Vanquis Bank Limited offers products and services under its Vanquis and Sunflower brands. This notice explains how we use your personal data, describes the categories of personal data we process and for what purposes. It applies when you use this website or any of our apps or when you apply for or use any of our credit cards, loans and related products or services. We are committed to collecting and using personal data fairly and in accordance with the requirements of the General Data Protection Regulation (GDPR).
We are committed to ensuring that your information is kept safe, secure and used responsibly, and we have put in place appropriate technical and other security measures to protect it.
Who we are
Sunflower loans is a trading name of Vanquis Bank Limited (Company Number 02558509) whose registered office is at 1 Godwin, Street, Bradford, West Yorkshire BD1 2SU, a member of the Provident Financial Group (the Group). You can get in touch with our Customer Services Department at Sunflower Loans Customer Service, No. 1 Godwin Street, Bradford, West Yorkshire, BD1 2SU or by telephone on 0800 484 0080. Please click here for opening hours and call charge information.
Other firms within the Provident Financial Group with which we may share your personal data are:
- Provident Financial Management Services Limited. Registered number 00328933 England.
The registered address for these companies is: No. 1 Godwin Street, Bradford, West Yorkshire, BD1 2SU.
- Moneybarn Limited. Registered number 02766324 England.
- Moneybarn No. 1 Limited. Registered number 04496573 England.
The registered address for these companies is: The New Barn, Bedford Road, Petersfield, Hampshire, GU32 3LJ.
What kind of personal information we use
We use many different kinds of personal information depending on the products and services we deliver or offer to you or how we otherwise interact with you. For all products and services we need to use the following personal data: full name, address, email address, telephone number, date of birth, contact details, employment, information about your credit history, information about those to whom you are financially linked, information about how you have used other products and services provided by us or other members of the Provident Financial Group, information we receive from credit reference and fraud prevention agencies, and other financial information. Where you use our websites, we will collect your Internet Protocol (IP) address and information about your browsing behaviour.
We might also need health information to help us support our customers who have a vulnerability.
How we collect your personal data
We collect personal data:
- directly from you, for example when you fill out an application form either in paper or on our website or mobile app (at that stage we will tell you more about how your personal data will be used in relation to a particular product or service);
- by observing how you use our products and services, or those of other members of our Group, for example from the transactions and operation of your accounts and services, or your use of our websites;
- profile data and usage data which relates to the profile you create to identify yourself when you connect to our internet or mobile services and how you use those services;
- from other organisations such as credit reference and fraud prevention agencies;
- from organisations to which you have given your consent (or there is an alternative legal basis) to share your personal data with us for specific purposes, such as for direct marketing;
- from other individuals who know you; and
- from public sources, such as the ‘Open Register’, which is an extract of the electoral register, but is not used for elections. You can opt out of being included in the register. Doing so, will not affect your right to vote. For more information, please go to: https://www.gov.uk/electoral-register/view-electoral-register
How we use your personal data
Data protection law says that we can only use personal data if we have a proper reason to do so. For example, these reasons include fulfilling a contract we have with you, when we have a legal duty, when it is in our legitimate interest or when you consent to its use. When data protection law allows us to process your personal data for our own legitimate interests, it is only allowed provided those interests do not override your own interests and/ or your fundamental rights and freedoms.
An example of where we would process your personal data for our legitimate interests would be where you believe you are the victim of fraud and in order to investigate your claim we may have to share your name and account number, payment and other details of the case with any other bank involved. Sharing personal data in these circumstances would not only be in our legitimate interest but also yours. An example of us using your personal data when we have a legal duty, is where we must do so in order to comply with anti-money laundering obligations.
Our purposes for processing your personal data
We will only ask you for your personal data where it is necessary to fulfil the following purposes. Where providing us with your personal data is optional, we will inform you of this. Our purposes are grouped under our legal bases for processing.
Entering into and fulfilling a contract between you and us
- To consider and process applications made by our customers and prospective customers for products and services we provide, which may involve sharing information with Credit Reference Agencies (please see the section headed ‘Credit Reference Agencies’ below), or by other means, such as assessing information we hold about you, for instance, where we have an existing relationship with you.
