1. Privacy Policy

1.1    We at Capital on Tap (Capital on Tap, we/us/our) are committed to safeguarding the privacy of our customers and users together with directors, members, guarantors, partners and other connected persons of such customers and users, (you/your) who visit our website at https://www.capitalontap.com (the Website) and use our services (the Services). This privacy policy (the Privacy Policy) sets out our personal information collection and sharing practices for our Website and in the course of the provision of our services generally. It is intended to inform you of the ways in which we collect personal information, the uses of that personal information and the ways in which we will share any personal information you choose to provide to us.

1.2   Please read this privacy policy carefully. By submitting your details and registering with us, you confirm that you have read and understood this privacy policy in its entirety.

1.3   If you are an existing customer of ours, further details about how we use your personal information is set out in your Running Account Credit Agreement. Further notices highlighting certain uses we wish to make of your personal information together with the ability to opt-in or out of selected uses may also be provided when we collect personal information from you.

1.4   Our Website may contain links to other third party websites and third-party websites may link you to us. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal information. Please check these policies before you submit any personal information to such third party websites.

1.5   This Privacy Policy is intended to explain our privacy practices and covers the following areas :


2. Who we are

2.1   Capital on Tap is the trading name of New Wave Capital (company number 07959823, registered office No.1 London Bridge, London, England, SE1 9BG).


3. Information we may collect about you

3.1   We will collect and process all or some of the following personal information about you:

(a) Information you provide to us ► personal information that you provide to us (or is provided to us by third parties (for example, a broker, through an integration with your bank or accounting software or from another authorised third party)), such as when using the application form on our Website, including your name, email address, financial transaction history (whether in relation to your account with us or your account with a third party e.g. in the form of a bank statement), and other contact details. Personal information may also include sensitive information that data protection laws call 'special category data' (such as information concerning your health or biometric data).

(b) Credit and Anti-Fraud information ► information relating to your financial situation, your creditworthiness or any criminal or fraudulent activities provided to us by you or third parties, including information which establishes your identity, such as driving licences, passports and utility bills; information about transactions, credit ratings from credit reference agencies; fraud, offences, suspicious transactions, politically exposed person and sanctions lists where your details are included.

(c) Your transactions ► details of transactions you carry out through our Website or through other channels and of the fulfilment of the services we provide. This will include card transaction and usage data that we collect when you use your Capital on Tap Visa Card, and drawdown dates, values and bank account information where applicable. It will also include any transaction and/or accounting data provided to us where you allow us to access this information through integration with your accounting software or through a third party supplier;

(d) Our correspondence ► if you contact us, we will typically keep a record of that correspondence. This may include telephone calls, which we record to assist us in training our staff and undertaking quality checks;

(e) Data from third parties ► From time to time we obtain details of potential customers from our partner organisations, which we use to provide marketing services to those individuals, to advise of our service offering. We may also receive some personal data from you in the course of undertaking our credit reference and fraud prevention checks described at paragraph (b) above;

(f) Survey information ► we may also ask you to complete surveys that we use for research purposes. In such circumstances we shall collect the information provided in the completed survey; and

(g) Website and communication usage ► details of your visits to our Website and information collected through cookies and other tracking technologies including, but not limited to, your IP address, domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.


4. Uses made of your personal information

4.1   In this section, we set out the purposes for which we use personal information that we collect via our Website and elsewhere and, in compliance with our obligations under European law, identify the “legal grounds” on which we rely to process the information.

4.2   These “legal grounds” are set out in European Data Protection Law, which allows companies to process personal data only when the processing is permitted by the specific “legal grounds” set out in law (the full description of each of these grounds can be found here.

4.3   Please note that in addition to the disclosures we have identified below, we may disclose personal information for the purposes we explain in this notice to service providers, contractors, agents, advisors (e.g. legal, financial, business or other advisors) and affiliates of Capital on Tap that perform activities on our behalf

(a) To communicate effectively with you and conduct our business ► to manage your credit facility, including to respond to your queries, to otherwise communicate with you, or to carry out our obligations arising from any agreements entered into between you and us;

Lawful Bases: contract performance, legitimate interests (to enable us to perform our obligations, provide our services to you and keep you informed)

(b) To confirm that your details are correct ► so that we can ensure that information used to assess your application is entirely correct, we will cross-check it against resources such as:

(i) Companies House, to confirm company information;

(ii) postcode confirmation services;

(iii) data validation services, to confirm bank account and contact details;

(iv) credit referencing agencies; and

(v) the Electoral Roll, to confirm your address.

