Privacy

Privacy

Introduction

Data protection legislation (which includes the General Data Protection Regulation or GDPR) places obligations on us in relation to the way that we handle your personal information. We must process your information fairly and lawfully. This also means you are entitled to know how we intend to use your information. All our employees are responsible for ensuring personal data is kept confidential. We provide training to all our colleagues to remind them about their obligations. In addition our policies and procedures are regularly audited and reviewed.

The identity of the controller and their contact details

This privacy statement explains how Provident Financial Management Services Limited (PFMSL) the recruiter and the operator of the website IBM Kenexa Brassring on Cloud uses your personal information submitted during the recruitment process and provides information about your rights in relation to your personal information. PFMSL is the controller of your information. This privacy statement applies to your use of the recruitment services on the site. PFMSL may update this privacy statement and so you should check it from time to time and always before you submit an application to us to make sure that you are happy with any changes that may have been made. Our aim is to be as clear and open as possible about what information we collect from you, what we do with your personal data, how we use it and your rights as the data subject. If you apply for a position using our online recruitment services, PFMSL will use the information you provide (including personal data) for the recruitment purposes outlined in this privacy statement.

The identity of the Data Protection Officer

PFMSL has a Data Protection Officer (GDPO) to ensure that your personal data is being treated fairly and lawfully and protected at all times. If you need to contact the GDPO please email informationrequests@provident.co.uk, write to the Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 9166278 (UK) 1800 553084 (ROI).

Categories of personal data processed

You can look through our recruitment site without giving us any personal data. You are under no statutory or contractual obligation to provide data to us during the recruitment process, however, if you do not provide the information, we may not be able to process your application properly or at all.

If you decide to apply for a role via the site we will need to collect and process your personal data, including:

Name, address and postcode – without this we would not be able to identify you as an applicant or know where to send recruitment information to. We also need this in order to process the necessary pre-employment checks.
Email address – we will send a confirmation of your application via We may use email to advise you of similar alternative vacancies if you have consented to us doing so. We may also contact you by email if you have only partially completed an application.
Contact telephone numbers – if there are any problems with your application or we need to clarify anything with you, we need to be able to contact you
User name and password – this is to keep your personal data secure and so that you can return to a partially completed application at a later
Your application – this is required so that we may assess you. We will collect and process data about your skills (including education, professional qualifications and training) and employment You should only provide the information requested by the application form.
Disability data – any personal data you provide about your health is sensitive personal data. By providing this information, you agree to allow us to use it for the purposes of making any reasonable adjustments during the recruitment process and for monitoring purposes.
Background checks – we will use your personal data when we perform background checks, using internal/external databases and external agencies, to assess your fitness to work for an authorised consumer credit business.
Other personal data specified during the online application process that is relevant to recruitment.

If your application is successful and we make a conditional job offer to you we will also require details of your referees, your National Insurance number and any other proof of your right to work in the UK/ROI, for example visa or working permits, bank details, date of birth, next of kin and driving licence (if applicable).

Why we process your data

As a business we use the data we obtain from you and the information we collect about you (from your application form, through interviews or other forms of assessment) to perform a number of activities. Under data protection law we are only allowed to use your personal information where we have a legal basis to do so. We set out below an explanation of the legal basis that we rely on to allow us to use your information. PFMSL is part of the Provident Financial PLC (the Provident Group). In most cases any data we and the other companies within the Provident Group of Companies obtain are shared amongst each other to ensure that we are managing your relationship with us in the most informed way e.g. if you apply for a vacancy in another part of the group.

Processing your data as a Legitimate Interest

PFMSL may process and sometimes share your information amongst the Provident Group for administrative activities where we have a legitimate business need. Some examples are:

To maintain internal record keeping
To provide general aggregate information (which does not identify individuals) and statistics to help PFMSL develop its websites and services. PFMSL has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows PFMSL to manage the recruitment process, assess and confirm a candidate’s suitability for employment and decide to whom to offer a job. PFMSL may also need to process data from job applicants to respond to and defend against legal claims.

