This document sets out how Curo Transatlantic Limited (“Curo” or “we”) uses personal data about you. We are committed to protecting your personal data which includes letting you know how we use it and telling you about your rights.
This privacy notice is provided in a FAQ format so you can click through to answers to specific questions as set out above. Alternatively you can download a pdf version of the full notice here.
This website and our products and services are not intended for children and we do not allow children to borrow money from or set up accounts with us.
In some situations we may provide you with additional information about specific uses of your data. This privacy notice supplements those other notices and is not intended to override them.
This notice was last updated on 25 May 2018
Curo has two trading names which are WageDayAdvance and Juo Loans. Curo is responsible for the use of data by both of these brands and is the “data controller” in respect of the data.
Our head office address is Wellington Plaza, 31 Wellington Street, Leeds, LS1 4DL.
We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this privacy notice and other data protection issues. If you have any questions about this privacy notice, please contact our Data Protection Officer at email@example.com.
When applying for a loan we ask you to provide information so that we can consider your application. This includes your name, date of birth, contact details including your email address and home address, financial data such as your bank account details, information about your employer and your income and your marketing preferences.
You may provide this directly via our website or via a third party affiliate who passes it on to us. If you have made your application through a third party please see How do you work with affiliates? for more information about how this works.
we will use this information:
If you are acting as a guarantor we will use your information for the purposes set out above in relation to the loan provided to the applicant whose application you are guaranteeing.
We are required by the Financial Conduct Authority to give you the ability to stop and resume applications. In order to allow us to do this we will save incomplete applications for 3 days even if you have not submitted data to us. We will also send you an email and SMS reminder which provides you with a link you can use to resume the application.
We also retain incomplete applications for 4 years as part of our fraud prevention processes as they can help us identify data manipulation and fraudulent applications.
If you do not provide full information on your application form we may not be able to approve your loan (or the loan of the person you are acting as guarantor for).
We do not store unencrypted card data on our systems and we use a third party provider to validate your payment information and process your payments. We have a contract with our third party payment processor.
We also use the account information you provide when making your application to carry out bank account validation checks using a third party supplier as described in What other information do you collect about me when considering my loan application here do you collect it from?.
When we receive a loan application we carry out a number of checks on your identity and your bank account and contact details. We need to do this in order to decide whether to enter into a loan agreement with you.
In order to do this we receive information about your credit history from credit reference agencies and other search information providers. We also use third parties to validate your bank and/or credit card details and mobile phone number. We check your details against financial sanctions lists. We may carry out affordability checks. We may also confirm your employment status with your employer using the information you have provided. We carry out these checks on both applicants and guarantors.
More information about how we work with credit reference agencies is set out at How do you work with Credit Reference Agencies?
We hold the results of the mobile phone verification checks, identity checks and credit reference searches on our live systems for 30 days from the date of the check so that we can reuse the results if you make a further application during that period. We will also use these files if you request that we make a manual decision about whether to lend with you as set out in Do you make any decisions about me automatically?.
After this time we will retain the checks for other purposes, such dealing with any queries from you about why and when checks were carried out or reviewing the basis on which an application was accepted or declined, but will not use them to make future lending decisions. As well as our regulatory and compliance obligations to hold evidence of our activities and deal with complaints we also have a legitimate interest in being able to deal effectively with your queries.
We retain data about our customers and guarantors in order to help us make future loan decisions or example we may look at whether you have met previous repayment obligations and whether your details have changed from when we last dealt with you. We use information provided by you in your loan application to do this and do not use third party data such as credit reference data for this purpose.
We also carry out analytics retrospectively on application data we receive. This is not carried out to make decisions about individuals, but looks at the applications we receive in aggregate to identify patterns and trends.
During the life of your loan we need to stay in touch with you. We are required by law to send you statements about your account. These communications are not direct marketing and you do not have the ability to opt out of receiving them.
