1. Who we are
DivideBuy is the trading name of Rematch Credit Limited. Rematch Credit Limited registered and trading at First Floor, Brunswick Court, Brunswick Street, Newcastle-under-Lyme, ST5 1HH (“we”, “our”, “us”).
For the purposes of data protection law, we will be a controller of the personal information we hold about you. This means we make decisions about how and why your information is used and have a legal duty to make sure that your rights are protected when we use it.
2. What kinds of personal information can we hold about you?
We may collect and process the following:
Information about you – For example your name, age, gender, date of birth, nationality, NI number. We need this information to help us identify you, but also to allow us to contact you.
Contact Information– email, address, postcode and phone number
Information on goods/services – Details about the goods/services you purchase or order, including for example type of goods or shipment tracking number.
Online Information – For example cookies and IP address,your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
Financial Information – For example salary and bank account details, payment card details for any payments you make to us, potential credit commitments, negative payment remarks, previous payment and credit acceptances.
Audio Recordings – We record telephone conversations if you contact our customer services.
Information about the interaction between you and stores – Your dealings with stores you visit or shop with, such as information about whether you have received the goods, and type of store.
Family Information – For example marital status and relationship information should you have a guarantor
Sensitive Information (Special Category Data) – We do not collect any sensitive personal information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions or offences.
We will never require this type of data from you in order to provide you with our services You may, at your discretion provide us with this type of information on a strictly voluntary basis and based on your explicit consent.
3. How we use your personal information?
We shall process your personal information only to the extent, and in such a manner as is necessary for the following purposes:
- Setting up and administering your credit account;
- Verifying your identity and preventing fraud;
- To conduct, or arrange for a reputable Credit Reference Agency to conduct a credit check prior to entering into a contract of credit;
- Assessing and developing our products, systems, prices and brand;
- Assess which is the most suitable way to contact you to inform you about outstanding debts, perform debt collection services, to recover and sell debt;
- Researching our customers’ opinions and exploring new ways to meet their needs;
- For internal record keeping, archiving, technical support, computer system processing, security and maintenance and activity verification purposes;
- To provide you with information about changes or updates to DivideBuy services which affect your rights and obligations;
- Fulfilling any legal or regulatory obligations;
- To assist with the establishment, exercise or defence of legal claims;
- To provide you with promotional offers, new products and or services;
- To share with third parties for marketing purposes only in instances where you have provided consent;
- To run any competitions that you have opted in to; and
- Monitoring the use of our websites.
4. Where do we get your information from?
We collect information about you in the following ways:
Information provided by you – For example, the use of our service requires you to create an online account. In doing so, we will ask you for certain personal information such as your name, address, date of birth, telephone number and card payment details. We may also collect personal data provided by you over the telephone to our Call Centre, via our chat facility and orders via our website.
Information provided by third party retail partners – In instances where you have contacted a specific retailer directly and requested the provision of DivideBuy services they may pass on personal information such as name, contact and order details in order for us to be able to get in touch with you with a view to providing you with DivideBuy services. We only process the minimal amount of personal information required to enable us to enter into a contract with you.
Information provided by other sources-We obtain data from third party sources such as reputable credit reference agencies and fraud prevention agencies.
5. What are our legal grounds for using your personal information?
We are happy to provide you with free access to your personal information and this can be achieved by logging into your DivideBuy account or by contacting us using any of the methods set out in section 1 above.
|Legal Grounds||Uses of your information|
Your personal information may be processed when we receive your consent.
The consent you provide must be freely given, informed, specific, unambiguous and be given with a positive affirmative action.
You can withdraw your consent at any time.
To provide you with promotional offers, new products and or services;
Vulnerability information To be able to treat you as a vulnerable customer (if you, due to personal circumstances, are in a vulnerable position).
To run any competitions that you have opted in to.
|Necessary for the performance of a contract
The personal information you provide will be processed when it is necessary in order to enter into or perform a contract.
E.g. where we process your information to assess your application or to provide your credit.
|Setting up and administering your account;
To conduct, or arrange for a reputable Credit Reference Agency to conduct a credit check prior to entering into a contract;
To provide you with information about changes or updates to DivideBuy services which affect your rights and obligations;
For internal record keeping, archiving, technical support, computer system processing, security and maintenance and activity verification purposes;
|Necessary for compliance with a legal obligation
Your Personal information may be processed where DivideBuy has a legal obligation to perform such processing.
E.g. where we share information with our regulators or the courts.
|Verifying your identity and preventing fraud
We have a legal obligation to verify your identity with credit references agencies when you apply for credit.