Keeping your information accurate

It is your responsibility to ensure that all of the personal data you provide is true and is not misleading, deceptive or inaccurate in any way. If you believe any of the personal data PFMSL holds about you is incorrect, please log back into your account and amend your record. If at any time after the submission of your application you become unavailable to work, or if you simply change your mind, please log back into your account to withdraw your application. In the event that you are unable to access your account to amend your details or withdraw your application or you do not have an account please contact talent.acquisition@provident.co.uk. Your personal data can only be viewed online if you successfully log in to the site. Our log in procedure minimises the risk of someone who is not the applicant doing this. You are responsible for keeping your password confidential. We ask you not to share this password with anyone.

How we use Fraud prevention agencies (UK only)

We will undertake this processing under a legitimate business interest. Fraud prevention databases have been established for the purpose of allowing employers to share data on their employment fraud cases.

Should our investigations identify fraud or the commission of any other criminal offence by you or on your part when applying for, or during the course of your employment with us, we will record the details of this on the relevant fraud prevention databases. This information may be accessed from the UK and other countries and used by law enforcement agencies and by us and other organisations to prevent fraud.

Please contact us at informationrequests@provident.co.uk if you want to receive details of the relevant fraud prevention databases through which we share information.

Processing your data for legal reasons

PFMSL needs to process data to ensure that it is complying with its legal obligations. For example, to check that a successful applicant has the right to work in the UK/ROI before employment starts or to carry out its obligations and exercise specific rights in relation to employment such as processing information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability.

Other examples of when we may need to process you data for legal reasons include:

1. In the UK, the Financial Conduct Authority (FCA) requires us to carry out specific fitness and probity checks on successful applicants, including: credit checks, criminal record checks, fraud database checks, FCA Register checks, directorships and civil litigation checks, media searches and employer / academic / professional membership reference checks for staff who will be operating in Senior Manager/ Certified Functions.
2. In the ROI, the Central Bank of Ireland’s (CBI’s) Fitness & Probity Regime requires specific information to be checked.

We will treat your information as private and confidential, but may share it with other companies within the group and disclose it outside the Group if we are legally obliged to do so. Examples of this are:

1. Passing information to HMRC (in the UK) and the Revenue Commissioners’ (in the ROI) where a court order is in
2. Required by the Police/Garda Síochána and other law enforcement agencies to investigate or prevent crime.
3. Required by the authorities when we report on any suspicious
4. To carry out equal opportunities monitoring (see below).

Equality Monitoring

We are required by law to make basic documentation checks on every candidate. Please note that you will be asked to provide documentation of your eligibility to work in the UK if you are invited to attend the next stage of the recruitment process with us. Other personal data (including special categories of personal data), for example, relating to your gender, race or ethnic origin, religion or belief, age bracket, details of any disability and sexual orientation is requested for the purpose of monitoring the effectiveness of our Equal Opportunities policy.

Processing your data for contractual reasons

There are a number of activities that we will perform to use your data to administer your employment application with us in line with any contractual   or pre-contractual requirements. Some examples of the contractual processing we undertake are:

1. To approach your nominated referees for the purposes of obtaining references.
2. To consider you for the position for which you have applied, and subsequent suitable vacancies (where you provide your consent to this).
3. Make up part of your personnel records if your application is successful (but only to the extent that such information is relevant to your on-going employment).
4. Undertaking background searches to assess your suitability working for the company, such as your previous employment/engagement records at Provident (if applicable), employer/academic/professional membership reference checks, criminal record checks, passport checks, identity checks and driving licence checks with the DVLA.
5. Checks of external public record databases such as the FCA register/Companies House records for directorships information, court records for civil litigation cases and media records.
6. Credit Reference Agency Data (UK Only) – we conduct credit agency searches to identify whether you have any court judgements, bankruptcies, IVAs or debt release orders.
7. Fraud Prevention Agency Data (UK only) – we will conduct internal and external Fraud Prevention Agency searches.
8. Customer database checks – we will review our customer databases and identify whether you hold a Provident loan, and the status of that loan.

Processing your data with your consent

There will be circumstances where we will only process your data if we have your consent to do so. For example, if you provide us with data that is classed as a special category of Personal Data, such as health information, we will only process this with your permission (unless we feel the processing is necessary to protect your vital interests) and you have a right at any time to ask us to stop the processing of that specific data. Where you provide personal data about somebody else, for example, your referees, you should ensure that they have given their consent.

