Privacy Policy

What we use your personal information for

Type of Information collected

Legal Basis for Processing

To manage your account with us and communicate effectively with you and conduct our business. 

• To notify you about changes to our services and products

• To carry out our obligations arising from any agreements entered into between you and us

Personal details such as

• Identity

• Contact

• Business information 

• Performance of a contract with you

To enable us to perform our obligations, provide our services to you and keep you informed.

To verify that your details are correct when assessing your application.  We cross check your information against resources such as:

• Companies House 

• Postcode confirmation services

• Data Validation services, to confirm bank account and contact details

• The Electoral Roll, to confirm your address

The purpose of these checks is to prevent inconsistencies, and where we cannot confirm your details based on the information you initially provide us, we will request further documentation. For example, copies of identification documents or bank statements.

Personal details such as

• Identity

• Contact

• Business information

• Performance of a contract with you

• Necessary for our legitimate interests

To enable us to verify your information.

To assess applications for credit. 

Whether you make an application for credit in your personal capacity, as the ultimate owner of a company, or through an enterprise, we will use your personal data for the purpose of assessing eligibility and affordability. To do this, we may:

• Undertake checks against PEP (Politically Exposed Persons), adverse media checks where your details are included, and sanctions and AML (Anti Money Laundering) databases

• Utilise credit reporting agencies (CRA’s) and credit data providers to undertake credit and identity checks on you and/or your business

• CRAs will supply to us both public (including the electoral register) and shared credit, financial status and financial history information and fraud prevention information.

• Utilise third party databases to assist with assessing your affordability for a credit facility

• Use third party tools to categorise your personal and financial data to help with underwriting assessments

We will then combine the personal information you have provided to us either directly or through a link to your banking data with the results of these checks to assess the following:

• Your creditworthiness and whether you can afford to take the product

• Verify the accuracy of the data you have provided to us

• Prevent criminal activity, fraud and money laundering

• Manage your account(s)

• Trace and recover debts

• Ensure any offers provided to you are appropriate to your circumstances.

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not pay the minimum contractual repayments on time, we will report the outstanding debt to CRAs, who will record this on your business credit file, and personal credit file where a Personal Guarantee is in place. We may also inform CRAs if you do not pay the minimum contractual repayments on time and enter an Arrangement to Pay. This information may be supplied to other organisations by CRAs.

When CRAs receive a search from us, depending on the type of search, they may place a hard inquiry on your credit file that may be seen by other lenders.

If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

Where we have not been able to provide you with a credit facility at the point of application, we may refresh these checks on a periodic basis, for a period of up to 12 months, in the interest of attempting to provide you with an approval.

Personal details such as

• Identity

• Contact

• Business information

• Financial 

• Criminal 

• Performance of a contract with you 

To enable us to assess your eligibility and affordability prior to entering into a contract with you and potentially issuing credit.

• Substantial public interest (fraud prevention and Preventing or detecting unlawful acts) 

In relation to fraud/crime prevention:

• Before we provide our services to you, we undertake checks for the purposes of preventing fraud and money laundering and to verify your identity. These checks require us to process personal data about you.

• Your information will be used to prevent fraud and money laundering, and to verify your identity.

• We, fraud prevention and debt collection agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

• If fraud is detected, you could be refused finance, or your existing facility may be frozen, pending investigation.

• Once credit has been facilitated, we also undertake continuing checks to combat fraud. This means we may decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. This process may result in your facility being withdrawn or you not being able to complete a purchase using your Capital on Tap card

• We also undertake ongoing monitoring of your use of our Website and your transactions, for fraud detection or crime prevention purposes.

• A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you.

Personal details such as

• Identity

• Contact

• Business information

• Financial 

• Criminal 

• Legal obligation (to prevent and detect crime)

• Substantial public interest (fraud prevention).

To undertake continuing checks and monitoring

• To monitor queries and transactions to ensure service quality and compliance with procedures.

• Where we have offered you a credit facility, we will continue to check against your credit report, PEP, sanctions and/or anti-money-laundering databases on a periodic basis. This is to ensure whether the current level of lending remains appropriate and/or whether we may be able to offer you further credit. Where you have applied for a facility and been declined, we may also re-assess your credit score in the twelve-month period following your application to check whether we are subsequently able to offer you credit based on new information.

• In a small number of cases, where there has been a decline in our appraisal of your credit we may reduce the credit offering accordingly. In the event of a significant default, we may freeze or withdraw the credit facility to prevent any further borrowing and you will be informed.

