PRIVACY
NOTICE

Your Privacy Matters: We will ensure that your data is protected and respected.

Want to speak with a member of our team?

Approved Business Finance Ltd is an independent asset finance brokerage, as such we can introduce you to a wide range of finance providers depending on your requirements and circumstances. Approved Business Finance Ltd will receive, commission, payment(s) or other benefit from the finance provider if you decide to enter into an agreement with them. Approved Business Finance Ltd aims to provide our customers with the highest standards of service. If our service fails to meet your requirements, we will endeavour to find a resolution.

Approved Business Finance Ltd is an Appointed Representative of AFS Compliance Ltd, which is Authorised and Regulated by the Financial Conduct Authority, firm number 625035. Approved Business Finance Ltd is a Franchisee of Asset Finance Solutions (UK) Ltd. Approved Business Finance Ltd is incorporated in England and Wales (company number: 11914104) with its office at Seebeck House, Seebeck Pl, Milton Keynes MK5 8FR.

Our purpose for processing Your personal data is so we can fulfil Your information request to Us and provide the credit broking services You are seeking. This notice describes how We will use Your personal data under UK GDPR and all other relevant data protection legislation in force as a result of Your nitration with Us.

We are independently registered with the ICO.

Who does this privacy notice apply to?
This data protection compliance statement (privacy notice) applies to all prospective customers and customers of the Controller.

Making an enquiry about the services We offer
We collect information, including Your personal data, so that We can respond to it and fulfil Our services should You choose to instruct Us in accordance with Our regulatory responsibilities. If You are a business customer We will hold the names and contact details of individuals acting in their capacity as representatives of their organisations, across Their business.

Making a service adjustment request
We wish all Our customers to be able to benefit from Our services equally.

In order to do that We may need to make service adjustments to eliminate barriers in accessing Our services and process special category data (such as health information You may give Us) in order to be able to provide services to an equivalent level to suit Your individual needs.

In order to make those adjustments for You We need Your consent to process any special category data under Article 9 (a) of the UK GDPR.

We will inform You when such separate consent is necessary and will create a record of Your adjustment requirements.

These will give Your name, contact details and type of adjustment required along with a brief description of what is required. Relevant staff can access this to ensure They are communicating with You in the required way.

We need such information from You to respond to Your needs and to provide the services You are looking for.

What are Your rights in respect of special data
As We need Your consent to process Your special category data You have a right to withdraw Your consent at any time.

Electronic storage
When We are in contact with You regarding services We can provide (regardless of the chosen method of contact) We will set up an electronic case file containing the details of Your request as Our compliance recording is system based. This normally includes Your contact details and any other information You have given Us including sensitive data under a service adjustment. Wen will also store on this case file a copy of the information that falls within the scope of Your request. This may include for instance an authority for someone to act for You if a Power of Attorney has been produced to Us and Your ongoing case file.

Surveys
As We wish to continually improve Our services We will also invite all customers to participate in completion of sale customer satisfaction survey.

What is Aggregated Data?
We also collect, use and share what is called Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from Your personal data but is not considered personal data in law as this data does not directly or indirectly reveal Your identity.

For example, We may aggregate your location data to calculate the percentage of customers accessing Our services in a given geographical location. However, if We combine or connect Aggregated Data with Your personal data so that it can directly or indirectly identify You, We treat the combined data as personal data which will only be used in accordance with this privacy notice.

How do we receive your personal information?
We receive Your personal data when You directly or indirectly interact with Us so this can be when You first contact and every time You speak to Us in seeking and engaging Our services. You may directly or through someone representing You under an official power of attorney provide Us with Your Identity, Contact and Financial Data by filling in forms or by corresponding with Us by post, phone, email, Web services or otherwise.

