Privacy Policy

Last updated: 9 April 2026

First Flexi Lease is a trading name of Oak First Investments Ltd. This Privacy Policy explains how we collect, use, store and share your personal data when you use our website, contact us, request a quote, apply for or enter into a vehicle rental, leasing or finance-related arrangement, or otherwise use our services.

We are committed to handling personal data lawfully, fairly and transparently.

1. Who we are

If you have any questions about this Privacy Policy or how we use your personal data, please contact us using the details above.

2. What this policy covers

This policy applies to personal data collected through:

• our website;
• contact, callback, quote and proposal forms;
• email, telephone, SMS, WhatsApp and other communications with us;
• customer onboarding and account management;
• vehicle rental, flexi lease, short-term leasing, long-term rental and related services;
• finance-related introductions where applicable;
• complaints handling;
• cookies and similar technologies; and
• vehicle tracking and telematics used in vehicles we own and supply.

3. The personal data we collect

Depending on how you interact with us, we may collect and use:

• your name, business name, postal address, email address and telephone number;
• date of birth and address history where relevant;
• information you provide in enquiry, quote, proposal or application forms;
• vehicle preferences and agreement details;
• identity and verification information;
• driving licence, insurance and eligibility information where relevant;
• payment, billing and account information;
• records of correspondence, call notes and complaint information;
• website usage data, device data, browser information, IP address and cookie-related data;
• marketing preferences;
• business customer information, including company and director details where relevant; and
• vehicle tracking, location, mileage, servicing and maintenance-related telematics data where a vehicle supplied by us is fitted with a tracker.

We only ask for personal data that is relevant to the services we provide or the checks we need to carry out.

4. How we collect your personal data

We collect personal data:

• directly from you when you contact us or complete a form;
• when you speak to us by phone, email, SMS, WhatsApp or other channels;
• when you request or enter into a rental, lease, vehicle supply or finance-related arrangement;
• from cookies and similar technologies on our website;
• from supplying dealers, delivery providers, finance companies, insurers, maintenance providers, breakdown providers and similar service partners where relevant;
• from credit reference agencies, identity-check providers, affordability assessment providers and fraud prevention services where relevant to soft checks, business checks, director checks or finance-related enquiries; and
• from regulators, law enforcement bodies, courts or professional advisers where necessary.

5. How we use your personal data

We may use your personal data to:

• respond to enquiries and provide quotes;
• arrange and manage rentals, leases, vehicle supply and related services;
• verify your identity, address and eligibility;
• carry out consumer, business and director searches where relevant;
• support fraud prevention and risk assessment;
• introduce you to external finance companies, lenders or funders where finance is requested or discussed;
• administer agreements, payments, billing and account records;
• arrange delivery, collection, servicing, maintenance, repairs and breakdown support;
• contact you about servicing, maintenance, mileage or vehicle-related obligations;
• monitor mileage and maintenance requirements on vehicles we own and supply;
• locate and recover vehicles where payments have stopped, a vehicle is overdue, or we otherwise need to protect our assets;
• investigate complaints, incidents, misuse, fraud, disputes and non-payment;
• recover unpaid sums, including by using debt recovery or legal enforcement processes where necessary;
• improve our website, services and customer experience;
• keep internal records and support audit, legal and regulatory compliance; and
• send marketing communications where we are permitted to do so.

We do not sell your personal data.

6. Our lawful bases for processing

We rely on one or more of the following lawful bases under UK data protection law:

• Contract – where processing is necessary to take steps at your request or to enter into and perform an agreement with you.
• Legal obligation – where we need to comply with legal, tax, regulatory, fraud prevention or enforcement obligations.
• Legitimate interests – where we have a genuine business need to operate and improve our services, verify information, protect our vehicles and systems, monitor mileage and maintenance, carry out due diligence, prevent misuse, investigate disputes, recover debts, and defend or pursue legal claims, provided those interests are not overridden by your rights.
• Consent – where consent is required, for example for certain cookies or certain marketing activities.

Where we rely on consent, you can withdraw it at any time.

7. Credit Reference, Business and Affordability Checks

Where relevant to your enquiry, quote, rental, lease or finance-related application, we may carry out checks to verify identity, address, eligibility, affordability and suitability.

These checks may include:

• consumer credit searches for individuals acting in a personal capacity;
• business credit searches for business customers; and
• director searches where relevant to help assess the proposed arrangement and confirm the appropriate liable party.

For individual customers, these checks may be used to help verify identity and address details, support fraud prevention and risk assessment, and assist with suitability or affordability checks where appropriate. Where a credit search is to be carried out on an individual, they will be informed in advance.

For business customers, business and director searches may be used as part of our due diligence process to help assess the suitability of the proposed agreement and confirm the appropriate liable party.

Where finance is requested or discussed, we may also share your information with external finance companies, lenders or funders so they can assess whether they are able to offer finance or related services.

Credit Reference and Affordability Checks

To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs).

We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority.

FCA Firm Reference Number: 742313

TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority.

