Thank you for your interest in MYJAR. We are committed to protecting and respecting your privacy, and this document explains how we look after your personal data and make sure that we meet our legal obligations to you under applicable UK data protection rules and the General Data Protection Regulation (Regulation (EU) 2016/679) (the GDPR).
Who are we?
MYJAR Limited is a UK company (company number 08518406) which has its registered office at Moss House, 15–16 Brooks Mews, London, W1K 4DS.
The companies in the MYJAR Group which act as Data Controllers are registered with the Information Commissioner's Office (“ICO”) with the following registration numbers:
- MYJAR Limited – ZA003195
- TXT Services Limited – ZA250528
- MYJAR Treasury – Z315418X
The MYJAR Group can be contacted:
- by phone: 020 3006 2000;
- by email: firstname.lastname@example.org; or
- by post: MYJAR, Unit 22426, PO Box 7169, Poole, BH15 9EL
If you have any queries about the way we use your personal data, please contact our Data Protection Officer, using the email address: email@example.com or the telephone or postal details above.
2. Your Data
Before we provide services or financing to you, we undertake checks for the purposes of preventing fraud and money laundering and to verify your identity. These checks require us to process personal data about you.
What personal data do we collect from you?
We collect various personal data from you in a number of different ways. Some examples of this are:
- information from the website including your operating system and browser type;
- details of the personal information that will be processed include, for example, name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address;
- information regarding how you use and manage your account, your repayment history and details of transactions you carry out with us;
- correspondence that is exchanged between us including telephone calls (which may be recorded), letters, emails, SMS messages and live chat; and
- feedback and responses to research surveys which you provide to us.
Why do we collect your personal data?
We collect your personal data to ensure that we are providing you with the best service we possibly can. Some of the ways we may use your personal data are:
- to assess your credit history, confirm your employment and make lending decisions;
- to search credit reference agencies’ (“CRAs”) and fraud prevention agencies’ records;
MYJAR supports the use of Open Banking as it helps us make a more efficient and informed decision on our lending decision. Open Baking requires you to give your explicit consent. Our chosen Open Banking provider is Credit Kudos. Credit Kudos will give MYJAR one time, read-only access to view your transactional information from your bank or building society for the permitted purpose of verifying your income, outgoings and creditworthiness. To do this, Credit Kudos will securely direct you to your bank via a secure portal which will prompt you to login and then select your bank account. Click here for further information on Open Banking.
- The personal data that you have provided, and we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity
- For the purposes of collecting your loan repayment(s) and for the collection of unpaid loans, including providing your data to third party debt collectors; and
- To develop and improve the products and services that we provide.
Legal basis for collecting your personal data
We process your personal data on different bases, according to the reason for which you have provided your data to us. When you are browsing the website, we process your data on the basis that you have given your consent to such processing by accessing the website. When you have applied for a loan with MYJAR, we process this personal data on the basis that we have a legitimate interest in processing your data (i.e. to consider whether or not to offer you a loan). When we have provided a loan to you, we process your personal data on the basis that we need this information to fulfil our obligations under the contract we have entered into with you.
We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
You can withdraw your consent to us processing your personal data for marketing purposes at any time by clicking the "unsubscribe or unconsent" option in any marketing email we, or any associated third party, may send to you. Alternatively, you can withdraw your consent by contacting our Data Protection Officer using the contact details stated above. If you change your mind about agreeing to us processing your personal data, this will not have any effect on the lawfulness of any processing we have carried out before you change your mind.
Do I have to provide you with my personal data? What happens if I don’t?
You will need to provide us with certain information in order for us to consider your loan application, and if you are accepted for a loan, in order for us to meet our contractual obligations to each other. We will ask you whether you would like us to share your personal data with third parties who may be able to provide you with offers and services. You have no obligation to agree to us sharing your personal data with third parties for these purposes and you do not have to provide personal data to us which is over and above that which we need in order to fulfil our obligations to each other.
Who do we share your personal data with?
We may share the data that we collect from you with any member of the MYJAR Group as group companies may provide administrative support, debt collection and processing services to MYJAR Limited.
In order to process your application, we will supply your personal information to CRAs, and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts, repayments missed, and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse or other financial associates.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:
• TransUnion (formerly Callcredit): www.transunion.co.uk/crain
• Equifax: www.equifax.co.uk/crain
• Experian: www.experian.co.uk/crain
We may also share your data with or our approved third parties which carry out services for us, including marketing agencies, debt collection businesses and companies who provide us with processing services.
If you provide us with your consent we may use your personal data, or permit selected third parties to use your personal data, to identify and provide you with information about products and services which may be of interest to you, and we or they may contact you about these. We use the information you provide to us to create a profile for you, which is used to tailor marketing information you receive to that which may be the most relevant to you.
