Privacy Policy

VW Bank UK is committed to protecting and respecting any personal information you share with us. This policy describes what types of information we collect from you, how it is used by us, how we share it with others, how you can manage the information we hold and how you can contact us.

For data protection purposes, the data controller is Volkswagen Bank GmbH trading as Volkswagen Bank United Kingdom Branch (“VW Bank UK”). VW Bank UK is a trading name of Volkswagen Bank GmbH, a limited liability company incorporated in Germany. VW Bank UK is registered in England and Wales as a branch (Branch Number: BR007842).

Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it. By visiting this website you are accepting and consenting to the practices described in this policy.

The contents of this Policy may change from time to time so you may wish to check this page occasionally to ensure you are still happy to share your information with us. Where possible, we may also contact you directly to notify you of these changes.

This version of our Privacy Policy is live from April 2024.

 Personal data VW Bank UK collects

Personal data is information or a combination of pieces of information that could reasonably allow an individual to be identified. VW Bank UK will collect and process certain personal data about the following individuals associated with the Customer (referred to as “Related Parties”):

  • The Customer itself, such as where the Customer consists of individual members of a partnership or a sole trader;
  • Individual directors, company secretaries or other equivalent individual office holders and beneficial owners of the Customer;
  • Individuals associated with the directors and beneficial owners of the Customer’s business (e.g. trustees);
  • Guarantors and indemnifiers and third-party security providers;
  • Employees, contractors, representatives, officers or agents of the Customer;
  • Individuals who are authorised to act on behalf of the Customer (e.g. individuals who are appointed by the Customer to operate any of its accounts and/or facilities with VW Bank UK from time to time); and
  • Website users, including if you contact us (including any email address, Internet Protocol (IP) address or telephone number supplied by your electronic service provider) or if you use our products or services, or engage with our website or other online applications           
How is your personal information collected? 
 

VW Bank UK collects personal data directly from the Customer and Related Parties and also from other sources including those described below:

  • VW Bank UK may carry out searches using credit reference agencies and financial crime prevention agencies for information relating to the Customer’s business and Related Parties;
  • VW Bank UK will check its own records for information about:

o    Any accounts or facilities belonging to the Customer or any of its associated businesses or group companies,

o    The Customer’s shareholder(s) who are beneficial owners of these businesses or companies; and

o    Related Parties’ such as guarantors and security providers or their associated businesses or companies.

  • VW Bank UK may search publicly available sources, such as Companies House and/or media stories, for information relating to the Customer’s business and Related Parties; and
  • VW Bank UK may receive information from other members within the Volkswagen Group (e.g. from Volkswagen Financial Services (UK) Limited (“VWFS UK”) and Volkswagen Group United Kingdom Limited (“VWG UK”)) or other companies who provide services to us.

We may also collect information about you when you use VW Bank UK’s websites and applications. This online information includes some or all of the following:

  • information you provide when you register to use the sites, browse content on the sites or use other functionality;
  •  details of your visits to the sites including, but not limited to traffic data, location data and other communication data, and the resources that you access; and/or
  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform (please see further our Cookies Policy):

Some of the information that we may obtain about you does not identify you personally but provides us with information about how you use our services and engage with us (we use this information to improve our services and make them more useful to you).

 What information do we collect?

The categories of information that VW Bank UK collects about the Customer and Related Parties include:

  • Personal details (e.g. full name (including title), date of birth, passport information, driving licence information, and biographical information);
  • Customer-related details (e.g. relationship with the Customer or Related Parties, business information, information about any shareholdings, directorships, business contact details);
  • Financial details (e.g. information about facilities (including credit limits and utilisation), financial history and information from credit reference agencies and fraud prevention agencies);
  • Contact details (e.g. phone numbers, email addresses, postal addresses and mobile phone numbers);
  • Transactional details (e.g. information about payment requests received, queries or complaints); and
  • Device details (e.g. IP address, internet browser and devices used, cookies (for more information please see our Cookies Policy).

Some of the information that VW Bank UK collects are special categories of personal data (also known as sensitive personal data).  For example, Customer due diligence checks that VW Bank UK carries out that may reveal political opinions or information about criminal convictions or offences about Customers and Related Parties.  In addition, if incorrect information is provided or fraud is suspected VW Bank UK will record this and may also pass this information to financial crime prevention agencies, such as Cifas, where it may be accessed by law enforcement agencies globally.

 How do we use your information?

VW Bank UK will only process information that is necessary for the purpose for which it has been collected. You will always have the option to opt out of receiving marketing communications from us and you can withdraw your consent or object at any time.

There are various ways in which we may use or process your personal information. We list these below:

Consent:

Where you have provided your consent, we may use and process your information (including cookie data) to contact you from time to time about promotions, events, products, services or information which we think may be of interest to you. For further information on our use of cookie data, please see our Cookies Policy.

You can withdraw your consent at any time by contacting us on the details stated in the section below titled 'How can you manage the information we hold about you'.