The purpose of these checks is to prevent inconsistencies (whether between records or simply as a result of typing errors) from disrupting our assessment of your application. Sometimes, where we cannot confirm your details based on the information you initially provide us, we will request further documentation. For example, copies of identification documents or bank statements.

Lawful Bases: contract performance, legitimate interests (to enable us to verify your information)

(c) To assess applications for credit ► Whether you make an application for credit in your personal capacity, as the ultimate owner of a company, or through an enterprise, we will use your personal data for the purpose of assessing eligibility and affordability. To do this, we may:

(i) undertake checks against PEP (Politically Exposed Persons) Sanctions and AML (Anti Money Laundering) databases;

(ii) utilise credit referencing agencies and credit data providers to undertake a credit check on you and/or your business;

(iii) utilise third party databases to assist with assessing your affordability for a credit facility; and

(iv) use third party tools to categorise your personal and financial data to help with underwriting assessments.

We will then combine the personal information you have provided to us either directly or through a link to your banking data with the results of these checks to assess you against our eligibility criteria. Where we have not been able to provide you with a credit facility at the point of application, we may refresh these checks on a periodic basis, for a period of up to 12 months, in the interest of attempting to provide you with an approval. More information in relation to this process is set out at Profiling and Automated Decision Making.

Lawful Bases: contract performance, legitimate interests (to enable us to assess your eligibility and affordability prior to potentially issuing credit)

(d) In relation to fraud/crime prevention ► personal information we have collected from you will be shared with fraud prevention agencies that will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused finance, or your existing facility may be frozen, pending investigation. Where personal information includes biometric data, this is collected, processed and retained by trusted third-party suppliers who undergo thorough due diligence to ensure compliance with applicable data protection regulations. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by clicking here.

Lawful Bases: legitimate interests (to allow us to improve our services, products and business). Where personal data relating to biometric data, criminal convictions or offences is processed, we will rely on substantial public interest (fraud prevention) or legal claims, as applicable.

(e) To undertake continuing checks and monitoring ► to monitor queries and transactions to ensure service quality and compliance with procedures.

Where we have offered you a credit facility, we will continue to check against your credit report, PEP, sanctions and/or anti-money-laundering databases on a periodic basis. We also undertake ongoing monitoring of your use of our Website and, your transactions, for fraud detection or crime prevention purposes. See Profiling and Automated Decision Making for more information.

Lawful Bases: legal obligations, legitimate interests (to ensure the quality of services, or to ensure that you fall within our acceptable risk profile and/or to assist with the prevention of crime and fraud). Where personal data relating to criminal convictions or offences is processed, we will rely on substantial public interest (fraud prevention) or legal claims, as applicable.

(f) To collect repayments ► We will generally collect credit repayments directly from you via direct debit. We use GoCardless to process your direct debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at https://gocardless.com/legal/privacy/

Where you are late in making a scheduled payment, we may engage a collections agent to obtain repayment on our behalf. We have a process in place to assist individuals who are struggling to make repayments on their credit facility. If you have difficulties making payments under your credit agreement please contact us at your first opportunity by phone or by email as set out in “Contact Us. We may share your data with third parties for the purposes of providing you with debt advice. You may also want to seek advice on what to do from an independent free advice agency such as the Citizens Advice Bureau. 

Lawful Bases: Contract performance, legitimate interests (to recover sums owed to us in accordance with our agreement with you).

(g) To provide you with marketing materials ► to provide you with updates and offers, where you have chosen to receive these. We may also use your information for marketing products and services to you by post, email, SMS or phone and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing. We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt-out by contacting us as set out in “Contact Us”.

Lawful Basis: consent, legitimate interests (to offer you products and services that may be of interest to you)

(h) For research and development purposes ► to analyse your personal information and usage of our products and services in order to better understand your requirements, to better understand our business and develop our products and services. We may also share your information with social media providers, exclusively for purposes of market research, and only where you have provided consent to that social media provider to assist us with this research;

Lawful Bases: legitimate interests (to enable us to improve our services, products and business)

(i) Engagement with Enterprise Partners and third-party applications ► If you are provided with a Capital on Tap Visa Card in collaboration with one of our Enterprise Partners or have allowed a third-party service or application to interact with your account (for example accounting software applications or services which integrate with your account), we may share your credit decision, card transaction and usage data with that Enterprise Partner or a third-party provider. We will make clear in your contract if your Capital on Tap Visa Card was issued in collaboration with one of our Enterprise Partners and we only integrate with third-party applications where you have specifically authorised us to do so. We have no control over and take no responsibility for, the privacy practices or content of our Enterprise Partners or third party providers. You are responsible for checking the privacy policy of any such Enterprise Partners or third parties so that you can be informed of how they will handle personal information.

