Privacy Notice

This document sets out how SRC Transatlantic Limited (“SRC” or “we”) uses personal data about you. We are committed to protecting your personal data which includes letting you know how we use it and telling you about your rights.

In some situations we may provide you with additional information about specific uses of your data. This privacy notice supplements those other notices and is not intended to override them.

This notice was last updated on 21st May 2018.

Q. Who is responsible for my data?

A. SRC Transatlantic Limited trading as Speedy Cash SRC is responsible for the use of data by Speedy Cash and is the “data controller” in respect of the data. Please note that Speedy Cash no longer offers new loans in the UK and the content of this privacy notice reflects this.

Our head office address is 1st Floor 30/34 Houndsgate, Nottingham, NG1 7AB.

Q. How can I contact you with questions or comments about how you use my data?

A. We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this privacy notice and other data protection issues. If you have any questions about this privacy notice, please contact our Data Protection Officer at dpo@speedyinc.com.

Q. How do you handle my payment data?

A. We do not store unencrypted card data on our systems and we use a third party provider to validate your payment information and process your payments. We have a contract with our third party payment processor.

Q. How will you communicate with me?

A. During the life of your loan we need to stay in touch with you. We are required by law to send you statements about your account. These communications are not direct marketing and you do not have the ability to opt out of receiving them.

We will usually contact you in accordance with any preferences you have given us when setting up your account or updated during the lifetime of your loan. However, if we are unable to contact you by your preferred method (for example we become aware that a telephone number or email address is no longer in use) we may use other contact details you have given us in order to try to re-establish contact. In some situations we may also use tracing services to find customers who we have no current contact details for. We will do this because we need up to date details for the purposes of exercising our rights and obligations under the loan agreement between us, legally enforcing our rights under the loan agreement between us, or in order to send information required by law.

We retain information on our file about how often we have called you. We need to do this to comply with our regulatory obligations. We may also use this information to identify what the best time to speak to you is and we have a legitimate interest in doing this to ensure that our communication with you is effective and at the best time for you.

Q. Do you use any special categories of personal data about me?

A. Special category personal data is information about your:

  • racial or ethnic origin
  • political opinions
  • religious or philosophical beliefs
  • trade union membership
  • genetic or biometric data
  • health
  • sex life or sexual orientation

Whilst we do not routinely collect this information at application stage, during the life of your loan we may obtain information falling within these categories, for example if you are experiencing difficulties in meeting your payment obligations due to your health. This information will usually have been provided voluntarily to us by you or on your behalf as we do not actively request it and we will ask for your explicit consent to use it. In this situation we will manage your account in accordance with our Financial Conduct Authority (FCA) obligations relating to vulnerable customers meaning that it is stored securely and we will only use this information for the purposes of ensuring you are treated fairly.

We may also hold information on criminal convictions, for example if you are imprisoned while repaying your loan. This is stored securely and we will only use this information for the purposes of ensuring you are treated fairly. Again, this information will be subject to internal security controls to ensure that they are only used to a limited number of our personnel responsible for collections.

We also sometimes obtain special categories of personal data where you make reference to it when making a complaint. We need to use this information in order to meet our FCA obligations to deal with the complaint fairly.

Q. Who do you provide information about me to?

A. We provide information about our customers:

  • to Credit Reference Agencies (see How do you work with Credit Reference Agencies?);
  • to Debt Management Companies where you have authorised them to deal with us(see How do you work with Debt Management Companies?);
  • to other members of our group (see Is any of my data transferred outside the EEA?);
  • to our other service providers. We remain responsible for the use of data by service providers and put appropriate contracts in place to ensure that they only use data in accordance with our instructions;
  • to third party debt collection agencies for the purpose of collecting loan arrears on our behalf;
  • where we are selling or transferring (or considering selling or transferring) any rights in all or part of our business to a third party;
  • where we are legally required to disclose information about you;
  • to our regulators and the Financial Ombudsman Service where we are required to do so;
  • to prevent fraud and help in fraud protection in order to reduce credit risk;
Q. How do you work with Credit Reference Agencies?

