This security and privacy policy sets out how Fly Now Pay Later and our partner Pay Later Group (which includes Pay Later Group Limited and Pay Later Financial Services Limited) uses and protects any information that you give when you use the site.

How we use the information we hold about you

This policy applies to information we hold about you. This security and privacy policy sets out how Fly Now Pay Later (FNPL) and its associated entities (which includes Pay Later Group Limited, Fly Now Pay Later Limited and Pay Later Financial Services Limited) uses and protects any information that you give when you use the site, who we share it with and your rights in relation to it. Pay Later Financial Services Limited, registered number 09020100, registered office 4th Floor, 33 Cannon Street, London, England, EC4M 5SB. Pay Later Financial Services Limited is authorised by the Financial Conduct Authority (Financial Services Register number: 672306). Fly Now Pay Later Limited, registered number 06936813, registered office 4th Floor, 33 Cannon Street, London, England, EC4M 5SB. Pay Later Financial Services Limited is authorised by the Financial Conduct Authority (Financial Services Register number: 726937).
This policy applies to information held about customers and possible future customers, suppliers and possible future suppliers, contacts and all other people we hold information about. By ‘information’ we mean personal and financial information about you that we collect, use, share and store. This may include your name, date of birth, address, contact information, financial information, travel information, details about your health and lifestyle, employment details and device identifiers including internet protocol (IP) address and vehicle details. It includes information about any other Fly Now Pay Later products and services (or products and services provided by our partners) you currently have, you’ve applied for or you’ve had in the past.

Where this information comes from

We collect, use, share and store information about you to provide you with the services you have asked us for and to share information with you about services that may be of interest to you.
You may provide this information direct to us, for example by the way you communicate or do business with us, such as:

  • applying for our products or services;
  • using our branches, telephone services, websites or mobile applications;
  • writing to us;
  • entering competitions or promotions;
  • downloading any of our mobile applications or using our websites or digital services, in which case we may gather information about how you access and use these services, such as your IP address and information about the devices or software you use (we may also make other requests or give you more details about how we use your information, for example, we may ask for your location to help find nearby services);
  • using and managing your accounts, (we may take information such as the date, amount and currency of payments made to your account); and
  • giving information to us at any other time, including through social media.

This information may also come from other organisations or people, such as other Fly Now Pay Later companies, other organisations you have a relationship with, joint account holders, credit reference agencies (who may search the Electoral Register), employers, fraud prevention agencies or other organisations.
If you do not provide the information that we tell you you must provide, this may mean that we are unable to properly provide you with our services or carry out all our obligations under our agreement with you.

How we use your information

We use this information:

  • to provide our services to you;
  • help us develop new and improved products and services to meet our customers’ needs;
  • to carry out checks for security purposes, to prevent fraud and money laundering, and to confirm your identity before we provide services to you;
  • for training;
  • to communicate with you;
  • to meet the obligations we have by law and under any regulations that apply;
  • where we have a legitimate interest in using your information, for example to protect our business interests or to prevent fraud; and
  • to keep you informed about products and services you hold with us and to send you information about products or services (including those of other companies) which may be of interest to you.

Under data protection laws, whenever we process your personal information, we must meet at least one set condition for processing. These conditions are set out in data protection law and we rely on a number of different conditions for the activities we carry out.
Specifically, we and other Fly Now Pay Later companies may use your information for the following purposes and under the following legal bases.

