Privacy Policy

1
Introduction and defined terms
2
About us
3
Fraud Prevention Service
4
Customers with a loan powered by Glow via our Corporate Clients
5
Website Users
6
Employees or Potential Employees
7
Corporate Clients
8
Third-Parties
9
How we market Glow's products and services
10
How we use automated decision-making
11
Where we process your information
12
Your legal rights in relation to your information
13
Keeping you up to date
14
Contacting us
15
All changes to this Notice

Privacy Notice

1 – Introduction and defined terms

We at Glow Financial Services Limited (the “Company”, “Glow”, “we”, “us” or “our”) are committed to protecting the privacy and security of your personal information and ensure that all personal data handled by us is done so in accordance with the applicable data protection laws and regulations and guidance laid out by the Information Commissioner’s Office (“ICO”).

This Privacy Notice (“Notice”) explains how we process, collect, use, and disclose personal information about you when you interact with Glow in varying capacities, including as a borrower of a loan product or service in relation to a purchase from our corporate client or its (together “Corporate Client”), a job applicant, a user of this website (“Website”), a Glow employee or an employee or representative of our Corporate Clients or our suppliers.

For the purpose of applicable data protection law, including the Data Protection Act 2018 and UK GDPR (together, “DP Law”), Glow is the Data Controller of your personal information that we collect, hold, and process.

This Notice was last updated April 2024. For a summary of all updates to this Notice, please refer to Section 15 ‘All changes to this Notice’.

2 – About us

Glow is a company registered in England with Company No. 09127663.

Our contact details are:

Company name: Glow Financial Services Limited

Registered Address: 71 Queen Victoria Street London EC4 4AY

Phone Number: +44 (0)207 126 8167

E-mail: dataprotection@glowgfs.com

We are authorised and regulated by the Financial Conduct Authority ( Reference Number: 751308 ). Find out more about us at https://www.glowfinsvs.com/

3 – Fraud Prevention Service

What and how we collect
Who we share it with
Why we collect it
Retention Period

Contact information

  • Your name, surname, and title
  • Your date of birth
  • Your contact details such as your email address, telephone number(s)
  • Your home address
  • Your residential status and address details for the last three (3) years.

Financial information

  • Your occupation and annual income
  • Your employment status
  • Your employer’s details
  • Your bank details, including: your bank name and address, sort code and account number
  • Number of dependants.

Information relating to your access and use of our services or that of our Corporate Client

Information relating to your access and use of our services, including but not limited to:

  • Your IP address
  • Your location
  • Device type
  • Software used
  • User name and passwords.

Loan Information

  • Your delivery address
  • Information about your loan (including your payment history)
  • Information which allows us to create your user account and your unique agreement number
  • Your password
  • Information about the products or services being purchased.

We collect this information from you directly when you access our or our Corporate Client’s services and/or products, and from fraud prevention agencies.

Information relating to your identity

In some instances, where you have applied for a Glow loan product, we may also process the following:

  • A copy of your photo identification documents (such as a valid passport or current driving licence)
  • Selfie – as defined by the ICO, this is biometric data used for identity verification purposes and is therefore processed according to special category information requirements.

Credit Reference Agencies:

  • Our Credit Reference Agency is TransUnion International UK Limited. We share your financial information with TransUnion who provide credit reference services, such as providing us with your credit score and affordability score and which will contribute to your credit risk profile with us.
  • More information about TransUnion and the ways in which it uses and shares personal information can be found in its privacy notice at https://www.transunion.co.uk/legal-information/bureau-privacy-notice.

Verification Services:

  • We share your identity documentation with our verification service provider to verify your identification. Where your ID cannot be verified, you may be asked to submit a photo of yourself that can be compared with the identity documentation.
  • These are stored for 180 days regardless of success or unsuccess of application.

Fraud Prevention Services:

  • We share your contact information with our fraud prevention provider to help us confirm your identity and prevent fraud.
  • Glow and the fraud prevention agencies may also enable law enforcement agencies to access and use your personal information to detect, investigate and prevent crime.

Intelligence Scanners:

  • We allow our intelligence scanners to establish your location and your device ID for fraud prevention purposes to verify you are a genuine applicant through our use of cookies. You will have granted your consent for use of essential cookies before these can be used.

Regulatory Bodies:

  • We may share your personal information with Regulatory Bodies such as the Financial Conduct Authority in order to fulfil our regulatory obligations.

