This fair processing notice (Privacy Notice) supplements any other privacy notices issued by us and/or our Partners and is not intended to override them.
We are Principal I Ltd. of Parsonage Business Park, Horsham, West Sussex RH12 4AL a company registered in England and Wales (company number 0290199) authorised and regulated by the Financial Conduct Authority with Firm Reference Number 662493 and our associated and subsidiary companies (Principal Group).
Our funding Partners include (i) Macquarie Corporate and Asset Finance 1 Limited , a company registered in England and Wales (company number 07815862) authorised and regulated by the Financial Conduct Authority with Firm Reference Number 726503 and with ICO registration number Z3230151 and (ii) Macquarie Corporate and Asset Finance 2 Limited , a company registered in England and Wales (company number 08253764) with ICO registration number Z3552160 both of whom have a registered office at Ropemaker Place, 28 Ropemaker Street, London, EC2Y 9HD who are part of the Macquarie group of companies (Macquarie Group), whose ultimate parent company is Macquarie Group Limited (50 Martin Place, Sydney, NSW 2000, Australia); (iii) BNP Paribas Leasing Solutions Limited, a company registered in England and Wales (company number 0901225) with ICO registration number Z5604882 whose registered office is at Northern Cross, Basing View, Basingstoke, Hants, RG21 4HL and (iv) CF Corporate Finance Limited, a company registered in England and Wales (company number 05414774) of Capital House, Raynham Road, Bishop's Stortford, Herts CM23 5TT
We, and each of our funding Partners respectively (and independently of one another) may act as data controllers in relation to personal data processed for the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679) and related data protection legislation.
If you have any questions about this fair processing notice or our data protection policies generally, please contact us:
By post: The Data Protection Controller, Principal Group, Parsonage Business Park, Horsham, West Sussex RH12 4AL
By email: firstname.lastname@example.org
By phone: 0333 240 8130
Our funding Partners are separate, distinct and independent from the Principal Group and from one another. In the event that you enter into an agreement and / or commercial relationship with any of our funding Partners, they will be acting as separate and distinct data controllers in their own right. Principal Group will provide you with details of the way in which each of the respective funding Partners manage personal data pursuant to the fair processing notices (FPNs) issued by such funding Partners from time to time. The FPNs of our funding Partners can be accessed via:
This fair processing notice applies where you are an individual (acting solely or jointly with another person for your own account or as a sole trader or as an attorney, trustee, partner in a partnership or member of an unincorporated club or association) or where you are a relevant individual (such as an owner, director, officer, partner or authorised signatory) of a company or other incorporated entity:
When going through the process of obtaining a quote or applying for a servicing and/or financing arrangement with us and or one or more of our funding Partners (whether on your own account or as a relevant individual), we receive, collect and process all the personal information that you, our customer or introducer provides to us, in any way such as your name, date of birth, residential address and address history, contact details such as email address and telephone numbers or your finance requirements (if applicable) and including the personal information contained in your identification documents (passport, driving licence and utility bills). We may also collect and process personal information about you that we obtain from public registers such as Companies House.
Purposes of processing. In order to provide a quote or process a servicing and/or financing application, we and/or our funding Partners may undertake checks with one or more fraud prevention agencies (FPAs). FPAs will process your personal data in order to provide us with information about you, which may include verification of identity and fraud prevention information.
Sharing of data. We will share your personal data with our funding Partners and FPAs, which will include information from your or your organisation's application for the above purposes. We, our funding Partners and FPAs, may permit law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
Lawful basis of processing. To comply with our legal obligations under the Anti-Money Laundering Regulations and we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with relevant laws.
Purposes of processing. In order to process a financing application, we and/or our funding Partners perform credit checks on you with one or more credit reference agencies (CRAs) at the time of the relevant financing application (or subsequently if you are a new relevant individual of a corporate entity). We may also make periodic searches at CRAs to manage your or your organisation's account with us, if we and/or our funding Partners suspect fraud or if we and/or our funding Partners believe that you have provided inaccurate data.
We and/or our funding Partners will supply your personal data to CRAs and they will give us and/or our funding Partners information about you including information about your financial situation and financial history. CRAs will supply to us and/or our funding Partners public (including electoral register) information as well as shared credit, financial situation and financial history information and fraud prevention information.
We and/or our funding Partners will use this information to: assess your creditworthiness and whether you or your organisation can afford to take the product and/or services; verify the accuracy of the data provided to us; prevent criminal activity, fraud and money laundering; manage your or your organisation's account(s); trace and recover debts; and ensure any offers provided to you or your organisation are appropriate to your circumstances.
