1. Introduction
Car Finance Claims Pro ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our car finance claims assessment and complaint letter generation services.
πͺπΊ UK GDPR Compliance
This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are registered with the Information Commissioner's Office (ICO) under registration number: [ICO Registration Number]
1.1 Who We Are
- Data Controller: Car Finance Claims Pro
- Registered Address: 123 Finance Street, London EC1A 1BB, United Kingdom
- Data Protection Officer: privacy@carfinanceclaimspro.com
- ICO Registration: [ICO Registration Number]
1.2 Scope of This Policy
This Privacy Policy applies to:
- Our website: carfinanceclaimspro.com
- Our eligibility assessment service
- Our complaint letter generation service
- Customer support communications
- Payment processing systems
- Any related services we provide
2. Information We Collect
2.1 Personal Information You Provide
When you use our services, we collect the following personal information:
| Data Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Identity Data | Full name, title, date of birth | Service provision, identity verification | Contract performance |
| Contact Data | Email address, phone number, postal address | Communication, service delivery | Contract performance |
| Financial Data | Finance agreement details, APR, loan amount | Eligibility assessment, complaint generation | Contract performance |
| Transaction Data | Payment details, billing information | Payment processing, accounting | Contract performance |
| Technical Data | IP address, browser type, device information | Service improvement, security | Legitimate interests |
| Usage Data | How you use our service, pages visited | Service improvement, analytics | Legitimate interests |
2.2 Information We Collect Automatically
When you visit our website or use our services, we automatically collect:
- Device Information: Device type, operating system, browser version
- Usage Analytics: Pages visited, time spent, click patterns
- Location Data: Approximate location based on IP address
- Session Information: Login times, session duration
- Performance Data: Page load times, error reports
2.3 Data Flow Visualization
How Your Data Moves Through Our System:
2.4 Sensitive Personal Data
β οΈ Special Category Data
We do not intentionally collect sensitive personal data (special category data under UK GDPR) such as:
- Health information
- Political opinions
- Religious beliefs
- Trade union membership
- Genetic or biometric data
If you accidentally provide such information, please contact us immediately so we can delete it.
3. How We Use Your Information
3.1 Primary Uses
We use your personal information for the following purposes:
π― Service Provision
- Assess your eligibility for car finance compensation claims
- Generate professional complaint letters tailored to your case
- Provide ongoing support throughout the claims process
- Process payments for our services
- Maintain your customer account and preferences
π Communication
- Send service-related notifications and updates
- Respond to your inquiries and support requests
- Provide claim progress updates and reminders
- Send important service announcements
- Request feedback on our services
βοΈ Legal and Compliance
- Comply with legal obligations and regulatory requirements
- Prevent fraud and ensure service security
- Resolve disputes and enforce our terms
- Maintain records for audit and compliance purposes
π Service Improvement
- Analyze usage patterns to improve our algorithms
- Enhance website performance and user experience
- Develop new features and services
- Conduct statistical analysis and research
3.2 Marketing Communications
π§ Marketing Preferences
We will only send you marketing communications if:
- You have explicitly opted in to receive them
- You are an existing customer and the communications relate to similar services
- You have not opted out of receiving such communications
You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.