How we manage your special categories of Personal Data

Where we need to process special categories of Personal Data, this will only be done with your explicit consent (unless we feel the processing is necessary to protect your vital interests) or if we are obliged to process under employment or financial crime legislation.

Your rights

You have a number of other rights in relation to your personal data. For example you can ask for a copy of your personal data through a Subject Access Request, you can ask for your information to be corrected if it is inaccurate, you can ask for the processing of your data to be restricted whilst we may be resolving an issue, and you can ask for your data to be deleted, and you have the right to data portability. See below for additional information. If you wish to exercise one of your rights please email informationrequests@provident.co.uk, write to the Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 9166278 (UK) 1800 553084 (ROI) and we will review your request and come back to you within 30 days.

Your right to object

You have a right to object to any processing activity where the business states it has a legitimate business need to use your data in the way described. If you need to contact us please email informationrequests@provident.co.uk, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 9166278 (UK) 1800 553084 (ROI) and we will review your request and come back to you within 30 days.

Your right to data portability

Data Protection legislation contains a right to data portability that may give you a right in some data processing contexts, to receive your personal data in a portable format when it is processed on certain grounds, such as consent. If you wish for this limited data to be “ported” to another organisation direct, please email informationrequests@provident.co.uk, write to the Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 9166278 (UK) 1800 553084 (ROI) and we will review your request and come back to you within 30 days.

Obtaining a copy of your data

You have a right to access the personal data held about you. To obtain a copy of the personal data we hold about you, please email informationrequests@provident.co.uk, write to the Rights Request Team, Provident Personal Credit Limited, No 1 Godwin Street, Bradford, BD1 2SU, or call [Satsuma: 0800 6944962, HC UK: 0800 9166278, HC ROI: 1800 567015] and we will review your request and come back to you within 30 days.

Your right to lodge a complaint with the regulatory authority

We hope that we provide you with the service you expect in relation to how we manage your personal data . Please contact Talent.acquisition@provident.co.uk if there is anything you are concerned about and we will endeavour to address this . If you are still not satisfied then you have the right to contact the Information Commissioner on 0303 123 1113 (UK) or The Data Protection Commissioner at info@dataprotection.ie (ROI)

Who we share your data with<

Your information may be shared internally for the purposes of the recruitment exercise. This includes; members of the HR team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.

Sometimes we use third party companies to help us administer your application to the company for example:

UK Credit Check: Equifax, ROI Credit Check: StubbsGazette, UK Fraud: CIFAS

All Criminal Checks are requested through Verifile. Jobs are checked by:

1. England/Wales: Disclosure & Barring Service
2. Scotland: Disclosure Scotland
3. NI: AccessNI
4. ROI: search of Court outcomes

All of these third parties are subject to the same Data Protection obligations and stringent requirements, regardless of which country they are processing in.

Processing your data between ROI and UK (ROI only)

To help manage your application, we use skills and technology within Provident Financial Management Services Limited (PFMSL) which is based in the UK. PFMSL is part of the Provident Financial Group and all its activities in relation to processing your Personal Data require compliance with data protection regulations.Provident Personal Credit use PFMSL to process data on their behalf and this is done under a legitimate business need and is supported by a compliant data processing contract.

Processing your data outside the EEA (ROI)

We sometimes use third parties based outside the European Economic Area. For example some of our IT administrative activities are supported by third parties based in India and Israel. We will always ensure they will protect your information to EU standards.

If we do transfer information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:

1. Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website (http://ec.europa.eu/justice/data-protection/international- transfers/adequacy/index_en.htm)
2. Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this here on the European Commission Justice website (http://ec.europa.eu/justice/data- protection/international-transfers/adequacy/index_en.htm)

Sometimes these organisations may disclose information to foreign authorities in the fight against crime and terrorism where they are legally obliged to do so.

Processing your data outside the UK and EEA

We sometimes use third parties based outside the UK and European Economic Area. For example some of our IT administrative activities are supported by third parties based in India and Israel. We will always ensure they will protect your information to EU standards.