Lawful Bases: contract performance, legitimate interests (to allow us to deliver feature the features and enhancements associated with your account, as stated in our contract with you. You can find out more at: https://www.capitalontap.com/en/faq)

(j) Assignment of your debt  Where a credit facility has been granted, we may assign our rights and responsibilities under our agreement with you (the Running Account Credit Agreement) or the entity you represent, by means of an equitable assignment. This process is an important method to enable us to raise finance.

Where such an assignment is made, it will not adversely affect your rights under your agreement with us and your relationship will remain with us, as opposed to the assignee. It will not impact our processing of your personal data, although anonymised information relating to your credit facility will be provided to the assignee, rating agencies, securitisation data repositories and financiers.

In some (very rare) circumstances, we may need to assign the debt in its entirety to the assignee, in which case the assignee will receive your personal information for the same purposes as we use it for. For more information, click here.

Lawful Bases: legitimate interests (to enable us to raise finance); contract performance (in relation to assignment).

(k) To inform you of changes ► to notify you about changes to our services and products;

Lawful Bases: legitimate interests (to notify you about changes to our service)

(l) To ensure website content is relevant ► to ensure that content from our Website is presented in the most effective manner for you and for your device, which may include recording your session while on our Website or passing your data to business partners, suppliers and/or service providers;

Lawful Bases: legitimate interests (to allow us to provide you with the content and services on our Website)

(m) To reorganise or make changes to our business ► in the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organisation, we may need to transfer some or all of your personal information to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to transfer your personal information to that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this policy.

In some (very rare) circumstances, this could include assignment of your debt to another organisation. In this instance, you would be informed of the identity of the assignee and a new privacy policy would be provided to you, identifying the assignee and providing you with updated information relating to the processing of your personal data.

Lawful Bases: legitimate interests (in order to allow us to change our business); contract performance (in relation to assignment)

(n) In connection with legal or regulatory obligations ► We may process your personal information to comply with our regulatory requirements or dialogue with regulators as applicable which may include disclosing your personal information to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so. Where permitted, we will direct any such request to you or notify you before responding unless to do so would prejudice the prevention or detection of a crime.

Lawful Bases: legal obligations, legal claims, legitimate interests (to cooperate with law enforcement and regulatory authorities)

(o) For marketing our products and services ► We obtain marketing data from third-party providers. We use this data to send direct marketing communications by mail, email or phone. If your business is included in this data it may also include your name and contact details. If we communicate with you via direct marketing you can choose to opt-out of any further communications.

Lawful Bases:  legitimate interests (to offer you products and services that may be of interest to you)

(p) For other purposes ► From time to time, we may use your data in other ways from those described above, but we will let you know before doing so.


5. Profiling and Automated Decision Making

5.1   Our credit approval process relies on automated analysis of personal information provided by you in the application process, alongside that received from credit referencing agencies and fraud prevention agencies, to make the following decisions:

(a) eligibility – whether it is appropriate to offer you a credit facility;

(b) affordability – the maximum value of the credit facility (i.e., the credit limit); and

(c) the term of the credit facility.

5.2   We try to make lending decisions as quickly as possible. This is how our use of automated processing benefits our customers. However, in some circumstances, automated decisions are not appropriate. For example, you may have a credit history that does not squarely meet our criteria, and, where combined with other factors that improve your eligibility, may warrant further consideration. In these instances, we refer your application to an underwriter. The underwriter will undertake an objective review of your application and the automated decision may be revised in the event that the underwriter considers that lending may be appropriate.


Ongoing verification

5.3   Where a credit facility has been granted, we will re-assess your credit score on a periodic basis to ensure whether the current level of lending remains appropriate and/or whether we may be able to offer you further credit. Where you have applied for a facility and been declined, we may also re-assess your credit score in the twelve-month period following your application to check whether we are subsequently able to offer you credit based on new information.

