Privacy Policy
Introduction
This Privacy Policy explains what personal data we collect, why we collect it, and how we use and store it. It covers information you provide to us directly, such as when you interact with our website or services, as well as information we may collect indirectly through third parties or other sources.
This Policy applies to all services we offer, unless stated otherwise.
It also details how we protect the personal data we hold, whether obtained directly from you or gathered indirectly.
We reserve the right to update this Privacy Policy at any time.
Who are we
Star Asset Finance Limited (STAR) is a company incorporated in Guernsey under company number 58708. It is registered with Companies House in England under company number FC038938. STAR is a group of Asset and Vehicle Finance companies based in the United Kingdom. The subsidiaries are listed below:
| Firm Name | Address | Company Number | Financial Conduct Authority Registration Number | ICO Registration Number |
|---|---|---|---|---|
| Credo Capital Finance Limited | Capital House, Unit I-J Iceni Court, Delft Way, Norwich NR6 6BB | 07073329 | 670362 | Z2063154 |
| First Capital Finance Limited | Capital House, 1084-1086 Christchurch Road, Bournemouth, Dorset, BH7 6DT | 04092381 | 679066 | Z5306006 |
| Ignition Credit PLC | Sterling House, Green Court, Truro Business Park, Truro, Cornwall, TR4 9LF | 04315993 | 679018 | Z9155412 |
| Kennet Equipment Leasing Limited | Kennet House, Temple Court, Temple Way, Coleshill, B46 1HH | 02569928 | 676024 | Z5688152 |
Each of these companies are the controller of personal data relating to individuals for the purposes of providing products and services, relationship management, marketing and business development.
Privacy Statement
We are committed to protecting your personal data and maintaining the integrity and security of any information we process. It is important that you read this Privacy Policy carefully, as it outlines key details about how we handle your personal data, including:
• The types of personal information we collect
• The legal grounds we rely on to process your information
• How we use your personal data
• Who we may share your information with
• Your rights under data protection laws
If you have any questions about this Privacy Policy, please contact the subsidiary company you are engaging with for further assistance.
What personal data do we collect about you?
We collect personal data about you when you apply to purchase our goods and/or services. This may include personally identifiable information (such as your name and date of birth), contact details (including your phone number, address, and email), and financial information (such as income details, bank statements, financial accounts, and credit reference data).
In some cases, we may also process special categories of personal data (also known as sensitive data), such as information relating to your health or medical conditions. Where this is necessary, we will obtain your explicit and informed consent before processing such data.
Some of that personal data comes directly from you, whilst other times it will be shared with us by a third party.
Data provided by third parties:
- Data from persons that introduce you to us: for example brokers, product suppliers, financial advisers, agents, finance providers or other third parties
- Data from credit reference agencies, most likely to be either Experian, Creditsafe, Equifax or CallCredit
- Data from fraud prevention agencies
- Publicly available information: for example, from the land registry, companies house, the electoral register, other information available online or in the media, including social media
- Data from your representatives where relevant: for example, your legal and financial advisers such as lawyers and accountants*
- Data from your employers and medical data where relevant**
**In certain circumstances we may ask you to provide us with medical information if we determine that this is a requirement for us to either proceed to enter into the agreement with you or once we have entered into the agreement with you determine that the same is necessary for whatever reason. Full details as to the reason for our request and how we will use this information will be given to you at the time should we request such information from you. You will be asked to consent to the provision of this information.
*We may also require a statement signed by an independent qualified accountant as to your financial worth which may include information such as your gross and net worth, your assets and liabilities and information as to your available collateral or security. You will be asked to consent to the provision of this information.
Our legal grounds for handling your personal data
The UK’s data protection laws allow us to use your personal data if we have a lawful basis to do so. This includes sharing it in certain circumstances, as described below.
We consider we have the following reasons (legal bases) to use your personal data:
- Performance of contract
- Compliance with our legal obligations
- Legitimate interest
- Consent
Contractual Necessity
We collect personal information from you when you request our products or services, as part of entering or fulfilling a contract with you. This means we require certain information to provide and manage the products or services you have requested. We process your personal data for the following contractual purposes:
- Supplying you with our products
- Enabling access to and use of our services
- Managing and maintaining your account with us
- Communicating with you regarding our products and services
- Contacting you about matters related to your account (which may include recording or monitoring calls for quality and regulatory purposes)
Legal Obligation
We may process your personal data where it is necessary for us to comply with legal or regulatory obligations to which we are subject. This includes obligations under financial services regulation, data protection law, and other applicable legislation.
We also cooperate fully with the Information Commissioner’s Office (ICO) in relation to any data protection matters. Where required by law or regulation, including where requested by national law enforcement or regulatory bodies, we may process your information to meet those obligations.
Legitimate Interest
We may process your personal data where it is necessary for our legitimate business interests, if we carefully assess and balance any potential impact on your rights and freedoms under applicable data protection laws.
