Last updated: 27/07/2021
This Privacy Policy explains and governs: how, when, what and whose personal data we collect; how and why we use your personal data; and your privacy rights in general, including how to control your personal data and how you are protected under data protection law. We commit to protect your data and keep it safe and secure at all times.
This Privacy Policy applies to personal data that we collect through the Fleximize website (https://fleximize.com/) ("Website") and when you contact us through other mediums, such as by telephone or email. This Privacy Policy will be updated from time to time to comply with the applicable laws and regulations and to meet our changing business requirements. You are advised to periodically review this Privacy Policy for the latest amendments. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.
If you have any queries/comments on this Privacy Policy, you can contact us (including our Data Protection Officer) using the details at the bottom of the Privacy Policy.
Quick links
We recommend that you read this Privacy Policy in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Policy, then you can click on the relevant link below to jump to that section.
Types and Sources of Personal Data
Not Providing Your Personal Data
Third Parties We Share Your Personal Data With
Credit Reference Agencies (CRAs)
Referring to Third-Party Providers
Your Rights Over Automated Decision
Marketing From Us and Member Benefit Schemes
Keeping Your Personal Data Secure
Period of Time we Can Retain Your Personal Data
How to Access Your Personal Information
What does Fleximize do?
Fleximize provides business loans to small and medium enterprises in the United Kingdom. Fleximize is part of the Alterium Group of Companies, made up of Alterium Limited (ZA021336), Fleximize Limited (ZA021338), Fleximize Capital Limited (ZA244436), Fleximize Services Limited (ZA046956), Fleximize Technology Services Limited (10381710) and Flexicard Limited (10223497). Fleximize Limited is the data controller for the personal data collected through the Website and other mediums (hereinafter referred to as "Fleximize", “we” or “us”) and may share your personal data with the other Group Companies (see below).
Your protection under the law
Under applicable data protection laws, we are authorised to use your personal data only if we have an appropriate reason for doing so and this will depend on the personal data concerned and specific context in which we collect it. Generally, this is likely to be based on one or more of the following:
- Your consent;
- Our legal duty;
- Fulfilling our contractual obligations; and/or
- Based on our legitimate interest to do so, which does not override your rights.
We will rely on legitimate interest only where we (or a third party) have a business or commercial reason to use your personal data. We have set out below examples of when and for what purpose we rely on our (or a third party's) legitimate interest as a basis to process your personal data. We also set out any other legal basis we rely upon in relation to that particular processing.
Purpose for which your personal data is used. | Our/a third party's legitimate interests | The legal basis/bases we rely on |
---|---|---|
• Managing and maintaining our ongoing relationship with your business. | • Updating our records, developing new products and services, working on new pricing and providing you with updates on it. |
• Our legitimate interests • Your consent • Fulfilling our contractual obligations |
• Performance of our marketing functions, including sending customers marketing materials. • Signpost the products and services of third-party partners as part of the member benefit scheme in the member’s area. |
• Where we have a legitimate interest in sending your business marketing material, such as in order to provide you with information on new products or services. |
• Our legitimate interests. • Your consent, where legally required for marketing activities. |
• Developing new marketing strategies. • Developing and maintaining customer relationships, their needs, and developing strategies for business growth. • Analysis of customers’ use of our products and services and those of our third parties. |
• In order to meet customer needs and develop and grow our business. • In order to improve and develop our products and services. |
• Our legitimate interests. • Our legal obligation. • Fulfilling our contractual obligations. |
• Managing, developing, and testing new products and services and ongoing maintenance of our brand. • For ongoing maintenance of our relationships with third party service providers to both ourselves and our customers.
|
• Developing new products and services, defining the customers for which they are relevant, and determining the pricing. • To manage our relationships with third party service providers, to ensure that our requirements continue to be met. |
• Fulfilling contractual obligations. • Our legitimate interests. • Our legal obligation. |
• Promoting and delivering our products and services. • Performing credit checks on applicants, directors, partners, shareholders and any linked “financial associates” (i.e. person who may have joint personal financial arrangements such as joint accounts or joint credit applications, which may be your spouse or partner). • To process loan applications and rejected loan applications. • To manage the amount lent, interest, charges, fees and legal costs in relation to our customers. • For debt collection and recovery. |
• In order to meet customer needs and develop and grow our business. • In order to progress customer applications and make decisions in relation to the services/products that we are able to offer. • To manage our customers' accounts and keep a record of transactions. • In order to take necessary steps with regard to our financial position as a business. |
• Fulfilling contractual obligations. • Our legitimate interests. • Our legal obligation. • Obtaining your consent on certain matters, such as where legally required in order to share your data with a third party (e.g. to make a referral to another lender where a loan has been rejected). |
• To fulfil our obligations in the prevention of financial crime including fraud and managing the risk. • To adhere to all laws and regulations applicable to us. • Complaints management. |
• In order to detect or prevent illegal activities. • Developing ways to deal more efficiently with financial crime whilst fulfilling our legal duties. • In order to deal with customer or other complaints. |
• Fulfilling contractual obligations. • Our legitimate interests. • Our legal obligation. |
• Efficient management of the business including day to day operations, corporate governance and audit. |
• To provide our products and services to customers, including managing accounts and communicating with customers regarding queries. • To liaise with third parties as necessary in order to provide our products and services. • For corporate governance purposes, including to carry out regular audits in relation to our business. |
• Fulfilling contractual obligations.