3.3 Automated Decision Making
Our eligibility assessment process includes automated decision-making systems that:
- Analyze your finance agreement against FCA benchmark rates
- Calculate potential compensation amounts using proprietary algorithms
- Generate confidence scores based on historical data
- Identify relevant legal precedents for your case
You have the right to:
- Request human review of automated decisions
- Express your point of view about the decision
- Contest automated decisions that significantly affect you
4. Legal Basis for Processing
Under UK GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases:
| Legal Basis | Data Processed | Purpose |
|---|---|---|
| Contract Performance (Article 6(1)(b)) |
All service-related data | Providing our car finance claims services as agreed |
| Legitimate Interests (Article 6(1)(f)) |
Analytics, security, marketing data | Service improvement, fraud prevention, business development |
| Legal Obligation (Article 6(1)(c)) |
Financial records, identity data | Compliance with tax, accounting, and regulatory requirements |
| Consent (Article 6(1)(a)) |
Marketing communications, cookies | Optional marketing communications and non-essential cookies |
4.1 Legitimate Interests Assessment
Where we rely on legitimate interests, we have conducted balancing tests to ensure our interests do not override your fundamental rights and freedoms. Our legitimate interests include:
- Improving our services and algorithms
- Ensuring the security and integrity of our systems
- Preventing fraud and abuse
- Understanding how our services are used
- Growing our business responsibly
5. How We Share Your Information
5.1 Third-Party Service Providers
We share your personal information with carefully selected third-party providers who help us deliver our services:
| Service Provider | Purpose | Data Shared | Location | Safeguards |
|---|---|---|---|---|
| Google Cloud Platform | Cloud hosting and storage | All service data | UK/EU | Data Processing Agreement, UK GDPR compliance |
| Stripe | Payment processing | Payment and billing data | Global | PCI DSS certified, Data Processing Agreement |
| SendGrid | Email delivery | Contact data, email content | Global | Data Processing Agreement, UK GDPR compliance |
| Google Analytics | Website analytics | Anonymized usage data | Global | Data anonymization, privacy controls |
5.2 When We May Disclose Information
We may disclose your personal information in the following circumstances:
βοΈ Legal Requirements
- To comply with court orders, warrants, or legal processes
- To respond to requests from law enforcement or regulatory authorities
- To comply with tax, accounting, or other legal obligations
- To protect our legal rights or defend against claims
π‘οΈ Safety and Security
- To prevent fraud, abuse, or illegal activities
- To protect the safety of our users or the public
- To investigate security incidents or breaches
π’ Business Transfers
- In connection with mergers, acquisitions, or asset sales
- During business restructuring or reorganization
- As part of bankruptcy or insolvency proceedings
π« What We Never Do
- Sell your personal information to third parties
- Share data with marketers without your consent
- Use your data for purposes other than those stated
- Transfer data outside the UK without adequate protections
6. Data Security
6.1 Technical Safeguards
π Our Security Measures
- Encryption: 256-bit SSL/TLS encryption for data transmission
- Storage: AES-256 encryption for data at rest
- Access Controls: Multi-factor authentication and role-based access
- Monitoring: 24/7 security monitoring and intrusion detection
- Backups: Regular encrypted backups with geographic distribution
- Networks: Firewalls, VPNs, and network segmentation
6.2 Organizational Measures
- Staff Training: Regular data protection and security training
- Access Management: Strict need-to-know access principles
- Incident Response: Formal incident response and breach notification procedures
- Audits: Regular security audits and penetration testing
- Policies: Comprehensive data protection and security policies
- Vendor Management: Due diligence and monitoring of third-party providers
6.3 Data Breach Procedures
In the event of a data breach, we will:
- Immediate Response (0-1 hours): Contain the breach and assess the scope
- Investigation (1-24 hours): Investigate the cause and impact
- Notification (72 hours): Notify the ICO if required by law
- Customer Notification (Without undue delay): Inform affected customers if there's a high risk
- Remediation (Ongoing): Implement measures to prevent future breaches
6.4 International Transfers
If we transfer your data outside the UK, we ensure adequate protection through:
- Adequacy decisions by the UK government
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules where applicable
- Certification schemes and codes of conduct
7. Your Privacy Rights
Under UK GDPR, you have the following rights regarding your personal data:
π Right of Access
You can request a copy of the personal data we hold about you, including details about how we use it.
How to exercise: Email privacy@carfinanceclaimspro.com with proof of identity.
βοΈ Right to Rectification
You can ask us to correct inaccurate or incomplete personal data.
How to exercise: Contact support with the correct information and verification.
ποΈ Right to Erasure
You can request deletion of your personal data in certain circumstances.
How to exercise: Email privacy@carfinanceclaimspro.com with your request and justification.
βΈοΈ Right to Restrict Processing
You can ask us to limit how we use your personal data in specific situations.
