1. In this Privacy notice (referred to throughout as notice) we, our or us refers to NewDay Ltd, its parent company NewDay Cards Ltd and any other companies in the group to which they belong (referred to throughout this notice as the NewDay Group). You or your refers to anyone whose personal data we process. Reference to the retailer is to the retailer through whom you took out Newpay or through whom you made a transaction using your Newpay account and references to the retailer group refer to any company in the group to which the retailer belongs. Newpay is issued and administered by NewDay Ltd.
2. Details of the products offered by the NewDay Group can be found on our website www.newday.co.uk/who-we-are/brands and www.newday.co.uk/what-we-do/products. We may change this notice from time to time and we will put any changes on our website www.newday.co.uk and, where appropriate, changes will be notified to you by email or by post. Please check our website frequently to see any updates or changes to our notice.
3. This notice sets out how we, the retailer and the retailer group will use and look after your personal information.
- This notice covers the following:
4. The table at the end of this notice provides an overview of the personal data that we collect, the purposes for which we use that personal data, the legal basis which permits us to use your personal data and the rights that you have in relation to your personal data.
2. Whom should I contact if I have questions about this notice?
Should you wish to contact us about any aspect of this notice you can contact our data protection officer using the following email address firstname.lastname@example.org. Details of the retailer's data protection officer can be found in the retailer's privacy notice or on their website. If you are unable to find these details please contact our data protection officer using the email address above.
NewDay Ltd and NewDay Cards Ltd are registered with the UK Information Commissioner's Office (referred to throughout this notice as ICO). NewDay Ltd's registration number is Z272680X and NewDay Cards Ltd's registration number is Z5599433.
If you are unhappy with the way in which we are processing your personal data you have the right to raise a complaint directly with the ICO. Their contact details are Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. You can also call them on 0303 123 1113 or email them on email@example.com.
For more information about credit reference agencies (referred to throughout this notice as CRAs) and how they use your personal data please read the Credit Reference Agency Information Notice (CRAIN).For a hard copy of this notice please call Customer Services Section 20.2.
For more information about fraud prevention agencies (referred to throughout this notice as FPAs) and how they use your personal data please contact us by calling our Compliance Team on 0371 522 5146.
3. What are personal data and special categories of personal data?
Personal data is any information that tells us something about you. This could include information such as name, contact details, date of birth, medical information and bank account details.
Special category personal data is any information relating to your ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data used to uniquely identify you, health data or your sexual life. This personal data is more sensitive and we need to have further justifications for collecting, storing and using this type of personal data. There are also additional restrictions on the circumstances in which we are permitted to collect and use criminal conviction data.
4. Where do we obtain your personal data from?
We get personal data about you from a number of sources as set out below:
Personal data you provide when you request a quote directly from us or if you apply to us for Newpay or one of our other products;
Personal data the retailer gives to us when you use Newpay;
Personal data you give to us in emails, letters, via online servicing (including via chat and chatbots), during phone calls (including any phone numbers that you use to contact us on) and when registering for services such as our account management services;
Personal data we obtain about the IP address, operating system, devices and browser that you use, including the location of any devices used by you;
Personal data you give when you participate in surveys, promotions or competitions;
Personal data we receive when making a decision about your quote, application or account, including personal data we receive from enquiries and searches made at CRAs and FPAs, from the retailers, or from publicly available sources, for example the electoral roll;
Personal data we continue to exchange about you with CRAs on an ongoing basis. For more information about the information that we share with CRAs and how CRAs use your personal data in this manner please see Section 7.4 or read the Credit Reference Agency Information Notice;
Personal data we have about any account you have with us including details of transactions and payments; and
Personal data we collect using analytics tools to track website page content and click/touch, movement, scroll, and keystroke activity;
Personal data from insurers or other firms who provide services to you, including price comparison, aggregator or similar websites that you visited before clicking through to any of our websites.
5. What personal data do we use and why?
We are a controller for the personal data that we obtain when providing your account and/or product. However, the retailer may also hold personal data where the retailer processes your personal data for their own purposes. In this case, the retailer will provide you with a separate privacy notice.