Corporate Clients:

  • We may share your personal information with our Corporate Clients under the terms of our agreements with our Corporate Clients for the purposes of fulfilling your purchase of equipment and related activities and fulfilling our contractual obligations to our Corporate Clients.
  • We may share information relating to your loan with our Corporate Clients for marketing purposes and to allow them to make informed decisions to ensure their marketing is in compliance with the law.

Where we have a legitimate interest:

  • To protect our business, detect, investigate, and prevent suspected or actual money laundering, fraud, and other crimes or illegal activities.
  • To be able to fulfil our obligations to our Corporate Clients including review of historical transactions to identify past fraudulent activity.

Where we have a legal obligation:

  • Under anti-money laundering / counter terrorism financing and sanctions legislation, and other compliance requirements.

For fraud prevention:

  • Fraud prevention and to protect customers or potential customers against fraudulent activities.

Where your application is successful:

  • Glow retains information shared with us during the loan application for up to seven (7) years after loan settlement.

Where your application is unsuccessful:

  • Glow retains information shared with us during the loan application for two (2) years from point of decision. We retain this information for fraud prevention purposes, allowing us to recognise patterns of criminal activity and improve our fraud prevention.

Historical Analysis Services

  • Where Glow reviews past transactions for fraudulent activity for our Corporate Client, Glow retains such information for the duration of the exercise, after which we delete appropriately.

4 – Customers with a loan powered by Glow via our Corporate Clients

What and how we collect
Who we share it with
Why we collect it
Retention Period

Contact information

  • Your name, surname, and title
  • Your date of birth
  • Your contact details such as your email address, telephone number(s)
  • Your home address
  • Your residential status and address details for the last three (3) years.

Financial information

  • Your occupation and annual income
  • Your employment status
  • Your employer’s details
  • Your bank details, including: your bank name and address, sort code and account number

Information relating to your identity

  • A copy of your photo identification documents (such as a valid passport or current driving licence)
  • Selfie – as defined by the ICO, this is biometric data used for identity verification purposes and is therefore processed according to special category information requirements.

Information relating to your access and use of our services (including your IP address, your location, and the device being used)

Information relating to your access and use of our services, including but not limited to:

  • Your IP address
  • Your location
  • Device type
  • Software used
  • User name and passwords.

Loan Information

  • Your delivery address
  • Information about your loan (including your payment history)
  • Information which allows us to create your user account and your unique agreement number
  • Your password
  • Information about the products or services being purchased.

Glow Affiliates:

Glow personnel in other companies within the Glow group may process your personnel information on our behalf. Certain personnel may not be based outside of the UK (please see Section 11: ‘Where we process your information’).

Credit Reference Agencies:

  • Our Credit Reference Agency is TransUnion International UK Limited. We share your financial information with TransUnion who provide credit reference services, such as providing us with your credit score and affordability score and which will contribute to your credit risk profile with us.
  • More information about TransUnion and the ways in which it uses and shares personal information can be found in its privacy notice at https://www.transunion.co.uk/legal-information/bureau-privacy-notice.

Payment Providers:

We share your financial information with our payment providers to:

  • Process your upfront payment
  • Process your direct debit during the duration of your loan
  • Accept any payments you may need to make.

Loan Management Service Providers:

We share financial information with our loan management service provider to be able to create a holistic overview of your loan and support you throughout your loan.

Verification Services:

  • We share your identity documentation with our verification service provider to verify your identification. Where your ID cannot be verified, you may be asked to submit a photo of yourself that can be compared with the identity documentation.
  • These are stored for 180 days regardless of success or unsuccess of application.

Fraud Prevention Services:

  • We share your contact information with our fraud prevention provider to help us confirm your identity and prevent fraud.
  • Glow and the fraud prevention agencies may also enable law enforcement agencies to access and use your personal information to detect, investigate and prevent crime.

Intelligence Scanners:

  • We allow our intelligence scanners to establish your location and your device ID for fraud prevention purposes to verify you are a genuine applicant through our use of cookies. You will have granted your consent for use of essential cookies before these can be used.

Regulatory Bodies:

  • We may share your personal information with Regulatory Bodies such as the Financial Conduct Authority in order to fulfil our regulatory obligations.

