glo's Privacy Policy


Data protection legislation (which includes the General Data Protection Regulation or GDPR) places obligations on us (Glo) in relation to the way that we handle your personal information. We must process your information fairly and lawfully. This also means you are entitled to know how we intend to use your information. You can then decide whether or not you want to give it to us so that we can provide the product you require. All our employees are responsible for maintaining customer confidentiality. We provide training to all our colleagues to remind them about their obligations. In addition our polices and procedures are regularly audited and reviewed.

The identity of the controller and their contact details

Your information will be held by Glo which is a trading name of Provident Personal Credit Limited. Provident Personal Credit is part of the Provident Financial Group, which includes other lending companies such as Vanquis Bank Ltd and Moneybarn Ltd. More information on the Provident Financial Group can be found at

The identity of the Data Protection Officer

Glo has a Data Protection Officer to ensure that your personal data is being treated fairly and lawfully and protected at all times. If you need to contact the DPO please email, write to The Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0800 6944962

Categories of personal data processed

We only collect the data we need to provide you with the product or service you require and to administer your account(s) with us. In most cases this will mean that we are processing personal data such as:

  1. Information required on your application form such as name, address, income, outgoings etc.,
  2. Information provided to us by the Credit reference agencies on your finance with other credit/lending organisations
  3. Any additional information you provide whilst we are administering your account such as income & outgoings and personal circumstances.

Where we obtain your personal data from

Your personal information will be held securely on Provident systems so that we and any other companies in our Group that you have dealings with either now or in the future can manage your relationship with us. This will include information you provide when you apply to us and any additional information provided by you or others in various ways, including but not limited to;

  1. In applications, emails, letters, phone calls and conversations, when registering for services, in customer surveys, when you participate in competitions, through our websites and during conversations about your loan account.
  2. From analysis of your payments and use of our services and others in the Group.
  3. From information we receive from others such as credit reference agencies and fraud prevention agencies.
  4. From agents and brokers.
  5. From the use of data obtained from social media sites by matching email address with social media accounts.

Why we process your data

As a business we use data we obtain from you and data we collect about you to perform a number of activities. Under data protection legislation we are only permitted to use your personal information when we have a legal basis that permits us to do so. We set out below an overview of the purposes for which we use your personal information and, in each case, the legal basis that permits us to use that information.

Processing your data as a Legitimate Interest

The Provident Group companies as outlined above will share your information amongst each other for the following administrative activities where we have a legitimate business need;

  1. Managing your relationship with each company and notifying you of any changes to those products and services.
  2. Responding to your queries and complaints.
  3. Administering offers, competitions and promotions so that you are provided with the most appropriate product or service enhancement for your needs.
  4. Updating, consolidating and improving the accuracy of our records by sharing any updates to your personal data, for example if you change address

    In addition, we will share and individually use each other's customer data for the following legitimate data usage across all companies in our group;

  5. Transactional analysis.
  6. Arrears and debt recovery and debt sale activities including where we may need to trace your whereabouts.
  7. Crime detection, prevention and prosecution.
  8. To evaluate the effectiveness of marketing, and for market research and training.
  9. To support customer modelling, statistical and trend analysis, with the aim of developing and improving products and services.
  10. To enable assessment of lending risks by considering all products you have across the group of companies and also taking into consideration your payment history with any products you previously held for assessing your income and expenditure and periodically updating this information to enable us to make responsible lending decisions.
  11. Where we want to share with market research companies to help us understand how we can improve our products and service offered to you.
  12. Using your information for profiling to help ensure that if we market to you, this will be relevant to the information we hold about you.
Some of this sharing will be done on an individual basis, in other cases the data is shared using secure data transfer or is uploaded into a central database repository where we are able to apply strict controls over the security and access to the data. By sharing this information it enables our group companies to better understand your needs and run your account(s) responsibly and in the efficient way you expect.

Sharing your information with brokers

We will undertake this processing under a legitimate business interest. If you were introduced to us by a broker we will give them your contact details and sufficient information to help them with their accounting and administration. Brokers and Introducers sometimes use your information that you provided to them initially to contact you about products and services unless you have asked them directly not to do so.

Sharing your information to assist with asset buying or selling

We will undertake this processing under a legitimate business interest. Glo may in the future wish to sell, transfer or merge part or all of its business assets or to acquire a business. If so, we sometimes disclose your personal information to a potential buyer, merger partner or seller so long as they agree to keep it confidential and to use it only to consider the potential transaction.

Recording phone calls

We will undertake this processing under a legitimate business interest. We may monitor or record phone calls with you in case we need to check we have carried out your instructions properly, to resolve queries or issues, for regulatory purposes, to help improve our quality or service and to help prevent or detect fraud or other crimes. Conversations may also be recorded for staff training purposes.