How we use your information Legal basis
To provide and manage your accounts and our relationship with you.
  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you.
  • Where the law requires that.
  • Where it’s in our legitimate interests to make sure that our customer accounts are well-managed, so that our customers are provided with a high standard of service, to protect our business interests and the interests of our customers.
To give you statements and other information about your account or our relationship with you.
  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you.
  • Where the law requires that.
To handle enquiries and complaints.
  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you.
  • Where the law requires that.
  • Where it’s in our legitimate interests to make sure that complaints are investigated, for example, so that our customers receive a high standard of service and so that we can prevent future complaints.
To provide our services to you.
  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you.
  • Where the law requires that.
For assessment, testing (including systems tests) and analysis (including credit or behaviour scoring (or both)), statistical, market and product analysis and market research. We may use this information to prepare statistical reports to be shared internally or externally with others, including non-Fly Now Pay Later companies. We produce these reports using information about you and our other customers. The information used and shared in this way is never personal and you will never be identifiable from them.
  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you.
  • Where the law requires that.
  • Where it’s in our legitimate interests to develop, build, put in place and run business models and systems which protect our business interests and provide our customers with a high standard of service.
To evaluate, develop and improve our services to you and other customers.
  • Where it’s in our legitimate interests to continually evaluate, develop or improve our products as well as the experiences of users of our sites, so that we provide our customers with a high standard of service.
To protect our business interests and to develop our business strategies.
  • Where it’s in our legitimate interests to protect our people, business and property and to develop our strategies.
  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you.
  • Where the law requires that.
  • Where you agree, if we are using sensitive information, such as medical details.
To contact you, by post, phone, text, email and other digital methods.
This may be:
  • to help you manage your accounts;
  • to meet our regulatory obligations;
  • to provide you with details of other products, including those provided by other companies if you’re not eligible for a credit card; or
  • to keep you informed about products and services you hold with us and to send you information about products, services, rewards, offers, promotions and competitions (including those of other companies) which may be of interest to you.
  • Where the law requires that.
  • Where we have agreed to contact you in our agreement.
  • Where the law requires that.
  • Where you agree.
  • Where it’s in our legitimate interests to share information with you about products or services that may be relevant and beneficial to you. Where we send you marketing messages, you can always tell us if you no longer want to receive them. Please see more information in the ‘Contact us’ section.
To make sure any marketing messages we send you are more relevant to you.
  • Where we have a legal basis to send you marketing messages as set out above, because it’s in our interests to make sure that our marketing messages are relevant to you, and where you agree.
To collect any debts you owe to us.
  • Where it’s in our legitimate interests to collect any debts you owe us.
To prevent, detect, investigate and prosecute fraud and alleged fraud, money laundering and other crimes, and to check your identity. We may record your image on CCTV when you visit our premises.
  • Where the law requires that.
  • Where it’s in our legitimate interests to prevent and investigate fraud, money laundering and other crimes, and to check your identity in order to protect our business and to keep to any laws that apply to us.
  • Where we must process your information under the contract for the services or financing you have asked us to provide.
To assess any application you make, including checking for fraud and money laundering, confirming your identity, and carrying out any other regulatory checks. We may compare your details with the details of countries, organisations and people who sanctions apply to, to decide whether we are prevented from doing business with you or processing a transaction under sanctions law.
  • Where you have made the information public.
  • Where it’s in our legitimate interests to protect our business interests.
  • Where the law requires that.
To monitor, record and analyse any communications between you and us, including phone calls.
  • Where it’s in our legitimate interests, to check your instructions to us, to prevent and detect fraud and other crime, to analyse, assess and improve our services to customers, and for training purposes, to improve the services we provide to our customers and to protect our business interests
To check that your mobile phone is in the same place as your payments are being made from.
  • Where it’s in our legitimate interests to prevent fraud. We won’t use this information for any other purpose. You can ask us to stop doing this by contacting us using the details set out in the ‘Contact us’ section.
To transfer your information to or share it with any organisation your account has been or may be transferred to following a restructure, sale or takeover of any Fly Now Pay Later company or debt.
  • Where necessary to carry out our agreement with you.
  • Where we have a legitimate interest in restructuring or selling part of our business or any Fly Now Pay Later debt.
To share your information with UK or other relevant tax authorities, credit reference agencies, fraud prevention agencies, and UK and overseas regulators and authorities.
  • Where the law requires that.
  • Where we have a legitimate interest in carrying out certain credit checks so that we can make responsible business decisions. As a responsible organisation, we need to make sure that we only provide certain products to companies and individuals if the products are appropriate, and that we continue to manage the services we provide, for example if we believe that you may have difficulties making a payment to us.
  • Where we have a legitimate interest in helping to prevent and detect fraud and other crime.
  • Where we have a legitimate interest in helping UK and overseas regulators, who monitor banks to make sure that they work within the law and regulations.
To share your information with our partners and service providers.
  • Where necessary to carry out our agreement.
  • Where we have a legitimate interest in using other organisations to provide some services for us or on our behalf.
To share your information in an encrypted format with social-media companies. They can then match this to personal information they already hold about you so they can display messages to you about our products and services.
  • Where we have a legitimate interest in using social-media companies to share information with you about our products or services that may be relevant and beneficial to you.