If we do transfer information outside of the UK or EEA, we will make sure that it is protected in the same way as if it was being used in the UK or EEA. We’ll use one of these safeguards:

1. Transfer it to a non-EEA country with privacy laws that give the same protection as the UK or EEA. Learn more on the European Commission Justice website (http://ec.europa.eu/justice/data-protection/international- transfers/adequacy/index_en.htm)
2. Put in place a contract with the recipient that means they must protect it to the same standards as the UK or EEA. Read more about this here on the European Commission Justice website (http://ec.europa.eu/justice/data- protection/international-transfers/adequacy/index_en.htm)

Sometimes these organisations may disclose information to foreign authorities in the fight against crime and terrorism where they are legally obliged to do so.

How long do we keep your data for

If your application is successful your information will be transferred into your employee record and subject to PFMSL’s robust data protection controls. If you join you will be signposted to the Colleague Data Protection Notice to understand how your data will be processed and the retention periods that will apply to this data. If you are unfortunately not successful in your application or you decide not to accept a job offer we will retain the information you provide (including personal data) for 6 months for the purpose of maintaining a database of potential suitable candidates and may contact you about any suitable opportunities in the future. We will ask for your consent before we keep your data for this purpose and you are free to withdraw your consent at any time.

Changes to this notice

We keep our applicant privacy notice under regular review. This notice was last updated on 26th November 2020.

Introduction

Data protection legislation (which includes the General Data Protection Regulation or GDPR) places obligations on Provident Financial plc Group of Companies (PFG) including Provident Financial PLC (PF), Provident Personal Credit Limited (PPC), Provident Financial Management Services Limited (PFMSL) and Cheque Exchange Limited (CEL) in relation to the way that we handle your personal information. We must process your information fairly and lawfully. This also means you are entitled to know how we intend to use your information. All our employees are responsible for ensuring personal data is kept confidential. We provide training to all our colleagues to remind them about their obligations. In addition our policies and procedures are regularly audited and reviewed.

The identity of the controller and their contact details

Your information will be held by PFMSL on behalf of PPC. More information on PFG can be found at www.providentfinancial.com.

The identity of the Data Protection Officer

PFMSL and PPC have a Data Protection Officer to ensure that your personal data is being treated fairly and lawfully and protected at all times. If you need to contact the DPO please email dataprivacy@provident.co.uk or write to the Data Privacy Office, 1 Godwin Street, Bradford West Yorkshire BD1 2SU.

Categories of personal data processed

We only collect the data we need to administer your application to become a self-employed agent. In most cases this will mean that we are processing personal data such as:

1. Information received on your application form such as name, address, email address, contact telephone number/s, previous employers, qualifications etc.

2. Information provided to us from our Fitness and Probity checks. Fitness and Probity check include:
(a) Credit reference checks with a licensed credit reference agency;
(b) Criminal record checks; and
(c) Fraud prevention checks.

Where we obtain your personal data from

To manage your engagement as a self-employed agent we use your personal information collected from a variety of sources;

1. Information provided in your application.
2. Information provided from training sessions attended including test scores.
3. Information provided in your Fitness and Probity Questionnaire.

Why we process your data

As a business we use data we obtain from you and data we collect about you to perform a number of activities. Under data protection legislation we are only permitted to use your personal information when we have a legal basis that permits us to do so. We set out below an overview of the purposes for which we use your personal information and, in each case, the legal basis that permits us to use that information.

In most cases any data PPC and other companies within PFG obtain are shared amongst each other to ensure that we are managing your application to become a self-employed agent with us in the most informed way.

Processing your data as a Legitimate Interest

PFG companies may process and sometimes share your information amongst each other for the following administrative activities where we have a legitimate business need;

1. Managing the mandatory legal and regulatory training.
2. Your information may also be shared with Legal, Risk, the MLRO and the DPO where required to enable proper investigations to take place.
3. Processing agent data allows Provident to: Maintain accurate and up to date agent records and contact details respond to and defend against legal claims.

Recording phone calls

We will undertake this processing under a legitimate business interest. Within the contact centre calls are recorded to resolve queries or issues, for legal and regulatory purposes, to help improve our quality or service and to help prevent or detect fraud or other crimes. Conversations may also be recorded for staff training purposes. If you call into the contact centre you need to be aware that your conversation will be recorded.