FCA Firm Reference Number: 805757

The information we receive may include data relating to your identity, credit commitments, payment history, affordability indicators and public record information. We use this data only for legitimate business purposes, including creditworthiness assessment, affordability and suitability assessment, identity verification, fraud prevention, and supporting applications for vehicle rental, leasing or finance-related services, in accordance with applicable data protection laws.

Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices:

• Creditsafe Privacy / Transparency Notice: https://www.creditsafe.com/gb/en/legal/transparency-notice-customer-supplier.html
• TransUnion CRAIN (Credit Reference Agency Information Notice): https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference
• TransUnion Bureau Privacy Notice: https://www.transunion.co.uk/legal/privacy-centre/pc-bureau

8. Vehicle tracking and telematics

We install tracking devices in vehicles that we own and rent or lease out.

We use tracking and telematics data for legitimate business purposes, including:

• locating and recovering vehicles where payments have stopped or a vehicle is otherwise at risk;
• monitoring mileage against agreed limits;
• helping ensure maintenance and servicing is carried out in a timely manner;
• protecting our vehicles and business from loss, misuse or unauthorised retention; and
• supporting the administration and management of the agreement.

We will only use tracking data where it is lawful, proportionate and necessary for these purposes.

9. Who we share your personal data with

We may share your personal data with trusted third parties where necessary to provide our services, administer your agreement, protect our legal position, recover debts, or comply with legal and regulatory obligations.

These third parties may include:

• supplying dealerships and vehicle manufacturers;
• delivery, transport and logistics companies;
• external finance companies, lenders and funders;
• credit reference agencies, identity-check providers, affordability assessment providers and fraud prevention services;
• insurers, claims handlers and recovery providers;
• payment processors and banking providers;
• maintenance, servicing, repair and breakdown providers;
• transport-management companies that help coordinate servicing, maintenance or vehicle movements;
• debt collection agencies, tracing agents, solicitors and courts where sums are overdue or recovery action is necessary;
• IT, hosting, CRM, website, analytics and communications providers;
• professional advisers such as accountants, auditors and legal advisers; and
• regulators, law enforcement agencies, HMRC and other authorities where required by law or where necessary to protect our rights.

We only share information that is reasonably necessary for the relevant purpose.

10. Debt recovery and legal enforcement

If payments become overdue or remain unpaid, we may share relevant personal data with debt collection agencies, tracing agents, solicitors, the courts, or other recovery partners in order to recover sums owed to us and protect our legal position.

This may include taking legal steps such as county court claims or other lawful recovery action where appropriate.

11. Servicing, maintenance and breakdown support

We may share your contact and vehicle information with transport-management companies, maintenance providers, servicing agents, repairers and breakdown providers where needed to organise, book or manage servicing, maintenance, inspections, repairs or breakdown support.

This may include contacting you, or enabling those providers to contact you, to arrange bookings and vehicle-related support.

12. Marketing

We may use your contact details to send you information about our services where we are allowed to do so by law.

You can ask us to stop marketing at any time by:

• clicking the unsubscribe link in a marketing email;
• replying STOP to a marketing text where that option is available; or
• contacting us using the details in this Privacy Policy.

13. Cookies and similar technologies

Our website uses cookies and similar technologies to make the site work, improve performance, understand website usage and, where applicable, support marketing and advertising activity.

Where cookies or similar technologies are not strictly necessary, we will ask for your consent before using them.

Please also see our Cookie Policy for more detail.

14. Automated decision-making

We do not intend to make solely automated decisions about you that have a legal or similarly significant effect unless we are permitted to do so by law and have provided appropriate information and safeguards.

Where profiling or automated tools are used as part of fraud prevention, due diligence or service delivery, there will be human review where required.

15. International transfers

Some of our service providers may store or process personal data outside the UK.

Where this happens, we will take appropriate steps to ensure your personal data remains protected in accordance with UK data protection law, including the use of appropriate safeguards where required.

16. How long we keep your personal data

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including to:

• deal with your enquiry;
• manage any agreement with you;
• maintain business, tax and accounting records;
• resolve complaints and disputes;
• recover debts and protect our legal rights; and
• comply with legal and regulatory requirements.

Retention periods vary depending on the type of information and the reason we collected it. When personal data is no longer required, we will securely delete it or anonymise it.

17. Your rights

Under UK data protection law, you may have the right to:

• request access to your personal data;
• request correction of inaccurate or incomplete data;
• request deletion of your personal data;
• request restriction of processing;
• object to processing based on legitimate interests;
• request transfer of certain personal data to you or another provider;
• withdraw consent where processing is based on consent; and
• complain to the Information Commissioner's Office.

To exercise your rights, please contact us using the details in section 1.

18. Complaints

If you have any concerns about how we use your personal data, please contact us first so we can try to resolve the issue.

You also have the right to complain to the Information Commissioner's Office (ICO), which is the UK regulator for data protection matters.

If your complaint relates to a regulated financial service, you may also have rights to complain through the appropriate financial complaints process, depending on the nature of the product or service.

19. Third-party websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. You should read their own privacy notices before providing personal data to them.

20. Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page and the “Last updated” date will be revised.