Privacy notice

Your privacy matters to us and we ensure that we comply with the General Data Protection Regulation and Data Protection Act 2018 when storing or processing your data.

It’s important to us that you understand which data we collect, and how we use it, so that you can make informed decisions about providing your data to us. This privacy notice (also sometimes referred to as a “Fair Processing Notice”) has been written to help you to do that.

In this notice “we” and “us” refers to the Liberis Limited and its respective subsidiary and/or affiliated group companies. Liberis Limited is the data controller for the purpose of the General Data Protection Regulation and Data Protection Act 2018. We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this Privacy Notice. You can find details of our registered address, as well as how to contact our Data Protection Officer with questions regarding data protection or privacy, at the end of this notice.

As Liberis Limited is based in the United Kingdom, we have appointed Liberis Sweden AB (company number 559205-5494) to be our representative within the EEA. Their contact details are Birger Jarlsgatan 18, 114 34 Stockholm or contact them by emailing dataprotection@liberis.co.uk.
Many of the individuals about whom we collect personal data provide it to us as representatives of a company or other legal entity that they own or that they are engaged by. References to “your business”, “your account”, “your application”, “your enquiry” and other similar terms below, are deemed to include references to the business, account, application or enquiry of the entity that you represent, as applicable.

This notice is for data that Liberis processes. For specific information on how Worldpay processes personal information online and how it affects you, please see Worldpay’s privacy notice.
The data we collect

You’re free to browse our website without providing us with any personal information. Please review our Cookies Policy here.

Data we collect, and how we use it

Our lawful basis and purposes for processing your data
We always ensure that we have a fair and legal basis for processing your data. Below we have set out our lawful bases for processing your data at various stages in your journey with us, alongside our purposes for processing your data. Where we are relying on our legitimate interests to process your data, the purposes for processing set out below are our identified legitimate interests. You can find out more about the various lawful bases for processing on the ICO website, https://ico.org.uk/, if this terminology is unclear.

We request that where possible you do not provide us with special category / sensitive data (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning health, sex life or sexual orientation, or data relating to criminal convictions or offences). If we do receive such information, we endeavour to delete it where possible.

Data you provide directly to us

Categories of Data

Lawful Bases

Purposes of Processing

Your business name

(depending on the size of the business, this may not be personal data)

Legitimate interest

Our products are for businesses, not individuals, and so this is the most important piece of information for us. We’ll need this to provide you with an accurate quote, to provide you with a contract, and to make sure we can contact you regarding the products or services you express an interest in. If you don’t complete your application online, we’ll try to reach you to see if you need any further help, and we’ll offer you the opportunity not to be contacted again.

Information regarding the industry or sector in which your business operates

(depending on the size of the business, this may not be personal data)

Legitimate interest

We will use information regarding the sector your business operates in to help us understand your business and the way it operates and evaluate your application, as well as to ensure that we offer our products and services responsibly. We may also use this information to ensure we offer you the most appropriate pricing for your business. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Details about your business’ financial revenues.

(depending on the size of the business, this may not be personal data)

Performance of a contract with the data subject (if you are an individual), or legitimate interest (if you are a business) We’ll use your revenue to help, evaluate your application, and to decide on the right amount or pricing that we should offer to you. We may also use this information for the purposes of learning for the evaluation of other applications in future.

If we enter into a contract with you and/or your business for one of our products, we may need this information to perform that contract

Personal information of directors/shareholders/Persons of Significant Control of your Limited company or, in the case of sole traders and partnerships, the proprietor(s) of your business:

Name

Address

Date of birth

Home ownership

Identity documents

Legitimate interest We’ll use this information to undertake checks for the purposes of evaluating your application, preventing fraud and money laundering, and to verify the identity of your business’ directors before we provide any products or services to your business. We may also use this information for the purposes of learning for the evaluation of other applications in future.

If you provide us with personal information relating to a third party, you must notify them about this and direct them to read this Privacy Notice.

We’ll also use the address you’ve provided to us to contact you via post for any matters relating to an application for our products in respect of the business or for the performance of the resulting contract that we enter into with you and/or your business. We may write to you in future with offers for similar products provided by us.