A. During the life of your loan, we will supply your personal information to one or more credit reference agencies (CRAs) and they will give us information about you.

We will use this information to:

  • Prevent criminal activity, fraud and money laundering;
  • Manage your account(s); and
  • Trace and recover debts

We will continue to exchange information about you with CRAs while you have an outstanding loan with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.

When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the “CRAIN” document prepared by the CRAs. Clicking on any of these three links will also take you to the same CRAIN document:

Call Credit: www.callcredit.co.uk/crain

Equifax: www.equifax.co.uk/crain

Experian: www.experian.co.uk/crain

Q. How do you work with Debt Collection Agencies?

A. We work with third party debt collection agencies to collect outstanding debts on our behalf. When we do this we retain ownership of the debt and instruct the agencies to work for us. We will provide them with information about our customers in order for them to provide these services but we will remain responsible for the use of this data. We have contracts in place with the agencies we use.

We may ask our debt collection agencies to carry out tracing services. This means that if they are unable to make contact with a customer they may use third party sources to obtain updated contact details.

Q. How do you work with Debt Management Companies?

A. Some of our customers ask debt management companies to work on their behalf to discuss their debts with their creditors. We are happy to do this but only where the debt management company has received the customer’s consent to sharing information. We work with debt management companies to ensure that the consent received from customers makes it clear how information will be shared.

Where data is shared on the basis of consent the customer is free to withdraw consent at any time but if this happens we may not be able to deal directly with the debt management company.

Q. Do you record telephone calls?

A. We may record telephone conversations between you and us to monitor quality, provide training, sort out disputes and prevent criminal activity.

Q. Is any of my data transferred outside the EEA?

A. We are part of a US based group of companies and we may transfer your data outside the EEA to other members of our group. Many of our operations are supported by website servers located in the United States under the control of our parent company Curo Group Holdings Corp. All data transfers are conducted and held securely to standards that are equal to those in the UK. Curo Group Holdings Corp and other group companies are registered under the Privacy Shield scheme which provides safeguards for the transfer of data to the United States.

More information about the privacy shield programme can be found at https://www.privacyshield.gov. The Group complies with the US-EU Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information from European Union member countries. The Group has certified that it adheres to the Privacy Shield Principals of "notice", "choice", "liability for onward transfer", "security", "data integrity" and "purpose limitation, access and Recourse, enforcement and liability".

For further information about the US-EU Privacy Shield Framework or to view our certification, please refer to the U.S. Department of Commerce's website at https://www.privacyshield.gov. As a self-certifying member of the US-EU Privacy Shield Framework, CURO Group Holdings Corp., and covered entities (CURO Financial Technologies Corp., CURO Intermediate Holdings Corp., and CURO Management LLC) are subject to the investigatory and enforcement powers of the FTC.

Where possible we ask our other service providers to keep data within the EEA. If our service providers do host data outside the EEA we make sure that appropriate safeguards are put in place to ensure that your data is protected. This will include one of the following safeguards:

  • the transfer is to a country that has been deemed to provide an adequate level of protection for personal data by the European Commission;
  • the contract based on contracts approved by the European commission to give personal data the same protection it has in Europe;
  • the provider is based in the US and they are part of the Privacy Shield as described above.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside the EEA.

Q. How long will you keep my data for?

A. We hold most information about loans and customer accounts for 12 years from repayment of the last loan taken out by a customer. This enables us to retain a full view of the customer relationship and deal with any legal issues or complaints arising out of the relationship. We are also required to keep records for tax purposes for this period. In some cases we will remove records from our live systems but will retain archived records for these legal and compliance purposes.

Q. How do you keep my data secure?

A. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, inappropriately altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We regularly review our information collection, storage and processing practices, including physical security measures.

Q. Do I have the right to withdraw consent?

A. Where we rely on your consent to process personal data you have the right to withdraw consent. However, the majority of our processing of your personal data is not based on consent. The majority of our processing is necessary for performance of the contract between us or so that we can comply with our legal and regulatory obligations.

