Privacy Policy

Privacy Policy – Finance & Leasing Association - Updated February 2024

Who we are

The Finance & Leasing Association (“we“, “our“, “us” or “Finance & Leasing Association”) is committed to protecting and respecting your privacy. The Finance & Leasing Association is a private company limited by guarantee (with company number 02651248) registered at Imperial House, 8 Kean Street, London WC2B 4AS.

The Finance & Leasing Association complies with all relevant data protection laws including the UK General Data Protection Regulation (“UK GDPR”). This Privacy Policy details your rights, what information we collect, how we use and protect it.  Please read it carefully. 

This Privacy Policy applies to personal data we collect from you as either a user of our website www.fla.org.uk (“our site“); a user of our FLA Broker Accreditation service;   a full member or associate member of our organisation; an attendee at our events, working groups, committee meetings or training courses; a diploma student; VIP guests at our events; members of the government and representatives of regulators; or if you otherwise interact with us.   We collect, on behalf of our full members and associate members, the personal data of consumers who have car finance arrangements with our full motor finance members and whose vehicles have been recovered by the police.  We also collect the personal data of individuals who have been investigated or associated with fraud relating to consumer finance, specifically involving motor finance.   If you apply for a job or placement with us the provisions of our privacy policy for candidates will apply.  Please contact info@fla.org.uk for more information. If you have a working relationship with us, the provisions of our fair processing notice for employees, consultants, workers and contractors will apply, please contact info@fla.org.uk for more information.  

The Finance & Leasing Association is the data controller in respect of your personal data held by us.  This means we are responsible for deciding how we use personal data about you.  If you have any questions, our data protection officer may be contacted at info@fla.org.uk or you can call us on: 020 7836 6511.

You can also find more information about us by visiting our website.

Our Commitment and Obligations to you

We take the collection, usage and security of your personal data seriously.
We can only use your personal data under law if we have a good reason for doing so.  The law provides examples of those reasons and these include:

  • to perform or fulfil an agreement we have with you;
  • if we have a legal duty;
  • if it is within our legitimate business interest;
  • if there is a public interest reason for doing so; or
  • if you have given your consent.

A legitimate interest is when we have a business or commercial reason to use your information and using your personal data is necessary for this purpose.  But even then, our interests must be balanced against yours. If we rely on our legitimate interest, we will tell you what that is (as set out in the table below).

Types of Personal Data we collect about you

  • “Basic Contact Information”: name, title and postal address, email address and phone number, signature
  •  “Dietary Information”: dietary requirements and allergies (if you provide this information)
  • “Professional Information”: name of company or organisation, role or position, business card information
  • “Payment Transactions Data”: bank account details, payment information and credit card numbers (if you provide them)
  • “Website Information”: user log-in details, passwords, security information, browser type and version, time zone setting, internet protocol address, browser plug-in types and versions, operating system and platform.   We may also collect information about your visit, including the full uniform resource locators clickstream to, through and from our site (including date and time); products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), cookies and methods used to browse the page, your online profile and social media information and activity based on your interaction with us and our websites and smart device and usage information
  • “Accreditation Data”: training records, qualifications and accreditations
  • “Finance Risk Data”: Information received from our full members or our other partners in relation to individuals who have suffered the loss of an asset with outstanding finance provided by one of our full members. Such data may include their name, post code, transaction information, vehicle registration details, vehicle identification numbers, finance contract numbers, criminal convictions and indications of potential or actual criminal or fraudulent activity
  • Economic Crime Data”: information received from government officials, law enforcement, fraud prevention agencies or regulatory bodies in relation to individuals suspected of, investigated for or convicted of fraud against our members.  Such data may include their name, post code, transaction information, criminal convictions and indications of potential or actual criminal or fraudulent activity

What Personal Data We Collect and Where From

You may give us information

  • When registering with us, filling in forms or by corresponding with us by phone, e-mail or otherwise. You may also provide information when you subscribe to our training, events and/or services, use our FLA Broker Accreditation service, complete a survey, sign up to a newsletter, provide us with your business card report a problem with our site, submit a complaint, or request further services or information. The information you give us may include Basic Contact Information, Professional Information, Dietary Information, Payment Transactions Data, Accreditation Data and Website Information.
  • When attending an event, working group or committee meeting, dinner, seminar or training courses.  The information may include Basic Contact Information and Professional Information.