Email address

Legitimate interest

We’ll ask you for your email address so that we may provide you with a link to electronically sign your contract with us. We may also use your email address to keep you updated regarding the status of your application and/or contract. If you do not complete your application having provided us with your email address, we may contact you to try and assist you with completing the application process and also to send you monthly statements should you take out one of our products.
Business phone number

Legitimate interest

We’ll use the phone number that you provide to contact you regarding your application, and if you do not complete your application having provided us with your phone number we may contact you to try and assist you with completing the application process.

We may use your phone number to contact you about the performance of any contracts that we enter into with you or your business.

Intended use of funds

Legitimate interest

We need to record and assess your intended use of funds for the purposes of preventing fraud, money laundering and crime. We may also use details regarding your intended use of funds to aid in evaluating your application. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Bank account details

Performance of a contract with the data subject (if you are an individual), or legitimate interest (if you are a business) We will need your bank account details in order to provide you with funds. We may also ask you for additional documentation regarding your bank account so that we can verify your ownership of the account, and to verify your identity
Bank Statements

Legitimate interest

We may ask you for copies of bank statements during your application process to help us verify your business’ revenues, and to evaluate your application. We may also use this information for the purposes of learning for the evaluation of other applications in future
Open Banking authorisation

Legitimate interest

We may ask you for an electronic authorisation to connect to your bank and retrieve information using Open Banking. We will use this information during your application process to help us verify your business’ revenues and to evaluate your application.
VAT information

Legitimate interest

We may request that you provide us with an up to date statement of your VAT returns. We will use this information to help us evaluate your application. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Publicly Accessible Information

Legitimate interest

We may review information regarding your business and its directors that is freely available in the public domain; for example, media coverage, your public website and business social media accounts, and any industry specific review or registration information. We will use this information to help us evaluate your application and for verifying your identity. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Additional information

Whilst we have made every endeavour to provide an explicit list of all the data that we will collect, depending on the circumstances of your business we may from time to time request additional information from you during our processing of your application that are unique to your circumstances. Should we require additional information from you, we will inform you of the type and purpose of this at the time.
Suppliers: name and business contact details (email address, phone number Legitimate interests

We may use this information in order to evaluate your application. We may also use this information for the purposes of learning for the evaluation of other applications in future.

Data we collect indirectly or from third parties

We collect a variety of data about you from third parties. This includes the data listed below and may include other data that we notify you about from time to time.

Categories of Data Source of Data Lawful bases Purpose of Processing
Credit history. Identity details. Regulated credit bureaux, such as Equifax or Experian Legitimate interest We use this information to understand whether our products are suitable for you and your business, to evaluate your application, and to verify the identities of your business’ directors. We may also use this information for the purposes of learning for the evaluation of other applications in future.
In both cases relating to you, your business, and its directors
Financial transaction details that have been processed through your card terminal from your processor Your payment processor Legitimate interest We use this to verify the affordability of our products for you or your business, to evaluate your application and decide on the right price to offer you, and to provide you with an estimate of the duration of repayments.  We may also use this information for the purposes of learning for the evaluation of other applications in future.
If contract with us for one of our products, we will use this information to perform the contract.
Various data Fraud prevention agencies Legitimate interest We will use this for the prevention of fraud and money laundering. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Company registration information, and published accounts Companies House Legitimate interest We will use this to verify that your business is correctly registered, and to help with our underwriting checks by reviewing your published accounts.  This information is part of a public record. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Technical information regarding your device The device that you use to access our website Legitimate interest We will collect technical information during your visit to this website to help us detect and resolve problems on our website. This information includes such information as your IP address, browser (including its version), and the type of device that you are using.
Landlord References Previous or existing business landlords Legitimate interest We will use these references to verify that you and your business do not have outstanding liabilities or other concerns that would affect your eligibility for our products. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Land Registration Details Land Registry  Legitimate interest We will use this information to help identify your, and your business’, current assets when reviewing your eligibility for our products. This information is part of a public record. This applies to England, Wales and Scotland.
Other publicly available information Various websites (e.g. search engines, rating sites) Legitimate interest We will use this information to help make informed decisions when reviewing your eligibility for our products. We may also use this information for the purposes of learning for the evaluation of other applications in future.

