We are MotoNovo Finance Limited, a subsidiary of Aldermore Group PLC and part of the FirstRand Banking Group. We are registered in Wales under number 11556144, and our Registered Office address is One Central Square, Cardiff, Wales, United Kingdom CF10 1FS. In this policy when we use terms such as “we”, “us” and “our”, we mean MotoNovo Finance Ltd.

We can be contacted by telephone on 0333 200 0030 or email [email protected] Our Data Protection Officer can be contacted by post at our Registered Office address or by email at [email protected].


Please note that as of 31 December 2020, the European General Data Protection Regulation (GDPR) no longer directly applies in the UK. However, the UK has passed its own version into law, known as the UK GDPR (United Kingdom General Data Protection Regulation). All references to GDPR in this Policy are to the UK GDPR.  The UK GDPR has equivalent legal provisions to the GDPR and your rights, and the UK Data Protection Act 2018 and other applicable legislation provide supplementary protections. Unless otherwise specified, the details within this policy, will not be impacted by this change.


This policy applies to personal data processed by or collected on behalf of MotoNovo Finance Limited.  We may collect information from you when you visit our website, apply for finance, contact us or receive a communication from us relating to your service.

MotoNovo Finance Ltd is a “Data Controller”.  This means that we make decisions about how and why we use your personal data.  We are responsible for making sure that your personal data is used in accordance with applicable data protection laws and are required by law to give you the information in this policy.

On occasions there may be other Data Controllers involved in processing your data as further explained in this policy, or as you may be advised at the time your information is to be processed.

When a Motor Dealer, Finance Broker or other intermediary processes your personal data on our behalf, this Privacy Policy will apply, and you should contact our Data Protection Officer to exercise your rights under data protection laws.  When a Motor Dealer, Finance Broker or other intermediary processes your personal data as a Data Controller in its own right, its own Privacy Policy will apply, and you should ask them for a copy if you do not have one by the time you are introduced to us.

You will see at the end of this policy that we mention the privacy notices of Fraud Prevention Agencies and Credit Reference Agencies.  We do need to share these with you.  Please read them carefully and contact those organisations if you have questions (their details are in their notices).

This policy was updated in August 2021. We reserve the right to change the policy at any time, so please check back regularly at to keep informed of updates to this policy.


We will collect and process the following personal data about you[1]:

Information you give us, or provide to your Motor Dealer or Finance Broker when making an application (Submitted Information):  The information comprises:

  • Your name
  • Date of birth, (so that we can, for example, make sure that you are eligible to apply for the product and it is suitable for you)
  • Residential address, previous address history and your nationality
  • Contact details such as email address and telephone numbers
  • Details about you that are stored in documents in different formats, or copies of them. This could include documents such as your passport, driving licence or banking documents, if these are necessary for us to comply with our legal and regulatory requirements
  • Financial information, including your financial commitments, payments to and from your accounts to us, household expenditure and source of funds  
  • Employment status, to include your salary, employer name, address and dates of employment
  • What we learn about you from letters, emails and conversations between us
  • Some special categories of personal data such as information about your health.

Information we receive about you from third parties (Third Party Information) may include: 

  • Your personal and financial information (from your Motor Dealer, Finance Broker, your employer, your bank, or other person connected with your finance application)
  • Information about the vehicle you are purchasing/have purchased including changes to the registered keeper
  • Credit information, such as previous applications, the conduct of accounts in your and your financial associate’s name (this is anyone linked to you for credit or finance purposes), any business accounts you may have
  • Credit scoring data where this may have been conducted by dealers or brokers prior to submission of applications to MotoNovo Finance Ltd
  • Information from individuals who have power of attorney or have been authorised to act on your behalf,
  • Fraud prevention information, and
  • Public information including County Court Judgments, Land Registry, Bankruptcies and the Electoral Register.

Information we collect about you and your device (Device Information): 

  • Each time you use our website we will automatically collect technical information about your computer or other internet connected device including your internet protocol (IP) address browser type, domain names, access times and referring web site addresses. 
  • You may be able to disable the collection of some of this data through amending the web settings of your device or browser but doing so may impact the functionality of our website. 
  • Full details of our Cookies Policy can be found below this policy.