Using information on social networking sites

We will undertake this processing under a legitimate business interest. If appropriate, we reserve the right to review social media sites as part of any investigation we are conducting.

Processing your data for legal reasons

PFG may need to process data to ensure that it is complying with its legal obligations.

We will treat your information as private and confidential, but may share it with each other and disclose it outside the Group if we are legally obliged to do so. Examples of this are:

1. Passing information to Revenue Commissioners.
2. Required by the Síochána Garda and other law enforcement agencies to investigate or prevent crime.
3. Required by the authorities when we report on any suspicious activity that could indicate money laundering.
4. The Central Bank of Ireland’s (CBI’s) Fitness & Probity Regime requires specific information to be checked.

Processing your data with your consent

There will be circumstances where we will only process your data if we have your consent to do so. For example, if you provide us with data that is classed as special categories of Personal data, such as health information, we will only process this with your permission (unless we feel the processing is necessary to protect your vital interests) and you have a right at any time to ask us to stop the processing of that specific data.

How we manage your special categories of Personal Data

Where we need to process special categories of Personal Data (which includes information relating to Race or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life or sexual orientation biometric and genetic data) this will only be done with your explicit consent (unless we feel the processing is necessary to protect your vital interests) or if we are obliged to process under financial crime legislation.

Your rights

You have a number of rights in relation to your personal data. For example you can ask for a copy of your personal data through a Subject Access Request, you can ask for your information to be corrected if it is inaccurate, you can ask for the processing of your data to be restricted whilst we may be resolving an issue, you can ask for your data to be deleted, and you have the right to data portability. See below for further details. If you wish to exercise one of your rights please email informationrequests@provident.co.uk, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Your right to object

You have a number of rights in relation to your personal data. For example you can ask for a copy of your personal data through a Subject Access Request, you can ask for your information to be corrected if it is inaccurate, you can ask for the processing of your data to be restricted whilst we may be resolving an issue, you can ask for your data to be deleted, and you have the right to data portability. See below for further details. If you wish to exercise one of your rights please email informationrequests@provident.co.uk, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Your right to object

You have a right to object to any processing activity where the business states it has a legitimate business need to use your data in the way described. If you need to contact us please email informationrequests@provident.co.uk, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Your right to data portability

Data Protection Legislation contains a right to data portability that may give you a right in some data processing contexts, to receive your personal data in a portable format when it is processed on certain grounds, such as consent. If you wish for this limited data to be “ported” to another organisation direct, please email informationrequests@provident.co.uk, write to the Rights Request Team, Provident Personal Credit Limited, No 1 Godwin Street, Bradford, BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Obtaining a copy of your data

You have a right to access the personal data held about you. To obtain a copy of the personal data we hold about you, please email informationrequests@provident.co.uk, write to the Rights Request Team, Provident Personal Credit Limited, No 1 Godwin Street, Bradford, BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Your right to lodge a complaint with the regulatory authority

We hope that we provide you with the service you expect in relation to how we manage your personal data. Please contact a manager if there is anything you are concerned about and we will endeavour to address this. If you are still not satisfied then you have the right to contact Data Protection Commissioner at info@dataprotection.ie

Who we share your data with

Sometimes we use third party companies to help us administer your application to become a self-employed agent. All third parties are subject to the same Data Protection laws and stringent requirements that we place in their contractual obligations with us, regardless of which country they are processing in.

Processing your data outside of UK and EEA

We sometimes use third parties based outside the UK and European Economic Area. For example, some of our IT administrative activities are supported by third parties based in India and Israel.  We will always ensure they will protect your information to EU standards.

If we do transfer information outside of the UK or EEA, we will make sure that it is protected in the same way as if it was being used in the UK or EEA. We’ll use one of these safeguards:
1. Transfer it to a non-EEA country with privacy laws that give the same protection as the UK or EEA. Learn more on the European Commission Justice website.
2. Put in place a contract with the recipient that means they must protect it to the same standards as the UK or EEA. Read more about this here on the European Commission Justice website.

You can find out more about data protection on the European Commission Justice website

Sometimes these organisations may disclose information to foreign authorities in the fight against crime and terrorism where they are legally obliged to do so.