We hold and use the following personal data about you:
Personal data such as your name, address, address history, phone numbers, email address, date of birth, passport information, driving licence information employment details, identifiers assigned to your computer or other internet connected device including your Internet Protocol (IP) address, browser type, approximate location, behavioural biometric data (which includes how you hold your device, your key strokes and mouse movements) vehicle details and financial information such as your bank account details, income and expenditure and other information necessary to assess your financial status. We use this information in order to verify your identity, operate your account and for the purposes of preventing fraud and money laundering;
Personal data relating to your demographic, lifestyle how you use your account and/or product and consumption habits for example how you use your account and/or product. We use this information to improve our account and/or products;
Personal data relating to any financial associates on or linked to your account. A “financial associate” is someone with whom you have a personal relationship that creates a joint financial unit in a similar way to a married couple. You will have been living at the same address at the time. It is not intended to include temporary arrangements such as students or rented flat sharers or business relationships. CRAs may link together the records of people that are part of a financial unit. They may do this when people are known to be linked, such as being married or have jointly applied for credit or have joint accounts. They may also link people together if they, themselves, state that they are financially linked. For more information about how CRAs use your personal data in this manner please read the Credit Reference Agency Information Notice;
Personal data and details of other services you have through us, including the Credit Score checker or our eligibility checking services you have subscribed to, or any insurance provided to you by any other third party;
Any other personal data we need to operate your account, make decisions about you or fulfil our legal or regulatory obligations.
In addition to the purposes stated above, we use the personal data we hold for the following purposes:
To make credit decisions about you, assess lending risks and to validate the details that you have provided to us;
To operate and manage your account, any application(s), any agreement(s) or handle any correspondence you may have with us and to conduct financial reviews (for example assessing your eligibility for credit line increases, or to monitor your account for fraud);
To enable us to perform other administrative and operational purposes including the testing of systems, auditing and other compliance related activities to ensure that we are complying with our legal and regulatory obligations;
To monitor and analyse our business, including customer modelling and statistical trend and transactional analysis, to identify, develop or improve products that may be of interest to you, and to carry out market research;
To provide you with accounts, products and services and tell you about changes to these products and services;
To send you marketing in accordance with the provisions of Section 19;
To trace your whereabouts in the event we are unable to contact you in relation to the products or services we provide to you;
To recover any debt you owe us;
To provide information on an anonymised or aggregated basis to independent external bodies such as government departments and agencies, universities and similar to carry out research; and/or
To comply with our legal and regulatory obligations and to identify, prevent, detect or tackle fraud, money laundering, terrorism and other crimes.
We and the retailer, or members of either group, may send you information directly in the form of service messages related to your account and/or product where this relates to features or benefits of your account and/or product for example, messages containing details of your loyalty points. We want to make sure that we provide excellent customer service and we use various means of communication to do this including phone, post, email, push notifications and SMS.
In the event that NewDay receives any funds from a third party which have been incorrectly attributed or applied to your account, NewDay shall have the right to disclose all your available relevant information (including personal information) to the third party's payment service provider (for example their bank) in order to assist the third party to recover such funds. Additionally, in the event that the third party's payment service provider is unable to recover such funds on behalf of the third party, NewDay will upon receipt of a written request, provide all your available relevant information (including personal information) to the third party to enable them to recover the funds.
When we are managing your account it is not our intention to routinely process special categories of personal data. However, in certain circumstances, (for example if you are unable to make re-payments to your account or if you are incapacitated) we and the retailer may be provided with special categories of personal data about your health or medical information which we will hold and process to operate and deal with your account.
6. What personal data do we share with third parties and why?
We will keep your personal data confidential and only share it with other third parties and organisations including the retailer for the purposes explained below:
With any third parties who carry out services on our behalf to help us operate our business, to provide services, to collect payment or to recover debts. All these third parties have a contract with us and have agreed to keep your personal data confidential and secure and only to use it for the purposes that we allow.