- To deliver the products and services we provide, including:
- Making and accepting payments, and receiving deposits on your behalf;
- Providing you with information, advice and guidance on the products and services you hold;
- This includes account statements, formal reminders and notices informing you of forthcoming changes, such as increasing or decreasing credit limits on your credit card;
- Calculating interest and, where relevant, determining fees and charges which may apply to your account; and
- To address enquiries or complaints we may receive from you or a representative appointed by you.
Fulfilling our legal obligations
- Checking your identity;
- Conducting assessments of your creditworthiness when you apply for a credit product, through sharing your personal data with credit reference agencies (please see the section headed ‘Credit Reference Agencies’ below);
- Assisting you with managing the products and services you hold;
- Detecting, investigating and reporting financial crime, and taking measures to prevent this;
- Maintaining records of our business, as required by law – for instance, keeping records of our accounts;
- Complying with laws which require us to provide information, directly or indirectly to any national authority, for the purpose of calculating and collection of tax;
- To otherwise meet our obligations under all laws and regulations based on law which apply to our business activities;
- Responding to enquiries and requests for information by any of our Regulators;
- Creating and submitting reports required by any of our Regulators;
- Identifying and managing risks to our organisation; and
- Where we have a duty to protect vulnerable customers.
For our legitimate interests
- As a commercial organisation:
- Understanding how our customers use our products and services, so we can improve these.
- Developing new products and services under both the Vanquis and Sunflower brands and identifying which may be of interest to you – this may involve profiling;
- Where we have the relevant permissions: contacting you to make you aware of these products and services, including sharing information with third parties who may add to this information they know about you and use this to deliver such messages to you on our behalf via social media – note: we may contact you for a reasonable period after you cease your relationship with us;
- Sharing information with organisations who introduce you to us under a commercial agreement – for instance, where we pay them commission;
- Sharing information for the purpose of ensuring your ongoing creditworthiness, throughout the life of your credit product (please see the section headed ‘Credit Reference Agencies’ below);
- Where you are an employee of any firm in the Provident Financial Group, sharing information from the products you hold with us for the purpose of managing our relationship with you in our capacity as your employer.
- Improving our systems and processes, which may include using your personal data to test the accuracy of these, but only where it is essential to do so;
- To recover money owed to us;
- To otherwise exercise our rights under our contracts with you for the provision of the products and services you hold;
- Sharing your personal data with other firms within the Provident Financial Group for business analysis, data verification and data enrichment purposes
- To invite you to participate in market research and customer surveys;
- To sell to, or purchase debts from other firms;
- Sharing your personal data with any person to whom we may transfer, or may consider transferring any of our rights or business; and
- To share information with third parties for the purpose of preventing fraud and financial crime (see section headed, ‘Fraud Prevention Agencies’ below).
Please see the section headed ‘Your Privacy Rights’ for information on your right to object to processing of your personal data based on our legitimate interests.
Where we require your consent / explicit consent
- To process about you, where necessary, ‘special categories of personal data’ – this includes data about your:
- Race or ethnicity;
- Religion or other beliefs of a similar nature;
- Sexual life or orientation;
- Trade Union membership;
- Political opinions; and
- Genetic or biometric data about you.
- We may process personal data about your health or medical conditions, where we need to understand this to provide you with support, or to make adjustments in how we provide you with information.
- Sharing your personal data with other organisations, including those within the Provident Financial Group, to make you aware of their own products and services.
Retaining your personal data
We will retain your personal data for as long as we are obliged, under relevant legislation and regulation, or where no such rules apply, for no longer than it is necessary for our lawful purposes. This will usually be no more than seven years from the point at which the obligation to retain a record containing your personal data begins. The retention period of your personal data may need to be extended where we require this to bring or defend legal claims. We may also retain data for longer periods for statistical purposes, and if so we will anonymise or pseudonymise this.
Using data processors and transferring your personal data overseas
We may use service providers, agents and subcontractors to provide services on our behalf. This may require these organisations to access and process your personal data. We have listed our third party partners and categories of suppliers we use in Appendices 1 and 2.
From time to time your personal data may be transferred to organisations that are based in countries outside the European Economic Area and the UK. In these circumstances, we will ensure they process your personal data only in accordance with the applicable data protection legislation and under strict organisational and contractual controls, specifically standard contractual clauses approved by the EU. For more information about these controls, please visit https://ico.org.uk and search for ‘International transfers’.