Corporate Clients:

  • We may share your personal information with our Corporate Clients under the terms of our agreements with our Corporate Clients for the purposes of fulfilling your purchase of equipment and related activities and fulfilling our contractual obligations to our Corporate Clients.
  • We may share information relating to your loan with our Corporate Clients for marketing purposes and to allow them to make informed decisions to ensure their marketing is in compliance with the law.

Debt Collection Agencies:

We may share your contact information with our Debt Collection Agencies were you to fail to make payments when due and in connection with recovery of payment due under your agreement with us, to help us manage our relationship with you.

Financial Information

Where we have a legitimate interest:

  • To ensure your payment information is accurate and can be used to receive your upfront payments, direct debits, or manual payments.
  • To protect our business, detect, investigate, and prevent suspected or actual money laundering, fraud, and other crimes or illegal activities.
  • To be able to fulfill our obligations to our Corporate Clients

Where we have a legal obligation:

  • Under anti-money laundering / counter terrorism financing and sanctions legislation, and other compliance requirements.

Contact Information

Where we have a legitimate interest:

  • To be able to contact you about your application and establish a mode of contacting you throughout your loan.
  • To prevent fraud.
  • To protect or enforce our or any third party’s rights. Read more about how we share your data with third parties in Section 11: ‘Where we process your information’.

Where we have a legal obligation:

  • To be able to deliver the associated regulatory communication. For example, a Notice of Sums in Arrears (NOSIA) or a Subsequent Notice of Sums in Arrears (SNOSIA) to you were you to miss a payment when it is due.

Information relating to your identity

Where we have a legitimate interest:

  • To know who we are contracting with.

Where we have a legal obligation:

  • To comply with relevant Anti-Money Laundering legislation, Fraud Prevention legislation, and other regulatory requirements.

Loan Information

Where we have a legitimate interest:

  • To ensure your payment information is accurate and can be used to receive your upfront payments, direct debits, or manual payments.
  • To protect our business, detect, investigate, and prevent suspected or actual money laundering, fraud, and other crimes or illegal activities.
  • To have a record of our Corporate Clients Edevice or product.

Where we have a legal obligation:

  • To comply with relevant Anti-Money Laundering legislation, Fraud Prevention legislation, and other regulatory requirements.

Where your application is successful:

  • Glow retains information shared with us during the loan application for up to seven (7) years after loan settlement.

Where your application is unsuccessful:

  • Glow retains information shared with us during the loan application for two (2) years from point of decision. We retain this information for fraud prevention purposes, allowing us to recognise patterns of criminal activity and improve our fraud prevention.
  • We retain this information in the event you would like to apply for a loan with us again within two (2) years. This is for ease of application and smooth customer experience.

5 – Website Users

What and how we collect
Who we share it with
Why we collect it
Retention Period

Emails submitted by Website Users

  • The information we collect via emails depends on the content of the emails but can include personal information.

Corporate Clients:

  • Depending on the content of the emails, we may share this information with relevant Corporate Clients or Third Parties. Please read section 4 to read more about how we may process your information where relevant.

Where we have a legitimate interest:

  • To improve our service to our customer
  • To ensure website users are able to communicate with us.

Emails received are automatically removed from the Website’s email inbox after thirty (30) days. However, depending on the nature of your correspondence, the Retention Period may be longer in accordance with other sections of this Privacy Policy.

6 – Employees and Potential Employees

What and how we collect
Who we share it with
Why we collect it
Retention Period

Recruitment Information

  • CV
  • Interview questions and interview notes
  • Offer Letter.

Payroll information

  • Payroll records(including payroll records, bank account details, P45, tax codes, salary, expenses).

Personnel Files

  • Copy of passport (or other right to work documentation) and driver’s licence
  • Redundancy details, calculations of payments and refunds
  • Sick certificates, self certificates and medical records
  • References
  • Credit Check results
  • Criminal Record Check results
  • Contract of Employment
  • Confidentiality Letters (including Non-disclosure agreements)
  • Name, Address, personal email and telephone number
  • PPS Number
  • Date of birth
  • Details of next of kin
  • Qualification certificates
  • Performance scoring/rating documents
  • Disciplinary warning and investigations
  • Grievances
  • Absence data
  • Training Completion details
  • Maternity and Paternity details.

Glow Affiliates:

Glow personnel in other companies within the Glow group may process your personnel information on our behalf. Certain personnel may not be based outside of the UK (please see Section 11: ‘Where we process your information’).

Payroll Providers:

We share your payroll information and relevant information from your personnel file with our payroll provider which is a third-party provider that supports us in carrying out our payroll activities.