This includes personal data You provide when You:

knowingly enquire about Our services either directly or via our web page
engage Our services by agreeing Our terms and conditions;
request marketing to be sent to You; or
provide survey feedback or contact Us.
Request a Service adjustment

Third parties or publicly available sources

We will also receive personal data about You from various third parties and public sources as set out below:
- Technical Data from analytics providers such as Google based inside or outside the UK and generated by Your use of Our website;
- Contact, Financial and Transaction Data from providers of business information such as Credit Safe, Red Flag, Experian or Companies House that may be based inside or outside the UK;
- Identity and Contact Data from introducers and other businesses that We have a trading relationship with where You have given them Your consent to pass Us your details.
- From publicly available sources such as the Electoral Register and Companies House based inside the UK.

What kind if data will we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about You which We have broadly grouped together follows:

Identity data: includes first name, maiden name, last name, marital status, title, date of birth,
gender, passport (copy), driving licence (copy) and utility bills (copy).

Contact Data: includes residential address, billing address, email address and telephone
numbers.

Financial Data: includes bank details, details of Your income and outgoings, net worth
statements.

Transaction Data: includes details about payments to and from You and other details of products
and services You have purchased from Us.

Marketing and Communications Data: includes Your preferences in receiving marketing from Us
and Our third parties and Your communication preferences.

Technical Data includes internet protocol (IP) address, Your login data, browser type and
version, time zone setting and location, browser plug-in types and versions, operating system
and platform, and other technology on the devices You use to access Our Services and
websites.

Profile Data: includes Your username and password, purchases or orders made by You, Your
interests, preferences, feedback and survey responses.

Usage Data: includes information about how You use Our website, products and services.

We will also collect Special Data with Your consent as described above – We will always notify You if the data We need is special category data.

How will We use Your personal data and Our purpose in collecting it
We will process Your personal data for the following reasons:

to facilitate the role of a credit broker in accordance with Our terms and conditions of business in trying to find Your choice of finance based on Your circumstances and financial aims;
to undertake credit checks for the purposes of finding finance products that suit Your circumstances;
to confirm Your affordability for the financial requirement We are seeking finance for;
to comply with Our anti-money laundering and know your client requirements; cyber security and to meet Our regulatory responsibilities;
to search liaise and inform lenders of Your personal application details to facilitate access to credit, to lodge applications for lending on Your behalf and to provide You with details of any credit backed offers received from lenders so You may consider if You want to proceed to complete such applications for credit.

Change of purpose

We will only use Your personal data for the purposes for which we collected it, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose. If You wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact Us.
If We need to use Your personal data for an unrelated purpose, We will notify You and We will explain the legal basis which allows Us to do so.
Please note that We may process Your personal data without Your knowledge or consent, where this is required or permitted by law.

Sharing information
We use data processors/joint controllers who are third parties who provide elements of services for Us. These include the following:

AFS Compliance Limited – store data on various systems but at all times operate a strict data protection regime.
AFS Compliance Limited is Our Principal Firm for regulatory compliance purposes and the party that grants Us Appointed Representative status. As such AFS Compliance Limited is a joint controller of Our customers personal data for the purpose of compliance oversight and Financial Conduct Authority (FCA) reporting purposes based in the UK Click here for AFS Compliance Limited Privacy Notice.
Synergy Commercial Finance Limited is Our Franchisor who provides Us access to Lenders and other services associated with Our Brokering activities. As such Synergy Commercial Finance Limited is a joint controller of Our customers personal data for the purpose of oversight and services such as invoicing and collection. Click here for Synergy Commercial Finance Limited Privacy Notice.
We operate as credit brokers and access a list of lenders in order to provide Our services forwarding your details to Your chosen lender. Each of those lenders operate as joint controllers/processors of the personal data We hold and share with them for the purpose of providing credit opportunities. A full list of Our lenders can be accessed here together with a link to their individual privacy notices which should be read carefully as these describes how such lenders use Your personal data. Click here for lender privacy notices.
We are also a Franchisee of the AFS Group. It may be that We contact another member of the Group and pass Your information to them as They specialise in providing services in respect of the type of finance You seek. In these circumstances We will be a joint controller of Your data in performing that role and also share your personal contact data with that network member for them to respond to Your request.
The lender may share Your personal information with Credit reference agencies such as Experian, credit safe and others acting as processors or joint controllers based in the UK/outside the UK for the purposes of ascertaining Your financial status.
We share personal data with Regulatory bodies such as The Financial Conduct Authority acting as processors or joint controllers based in the UK for the purposes of meeting Our regulatory obligations through Our Principal Firm.
Lenders may share personal data with Fraud prevention agencies acting as processors or joint controllers based in the UK where we are required to do so.
We share personal data with Third party product providers acting as processors or joint controllers based in the UK/outside the UK but only when You have given Us your prior consent to do so.