How long do we keep your data for

For the majority of your personal data this will be held for 6 months if you are not engaged as a self-employed agent. If you are engaged as a self-employed agent, the Agent Data Privacy Notice for existing agents will explain how your personal information is used, and will be available for you to view on Agent Comms App.

Changes to this notice

We keep our new agent privacy notice under regular review. This notice was last updated 7th January 2020.

Introduction

Data protection legislation (which includes the General Data Protection Regulation or GDPR) places obligations on the Provident Financial plc Group of Companies (PFG) including Provident Personal Credit Limited (PPC) and Provident Financial Management Services Limited (PFMSL) in relation to the way that we handle your personal information. We must process your information fairly and lawfully. This also means you are entitled to know how we intend to use your information. All our employees are responsible for ensuring personal data is kept confidential. We provide training to all our employees to remind them about their obligations. In addition our policies and procedures are regularly audited and reviewed.

The identity of the controller and their contact details

Your information will be held by PFMSL on behalf of PPC. More information on PFG can be found at www.providentfinancial.com.

The identity of the Data Protection Officer

PFMSL and PPC have a Data Protection Officer to ensure that your personal data is being treated fairly and lawfully and protected at all times. If you need to contact the DPO please email dataprivacy@provident.co.uk or write to the Data Privacy Office, 1 Godwin Street, Bradford West Yorkshire BD1 2SU.

Categories of personal data processed

We only collect the data we need to administer your authorisation to act as a designate Agent for a self-employed Agent. In most cases this will mean that we are processing personal data such as;

Information received when you were engaged as a Designate Agent such as name, address, email address, PPSN, date of birth, contact telephone number/s, previous employers, qualifications etc.
Information provided to us from our Fitness and Probity checks. Fitness and Probity check include:
(a) Credit reference checks with a licensed credit reference agency;
(b) Criminal record checks;
(c) Fraud prevention checks;
(d) Reference checks;
(e) Companies Registration Office and Central Bank of Ireland database checks; and
(f) Review of the status of any loans you currently/previous held with Provident.

Where we obtain your personal data from

To administer your authorisation to act as a Designate Agent for a self-employed Agent, we use your personal information collected from a variety of sources;

Information provided from legal and regulatory training undertaken including test scores.
Information provided in your Fitness and Probity Questionnaires.
Information provided on your Designate Agent’s Agreement.
Your customer record (if you are a current or previous Provident customer).

Why we process your data

As a business we use data we obtain from you and data we collect about you to perform a number of activities. Under data protection legislation we are only permitted to use your personal information when we have a legal basis that permits us to do so. We set out below an overview of the purposes for which we use your personal information and, in each case, the legal basis that permits us to use that information.

In most cases any data PPC and other companies within PFG obtain are shared amongst each other to ensure that we are managing your application to become a Designate Agent with us in the most informed way.

Processing your data as a Legitimate Interest

PFG companies may process and sometimes share your information amongst each other for the following administrative activities where we have a legitimate business need;

Managing the mandatory legal and regulatory training.
We may also share your information, including information we obtain through credit agency searches and judgement checks with the self-employed Agent on whose behalf you will be conducting Agency work to satisfy ongoing Fitness and Probity checks.

Recording phone calls

We will undertake this processing under a legitimate business interest. Within the contact centre calls are recorded to resolve queries or issues, for legal and regulatory purposes, to help improve our quality or service and to help prevent or detect fraud or other crimes. Conversations may also be recorded for staff training purposes. If you call into the contact centre you need to be aware that your conversation will be recorded.

Using information on social networking sites

We will undertake this processing under a legitimate business interest. If appropriate, we reserve the right to review social media sites as part of any investigation we are conducting.

Processing your data for legal reasons

PFG may need to process data to ensure that it is complying with its legal obligations.
We will treat your information as private and confidential, but may share it with each other and disclose it outside the Group if we are legally obliged to do so. Examples of this are:

Passing information to Revenue Commissioners.
Required by the Síochána Garda and other law enforcement agencies to investigate or prevent crime.
Required by the authorities when we report on any suspicious activity that could indicate money laundering.
The Central Bank of Ireland’s (CBI’s) Fitness & Probity Regime requires specific information to be checked.
Where you are a customer of any of the Provident Financial Group of Companies we may process your customer data to enable us to be satisfied that you are able to comply with the Fitness and Probity standards of the CBI.