We will usually contact you in accordance with any preferences you have given us when setting up your account or updated during the lifetime of your loan. However, if we are unable to contact you by your preferred method (for example we become aware that a telephone number or email address is no longer in use) we may use other contact details you have given us in order to try to re-establish contact. In some situations we may also use tracing services to find customers who we have no current contact details for. We will do this because we need up to date details for the purposes of exercising our rights and obligations under the loan agreement between us, legally enforcing our rights under the loan agreement between us, or in order to send information required by law.
We retain information on our file about how often we have called you. We need to do this to comply with our regulatory obligations. We may also use this information to identify what the best time to speak to you is and we have a legitimate interest in doing this to ensure that our communication with you is effective and at the best time for you.
Special category personal data is information about your:
Whilst we do not routinely collect this information at application stage, during the life of your loan we may obtain information falling within these categories, for example if you are experiencing difficulties in meeting your payment obligations due to your health. This information will usually have been provided voluntarily to us by you or on your behalf as we do not actively request it and we will ask for your explicit consent to use it. In this situation we will manage your account in accordance with our Financial Conduct Authority (FCA) obligations relating to vulnerable customers meaning that it is stored securely and we will only use this information for the purposes of ensuring you are treated fairly
We may also hold information on criminal convictions, for example if you are imprisoned while repaying your loan. This is stored securely and we will only use this information for the purposes of ensuring you are treated fairly Again, this information will be subject to internal security controls to ensure that they are only used to a limited number of our personnel responsible for collections.
We also sometimes obtain special categories of personal data where you make reference to it when making a complaint. We need to use this information in order to meet our FCA obligations to deal with the complaint fairly.
We use personal data collected during loan applications and the lifetime of a loan to send direct marketing about our products and services. We do this because we have a legitimate interest in marketing our products in compliance with appropriate privacy legislation which allows us to send marketing to our existing customers provided that we give them the opportunity to opt out. We do this by including the ability to opt out on our application pages and giving customers the ability to change their marketing preferences at any time through their login area here.
We review our direct marketing materials for compliance with other laws, for example the Financial Conduct Authority’s financial promotion rules. This helps us to ensure that individuals are not prejudiced by direct marketing and receive promotional material that is clear, fair and not misleading.
We will only start marketing new products to a customer once all repayments on existing loans have been completed. This means that the first marketing received by a customer may be some time after the data was originally collected. We include the ability to unsubscribe at this point to ensure that individuals have the ability to give us up to date marketing preferences.
We use third party service providers in the course of sending direct marketing. We are responsible for the use of data by these third parties.
We may send you marketing from any brand within the Curo UK group where we feel the product or service is suitable to your circumstances. We do not sell or transfer customer data to third parties outside of the Curo UK group for them to send you marketing and if this changes in future we will ask for your consent before doing this with your data.
We also work with providers such as social networks who use email address or phone number matching allowing us to advertise on their services to people who have either applied for or taken a loan from us in the past. We share the data to be matched with the provider for this purpose but they do not have access to other data relating to that individual. We ask that the providers we use for this service ensure that they comply with the law in using their data and systems for this purpose and provide users with the ability to tailor which adverts they see gain, we do not receive information about which individuals have been matched or have seen our adverts.
For much of our advertising we do not target specific individuals. We may use a third party provider to serve adverts to groups (for example 30 year old men who have shown interest in certain subjects) but in doing this we do not choose which individuals see the adverts or see details or IP addresses of the people who see them. We will provide the criteria we want to target to a third party provider and they will serve the adverts to appropriate recipients.
In order to target these adverts we may analyse our existing customer base to determine the criteria for serving future adverts. Whilst this analysis uses live customer data, it would not result in specific individuals being targeted to see our adverts
We provide information about our customers:
In order to process your application, we will perform credit and identity checks on you and your guarantor, if applicable with one or more credit reference agencies (“CRAs”).
To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit information, financial situation and financial history information and fraud prevention information.
