Privacy Policy

NOTICE

Your personal data privacy is very important to us, which is why we have published this notice for your information purposes. This is designed to explain what, why and how we use your personal data as well as provide you with information regarding our regulatory authority.

 If you have a question, want to exercise your rights or make a complaint about our use of your information, please contact us  or by email to complaints@handt.co.uk. You can also make a complaint to the ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, telephone 0303 123 1113. www.ico.org.uk.

Data Controller and Data Protection Officer

A data controller is an organisation that collects, uses and manages personal data and has responsibility for how the personal data is collected, used and managed.

A data protection officer is the person in an organisation who has responsibility for monitoring compliance with data protection law and for ensuring that personal data is protected within an organisation

Who is the Data Controller?

Harvey and Thompson Limited (‘H&T’) of Times House, Throwley Way, Sutton, Surrey SM1 4AF is the data controller of personal data that you provide when you order goods or use our services.

We are registered with the Information Commissioner's Office with registration number Z5870831.

Harvey and Thompson Limited are an indirect subsidiary of FirstCash Holdings Inc, who as owners of H&T may act as a data processor from time to time.

Our Data Protection Officer can be contacted via the address on our contact us page. or via email at DPO@handt.co.uk

The types of personal data we collect

We collect personal customer data; the amount of data and type of data depends on the transaction type. Sensitive and personal data may also be captured in certain circumstances and where this is the case, the data will only be captured and stored with consent.

We only collect personal data we actually need for our specified purposes.

How we use your personal data

 We use your personal information for a variety of reasons related to providing you with our products and services, our business activities and administration, and compliance with our legal and regulatory obligations.

We may use your personal data in the following ways:

To provide goods and services and to manage your retail account including administering payments, returns and responding to queries.

To administer any financial services products that you have.

To administer any prize draw or competition you may enter.

To analyse your shopping preferences or how you interact with or use our websites.

For research and statistical purposes.

For marketing purposes, including to send you special offers or discounts and to tell you about products and services from us or third parties. This may also include profiling to ensure we market to you about relevant products and services. We would only do this with your consent.

To record and monitor outbound and inbound telephone conversations with you to ensure consistent service levels, to prevent or detect fraud, to resolve queries and complaints and for performance management and training purposes.

Where you have applied for a credit product (such as a pawnbroking agreement) we will also use your data to process and assess your application for credit and to administer your credit product. We refer to this as a "credit product".

Where you are using one of our other services, such as a foreign exchange transaction, this is to provide you with services and to manage our risk. We refer to these as "money services”.

For certain third party provided services such as Western Union, any personal data you provide directly to them will be subject to their own privacy notice and data handling practices.

Where you have used Klarna to pay for goods bought via our retail platform, both H&T and Klarna would be controllers and processors of that data, which would be processed by H&T to perform and manage your purchase and relationship e.g for confirming your identity, sending goods, handling questions and disputes, in order to prevent fraud and, where appropriate, send relevant marketing if you have chosen to opt in. H&Ts Privacy Notice applies to the processing of your personal data. Please also see Klarna’s Privacy Notice for further details as to how they process your data.

What is the lawful basis for these uses?

In most cases our use of your information is necessary and carried out on the following legal grounds:

·   for the performance of a contract with you (such as your credit product or money services).

·   where necessary for our legitimate interests (such as the proper administration of our business and managing our legal risks);

·   and where necessary in order to comply with a legal obligation (for example making reports to our regulatory authority or to law enforcement agencies).

Where our use of your data is not necessary for one of the purposes outlined above, we may seek your consent to use it in a particular way, for example if we want to send you marketing information, ask you to provide feedback or you tell us about a change in circumstances relating to your health.

Where we ask for your consent, you may refuse and can withdraw your consent at any time by contacting us using the details set out below.

What information about you do we use

We collect and use the following information about you:

·         Information about you including your contact details and personal details and, if you are applying for a credit product, information about your financial circumstances.

·         If you are taking out a credit product, information provided to us by any loan broker that introduced you to us.

·         If you are taking out a credit product or using a money service, Information about you from third party organisations to verify your identity and, in the case of credit products, Fraud Prevention Agencies (FPAs) and tracing agents;

·         information obtained from other public data sources which might include data from the electoral roll, public records including county court judgments, and bankruptcy and insolvency data to the extent this is necessary and justified on one of the legal bases above;

·        Information about your use of our website and call recordings when you speak to us over the telephone; and

Information you (or your third-party representative(s)) provide us with or share publicly to the extent this is necessary and justified on one of the legal bases above. CCTV footage and audio from H&T store estate.

When might we collect and use sensitive information about you?

We always seek to treat customers fairly and be responsive to their individual needs. Sometimes you may disclose some types of information that are classed as sensitive under the law. A common example of this is information about your mental or physical health. We will ask your consent to record this information. If you do not agree to us recording this information, it may impact on our ability to  make adjustments for your circumstances. We collect this information with your consent only, so that we can treat you fairly and according to your needs.

Who do we share your information with?

We may share your information with:

·         The broker who introduced you (if applicable);

·         Third-party service providers, such as tracing agents, our legal advisors, our auditors and professional service providers and our website support;

·         Providers of information tech, cloud-based software as a service, website hosting and management, data analysis, data back-up and security.

·         Dotdigital, online marketing company.

·         Law enforcement agencies or regulatory bodies where we are required to do so.

·         Other members of our group of companies, and any purchaser or proposed purchaser of all or part of the same or their assets, together with their professional advisors, including in the United States of America.

·         You or your third-party representatives (in line with your rights); or

·         any person or person’s seeking to acquire all or part of our business and/or assets and any potential assignees of your credit agreement, along with their third-party advisors.