• Our legitimate interests. • Our legal obligation. |
• To exercise our rights set out in agreements or contracts. |
• Fulfilling contractual obligations.
|
• To process biometric data (facial recognition and voice recognition) as part of identity check conducted by a third party. |
• Consent.
• Our legal obligation. • Fulfilling our contractual obligations. |
Types and Sources of Personal Data
During your interaction with us, we collect different kinds of personal data on you, your business and your linked associates. Below is a list of all the different types of information we collect:
Personal data | Description |
---|---|
Financial Information | The financial position of your business, (i) your personal position, credit status and history (ii) credit history of any linked financial associates i.e person with whom may have or had a joint personal financial arrangement such as joint accounts or have made joint credit applications which may be your spouse or partner (not a business partner). We may check the records, including the credit details of other individuals acting as personal guarantors to the loan application. (iii) if the applicant is a limited company, the credit history and status of each director and shareholder and their financial associates. (iv) if the applicant is a sole trader or a partnership, the credit history of the sole trader or each partner and their financial associates. The financial information we may access through our trusted partner will cover your business data, customer data, supplier data, invoice (sales invoice) data, bill (purchase invoice) data, credit note data, payments data, profit & loss data, balance sheet. |
Contact Details | The registered and trading address of your business, personal and business phone number supplied and email address of applicants, directors, partners, shareholders and linked associates and ownership status. |
Profile and Usage Data | This includes the member area that we set up when your loan application is successful and the profile you create to identify yourself when you connect to our internet services. It also includes other data about how you use those services. We gather this data from devices you use to connect to those services, such as computers and mobile phones, using cookies and other internet tracking software (see below section on "Cookies") |
Transactional Details | Details about payments to and from your bank account, bank statements you submit to us through our portal or our trusted partner. All deposits made by us and all payments made by the business and yourself to us. Management Information or additional information you provide on your business. |
Products and services | Information on the financial products and services we have provided to you, e.g. amount of loan, purpose and term. |
Location | Location and device data from which you are applying for a loan, i.e. your phone, the IP address on connecting to your internet, the operating system and the browser type. |
Technical | Details on the devices and technology you use to apply for a loan with us, browse our Website and manage your account. |
Communications | Includes all exchanges between yourself and us including letters, emails, face-to-face interactions and telephone conversations (included by way of recorded calls). |
Public Records | Details about your business, yourself, your financial associates; details about you that are in public records such as companies house, electoral register; and information about you that is openly available on the internet. |
Identification and Verification data | Details about you that are stored in documents in different formats, or copies of them. This could include documents such as your passport, drivers licence, utility bills or other verification of residential address or date of birth and may extend to other directors, shareholders and partners and their linked financial associates. |
Consents | Any permissions, consents or marketing preferences that you provide to us. |
We may collect personal data about you and your business when you are:
- Applying for a loan with us from our Website or from one of our financial brokers, affiliates and other third-party introducers;
- Speaking to us face to face or on the telephone;
- Browsing our Website and using webchats;
- Using emails, letters and SMS to communicate with us;
- Completing our customer surveys or participating in any of our competitions or promotions; and
- When you inform us of your marketing preferences.
In addition to the above, we can also access your personal data from a number of third parties we work with such as third party brokers, affiliates and other third-party introducers that introduce you to us, credit reference agencies (CRAs), comparison websites, social networks such as Facebook, Twitter and LinkedIn, Land Registry, property search engines, Companies House and Creditsafe, debt recovery agents, external solicitors for loan arrangement and debt recovery, market research agents, and law enforcement agencies.
Not providing your personal data
We may need to collect personal information by law, or under the terms of a contract we have with you. If you choose not to give us this personal data, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform the services needed to run your accounts. It could mean that we cancel a product or service you have with us. Any data collection that is optional would be made clear at the point of collection.
