Koze Group Ltd
Koze Group Ltd (“we”, “our”, and “us”) is committed to ensuring that your privacy is protected. Set out below is how we use the information we collect and receive about you and how you can tell us if you would prefer us not to use the information, or to limit its use.
We are Koze Group Ltd, a limited liability company registered in England and Wales with company registration number 08537963. Our registered office address is Trafalgar House Kemble Airfield Enterprise Park, Kemble, Cirencester, Gloucestershire, England, GL7 6BQ.
We provide a web-based and/or app-based platform that allows merchants, customers and lenders to connect at the point of sale (“Vendigo Platform”). The Vendigo Platform enables merchants to offer their customers financing for home improvements at the point of sale to give customers greater purchasing flexibility. Customers are provided with a single application to complete on the Vendigo Platform and, on completion, Vendigo searches its panel of lenders simultaneously for the best financing offer available to the customer. The Vendigo Platform can be accessed via our website, www.vendigo.com, and/or the Vendigo mobile application service (the “Site”).
Koze Group Ltd is the data controller of any personal data you provide to us or that we collect about you when you use the Vendigo Platform and is subject to applicable data protection laws.
Koze Group Ltd is registered with the Information Commissioner’s Office (“ICO”) under registration number ZA175149.
Our Data Protection Officer is Graham Weir.
Data Protection Officer
Kemble Airfield Enterprise Park, Kemble
By email: email@example.com
By telephone: 0203 965 0996
DATA PROTECTION PRINCIPLES
Anyone processing personal data must comply with the principles of processing personal data as follows:
- Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a transparent manner.
- Purpose limitation – data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data minimization – data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy – data must be accurate and, where necessary, kept up to date.
- Storage limitation – data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- Integrity and confidentiality – data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.
INFORMATION WE MAY COLLECT
Information you give us
You may give us personal information when using the Vendigo Platform or by corresponding with us by phone, email or otherwise. This includes information you provide when you:
- register and create a user profile on the Vendigo Platform (for example, your name, date of birth, telephone number, address, employment information and email address);
- make a request for credit on the Vendigo Platform (for example, personal details, information about your current address, employment, bank details);
- respond to requests for additional information from lenders made through the Vendigo Platform;
- communicate with us by phone, e-mail, through the Vendigo Platform or otherwise;
- sign up to receive our newsletter;
- enter a competition, promotion or survey; and
- participate in any social media functions on the Vendigo Platform or with us on social media platforms directly.
We will indicate to you where the provision of certain personal information is required in order for us to provide you certain services. If you choose not to provide such personal information, we may not be able to provide the services you have requested.
Information we collect from merchants
The Vendigo Platform allows you to apply for finance from third party lenders to pay for goods or services that you wish to purchase from third party merchants. When you are ready to apply for finance in relation to certain goods or services, the merchant will request personal information from you and will share this information with us.
Information we collect from lenders
Lenders may share information with us about your credit application and its decision and, where applicable, the lending agreement with the lender.
Information we collect from you
We will collect and store information regarding the financing services that you enter into through the Vendigo Platform.
We may also automatically collect, store and use information about your visits to the Vendigo Platform and about your computer, tablet, mobile or other device through which you access the Vendigo Platform. This includes the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and geographical location; and
- information about your visit and use of the Vendigo Platform, including the full Uniform Resource Locators (URL), clickstream to, through and from the Vendigo Platform (including date and time), pages you viewed and searched for, page response times, download errors, and length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), and website navigation and search terms used.
We may also use aggregate information and statistics for any purpose, including monitoring website usage in order to help us develop the website and our services. These statistics will not include information that can be used to identify any individual.
WHAT WE DO WITH YOUR INFORMATION
As a data controller, we will only use your personal information if we have a legal basis for doing so. The purposes for which we use and process your information and the legal basis on which we carry out each type of processing is explained below.
Lawful basis: Compliance with a legal obligation
Your personal data will be used by us in order to decide whether to accept your application to register on the Vendigo Platform and to decide whether or not to provide the Vendigo Platform services to you, including disclosing such information to our compliance team and to any relevant authorities for the purposes of preventing fraud and crime. We consider that this use of your personal data is necessary for compliance with legal obligations to which we are subject.
Lawful basis: Performance of a contract
Your personal data will be used by us in order to:
- process your application to register on the Vendigo Platform;
- allow a potential lender to carry out checks of your credit history to determine whether or not a credit facility should be made available to you and to set your credit limit;
- provide you with credit options and administer any credit facilities which you enter into through the Vendigo Platform;
- carry out the services that you request from us through the Vendigo Platform;
- carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
- allow you to participate in interactive features of our service, when you choose to do so.
We consider that these uses of your personal data are necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
Lawful basis: Legitimate interests
Your personal data will be used by us in order to:
- administer the Vendigo Platform including troubleshooting, data analysis, testing, research, technical support, computer system processing, security, maintenance, activity verification, statistical and survey purposes;
- deal with your queries, complaints or concerns;
- as part of our efforts to keep the Vendigo Platform safe and secure;
- notify you about changes to our service;
- ensure that content from the Vendigo Platform is presented in the most effective manner for you and for your computer, mobile device or other item of hardware through which you access the Platform; and
- from time to time, we may also use your information to contact you for market research purposes.