With any person working within the NewDay Group or the retailer group to enable us to perform our obligations in relation to the provision of the services or products to you;
With any price comparison, aggregator or similar website that you visit before clicking through to any of our websites. This personal data will be collected regardless of whether or not you provided any price comparison, aggregator or similar website that you visit (or visited before clicking through to our website) with any personal data at that time. We use the personal data provided via this route to determine any payments due to such price comparison, aggregator or similar website and assess your eligibility for any NewDay products and/or services that you have applied for or have agreed to receive marketing for. Please note that you can withdraw your consent to receive marketing from us at any time by contacting Customer Services, using the unsubscribe link in any email we send you or on your online account management page. Please see Section 17 for more information about how we use your personal data for profiling, Section 18 about the right to object to the processing of your personal data and Section 19 about where we rely on your consent to process your personal data;
With any firm, organisation or person together with whom we provide products and services for example where we are providing a account and/or product to you on behalf of a retailer. When we share your personal data with such parties they may also be a controller for the personal data they process. You should therefore read their privacy notices very carefully to understand how they process your information;
With any payment system provider we may use to enable us to process payments in relation to the services and/or products provided to you;
With any firm that provides analytical, market research or similar services to us;
With any insurers with whom you have any policy related to your account and/or product so that they may administer your policy;
With your close relative, carer or helper, where you are unable to handle your own affairs because of mental capacity, ill health or other similar issues and we have been provided with authority to disclose your personal data;
With any third party you have authorised to talk to us about your account (which could include Debt Management Companies);
With any regulators, including the Financial Conduct Authority (referred to throughout this notice as FCA), the ICO, the Financial Ombudsman Service and other authorities including law enforcement agencies and tax authorities, (including those overseas), where we are required to disclose any personal data in order to comply with our legal or regulatory obligations;
With any third parties or authorities including any CRAs and/or FPAs for the purposes of undertaking checks for preventing or detecting fraud and money laundering, or crime or to verify your identity or to rectify any inaccurate personal data. When personal data is shared with a CRA and/or FPA, the CRA and/or FPA may share your personal data with other third parties (including law enforcement agencies) for the purposes set out in the Credit Reference Agency Information Notice . We and FPAs may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime;
With Mastercard Europe SA for the purposes of providing us with advisory consulting services, managed services and/or data analytical services;
With social media sites and digital advertising networks (for example Google) for online targeted marketing as well as broadcast channels (for example TV) for targeted marketing;Please see Section 17 for more information about how we use your personal data for profiling, Section 18 about the right to object to the processing of your personal data and Section 19 about where we rely on your consent to process your personal data;
With any potential buyer, transferee, or merger partner and their advisers in relation to any business transfer or re-organisation if we decide to sell, transfer or merge part or all of our business or assets, or any associated rights or interests or to acquire another business. If we disclose your personal data for this purpose, we will ensure that your personal data is kept confidential and only used it in relation to the possible transaction(s). If the transaction(s) go ahead, the purchaser, transferee or merger partner may use your personal data in the same way as set out in this notice or provide you with a new privacy notice explaining how your personal data will be used by them;
With any debt purchaser in the event that we sell your debt. If we disclose your personal data for this purpose, we will enter into a contract with the third party debt purchaser requiring them to keep your personal data confidential and process it in accordance with the terms of this notice. Following the sale of your debt, the debt purchaser will become a controller of your personal data and you can request information from them detailing how your personal data will subsequently be used. On the sale of your debt you will be provided with the debt purchaser's contact details as part of our other regulatory obligations; and
Where we have acquired your account from another creditor, with the previous creditor for administrative, regulatory and legal purposes and to help us deal with any complaints or other issues relating to your account.
7. What personal data do we share with CRAs and why?
In order to process your quote or application, we will perform credit and identity checks on you with one or more CRAs. Where you take financial services from us we may also make periodic searches at CRAs to manage your account with us.