Fulfilling any legal or regulatory obligations
For example, DivideBuy may have legal obligations to share data with regulators and other authorities.
|Necessary to protect vital interests
This will usually only apply in “life or-death” scenarios.
|We may disclose your information to the police or other authorities if we have serious concerns about your well being.|
Necessary for legitimate interests
We also use your information when we have a “legitimate interest” and that interest isn’t outweighed by your privacy rights. Your rights and freedoms are considered to ensure that we’re not being too intrusive or doing anything beyond your reasonable expectation. We’ll assess the information we need, so we only use the minimum.
If you want further information about processing under legitimate interests, you can contact us using the details below.
You also have the right to object to any processing done under legitimate interest. We’ll assess the balance between our interests and yours, considering your circumstances. If we have a compelling reason, we will continue to use your information.
We use legitimate interests for the following:
|Use of your information||Legitimate Interest(s)|
|Assessing and developing our products, systems, prices and brand.||We also need to grow and sustain our business, develop our brand and communicate with our customers and retailers.
We need to be able to identify groups of customers who might be interested in any new products or services we’re considering.
We need to carry out appropriate risk management, for example handling fraud risks.
|Assess which is the most suitable way to contact you to inform you about outstanding debts, perform debt collection services, to recover and sell debt.||We need to carry out appropriate debt recovery to ensure we ensure our business continues to be profitable.|
|Researching our customers’ opinions and exploring new ways to meet their needs;||We need to make sure our services are suitable for the intended audience and to identify gaps in the market.
We need to see how many categories of customers we have and to tailor our products and services accordingly.
We need to make sure our communications are easy to understand and that our services are being sold to the correct audience.
We need to make sure our research is efficient and connects with the right types of people, so we can be confident of any decisions we make based on the results.
|Monitoring the use of our websites. On our website we use a variety of technologies that collect information about how visitors use our website.||We need to make sure that our website is secure and works effectively.|
6. Who do we share your personal information with?
As you’d expect, our employees will access your records in order to use your information for the uses mentioned above. However, only those employees who need access to information are given it. For example, our customer service staff need access to your account to support you when you get in contact.
We may also share your personal information with the following categories of third parties:
Suppliers and Subcontractors – We share personal information with the suppliers and subcontractors we use in order to provide our services to you. Examples of such suppliers and subcontractors are software providers, data storage providers and business consultants.
Credit Reference Agencies (CRAs)–In considering whether to enter into a Credit Agreement, we may search your (and your Guarantor’s, where applicable) record(s) at CRAs. They may add to their records about you (and your Guarantor, where applicable) details of our search and your application and this will be seen by other organisations that make searches. You agree that we may do so.
We may also add to your records with the CRA details of your agreement with us, the payments you make under it and any default or failure to keep to its terms. These records will be shared with other organisations and may be used and searched by them and us to:
- Consider applications for credit and credit related services, such as insurance for you and any associated person;
- Trace debtors, recover debts, prevent or detect money laundering and fraud; and
- Manage your accounts.
Your payment behaviour may be reported back to the CRAs, which may affect your future credit score. When a CRA receives a credit application search from us, they will place a footprint on your credit file that will be seen by other lenders. The CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.
The CRAs will process your data in accordance with their own privacy notices and may also create or add details of our search and your application to their own records about you or (if applicable) your business. This and other information about you or, if applicable, your business and those with whom you are linked financially may be used to make credit decisions about you or your business.
The identities of the CRAs, and the ways in which they use and share personal data, are explained in more detail at https://www.transunion.co.uk/crain
Fraud prevention& identity verification agencies – It is important that you provide us with accurate information. We may check your details with fraud prevention agencies and if you provide false or inaccurate information, or we suspect fraud, this information may be recorded. Fraud prevention agency records will be shared with other organisations to help make decisions on credit, motor, household, life and other insurance proposals or claims for you and members of your household.
Retail partners– We share personal information with the retailers you visit or purchase from. This is done in order to allow us to execute and administer your purchase and administer your relationship with the retailer.
Payment Service Providers –We use a PCI compliant secure credit card processor and do not save your full credit card number on our information systems while placing an order.
Regulators & Legal Authorities– We may disclose necessary information to authorities such as the police, tax agencies or other authorities if we are required to do so by law, or under some circumstances if you have requested us to do so. One example of such legally required disclosures is disclosure for purposes of anti-money laundering.