Information we collect about you from our websites and from your company or organisation

  • With regard to each of your visits to our site we may automatically collect Website Information.
  • We may also collect information about you when you use other sites which we operate or support.  In such cases, please refer to the privacy notice contained on such sites.
  • We may also collect information about you from your company or organisation, for example our main contact at your company may provide us with your Basic Contact Information and Professional Information.

Information we receive from other sources

  • We may receive Finance Risk Data from other sources, such as from our full members and our other partners, and Economic Crime Data from the police, government officials, law enforcement, fraud prevention agencies and regulatory bodies.
  • Offers and promotions displayed to you via our site, any other websites we operate or other services we provide, advertising networks and analytics providers or publicly accessible data.

Here is a description of all the ways that we may use your personal information and the grounds we rely on to do so. This is also where we tell you what our legitimate interests are.

Information we collect How we collect information What we use personal data for What is the lawful reason for processing information
General services to full members, associate members, member employees, stakeholders, users of our FLA Broker Accreditation services,  attendees of events and students
Basic Contact Information

Professional Information

Website Information

Other personal information you provide to us concerning your business and personal interests
Collected when you set up a user account with us, fill out a form on our site, contact our customer services team, subscribe to our training, events and/or services, join a committee, working group or other meeting, complete a survey, sign up to a newsletter, provide us with your business card, report a problem with our site, submit a complaint, or request further services or information To manage relationships with full and associate members

To engage with members of the government and representatives of regulators

To perform essential business operations and services

To provide and improve our services to full and associate members and guests to events or dinners

To provide any services you have requested

To protect the security of our site

To communicate and personalise communications with you regarding information and services that you request from us

To enable us to host meetings, seminars and other events

To notify you about changes to our services
To enable us to pursue our legitimate interests to:

• deliver services and information that you or your employer or prospective employer have requested;

• improve our services and site;

• maintain the security of our computer systems;

• communicate with you

If you are an individual and book services with us (for example events we organise) or receive services from us, to allow us to perform our contract with you
Dietary Information May be provided by you when you sign up for an event or dinner To accommodate your dietary requirements Explicit consent
Response to enquiries, requests for information or complaints

Basic Contact Information

Professional Information

Website Information

Accreditation Data

Other personal information you provide to us concerning your business and personal interests

Provided by you when you set up a user account with us or request information or make an enquiry or complaint To provide membership support, including dealing with enquiries, correspondence and complaints

To communicate with you and perform essential business operations

To resolve disputes
To enable us to pursue our legitimate interests to provide information or services requested, or to deal with complaints
Payment from full or associate members or non-members who purchase our services
Payment Transactions Data Collected when you set up a user account with us or place an order for our services To process your company’s subscription payment or complete any transaction related to services you have ordered

To protect security and to prevent fraud
To enable us to pursue our legitimate interests to:

• deliver services that you have subscribed to or ordered from us; and

• protect our rights)

If you are an individual and book services with us, to allow us to perform our contract with you
Website Users
Website Information Automatically collected and stored in our server logs when you interact with our site

Collected from IP address
To improve user experience of our site, for example to offer you tailored content

To protect security of our site and to prevent fraud

To tailor communications to you regarding information and services that you may wish to receive from us
To enable us to pursue our legitimate interests to:

• understand how our site is used;

• improve user experience of our site;

• maintain the security of our systems and site

• investigate and prevent misuse of our website
Marketing and Business Development
Basic Contact Information

