This website is not intended for children and we do not knowingly collect data relating to children.
Who is the Data Controller?
We are registered with the Information Commissioner’s Office with registration number Z303864X. Our registration can be viewed here.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us via the above methods in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third party links
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
What information about you do we use?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect the following information about you:
- Identity and contact details which include: first name, maiden name, last personal assets and liabilities, marital status, title, date of birth and gender, address, email address and telephone numbers;
- Financial data and data about domestic circumstances which includes bank account and payment card details, details about payments to and from you and other details of products and services you have purchased from us, information about your credit rating and previous borrowing and information relating to county court judgements, bankruptcy and insolvency and information relating to home ownership;
- Business data including information about your business, its activities, its financial condition and in relation to its owners, shareholders and employees;
- Technical data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, Uniform Resource Locators (URL) clickstream to, through and from our sites (including date and time); products you viewed or searched for; page response times, which pages you visit, how often you visit and any enquiry forms or similar interactive content you complete, download errors, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and other technology on the devices you use to access this website;
- Call recordings when you speak to us over the telephone (calls are recorded for training and monitoring purposes); and
- Marketing and communications data which includes your preferences in receiving marketing from us and our third parties and your communication preferences.
When might we collect and use sensitive information about you?
We always seek to treat customers fairly and be responsive to their individual needs. Sometimes you may disclose some types of information which are classed as sensitive under the law, known as special category data. A common example of this is information about your mental or physical health. We will ask your consent to process this information. Not agreeing to us processing this information may impact on our ability to make adjustments for your circumstances. We collect this information so that we can treat you fairly and according to your needs.
How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your personal by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
– apply for our products or services;
– to make payments to us;
– request marketing to be sent to you;
– enter a competition, promotion or survey; or
– give us feedback or contact us.
- Third party introducers and/or brokers who collect your information and provide it to us via our broker portal when you apply for our products or services via these third parties.
- Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
– analytics providers such as Google based outside the EU; and
– advertising networks and search information providers such as LinkedIn and Facebook, based outside the EU.
- Contact, Financial and Transaction data from providers of technical, payment and delivery services and Identity and Contact Data from data brokers or aggregators may be obtained from time to time.
- Identity and Contact data from publicly available sources such as Companies House and the Electoral Register.
- Financial and Identity data from third parties such as Credit Reference Agencies (CRAs), Fraud Prevention Agencies (FPAs) and tracing agents.
Why do we use your information?
We use your personal information for a variety of reasons related to our business activities including processing your application for credit (whether as a sole trader, unincorporated partnership or commercial entity), where you provide security for a loan to your business, the administration of your loan agreement, to contact you and to comply with our legal and regulatory obligations. Further details as to the purposes of processing are set out in the following section.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
What is the legal basis for this use?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you, such as:
– In order to process your application and complete your loan agreement or to deliver banking services to you;
– to open accounts with us and to manage and maintain those accounts and to take payments from you;
– if you are a borrower (or a director, partner, member, shareholder, beneficial owner or guarantor of a borrower) to ascertain your borrowing needs; and
– to verify your identity and the other information you have provided to us, including your bank account information and (if relevant) the identity of your business associates.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, such as:
– to develop and improve our services, products and business, including analysing and improving our customer service offering;
– to assess your creditworthiness and to make credit-related decisions;
– to verify the accuracy of the data you have provided to us;
– for the administration of our business and to manage our business risks;
– for the provision, management and improvement of our website;
– if you miss any repayment of your loan, to trace your whereabouts and recover debts and to verify any payment plan you have proposed or income and expenditure form you have submitted;
– to carry out statistical analysis and market research and testing;
– to update the records we hold about you from time to time;
- where you are an existing customer, to inform you of marketplace developments and activity and of changes to our products and services;
– where you are an existing customer, to contact you (including by SMS and e-mail) with products and services which we think may interest you (at all times taking into consideration your rights at law including your right to opt-out from receiving marketing from us); and
– to transfer money.
- Where we need to comply with a legal obligation, such as
– To check your identity;
– to carry out mandatory or other regulatory checks;
– to comply with our legal and regulatory obligations such as to make reports to the regulatory authority or to law enforcement agencies; and
– for the prevention and detection of fraud, money laundering, or other illegal or criminal activity.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
Where our use of your data is not necessary for one of the purposes outlined above we may seek your consent to use it in a particular way, for example in certain circumstances where we wish to send you digital marketing information, ask you to provide feedback, take part in a survey or you tell us about a change in circumstances relating to your health.
You may refuse to give your consent to processing. If you do, this may impact on the services we can provide to you. You can withdraw your consent at any time by contacting us using the details set out above. This will not affect any of the processing based on consent which occurred prior to your communication of your withdrawal.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.
Third party marketing
We may also use your information to introduce you to other lenders and credit brokers who may be able to provide you with products and services, but we shall only do this when we have your express opt-in consent to do so, and before we share your personal data with any other third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time [by following the opt-out links on any marketing message sent to you, or by contacting us at any time.