This legal basis allows us to use your information in ways that support our business operations, enhance the services we provide, and ensure a better customer experience, while always respecting your privacy. We will never allow our legitimate interests to override your fundamental rights and freedoms.
Examples of when we may rely on legitimate interests include:
- Marketing products and services that are similar or related to those you have previously engaged with
- Sending you newsletters or marketing communications that we believe may be of interest to you
- Providing updates about our products or services
- Maintaining accurate records of our communications and interactions with you for evidential and administrative purposes
- Contacting you to arrange meetings, share insights, or explore business development opportunities
- Improving, customising, and enhancing our services and communications to better meet your needs
- Evaluating the effectiveness of our marketing efforts to shape future strategies
- Conducting statistical or analytical research to better understand how our services are used and how we can improve them
- Marketing business customers using data sourced from approved third parties
Please note that you have the right to object to any processing carried out on the basis of legitimate interest. You can exercise this right or update your marketing preferences at any time by opting out through the communications you receive or by contacting the relevant subsidiary company.
Consent
We must obtain your explicit consent before processing your personal data for any purpose beyond the original reason it was collected.
When we seek your consent, we will provide you with clear and sufficient information to help you make an informed choice. Consent will only be collected through a clear, positive action that you freely give, indicating your agreement to specific purposes.
You have the right to withdraw your consent at any time. You can do this by opting out of future marketing communications as they are sent or by contacting the subsidiary company you are dealing with.
Data Subject Rights
Under applicable data protection laws, you have certain rights regarding how your personal data is processed. These include:
- The right to access your personal data
- The right to correct or update inaccurate information
- The right to request deletion of your data
- The right to restrict or limit how your data is processed
- The right to object to certain types of processing
- The right to receive your data in a portable format
- The right to file a complaint with the Information Commissioner’s Office (ICO)
- The right to know the source of any personal data we have obtained indirectly
- The right to be informed about any automated decision-making processes involving your data
Dependant on the circumstances we do not always have to comply with your request, for example we may have a legal obligation for retaining data so we would be unable to completely delete it.
For more information on Data Subject Rights please refer to the ICO website here.
Use of AI and Automated Decision-Making
We use artificial intelligence and automated decision-making technologies to enhance our marketing efforts and customer service experience. These tools help us tailor communications, recommend relevant products or services, and respond efficiently to customer inquiries.
Where automated decisions significantly affect you, we ensure appropriate safeguards are in place, including the ability to request human review.
If you have any questions or concerns about how automated decision-making is used, please contact the relevant subsidiary company.
Credit and Fraud Prevention
When we, and, fraud prevention agencies process your personal data, we do so on the basis that we have a legal obligation in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested. We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
In order to process your application, we may supply your personal information to credit reference agencies (CRAs) in which case they will give us information about you, such as about your financial history. We do this to assess your creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. When CRAs receive a search from us they may place a search footprint on your credit file that may be seen by other lenders and used to assess applications for finance from you and members of your household. The CRA may also share your personal information with other organisations. We may also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. We can provide you with the identities of the CRAs and the ways in which they use and share personal information upon your request. More information about CRAs and how they use your personal data is available at CRAIN.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, leasing, financing or employment to you. If you fail to provide us with data we require, this may delay or prevent us from entering into a contract with you and or complying with our obligations. Depending on the importance of the data, it may mean that we are entitled to terminate an agreement with you. If you have any questions about the above, please contact us on the details above.
Sharing data
We share your data with approved third-party providers that have adequate data protection measures in place that align with the requirements of the data protection regulation, such as:
| Third-party provider | Legal basis |
|---|---|
| Systems/CRM providers | Performance of a Contract |
| Auditors | Performance of a Contract |
| Funders | Performance of a Contract |
| Insurance Firms | Performance of a Contract |
| Collections Agents | Performance of a Contract |
| Solicitors | Performance of a Contract |
| Credit Reference Agencies | Performance of a Contract |
| Fraud Agencies | Performance of a Contract |
We also share your personal data across the subsidiary companies within STAR when you apply to buy any of their goods and/or services. We have a legal obligation for our regulated customers, under the Financial Conduct Authority regulation, to create a single view of your financial situation and to mitigate any potential risk of you becoming over indebted because of any additional lending. For all customers, including unregulated customers, sharing of your personal data in this way also allows STAR to monitor and manage any concentration risk or credit risk exposure to its business.
From time to time, we may provide your information to our partners, third parties and customer service agencies for research and analysis purposes so that we can monitor and improve the services (or as the case may be) we provide. We may contact you by post, e-mail or telephone (or as required) to ask you for your feedback and comments on our services (or as the case may be).
If you would like a full list of the companies we share your data with please contact us, we can also provide a full list of all the funders we use and copies of their privacy policies.
We do not share information outside the EU.
Complaints
If you are unhappy about how your personal data has been used by us, please contact the relevant subsidiary and they will send to you our Complaints Process, this can also be found on our website.