Telephone calls and/or in person meetings between us and you in connection with your application and the product or service may be recorded to make sure that we have a record of what has been discussed and what your instructions are. We may also record these types of calls for quality control, compliance, complaint handling and staff training.

We may also record calls and/or interactive meetings or events using Conferencing tools, in such cases a notice or warning will be provided at the start of calls. We may record meetings to produce minutes and track actions. Teams hosted events, workshops or webinars may be recorded to make the content available on our intranet or website for the benefit of colleagues, partners and customers.

We may combine the above categories of information and may use these categories of information and the combined information for the purposes set out below.


We are unable to provide you with a product or service or to process your application without having personal data about you. Your personal data is required before you can enter into the relevant contract with us, or it is required during the life of that contract, or it is required by laws that apply to us. If we already hold some of the personal data that we need – for instance if you are already a customer – we may not need to collect it again when you make your application. In cases where providing some personal data is optional, we will make this clear.


Processing necessary to perform our contract with you, or for taking steps prior to entering into it during the application stage:

  • Administering and managing your account and associated services, updating your records, tracing your whereabouts to contact you about your account and doing this for the recovery of debt
  • Sharing your personal data with certain third-party service suppliers such as payment service providers
  • All stages and activities relevant to managing your account including enquiry, application, administration and management of accounts
  • To manage how we work with other companies that provide services to us and our customers.
  • To manage fees, charges and interest due on customer accounts
  • To exercise our rights set out in agreements and contracts.

Processing necessary to comply with our legal obligations:

  • To carry out identity checks, anti-money laundering checks and checks with Fraud Prevention Agencies pre-application, at the application stage and periodically after that. Where you have been introduced to us by a broker or other intermediary they may do these searches on our behalf
  • For compliance with laws that apply to us
  • For establishment, defence and enforcement of our legal rights
  • For activities relating to the prevention, detection and investigation of crime
  • To carry out monitoring and to keep records
  • To deal with requests from you to exercise your rights under data protection laws
  • To process information about a crime or offence and proceedings related to that (in practice this will be relevant if we know or suspect fraud).

Where we consider that, on balance, it is appropriate for us to do so, processing necessary for the following legitimate interests which apply to us and in some cases other organisations are:

  • Administering and managing your account and services relating to that, updating your records, tracing your whereabouts to contact you about your account, and doing this for recovering debt
  • To test the performance of our products, services and internal processes
  • For management and audit of our business operations including accounting
  • Recovery and sale of debt
  • To carry out searches at Credit Reference Agencies pre-application, at the application stage, and periodically after that. Where you have been introduced to us by a broker or other intermediary they may do these searches on our behalf
  • Preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us
  • To carry out monitoring and to keep records
  • To administer our good governance requirements and those of other members of our Group
  • For market research, analysis and developing statistics. Your personal data may also be converted into statistical or aggregated data which cannot be used to re-identify you.  It may then be used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this privacy policy
  • Marketing activities including customer service surveys; profiling of your data for marketing purposes (where we use profiling for marketing purposes this would be to contact you about similar products that may be of interest to you); analysis of our customer database to understand our customer’s activities and preferences, and to improve our services to you
  • Sharing your personal data with third-parties including Motor Dealers where a legitimate interest is considered to be present
  • Using information provided by MotoNovo Finance Ltd.’s customers to contact Authorised Third Parties who have been authorised to act on a Customer’s behalf
  • For some of our profiling and other automated decision making, in particular where this does not have a legal effect or otherwise significantly affect you. We may also profile your data to help us identify opportunities for us to maximise the benefits to you of being a MotoNovo Finance Limited customer, such as, for example, through the provision of special offers, unless you have told us that you do not want us to do this

Processing with your consent:

  • We may also from time to time ask you for your consent for other purposes, which we will explain to you at the time. For example, when you request that we share your personal data with someone else and consent to that
  • For some of our processing of special categories of personal data such as about your health (and it will be explained to you when we ask for that explicit consent what purposes, sharing and use it is for.)

Processing for a substantial public interest under laws that apply to us where this helps us to meet our broader social obligations such as:

  • Processing of your special categories of personal data such as about your health or if you are a vulnerable customer
  • Processing that we need to do to fulfil our legal obligations and regulatory requirements
  • When we share your personal data with other people and organisations such as members of our Group if they need to know that you are a vulnerable customer and your relatives, social services your carer or the person who has power of attorney over your affairs.