We will use this information to:
We will continue to exchange information about you with CRAs while you have an outstanding loan with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail in the “CRAIN” document prepared by the CRAs licking on any of these three links will also take you to the same CRAIN document:
Call Credit: www.callcredit.co.uk/crain
We work with third party debt collection agencies to collect outstanding debts on our behalf hen we do this we retain ownership of the debt and instruct the agencies to work for us. We will provide them with information about our customers in order for them to provide these services but we will remain responsible for the use of this data. We have contracts in place with the agencies we use.
We may ask our debt collection agencies to carry out tracing services. This means that if they are unable to make contact with a customer they may use third party sources to obtain updated contact details.
Some of our customers ask debt management companies to work on their behalf to discuss their debts with their creditors. We are happy to do this but only where the debt management company has received the customer’s consent to sharing information. We work with debt management companies to ensure that the consent received from customers makes it clear how information will be shared.
Where data is shared on the basis of consent the customer is free to withdraw consent at any time but if this happens we may not be able to deal directly with the debt management company.
We may record telephone conversations between you and us to monitor quality, provide training, sort out disputes and prevent criminal activity.
We are part of a US based group of companies and we may transfer your data outside the EEA to other members of our group. Many of our operations are supported by website servers located in the United States under the control of our parent company Curo Group Holdings Corp. All data transfers are conducted and held securely to standards that are equal to those in the UK. Curo Group Holdings Corp and other group companies are registered under the Privacy Shield scheme which provides safeguards for the transfer of data to the United States. More information about the privacy shield programme can be found at https://www.privacyshield.gov. The Group complies with the US-EU Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information from European Union member countries. The Group has certified that it adheres to the Privacy Shield Principals of "notice", "choice", "liability for onward transfer", "security", "data integrity" and "purpose limitation, access and Recourse, enforcement and liability". For further information about the US-EU Privacy Shield Framework or to view our certification, please refer to the U.S. Department of Commerce's website at https://www.privacyshield.gov. As a self-certifying member of the US-EU Privacy Shield Framework, CURO Group Holdings Corp., and covered entities (CURO Financial Technologies Corp., CURO Intermediate Holdings Corp., and CURO Management LLC) are subject to the investigatory and enforcement powers of the FTC.
Where possible we ask our other service providers to keep data within the EEA f our service providers do host data outside the EEA we make sure that appropriate safeguards are put in place to ensure that your data is protected. This will include one of the following safeguards:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside the EEA.
We hold most information about loans and customer accounts for 12 years from repayment of the last loan taken out by a customer. This enables us to retain a full view of the customer relationship and deal with any legal issues or complaints arising out of the relationship. We are also required to keep records for tax purposes for this period. In some cases we will remove records from our live systems but will retain archived records for these legal and compliance purposes.
We hold some data for shorter periods, for example the results of third party searches, and have included more information about this elsewhere in this notice where we talk about that sort of data.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, inappropriately altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We regularly review our information collection, storage and processing practices, including physical security measures.
Some of our customers are referred to us by third parties who we call affiliates here a customer makes an application through an affiliate, the data contained in an application form may be provided to a number of lenders who will use that data to decide whether they wish to offer the applicant a loan.
When we receive data through an affiliate we carry out a number of checks to decide whether we wish to make an offer. These checks will typically be carried out before the customer knows that we are considering the loan, and for this reason we ask our affiliates to explain these checks before the application is made. Any credit search carried out at this stage will be a soft search only which leaves a soft footprint that would only be visible to a customer on their credit file, with a hard search being carried out if then an offer is made and the applicant accepts that offer and proceeds with their application.
If we decide to make an offer to the customer we will provide our own privacy notice once the customer is transferred to us, and this will provide more detail about how we will use the data during the lifetime of the loan and beyond.
If we do not make an offer we will retain some information about unsuccessful applicants as follows:
We ask our customers to review our products and services so that we can make sure that we are meeting our customers’ needs and make improvements where necessary. We also use the feedback received as part of our marketing activity. We have a legitimate interest in doing this and take steps to minimise the impact on our customers’ privacy by using reputable third parties.
