Argos Print Header

Card

GDPR

Frequently Asked Questions About GDPR

We're sure you've heard about GDPR by now, but we want to make sure you understand how it will affect your rights and your data held with us, so here's some FAQs about it that might help you answer any questions you have.

Have a read through the questions and use [back to top] links to get back to the top of the page at any time.

Data Protection Law

Your Right to Access your Personal Data

Your Right to Data Portability

Your Right to Erasure (Right to be Forgotten)

Your Right to Data Rectification

Your Right to Restriction of Processing (for example to restrict automated processing and profiling)

Your Right to Object to Processing and Automated Decision-making

Your Right to Object to Profiling for Marketing Purposes

Your Right to Stop Receiving Marketing

Your Right to Withdraw Consent for the Holding of Sensitive Personal Data


Data Protection Law

What is 'data protection law'
Data protection law controls how your personal data is used by organisations, businesses and the government. Everyone responsible for using personal data (a "Data Controller") has to follow strict rules called 'data protection principles'. As a general rule, Argos Financial Services will be the Data Controller of any personal data you have provided to us. As a Data Controller, we must make sure the personal data we hold is:

  • used fairly and lawfully;
  • used for limited, specifically stated purposes;
  • used in a way that is adequate, relevant and not excessive;
  • accurate;
  • kept for no longer than is absolutely necessary;
  • kept safe and secure

The General Data Protection Regulation ("GDPR") is the biggest change to European data protection law in 20 years and will fully be in force from 25 May 2018. This piece of legislation builds on existing data protection rules by giving additional rights to individuals and placing stricter controls on companies and other bodies in relation to how they can use personal data. GDPR will apply to any personal data held or processed by companies or other bodies who are based within the EU, or who process personal data relating to people who live within the EU.

After Brexit, GDPR will be replicated in UK law by the new UK Data Protection Act 2018.

For more information please visit the UK Information Commissioner's Office website. If you are based in the Republic of Ireland, please visit the ROI Data Protection Commissioner website.

[back to top]

What is a 'Data Protection Officer' and what do they do?
Under GDPR, we are obligated to appoint a Data Protection Officer. This is someone who has responsibility for ensuring that Argos Financial Services are compliant with data protection law.

[back to top]

How are Argos Financial Services compliant to GDPR / UK Data Protection Act 2018 ("UKPDA18")?
Argos Financial Services were engaged in a GDPR preparation programme prior to May 2018. As part of that programme to ensure that we are compliant with GDPR / UKDPA18, we have reviewed, and made changes (where appropriate) to:

  • all of our product T&Cs;
  • the Group Privacy Policy;
  • the ways in which we communicate with you (e.g. via email, post);
  • how we keep your personal data secure;
  • how we can limit the processing of your personal data where possible;
  • how much of your personal data we keep and for how long;
  • how any third parties (e.g. our suppliers) handle your personal data and what measures they have in place to keep it safe;
  • all of our internal processes and procedures which impact on personal data, to ensure that we are able to fulfil all of your rights under GDPR;

Our Data Protection Officer is accountable directly to the regulator, the Information Commissioner's Office (ICO), to evidence our compliance with the legislation.

[back to top]

How does Argos Financial Services safeguard my personal data?
This is covered in Group Privacy Policy under 'Security'.

[back to top]

In terms of Argos Financial Services marketing how is my personal data used?
This is covered in Group Privacy Policy under 'How do we use your personal information?'

[back to top]

In terms of Argos Financial Services profiling, what and how is my personal data used?
This is covered in Group Privacy Policy under 'How do we use your personal information?'

[back to top]

Who do Argos Financial Services share my personal data with and why?
This is covered in Group Privacy Policy under 'Who might we share your personal information with?'

[back to top]


Your Right to Access your Personal Data

What is a Data Subject Access Request (DSAR)?
This right allows individuals to obtain access to the personal data that organisations hold about them.

[back to top]

Can I see the personal data that you hold about me?
Yes. You may ask us for a copy of the personal data we hold about you. FAQ 3 describes how you may exercise this right.

[back to top]

How do I ask for a copy of my personal data as a DSAR?
You can:

  • call us on 0800 917 9303 and we'll complete the Data Request form with you over the phone or we can send it out via post or;
  • send a letter to us at Data Protection Manager, Argos Financial Services, PO Box 211, Park Mill, Huddersfield, HD8 1FA. We will then send you a Data Request form to complete and return back to us along with proof of identity.

For security reasons, we don't accept Data Request forms by email.

Before we can send you a copy of the personal data we hold about you, we need to confirm your identity. This allows us to protect our customers' confidentiality and prevents personal data falling into the wrong hands. In order to confirm your identity for the purpose of fulfilling your DSRF, we may ask you to:

  • answer some security questions over the phone; or
  • send us copies of identification documents, such as your passport or utility bills.

[back to top]

How long does it take to get a response to my Data Access request?
You will receive a response within 30 calendar days. If it will take us longer than this to provide you with the personal data you have requested, we have a further 60 days to fulfil your request. If we require this time, we will let you know.