Sharing of data. We and/or our funding Partners will continue to exchange information about you with CRAs while you have a relationship with us and/or our funding Partners. We and/or our funding Partners may/will (as applicable) inform the CRAs about your or your organisation's settled accounts, as well as advise them of any missing payment or other non-compliance with the contract(s) between you or your organisation and us and/or our funding Partners ("Contract"). If you or your organisation borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
Consequences of processing. When CRAs receive a search from us they may place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a partner or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner or financial associate successfully files for a disassociation with the CRAs to break that link.
Lawful basis of processing. Our processing activities relating to credit checks are necessary and are in our legitimate interests to ensure the creditworthiness of our customer and the effective administration of the customer’s agreement and commercial relationship with us.
Purposes of processing. We will process your personal data for the purpose assessing the application for services or financing against our criteria for such services or financing.
There may be circumstances in which we may also need to share your personal data with certain other third parties. The third parties to which we may transfer your personal data (and not already mentioned above include: (i) other members of the Principal or Macquarie Group; (ii) service providers acting as processors who provide IT and system administration services; (iii) professional advisers including lawyers, bankers, accountants, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services; (iv) any relevant regulatory authority or law enforcement agency, including HM Revenue & Customs, Financial Conduct Authority and any courts or tribunals; (v) third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.
Any sharing of your personal data will only take place either where we are legally obliged to do so or where it is in our legitimate interests to do so, including (i) to maintain network and information security; (ii) to undertake reference checks, credit checks and risk assessments; or (iii) to protect and defend our legal rights.
As part of the processing of your personal data, decisions may be made by automated means in connection with credit profiling and fraud or money laundering risk. This means we may automatically decline the provision of services or financing that you or your organisation have requested based on your credit profile with CRAs; or automatically decide you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers, or if you appear to have deliberately hidden your true identity, in which case we may refuse to provide the services and financing you or your organisation have requested or we may stop providing existing services to you or your organisation.
Some (but not all) of our funding Partners also may operate automated decision making.
You have rights in relation to automated decision-making, including the right to request a review of the accuracy of a decision that you are unhappy with. If you want to know more, please contact us using the details above.
Your personal data is protected by legal rights, which include your rights to request access to your personal data (commonly known as a "data subject access request"), request correction of the personal data that we hold about you, request erasure of your personal data, object to processing of your personal data, request restriction of processing of your personal data, request the transfer of your personal data to you or to a third party or withdraw consent at any time where we are relying on consent to process your personal data. If you want to exercise any of these rights, please contact us using the details above.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You also have the right to complain to the Information Commissioner's Office about how we are processing your personal data.
We will not hold your personal information for any longer than is necessary for the uses outlined above, unless we are required to keep your personal data longer to comply with the law and any regulatory requirements.
Such legal and regulatory obligations include our reporting obligations to the Financial Conduct Authority and HM Revenue & Customs, as well as our obligations under applicable legislation including the Money Laundering Regulations, Bribery Act 2010 and the Modern Slavery Act 2015.
Fraud and credit information. We, FPAs and CRAs may transfer your personal data outside of the European Economic Area (EEA). Whenever we or they transfer your personal data outside of the EEA, we or they will impose contractual obligations on the recipients of that data. Those obligations require the recipient to protect your personal data to the standard required in the EEA. We or they may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Transfers within the Macquarie Group. Whenever we transfer your personal data to any member of the Macquarie Group located outside of the EEA, we do so on the basis of an Intra-Group Data Transfer Agreement which has been signed by all relevant members of the Macquarie Group. This Intra-Group Data Transfer Agreement incorporates the European Commission controller to processor model clauses (C(2010) 593) and ensures that enforceable data subject rights and effective legal remedies for data subjects are available from any recipients within the Macquarie Group.
Where we need to collect personal data by law, or under the terms of a Contract and you fail to provide that data when requested, we may not be able to perform the Contract. In this case, we may have to cancel such financing or service you have with us but we will notify you if this is the case at the time.
The three main credit reference agencies Callcredit, Equifax and Experian (also called 'CRAs') each use and share personal data they receive about you that is part of, derived from or used in credit activity and this is explained in more detail in the Credit Reference Agency Information Notice available at any of the following:
Consumer services team Callcredit Limited
PO Box 491
Leeds LS3 1WZ
Phone: 0870 060 1414
Customer Service Centre PO Box 10036
Leicester LE3 4FS
Phone: 0844 335 0550
Consumer Support Centre Experian Ltd
PO Box 9000
Nottingham NG80 7WF
Phone: 0870 241 6212