We consider that these uses of your personal data are necessary for the purposes of our legitimate interests, namely to:
- maintain and administer the Vendigo Platform;
- maintain proper customer relations;
- keep you up to date with our services and privacy practices;
- ensure that the Site is safe and secure.
- market and develop our services.
Lawful basis: Consent
Where you have given us consent, we shall provide you with information about news and publications, which we think will be of interest to you. You can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal. You can update your details or change your privacy preferences at any time on the Vendigo Platform or by contacting us as given in “Contacting us” above.
SHARING YOUR INFORMATION WITH THIRD PARTIES
In order to provide the Vendigo Platform services to you, we will need to share your personal information with the merchant from which you are purchasing goods or services. In addition, when you submit an application for credit through the Vendigo Platform, we will share your personal information with certain lenders for the purpose of checking the availability of financing deals for your purchase of goods or services. These lenders will perform checks of your credit history, directly or through a third-party credit reference agency. The credit checks performed by lenders will include customer risk profiling. Customer risk profiling is a decision-making process based on your credit history, through which you will be assigned a credit risk profile. The decision of the lender as to whether or not to offer credit to you, and any terms attaching to the offer of credit, will be based on the credit risk profile assigned to you.
We may share your personal data with any member of our corporate group, including affiliated entities to the extent necessary to achieve the purposes above.
We may share your personal data with our agents, service providers, consultants and sub-contractors which assist us in running the Vendigo Platform and related services, and which are subject to security and confidentiality obligations.
We may also disclose your personal information to third parties where there is a legitimate reason to do so including for the following reasons:
- in the event that we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets;
- if all or substantially all of our assets are acquired by a third party, in which case personal information will be one of the transferred assets;
- if we are under a duty to disclose or share your personal information in order to comply with any legal obligation.
Find below links to the Privacy Notice of our lenders for your benefit.
SECURITY OF YOUR INFORMATION
We store your information in hard copy and in electronic format. We use industry standard physical and procedural security measures to protect information from the point of collection to the point of destruction. Hard copy information files are restricted to authorised individuals. We use, as appropriate, encryption, firewalls, access controls, policies and other procedures to protect information from unauthorised access.
Where appropriate, we use pseudonymisation and / or encryption to protect your information.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted via the internet; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Where data processing is carried out on our behalf by a third party, we will endeavour to ensure that appropriate security measures are in place including to prevent unauthorised disclosure of personal information.
We may transfer your personal information to group members or third party service providers located outside of the UK.
Where your personal information is transferred to a country which is not recognised by the UK as having an adequate level of protection for personal information, we shall put in place appropriate safeguards, such as entering into standard contractual clauses approved by the UK government with recipients, to ensure that your information is treated securely and in accordance with this policy and applicable law. Details regarding these safeguards can be obtained from our Data Protection Officer whose details are given above.
HOW LONG WE KEEP YOUR INFORMATION
Personal information received by us will only be retained for as long as necessary to fulfil the purposes described in this policy, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements, after which time it will be anonymised or destroyed in a secure manner.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Please note that if your personal information is shared with third parties (as detailed above) they may have different retention policies.
Access to your information and updating your information
You have the right to access information which we hold about you. If you so request, we shall provide you with a copy of your personal information which we are processing (“subject access request”).
You also have the right to receive your personal information in a structured and commonly used format so that it can be transferred to another data controller (“data portability”).
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
Right to object
You have the right to object at any time to our processing of your personal information for direct marketing purposes.
Where we process your information based on our legitimate interests
You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal information which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Your other rights
You also have the following rights under data protection laws to request that we rectify your personal information which is inaccurate or incomplete.
In certain circumstances, you have the right to:
- request the erasure of your personal information erasure (“right to be forgotten”);
- restrict the processing of your personal information to processing to which you have given your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of others.
Please note that the above rights are not absolute, and we may be entitled to refuse requests, wholly or partly, where exceptions under applicable law apply.
EXERCISING YOUR RIGHTS
You can exercise any of your rights as described in this policy and under data protection laws by contacting the Data Protection Officer.
Save as provided under applicable data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee (subject to any limits imposed by applicable law) taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.
Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.
The Vendigo Platform contains links to other websites for ease of reference. We do not endorse any sites that are linked from the Vendigo Platform and do not assume any responsibility for the content or privacy practices of any such website.
You have the right to complain to the Information Commissioner’s Office (https://ico.org.uk/) about our data processing activities in relation to your personal information if you think they infringe applicable data protection laws (ICO helpline on 0303 123 1113).
UPDATES TO THIS POLICY
We may review and, if appropriate, update this policy from time to time. We will place notice of any such amendments on the Vendigo Platform. Please visit the Vendigo Platform for the most recent version of this policy.
This policy was last reviewed and updated on 14 December 2022.