[back to top]

Is there a charge for requesting access to my personal data?
No, we don't charge for providing a copy of this personal data.

[back to top]

Can I have the response in any format I want?
Yes, we will try to give you your personal data in any reasonable format you may request. When you make a DSAR request, you should tell us how to send the requested personal data back to you. For example, if you want it sent by post, or if you need it to be in braille or larger print.

[back to top]

How will you deliver my personal data to me?
It is possible for us to deliver your personal data:

  • By post: we will send the copy of your personal data to the address we have for you in our records. Therefore, please let us know if this has changed recently, so that we may update your details and ensure that your personal data is sent to the correct address;
  • By email: we will securely send the copy of your personal data to the email address you have provided us with on your Data Request form.

[back to top]

If I don't tell you how I would like to receive my personal data, how will you reply to me?
We'll get back to you using the same method that you used to make your request. For example, if you posted a letter to us and didn't tell us how to reply, we'll pop your reply in the post.

[back to top]


Your Right to Data Portability

What is a Data Portability Request?
This is a new right under the GDPR/UKDPA18. It allows individuals to obtain copies of certain personal data that the individual has provided to a data controller (such as Argos Financial Services) in a structured, commonly used and machine-readable format and to reuse it for their own purposes. Individuals are free to either store the data for personal use or to transmit it to another service provider.

A portability request is likely to return a narrower band of information than a Data Subject Access Request would. A portability request will consist of customer details captured during the application process, including any subsequent rectifications, product details, account details (e.g. start date/end date & balance/limits), account transactions (if relevant).

[back to top]

Can I transfer my data from another company straight to you, to help open a new product?
No, we can't check if it contains any unsecure content before opening the file and therefore we do not currently accept transfers. We have a responsibility to keep the personal data we hold safe and secure, so any files sent to us with an attachment, will be returned unopened to the sender and then deleted.

[back to top]

If I ask you to port my personal data to another company, will you send it?
No, we will provide you with the data to send on yourself.

[back to top]

How do I ask for my personal data to be ported?
You can:

  • call us on 03456 400 700 and we'll complete the Data Portability Request form with you over the phone; or
  • send a letter to us at Data Protection Manager, Argos Financial Services, PO Box 211, Park Mill, Huddersfield, HD8 1FA.

For security reasons, we don't accept Data Portability Request forms by email.

Before we can send you a copy of the personal data we hold about you, we need to confirm your identity. This allows us to protect our customers' confidentiality and prevents personal data falling into the wrong hands. In order to confirm your identity for the purpose of fulfilling your data portability request, we may ask you to:

  • answer some security questions over the phone; or
  • send us copies of identification documents, such as your passport or utility bills.

[back to top]

How long does it take to get a response to my data portability request?
You will receive a response within 30 calendar days. If it will take us longer than this to provide you with the personal data you have requested, we have a further 60 days to fulfil your request. If we require this time, we will let you know.

[back to top]

Can you post my ported data to me?
No, ported data must be electronic and in machine readable format, like an Excel spreadsheet or a CSV file.

[back to top]

Is there a charge for requesting access to my personal data?
No, we don't charge for providing a copy of this personal data.

[back to top]


Your Right to Erasure (Right to be Forgotten)

What does the 'right to be forgotten' mean?
You may ask us to delete the personal data we hold about you under certain circumstances. You may want to stop this data being processed where it's no longer relevant or appropriate. However, this isn't an absolute right as there are exemptions that apply. For example, where we're obliged to keep copies of your data by law or for regulatory purposes for a certain period of time, we will not delete this data until the relevant period is over.

If you have a specific question around our retention policies, please call us on 03456 400 700 for more details.

We are generally required by law to hold your data for:

  • 7 years following the end of our relationship with you; or
  • 6 months when you provided some personal data during an application but have then decided not to purchase a product from us

There are instances where we are required to hold data for longer and for shorter periods of time, which is in line with all relevant statutory requirements. We will never keep your data unless it is necessary to do so but we cannot delete your data while you hold a product with us (or during the relevant retention period) without breaking the law.

[back to top]

What are the exemptions which apply to the 'Right to be Forgotten'?
Some exemptions do apply to the 'Right to be Forgotten'. These include:

  • where you have an active product with us;
  • where we have any legal basis for holding the data;
  • where there are other legal or regulatory obligations that we must comply with;
  • where data has not yet been retained for the specific periods of time required by law.

[back to top]

I no longer have my account/product with you but I've noticed from a recent DSAR that you're still holding my personal data. Why?
As a financial institution, we are governed and regulated by various regulatory bodies and we must comply with various laws, some of which require us to keep records of our business activities, including our dealings with you, for certain periods. We have a data retention schedule which is compliant with all relevant laws, regulations and codes of conduct. This means we won't delete data when a customer asks if we're still required by law to keep it. However, we may anonymise this data in such a way that it cannot be tied back to the specific data subject.