How to exercise: Contact us with details of why processing should be restricted.
π¦ Right to Data Portability
You can receive your personal data in a machine-readable format or have it transferred to another service.
How to exercise: Request data export through our customer portal or email us.
π« Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes.
How to exercise: Click unsubscribe in emails or contact privacy@carfinanceclaimspro.com.
7.1 How to Exercise Your Rights
To exercise any of your rights:
- Contact Us: Email privacy@carfinanceclaimspro.com or use our online form
- Verify Identity: Provide proof of identity to protect against unauthorized access
- Specify Request: Clearly state which right you want to exercise and provide relevant details
- Response Time: We will respond within one month (extendable to three months for complex requests)
7.2 Right to Complain
π Making a Complaint
If you're unhappy with how we handle your personal data, you can:
- Contact us first: privacy@carfinanceclaimspro.com
- File a complaint with the ICO:
Website: ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
9. Data Retention
9.1 Retention Periods
We retain your personal data for different periods depending on the type of data and purpose:
| Data Type | Retention Period | Reason |
|---|---|---|
| Customer Account Data | 7 years after account closure | Legal obligations, potential claims |
| Financial Transaction Data | 7 years | Tax and accounting requirements |
| Service Usage Data | 3 years | Service improvement, analytics |
| Marketing Data | Until consent withdrawn | Consent-based processing |
| Support Communications | 3 years | Quality assurance, training |
| Website Analytics | 26 months (Google Analytics) | Business analytics, optimization |
9.2 Secure Deletion
When data reaches the end of its retention period, we:
- Securely delete data from all systems and backups
- Use industry-standard data destruction methods
- Maintain logs of deletion activities
- Verify complete data removal
9.3 Legal Hold
We may retain data beyond normal retention periods if:
- Legal proceedings are pending or reasonably anticipated
- Regulatory investigations are ongoing
- You have made a data subject request that requires investigation
- We have a legitimate business need to retain the data
10. Children's Privacy
π Age Restrictions
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.
If you are under 18, please do not:
- Use our services
- Provide any personal information
- Create an account with us
If we become aware that we have collected personal information from a child under 18, we will delete it immediately.
Parents or guardians who believe their child has provided personal information to us should contact us immediately at privacy@carfinanceclaimspro.com.
11. Policy Updates
11.1 Changes to This Policy
We may update this Privacy Policy from time to time to reflect:
- Changes in our services or business practices
- New legal or regulatory requirements
- Improvements in data protection practices
- Changes in technology or security measures
11.2 Notification of Changes
When we make material changes to this policy, we will:
- Update the "Last Updated" date at the top of this policy
- Send email notifications to registered users
- Display prominent notices on our website
- Provide in-app notifications where applicable
- Request new consent if required by law
11.3 Previous Versions
You can request copies of previous versions of this Privacy Policy by contacting privacy@carfinanceclaimspro.com.
12. Contact Information
Privacy and Data Protection Contacts
For any questions about this Privacy Policy or our data practices:
π Data Protection Officer
Email: privacy@carfinanceclaimspro.com
Response Time: Within 48 hours
Postal Address:
Data Protection Officer
Car Finance Claims Pro
123 Finance Street
London EC1A 1BB
π Subject Access Requests
Email: sar@carfinanceclaimspro.com
Processing Time: Within 1 month
Required Information:
β’ Proof of identity
β’ Specific data requested
β’ Contact details
π¨ Data Breach Reporting
Email: security@carfinanceclaimspro.com
Phone: 0800 123 4567 (24/7)
Urgent Only: For suspected data breaches or security incidents
π General Privacy Questions
Email: support@carfinanceclaimspro.com
Phone: 0800 123 4567
Hours:
Monday - Friday: 9:00 AM - 6:00 PM
Saturday: 10:00 AM - 4:00 PM
πͺπΊ Regulatory Information
ICO Registration Number: [Your ICO Registration Number]
Data Controller: Car Finance Claims Pro
Legal Basis Assessment: Available upon request
DPIA Records: Available for high-risk processing activities