If you have any queries on how we use your personal data or want to exercise any of your rights under the General Data Protection Regulation (GDPR), you may contact our Customer Services Team by writing to Diners Club International, Unit 8 Wilkinson Business Park, Clywedog Road South, Wrexham Industrial Estate, Wrexham LL13 9AE, or by dialling 0345 862 2935 if you are calling from within the UK or +44 1244 470 910 if you are calling from overseas.
Affiniture Cards Ltd is registered as a data controller with the Information Commissioner’s Office. Our registration number is Z3111845.
Links to other websites
We may provide you with links to websites which are not under the control of Affiniture Cards Ltd. The links provided are solely for your convenience and do not represent any endorsement or recommendation by Affiniture Cards Ltd. We accept no responsibility or liability for the contents of these websites or for any loss arising from any contract entered into with any of these websites.
The types of personal data we collect and use
Whether or not you become a customer, we will use your personal data for the reasons set out below and if you become a customer we will use it to manage your account. We will collect most of this information directly from you during your application journey. However, we may also obtain some information from third parties which is described in full later on in this Policy.
The personal data we may collect includes:
- Your full name and contact details, such as your current and previous postal addresses, your email address, and your home, business and mobile telephone numbers;
- Your date of birth and age;
- Information from credit reference or fraud prevention agencies, electoral roll, court records of debt judgements (such as CCJs and bankruptcies), and other publicly available information, as well as information on any financial associations you may have;
- Biometric data, such as fingerprints and voice recordings;
- Details of your purchases made using your account; and
Monitoring of communications
Subject to applicable laws, we may record and monitor any calls, emails, text messages, social media messages and any other communications that you make or send to us. We do this for regulatory compliance, quality control and staff training, crime prevention and detection, and when you need to see a record of what has been said.
We may also monitor the activity on your account where necessary and do so based on our legitimate interests or our legal obligations.
The legal basis and purposes for using your personal data
We will process your personal data:
1. To perform the contract as agreed with you, e.g.:
a) To decide whether to enter into the contract with you;
b) To manage and perform the contract;
c) To update your records; and
d) To contact you about your account(s), including to trace your whereabouts in order to recover a debt.
2. For our own legitimate interests, e.g.:
a) For good governance, accounting, managing and auditing of our business operations;
b) To search credit reference agencies;
c) To record and monitor any calls, emails, text messages, social media messages and any other communications that you make or send to us;
d) To monitor the activity on your account; and
e) To send you marketing messages where you have consented to this.
3. To comply with a legal obligation, e.g.:
a) When you exercise any of your rights under data protection legislation;
b) For compliance with legal and regulatory requirements;
c) For the establishment and defence of legal rights;
d) For activities related to the prevention, detection and investigation of crime;
e) To verify your identity, make credit, fraud prevention and anti-money laundering checks; and
f) To record and monitor any calls, emails, text messages, social media messages and any other communications that you make or send to us.
4. Upon receipt of your consent, e.g.:
a) To provide you with the payment service for which we have agreed to deliver;
b) When we process any special categories of personal data about you at your request, such as your racial or ethnic origin, political opinions, and religious beliefs; and
c) To send you marketing messages where you have consented to this.
You are free to withdraw your consent at any time. You can do this by contacting our Customer Services Team. However, please note that a consequence of your withdrawal is that we may not be able to provide certain services to or carry out specific tasks for you.
Sharing your personal data
Subject to applicable data protection laws, we may share your personal data with:
- Other companies within the Affiniture Group of companies;
- Sub-contractors and other persons who help us to provide your products and services;
- Our legal and other professional advisors, including our auditors;
- Fraud prevention agencies, credit reference agencies, and debt collection agencies when we open your account and periodically during the lifetime of your account;
- Government bodies and agencies, e.g. HMRC, the Financial Conduct Authority and the Information Commissioner’s Office;
- Courts, to comply with legal requirements, and for the administration of justice;
- Other parties connected with your account, such as guarantors and other people named on the application;
- Payment systems (Diners Club International); and
- Anyone else where we have your consent, as required by law, in an emergency in order to protect your vital interests, and if we restructure or sell our business or its assets or have a merger or re-organisation.
We may also disclose your personal data, in the event that we sell any business or assets, to the prospective buyer of such business or assets as part of a necessary due diligence exercise. In addition, if Affiniture Cards Limited or substantially all of its assets are acquired by a third party, the personal data held by us about you will be one of the transferred assets and we may disclose your personal data to that third party.
We may transfer your data outside of the UK and the European Economic Area. While some countries have adequate protections for personal data, for other countries we will need to take steps to ensure appropriate safeguards are in place before we transfer your personal data. Your privacy and protection are important to us, and we will not transfer your personal data until we are satisfied that your personal data will be protected.
Identity verification and fraud prevention checks
The personal information we have collected from you may be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights are available from Diners Club International on request.
Credit reference checks
If you have applied for an account with Affiniture, we will perform credit and identity checks in order to process your application. We carry out these checks by providing your personal data to the credit reference agency and they will provide us with information about you. When we carry out a search with the credit reference agency, they will place a footprint on your credit file.
Dependent on the type of search carried out, they will either leave a soft footprint, which has no effect on your credit score and other lenders are unable to see this, or a hard footprint, which is visible to other lenders and may affect your ability to get credit elsewhere. When carrying out searches which leave a hard footprint, we will only do so where you have agreed or requested us to proceed with your application for credit. This footprint will appear on your credit file even if your application for credit is unsuccessful.
