Privacy Information/GDPR

This document sets out the basis for our handling and processing of personal data.

​SME Business Finance Ltd are both a principle funder i.e. lending our own money and a broker, whereby we arrange funding with other financial institutions in which case we would share data with them.​

When you apply to open an account, SME Business Finance and/or our partners/associates will check the following records about you and your business partners:

Our own;

• Personal and business records at credit reference agencies (CRAs). When CRAs receive a search from us they will place a search footprint on your business credit file that may be seen by other lenders. They supply to us both public (including the electoral register) and shared credit and fraud prevention information.
• Those at fraud prevention agencies (FPAs)
• If you are a director, we will seek confirmation, from credit reference agencies, that the residential address that you provide is the same address as that shown on the restricted register of directors’ usual addresses at Companies House

 We will make checks such as; assessing this application for credit and verifying identities to prevent and detect crime and money laundering. We may also make periodic searches at CRAs and FPAs to manage your account with us. 

1. Information on applications will be sent to CRAs and will be recorded by them. Including information on your business and its proprietors and CRAs may create a record of the name and address of your business and its proprietors if there is not one already. Where you borrow from us, we will give details of your accounts and how you manage it/them to CRAs.
2. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs and FPAs to perform similar checks and to trace your whereabouts and recover debts that you owe. Records remain on file for 6 years after they are closed, whether settled by you or defaulted.
3. If you give us false or inaccurate information and we suspect or identify fraud we will record this and may also pass this information to the FPAs and other organisations involved in crime and fraud prevention.
4. If you have borrowed from us and do not make payments that you owe us we will trace your whereabouts and recover debts.
5. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
6. Your data may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law or where permitted under the terms of the General Data Protection Regulation (GDPR)

 We will either obtain written or verbal permission to undertake a credit search.

​You can contact thee CRAs currently operating in the UK; the information they hold may not be the same so it is worth contacting them all. They will charge you a small statutory fee. 

• Consumer Services Team, PO Box 491, Leeds, LS3 1WZ or call 0870 060 1414
• Equifax PLC, Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US or call 0870 010 0583 or log on to https://www.equifax.co.uk/crain/?adlt=strict
• Consumer Help Service, PO Box 8000, Nottingham NG80 7WF or call 0844 481 8000 or log on to https://www.experian.co.uk/legal/crain/?adlt=strict

 We will only ask for information that is relevant to our decision to lend you money which can include financial accounts and bank statements as well as proof of identity e.g. passport or driving licence and proof of residency e.g. copy of utility bill or council tax statements. We will generally keep such information for one year past the end of any finance agreement in case of any regulatory issues or disputes arising.

​We operate a paperless office so information is stored securely off-site on password protected servers.

Our loan administrators and sales partners are responsible for processing data (processors) on behalf of the senior management or our lending partners whom are Controllers and therefore responsible for determining the purposes and means of processing personal data.

​Information you provide to us: we may collect information when you visit our website; that you provide to us in your application form; that you provide when you contact us; that you provide when you update any information we hold about you; that you provide when you give us an instruction in relation to your application for finance. We may collect information about a company’s directors, partners, shareholders, members or employees.

 The information we may collect includes your name, business name, email address, date of birth, postal address, telephone number, financial details, physical forms of identify verification, details of any overseas residency, and any information not listed that you provide when you contact us or make an enquiry. As your application progresses, we may ask for additional information because a third-party funder or CRA requires it.

 How we use your information

 Provide our services to you: We process, transfer and disclose your information to third parties in order to verify your identity, perform anti-fraud and credit checks.

Respond to your enquiries: We may collect and store some personal information and the nature of your enquiry when you make an enquiry. We use this information to help us respond to your enquiry.

Legal obligations: We reserve the right to pass information we hold about you to third parties for administrative purposes, fraud prevention, terrorism prevention, anti-money laundering, debt tracing, preventing, investigating or fighting crime or where we are required to do so by law.

Sale of our business: If we sell all or part of our business, we may transfer our databases which contain your personal information. We will notify you of any change in ownership of the business.

 Marketing

​We operate a policy of a “soft opt-in” e.g. if we have already been dealing with you whether as an introducer, customer, supplier etc. then we assume that is OK for us to continue to make contact with you. If you want to stop any future correspondence then please send your details and email address to datacontroller@smebf.co.uk

Part of our strategy for getting new customers is by way of digital marketing and we will approach businesses where we believe that there is a “legitimate interest” in receiving information from us about business funding only. If we send you marketing material that you feel is inappropriate and want to be removed from the database then either click the unsubscribe link or contact  datacontroller@smebf.co.uk

 Your Rights

 Your rights over your information are detailed below. Should you wish to exercise or discuss any of these rights, please contact datacontroller@smebf.co.uk.

 Right of Access: You are entitled to obtain details we hold concerning the processing of your persona information. This includes details of the data being processed, purposes of processing, recipients of the processed information, the period for which your information is processed, the source of the information, transfers of your information and the protections we put in place to protect your information. You are entitled to a copy of the personal information we process about you.

 Right of Rectification: You have the right to have any incomplete or inaccurate personal information held by us rectified.

 Right of Erasure (‘be forgotten’): In certain circumstances, you are entitled to have personal information erased. However, we may continue processing the information in certain circumstances. If you request that we erase your personal information, we shall advise you if we consider that there are on-going grounds permitting us to continue processing your information.

 Right to Restrict Processing: You can ask us to restrict the processing of your personal information in certain circumstances. We will advise you if we do not agree with your request to restrict processing and our reasoning.

 Right to Data Portability: Where you provide personal information to us and consent to us processing it, you are entitled to receive a copy of that information and for that information to be provided to another data controller where technically possible.

 Right to Object: You have the right to object to the collection, use of and processing of your personal information where the basis for processing is our legitimate interests or the processing is in the public interest. You may object to processing for direct marketing purposes at any time. Where you, we shall cease processing your personal information unless we are permitted to process your personal information under applicable data protection laws.

 Right to Withdraw Consent: Where you have given us consent to use your personal information for any purpose outlined in this privacy policy, you shall be entitled to withdraw that consent.

 Right related to Automatic Decision-Making including Profiling: If you the right to not be subject to a decision based solely on automated processing.

 Policing

 If there are any concerns or complaints with respect to out handling of your data please in the first instance contact datacontroller@smebf.co.uk and it is our duty to resolve within 72 hours. SME Business Finance’s Data Protection Licence Number is Z3348708.

If you need to contact the Information Commissioners Officer (ICO) their details are

​Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

 www.ico.org.uk

​Helpline on 0303 123 1113