Sharing data with third parties

In the process of providing you with a quote, in reviewing your application for one of our products, and in performing the contracts that we enter into with you, we may share your data with third parties. Details of these third parties are below. We will only share data with third parties where it is lawful for us to do so.

• We may share your details with Credit Reference Agencies if you apply for one of our products. This data will be used in accordance with the Small and Medium Sized Business (Credit Information) Regulations 2015 and Small Business Enterprise and Employment Act 2015. Should you require further information regarding the use of data by Credit Reference Agencies in the UK, they have provided a shared document regarding their use of personal data – you can find it here: https://www.equifax.co.uk/crain.html
• We may share details of any breach of the terms of your agreement with us with credit reference agencies. In the case of a limited liability entity, we may report the directors and/ or shareholders and/or guarantors of such entity with credit reference agencies concerning any breach of the terms of your agreement with us.
• We share your data with Facebook so that we can create custom audiences for advertising campaigns. Facebook also process your data to measure the performance of advertising campaigns
• We use Sagepay and Go Cardless to store and process payment details only
• In the event of payment default, we may send your details to Azzurro (UK) who will represent us in collecting any outstanding debts.
• We hold customer data on the Salesforce Cloud platform. Salesforce do not use or look at your data, but their servers do hold the data.
• We hold customer data on the Microsoft Azure Cloud platform. Microsoft do not use or look at your data, but their servers do hold the data.
• We will share your information with Fraud Prevention agencies, and we (or they) may also allow law enforcement agencies to access and use this personal data to detect, investigate, and prevent crime.
• If your details were provided to us by a third party (such as a financial broker, or via a referral website) then we may provide updates regarding the status of your application back to them.
• If our business (or the majority of our company assets) is acquired by another party, your information will be part of the transfer of assets.
• If we sell or buy any business or assets, we may share your data with the prospective buyer or seller.
• Where we engage with third parties for the purposes of raising investment, we may provide data on a strictly need-to-know basis for due diligence purposes.
• We share your business name and contact details with other organisations that may offer you services of interest to you – but only if you explicitly provide us with permission to do so.
• We may share your data with other Liberis group companies for the purposes of managing your account.

We also disclose your data in the following circumstances:

Service Providers

We work with various third-party service providers:

• We share your information with payment processors that process financial transactions on your behalf.
• We use cloud computing providers to store your data, and to help us process your application efficiently.
• We may use third parties (e.g. mailing houses) to send you marketing or account information on our behalf. To do this we would need to provide them with your name and address or email address at a minimum.
• We use a third-party help and support system to help us respond to your questions quickly when you’re using our website, your data are shared here only when you request assistance.
• We may use third party contact centres to help us contact you by phone, and we would need to pass your information to them to enable them to reach you. They will additionally record the information that you provide to them and pass it back to us.
• We may use third party operational fulfilment centres to process some parts of your application.
• We use cloud based electronic signature providers during our application process, we will provide all details required to produce your contract to these providers in order to provide you with this service.
• We use a service provider who provides multi-touch attribution reporting and other services for us. This third party may have access to, or process Personal Data or Client Data as part of providing those services for us.

We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.

Information outside of the EEA

Liberis is an international company with operations in and outside of the EU and EEA and we use service providers in locations based outside of the EEA. If we transfer your information to a service provider in one of these locations, we will take steps to ensure your data and rights are protected through methods approved within the relevant Data Privacy laws. Please contact us if you would like further information about how we protect your information, please contact us at dataprotection@liberis.co.uk

Non-Personally Identifiable Information

We may make non-personally identifiable information available to third parties for various purposes. This data maybe automatically collected and would be analysed to create an aggregated view of the data, ensure the reported information was anonymous.

We may also disclose information to third parties if you consent to us doing so.

Retention of your data

We’ll keep your data only for as long as we need to – that time period may be different in different circumstances. Here are our most common scenarios:

We’ll keep records of any financial transactions, and details regarding the information that you provided to us while making an application for one of our products, for a minimum of 6 years from the end of our relationship with you. We need to do this so that we can respond to any complaints or disputes.