To do this, we will supply your personal data to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this personal data to:
Assess your creditworthiness and whether you can afford to take the product;
Verify the accuracy of the data you have provided to us;
Prevent criminal activity, fraud and money laundering;
Manage your account(s);
Trace and recover debts; and
Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange personal data about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal data, data retention periods and your data protection rights with the CRAs are explained in more detail in their Credit Reference Agency Information Notice at http://www.experian.co.uk/crain/index.html. CRAIN is also accessible from each of the three CRAs - clicking on any of these three links will also take you to the same CRAIN document: TransUnion www.transunion.co.uk/crain; Equifax www.equifax.co.uk/crain; Experian www.experian.co.uk/crain.
8. What is the legal basis that permits us to use your personal data?
We are only permitted to use your personal data and special categories of personal data if we have a legal basis for doing so as set out under data protection legislation. We rely on the following legal bases to use your personal data:
Where we have your consent (Consent);
Where we need information to enter into a contract, or perform the contract we have entered into, with you (Contractual Performance);
Where we need to comply with a legal or regulatory obligation (Legal Obligation); or
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (Legitimate Interest);
In more limited circumstances we may also rely on the following legal bases:
Where we need to protect your interests (or someone else's interests) (Vital Interest); or
Where it is needed in the public interest or for official purposes (Public Task).
When we and FPAs process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify your identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
The table at the end of this notice provides more detail about the personal data that we use, the legal basis that we rely on in each case and your rights.
Some information is classified as special categories of personal data under data protection legislation. We may process special categories of personal information and criminal conviction information in the following circumstances:
In limited circumstances with your explicit consent, in which case we will explain the purpose for which the information will be used at the point where we ask for your consent; and
We will use information about your physical and mental health or disability status to comply with our legal obligations, including to ensure we are complying with our obligations to treat you fairly and to assess your ability to repay your debt.
We will use behavioural biometric data to help us to confirm your identity when you log into your online account manager or your online banking app. This is necessary to prevent or detect crime.
9. What are the consequences of processing your personal data for fraud prevention or anti-money laundering purposes?
If we, or a FPA, determine that you pose a fraud or money laundering risk, we may refuse to provide Newpay or any other credit product to you, or we may stop providing existing products to you.
A record of any fraud or money laundering risk will be retained by the FPAs, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us by calling our Compliance Team on 0371 522 5146.
10. What happens if you do not provide information that we request?
We need some of your personal data in order to perform our contract with you. For example, we need to know your address and phone number in order to operate your account. We also need some information so that we can comply with our legal obligations. For example, we need to know your credit history so we can assess your ability to repay the balance on your account and/or product to ensure that we are lending responsibly.
Where personal data is needed for these purposes, if you do not provide it we will not be able to perform our contract with you and may not be able to offer you an account and/or product. If you do this, we will stop using your personal data for this purpose, but may continue to process your personal data for other purposes as set out in this notice.
Should you enter into a credit agreement with us, you explicitly consent in your terms and conditions to us accessing, processing, and retaining any information you provide to us for the purposes of providing payment services to you.
11. How and why do we grant third party providers (TPP) access to your online servicing account?
A TPP is a third party service provider that is authorised or registered with the Financial Conduct Authority or another European Economic Area regulator or otherwise permitted by law to carry on certain activities on your instruction. These include:
accessing information about your account held with us if it is accessible online; and
initiating payments from your account held with us if it is accessible online.
If you choose to use a TPP, please ensure you understand how their services work, such as how they access your account with us and how they will protect your information including your personal data. Please also be aware that:
If you use a TPP, the terms of your account and/or product will still apply.
If a TPP is only asking for information about your account (and is not initiating a payment from your account with us), we will assume you have given your consent to us providing the information to that particular TPP and we will provide the information immediately.
If the TPP is an issuer who asks us to confirm whether you have sufficient credit for it to initiate a payment from your account, we will only do so if you have given us your explicit consent to provide information to that particular TPP.
Although you must not, generally, give your security details to anyone else, you may give them to a TPP if it is necessary to do so.
We may refuse to allow a TPP to access your account if we are concerned about unauthorised or fraudulent access by that TPP. If we do this, we will tell you why (unless doing so would compromise our reasonable security measures or otherwise be unlawful).
You must check the information provided to you by the TPP, to ensure that they are authorised or permitted by law to provide payment services to you. If we become aware that an unauthorised third party is using your security details, we may block access to your account.