We will only use your personal data for marketing purposes if you provide us with your consent to do so. You can withdraw consent at any time by contacting us by email: firstname.lastname@example.org; phone: 020 3006 2000; or by writing to us at MYJAR, Unit 22426, PO Box 7169, Poole, BH15 9EL.
Data security and retention
We understand that the privacy and security of your personal data are of great importance, and therefore we have implemented technology, security policies, rules and controls to protect your information.
We will only retain personal data for as long as is necessary. In accordance with our retention policy and applicable anti-money-laundering legislation, we will retain your personal data for a minimum of five years from the end of our business relationship with you. Our business relationship will be deemed to be at an end on the date upon which your account is closed. This will either be when all outstanding sums under the agreement have been repaid or when we stop pursuing arrears on the account. You can view our data retention policy here.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
Where will your personal data be held?
Your personal data may be held within the European Economic Area (EEA) or outside the EEA. If any personal data is transferred or stored outside of the EEA, we check whether the EU Commission has determined that it will be afforded the same level of protection as it would within the EEA (this is called an adequacy decision). If it will not, we will ensure any such transfer is subject to appropriate safeguards (for example by putting appropriate contractual provisions in place with relevant third parties to provide us with reassurance about the security of your personal data) or is otherwise permitted (for example with your express consent to transfer) in accordance with the provisions of the GDPR.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
3. Your Rights
Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
For more information or to exercise your data protection rights, please contact us using the contact details above.
Right to access
You have the right to access the personal data we hold about you. Requests to access your personal data should be made in writing and sent by email or post. You can do this by emailing us at email@example.com or in writing to us at the above contact address.
Right to rectify your personal data
If you notice that the information we hold about you is not correct, you may ask us to change it to make sure that it is accurate and up to date.
Right to be forgotten
You may ask us to delete your personal data in certain circumstances. It may not be possible for us to delete all of the personal data we hold about you where we have an ongoing relationship, however, please contact our Data Protection Officer who will be able to assist with your request.
We use the personal data you provide to us to create your profile. This profile is considered as part of your loan application, and we may take decisions by automated means. We may use credit reference and fraud prevention agencies to help us make decisions. We will make checks such as assessing your application for credit and verifying your identity to prevent and detect crime and money-laundering.
The amount we lend, the term of your loan and the interest we charge on your loan will be determined by your credit status. If you do not agree with a decision which has been made by automated means based on the profile we have created for you, you can request that the decision is considered using a non-automated method. In such cases, we will review your loan application manually. You can also object to profiling, including profiling for marketing purposes, you can do this by contacting us directly, using the information we have provided above in this policy.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more, please contact us using the details above.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
You may also ask us to stop or restrict our processing of your personal data or to transfer your personal information to a third party in certain circumstances.
You can contact the credit reference agencies in the UK to obtain information held by them about you. Contact details are:
- TransUnion (formerly Callcredit), Customer Services Team, TransUnion Information Group, One Park Lane, Leeds, West Yorkshire, LS3 1EP or call 03300247574
- Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS or call 08000142955 or 03333214043
- Experian Ltd, Customer Support Centre, PO Box 9000, Nottingham, NG80 7WF or call 08000138888 or 03444810800
Please contact our Data Protection Officer if you wish to exercise any of your rights, using firstname.lastname@example.org; 020 3006 2000; or Unit 22426, PO Box 7169, Poole, BH15 9EL.
4. Other Information
Links to Other Websites
What if I have a complaint?
We work to high standards when it comes to processing your personal data. If you are unhappy about how your personal data has been used, please contact our Data Protection Officer (DPO):
- By email to email@example.com
- By post to MYJAR, Unit 22426, PO Box 7169, Poole, BH15 9EL
Our DPO will acknowledge your complaint straightaway and will independently investigate and respond within 30 days. In the unlikely event that the DPO has not been able to fully address the raised issue and offer a response within the statutory timeframe, you may escalate the complaint to the Information Commissioner's Office (ICO), which regulates the processing of personal data.
Following the response provided if you remain unhappy, you have the right complaint to the ICO about the way we handle your data or respect your rights. However, we would appreciate raising your dissatisfaction with our Data Protection Officer first to give a chance looking into the matter and try to resolve the complaint to your satisfaction. By allowing our independent officer looking into your dissatisfaction might help you obtain both a quicker resolution to your complaint and an answer with the sought explanation, you might be looking for.
You may reach out to ICO by following means:
- By completing the online form https://ico.org.uk/make-a-complaint
- By email to firstname.lastname@example.org
- Telephone: 0303 123 1113
Monday to Friday, from 9am to 4:30pm
- By post to Information Commissioner's Office, Wycliffe House Water Lane, Wilmslow, Cheshire, SK9 5AF
Additional information on raising a complaint, you may find on ICO's website by following this link https://ico.org.uk/your-data-matters/raising-concerns/