Transaction Authorisation and Monitoring

• Where you request to draw down money into a bank account from your Capital on Tap account or submit a payment request using your Capital on Tap card, checks will be done including on your available balance to ensure that sufficient funds are available before authorising the transaction. We reserve the right to restrict or decline drawdowns or transactions where it is deemed that the request does not fit the permitted usage as defined in your Terms and Conditions. These checks include fraud and financial crime.

• The transaction authorisation and monitoring processes conducted by and our processing partner may result in you not being able to complete a payment or may result in us requesting additional information from you before allowing the payment to be completed.

Personal details such as

• Identity

• Contact

• Business information

• Financial 

• Criminal 

• Biometric

• Legal obligation (to prevent and detect crime)

• Performance of a contract with you (to ensure the quality of services)

• legitimate interests (to ensure that you fall within our acceptable risk profile)

• Substantial Public Interest (fraud prevention). 

Profiling and Automated Decision Making

Our credit approval process relies on automated analysis of personal information provided by you in the application process, alongside that received from credit referencing agencies and fraud prevention agencies, to make the following decisions:

• Eligibility – whether it is appropriate to offer you a credit facility

• Affordability – the maximum value of the credit facility (i.e., the credit limit)

• The term of the credit facility.

We try to make lending decisions as quickly as possible. This is how our use of automated processing benefits our customers. However, in some circumstances, automated decisions are not appropriate. For example, you may have a credit history that does not squarely meet our criteria, and, where combined with other factors that improve your eligibility, may warrant further consideration. In these instances, we refer your application to an underwriter. The underwriter will undertake an objective review of your application and the automated decision may be revised in the event that the underwriter considers that lending may be appropriate.

We may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity.

Personal details such as:

• Identity

• Contact

• Business information

• Financial 

• Criminal 

• Performance of a contract with you (assessing eligibility for a credit agreement)

• Substantial public interest (fraud prevention)

We use third party providers for the following:

Collect repayments 

• We will generally collect credit repayments directly from you via direct debit. We use third party service providers to process your direct debit payments.

Card services 

• Process transactions; and

• Manufacture our cards

Collections

• We may use third party providers to collect credit repayments directly from you via direct debit. This is in order to:

• Help us recover debt; and

• Recover the debt on our behalf

• Provide you with debt advice

Payment Services 

• Process payment of Direct Debits;

• Process payment by Debit Cards; and

• Process payments made into customer bank accounts

Data Validation

• To verify customer details

• To verify business details

• Supply bank detail validation.

Brokers and partners

• Refer us potential customers;

• Partner with us as part of our enterprise solution; and

• Integrate accountancy software platforms used by those applying for, and using our products

Rewards and offers

• We use third-party providers to fulfill optional benefits like rewards and prizes

Personal details such as

• Identity

• Contact

• Business information

• Financial 

• Performance of a contract with you (to recover sums owed to us in accordance with our agreement with you).

• Consent or Legitimate Interests (to offer you products and services that may be of interest to you)

To provide you with marketing materials:

• To provide you with updates and offers, where you have chosen to receive these. 

• We may also use your information for marketing products and services to you by post, email, SMS or phone.

Personal details such as

• Identity

• Contact

• Business information

• Legitimate interests (to offer you products and services that may be of interest to you). 

• Consent (We will provide an option to unsubscribe or opt-out of further communication)

Call recordings

We may record your telephone call for quality and monitoring purposes

Personal details such as

• Identity

• Contact

• Business information

• Special Category data

• Performance of contract (to provide quality of service and investigate complaints)

• Substantial Public Interest -Safeguarding of economic well-being of certain individuals  (where processing special category data)

For research and development purposes:

• To analyse your personal information and usage of our products and services in order to better understand your requirements, to better understand our business and develop our products and services. 

• We may also share your information with social media providers, exclusively for purposes of market research, and only where you have provided consent to that social media provider to assist us with this research

Personal details such as

• Identity

• Contact

• Business information

• Legitimate interests (to enable us to improve our services, products and business)

• Consent (where sharing with social media providers)

Engagement with Enterprise Partners and third-party applications:

• If you are provided with a Capital on Tap Visa Card in collaboration with one of our Enterprise Partners or have allowed a third-party service or application to interact with your account (for example accounting software applications or services which integrate with your account), we may share your credit decision, card transaction and usage data with that Enterprise Partner or a third-party provider. 

• We will make clear in your contract if your Capital on Tap Visa Card was issued in collaboration with one of our Enterprise Partners and we only integrate with third-party applications where you have specifically authorised us to do so. We have no control over and take no responsibility for the privacy practices or content of our Enterprise Partners or third party providers. 

• You are responsible for checking the privacy policy of any such Enterprise Partners or third parties so that you can be informed of how they will handle personal information.