12. How long do we retain your personal data for?
We will only retain your personal data for as long as it is required in relation to the purposes it was obtained for by us as detailed in this notice. The periods for which we hold your personal data are set out below:
When you have an account with us; we only keep details of your personal information and details of your account for such period of time to permit us to comply with any legal or statutory obligations after your account is closed.
When you apply for an account but are declined credit; we will keep your personal data for statistical analysis, fraud prevention and credit scoring purposes. If you have consented to receiving marketing from us, in the event your application is declined, we will continue to retain your personal data in order to send marketing to you. Please note that you can withdraw your consent to receive marketing from us at any time by contacting Customer Services, using the unsubscribe link in any email we send you or on your online account management page. Please see Section 17 for more information about how we use your personal data for profiling, Section 18 about the right to object to the processing of your personal data and Section 19 about where we rely on your consent to process your personal data;
FPAs can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years by them. For more details about how long FPAs hold your personal data please contact us by calling our Compliance Team on 0371 522 5146.
13. What measures do we have in place to safeguard your personal data?
We know how important it is to keep your personal data secure. We protect your personal data when being transferred and when stored in IT systems.
A variety of technologies are employed to protect the systems that are used to store and manage personal data. To protect our systems and networks from attack we use firewalls, encrypted hard drives, antivirus software, host based intruder detection software and authenticated access protection solutions. Our security solutions are designed in line with industry standards to protect the personal data we store or transmit.
Access to personal information is strictly controlled. We ensure access to personal data is restricted to individuals on a need to know basis. Training is provided to individuals working within the group who need to access personal data to ensure that personal data is managed securely.
When we share your personal data with third parties and organisations as set out in Section 6 we undertake appropriate due diligence with them to ensure they are complying with the terms of their contract.
14. When do we transfer your personal data overseas?
We and third parties with whom we share personal data with may transfer your personal data overseas so that we can manage your account and provide other services from countries within the EEA (where the same data protection standards apply as in the UK) and countries outside the EEA. When personal data is transferred to countries outside of the UK and the European Economic Area (EEA) those countries may not offer an equivalent level of protection for personal information to the laws in the UK. Where this is the case we and those third parties will ensure that appropriate safeguards are put in place to protect your personal information. For example, whenever FPAs transfer your personal data outside of the EEA, they impose contractual obligations on the recipients of that personal data to protect your personal data to the standard required in the EEA. They may also require the recipient to subscribe to 'international frameworks' intended to enable secure data sharing.
When we transfer personal data to Mastercard, Mastercard have binding corporate rules in place to safeguard your personal data. A link to the Mastercard binding corporate rules is found here https://www.mastercard.co.uk/content/dam/mccom/global/documents/mastercard-bcrs-february-2017.pdf.
We may process payments through other financial institutions such as banks and the worldwide payments system operated by the SWIFT organisation. These external organisations may process and store your personal data abroad in order to fulfil any payment instructions for example when you use your account and/or product. Additionally, the SWIFT organisation has to disclose your personal data to overseas authorities to help them to prevent and detect crime and terrorism. If these authorities are outside the EEA, your personal information may not be protected to the same standards as in the EEA.
The countries to which your personal data is transferred and the safeguards in place are set out below:
- United Kingdom
16. Why do we use credit scoring and automated decision making as part of your application?
When you check your eligibility with us or apply to us for credit we may use an automated system known as credit scoring to help us decide whether to lend to you. It is a way of assessing how much you are able to afford to borrow and how you are likely to manage your account. Most lenders use credit scoring to help make fair and informed decisions about lending.
Credit scoring takes account of information from three sources:
The information you give us on your application;
Information provided by CRAs and FPAs, including information about how you manage similar accounts; and
Information that may already be held about you by us.
Credit scoring methods are regularly reviewed to ensure they remain fair, effective and unbiased. Using credit scoring helps us to lend responsibly.
You have rights in relation to automated decision making. Please see Section 18 for more details of these rights.