If you make an application for your business, we will also collect the personal data mentioned above about all individuals who you have a financial link with, for example other directors or officers of your company. In order to assess your company’s suitability for Finance, we need to verify that:

  • all applicants are included
  • the identity for all applicants is verified
  • all applicants are UK tax payers

To do this, we use an external agency to check all directors are included and gather publicly held data to run authentication and world checks. If the data we gather is insufficient to allow us to run these checks, we will request them directly from you. You must show this Policy to any other applicants (including all beneficial owners and directors) and ensure they know you will share their personal data with us for the purposes described in it.


In order to provide our services, there will be times when we will share your data. We may share your personal information with these organisations:

  • Members of the FirstRand Group, including Aldermore Bank PLC
  • Contracted third-party suppliers, including without limitation, Sterling Client Services Ltd, Covea Insurance, Red Sands Insurance (Europe) Ltd and our service, system, support, postage and printing services,
  • website providers and outsourcing providers acting on our behalf including without limitation
  • Aptean, AWS, Core, Difference Corp, Equifax, FlexysIeDigital, i-Vendi Ltd, OneSpan.
  • Performance Bonus, SimplyThankYou and WorldPay.
  • Motor Dealers
  • Collection, Debt Recovery Agents & Legal Representatives
  • Retailers and manufacturers of goods relating to your agreement
  • Regulatory bodies, fraud prevention and law enforcement agencies
  • Agents and advisers who we use to help run your accounts and services, collect what you owe, and explore new ways of doing business
  • Any party linked with you or your business’s product or service
  • Companies we have a joint venture or agreement to co-operate with
  • Companies that we introduce you to, including companies such as IncomeMax Companies you ask us to share your data with Banks and the Direct Debit scheme if you use direct debits

Market research

MotoNovo Finance Ltd may contact you via telephone or email to invite you to review any services and/or products you received from us [in order to collect your feedback and improve our services [and products]] (the “Purpose”).

We use an external company, Trustpilot A/S (“Trustpilot”), to collect your feedback which means that we will share your name, email address and reference number with Trustpilot for the Purpose. If you want to read more about how Trustpilot process your data, MotoNovo Finance Ltd may also use such reviews in other promotional material and media for our advertising and promotional purposes.

Sharing where we are obliged under a legal obligation

We will disclose your personal data in order to comply with any legal regulations or good governance obligations, or to enforce or to protect our rights, property, or safety, or that of our customers or other persons with whom we have a business relationship. This includes exchanging information (which may include information relating to debts which are owed to you and the related debtors) with other companies and organisations for the purposes of fraud protection, credit insurance and credit risk reduction.

Credit checking, verifying your identity and preventing fraud and money laundering

We will use certain personal data you have provided to us in order to confirm your identity and to prevent fraud and money laundering, and to carry out credit checks on you by searching at credit reference agencies who will supply us with credit information about you.  More details about these checks are set out below.

When we use your personal data for these purposes we do so on the basis that we have a legitimate interest in assessing your application, making decisions about whether you can afford to take the product or if the product is appropriate to your circumstances, preventing fraud and money laundering, to trace and recover debts, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested, and we will not be able to process your application without undertaking these checks.

Credit Reference Agencies

We will supply certain of your personal information to credit reference agencies and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. Credit reference agencies will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

We may also, where another person is acting as a guarantor, check the record of that person, and, if you are a director or partner in a small business, we may also check on your business. so you should make sure you discuss this with them, and share with them this information, before lodging the application.

If you are financially linked to another person (for example if you have a joint mortgage or loan) your credit reference agency records will be linked until such time as you or your partner successfully files for a disassociation with the credit reference agencies to break that link.  If you are financially linked to another person, this application may impact on their credit record (and their record could impact your application) so you should make sure you discuss this with them, and share with them this information, before lodging the application.

Whether or not this application proceeds, the credit reference agency will place a record of our searches on your credit file (commonly referred to as a "footprint").  These records (but not our name) will be seen by other organisations when you apply for credit in the future. A large number of applications within a short period of time could affect your ability to obtain credit.