Using your details for service contact

We will undertake this processing under a legitimate business interest. Making sure we deliver excellent customer service is important to us and to do this various methods of communication may be used when sending you information about your account. Sometimes this may be by SMS, Email or push notification in your app or log in area. For example this may include sending you reminders or receipts for payments or other information in relation to the administration/servicing of your loan. We will always ensure that we are not putting your data at risk. If you have requested that we email you information relating to your account we will ensure that we have explained the risks of sending an insecure email and that you are happy to accept that risk.

Using information on social networking sites

We will undertake this processing under a legitimate business interest. As part of our ongoing commitment to understanding our customers better, we sometimes research comments and opinions made public on social media sites. We sometimes also match information on these sites with the data we hold to undertake behavioural analysis and assist with credit decisioning. The information we collect may also assist use with looking at targeted advertising using Social media.

Using cookies and IP addresses

We will undertake this processing under a legitimate business interest. By visiting our website, we may receive your IP address, a unique identifier for your computer or other access device. We do not use your IP address to identify you. Cookies are used to store small amounts of information on your device, which allows certain information from your web browser to be collected. In addition, information will be collected if you commence the application process. To access our Cookie Policy please go to: For more information on using cookies please visit our cookies page.

How we use Fraud prevention agencies

We will undertake this processing under a legitimate business interest. If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention Agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:

  1. Checking details on applications for credit and credit related or other facilities.
  2. Managing credit and credit related accounts or facilities.
  3. Tracing your whereabouts and recovering debt that you owe.
  4. Checking details on proposals and claims for all types of insurance.
  5. Verifying your identity if you or a financial associate applies for facilities including insurance proposals and claims.
  6. Undertaking statistical analysis and system checking.
  7. Checking details of job applicants and employees.
  8. Checking other credit applications you have made.
Please contact us at if you want to receive details of the relevant fraud prevention agencies . We and other organisations may access and use the information recorded by fraud prevention agencies from other countries.

Processing your data for legal reasons

We will treat your information as private and confidential, but may share it with other Group companies and only disclose it outside the Group if we are legally obliged to do so or required to do so to satisfy a court order. Examples of this are:

  1. Passing information to HMRC where a court order is in place.
  2. Required by the Police and other law enforcement agencies to investigate or prevent crime.
  3. Required by the authorities when we report on any suspicious activity that could indicate money laundering.
  4. Undertaking affordability reviews , where we will use all the data across the group companies to ensure we are fully aware of your Group commitments.
  5. Required to provide information to our industry regulators.

How we check your identity and undertake money laundering checks

We will undertake this processing to satisfy a legal obligation. Sometimes we will ask you to provide physical forms of identity when you take a product with us. Alternatively we may use information from the CRAs. This type of search is not seen or used by other lenders to assess your ability to obtain credit.

Processing your data for contractual reasons

There are a number of activities that we will perform to either use your data to assess you for the product you have requested, to enable us to provide that product and to continue to administer it in line with the credit agreement you sign up to. Some examples of the contractual processing we undertake are;

  1. Undertaking credit searches to assess your suitability for a product, see below for further details.
  2. Assessing your application using an automated credit decisioning process, see below for further details.
  3. Sending regulatory communications such as annual statements.
  4. Affordability, to assess your ability to sustainably repay your loan, we may review your Income and Expenditure levels, based on data we hold, capture or you provide.

Using automated decision making - the logic involved and the consequences.

We will undertake this processing under a contractual requirement. When you apply for credit we use credit scoring. This is or can be an automated system that helps us to understand behaviour and its impact on an individual's likelihood to pay their loan/credit commitments. Credit scoring will take account of information you provide on your application, information already held in the Provident Group about you, data from Credit reference agencies, data obtained from social media sites. Our credit scoring processes are regularly reviewed to ensure they remain fair, effective and unbiased. If you submit an application and it is declined through this automated process, you can contact us to have the decision reviewed. If you need to contact us please email, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0330 303 7070 and we will review your request and come back to you within 21 days.

How we use Credit Reference Agency data

We will undertake this processing under a contractual requirement. Your application will be registered on your credit report under the name Provident Personal Credit Limited and we are currently working with Experian, Call Credit and Equifax. If you would like more information on these Credit Reference Agencies (CRA), please visit, or We will undertake a search with at least two of these agencies when you apply for credit and this will review your records as well as anyone financially associated with you. A footprint will not be left on your credit file, unless you continue to complete a full application. Once you take a product with us, we will report regularly to the CRAs on your payment history. If you fall behind on your payments and satisfactory proposals are not received within 28 days of a formal demand being issued, then a notice may be recorded at the CRAs which could impact your ability to obtain further credit. The information we and other organisations provide to the CRAs may be used by us and them to;

  1. help make decisions when checking applications, managing credit related accounts and facilities, recovering debt, checking on insurance claims, checking job applications.
  2. detect and prevent money laundering, crime and fraud.
  3. verify identity.
  4. trace your whereabouts.
  5. check other credit applications you have made.
  6. undertake research, statistical analysis and system testing.
  7. assess your ability to repay your loan by looking at your income and expenditure levels
Any records shared with the CRAs will remain on your CRA file for 6 years after your account is closed.