·         Third parties, including other pawnbrokers and/or credit providers, where we believe, in good faith, that this is necessary to prevent or investigate fraud, theft or other criminal activity and in order to protect our rights, property, safety or reputation or the rights, property, safety or reputation of any of our clients or partners.

·         Customer satisfaction review agencies

·         Fraud prevention services

·         Ecommerce platforms

Where we share your data, we will always seek to implement reasonable safeguards  such as data encryption at rest, use of  Secure File Transfer Protocol, (SFTP), Secure Sockets Layer (SSL) and anti-malware defences to ensure it is safe. Further details on where we share your data and how we safeguard it can be found later in this document.

Records remain on file with CRAs and FPAs for 6 years after they are closed, whether settled by you or defaulted. This information may be supplied to other organisations which search your credit record.

 More information about CRAs and how they use personal information is available in the Credit Reference Agency Information Notice (also known as the "CRAIN") at www.experian.co.uk/crain/index.html or you can contact the agencies below:

Third party organisations that provide applications / functionality, data processing or IT services to H&T

We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud-based software as a service, website hosting and management, data analysis, data back-up, security and storage services.

The servers are located in secure data centres around the world, and personal data may be stored in any one of them. Further details of these providers are set out below.

Fair Processing Notice

The personal information we have collected from you may be shared with fraud and Anti Money Laundering prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. Identity checking and re-verification may result in services not being offered, being suspended or being withdrawn.  If fraud is detected, you could be refused certain services, or finance.

 Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by accessing the CIFAS Fair Processing Notices (www.cifas.org.uk/fpn).

Where is your information stored / processed ?

We’re based in the UK, but sometimes we or our third parties need to transfer, store or process your personal information outside the UK.

 Some of these jurisdictions may not provide the same level of protection for personal data as provided in the UK as they will have different data protection laws.  This may include transfers to countries including (but not limited to)  United States of America, India, Dublin, and Australia. We take steps, including through contracts, intended to ensure that the information continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law.

How will we safeguard your personal data?

No matter where we process your personal data, we will always ensure it is protected in a manner as described in this privacy notice and in accordance with applicable laws. Therefore, when we do transfer your personal data outside of the UK, we’ll make sure that suitable safeguards are in place before we transfer your personal information to countries outside the EEA.

Safeguards include:

·         If that country is covered by UK adequacy regulations (please see appendix for list of countries), we will rely on that decision to undertake our transfer; or

·         For transfers of personal data where UK adequacy regulations are not applicable an ‘International Data Transfer Agreement (IDTA)’ or ‘Standard Contractual Clauses addendum’ will be put in place prior to any processing.

How long will your information be kept on file?

We keep your information for as long as it is needed to provide you with the services you have requested and, to the extent it is necessary for the protection of our legitimate interests, and in line with our retention policy. In some limited cases, by law, we are required to keep certain information longer than the retention periods. If you would like to know more, please contact us.

Below is a non-exhaustive list of some of the reasons we need to retain your personal data:

·         Compliance with the requirements of the Financial Conduct Authority

·         Compliance with Anti Money Laundering Regulations

·         Reporting obligations to the Credit Reference Agencies

·         Ensuring we have relevant information in the event of any queries or complaints

·         Being able to identify if you have purchased a product which is subject to a product recall

·         Being able to service any product or service guarantee you have purchased

·         To assist with the establishment, exercise or defence of legal claims

The length of time we need to keep the personal data will vary depending on the nature of the personal data and the reason we are obliged to hold it. We will apply appropriate risk-based measures to protect your personal data which may include pseudonymising or anonymising the personal data. If personal data is pseudonymised, this means it is de-identified so you are no longer identifiable, but we can re-identify you if we have a requirement to do so. If personal data is anonymised, it is de-identified but can never be re-identified in the future.

If you would like to know more, please contact us.

Your rights

You have the right to withdraw consent for our processing of your personal data at any time. You can do this in any of our stores, via the business postal address or via email at DPO@handt.co.uk

You can find out more or exercise the above rights by contacting us. Further information is also available from the ICO's website (www.ico.org.uk).

Website use

When you make an enquiry or shop on this website, we will ask you to input and will collect personal information from you such as your name, email address, billing address, delivery address, telephone number, product selections, credit card, or other payment information, photographs, and a password.

 We may also collect, information about where you are on the internet (e.g. the URL you came from, IP address, domain types like .co.uk and .com), your browser type, the country and telephone area code where your computer is located, the pages of our website that were viewed during your visit, the advertisements you clicked on, and any search terms that you entered on our website ("User Information"). We may collect this information even if you do not register with us.

 You should be aware that this site is being monitored and may capture information about your visit that will help us improve the quality of our service.

 We keep a record of your purchases with us, which means we can create lists of your favourite items to make your shopping experience quicker and more convenient. It also means we can deal a lot quicker with any problems you may experience with your order.

Contact and complaints

Statutory or contractual obligation to provide personal data.

The majority of products and services require you to provide personal data. Where you have applied for a credit product (such as a pawnbroking agreement) you are required by law and under contract to provide personal data. If this is not provided the agreement or product cannot be fulfilled.

Updates

Updates to this policy are published on our website and, where appropriate, may be sent by email and/or post.

Questions

Appendix 1

Countries, territories or sectors covered by an EC adequacy decision

·         Andorra

·         Argentina

·         Canada (commercial organisations only)

·         Faroe Islands

·         Guernsey

·         Isle of Man

·         Japan (private-sector organisations only)

·         Jersey

·         New Zealand

·         Switzerland

·         Uruguay

These are countries, territories or sectors that the European Commission has made a finding of adequacy about.