Vetting Agency:

We share relevant information from your personnel file with Verifile Vetting Agency in order to verify information we receive from you is accurate.

Regulators:

We may share relevant personal information, where we are obligated to do so, with the Financial Conduct Authority (FCA). This may include: a copy of your passport, credit check results, criminal record check results, name, address, personal email, telephone number, PPS number, and disciplinary warnings and investigations (if applicable).

Where we have a legitimate interest:

  • To establish suitability of potential employees for the relevant role
  • To record questions asked during the interview process
  • To ensure we are compliant with relevant equality and discrimination legislation
  • To record what was contractually offered/committed to potential employees
  • To enable payments to be processed and be made

Where we have a legal obligation:

  • To ensure that we as employers are able to perform our contractual duties to our employees
  • To comply with the relevant employment legislation

At a minimum, Glow retains employee information for two (2) years after the date employment ceases. However, in order to meet our regulatory requirements, there is some information that we retain for up to six (6) years after the date employment ceasing.

Information relating to disciplinary warnings is retained for nine (9) months after expiry of the warning. Information relating to disciplinary investigation is retained for 12 months after completion of investigation. Information relating to grievances is retained for 12 months after completion.

7 – Personnel of our Corporate Clients

What and how we collect
Who we share it with
Why we collect it
Retention Period

Business Contact information:

  • Your name, surname, title and job role
  • Your contact details such as your address, email address, telephone number(s).

Information relating to your access and use of our services, including but not limited to:

  • Your IP address
  • Your location
  • Device type
  • Software used
  • User name and password.

Personnel Files

  • Copy of passport (or other right to work documentation) and driver’s licence
  • Redundancy details, calculations of payments and refunds
  • Sick certificates, self certificates and medical records
  • References
  • Credit Check results
  • Criminal Record Check results
  • Contract of Employment
  • Confidentiality Letters (including Non-disclosure agreements)
  • Name, Address, personal email and telephone number
  • PPS Number
  • Date of birth
  • Details of next of kin
  • Qualification certificates
  • Performance scoring/rating documents
  • Disciplinary warning and investigations
  • Grievances
  • Absence data
  • Training Completion details
  • Maternity and Paternity details.

Glow Affiliates:

Glow personnel in other companies within the Glow group may process your personnel information on our behalf. Certain personnel may not be based outside of the UK (please see Section 11: ‘Where we process your information’).

Third Party Service Providers:

There may be occasions where our third-party service providers may process personal data for example in providing support to users of our systems.

Where we have a legitimate interest:

  • To provide our service to our Corporate Client and to fulfil our contractual obligations to our Corporate Clients.
  • To ensure secure access to our systems.
  • For legal and regulatory purposes.

We may retain business contact information of Corporate Clients’ personnel for over six (6) years following the end of the provision of our services to our Corporate Client.

8 – Third-Parties

What and how we collect
Who we share it with
Why we collect it
Retention Period

Business Contact information:

  • Your name, surname, title and job role
  • Your contact details such as your address, email address, telephone number(s).

Information relating to your access and use of our services, including but not limited to:

  • Your IP address
  • Your location
  • Device type
  • Software used
  • User name and password.

Glow Affiliates:

Glow personnel in other companies within the Glow group may process your personnel information on our behalf. Certain personnel may not be based outside of the UK (please see Section 11: ‘Where we process your information’).

Corporate Clients:

There may be occasions where we need to share personal data with our Corporate Client for example where our supplier’s personnel are involved in the provision of services to our Corporate Client.

Where we have a legitimate interest:

  • To contact our third party service providers, to receive your services and to fulfil our contractual obligations
  • To ensure secure access to our systems.
  • For legal and regulatory purposes.

We may retain business contact information of our service provider’s personnel for over six (6) years following the end of the service contract.

9 – How we market Glow's products and services

Glow may send you marketing promotions about products and services, where you have provided your consent to do so either to us or our Corporate Clients. There may be exceptions where we can inform you about other products or services where we are allowed to do so under DP Law. Glow may share your personal information with our Corporate Client for the purposes of our Corporate Client contacting you with marketing promotions.

10 – How we use automated decision-making

Automated decision-making is the process of making a decision by automated means without any human involvement. These decisions can be based on factual data, as well as on digitally created profiles or inferred data.