Data protection law allows us to use personal information for our genuine and legitimate reasons as long as we respect your rights and freedoms. This lawful basis for using your information is called ‘legitimate interests’. When we rely on our legitimate interests as the legal basis for processing your personal information for the purposes set out above, we will carefully consider and balance any possible effect this may have on you and your rights.

Sensitive information

We will occasionally need to use sensitive information about you in the following ways. We will use information about your health if this is relevant for us to help you if you are struggling with a debt, it is relevant to a complaint you are making about us, it is relevant to how you want us to contact you, or it provides us with relevant information about how you are spending your money. We will also use sensitive information about you if this is considered to be in the public interest (for example, to support you if you are a vulnerable customer) or if you agree.
We may also process some information that relates to criminal convictions if this is in the public interest (for example, to prevent or detect financial crime).

Automated decision-making

If you apply to us for a product or service, we have an automated decision-making process which will carry out fraud, credit and affordability assessment checks to decide whether we will accept your application. The automated processes may decline or refer your application. If your application is referred, this means we will manually review your application before making a final decision.
We will also use automated decision-making to:

  • decide credit limits;
  • decide whether we need to help you (as required by law) if the information we have about you suggests that you may become financially vulnerable;
  • detect and prevent fraud by monitoring transactions (we may contact you to check that you were carrying out these transactions);
  • carry out automated financial crime checks; and
  • carry out our agreement, take steps to enter into an agreement with you, or where required or authorised by law.

How the automated processes make decisions

Affordability: the processes will consider your income, spending and credit history to decide how easily you will be able to manage repaying credit. We may compare you with other people in a set (for example, people who are in a certain age bracket may be more likely to be able to manage credit).
Regulatory assessment: certain details in your information may suggest that you are likely to become financially vulnerable and we may need to help you.
Financial crime checks: the processes will compare your details with the details of countries, organisations and people who sanctions apply to, to decide whether we are prevented from doing business with you under sanctions law. This means that we may automatically decide that you present a fraud or money-laundering risk, or risk of breaking financial sanctions, if the processing reveals your behaviour to be consistent with money laundering or known fraudulent behaviour, is inconsistent with information you have previously provided, or you appear to have deliberately hidden your true identity.
You have rights relating to automated decision-making. If you want to know more, please contact us using the details set out in the ‘Contact us’ section.
If we, or a fraud prevention agency, decide that you present a fraud or money-laundering risk:

  • we may refuse to provide the services you have applied for or refuse to employ you, or we may stop providing existing services to you; and
  • the fraud prevention agencies will keep a record of any fraud or money-laundering risk, and this may result in others refusing to provide services or employment to you.

If you have any questions about this, please contact us using the details set out in the ‘Contact us’ section.

Sharing your information with others

We’ll keep your information confidential but we may share it in certain circumstances, for the purposes set out in this policy, with:

  • other Fly Now Pay Later companies;
  • other companies who provide a service to you, for example if you use our products to make a purchase or payment;
  • any company we are providing services with or whose name or logo appears on our products;
  • our service providers and agents, including their subcontractors;
  • anyone we transfer or may transfer our rights, duties, debts or assets to;
  • credit reference agencies; and
  • fraud prevention agencies.

