Privacy Policy and Cookie Statement

Privacy Policy and Cookie Statement

Effective date: 1st January 2020

Our commitment to your privacy – Your information will be held by Finance House plc, a company registered in Malta with company registration number C58869 and having its registered office situated at Aries House, Mdina Road, Żebbuġ Malta (hereinafter referred to as the ‘Company’).

This Privacy Policy is intended to help you understand why and how we may use information which relates to you.

  1. Your Personal Data:

    We collect and process various categories of personal information at the start of and for the duration of your relationship with us as per Section 2 below. We will limit the collection and processing of information to information necessary to provide the services required. Depending on the services we are providing you, we may require and collect the following information:

    • basic personal information, including but not limited to, name and address;

    • other specific personal data, including but not limited to, the date of birth, nationality, country of birth and contact details;

    • the name and surname of your representative;

    • your identity card number;

    • your occupation;

    • financial information, including account and transactional information and history;

    • information about your family (such as dependents, marital status, next of kin and contact details);

    We may also process certain special categories of information for specific and limited purposes. We will only process special categories of information where we have obtained your explicit consent or we are otherwise permitted by law to do so.

    If the data provided by you refers to third-parties, you agree and confirm to having obtained and received their prior consent to providing information on them, and to have informed them, before including them in our documentation.

  2. When and how we collect information about you:

    1. As you use our services, make enquiries, and engage with us, information is gathered about you. We gather and generate information about you when you provide it to us or interact with us directly. We may also receive information about you from other sources, including publicly available sources. We may combine information that we have about you from various sources, including the information that you have provided to us.

    2. Furthermore, we may receive personal or sensitive data relating to you and/or your dependents, spouse, partner, family from third-parties such as Insurance Companies agents or brokers, Court Judgments database, the Registry of Companies, World Check, Malta Association of Credit Management (MACM), fraud-detection and credit-reference agencies and other sources which are available to the public, which entities are all legally entitled to communicate such data and that such data is processed for the stated purposes.

  3. Use of your personal data:

    1. We may use your personal data to:

      • To be able to provide the product or service that you have applied for, in order to fulfil our contract with you

      • For internal assessment and analysis (including credit and/or behaviour scoring, market, product analysis, risk management, and in order to protect our legitimate interest)

      • If necessary to obtain quotations, financing policy documents, financing payment terms, any insurance policy quotes from third-party insurance brokers or agents and any other expenses or matters directly related to the purchase of Motor Vehicle as requested by you, from third-party service providers, and for such purpose we shall disclose your personal information to such third-party service providers;

      • To communicate with you and provide you with information about our services, including direct marketing communications;

      • answer your questions and request for services, and solicit your feedback;

      • process payments as agreed with you;

      • send statements, invoices and other documents;

      • send important notices, such as changes to our terms, conditions and policies;

      • send you technical notices, updates, security alerts and support and administrative messages;

      • for internal purposes such as auditing, data analysis and research to help us deliver and improve our services;

      • to ensure we have up-to-date contact information for you;

      • to confirm the fulfilment and non-fulfilment of financial obligations.

    2. We may also be required to processes your personal data for the purpose of:

      • compliance with applicable laws, rules, regulations, guidance and codes;

      • compliance with demands or requests made by local and foreign regulators, governments, courts and law enforcement authorities, and complying with a court process, or in connection with any litigation;

  4. The basis on which we process your personal data:

    We have described the legal grounds for which your information may be used in detail below:

    • Contractual necessity: its use is necessary in relation to a service you have requested from us or in relation to an agreement that you have entered into or because you have asked for something to be done so you can enter into an agreement with us. Please note that if you do not agree to provide us with the requested information, it may not be possible for us to continue to provide products and services to you.

    • Our legitimate interests: we may process your personal data where it is in our legitimate interests to do so, without prejudicing your interests or fundamental rights and freedoms.