As part of our processing of your personal information, we may take decisions by automated means. In the context of the products and services provided to our Corporate Clients, we use automated decision-making in some aspects of our fraud detection and prevention. Where you may be applying for a loan, you may be automatically considered to pose a fraud risk if our processing suggests fraudulent activity which may mean you are found to not be eligible for our products and services provided to our Corporate Clients, resulting in your application being rejected.

The logic involves data matching which compares sets of data, such as your phone number against other records held by the same or another body to see if they match. The data is usually personal information. The data matching allows potentially fraudulent applications to be identified and for your application to be potentially declined. It also allows us to identify non-fraudulent activity. You have rights in relation to automated decision making (refer to section 12: ‘Your legal rights in relation to your information’ ).

We do not use any automated decision-making in relation to our website users, employees, potential employees, Corporate Clients, or third-parties.

11 – Where we process your information

Glow processes all your information in the United Kingdom (UK) but may need to transfer your information outside the UK to service providers, agents, or subcontractors, and to carry out the fraud prevention services and carrying out Glow’s business activities.

In some cases, data protection laws outside of the UK may not provide the same level of protection as those in the UK. Where we share your personal information with service providers, agents or subcontractors located in a country that has not been approved by the ICO as having a suitably high standard of data protection law, we will use specific contracts (known as Standard Contractual Clauses) approved for use in the UK, and if necessary additional supplementary measures, which give personal data the same protection it has in the UK.

Financial information, contact information, information relating to your identity and information relating to your access and use of our services (including your IP address, your location, and the device being used) may be processed in the US, Ireland, the Netherlands and Germany.

Please contact our data protection team at dataprotection@glowgfs.com if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

12 – Your legal rights in relation to your information

You have several rights under DP Law that you may wish to exercise. These include the right to:

  • Access or obtain copies of your personal information;
  • Rectification, you have the right to request inaccurate information about you corrected;
  • Request restriction of processing concerning you or to object to processing of your personal data;
  • Request erasure of your personal data where it is no longer necessary for us to retain;
  • Object to automated decision-making;
  • Data portability including to obtain personal data in a commonly used machine-readable format in certain circumstances such as where our processing of it is based on your consent
  • Withdraw consent to any processing for which you have previously given that consent (regardless of our legitimate interest).

Where you exercise any of your rights, you have the right to be informed about the potential consequences of such exercise. For example, if you ask us to remove all contact details like email addresses and phone numbers, this would mean we have no way to contact you about your loan/agreement.

Please contact us at dataprotection@glowgfs.com if you would like to exercise any of your rights in relation to your personal information. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we are allowed under DP Law to charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we can refuse to comply with the request in such circumstances.

We sometimes need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

We will act upon the request without undue delay and at the latest within one (1) month of receipt. We may extend the time to respond by a further two (2) months if the request is complex or we have received several requests from the same person. In these circumstances, we will let you know without undue delay and within one (1) month of receiving your request and explain why the extension is necessary.

It is also important that the personal information we hold about you is accurate and current. You need to keep us informed if your personal contact information changes by emailing dataprotection@glowgfs.com.

Without prejudice to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the Information Commissioner if you consider that we have infringed applicable data privacy laws when processing your personal data. The Information Commissioner’s Office can be contacted using the following link: https://ico.org.uk/.

13 – Keeping you up to date

We keep this Notice under regular review. We may change this Notice from time to time by updating it to reflect changes in the law and/or our privacy practices. The date at the top of this Notice will be updated accordingly and we encourage you to check this from time to time for any updates or changes. We may also contact you to let you know that we have updated the Notice. We may also take that opportunity to ask you if you would like to update your marketing preferences.

14 – Contacting us

If you have any questions regarding our Privacy Notice, please email us at dataprotection@glowgfs.com.

15 – All changes to this Notice

April 2024:

  1. Adding Section 15 ‘All changes to this Notice’ to summarise all changes that have been made to the Notice.
  2. Providing more detailed information on what information we collect from you and how it is processed to provide you with greater transparency.
  3. Adding more detail to the time periods we hold your personal information for depending on the circumstances and any applicable laws.

Glow Financial Services Limited (“Glow”), 71 Queen Victoria Street London EC4V 4BE. Registered in England No. 09127663. Glow is authorised and regulated by the Financial Conduct Authority (Reference No. 751308). The register can be accessed through www.fca.org.uk

January 2025:

  1. Updated Glow's data retention period as disclosed in section 3 & 4.