Processing your data with your consent

There will be circumstances where we will only process your data if we have your consent to do so. For example, if you provide us with data that is classed as special categories of Personal data, such as health information, we will only process this with your permission (unless we feel the processing is necessary to protect your vital interests) and you have a right at any time to ask us to stop the processing of that specific data.

How we manage your special categories of Personal Data

Where we need to process special categories of Personal Data (which includes information relating to Race or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life or sexual orientation biometric and genetic data) this will only be done with your explicit consent (unless we feel the processing is necessary to protect your vital interests) or if we are obliged to process under financial crime legislation.

Your rights

You have a number of rights in relation to your personal data. For example you can ask for a copy of your personal data through a Subject Access Request, you can ask for your information to be corrected if it is inaccurate, you can ask for the processing of your data to be restricted whilst we may be resolving an issue, you can ask for your data to be deleted, and you have the right to data portability. See below for further details. If you wish to exercise one of your rights please email informationrequests@provident.co.uk, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Your right to object

You have a right to object to any processing activity where the business states it has a legitimate business need to use your data in the way described. If you need to contact us please email informationrequests@provident.co.uk, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Your right to data portability

Data Protection Legislation contains a right to data portability that may give you a right in some data processing contexts, to receive your personal data in a portable format when it is processed on certain grounds, such as consent. If you wish for this limited data to be “ported” to another organisation direct, please email informationrequests@provident.co.uk, write to the Rights Request Team, Provident Personal Credit Limited, No 1 Godwin Street, Bradford, BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Obtaining a copy of your data

You have a right to access the personal data held about you. To obtain a copy of the personal data we hold about you, please email informationrequests@provident.co.uk, write to the Rights Request Team, Provident Personal Credit Limited, No 1 Godwin Street, Bradford, BD1 2SU, or call 1800 553084 and we will review your request and come back to you within 30 days.

Your right to lodge a complaint with the regulatory authority

We hope that we provide you with the service you expect in relation to how we manage your personal data. Please contact a manager if there is anything you are concerned about and we will endeavour to address this. If you are still not satisfied then you have the right to contact Data Protection Commissioner at info@dataprotection.ie

Who we share your data with

Sometimes we use third party companies to help us administer your application to become a Designate Agent. All third parties are subject to the same Data Protection laws and stringent requirements that we place in their contractual obligations with us, regardless of which country they are processing in.

Processing your data between ROI and UK

If you are based in the ROI, to administer your relationship with the company, we use skills and technology within Provident Financial Management Services Limited (PFMSL) which is based in the UK. PFMSL is part of the Provident Financial Group and all its activities in relation to processing your Personal Data require compliance with data protection regulations.

Provident Personal Credit use PFMSL to process data on their behalf and this is done under a legitimate business need and is supported by a compliant data processing contract.

Processing your data outside the UK and EEA

We sometimes use third parties based outside the UK and European Economic Area. For example, some of our IT administrative activities are supported by third parties based in India and Israel. We will always ensure they will protect your information to EU standards.

If we do transfer information outside of the UK or EEA, we will make sure that it is protected in the same way as if it was being used in the UK or EEA. We’ll use one of these safeguards:
1. Transfer it to a non-EEA country with privacy laws that give the same protection as the UK or EEA. Learn more on the European Commission Justice website.
2. Put in place a contract with the recipient that means they must protect it to the same standards as the UK or EEA. Read more about this here on the European Commission Justice website.

You can find out more about data protection on the European Commission Justice website

Sometimes these organisations may disclose information to foreign authorities in the fight against crime and terrorism where they are legally obliged to do so.

How long do we keep your data for

If you are not issued with an authorisation ID card to undertake agency work on behalf of a self-employed Agent (for example if you fail the Fitness and Probity checks), we will hold your personal data for 6 months. If you are issued with an authorisation ID card to undertake agency work on behalf of a self-employed Agent, the Designate Agent Privacy Notice for existing Designate Agents will explain how your personal information is used, and will be available for you to view on Agent Comms App.

Changes to this notice

We keep our new Designate Agent privacy notice under regular review. This notice was last updated, 21st December 2020.