17. How do we use your personal data for profiling?
We use various profiling techniques to assist us with running our business. By “profiling” we mean the automated analysis of personal data about an individual to evaluate certain things about that individual – basically drawing conclusions about an individual based on a statistical model.
We use these techniques for instance in the course of evaluating applications for Newpay, to manage your account, to guard against fraud and for marketing and targeted advertising purposes.
You have a right to object in relation to profiling. Please see Section 18.1.7 for more details of this right.
18. What rights do you have in relation to your personal data?
You have a number of rights in relation to your personal data, these include the right to:
Information - Be informed about how we use your personal data;
Access - Obtain access to your personal data that we hold;
Rectification - Request that your personal data is corrected if you believe it is incorrect or incomplete;
Erasure - Request that we erase your personal data in the following circumstances:
If we are continuing to process personal data beyond the period when it is necessary to do so for the purpose for which it was originally collected;
If we are relying on consent as the legal basis for processing and you withdraw consent;
If we are relying on legitimate interest as the legal basis for processing and you object to this processing and there is no overriding compelling ground which enables us to continue with the processing;
If the personal data has been processed unlawfully (i.e. in breach of the requirements of the data protection legislation); or
If it is necessary to delete the personal data to comply with a legal obligation
Restriction - Ask us to restrict our data processing activities where you consider that:
Personal data is inaccurate;
Our processing of your personal data is unlawful;
Where we no longer need the personal data but you require us to keep it to enable you to establish, exercise or defend a legal claim; or
Where you have raised an objection to our use of your personal data.
Portability - Request a copy of certain personal data that you have provided to us in a commonly used electronic format. This right relates to personal data that you have provided to us that we need in order to perform our agreement with you and personal data where we are relying on consent to process your personal data.
Objection - Object to our processing of your personal data where we are relying on legitimate interests or exercise of a public interest task to make the processing lawful. If you raise an objection we will carry out an assessment to determine whether we have an overriding legitimate ground which entitles us to continue to process your personal data.
Automated decisions - Not be subject to automated decisions which produce legal effects or which could have a similarly significant effect on you.
As part of the processing of your personal data, decisions may be made by automated processes. This means we may automatically decide that you pose a fraud or money laundering risk if:
our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct; or is inconsistent with your previous submissions; or
you appear to have deliberately hidden your true identity.
If you apply to us for credit but we are unable to offer you credit, you can contact us within 21 days of the date of your application to ask to have the decision reconsidered.
We will always tell you about the outcome of a request you have made in relation to the rights discussed above (except in relation to changes in marketing preferences, which are mostly automated).
If you would like to exercise any of your rights or find out more, please contact our data protection team at firstname.lastname@example.org or customer services team on 0333 220 2520*. The table at the end of this notice provides more details about the personal data that we use, the legal basis that we rely on in each case and your rights.
In addition to the rights above, you also have a right under the Consumer Credit Act 1974 to request a CRA to provide you with information they hold about you. A fee is payable. For more information about the fees charged please read the Credit Reference Agency Information Notice .
19. Your marketing preferences
As part of the application process for an account and/or product or to check your eligibility for one of our accounts and/or products we will ask you if you wish to receive marketing from us. We will not send marketing to you if you ask us not to. We conduct marketing via direct mail, phone, email, SMS and online, including via social media and other digital advertising channels (for example Google), broadcast channels (for example TV) and our mobile apps.
If you agreed to receiving marketing from us, but no longer wish to receive marketing from us you can opt-out in a number of ways as follows:
Writing to Customer Services Team, NewDay Ltd, PO Box 700, Leeds, LS99 2BD; or
Phoning us on 0333 220 2520*; or
Clicking on any unsubscribe link which will be provided on all marketing emails or using any unsubscribe functionality in any text messages from us; or
Following the instructions in any other form of marketing you have received from us; or
Changing your marketing preferences on your online account management page.
When you provide your consent to receive marketing from us related to your account we will pass details of your marketing preferences to the retailer.
20. Why do we need to record phone calls with you?
We may monitor or record phone calls with you in case we need to check that we have carried out your instructions correctly, to resolve queries or issues, for regulatory purposes, to help improve the quality of our service, to manage your account and to help detect or prevent fraud or other crimes. Conversations may also be monitored for staff training purposes.