Who do we share your information with?
We may share your information with:
- the broker who introduced you for the purpose of managing compliance and fulfilling our contractual requirements with the broker;
- third parties who provide services to us, such as credit brokers (including Rise Funding Limited (as applicable)), tracing agents, our legal advisors and our website and IT support;
- professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services;
- providers who provide payment facilities to us;
- CRAs and FPAs to which we may report positive, delinquent and default data about your account(s) on a regular (minimum monthly) basis which will include information about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs;
- British Business Bank in the event you apply for funding under the Coronavirus Business Interruption Loan Scheme and the Recovery Loan Scheme.
- HM Revenue and Customs, law enforcement agencies, regulatory bodies and other authorities where we are required to do so;
- other members of our group of companies, and any purchaser or proposed purchaser of all or part of the same or their assets, together with their professional advisors;
- any person or persons seeking to acquire all or part of our business and/or assets and any potential assignees of your credit agreement, along with their third-party advisors; or
- you or your third-party representatives (in line with your rights).
We believe, in good faith, that it is necessary to protect our rights, property, safety or reputation or the rights, property, safety or reputation of any of our clients or partners. The information provided to CRAs may be supplied to other organisations which search your credit record. More information about CRAs and how they use personal information is available in a document called the Credit Reference Agency Information Notice (also known as the “CRAIN”) which can be accessed via any of these following links:
Note: When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
You can also contact the agencies below:
Transunion: Consumer Services Team, PO Box 491, Leeds, LS3 1WZ Tel: 0330 024 7579 or visit www.transunion.co.uk
Equifax PLC: Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US Tel: 0870 010 0583 or visit www.myequifax.co.uk
Experian: Consumer Help Service, PO Box 8000, Nottingham, NG80 7WF Tel: 0870 241 6212 or visit www.experian.co.uk
To find out more about how we share your data with CRAs.
The personal information we have collected from you may be shared by us and CRAs with FPAs who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found in the CRAIN and https://www.cifas.org.uk/fpn.
Automated decision making
We may perform automated processing (i.e. processing that is carried out without human intervention) on your personal information, to evaluate certain things about you. In particular, we may do this to analyse or predict (amongst other things) your economic situation, credit history, age, personal preferences, interests or behaviour. This could mean that automated decisions (i.e. decisions that are made without human intervention) are made about you using your personal information. For example, if you do not meet an element of our lending criteria (such as being over 18 or being a resident in the UK) any application for credit will be automatically declined. If you do meet our lending criteria, the amount we lend, the term of your loan and the interest we charge on your loan will be determined by your credit status.
Where is your information stored?
The processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Personal data will be transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries; or
where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
We implement appropriate technical and organisational measures to protect the security of your information and to prevent unauthorised access, including encryption, fire walls, data back-ups, policies and procedures, and access protocols. We enforce physical access controls to our buildings and files, and we only authorise access to those employees who require it to fulfil their job responsibilities. When you share data with us through the website, that information is protected by secure socket layer (SSL) encryption. Unfortunately, transmission of information via the internet may never be completely secure and you should ensure when using our website as with any other online services that you have appropriate protections in place (such as anti-virus software and an up-to-date web-browser).
How long will your information be kept on file?
We keep your information for as long as it is needed to provide you with the services you have requested and, to the extent it is necessary for the protection of our legitimate interests (the management of legal risks and administration of our business), for six years from the end of your credit agreement with us (if you take out a loan). Where you partially complete an application, or where your application is declined, we will keep your information for up to 30 days so you can pick up where you left off should you wish to reapply. Where you are an individual acting in your own capacity or as a sole trader and have consented to receive marketing from us, we will hold your records on file for two years following the last time you interacted with us.
Records remain on file with CRAs and FPAs for 6 years after they are closed, whether settled by you or defaulted.
We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Further detail as to each right is set out below:
|Right of access
|You have a right to access the personal information we hold about you and be told why we use it
|Right of rectification
|You can ask us to correct or update your information to ensure it is accurate and complete.
|Right to erasure and right to restrict processing
|You can ask us to stop processing and to delete your data in certain circumstances (for example where it is processed with your consent, or it is no longer necessary for us to process it).
|Right to data portability
|You have a right to ask us to provide you with information in a form that suits you, and/or to provide your information to a third party.
|Right to object
|You have a right to object to our processing of your information.
|Rights: profiling and automated decisions
|You have a right not to be subject to automated decisions which have a legal effect and to be protected by safeguards in respect of any profiling.
|Right to object to direct marketing
|Where you have consented to receive direct marketing you can change your mind at any time by contacting us or following the directions in each message. Please allow a few days for us to action your request
|Rights in relation to CRAs
|You have a right to be told which CRAs we have used and obtain a copy of your file from CRAs.
You can exercise the above rights by contacting us. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.