The people and organisations listed above will also have to keep it secure and confidential.
We may share limited information (for example, your mobile phone number or email address), in an encrypted format, with social-media companies. The social-media companies can match this to personal information they already hold about you, so that they can display messages to you about our products and services.
We may be required to share your information as follows:

  • With UK and overseas regulators and authorities in connection with their duties (such as preventing crime).
  • With any other person or organisation after a restructure, sale or takeover of any Fly Now Pay Later company or debt, as long as that person uses your information for the same purposes as it was originally given to us or used by us (or both).
  • If we have a duty to reveal it, if it is needed to manage your accounts, or if a law or regulation allows us to do so for legitimate business purposes or with your permission.
  • If we have reason to think that you have to report your income or pay tax in another country, in which case, we may have to share information about your accounts with the UK or relevant tax authorities.

Sharing your information with credit reference and fraud prevention agencies

When processing your application, we will carry out credit and identity checks on you with one or more credit reference agencies. To do this, we will give the credit reference agencies your personal information and they will give us information about you. This may make it difficult for you to get credit in the future. We will also continue to exchange information about you with credit reference agencies while you have a relationship with us, for example, if we have asked you to pay an amount you owe us and we do not receive a satisfactory reply from you within our stated time limit, or if you give us false or inaccurate information. The credit reference agencies may share your personal information with other organisations. The credit reference agencies, and the ways in which they use and share personal information, are explained in more detail at www.experian.co.uk/crain/. Examples of circumstances when we may share your information or information relating to your partner or other members of your household include when we are:

  • checking details on applications for products and services, and credit and credit-related, or other, facilities;
  • checking your details and credit history and confirming your identity, understanding your financial position by sharing and receiving information, for example, about any borrowing (including any borrowing outside FNPL) and how you manage it (including the amount you borrow and your payment history, any outstanding debts, payment arrangements, and whether you’ve borrowed money and not repaid it in full and on time);
  • managing credit and credit-related accounts or facilities;
  • recovering debt;
  • checking details on proposals and claims for all types of insurance; and
  • making enquiries when you ask for any lending products and to help us manage your account.

Records we share with credit reference agencies will stay on your file for six years after your file is closed, whether you’ve settled the debt or failed to pay it off.
If you’d like to know about the information credit reference agencies hold about you, you should contact them direct (please note, they will charge you a fee for this service). Not every agency will hold the same information, so you should consider contacting them all. Their contact details are as follows:

  • TransUnion, One, Park Lane, Leeds, West Yorkshire, LS3 1EP.
    Phone: 0330 024 7574
    Website: http://www.transunion.co.uk
  • Equifax PLC, Credit File Advice Centre, PO Box 1140, Bradford, BD1 5US
    Phone: 0844 335 0550
    Website: www.equifax.co.uk
  • Experian, Consumer Help Service, PO Box 8000, Nottingham, NG90 7WF
    Phone: 0344 481 8000
    Website: www.experian.co.uk

You may be charged to call the credit reference agencies. Please check with your phone provider.
We will share your information with fraud prevention agencies who will use it to prevent fraud and money laundering, and to confirm your identity. We and fraud prevention agencies may also allow law enforcement agencies to access and use your personal information to detect, investigate and prevent crime. If fraud is detected, you could be refused certain services or finance.
Fraud prevention agencies can hold your personal information for different periods of time, and if you are considered to present a fraud or money-laundering risk, they can hold your information for up to six years.