    • Legal obligations: when you engage us to provide you with our services (and throughout your relationship with us), we are required by law to collect and process certain personal data about you. Its use is necessary because of a legal obligation that applies to us (except an obligation imposed by a contract); and

    • You have consented or explicitly consented to the using of your data (including sensitive data) in a specific manner.

  5. Recipients and Sharing of your personal information:

    1. Your personal data will be received by the Company representatives and employees.

    2. Whilst you are our customer we undertake the responsibility not to transfer or exchange any information that we hold about you unnecessarily to or with any third-parties without first obtaining your written consent. Nevertheless, and in line with our regulatory and legal obligations, there may be instances during the course of providing you with our services where we may be required to disclose, share or exchange some or all of your personal information, whether sensitive or otherwise, to the following persons:

      • Banking and Financing Service Providers in order to obtain quotations for your acquisition of the product as requested by you.

      • Other brokers, banks, financial institutions being in Malta or overseas to seek terms from the international market.

      • Our professional advisors and auditors strictly as required for consultation purposes or for compliance with our legal obligations or legal action;

      • regulators, governments and law enforcement authorities as and when this is required under applicable laws and regulations;

      • courts, tribunals, arbitrators or other competent bodies who may have authority to request such personal information; and

      • other third-parties in connection with our selling, merging, buying, or reorganising all or any part of our business, or carrying out any similar change of our business (including any potential or actual purchaser of that business or that purchaser’s advisors).

  6. How long we keep your personal data:

    1. We will retain your personal data for only as long as appropriate to fulfil the purposes for which we collected your personal data, unless the law permits or requires that the Company retains it for longer.

    2. We may also retain your information where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that we will be able to produce records as evidence, if they’re needed.

    3. We may also retain your information where we are of the opinion that it is so necessary to do so in the interest of the Company.

  7. Security of Data:

    1. We use and maintain appropriate administrative, technical and organizational measures designed to help safeguard the confidentiality and integrity of your personal data and to protect it against accidental or unlawful destruction, accidental loss, unauthorized alteration, disclosure or access, misuse, and any other unlawful processing of the personal data in our possession.

    2. We try not to keep physical files however in the event such files are so required the information therein will be limited to the data which is so required to process the information.

    3. Any database will be held under lock and key and shall not be left stored on an unsecure device, however we may store third-party storage platforms, such as a cloud system.

    4. Any information transferred or shared with third parties or suppliers will only be limited to any obligation legally imposed on the Company, nevertheless any third-parties or suppliers shall be fully compliant with the General Data Protection Regulation and the Data Protection Act Chapter 586 of the Laws of Malta.

  8. Your Rights:

    You have various rights in relation to your personal data. In particular, you have a right to:

    • obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you;

    • ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;

    • in certain circumstances as allowed by law, ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data;

    • withdraw consent to our processing of your personal data (to the extent such processing is based on consent);

    • receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract);

    • object to our processing of your personal data; and

    • to be duly informed that if at any stage a breach of personal data occurs, the Company is bound to notify you and the regulator, within 72 hours from such occurrence. The Company is bound to provide you with a report explaining what action was taken and how such matter is to be resolved.

  9. Cookie Policy

    Tracking & Cookies Data:

    We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

    Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

    You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

    Examples of Cookies we use:

    • Session Cookies. We use Session Cookies to operate our Service.

    • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.

    • Security Cookies. We use Security Cookies for security purposes.

  10. Service Providers

    We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

    These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

  11. Analytics

    We may use third-party Service Providers to monitor and analyze the use of our Service.

  12. Google Analytics

    Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

    You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en

  13. Links To Other Sites

    Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

    We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

  14. Children’s Privacy

    Our Service does not address anyone under the age of 18 (“Children”).

    We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

  15. How to contact us:

    If you have any questions about how your personal data is collected, stored, shared, or used, or if you wish to exercise any of your data rights, please contact our Data Protection Officer on [email protected].

  16. Changes to this Privacy Policy:

    In the event that this Policy is revised, you will be notified without delay, and where appropriate, the Company will do so by SMS, email or snail mail.