You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data. You can contact them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, on 0303 123 1113 or by email to casework@ico.org.uk. See also https://ico.org.uk/global/contact-us/
Data Retention
We will retain your personal data throughout the duration of your agreement and or as long as you are a customer with us. We may retain your personal data beyond this date for the purposes mentioned above and will in any case at all times retain your personal data for the minimum period required by law. We may also retain your data to deal with any disputes, to maintain records and to show we have dealt with you fairly.
We may also retain your data for research and statistical purposes in which case we will ensure it is kept private and used only for these purposes.
Data about live and settled accounts is kept on credit files for six years from the date they’re settled or closed. If the account is recorded as defaulted, the data is kept for six years from the date of the default.
Open Banking
This section of our Privacy Policy relates to Open Banking and should be read in conjunction with the other clauses in our Privacy Policy. In the event of conflict with any other clauses, this clause shall prevail.
What is Open Banking?
Open Banking is the secure way of providing access to your bank or building society account to providers who are registered for this purpose.
Registered providers and participating banks and building societies are listed under the Open Banking Directory.
Open Banking was set up by the UK Government to encourage more competition and innovation in the financial services sector.
As a forward-thinking lender, we support the use of Open Banking as it allows us to process applications for our products and services efficiently, securely and in our consumer’s best interests.
By permitting access to your bank or building society account information we are able to make a better lending decision as we shall be able to verify your income, outgoings and other matters in order to assess what terms would be suitable for you based upon what you can reasonably afford to repay.
Further information about Open Banking is available from www.openbanking.org.uk.
How will my personal data be shared and used for the purposes of Open Banking?
By proceeding with your product application you expressly consent to us sharing your personal, contact and application details (“the Shared Personal Data”) with our registered Open Banking partner Creditsafe Business Solutions Limited (CBSL) who are also a credit reference agency. CBSL utilise the URL provided by Equifax. During your application we shall safely and securely direct you to the Equifax secure portal (“the Portal”) for the purposes of granting CBSL access to your bank or building society account information (“Transaction Information”). As soon as your Transaction Information is received it shall be reported back to us in the form of a completed search in order that we may continue to process your loan application (“the Permitted Purpose”).
Further information about CBSL including their registered provider and regulatory status is available from www.creditsafe.com
Is Open Banking secure?
CBSL are registered under the Open Banking Directory as an account information service provider and are also regulated by the Financial Conduct Authority as a payment services firm under Firm Reference Number 742313. Any data you submit via the Portal will be encrypted and its usage tracked as part of set Open Banking data security standards.
We are responsible for the secure transmission of any Shared Personal Data to CBSL, for safely directing you to the Portal and for the safe receipt and usage of your Transaction Information.
You will not be required to share your banking password or log in details with either us or CBSL. Once you have given your explicit consent to share your bank account information on the Portal you will be directed to your own bank or building society’s login page where you will enter in your own login details directly.
Save as set out above or elsewhere in this Privacy Policy, we are not responsible for your direct data transmissions with CBSL or with your own bank or building society.
How will my Shared Personal Data and Transaction Information be used?
CBSL shall, subject to their own terms and conditions and privacy policy, and, if your bank or building society is registered to provide access under the Open Banking Directory, obtain your Transaction Information and submit this back to us for the Permitted Purpose. By way of example, the Transaction Information that we shall receive is likely to include information relating to your income, outgoings and credit worthiness.
CBSL shall be entitled to re-access your Transaction Information for up to 90 days from the date of your original search result in order to refresh the search results, obtain a snapshot of your data or gather additional data.
CBSL shall hold the Shared Personal Data and the Transaction Information they receive and retain according to their own terms and conditions and privacy policy, available on the Portal, which you will be required to read and consent to once directed their via our website.
As CBSL are also a credit reference agency they may also share and keep a record of your Shared Personal Data and Transaction Information.
Will you use my Transaction Information data for any other purpose?
The Transaction Information we receive about you will only be used for the Permitted Purpose. We do not sell or share Transaction Information with any third party.
Save as set out above the information contained in the rest of this Privacy Policy deals with how we collate, use, transfer, store, delete and other terms applicable to your personal data including Shared Personal Data and Transaction Information.
Do I have to provide you with my consent to proceed?
Where your bank or building society have already permitted access to your Transaction Information you shall need to contact them directly in order to withdraw your consent under their particular Open Banking terms and conditions.
Are any of my other rights under this Privacy Policy affected?
Your individual data protection and privacy rights including the right to access, correct, delete, object, restrict, withdraw consent, request transfer and/or make a complaint, continue to apply to relevant personal data we control or process and are dealt with elsewhere in this Privacy Policy.
Under Open Banking as your personal data is shared by your bank or building society and accessed by CBSL you may also be able to exercise your individual data protection and privacy rights against either of them pursuant to their own terms and conditions and privacy policies.
Data Champion
Each of our subsidiary companies has a local Data Champion who can be contacted if you have any queries or requests concerning this privacy Policy, or your personal information and how we process it. Data Champions can be contacted through email on: DPO@starassetfinance.com.