We use third parties such as Feefo and TrustPilot to provide these services. We will provide them with your contact details and you will then be sent an email asking you to review our services. Any review you provide will be submitted to the third party and made available on their website, further information will be provided when you are invited to participate.
We conduct our own research through SMS / Email surveys. The purpose of these is again to review the products and services we offer, but these surveys allow us to ask for more detail on your thoughts and recommendations.
We may sometimes carry out face to face research. We will usually engage a third party to do this on our behalf here we engage a third party provider to carry out research and feedback services of this nature we put a contract in place with them, and ensure that they follow the code of conduct set out by the Market Research Society. We will provide the 3rd party with your contact details, they will explain that they are conducting research on our behalf, the nature of the research and invite you to participate. You are under no obligation to do so.
In some situations the information given by you in your review or feedback may be sufficient to identify you, and you have expressed dissatisfaction we may contact you to discuss your issues in further detail. We also monitor social networking sites such as Facebook and Twitter in order to identify customers who make complaints online and, again, where we can identify the relevant individual we may get in touch to discuss the issues raised. Due to confidentiality issues and our need to comply with regulatory requirements around complaints handling, we would prefer you to raise any complaints with us directly.
Where we rely on your consent to process personal data you have the right to withdraw consent. However, the majority of our processing of your personal data is not based on consent he majority of our processing is necessary for performance of the contract between us or so that we can comply with our legal and regulatory obligations.
Our collections activity is not based on consent. We have a contractual right and legitimate interest in collecting sums due to us. Therefore you do not have the right to withdraw consent to us using your information for this purpose.
We do rely on consent in relation to sharing information with Debt Management Companies (see How do you work with Debt Management Companies?) and when using special categories of data about you (see Do you use any special categories of personal data about me?) and you are able to withdraw consent to this at any time.
In addition, whilst we do not rely on consent for direct marketing, you are still able to object to this or opt out at any time (see Do you use my personal data for direct marketing?).
You have the right to find out what personal data we hold about you, and to receive a copy of that data. You can see information about your account by logging in and reviewing your account details, but if this does not provide you with the information you require please call us on 0333 004 8000 or email us at firstname.lastname@example.org. We will process your request in accordance with your subject access rights set out in the General Data Protection Regulation ((EU) 2016/679).
We will not charge you a fee and we will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case we will notify you and keep you updated.
It is important that the personal data we hold about you is accurate and current lease keep us informed if your personal data changes during your relationship with us.
If for any reason you are unsure about the personal and account information we are holding in your name, please contact us. We will happily review your file and update the records if required. You can call us on 0333 004 8000 or email us at email@example.com.
Where data is simply out of date (for example you have moved house) we will update your file but may retain a record of the old data for audit and compliance purposes or example we may need to verify that we carried out searches against the address which was current at the relevant time.
If you dispute the accuracy of the information we hold, we will restrict processing, where appropriate, while we consider your request.
From time to time we may contact you to check that your details are up to date. We do this to comply with our legal and regulatory obligations and will do this even if you have refused consent to receive marketing from us.
Where data is processed only on the basis of consent you can withdraw this consent at any time. However, this does not affect the lawfulness of any processing carried out before you notify us that you have withdrawn your consent.
Where we have another legal basis for processing your data we may be able to continue to process this even if you do not consent to it. This policy contains information about processing which is not carried out on the basis of consent, and what our reason for this processing is.
We also have no obligation to stop using your data if your data is required for legal proceedings or the establishment, exercise or defence of legal rights. This includes use of your information to enforce our rights under the loan agreement.
Where we process data on the basis of legitimate interests you have a right to object to this. We will restrict what we do with your data while we consider this request and will stop processing the data if we cannot show overriding legitimate grounds for processing the data. You can call us on 0333 004 8000 or email us at firstname.lastname@example.org
We will not charge you a fee and we will try to respond to all legitimate requests within one month ccasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case we will notify you and keep you updated.