Your Privacy Rights
You have the right to object to how we process your personal data. You also have the right to see what personal data we hold about you. You can ask us to correct inaccuracies, delete or restrict personal data or ask for some of your personal data to be provided to someone else. These rights are explained in more detail below.
Requests to exercise your rights to your personal data can be made by:
- By post: to “Attention: Data Rights Team, No. 1 Godwin Street, Bradford, West Yorkshire, BD1 2SU”
- By telephone: on 0800 484 0080
Our Data Protection Officer can be contacted at the address above.
Your data protection rights are subject to certain restrictions and conditions. We will assess your request and where we decide not to act upon this, we will notify you of our reasons for this. We will not make a charge for handling your rights request, unless we consider this to be manifestly unfounded or excessive (particularly if this is repetitive).
You have the right to complain to us and to the data protection regulator, the Information Commissioner’s Office, whose address is: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Telephone: 0303 123 1113. You can find out how to report a concern on their website at: https://ico.org.uk/make-a-complaint/
Your rights are:
To be informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. We fulfil this right by giving you this notice.
Access to your personal data: You can request access to a copy of your personal data that we process as a data controller, together with details of why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making.
Right to withdraw consent: If you have given us your consent, you can withdraw that consent at any time. Please contact us if you want to do so. If you withdraw your consent, we may not be able to provide certain products or services to you. If this is the case, we will tell you.
Right to object: You may object to our processing of your personal data by us, where this processing is based on our legitimate interests or in the public interest. We will assess whether our interest in continuing to process your personal data overrides your rights and freedoms. If not, we will stop processing your personal data. Either way, we will inform you of the outcome.
You have the right to object to direct marketing (including marketing-related profiling) and if you do so, we must stop these types of activities. (See “Automated decision making and profiling” and “Marketing” below.)
Rectification: You can ask us to change or complete any inaccurate or incomplete personal data held about you.
Erasure: This is also known as “the right to be forgotten” and this means that you can ask us to delete your personal data where it is no longer necessary for us to use it, you have withdrawn consent (where applicable), or where we have no lawful basis for keeping it or otherwise using it. There are limited exceptions, for example where we need to use the information to bring or defend a legal claim.
Portability: You can ask us to provide you or a third party with some of the personal data that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred. This is limited to personal data you have provided with your consent or in relation to the products you have with us, and which we process by automated means, such as your account transaction data.
Restriction: You can ask us to restrict the personal data we use about you where:
- it is inaccurate;
- you have asked for it to be erased;
- you have objected to our use of it; or
- where you need this for the bringing or defending of legal claims.
When you have asked us to restrict the use of your personal data we may still store your information but will not use it further without your consent, unless we need to process it:
- to bring or defend legal claims;
- to protect the rights and freedoms of other individuals; or
for other important public interest reasons.
Automated decision making and profiling
Sometimes we use your personal data in automated processes to make decisions about you. You have the right not to be subject to a decision based on solely automated processing, including profiling, if this will have a legal or other significant effect on you (unless certain exceptions apply).
We use automated decision making in:
- Credit scoring, which uses past data to assess how you are likely to act when paying back any money you borrow (this includes data about similar accounts you may have had before). We will tell you where we will make such decisions and you have the right to ask for these to be reconsidered manually;
- Assessing and amending the credit limit of your credit card account, based on your account behaviour. We will give you notice of our intention to amend your limit and you will have the ability to request an increase or reduction to this; and
- Determining the appropriate action to take, where your account has gone into arrears or default. We will tell you where we will make such decisions and you have the right to ask for these to be reconsidered manually.
We will use your personal data in profiling in order to identify your suitability for products and services we offer under both the Vanquis and Sunflower brands, and to inform you of these. Where an individual’s financial history suggests they are unlikely to be accepted for a particular product or service, we may use that data to opt them out of receiving information about that product or service. This is in individuals’ interests as it helps stop them receiving irrelevant marketing or being targeted with marketing about products that they cannot afford. These types of profiling are only used in relation to our own products and services and as such are generally not considered to have a significant effect on your rights and interests. (See “Right to object” above and “Marketing” below).
Credit Reference Agencies
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). Where you take banking services from us we may also make periodic searches at CRAs to manage your account with us.