We’ll keep the information that’s needed to provide you with the service that you’ve requested for as long as it takes us to provide the services and for 7 years from termination of the contract for provision of the services.

If you’ve asked us not to use your details for marketing purposes, we will need to keep some details to make sure our systems and processes reflect your preferences. We will implement your opt-out request as quickly as possible. However, you may receive emails for up to 30 days, or marketing by post for up to 60 days, following your opt-out request. This is because our marketing campaigns are usually prepared about a month in advance, and it is often not feasible to remove an individual’s details after this point.

In addition, we will retain any data about you which we need in order to comply with our legal obligations (for example applicable UK tax law).

Consequences of processing

Should you choose not to provide us with your personal data, we will not be able to assess your eligibility for one of our products, and we will be unable to enter into a contract with you.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us – you’ll find all of our details in the “Contacting us” section of this notice.

Your rights

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

• access to your personal data and to certain other supplementary information that this Policy is already designed to address
• require Us to correct any mistakes in your information which We hold
• require the erasure of personal data concerning you in certain situations
• receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
• object at any time to processing of personal data concerning you for direct marketing
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• object in certain other situations to our continued processing of your personal data
• otherwise restrict our processing of your personal data in certain circumstances
• where consent is our lawful basis for processing your personal data, withdraw such consent
• claim compensation for damages caused by our breach of any data protection laws.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the General Data Protection Regulation.

Automated decisions

As part of the processing of your personal data, decisions may be made by automated means.

We may automatically decide that you pose a fraud or money laundering risk or if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity.

We make automated decisions based on the information that you provide, and that we gather from third parties, as part of your application to determine your financial profile. We may use automated decisions to provide you with a price reflecting your profile. The outcome of these automated decisions may mean that we do not approve your application for one of our products, or that our pricing is adjusted based on the information we have.

These automated decisions use a statistical process based on your historical transactions (details you have provided) and historical credit performance as a business and as an owner of a business (details you have provided and/or publicly available information). If you are an existing customer, the automated decisions will also take into account your performance of previous/current contractual obligations.

You have the right to request manual decision making in place of automated decision masking however this may mean we are unable to offer you are products. If you would like more information in relation to automated decision making: if you want to know more please contact us at dataprotection@liberis.co.uk.

International data transfers

Whenever we, or anyone we share your data with, transfer your personal data outside of the United Kingdom or European Economic Area, we impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. We may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

Data security

The security of your information is important to us and we will do our best to protect your data.

Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk.

Once you provide the information to us, we store this information on our secure servers, and we have implemented reasonable administrative, technical, and physical security measures to protect against the unauthorised access, destruction or alteration of your information based on its sensitivity.

Our use of cookies

We use cookies to help provide you a great experience when using our website. A cookie is a small text file that is stored on your computer (or whichever device you use to access this website) that is unique to you, to help us tell you apart from other visitors when you move between pages, or when you come back. Details of our Cookies Policy can be found here.

Children

Our products are not for children and to qualify, you must be over eighteen (18) years of age. You must make sure the details provided by you on registration or at any time are correct and complete. You must inform us immediately of any changes to the information that you provided when registering by updating your personal details.

Changes to this privacy notice

We may amend this notice from time to time; should amendments be made they will be posted to our website. This privacy notice was last updated19/05/2020.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or by telephone at 0303 123 1113.

The supervisory authority in Sweden is the Datainspektionen who may be contacted at https://www.datainspektionen.se/kontakta-oss/ or by telephone at (+46) 86576100.

Contacting us

Should you wish to contact us with any questions or concerns you may have regarding our privacy notice, to request any amendments to the data we hold about you, or to exercise any of your other rights listed in this notice, you can contact our Data Protection Officer using any of the following methods:

Email

You can contact our Data Protection Officer via email using the following address: dataprotection@liberis.co.uk

Phone
You can call our Data Protection Officer using this number: 0441276 944512

Post
You can write to our Data Protection Officer at the following address:

Data Protection
Liberis Ltd
Scale Space Building 1st Floor
58 Wood Lane
London
W12 7RZ