We may also receive credit record and search information from Dealers and Brokers that conduct checks on you with Credit Reference Agencies prior to the submission of an application to us. We use this information to ensure that applications are processed compliantly and, in line with our contracts with Dealers and Brokers.

In the event that your application is successful, we will record information about you with the credit reference agencies concerning your agreement with us, including the details of your agreement with us, the payments you make under it, any default or failure to keep its terms and any change of name or address. The information that we provide shall remain on the credit reference agencies' file for six (6) years after your account with us is closed, whether settled by you or upon default.  This information may be supplied to other organisations by the credit reference agencies.

Credit Reference Agencies update:

The Credit Reference Agencies also collect and use personal data for marketing and data profiling activities, to create data modelling tools. These tools are used to model customer behaviour to support marketing, research, brand and product communication campaigns. You can find out more about how CRAs use your data and how you can opt out at

Fraud Prevention Agencies

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. For further details of the fraud prevention agencies we use please contact us on the details at the top of this policy.

When we and Fraud Prevention Agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the financing you have requested.

We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.  Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six (6) years.

Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place. Please note National Hunter rules currently do not allow for processing National Hunter data outside of the UK and European Economic area

Other third parties

Should your application with MotoNovo Finance Ltd be unsuccessful we may pass your application details to another finance company, we will let you know who that is prior to passing your information to that company or credit broker, to help fulfil your lending requirement. That company will obtain their own credit reference and fraud prevention searches.


We provide the Motor Dealer supplying the vehicle with access to your information up to the point that your finance agreement is executed with us, to facilitate your application for finance. Motor Dealers may also be provided with further information during the life of your agreement including the results of customer surveys, to aid with customer experience improvement and information regarding your finance agreement for the purpose of account management, including information such as when transfer of ownership of the vehicle being financed occurs.

We may also transfer our rights under your agreement to third parties (who will be chosen by us based upon carefully selected business criteria, including their treatment of personal data) which may mean that they become your creditor under our agreement with you. If we do this, to enable them to exercise their rights and/or administer the agreement with you we will need to transfer to them your personal data but we will only transfer such data as is necessary for those purposes, and you will be informed of their identity at the time of the transfer. We will ensure that any such third parties safeguard the security of your data in accordance with the Data Protection Act 2018 (the “Act”) and may replace the Act.

We may disclose your details and/or transfer your data to third parties to whom we propose to transfer our rights under this agreement and/or sell the vehicle/equipment, who may use your details for the purposes set out in this statement. We may also disclose the settlement figure, in relation to your agreement, to a supporting Dealer of ours who is not the Dealer who introduced the agreement to you, but is a Dealer whom you have approached in connection with a new finance deal.

We may also share your personal data with any person (and their or our professional advisors for this purpose) with whom we are negotiating any sale, transfer or re-organisation of our business or where we are organising our commercial funding.  If this were to proceed, the acquiring party or part of it may use your personal details in the same ways and for the same purposes as set out in this policy.  We will give you their details once the business change has been completed.

Personal data may be transferred to recipients located in countries outside the UK which do not provide the same standard of data protection laws as the UK. In accordance with applicable data protection law in the UK, your personal data will be stored locally but may also be stored and backed up on servers located outside of the UK – specifically, in the European Economic Area and in the United States. We may also share your personal data with our trusted service providers and partners, detailed above, some of which may be located outside the UK or store data outside of the UK.  In accordance with applicable data protection law in the UK, we ensure that whenever we transfer your personal data outside of the UK, your personal data is protected by ensuring that either:

  • the country outside of the UK to which your personal data is transferred has been deemed to provide an adequate level of protection for personal data by the Secretary of State; or
  • the recipients of your personal data in the relevant country outside of the UK enter into standard contractual clauses which have been approved by the Secretary of State.

If you would like further information on the specific mechanism used by us when transferring your personal data outside of the UK, you can contact us using the details set out at the end of this Privacy Policy.

Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.


As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk or if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. Examples of the types of automated decisions we make include:

Detecting fraud

We use your personal information to help decide if your personal or business accounts may be being used for fraud or money-laundering. We may detect that an account is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you or your business. If we think there is a risk of fraud, we may stop activity on the accounts or refuse access to them.  Currently, our fraud risk assessment process includes manual decision making, using automated processing as one of the tools assisting in such assessment.