To do this, we will supply your personal data to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When we complete a search for any information about you at any CRA, they will place a search footprint on your credit file that may be seen by other lenders. Where we have an existing relationship with you, we may rely upon information we already hold upon you, to assess applications by you for further lending on existing and other products we offer. This will not result in another search footprint appearing on your credit file.
If you are making a joint application, or tell us that you have a financial associate, we will assess your application based on the records of yourself, and your financial associate where appropriate. You should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on yours and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
Where you have made an eligibility enquiry or an application for a product, only where we have your permissions, will we obtain information about your credit file from the credit reference agency. We may use your information and that of any of your financial associates to review your credit file and tell you about other similar Vanquis products and services and those of the Provident Financial Group that you may be eligible for. We may do so for up to three years.
We may also obtain information from your credit file and use it, only where we have your permissions, to enhance our understanding of our customers' needs and to help us develop products and services to meet these. This may contain credit information about you for up to seven years from the date of your last contact with us.
Your credit file and your ability to obtain credit elsewhere will not be affected by this activity. You have the right to tell us to cease using your data for these purposes (please see the section headed, 'Your Privacy Rights').
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal data, data retention periods and your data protection rights with the CRAs are explained in more detail on the Credit Reference Agency Information Notice (‘CRAIN’), which may be accessed via the links to the CRAs detailed below.
Fraud Prevention Agencies
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
What we process and share
The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
Details of the personal information that will be processed may include your:
- date of birth
- residential address and address history
- contact details such as email address and telephone numbers
- financial information
- employment details
- identifiers assigned to your computer or other internet connected device including your Internet Protocol (IP) address
- vehicle details
We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. You can obtain the details of the Fraud Prevention Agencies we use by contacting us as detailed above.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if:
- our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or
- you appear to have deliberately hidden your true identity.
You have rights in relation to automated decision making: if you want to know more please contact us using the details above.
Consequences of processing
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services, goods or financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
We may use your personal data to tell you about relevant products and offers under both the Vanquis and Sunflower brands that we and selected partners think you may find interesting. We can only use your personal data to send you marketing messages if you have given your consent or it is for a legitimate interest (when we have a business or commercial reason to use your information).
You can ask us to stop sending you marketing messages by contacting us at any time, although you will still receive statements and other important information such as changes to your existing products and services.
If you have previously applied for a Vanquis Bank product, we will usually contact you after six months to let you know about similar products and promotional offers as it may be that your circumstances have changed and/or you may be eligible for an alternative product. We will follow up further with you for a period of two years for this purpose but when you provide us with personal data at the beginning of the application process, you will be given the option to let us know that you do not want your personal data used for direct marketing purposes. If you select this option, we will not send you any marketing material.
Where you have provided your informed consent, we may share your personal data with other companies within the Provident Financial Group, who may contact your with offers of products and services which may interest you.
You can change your mind and update your choices at any time by using the “unsubscribe” or “opt out” option in any marketing communication you receive from us or by contacting us in the following ways:
- By post: Sunflower Loans Customer Service, No. 1 Godwin Street, Bradford, West Yorkshire, BD1 2SU
- By telephone: 0800 484 0080
Links to other websites
Certain hypertext links in this website may lead you to websites which are not under our control. Once you have left our website we are unable to accept responsibility for the protection of any personal data you provide to the owner of that website. You should look at the privacy information applicable to that website.
Keeping up to date
We keep our Privacy Notice under regular review. This notice was last updated in November 2021.
Appendix 1 - List Third-Party Partners
We do not currently have any affinity partners
Appendix 2 - Categories of supplier with whom we may share personal data for our business purposes
- Communications providers – mail, email and SMS text services
- Credit Reference Agencies
- Customer Service function providers
- Debt Collection Agencies
- Fraud Prevention Services
- IT Consultants
- IT service providers
- Legal Services
- Management Consultants
- Market Benchmarking service providers
- Market Research
- Digital Marketing service providers
- Direct Marketing service providers
- Marketing Insight service providers
- Other firms within the Provident Financial Group
- Payment Processors
- Professional Services firms
- Risk Consultancy Services
- Software Providers
- Transcription service providers
- Web Analytics service providers
- Website Hosting service providers