Professional Information

Website Information

Where provided by you, your areas of interest
Provided by you when you complete a form, set up a user account with us or verbally confirm you wish to receive marketing communications

Collected by us in the course of providing or negotiating the provision of services to you
To inform you of products and services of Finance & Leasing Association, to send you marketing communications, newsletters, information about events and updates that may be of interest to you Where you have provided us with your consent to receive marketing communications

To enable us to pursue our legitimate interest to maintain contact with our full and associate members, third party contacts and to grow our business
Fraud and Crime Information
Finance Risk Data

Economic Crime Data
Provided to us by full members, government officials, law enforcement and fraud prevention agencies, and regulatory bodies To provide services to our full members, to support full members to combat, prevent and detect economic criminal activity, including fraud and financial crime

To support law enforcement and fraud prevention agencies to combat, prevent and detect economic criminal activity
To enable us to pursue our legitimate interests to prevent fraud
Legal Purposes
Basic Contact Information

Professional Information

Payment Transaction Data
Collected when you set up a user account with us or place an order for our services, contact our customer services team, subscribe to our training, events and/or services, join a committee, working group or other meeting To comply with our legal obligations and defend any claims made against us Necessary for our legitimate interest
 

Cookies

If you agree, we may use cookies (files stored on your computer or device) to obtain information about your general internet usage (“cookies“). Cookies are text files containing small amounts of information which are downloaded to your computer or device when you visit a website. They help us to improve our site and to deliver a better and more personalised service.

Please note that we allow third parties (including, for example, providers of external services such as web traffic analysis services) to use cookies on our site, but we do not control those cookies.  You can find more information about cookies and how to manage them at http://www.allaboutcookies.org/ . You may disable cookies by changing the settings on your browser. However, if you do so, this will affect your enjoyment of our site and we will no longer be able to offer to you a personalised service. Unless you opt out of cookies in your browser settings, we will assume you consent to the use of cookies.

We use the following cookies:

·  Strictly necessary cookies. These are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site.

·  Functionality cookies. These are used to recognise you when you return to our site.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookie
Name
Purpose
 
Session This cookie is essential for the site to operate. It allows us to remember your details during your current visit to the site. Most of the cookies we use are known as session cookies. These cookies expire whenever you close your browser or shut down your computer.

E-mail marketing and newsletters

We would like to send you suggestions and recommendations following your registration with us or attendance at our events, seminars, training sessions and/or associated meetings and working groups that we think may be of interest to you or members of your team / organisation (including, for example updates and newsletters). We will do this if we have a lawful basis for doing so in compliance with relevant privacy law or if you consented to us doing so. We will also contact you by electronic means (email) with information about events, training or other meetings similar to those which you have shown an interest in or attended. We may follow this up with contact by telephone or post.

You have the right to ask us not to process your personal information for marketing purposes at any time. You can exercise your right to prevent such processing by indicating your preference on the forms we use to collect your information (i.e. not opting in), or you can opt out of receiving future marketing communications from us at any time by following the directions contained in the marketing email to unsubscribe. You can also exercise this right at any time by contacting us at info@fla.org.uk.

How we share your personal data

We take your privacy very seriously and we will only share your information where:

  • we need to for the purposes of providing you with products or services you have requested;
  • we have a public or legal duty to do so e.g. to assist with detecting fraud and tax evasion, economic crime prevention, regulatory reporting, litigation or defending legal rights;
  • we have a legitimate reason for doing so e.g. to manage risk, or assess your suitability for services; or
  • we have asked you for your permission to share it, and you have agreed. This will include where you have completed our FLA Broker Accreditation training and would like us to include your name on a list of accredited brokers.

Third Parties

You acknowledge that we may share your personal data with your consent or as necessary with third parties that support us in providing our services, for example:

  • banks and other entities that process payment transactions; business partners, suppliers and subcontractors for the performance of any contract we enter into with them or you or your employer;
  • if the Finance & Leasing Association is acquired by a third party, (or all of its assets are acquired by a third party) personal data held by it about its full and associate members and customers will be one of the transferred assets.