*Calls are charged at a standard national rate. Call costs from mobiles and other operators may vary so please check before calling. Our lines are open Monday to Friday 8-6pm and Saturday 9-4pm. Calls may be recorded and monitored for training and security purposes and to help us manage your account.
Part 1 - Quick check of NewDay's use of your personal data (including processing undertaken where NewDay relies on legitimate interests)
|Purpose||Type of personal data used||Legal basis for processing||Which rights apply?*|
|Assessing credit risk for credit applications to ensure that NewDay meet its regulatory obligations to lend responsibly and to enter into a contract with you||Application data including bank account details full name, date of birth, current and past addresses, phone number and e-mail address, employment information including salary, residential type, marital status and details of financial associates||Contractual Performance and Legal Obligation||The generally applicable rights plus the right to data portability|
|Account management to enable NewDay to operate and manage your account including sending service messages via post, SMS, email, WhatsApp, push notifications and via your online Account Manager||Transaction data, loyalty points data, customer communications, customer service records, complaint records and associated documentation, current addresses, phone number and e-mail address||Contractual Performance||The generally applicable rights plus the right to data portability in relation to transaction data|
|Supporting debtor tracing and debt collections to enable NewDay to recover any unpaid monies from you||Contact details, including full name, date of birth, current and past addresses, phone number and e-mail address and account data (including details of financial associates) and transaction data||Legitimate Interest||The generally applicable rights plus the right to object|
|To sell or transfer your debt to another third party||Application data including bank account detauls full name, date of birth, current and past addresses, phone number and email addrees, employment information including salary, residential type, marital status and details of financial associates and transaction data||Legitimate Interests||The generally applicable rights plus the right to object|
|Promoting responsible lending and helping to prevent over-indebtedness||Application data including previous application details and account data and details of financial associated and transaction data||Legal Obligation||The generally applicable rights|
|Helping prevent and detect crime and anti-money laudering services and verify identity including compliance with Politically Exposed Persons (PEPS) and Sactions Regulations||Application data including previous application details, account data, transaction data||Legal Obligation||The generally applicable rights|
|Helping prevent fraud in order to protect us and you against any fraudulent activity on your account||Application data including previous application details, device data, behavioural biometric data, account data, transaction data||Legitimate Interest||The generally applicable rights plus the right to object|
|Complying with and supporting compliance with legal and regulatory requirements to which NewDay is subject||Application data including previous application details, transaction data, loyalty points data, customer communications, customer service records, complaint records and associated documentation||Legal Obligation||The generally applicable rights|
|Business analytics including system testing||Application data, contract detalils including previous application details, information from business partners e.g. Experian, information from marketing information providers, transaction data, loyalty points data, customer communications, customer service records, complaint recods and associated documentation||Legitimate Interest||The generally applicable rights plus the right to object|
|Marketing purposes inclduing direct mail and targeted digital marketing to send you offers about our good and services||Previous application details, information from business partners e.g. Experian, information from marketing informatin providers, names, addresses, account data||Legitimate Interest||The generally applicable rights plus the right to object|
|Electronic marketing purposes including, SMS and email, targeted marketing to send you offers about our good and services||Previous application details, information from business partners e.g. Experian, information from marketing informatin providers, names, addresses, account data||Consent or legitimate interests depending on the sign up journey that you followed when applying for your Newpay account||The generally applicable rights plus the right to object|
|Information generated by Cookies||Browser data||Consent||The generally applicable rights plus the right to object|
|Assessing your ability to repay and credit owed to us||Sensitive categories of personal data including details relating to your health, criminal convictions or alleged offences. Information from business partners e.g. Experian.||Legal Obligation||The generally applicable rights|
* The following generally applicable rights always apply: right to be informed, right of access, right to rectification, right to erasure, right to restriction and rights in relation to automated decision making. Please see the “What rights do you have in relation to your personal data” Section 18 above for more details of your rights and how to exercise them or go the Information Commissioner's website at www.ico.org.uk.