Approving Finance

We use a system to decide whether to lend money to you or your business, when you apply for finance. This is called credit scoring. This will use data from credit reference agencies in relation to your existing credit agreements combined with data about similar accounts you may have had before and our internal demographic rules to give a credit assessment score. The final score is then used to assess your financial circumstances and ability to repay your finance with us; and is necessary to assess your application to enter into a contract for finance. Credit scoring uses data from three sources:

  • Your application
  • Credit Reference Agencies
  • Data we may already hold

An overall assessment (score) is based on this information. Factors considered in this scoring may include:

  • How long the person has lived at their address.
  • The number and type of credit agreements and how they use those credit products.
  • Whether the person has been late making payments. Whether the person has had any court judgements made against them.
  • Whether the person has been bankrupt or had an IVA or other form of debt-related arrangement

The final score is then used to assess your financial circumstances and ability to repay your finance with us; and is necessary to assess your application to enter into the contract. Finance Companies, Banks and other lenders use scoring this to help us make responsible lending decisions that are fair and informed.  Credit scoring methods are tested regularly to make sure they are fair and unbiased.

Your rights relating to automated decisions:

You can ask that we do not make our decision based on the automated score alone.

You can object to an automated decision and ask that a person reviews it. 

If you want to know more about these rights, please contact us on the details at the top of this notice.


If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.


Where we have a legitimate interest to provide marketing information to you, and in compliance with the requirements of the Privacy and Electronic Communications Regulations (PECR) we will process your personal data for the purposes of providing marketing information about our goods and services to you via the media that you choose (if any). 

You can change your preferences at any time by contacting us at [email protected]

Before we send you marketing information in relation to other financial products and services during and after the term of your agreement (see below), we may complete ad hoc credit searches against your file; to ensure we only send you appropriate offers that will be of interest to you and would typically be available to you.  This will leave a quote record on your credit file (commonly known as a "soft search"), only visible to you and us and does not affect your credit profile.


All personal data you provide to us, or which we obtain from third parties, will be stored on our secure servers (or those of third parties or contractors we engage to help us run our business).  We will keep information no longer than we need to for the purpose for which we collected it.  The period of time for which we keep personal data depends on the legal and regulatory requirements, the purpose for which the information was obtained, and our business needs. 

We will keep information about any account you hold with us for [at least] the duration of your agreement and the period of seven (7) years from the end of your agreement or submission of an application for credit if no account is set up.

If your application is declined, we shall keep your personal data for five (5) years in accordance with Anti Money Laundering legislation requirements (Credit Reference Agencies may keep your data for longer). 

Personal data may be held for a longer period due to business continuity and backup procedures. This is in line with ICO guidance on retention of data which has been backed up This information is not accessible on MotoNovo Finance Ltd. systems and will not be used for any other purpose.

Fraud Prevention Agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.


You have the rights (subject to certain statutory exemptions) to: 

  • Opt-out of receiving marketing information, or withdraw your consent to receive marketing information if provided on a previous occasion
  • Be informed about the processing of your personal data (this is what this statement sets out to do)
  • Have your personal data corrected if it’s inaccurate and to have incomplete personal data completed
  • Object to processing of your personal data
  • Withdraw your consent to processing your personal data
  • Restrict processing of your personal data
  • Request to have your personal data erased under certain conditions
  • Request access to your personal data and information about how we process it
  • Specify which credit reference agencies we have shared your personal data with;
  • Move, copy or transfer your personal data (“data portability”), and
  • Enact rights relating to automated decision making, as detailed in the above AUTOMATED DECISIONS section of this policy.  

If you:

  • Would like to exercise any of your data protection rights
  • Are unable to access of any of the links or further information referred to in this document, or
  • Would like more information about how we process personal data

Please contact us at [email protected]


The Credit Reference Agencies we use have produced a Credit Reference Agency Information Notice ("CRAIN") which details how they will use your data after we provide them with your Agreement information. The CRAIN is available at

ICO website, ICO guidance for back up retention

National Hunter

National Hunter, PO Box 4744, Stone, ST159FE

Credit Industry Fraud Avoidance System

If you are unhappy about how your personal data has been used you can contact us using the details above. You also have a right to complain to the Information Commissioner's Office