5.4   In a small number of cases, where there has been a decline in our appraisal of your credit we may reduce the credit offering accordingly. In the event of a significant default, we may freeze or withdraw the credit facility to prevent any further borrowing and you will be informed.

5.5   We also undertake continuing checks to combat fraud. This means we may decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. For more information on the anti-fraud measures adopted by us, click here.

5.6   This process may result in your facility being withdrawn or you not being able to complete a purchase using your Capital on Tap card. You may want to check your information or try again using a different method of payment.


Transaction Authorisation and Monitoring

5.7   Where you request to draw down money into a bank account from your Capital on Tap account or submit a payment request using your Capital on Tap Visa card, checks will be done including on your available balance to ensure that sufficient funds are available before authorising the transaction. We reserve the right to restrict or decline drawdowns or transactions where it is deemed that the request does not fit the permitted usage as defined in your Terms and Conditions.

5.8   We will also undertake checks to combat fraud and financial crime. These checks may include automated transaction monitoring for fraud and financial crime prevention. See Profiling and Automated Decision Making.

5.9   The transaction authorisation and monitoring processes conducted by and our processing partner may result in you not being able to complete a payment or may result in us requesting additional information from you before allowing the payment to be completed.

Your rights relating to automated decisions

5.11   In relation to each of the instances of automated decision-making referred to above, you may request that we provide information about our methodology and ask us to verify that the automated decision has been made correctly. We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances, we will verify (or request the relevant third party to verify) that the algorithm and source data are functioning as anticipated without error or bias.


6. Who we share your personal information with

6.1   We may disclose information about you to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this privacy policy. A full list of recipient groups can be found here.

6.2   In addition, we may disclose information about you:

(a) To the extent that we are required to do so by law;

(b) To counterparties, regulators and law enforcement agencies in connection with any legal proceedings or prospective legal proceedings, or in order to establish, exercise or defend our legal rights including providing information to others for the purposes of fraud prevention and reducing credit risk;

(c) To any third party who provided your details to us (for example, a broker) in connection with the outcome of your application; and

(d) To the purchaser or prospective purchaser of any business or asset which we are or are selling or contemplating selling.



7. Transmission, storage and security of your personal information

Security over the internet

7.1   No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain commercially reasonable physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements.

7.2   We will store all the personal information you provide on our secure password and firewall-protected servers. All electronic transactions you make to or receive from us on our website will be encrypted using SSL technology. SSL certificates meet the highest standard in internet security for website authentication.

7.3  Our systems use a third-party email service that we access over an encrypted HTTPS connection, which in turn uses opportunistic TLS connections to relay emails. For the majority of our customers, this means that the receipt of emails and their associated attachments is secured right from the connection with a customer's email server. In addition, this third-party service complies with applicable data standards and regulations in all territories where we operate. 


Export outside the EEA

7.4   Your personal information may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside the country in which you are located, whose data protection laws may be of a lower standard than those in your country. We will, in all circumstances, safeguard personal information as set out in this Privacy Policy.

7.5   Where we transfer personal information from inside the European Economic Area (the EEA) to outside the EEA, we may be required to take specific additional measures to safeguard the relevant personal information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which have not had these approvals (see the full list here https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en#:~:text=The%20European%20Commission%20has%20so,Uruguay%20as%20providing%20adequate%20protection.), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, or other legal grounds permitted by applicable legal requirements.

7.6   Please contact us as set out in the “Contact Us” section below if you would like to see a copy of the specific safeguards applied to the export of your personal information.


Storage limits

7.7   Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When personal data is no longer needed, we either irreversibly anonymise the data (and we may further retain and use the anonymised information) or securely destroy the data.

7.8   You have rights in relation to the retention and use of your data as set out in the “Your Rights” section below.



8. Your rights & contacting us

Updating information

8.1   We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by contacting us as set out in the “Contact Us” section below.


Your rights

8.2   If you have any questions in relation to our use of your personal information, you should first contact us as per the “Contact Us” section below. Under certain conditions, you may have the right to require us to:

(a) provide you with further details on the use we make of your information;

(b) provide you with a copy of the information that you have provided to us;

(c) update any inaccuracies in the personal information we hold (please see paragraph 5.2);

(d) delete any personal information we no longer have a lawful ground to use;

(e) where processing is based on consent, to withdraw your consent so that we stop that particular processing;

(f) to ask us to transmit the personal data you have provided to us and we still hold about you to a third party;

(g) object to any automated decision making or processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and

(h) restrict how we use your information whilst a complaint is being investigated.

