The protection of your personal data is important to the BNP Paribas Group of which Creation Financial Services Limited and Creation Consumer Finance Limited are a part. To access the BNP Paribas Personal Data Privacy Charter please click here.
This notice provides you with detailed information relating to the protection of your personal data by Creation Financial Services Limited, Chadwick House, Blenheim Court, Solihull, West Midlands, B91 2AA and Creation Consumer Finance Limited, 4th – 6th floor Wellington Buildings, 2-4 Wellington Street, Belfast, BT1 6HT (‘we’ or ‘us’ or ‘our’ or ‘Creation’).
We are responsible, as a controller, for the processing of your personal data in relation to our activities. We are committed to keeping your personal information private and secure. To help protect your rights, this notice explains how your personal information is collated, used and shared and how it is used for marketing purposes. It will advise you on your rights to obtain your personal data, have it corrected or restricted, object to it being processed and the ability to complain if you are dissatisfied.
We collect your personal data to support us in providing you with a high standard of personalised products and services.
The information we collect may include:
The data we use is either directly provided by you or it is obtained from the following sources:
When you provide us with third party personal data like the examples listed above, please remember to inform the individuals providing the data that we process the personal data and direct them to the present Data Protection Notice. We will also provide them this information when possible (for instance if we don’t have their contact details, we will not be able to contact them).
In certain circumstances, we may collect and use personal data of individuals with whom we have, could have, or used to have a direct relationship with such as prospective customers.
In the following section we describe how and why we use your personal data and draw your attention to some data processing we consider could be more impactful for you and, in some cases, may require your consent.
A. To comply with our legal and regulatory obligations
We use your personal data to comply with various legal and regulatory obligations, including:
B. To perform a contract with you or to take steps at your request before entering into a contract
We use your personal data to enter into and perform our contracts, including to:
C. To fulfil our legitimate interest
We use your personal data in order to deploy and develop our products or services, to improve our risk management and to secure our legal rights, including:
D. To provide you with personalised marketing communications about our products and services
Marketing - We may use your personal information to advise you about relevant products and offers (Marketing). We can only use your personal information for marketing if we have either your consent or a ‘legitimate interest’. Legitimate interest is where we have identified from a balancing test that there is a benefit in the information we provide to you as a customer. The balancing test undertaken for our marketing data processes is to ensure our marketing activities have fair and appropriate balance and that the processing does not override your interests and your rights.
We may ask you to confirm or update your marketing consent preferences if you take out any new products or services with us in future.
If you would like to change your marketing consent preferences or you would like to object or withdraw consent to the processing of your personal data, please do so by:
To find out how we use and manage cookies please go to www.creation.co.uk/about-us/cookie-policy
In order to fulfil our activities, we only share your personal data with:
Before we provide services, goods or financing to you and during the course of your relationship with us, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
Examples of the personal information that will be processed are:
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
As part of the processing of your personal data, we use various profiling techniques to assist us with running our business. By “profiling” we mean the automated analysis of personal data about an individual to evaluate certain things about that individual – basically drawing conclusions about an individual based on a statistical model. We may use these techniques in the course of evaluating applications for cards and/or loans for affordability and suitability, undertaking credit limit increase eligibility checks, to manage your account, and for marketing and targeted advertising purposes. We may also automatically decide that you pose a fraud or money laundering risk or if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. You have rights in relation to profiling / automated decision making: if you want to know more please see the following section on ‘How to update your information’.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us by email at firstname.lastname@example.org or write to us at Creation, Chadwick House, Blenheim Court, Solihull, B91 2AA.
In order to process your application we supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial situation and financial history. We do this to assess affordability, creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent fraud and criminal activity. We may also search the files of the Land Registry.
We will continue to exchange information about you with CRAs while you have a relationship with us, including about your settled accounts and any debts not fully repaid on time. Where you have a running account credit with us we may also make further periodic checks with CRAs to manage your account. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. The CRAs will have to place a search footprint on your credit file when we make a search and this may be seen by other lenders.