Debt Collection Agencies – We may share your information when selling, or assigns to collect, unpaid debts to third parties, e.g. to debt collection agencies. This sharing of personal data is based on our legitimate interest in collecting and selling debts. The debt collection agencies may process your personal data in line with their own privacy notices, or on our behalf.
Sale of the company – If our company or substantially all of its assets are acquired by a third party, personal information held by it about its customers and employees will be one of the transferred assets.
We may also share non-personally identifiable information publicly and with our retail partners, for example information to show trends about the general use of our service. However, it will not be possible to personally identify you from this information.
7. Overseas Transfers
We sometimes use third parties located in other countries to provide support services. As a result, your personal information may be processed in countries outside the European Economic Area (EEA).
These services will be carried out by experienced and reputable organisations on terms which safeguard the security of your information and comply with the European data protection requirements.
These safeguards consist of ensuring that the third country is subject to an adequacy decision by the European Commission, by implementing the European Commission’s standard contractual clauses or ensuring that the recipient is registered with the US Privacy Shield.
The European Commission has recognised ‘standard contractual clauses’ as offering adequate safeguards to protect your rights and we’ll use these where required ensuring adequate protection for your information. We use standard contractual clauses for the below activities, to help us provide:
- IT support and technology development with operations based in India
- Our messaging facility is provided by a company based inthe US
We always ensure all personal information is provided with adequate protection and all transfers of personal information outside the EEA are done lawfully.
We take information security seriously at DivideBuy and we strive to protect ourselves and our users from unauthorised access, alteration, disclosure or destruction of any information that we hold. In particular:
- We encrypt our web service platform and subsequent applications.
- We provide a two-step verification process when you access your DivideBuy account.
- We review our information collection, storage and processing practices including physical security measures, to guard against unauthorised access to our systems.
- We restrict access to personal information to those DivideBuy employees, contractors and agents who need to know that information to be able to process it for us. Employees, contractors and agents are subject to strict contractual confidentiality obligations.
9. How long do we keep your information for?
We’ll keep your personal information for as long as it’s considered necessary, for the purpose for which it was collected, and to comply with our legal and regulatory requirements. This will involve keeping your information for a reasonable period after your relationship with us has ended.
In the absence of specific legal, regulatory or contractual requirements, any other personal information is kept for our baseline retention period – this is seven years after you have stopped using our services.
10. Do we make automated decisions about you or profile you?
Automated decision making with legal effects, or automated decisions with similarly significant effect, means that some decisions in our services are solely based on automatic means, without any interaction from any of our employees, and carry with them significant impact on you as a consumer.
We use this type of automated decision making when we:
- Decide to offer you our credit services, and subsequently grant you a credit;
- Decide not to offer you our credit services;
- Decide whether you pose a fraud or money laundering risk.
You always have the right to challenge an automated decision which carries a legal or similarly significant effect (together with the profiling connected to it), by contacting us at the details below.
11. What are my rights?
Your rights are outlined below. The easiest way to exercise any of your rights would be to contact our Data Protection Officer at the contact details provided. We’ll provide a response within 30 days, if not sooner. There’s normally no charge for exercising any of your rights.
Accessing your personal information
You have the right to find out what personal information we hold about you, in many circumstances.
Correcting or adding to your personal information
If any of your details are incorrect, inaccurate or incomplete you can ask us to correct them or to add information.
In some circumstances, you can ask us to send an electronic copy of the personal information you have provided to us, either to you or to another organisation.
Objecting to the use of your personal information for legitimate interests
You have the right to object to any processing done under legitimate interests. We’ll re-assess the balance between our interests and yours, considering your circumstances. If we have a compelling reason, we will continue to use your information.
Objecting to direct marketing
You have a specific right to object to the use of your information for direct marketing purposes, which we will always act upon.
Restricting the use of your personal information
If you are uncertain about the accuracy or our use of your information, you can ask us to stop using your information until your query is resolved. We will let you know the outcome before we take any further action in relation to this information.
Right to Erasure
You can ask us to delete your personal information in some circumstances, such as if your account has ended and we do not need to keep your information for legal or regulatory reasons. If we are using consent to process your information and you withdraw it, you can ask us to erase your information.
12. Right to complain to the supervisory authority
If you’re unhappy with how we are using your information, you have the right to complain to the Information Commissioner’s Office. We’d encourage you to contact us first, so we can deal with your concerns. The Information Commissioner’s Office can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
14. Changes to our privacy notice
This policy was updated in November 2019. We may update this Policy at any time. When we do, we will post a notification on the main page of our website and revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we hold.
15. Contact us