 

Contractual performance

We may use and process your personal information where this is necessary to perform and manage a contract with you.

 

Legitimate Interests

We may use and process your personal information as set out below where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so.

The table below sets out the purposes for which VW Bank UK uses personal data about Customers and Related Parties and its legal basis for doing so. Where VW Bank UK is relying on a legitimate interest, these are set out in the table below:

Purpose of processing

Lawful basis for processing

Reporting and complying with legal obligations to which it is subject and co-operating with regulators and all relevant law enforcement bodies

 
  • Where the law requires this

Customer administration and management, including relationship management, and for account administration purposes
  • Where the law requires this
  • Where it is necessary for the performance of a contract with a partnership Customer
  • Where it is in VW Bank UK’s legitimate interest to ensure that its Customer accounts and/or facilities are well managed with a high standard of service, to protect VW Bank’s business interests and the interests of its Customers.

Transaction processing, monitoring and analysis of activities to develop and manage VW Bank UK’s products and services.
  • Where the law requires this
  • Where it is necessary for the performance of a contract with a  partnership Customer
  • Where it is in VW Bank UK’s legitimate interests to develop, build, implement and run business models and systems which protect its business interests and provide its Customers with a high standard of service.

 

Undertaking Customer due diligence checks for the prevention and detection of financial and other crimes and undertaking checks, including on Related Parties, in relation to verification, application checks, anti-money laundering, compliance and risk screening.
  • Where the law requires this
  • Where it is in VW Bank UK’s legitimate interests to prevent and investigate fraud, money laundering and other crimes and to verify the Customer’s identity in order to protect its business and comply with laws that apply to it.

 

Exercising VW Bank UK’s legal rights where it is necessary to do so, for example to protect VW Bank UK rights, security and property interests (e.g. to funded vehicles in which it retains title or over which it has a charge) to detect, prevent and respond to fraud or other violations of law, for and legal and dispute management purposes, and for debt collection and recovery processes.

 
  • Where the law requires this
  • Where it is in VW Bank UK’s legitimate interests to prevent and investigate fraud, money laundering and other crimes and to verify the Customer’s identity in order to protect its business interests and comply with laws that apply to it.

Communicating with the Customer from time to time about products, services, events offered by VW Bank UK and/or other members of VW Bank’s group and other communication such as research and insights that may be of interest to the Customer. 

 
  • Where it is in VW Bank UK’s legitimate interests to provide information about its business and services that it considers would benefit its Customers.

When VW Bank UK processes Customer and Related Parties’ personal data to meet its legitimate interests, it puts in place robust safeguards to ensure that the Customer and Related Parties’ privacy is protected and to ensure that its legitimate interest do not override the Customer and Related Parties’ interests or fundamental rights and freedoms.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Where VW Bank UK processes any information about Customers and Related Parties that is not personal data, VW Bank UK will comply with its obligations of confidentiality and establish and maintain adequate security measures to safeguard confidential information from unauthorised access or use.

Sharing your personal information.

Which third parties may process your personal information?

From time to time VW Bank UK may disclose personal data about the Customer and Related Parties:

  • to other members of the Volkswagen Group, and Volkswagen Bank GmbH including:

         a) Internal services companies; and

         b) To other Volkswagen companies and entities with whom the Customer has a relationship (for example, VWFS UK and VWG UK);

  • to its suppliers and agents. Where VW Bank UK engages with a supplier or agent to process Customer and Related Parties’ information on its behalf, it will undertake due diligence, and monitoring activities to ensure that the information is appropriately protected and contractual clauses are agreed between the parties to ensure that data protection and confidentiality is maintained;
  •  to anyone as a result of any potential restructure, sale or acquisition, of Volkswagen Bank GmbH or to anyone to whom VW Bank UK transfer or may transfer its rights;
  •  if VW Bank UK is requested, required or permitted to do so by law, regulation, court order, or supervisory, regulatory or similar authority; and
  •  to comply with its ongoing obligations to prevent fraud and money laundering by allowing law enforcement and fraud prevention agencies to access and use your personal information to detect, investigate and prevent crime.

VW Bank UK is a branch of Volkswagen Bank GmbH which operates in Germany (as part of a global business) and therefore the recipients referred to above may be located outside the United Kingdom.

Credit reference agencies and fraud prevention agencies

VW Bank UK will request searches from credit reference agencies for information and we will receive information in return which may relate to:

  • the Customer and/or Related Parties;
  • any accounts and/or facilities belonging to the Customer; or
  • Related Parties.

This processing may occur both before and during the period in which VW Bank UK provides facilities to the Customer and is necessary for complying with our legal obligations.  VW Bank UK does this to assess creditworthiness, check the identity of Customers and Related Parties, manage the Customer’s account(s) and facilities, recover debts and prevent criminal activity.