Our collections activity is not based on consent. We have a contractual right and legitimate interest in collecting sums due to us. Therefore you do not have the right to withdraw consent to us using your information for this purpose.

We do rely on consent in relation to sharing information with Debt Management Companies (see How do you work with Debt Management Companies?) and when using special categories of data about you (see Do you use any special categories of personal data about me?) and you are able to withdraw consent to this at any time.

Q. What rights do I have to access information about me?

A. You have the right to find out what personal data we hold about you, and to receive a copy of that data. You can see information about your account by logging in and reviewing your account details, but if this does not provide you with the information you require please call us on 0333 240 1375 or email us at mydata@speedyinc.com. We will process your request in accordance with your subject access rights set out in the General Data Protection Regulation ((EU) 2016/679).

We will not charge you a fee and we will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case we will notify you and keep you updated.

Q. What should I do if I think the details you hold are inaccurate?

A. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

If for any reason you are unsure about the personal and account information we are holding in your name, please contact us. We will happily review your file and update the records if required. You can call us on 0333 240 1375 or email us at mydata@speedyinc.com.

Where data is simply out of date (for example you have moved house) we will update your file but may retain a record of the old data for audit and compliance purposes. For example we may need to verify that we carried out searches against the address which was current at the relevant time.

If you dispute the accuracy of the information we hold, we will restrict processing, where appropriate, while we consider your request.

From time to time we may contact you to check that your details are up to date. We do this to comply with our legal and regulatory obligations and will do this even if you have refused consent to receive marketing from us.

Q. Can I ask you to stop processing information about me?

A. Where data is processed only on the basis of consent you can withdraw this consent at any time. However, this does not affect the lawfulness of any processing carried out before you notify us that you have withdrawn your consent.

Where we have another legal basis for processing your data we may be able to continue to process this even if you do not consent to it. This policy contains information about processing which is not carried out on the basis of consent, and what our reason for this processing is.

We also have no obligation to stop using your data if your data is required for legal proceedings or the establishment, exercise or defence of legal rights. This includes use of your information to enforce our rights under the loan agreement.

Where we process data on the basis of legitimate interests you have a right to object to this. We will restrict what we do with your data while we consider this request and will stop processing the data if we cannot show overriding legitimate grounds for processing the data. You can call us on 0333 240 1375 or email us at mydata@speedyinc.com.

We will not charge you a fee and we will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case we will notify you and keep you updated.

Q. Can I ask for information about me to be deleted?

A. Where data is being processed only on the basis of consent and you withdraw that consent you also have the right to ask for the data to be deleted. You have the right to ask for data to be deleted where the data is no longer necessary for the purposes for which it was collected, or if it is being processed unlawfully. You can also ask for data to be deleted if you successfully object to processing based on our legitimate interests. Your rights to do this are described above. You can call us on 0333 240 1375 or email us at mydata@speedyinc.com.

This right does not apply to all information about you – for example, information about your loans is not covered by this provision where it is necessary for us to retain the information for the purposes of the contract between us. Information required to establish, enforce or defend our legal rights, or which is required for compliance purposes also does not need to be deleted. This includes information used for the purpose of enforcing your loans which we need to retain for the purposes of the contract between us and to enforce our legal rights.

We will not charge you a fee and we will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case we will notify you and keep you updated.

Q. How can I complain about how you use my data?

A. If you are unhappy with the products or services that we have provided you with or are dissatisfied with the handling of your customer data, you can contact us at the details provided below:

You may also refer your complaint to the Information Commissioner’s Office. The ICO has web forms for making complaints and also has a helpline you can call. Details are available at https://ico.org.uk/global/contact-us/

We would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance. The ICO will usually ask if you have done this before progressing your complaint.

Q. How will I find out about any changes in how you use my data?

A. Any changes we make to how we use your data will be posted on this page. Please check back frequently to see any updates or changes.