Information about other people

If you give us information about other people (such as people who depend on you financially or additional cardholders), which we will use to provide services as set out in this policy, you are confirming that you have provided those people with a copy of this policy.
Your information may be linked to people who are associated with you, such as your partner or other members of your household. These linked records are called associated records. If we contact a credit reference agency with an enquiry about you, they may answer it by referring to the records of anyone associated with you. Another person’s records will be associated with yours if:

  • you are making a joint application;
  • you tell us about a financial association with another person; or
  • the credit reference agencies have existing associated records.

If you are associated with another person, we will take this association into account in all future applications either or both of you make. The association will continue until one of you applies to the credit reference agencies and is successful in filing a ‘disassociation’, which allows your information to be unlinked.

Sharing your information outside the European Economic Area

When we or fraud prevention agencies transfer your information outside the European Economic Area, we or the fraud prevention agencies will:

  • make sure that the organisations we transfer your information to apply an equivalent level of protection;
  • include conditions in the contract with the organisations receiving your personal information to protect it to the standard required in the European Economic Area; and
  • possibly ask the organisations receiving your information to subscribe to international frameworks intended to allow information to be shared securely.

If we are transferring your information, we may also transfer it to either a country considered by the European Commission to provide adequate protection of your information, or to a different country if you agree to that. If we transfer your information outside the European Economic Area in other circumstances (for example, because we have to reveal the information to help prevent or detect a crime), we’ll make sure we share that information lawfully.
You can ask for copies of the appropriate protection we have in place by contacting us as set out in the ‘Contact us’ section.

How long we will keep your information

We will keep your information for as long as is needed for the purposes set out above or as required by any laws that apply.
If you close your account, if we refuse your application for an account or product, or you decide not to go ahead with your application for an account or product, we’ll still keep your information. We may also continue to collect information from credit reference agencies to use after your account is closed. We’ll do this for as long as we’re allowed to for legitimate business purposes, to help prevent fraud and other financial crime, and for other legal and regulatory reasons.

Your rights

You have rights relating to the way that we use your information. You have the right to:

  • ask us to send you (or someone you nominate) a copy of the information we hold about you;
  • ask us to correct or delete any incorrect or incomplete information we hold about you (we will correct any information we believe is incorrect or incomplete);
  • ask us to stop using your information (we will stop using your information if there is no legal reason for us to continue to hold or use it);
  • object to any automated decision-making;
  • ask us to transfer certain personal information to you or to another organisation, including service providers, in a format they can use where this is technically possible (known as the ‘right to data portability’);
  • ask us to transfer a copy of some of your information to you or to another organisation, including service providers, where this is technically possible;
  • withdraw any permission you have previously given to allow us to use your information;
  • ask us to stop or start sending you marketing messages at any time by:

We analyse your personal information to allow us to send you personalised offers, discounts or recommendations based on various things, such as your credit history, the way you use your account and the products you hold with us. We will stop using your personal information for these purposes if you ask us to stop sending you all types of marketing messages (that is, marketing messages by post, email, phone and text message).
To use any of the rights set out above, or to discuss any other issue relating to your information, please contact us using the methods set out in the ‘Contact us’ section.
If you have any concerns about the way we use your information, you have the right to complain to the Information Commissioner’s Office, which regulates the use of personal information in the UK. You can contact them by:

  • going to their website at https://ico.org.uk ;
  • calling them on 0303 123 1113; or
  • writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.

We may make changes to this notice and how we use your information in the future. If we do this, we’ll post an updated version of this notice on our website. You can find the current version of this notice, which explains how we’ll use your information, by visiting our website at https://www.flynowpaylater.com/gb/privacy-policy.

Contact us

Please go to https://www.flynowpaylater.com/gb/privacy-policy if you have any questions about privacy issues. If you would like more information on your rights, or you want to exercise them, please send a request through our website at https://www.flynowpaylater.com/gb/privacy-policy.
You can contact our data protection officer at: The Data Protection Officer, Fly Now Pay Later, 4th floor, 33 Cannon Street, London, EC4M 5SB or email: dpo@flynowpaylater.com