We may continue to share information with the credit reference agency during the lifetime of the account, including the details of your accounts and how you manage them, and whether you have not paid the balance in full or on time. Records remain in file for 6 years after the account is closed, whether it has been settled by you or has been defaulted.
We may also continue to obtain information from the credit reference agencies during the lifetime of your account in order to manage your account, including any future credit limit increases.
Affiniture uses the credit reference agency Equifax Ltd, and the ways in which they process personal information is explained via the Credit Reference Agency Information Notice (CRAIN) which can be accessed via the following link - equifax.co.uk/crain.html.
Your marketing preferences and related searches
We will use your address, phone numbers and email address to contact you according to your preferences. You can change your preferences or unsubscribe at any time by contacting our Customer Services Team.
If you don’t want information about other products and services, and you haven’t told us this before, you can let us know by contacting our Customer Services Team.
Automated decision making and processing
Automated decision making involves processing your personal data without human intervention. This means that we may automatically decide that you pose a fraud or money laundering risk, or if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers, is inconsistent with your previous behaviour, or there appears to be a deliberate attempt to hide your true identity. You have rights in relation to automated decision making. If you would like to know more, please contact our Customer Services Team.
Where your personal data is being processed in relation to your application for credit, acceptance or rejection of your application will not solely depend on the results of an automated credit scoring process.
The retention of your data
We will retain your personal data for the following reasons:
- In case of queries. We will retain your personal data for as long as necessary to deal with your queries, e.g. if your application is unsuccessful;
- In case of claims. We will retain your personal data for as long as you might legally bring claims against us; and
- In accordance with legal and regulatory requirements. We will retain your personal data after your account has been closed in order to meet legal and regulatory requirements.
Your rights under data protection legislation
Your rights under GDPR are as follows:
- You have the right to be informed about our processing of your personal data;
- You have the right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
- You have the right to object to us processing your personal data;
- You have the right to have your personal data erased, otherwise known as the ‘right to be forgotten’;
- You have the right to request access to the personal data we hold about you, and information on how we process it, commonly known as a ‘data subject access request’;
- You have the right to move, copy or transfer your personal data (‘data portability’); and
- You have rights in relation to automated decision making, including profiling.
You also have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection laws. More information about the Information Commissioner’s Office can be found on their website - ico.org.uk.
Data anonymisation and aggregation
Your personal data may be converted into statistical or aggregated data which means that you cannot be identified. This anonymised data will then be used to produce statistical reports and may be shared and used in all the ways described in this Policy.
A cookie is a small text file, which often includes a unique identifier that is sent to your computer or mobile phone (referred to here as a "device") browser from a website's computer and is stored on your device's hard drive. There are various types of cookies which perform different functions, such as remembering the information you provide in your application for credit or recording your browsing habits. The information recorded by the cookie is retrieved on the user's next visit to the site and thereby avoids having to ask for the specific information each time you visit.
On our site, cookies record information about your online preferences, remember information about you when you visit our site and compile statistical reports on website activity. Some cookies are used that are essential in order to provide our services to you. Cookies cannot harm your computer as they cannot carry viruses or install malware or collect personal information from your computer.
We also use browser web storage and web beacons. Browser storage enables websites to store data in a browser on a device. When used in "local storage" mode, it enables data to be stored across sessions (for example, so that the data are retrievable even after the browser has been closed and reopened). A web beacon is an electronic file that signals when a webpage, advertisement, video, other content, an email, or a newsletter has been viewed. Diners Club uses web beacons in conjunction with cookies to collect data that helps us better understand how visitors move from page to page within websites.
Most web browsers will accept cookies, but if you would rather that we did not collect data in this way you can choose to accept all or some or reject cookies in your browser's privacy settings or by visiting the Privacy Settings centre: https://www.dinersclub.co.uk/privacy-settings/. Further information on deleting or controlling cookies is available at www.AboutCookies.org (this link takes you outside of www.dinersclub.co.uk). Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our site.
Information supplied by cookies can help us to analyse the profile of our visitors and help us to provide you with a better user experience. Below we have set out the cookies that we use on our website:
These cookies are necessary for the website to function and cannot be disabled from the Privacy Settings centre. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Cookie name: ACLCookies
Cookie name: ACLCsrfToken
This hashed cookie is set by our content management system to validate your data responses sent to our website. This cookie is deleted when you close your browser.
Cookie names: ACLNotifications_Status, ACLNotifications_Update
We use these cookies to provide you with updated notifications and personalise your experience on our website when dismissing the notifications panel. These cookies do not store and are not used to collect any personally identifiable information.
Cookie name: ACLSessionId
This hashed cookie is set by our content management system, upon arrival to our site, to provide a consistent browsing experience. This cookie is deleted when you close your browser.
Cookie name: ACLWelcome
We use this cookie to record whether a welcome message has been viewed on your first visit of the website.
These cookies are used to help us to monitor the performance of website which allows us to improve your user experience on our website. You can disable performance cookies from the Privacy Settings centre.
Google Analytics (Cookie names: __ga, __gid, __gat)
We use Google Analytics which is a web analytics service provided by Google, Inc. It enables us to measure the performance of our website and website content, to monitor usage of our site and we use the results in order to help us improve our site for users. The information collected is in an anonymous format and will not identify you as an individual and does not track your web browsing outside of this website.
To remove the data tracked by Google Analytics, visit the Privacy Settings centre: https://www.dinersclub.co.uk/privacy-settings.
These cookies are used by our website to provide additional functionality to enhance your user experience. You can disable functional cookies from the Privacy Settings centre, but you will not be able to use the functionality that utilise them.