We require all our third party service providers (subcontractors) to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.

We share Finance Risk Data and Economic Crime Data with:

  • our full members that require vehicle theft data; and
  • financial institutions to support them in economic crime information sharing initiatives.

Where required we may also share Finance Risk Data with:

  • government officials, law enforcement, fraud prevention agencies  to assist them in preventing fraud and money-laundering and to verify your identity.

Where we store your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside of the United Kingdom (“UK”) or European Economic Area ("EEA"), including, in particular, the United States. It may also be processed by staff operating outside the UK or EEA who work for us or for one of our suppliers or business partners. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Security of your personal data

All information you provide to us is stored on secure servers. We have put in place appropriate measures to protect the security of your information, for example any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. If you lose control of your password you may lose control over your personal data. If your password has been compromised for any reason please let us know immediately by contacting us our IT manager at: 020 7836 6511.

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to our site; any transmission of your data is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our site may, from time to time, contain links to and from the websites of our full member and associate member organisations, and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

How Long We Keep Your Information

We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. For example, we delete the details of employees of our full or associate members, except their names, when the full or associate member notifies us that they are no longer employed. If you are a diploma student, we will retain some of your personal data until 40 years after you took the examination so that we can confirm your qualification to future employers. We delete Economic Crime Data and Financial Risk Data after 3 months, but our full members and the other third parties we share our data with, as described above, may retain it for longer. In some circumstances we may store or archive personal data in an aggregated and anonymised format, such as in relation to closed complaints.

Your rights 

  • Access to information. The data protection laws give you the right to access a copy of the personal information held about you, subject to certain conditions. We may need to check your identity before we release any personal information to you. This right is subject to a number of exemptions which allow information to be withheld in certain circumstances. For example, access rights are excluded where compliance would involve disclosing information relating to another individual or data which consists of information which is subject to legal professional privilege.  Where appropriate, your right of access can be exercised in accordance with data protection laws by contacting us at info@fla.org.uk
  • Consent. In the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you may withdraw your consent for that specific processing at any time by contacting info@fla.org.uk. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.  For direct marketing messages, you can unsubscribe by using the “unsubscribe” link at the bottom of our marketing messages or by  notifying us at: info@fla.org.uk
  • Rectification. You have the right to rectify any personal data held about you that is inaccurate. You can do this by signing in to your user account on our site or your right of rectification can be exercised by contacting us at info@fla.org.uk 
  • Erasure. You may have the right to erasure of personal data held about you unless we have a legal right to retain it.  You can exercise this right by contacting us at info@fla.org.uk
  • Complaints or Objecting. You have the right to object to our processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation, which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.  In the event that you wish to object to or make a complaint about how we process your personal data, please contact us in the first instance at info@fla.org.uk  and we will endeavour to deal with your request as soon as possible. You may also complain to the UK’s Information Commissioner’s Office – see https://ico.org.uk/global/contact-us/
  • Restriction of processing. You have the right to request the restriction of processing of your personal information. This means you can ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.  If you wish to exercise this right please contact us at  info@fla.org.uk
  • Transfer. You may have a right to request the transfer of your personal information to another party

You should be aware that if you ask us to stop processing your personal information in a certain way or erase your personal information, and this type of processing or data is needed to facilitate your use of the site or our services, you may not be able to use the site or access the services as you did before. This does not include your right to object to direct marketing, which can be exercised at any time without restriction.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights).  However, we may charge a reasonable fee for access if your request for access is clearly unfounded or excessive.  Alternatively, we may refuse to comply with the request in such circumstances.

Changes to our Privacy Policy

Any changes we may make to the Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check this page frequently to see any updates or changes to this Privacy Policy.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to info@fla.org.uk.

Date of Privacy Policy

The information on this page was last updated on Tuesday, 20 February 2024.

Become a member

What are the benefits of becoming an FLA Member?