH including:
- Internal services companies; and
- To other Volkswagen companies and entities with whom the Customer has a relationship (for example, VWFS UK and VWG UK).
- To its suppliers and agents. Where VW Bank UK engages with a supplier or agent to process Customer and Related Parties’ information on its behalf, it will undertake due diligence, and monitoring activities to ensure that the information is appropriately protected and contractual clauses are agreed between the parties to ensure that data protection and confidentiality is maintained;
- To anyone as a result of any potential restructure, sale or acquisition, of Volkswagen Bank GmbH or to anyone to whom VW Bank UK transfer or may transfer its rights; and
- If VW Bank UK is requested, required or permitted to do so by law, regulation, court order, or supervisory, regulatory or similar authority.
VW Bank UK is a branch of Volkswagen Bank GmbH which operates in Germany (as part of a global business) and therefore the recipients referred to above may be located outside the United Kingdom.
6. Credit reference agencies and fraud prevention agencies
6.1 VW Bank UK will request searches from credit reference agencies for information and we will receive information in return which may relate to:
- The Customer and/or Related Parties’;
- Any accounts and/or facilities belonging to the Customer; or
- Related Parties.
This processing may occur both before and during the period in which VW Bank UK provides facilities to the Customer and is necessary for complying with our legal obligations. VW Bank UK does this to assess? creditworthiness, check the identity of Customers and Related Parties, manage the Customer’s account(s) and facilities, recover debts and prevent criminal activity.
6.2. The personal data VW Bank UK collects from the Customer and Related Parties will be shared with fraud prevention agencies, they use this information to:
- To prevent fraud and money laundering, and to verify identity before we provide services, goods or financing to you;
- To ensure that we continue to fulfil our ongoing obligations with regards to preventing fraud and money laundering and to verify identity, in order to protect our business and to comply with laws that apply to us. If we, or a fraud prevention agency, consider you to pose a fraud or money laundering risk, we may refuse to provide the services and facilities you have requested, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details below;
- To enable us to assess fraud or money laundering risk by automated means, which may indicate that you pose a risk or if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact the Data Protection Officer using the details below; and/or
- To comply with other legal or regulatory requirements, for example to assist, or respond to a request for information from an authorised authority, regulatory body or court, or to respond to a court order.
7. Keeping your information secure
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Data Protection Officer (please see contact details below).
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
Finally, we have established procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. International transfers of personal data
Where VW Bank UK transfers the Customer and Related Parties’ personal data to other jurisdictions (or for example to its suppliers or agents) it will ensure that appropriate safeguards are provided in order to ensure that the data transfers are subject to an adequate level of protection.
9. Retention of personal data
VW Bank UK will retain Customer or Related Parties’ personal data following closure and/or termination of the Customer’s facilities or account(s) held for a period of 6 years. VW Bank UK will not retain personal information in an identifiable format for longer than is necessary and, in any event, only for the purposes of:
- Defending or bringing any existing potential legal claims;
- Dealing with any ongoing or future complaints regarding the services VW Bank UK has delivered;
- Complying with record retention requirements under the law (e.g. as required under legislation concerning the prevention, detection and investigation of money laundering and terrorist financing); and
- Maintaining business records for analysis and/or audit purposes.
11. Contact us
11.1 Subject access requests should be submitted to firstname.lastname@example.org
11.2 For any other type of request, please contact your Credit Manager in the first instance.
11.3 VW Bank UK’s Data Protection Officer can be contacted by email at DPO@vwfs.co.uk
11.4 VW Bank is committed to working with individuals to obtain a fair resolution of any complaint or concern about privacy. If, however, individuals believe that VW Bank UK has been unable to assist with their complaint or concern, they have the right to make a complaint to the Information Commissioner, the data protection regulator in the UK, using the details below:
Post: Information Commissioner’s Office
Telephone: 03030 123 1113
There was a technical error, please try again.