Where data is being processed only on the basis of consent and you withdraw that consent you also have the right to ask for the data to be deleted. You have the right to ask for data to be deleted where the data is no longer necessary for the purposes for which it was collected, or if it is being processed unlawfully. You can also ask for data to be deleted if you successfully object to processing based on our legitimate interests our rights to do this are described above. You can call us on 0333 004 8000 or email us at email@example.com
This right does not apply to all information about you – for example, information about your loans is not covered by this provision where it is necessary for us to retain the information for the purposes of the contract between us. Information required to establish, enforce or defend our legal rights, or which is required for compliance purposes also does not need to be deleted. This includes information used for the purpose of enforcing your loans which we need to retain for the purposes of the contract between us and to enforce our legal rights.
We will not charge you a fee and we will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case we will notify you and keep you updated.
When you make an application we will decide whether to fund your loan using automated processes. This enables us to ensure that our lending decisions are made fairly and quickly and that our lending criteria are consistently applied. As part of this process we need to verify your identity and assess your ability to repay the loan requested and we will automatically request third party searches and analyse the results received.
The factors taken into account during this decision making process are:
We regularly test our decision making process to ensure it remains fair, effective and unbiased.
If you would like us to reconsider any decision made automatically, please call us on 0333 004 8000 or email us at firstname.lastname@example.org. If you ask us to make a manual decision on your loan we will not be able to consider your application within our normal application timescales.
If you are unhappy with the products or services that we have provided you with or are dissatisfied with the handling of your customer data, you can contact us at the details provided below:
You may also refer your complaint to the Information Commissioner’s Office he ICO has web forms for making complaints and also has a helpline you can call. Details are available at https://ico.org.uk/global/contact-us/
We would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance he ICO will usually ask if you have done this before progressing your complaint.
Any changes we make to how we use your data will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes.
We may hold information about people who do not have loans about us in the following situations:
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity, and in certain circumstances allow the website to perform more effectively for the visitor.
We use different types of cookies for different purposes. For example:
Cookies are also used as part of the functionality in a third party tool called Hotjar. This allows us to record website sessions for the purposes of improving the user experience (see What information do you collect about me automatically when I use your website?).
You can set your browser not to accept cookies. However, it’s important to remember that some of our services and the services of other websites may not function properly if your cookies are disabled.
When a visitor arrives on the website we collect data including visitor source, search query (if relevant), entry point into website, device, browser (including versions) and IP address. We create reports based on an aggregated view of page URLs that have been visited and the device information.
We use Google Analytics which acquires visitor data from the tags on our websites. Google Analytics tracks data on website behaviour and device usage, and can connect these with demographic based audience information he device data comes through the browser. Google Analytics captures IP addresses but does not report on it and instead reports on geography or location of the visitor which makes it less likely that an individual visitor can be identified. Data is kept within Google Analytics for 26 months.
We may carry out A/B tests on our website and use a tool which allows us to identify which version of the website a visitor has seen in order to ensure that they see the same version if and when they return. This tool collects information such as device and location and identifies returning visitors using cookies.
We use software provided by a third party called Hotjar which collects information from your browser and device when you access our website. This information is collected so that we can diagnose and assist you with any technical issues you encounter, as well as enabling us to improve the overall user experience. We are able to replay your interactions with the website in order to find out where things went wrong.
We have set up the Hotjar software so that it blanks out key personal data such as your name and address, bank account details and information about your employer. We are not able to access this when we review your interactions and it is not stored by Hotjar.
The following information may be collected relating to your device and browser:
For a sampling of visitors, our servers automatically record information which is collected from our website. This data includes:
You may opt-out from having Hotjar collect your information when visiting a Customer Website at any time by visiting Hotjar’s opt-out page at https://www.hotjar.com/opt-out and clicking 'Disable Hotjar'. You will need to do this on each browser you use cookie will be set to determine whether you have opted out of the service.