The personal data VW Bank UK collects from the Customer and Related Parties will be shared with fraud prevention agencies, they use this information to: 

  • prevent fraud and money laundering, and to verify identity before we provide services, goods or financing to you;
  • ensure that we continue to fulfil our ongoing obligations with regards to preventing fraud and money laundering and to verify identity, in order to protect our business and to comply with laws that apply to us. If we, or a fraud prevention agency, consider you to pose a fraud or money laundering risk, we may refuse to provide the services and facilities you have requested, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details below;
  • enable us to assess fraud or money laundering risk by automated means, which may indicate that you pose a risk or if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact the Data Protection Officer using the details below; and/or
  • comply with other legal or regulatory requirements, for example to assist, or respond to a request for information from an authorised authority, regulatory body or court, or to respond to a court order.

 How secure is your information with third-party service providers and other entities in our group?

We take steps to ensure that any third-party partners who handle your information comply with data protection legislation and protect your information just as we do. We only disclose personal information that is necessary for them to provide the service that they are undertaking on our behalf. We will aim to anonymise your information or use aggregated non -specific data sets wherever possible.

Due to the international nature of our business, there may be some instances where your information is processed or stored outside of the EU.  In those instances, we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law.  

In addition, fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.

How do we keep your information secure?

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and/or other third parties who have a business need to know it. They will only process your personal information on our instructions and are subject to a duty of confidentiality. Details of these measures may be obtained from the Data Protection Officer (please see contact details below).

Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

Finally, we have established procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Where VW Bank UK transfers the Customer and Related Parties’ personal data to jurisdictions outside of the UK and/or EEA (for example to its suppliers or agents) it will ensure that appropriate safeguards are provided in order to ensure that the data transfers are subject to an adequate level of protection. 

How long do we keep your information for?

We do not retain personal information in an identifiable format for longer than is necessary.

VW Bank UK will retain Customer or Related Parties’ personal data following closure and/or termination of the Customer’s facilities or account(s) held for a period of 6 years.

The only exceptions to the periods mentioned above are where:

  •  the law requires us to hold your personal information for a longer period, or delete it sooner;
  •  you have raised a complaint or concern regarding a product or service offered by us, in which case we will retain your information for a period of 6 years following the date of that complaint or query; or
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further 'How can you manage the information we hold about you?'). 

In addition, fraud prevention agencies can hold your personal information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

How can you manage the information we hold about you?

You have the right as an individual to access the personal information that we hold about you and make corrections if necessary. You also have the right to withdraw any consent you have previously given us and ask us to erase information we hold about you. You can also object to our use of your personal information (where we rely on our business interests to process and use your personal information).

You have a number of rights in relation to your personal information under data protection law. In relation to most rights, we will ask you for information to confirm your identity and, where applicable, to help us search for your personal information. We will respond to you within 30 days (unless there are exceptional circumstances) after we have received any request (including any identification documents requested).

You have the right to:

1.   Ask for a copy of the information that we hold about you;

2.   Correct and update your information;

3.   Withdraw your consent (where we rely on it). Please see further 'How do we use your information'.

4.   Object to our use of your information (where we rely on our legitimate interests to use your personal information) provided we do not have any continuing lawful reason to continue to use and process the information. When we do rely on our legitimate interests to use your personal information for direct marketing, we will always comply with your right to object;

5.   Erase your information (or restrict the use of it), provided we do not have any continuing lawful reason to continue to use and process that information; and/or

6.   Transfer your information in a structured data file (in a commonly used and machine readable format), where we rely on your consent to use and process your personal information or need to process it in connection with your contract.

You can exercise the above rights and/or manage your information by contacting us using the details below:

 

  • For any other type of request, please contact your Credit Manager in the first instance.

 

  • VW Bank UK’s Data Protection Officer can be contacted by email at DPO@vwfs.co.uk

Post: Volkswagen Bank GmbH trading as Volkswagen Bank United Kingdom Branch, Brunswick Court, Yeomans Drive, Blakelands, Milton Keynes 14 5LR.

Who can you contact if you have a question or a complaint?

 If you have any specific data protection concerns or a complaint, you can address it to our Data Protection Team at DPO@vwfs.co.uk

You also have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office, the data protection regulator in the UK, are below:

Post:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Call: 03031 231 113

If you wish to raise a complaint to the ICO, you can do so via their website under 'Make a complaint' at the following link: https://ico.org.uk/make-a-complaint/

If you would like further information about the identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs, this is explained in more detail and is accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document:

Call Credit: www.callcredit.co.uk/crain

Equifax: www.equifax.co.uk/crain

Experian: www.experian.co.uk/crain

If you would like further information regarding how the fraud prevention agencies process your personal data, you can view their privacy policies on their websites, as below:

CIFAS: www.cifas.org.uk

Hunter: www.nhunter.co.uk


If you wish to raise a complaint to the ICO, you can do so via their website under ‘Make a complaint’ on the attached link https://ico.org.uk/make-a-complaint/.