Processing your data with your consent

There will be circumstances where we will only process your data if we have your consent to do so. For example, if you provide us with data that is classed as a special category of data such as health information, we will only process this with your permission (unless we feel the processing is necessary to protect your vital interests). You have a right at any time to ask us to stop the processing of that specific data.

How we manage your special categories of personal data

Data Protection Legislation defines certain information as special categories (racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life, biometric and genetic data). As part of your ongoing relationship with us we may be provided with such information. We will always ask your explicit consent to process this information (unless we feel the processing is necessary to protect your vital interests). We may share it with other parts of the Provident Group and our subcontractors to keep your records up to date.

Your rights

Important please read:
You have a number of rights in relation to your personal data. For example you can ask for a copy of your personal data through a Subject Access Request, you can ask for your information to be corrected if it is inaccurate, you can ask for the processing of your data to be restricted whilst we may be resolving an issue, you can ask for your data to be deleted, and you have the right to data portability. See below for further details. If you wish to exercise one of your rights please email, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0330 303 7070 and we will review your request and come back to you within 30 days.

Your right to object

You have a right to object to any processing activity where the business states it has a legitimate business need to use your data in the way described. If you need to contact us please email, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0330 303 7070 and we will review your request and come back to you within 30 days.

Your right to data portability

Data Protection legislation contains a right to data portability that may give you a right in some data processing contexts, to receive your personal data in a portable format when it is processed on certain grounds, such as consent. If you wish for this limited data to be "ported" to another organisation direct, please contact us at, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0330 303 7070 and we will review your request and come back to you within 30 days.

Obtaining a copy of your data

You have a right of access to a copy of the personal data we hold about you. Please email , write to the Rights Request Team, Provident Personal Credit Limited, No 1 Godwin Street, Bradford, BD1 2SU, or call 0800 6944962 providing as much information as possible to enable us to locate your information. Once we have everything we need to locate your information we will supply this to you within 30 days of this date.

Your right to lodge a complaint with the regulatory authority

We hope that we provide you with the service you expect in relation to how we manage your personal data . Please contact us if there is anything you are concerned about and we will endeavour to address this. If you are still not satisfied then you have the right to contact the Information Commissioner on 0303 123 1113

Who do we share your data with

We use a number of third party companies to help us to manage your account and to deliver the service you expect. Examples of where we may employ the services of a third party are;

  1. To help send out electronic, written or voice communications to you.
  2. To provide IT support.
  3. To provide us with software and systems to help manage your account and the activities we need to complete.
  4. to help prevent fraudulent transactions or online security/fraud threats.
  5. to help collect outstanding payments.
  6. To help process certain account activities such as arrears, collection and debt recovery we sometimes employ the services of other Provident Group companies.
Glo will ensure that it and any third parties whom it engages to process Personal Data on its behalf will process the Personal Data in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Glo will ensure that a written contract (a “Data Processor Agreement”) is put in place with third party processors and the terms of that Data Processor Agreement will comply with requirements of the Data Protection Legislation.

Processing your data outside the EEA

We sometimes use third parties based outside the European Economic Area. For example some of our IT administrative activities are supported by third parties based in India and Israel. We will always ensure they will protect your information to EU standards. If we do transfer information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of these safeguards:

  1. Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Learn more on the European Commission Justice website.
  2. Put in place a contract with the recipient that means they must protect it to the same standards as the EEA. Read more about this here on the European Commission Justice website.
  3. Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA. You can find out more about data protection on the European Commission Justice website.
Sometimes these organisations may disclose information to foreign authorities in the fight against crime and terrorism where they are legally obliged to do so.

How long do we keep your data for

As a regulated business we are often required to hold personal data for set periods of time. There may also be certain legal requirements to hold onto data. We have a legitimate business need to keep data for a certain period of time. We operate to an approved set of retention schedules which identify the type of data held and for how long. Some of the key retention periods are;

  1. Most customer data will be held for up to 6 years after the end of the relationship.
  2. Contact centre sales call recordings will be held for up to 6 years from the date of the recording.
  3. All other contact centre call recordings will be held for up to 2 years from the date of the recording.
If you require details on retention periods for any other type of data held please contact us on email, write to Rights Request Team, 1 Godwin Street, Bradford West Yorkshire BD1 2SU, or call 0330 303 7070

Changes to this notice

We keep our privacy policy under regular review. This notice was last updated 06/06/2018