8.3   Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.

8.4   If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to the Information Commissioner’s Office:https://ico.org.uk/concerns/



8.5   You have the right to ask us not to process your personal information for marketing purposes at any time. You can exercise your right to opt-out of such processing by editing your preferences in your customer portal or by filling in this form at any time: https://www.capitalontap.com/en/apps/opt-out/


Contact us

8.6   If you have any questions about this privacy policy or our treatment of your personal data, please write to us by email to privacy@capitalontap.com.

If you are a sole trader or an unincorporated partnership with less than four partners, you should read the following, FCA required risk warning:

Warning: Late payment can cause you serious money problems. For help, go to www.moneyadviceservice.org.uk.



9. Cookies policy

9.1   You can read our full cookies policy here: https://www.capitalontap.com/en/legal/cookies/.


10. Electronic Communications

Where we communicate with you electronically (by email, phone or SMS) this will be conducted in line with the requirements set by the Privacy and Electronic Communications Regulations (PECR). These requirements do not replace, but instead supplement those contained within GDPR.

This includes, but is not limited to the following types of communication:

  • Communications during the application process,
  • Communications administering to an active account with us,
  • Communications related to billing, payments and collections,
  • Communications to complete security checks with you,
  • Marketing communications.

We use third-party providers to send you emails. Our third-party providers may use various technologies to collect and store data relating to email campaign effectiveness and engagement, this may include using cookies and similar tracking technologies, such as pixels and web beacons.

A list of third parties we use to send emails can be found here.


12. Changes to our Privacy Policy

12.1   We may change our Privacy Policy from time to time in the future. If we change this Privacy Policy, we will update the date it was last changed below. If these changes are material, we will indicate this clearly on our Website.

12.2   This Privacy Policy was last updated on 13/11/2023.

Annex 1: Lawful bases

Use of personal information under EU data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the grounds in respect of each use in this policy. We note the grounds we use to justify each use of your information next to the use in the “Uses of your personal information” section of this policy.

These are the principal legal grounds that justify our use of your personal data:

Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use and may withdraw your consent by editing your preferences on your customer portal or by following this link: https://www.capitalontap.com/en/apps/opt-out/

Contract performance: where your information is necessary to enter into or perform our contract with you.

Legal obligation: where we need to use your information to comply with our legal obligations.

Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

In determining that the use of your information is necessary to achieve a legitimate interest of ours, we have taken into account your data protection rights. If you have any questions about the assessment we have made in order to rely on this legal basis, please contact us using the details set out in the “Contact us” section.


These are the principal Lawful Bases that justify our potential processing of personal data relating to criminal offences and convictions:

Substantial Public Interest: to prevent fraud

Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, or a third party.


Annex 2: Processing for fraud prevention and detection purposes

1.1   Before we provide our services to you, we undertake checks for the purposes of preventing fraud and money laundering and to verify your identity. These checks require us to process personal data about you.

1.2   The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.

1.3   We, fraud prevention and debt collection agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

1.4   We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.

1.5   Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

Automated decisions

1.6   As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us at privacy@capitalontap.com.


Consequences of processing

1.7   As a consequence of processing, if we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested or to employ you, or we may stop providing existing services to you.

1.8   A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on privacy@capitalontap.com.


Data transfers

1.9   Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.


Annex 3: Processing for credit referencing purposes

1.1   In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). We may also make periodic searches at CRAs to manage your account with us.

1.2   To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

1.3   We will use this information to:

(a) Assess your creditworthiness and whether you can afford to take the product;

(b) Verify the accuracy of the data you have provided to us;

(c) Prevent criminal activity, fraud and money laundering;

(d) Manage your account(s);

(e) Trace and recover debts; and

(f) Ensure any offers provided to you are appropriate to your circumstances.

1.4  We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not  pay the minimum contractual repayments on time, we will report the outstanding debt to CRAs, who will record this on your business credit file, and personal credit file where a Personal Guarantee is in place. We may also inform CRAs if you do not pay the minimum contractual repayments on time and enter an Arrangement to Pay. This information may be supplied to other organisations by CRAs.

1.5   When CRAs receive a search from us, depending on the type of search, they may place a search footprint on your credit file that may be seen by other lenders.