We delete all personal data we hold at the end of the relevant retention period, unless there is an additional reason we need to hold the information, such as where you have made a portability or data subject access request. Many of these periods begin on the date a product is closed. This means we won't action your request to be forgotten until the end of the relevant retention period. You'd need to close all of your open accounts to allow us to do this.

[back to top]

You've mentioned above that my data will only be removed when the retention period is reached. How do you make sure this happens?
The timelines differ depending on the type of product(s) you hold and are based on the specific regulations which apply to those products. We have a process in place to delete any data from our systems which we are no longer obliged to keep.

[back to top]

I'm not happy that you're not willing to remove my personal data. Who do I complain to?
If you're unhappy with the way we respond to any of your requests, you may make a complaint to us via our Customer Care team at 0800 917 9303 or email CustomerCare@Argos.co.uk or directly to the Information Commissioner's Office.

[back to top]


Your Right to Data Rectification

What is the right to data rectification?
It is a right which allows you to ask us to make changes to your personal data to ensure that it is accurate.

[back to top]

How do I ask you to rectify my personal data?
You can call us, write to us or update your details by logging into your online account. If you call us to make us aware that your personal data needs to be updated, we'll have to take you through some security questions to make sure you have the authority to make the change. Once that process is completed, we will discuss the issues with your personal data and fix any inaccuracies. You can contact us on 03456 400 700. If you're an online customer, you can log in to your account via www.myargoscard.co.uk to update your email address, your home address and your contact number.

[back to top]

Is there a charge for making a change to my personal data?
No, we don't charge for correcting personal data held.

[back to top]


Your Right to Restriction of Processing (for example to restrict automated processing and profiling)

What is the 'right to restrict processing'?
This is a very limited right, which applies in restricted circumstances. Usually a 'request for restriction' will only be for a short period of time whilst we are looking into something, investigating an issue relating to your personal data or are amending any incorrect or inaccurate personal data we hold about you. When processing is restricted, it means we can store your personal data but not process it.

[back to top]

When can I ask you to restrict the processing of my personal data?
As Argos Financial Services do not have the ability to store your personal data but not process it, if you wish to exercise this right, then you will need to close your account.

[back to top]


Your Right to Object to Processing and Automated Decision-making

Can I ask you to stop processing the personal data you hold about me for the purpose of automated decisions about me?
No, in order to exercise this right, we will have to close your account.

[back to top]


Your Right to Object to Profiling for Marketing Purposes

Can I object to my personal data being used for profiling for marketing purposes?
Yes. You can object to your personal data being used in this way. If you want to exercise this right, we will stop sending marketing to you and we will stop using your personal data for profiling purposes. Please note that once you opt out of marketing, we'll stop sending you marketing communications but we'll still contact you with service-related messages every now and then.

[back to top]


Your Right to Stop Receiving Marketing

How do I stop you sending marketing to me?
You can call us to let us know you'd prefer not to receive marketing from us. As soon as you tell us, we'll take action to ensure you are opted out of all Argos Financial Services marketing.

[back to top]

How long does it take to stop marketing being sent out?
As soon as you indicate that you'd prefer not to receive Argos Financial Services marketing, we'll take action to ensure you are opted out. However, please note that some marketing material may already be in production and we won't be able to stop this. We will do this as quickly as possible, but it could take up to 8 weeks to update all our systems, which is in line with guidelines from the regulator, the Information Commissioner's Office (ICO).

[back to top]

Can you stop sending me marketing by email and continue to send me marketing by post?
No. We don't provide a marketing channel preference selection facility, so a request of this kind will means that you will stop receiving marketing for all types of Argos Financial Services marketing.

[back to top]

Can I choose which products I receive marketing for?
Yes you can select from the following preferences:

  • Home Retail Group Only
  • Home Retail Group and Third Parties
  • Third Parties Only
  • No Marketing

[back to top]

If I stop marketing just now, can I ask to receive it again at a later date?
Yes, if you want to check your marketing permission status or would like to start receiving marketing again, you can do this by giving our Customer Service team a call on 03456 400 700.

[back to top]


Your Right to Withdraw Consent for the Holding of Sensitive Personal Data

What is 'sensitive personal data'?
'Sensitive personal data' is any data which falls into one of the following categories:

  • racial or ethnic origin
  • political opinions;
  • religious or philosophical beliefs;
  • trade union membership;
  • genetic data;
  • biometric data;
  • health data;
  • data relating to a person's sex life or sexual orientation.

This data is known as 'Special Categories of Data' under data protection law. This kind of personal data is subject to tighter controls than other types of personal data and we have specific controls in place to protect any sensitive personal data we may hold about you.

Data relating to criminal convictions is treated separately under data protection law but our sensitive data controls also apply to this type of data.

[back to top]

What happens if I no longer agree to you holding my sensitive personal data?
We only process sensitive personal data where it is necessary to support us in providing you with the best service. If you want to withdraw your consent to the processing of any sensitive personal data we hold about you, we may have to close your account.

[back to top]