We will require all third parties We share data with to respect the security of Your personal data
and to treat it in accordance with the law. We have a Data Protection regime in place to oversee
the effective and secure processing of Your personal data.

Automated Decision Making by third parties
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. Whilst the Controller does not directly use automated decision making many of Our Lenders use auto scoring technology to underwrite deals. You will not be subject to decisions that will have a significant impact on You based solely on automated decision- making, unless the lender has a lawful basis for doing so. The lender must notify You when they do use this technology and secure Your consent directly.

How long we keep your personal and special data
We will retain all Customer Data for 6 years from the date of completion of a credit facility or from the date the customer file is closed if the customer does not proceed to complete a credit facility In some circumstances We may anonymise Your personal information so that it can no longer be associated with You for research or statistical purposes, in which case We may use such information indefinitely without further notice to You.

Links to other websites
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about You. We do not control these third-party websites and are not responsible for their privacy statements. When You leave Our website, We encourage You to read the privacy policy of every website You visit. Where We provide links to websites of other organisations this privacy notice does not cover how that organisation processes personal information.

Automated technologies or interactions
As you interact with Our website, We will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about You if You visit other websites employing our cookies. You can set your browser to refuse all or some browser cookies, or to alert You when websites set or access cookies. If You disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies We as Your controller under this privacy notice use please contact compliance@afsuk.com

Complaints
We work to the highest standards when it comes to processing your personal information.

However if you have queries or concerns please contact mike.geddes@afsuk.com

If wish to You can make a complaint to the ICO at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues

Information Commissioners Office
Wycliffe house
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline: 03031231113

ICO website www.ico.org.uk

Children’s information
We do not provide services directly to children or proactively collect their personal information.

What happens if I don’t provide my personal data?
Where We need to collect personal data by law, or under the terms of a contract We have with You and You fail to provide that data when requested, We may not be able to perform the contract We have or are trying to enter into with You (for example, to provide You with services). In this case, We may have to cancel service You have with Us but we will notify you if this is the case at the time.

Data security
We have put in place appropriate security measures to prevent Your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to Your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on Our instructions and they are subject to a duty of confidentiality. For further information on Our security policy please contact compliance@afsuk.com

We have put in place procedures to deal with any suspected personal data breach and will notify
You and any applicable regulator of a breach where We are legally required to do so.

What are Your general data rights?
Under certain circumstances, by law You have the right to:

Request access to Your personal information (commonly known as a "data subject access request"). This enables You to receive a copy of the personal information We hold about You and to check that We are lawfully processing it;
Request correction of the personal information that We hold about You. This enables You to have any incomplete or inaccurate information We hold about You corrected;
Request erasure of Your personal information. This enables You to ask Us to delete or remove personal information where there is no good reason for Us continuing to process it. You also have the right to ask Us to delete or remove Your personal information where You have exercised Your right to object to processing (see below), where We may have processed Your information unlawfully, or where We are required to erase Your personal data to comply with local law. Note, however, that We may not always be able to comply with Your request of erasure for specific legal reasons which will be notified to You, if applicable, at the time of your request;
Object to processing of Your personal information where We are relying on a legitimate interest (or those of a third party) and there is something about Your particular situation which makes You want to object to processing on this ground as You feel it impacts on your fundamental rights and freedoms. You also have the right to object where We are processing Your personal information for direct marketing purposes. In some cases, We may demonstrate that We have compelling legitimate grounds to process Your information which override Your rights and freedoms;
Request the restriction of processing of Your personal information. This enables You to ask Us to suspend the processing of personal information about You, for example if You want Us to establish its accuracy or the reason for processing it or where You need us to hold the data even if We no longer require it as You need it to establish, exercise or defend legal claims or You have objected to Our use of Your data but We need to verify whether We have overriding legitimate grounds to use it;
Request the transfer of Your personal information to another party. We will provide to You, or a third party You have chosen, Your personal data in a structured, commonly used, machine-readable format. Note that this right only applied to automated information which You will initially provided consent for Us to use or where We used the information to perform a contract with You;
Withdraw consent: In the limited circumstances where You may have provided Your consent to the collection, processing and transfer of Your personal information for a specific purpose, You have the right to withdraw Your consent for that specific processing at any time. To withdraw your consent, please contact gdpr@afsuk.com. Once We have received notification that You have withdrawn Your consent, We will no longer process Your information for the purpose or purposes You originally agreed to, unless We have another legitimate basis for doing so in law.

If You want to review, verify, correct or request erasure of Your personal information, object to the processing of Your personal data, or request that We transfer a copy of Your personal information to another party, please contact compliance@afsuk.com.

You will not have to pay a fee to access Your personal information (or to exercise any of the other rights). However, We may charge a reasonable fee if Your request for access is clearly unfounded or excessive. Alternatively, We may refuse to comply with the request in such circumstances.

We may need to request specific information from You to help us confirm Your identity and ensure Your right to access the information (or to exercise any of Your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

We try to respond to all legitimate requests within one month. Occasionally it could take Us longer than a month if what You require is particularly complex or You have made a number of requests. In this case, We will notify You and keep You updated.

Changes to the privacy notice and your duty to inform us of changes
We keep Our privacy notice under regular review. The last review was November 2022

It is important that the personal data We hold about You is accurate and current. Please keep Us
informed if Your personal data changes during Your relationship with Us.

Lawful basis for processing as applied by the Controller under this privacy notice
We will only use Your personal data when the law allows Us to. Most commonly, We will use
Your personal data in the following circumstances:

Consent: You have given clear consent for Us to process Your personal or special data for a
specific purpose. For example for the purposes of Us providing Our services to You.

Contract: when You have signed our terms and conditions of business and necessary to the
performance of that contract and when You have asked Us to take specific steps before entering
into a contract.

Legal obligation: the processing is necessary for Us to comply with the law (not including
contractual obligations). This can be any legislative requirement or any FCA conduct rule when
providing regulated services.

Public task: the processing is necessary for Us to perform a task in the public interest or for Our
official functions, and the task or function has a clear basis in law.

Legitimate interests: the interest of Our business in conducting and managing Our business to
enable Us to provide You with brokerage services and suitable products in a secure
environment. We make sure We consider and balance any potential impact on You (both positive
and negative) and Your rights before We process Your personal data for Our legitimate interests.
We do not Use Your personal data for activities where Our interests are overridden by the
impact on You (unless We have your consent or are otherwise required by law).

When processing Your data We will;

process it fairly, lawfully and in a clear, transparent way in accordance with specific legitimate purposes.
collect Your data only for reasons that We find proper for the purposes of providing credit broking services in ways that have been explained to You.
keep Your data for only as long as We need it.
process it in a way that ensures it will not be lost or destroyed or used for anything that You are not aware of or have not consented to (as appropriate).
Process it to secure the best quality of service and where You have agreed through customer surveys to assist in improving services.

SCHEDULE 1 – PROCESSING ACTIVITIES AND LAWFUL BASIS FOR PROCESSING
Purpose /Activity Type of Data Lawful Basis of Processing

PRIVACY NOTICE

PRIVACY
NOTICE