1.6   If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

1.7   The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail here (clicking on any of the below links will take you to the same notice document):

Call Credit: https://www.callcredit.co.uk/crain

Equifax: https://www.equifax.co.uk/crain

Experian: https://www.experian.co.uk/crain


Annex 4: Third Parties
1.1   IT Services

(a) We use third-party providers to:

(i) host our IT database;

(ii) send SMS communications;

(iii) share emails and documents;

(iv) provide phone, online chat and ticketing services;

(v) receive internet and telephone services;

(vi) provide internal reporting and data visualisation tools

(vii) receive internal instant messaging service;

(viii) transfer data;


1.2   Card Services

(a) We use third-party providers to:

(i) process transactions; and

(ii) manufacture our cards


1.3   Marketing

(a) We use third-party providers to:

(i) provide us with prospect information;

(ii) confirm the accuracy of the entries within our marketing database;

(iii) advertise for us (often, we will use an aggregator or broker);

(iv) produce and post letters relating to our marketing campaigns; and

(v) In relation specifically to social media providers, identify a wider customer base to direct our marketing to.

(b) the sources we use to obtain contact information for our direct marketing by mail includes but is not limited to:

(i) Graydon - https://www.graydon.co.uk/wiki/general-data-protection-regulation-gdpr#fc-1656  

(ii) Experian - https://www.experian.co.uk/legal/privacy-statement  

(iii) Creditsafe - https://www.creditsafe.com/gb/en/legal/privacy-policy.html  

(iv) Connell Data - https://www.infolinkgazette.co.uk/privacy.php

(v) Go-Live Data - https://www.go-data.com/legal/privacy

(vi) Brightdata - https://bright-sdk.com/privacy-policy

(c) the sources we use to obtain contact information for our electronic direct marketing includes but is not limited to:

(i) Third party providers of contact information such as:

ZoomInfo - https://www.zoominfo.com/about-zoominfo/privacy-center 

Corpdata - https://www.corpdata.co.uk/about-us-privacy-statement 

Yell - https://www.yell.com/legal/data-protection-privacy-policy/ 

MarketScan - https://www.marketscan.co.uk/privacy-policy/ 

Experian - https://www.experian.co.uk/legal/privacy-statement 

Leadiro - https://www.leadiro.com/legal/privacy

(ii) Search engines (such as Google);

(iii) Professional networks (such as LinkedIn);

(iv) Company websites.

(d) the sources we use to deliver and monitor the effectiveness of our digital advertising includes but is not limited to:
(i) Google Ads - Google LogoPrivacy Policy – Privacy & Terms – Google

(ii) Google Analytics - Google LogoPrivacy Policy – Privacy & Terms – Google

1.4   Collections

(a) We use third-party providers to:

(i) help us recover debt; and

(ii) recover the debt on our behalf

(iii) provide you with debt advice


1.5   Payment Services

(a) We use third-party providers to:

(i) process payment of Direct Debits;

(ii) process payment by Debit Cards; and

(iii) process payments made into customer bank accounts.


1.6   Data validation

(a) We use third-party providers to:

(i) to verify customer details;

(ii) to verify business details; and

(iii) supply bank detail validation.


1.7   Communications

(a) We use third-party providers to send emails. 

(i) Third-party providers we use to send emails include:

Mailchimp - https://mailchimp.com/legal/privacy/

Kustomer -  https://www.kustomer.com/privacy/policy/

Gmail - https://policies.google.com/privacy?hl=en

Customer.io - https://customer.io/legal/privacy-policy/

(c) Third-party providers we use to call you include:

UJET - https://ujet.cx/privacy-notice

(d) Third-party providers we use to send messages include:

WhatsApp Business API - https://business.whatsapp.com/trust-and-safety

Twilio - https://www.twilio.com/legal/privacy

Kustomer - https://www.kustomer.com/privacy/policy/

(e) We use third-party providers to administer our Out of Hours customer contact service.

(f) We use WhatsApp to help with general questions and to send notifications to you about your account. You can opt in by sending us a message via WhatsApp.


1.8   Brokers and partners

(a) We use third-party providers to:

(i) refer us potential customers;

(ii) partner with us as part of our enterprise solution; and

(iii) integrate accountancy software platforms used by those applying for, and using our products.


1.9  Rewards and offers

We use third-party providers to fulfill optional benefits like rewards and prizes.

Apply now