Where an application for credit has been unsuccessful, we may retain the personal information that we need in order to aid our individual statistical models and credit scoring models. This may include further processing of your data with the CRAs solely for this purpose. We rely on the legal basis that it is our legitimate interest to do this. This potential processing should not affect your ability to obtain credit in future nor should it leave any further footprint with the CRAs. Should you wish to object to this particular processing of your data please forward your objection to www.creation.co.uk/data-subject-rights-request
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail within the links detailed below:
Trans Union (formally Call Credit): www.transunion.co.uk/crain
In the circumstance where you are based in the Republic of Ireland (ROI) and you have applied for credit through your application process, your data will be shared with the Central Credit Register. Further information on the CCR is available by accessing the link below:
Central Credit Register: https://www.centralcreditregister.ie/borrower-area/data-protection-statement/
Note: Until 26 September 2021 data on ROI applications will be shared with the Irish Credit Bureau (ICB) which ceases to exist on 1 October 2021 and will delete all its records shortly thereafter that date.
Countries within the European Economic Area (EEA) including the ROI, have similar standards of legal protection for your personal information. We may run your accounts and provide services from centres outside of the UK (such as France) or through Group entities and partners outside the EEA (such as USA or India). For countries outside of the UK and/or EEA who have adequate levels of data protection, your personal data will be transferred on this basis.
When transferring your personal data outside the UK we shall impose contractual obligations on the recipients of that data so that it is protected to the same standard as required in the UK. For ROI customers the data will be protected to the same standard as required in the EEA.
Whenever fraud prevention agencies transfer your personal data outside of the UK, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the UK. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
We will only keep your information for as long as we need to and where we have a legitimate reason to do so for example account maintenance or responding to customer queries. On account closure or after an unsuccessful credit application your data is held for six years. There may be instances where we are asked to retain information for longer due to legal or regulatory reporting requirements.
You can access your personal data we hold by contacting us by:
Please do advise us of your telephone number and if applicable your Account/Agreement number (on your statement) on your correspondence and on receipt we will contact you by phone to verify your identify and to go through the details of your request. For further information on accessing your personal data, please go to www.creation.co.uk/data-subject-rights-request.
If you would like to change, amend, restrict and or erase your data to the extent permitted by law, please contact us by:
email us at email@example.com
telephone by calling 0371 402 8910
write to us at Creation, Chadwick House, Blenheim Court, Solihull, B91 2AA.
Our customers really matter to us and we are committed to providing you with a great customer experience. If issues do arise, our aim is to resolve them as quickly as possible and make sure you are satisfied with the outcome. To make a complaint please contact: Customer Enquiries by calling 0371 402 8910
If for some reason we have not been able to resolve your complaint within eight weeks of receipt, or if you are not satisfied with our final response, UK customers can contact the Information Commissioner UK:
Information Commissioner, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Telephone: 01625 545745
Fax: 01625 524510
If for some reason we have not been able to resolve your complaint within eight weeks of receipt, or if you are not satisfied with our final response, ROI customers can contact our representative at:
For the Attention of: Chief Risk Officer, GREENVAL INSURANCE DAC, 10 -11 Trinity Point,
Leinster Street South, Dublin 2, D02 EF85 or email firstname.lastname@example.org
or, alternatively you can contact the Data Protection Commission:
Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
or by webform: https://forms.dataprotection.ie/contact
Your personal data is held in secure databases to protect it from theft or being altered. All access to these databases are controlled and monitored to ensure only authorised personnel have access to your data. When your data is sent to a third party that you have agreed to, the data is also sent in an encrypted format and the third party will use the same levels of encryption and security that we use. Our data processing estate is continually monitored and updated to ensure the level of security meets best industry practice and is in accordance with all the laws, regulations and standards required to protect your personal data.
We may need to regularly update this Data Protection Notice. The latest version of this notice is available online and we will inform you of any changes through our website or through our other communication channels.
If you have any questions relating to the use of your personal data under this Data Protection Notice, please contact our Data Protection Officer at Creation, Chadwick House, Blenheim Court, Solihull, B91 2AA.
This Data Protection Notice was last reviewed on 27th September 2021.