Personal details such as

• Identity

• Contact

• Business information

• Financial 

• Performance of a contract with you (to allow us to deliver the features and enhancements associated with your account, as stated in our contract with you. You can find out more at: https://www.capitalontap.com/en/faq)

Assignment of your debt:

• Where a credit facility has been granted, we may assign our rights and responsibilities under our agreement with you (the Running Account Credit Agreement) or the entity you represent, by means of an equitable assignment. This process is an important method to enable us to raise finance.

• Where such an assignment is made, it will not adversely affect your rights under your agreement with us and your relationship will remain with us, as opposed to the assignee. It will not impact our processing of your personal data, although anonymised information relating to your credit facility will be provided to the assignee, rating agencies, securitisation data repositories and financiers.

• In some  circumstances, we may need to assign the debt in its entirety to the assignee, in which case the assignee will receive your personal information for the same purposes as we use it for.

Personal details such as

• Identity

• Contact

• Business information

• Financial

• Special Category Data

• Legitimate interests (to enable us to raise finance); 

• Contract performance (in relation to assignment).

• Legal Obligation 

• Substantial Public Interest

To reorganise or make changes to our business:

In the event that we: 

• Are subject to negotiations for the sale or merger of our business or part thereof to a third party

• Are sold to a third party

• Undergo a re-organisation, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. 

• We may also need to transfer your personal information to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy.

• In some (very rare) circumstances, this could include assignment of your debt to another organisation. In this instance, you would be informed of the identity of the assignee and a new privacy policy would be provided to you, identifying the assignee and providing you with updated information relating to the processing of your personal data.

Personal details such as

• Identity

• Contact

• Business information

• Financial

• Special Category Data (for example vulnerabilities and reasonable adjustments)

• Performance of a contract with you (in relation to assignment)

• legitimate interests (in order to allow us to change our business)

• Substantial Public Interest - Safeguarding of economic well-being of certain individuals, and legal obligation (obtained when processing special category data related for vulnerable customers)

In connection with legal or regulatory obligations

We may process your personal information to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or were compelled to do so.

Personal details such as

• Identity

• Contact

• Business information

• Financial

• legal obligations

• legal claims

To cooperate with law enforcement and regulatory authorities.

For marketing our products and services:

We obtain marketing data from third-party providers. We use this data to send direct marketing communications by mail, email or phone. If your business is included in this data it may also include your name and contact details. If we communicate with you via direct marketing you can choose to opt-out of any further communications.

Personal details such as

• Identity

• Contact

• Business information

• Legitimate interests (to offer you products and services that may be of interest to you)

Security Monitoring

We may indirectly /directly access your information for cyber security monitoring purposes – to ensure the protection of your personal data by monitoring cyber security threats.

Personal details such as:

• Identity

• Contact

• Special Category data / Biometric data

• Legal obligation (to comply with GDPR security obligations and cyber security laws)

• Legitimate Interest (legitimate interest in protecting their networks, systems, and data from cyber threats, fraud, and security incidents)

• Defence of a legal claim

• Substantial public interest - Detecting or preventing unlawful acts

Accessibility and Reasonable Adjustments 

We may process sensitive information for the following reasons:

• To accommodate accessibility requirements

• For vulnerable customers to make reasonable adjustments and provide necessary support.

• Video call recordings - as a reasonable adjustment

• Processing sensitive data in an emergency circumstance 

Personal details such as:

• Special Category data

• Identity

• Contact

• Performance of contract (in order to provide a service to you)

• Legitimate Interest 

• Substantial Public Interest- Safeguarding of economic well-being of certain individuals  (when recording sensitive data for reasonable adjustments)

• Legal Obligation and Substantial Public Interest- regulatory requirements   (when sharing sensitive data on your account to a third party provider for debt recovery)

• Vital Interests  (when processing data in an emergency circumstance in order to protect an individual's life)

Incomplete Applications

When you apply for our credit card or a savings account and do not complete your application, we may store the information you have provided for up to 12 months. This allows us to assist you in resuming your application if you choose to continue. During this period, we may also send you reminder emails about your incomplete application. You can opt out of these reminders at any time by following the unsubscribe link in the email or contacting our customer support team.

Personal details such as

• Identity

• Contact

• Business information

• Legitimate Interests (to assist applicants in completing their application and to improve customer experience) 

• Performance of contract (If the applicant has taken steps to enter into a credit agreement, storing their data temporarily is necessary to facilitate the completion of the contract)

Use of AI Tools

We may use trusted artificial intelligence (AI) tools to help process your personal data, such as for analysis, communication, or service improvement. 

• Identity

• Contact

• Business information

• Special Category data 

• Legitimate Interest (in order to provide an improved service to you)

• Substantial Public Interest- Safeguarding of economic well-being of certain individuals