Third Parties we share your personal data with
We may disclose your personal data to third parties. We will take all the necessary steps required to ensure that any transfer and ongoing processing by those third parties is carried out securely and in accordance with applicable data protection regulation and privacy laws. Examples of the third parties we share your information with are as follows:
- Our group companies or any of our third parties who otherwise process personal data for purposes that are described in this Privacy Policy or notified to you when we collect your personal data;
- Third-party brokers or third-party lenders or other trusted partners to whom we may refer your application for credit in case we could not help you, if you have provided your consent;
- Third-party trusted partners from whom you may be interested to receive products and services if you have provided your consent;
- Our suppliers, sub-contractors, and third-party data processors (including payment processors, marketing and data analytics service providers, debt collection agents, tracing agents, insolvency practitioners, professional advisers and third parties who provide us with the following services from time to time: identification and fraud check, marketing, technology, document readers, payroll service providers, medical cover providers for staff, back-up and business continuity);
- Third party we use to process your biometric (facial recognition and voice recognition) data;
- Third party platform we use to facilitate electronic signatures of our documents including loan documentation;
- Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- HM Revenue & Customs, regulators, and other authorities;
- CRAs, namely Equifax, Transunion and Experian (more information on this can be found below);
- Fraud prevention agencies namely National Crime Agency and CIFAS;
- Companies that we have an agreement to co-operate with;
- Organisations or individuals that introduce you to us;
- Third party brokers, affiliates and other introducers that introduce leads to us;
- Organisations you ask us to share your data with;
- If you have an application for a secured loan, we may share information with other lenders who also hold a charge on the property; and
- If we decide to sell, transfer, assign, merge, acquire other businesses or change group structure, we may share your personal data with other parties that have the required standards of data protection.
Credit Reference Agencies (CRAs)
We carry out credit and identity checks with at least two CRAs when you apply for a loan for your business.
On submitting the application, you agree that you have the full consent of all parties and any linked “financial associates” i.e. a person with whom you may have had or have a joint personal financial arrangement such as joint accounts or have made joint credit applications which may be your spouse or partner, or civil partner.
If the applicant is a sole trader, we may check any financial associate. If the application is for a business partnership, we may check each partner and their financial associates and where the application is for a limited company, we may check each director, shareholder and their financial associates. The credit file of all personal guarantors may also be checked.
The following information will be shared with the CRAs:
- Name;
- Date of birth;
- Residential address;
- History of where you have lived;
- Contact details, such as email addresses and phone numbers (of directors, shareholders, personal guarantors, linked associates);
- Financial data such as the company bank account details;
- Data relating to you or your businesses products or services; and
- Data that identifies computers or other devices you use to connect to the internet such as the Internet Protocol (IP) address.
CRAs will provide us with the financial situation and credit history information on the business and the relevant individuals, including their linked financial associates. Public information from the electoral register, Companies House, county court judgments, bankruptcies and fraud prevention/anti money laundering information will also be provided.
Information from the CRAs will help us conduct the following:
- Confirm identities and residential address;
- Assess the creditworthiness of your business, yourself and your financial associates;
- Help prevent crime, fraud and money-laundering (see below for more information);
- Manage your accounts with us;
- Fulfil any contracts you or your business has with us;
- Checking details on prospective candidates and employees as part of their employment; and
- Trace your whereabouts and recover debts that you owe us.
Where you borrow from us, we will give details of your accounts and how you manage them to CRAs. We will continue to share your personal data with CRAs if you are our customer, and these will include information on your loan, current balance and repayment history.
The above information may be shared by the CRAs with other lenders who may want to check your credit status and that of your business.
Searches we undertake on your credit file will leave a footprint and may impact your credit file. In most cases, the footprint left will be a director search. All the footprints may be seen by other lenders.
Where you are making an application with someone else or you tell us you have a spouse, partner or civil partner or that you are in business with other partners or directors, we link and search information about you and your associates at the CRAs.
CRAs will also link your records together and these links will remain on your credit files until you or the financial associate provides proof to the CRAs that you are no longer financially linked.
You can contact the CRAs currently operating in the UK in order to check the information they hold about you. The information they hold may not be the same, so it is worth contacting them all. Below are links to the Credit Reference Agency Information Notice which provide information about them, the data they hold, how it is shared and your data protection rights.
Transunion | Equifax | Experian |
Fraud Prevention Agencies
Where we suspect fraud or money laundering, we and the CRA may share your personal data including the individuals associated with your application with Fraud Prevention Agencies FPA (such as CIFAS and National SIRA) and other organisations involved in crime and fraud prevention including law enforcement agencies.
As far as fraud and money laundering prevention is concerned, we shall keep your data for as long as we exist, provided this is in accordance with applicable laws. However, the CRAs and the fraud prevention agencies may keep them for a different length of time.
We may submit the information you provide to us through our automated system that will identify fraud patterns and indicate unusual activities for you and your business. Either of these could indicate a possible risk of fraud or money laundering and where that is the case, we will reject your application or may refuse to provide services to you and report it to the National Crime Agency and the FPAs accordingly. We and the CRAs may keep a record of the risk you or your business pose to our business. A record of any fraud or money laundering risk will be retained by the FPAs and may result in others refusing to provide services, financing or employment to you and the individuals associated with your application.
Further details on the processing of information and the individual’s data processing rights can be found www.cifas.org.uk/fpn and Sira Full Processing Notice.
Referring to Third-Party Providers
In the event, your business does not satisfy our lending criteria and we cannot lend to you, we may where you have consented to it, pass your personal details such as your name, email address, contact details, credit application to third party lenders and brokers who may assist you in obtaining credit. You will be contacted directly by them to discuss your credit application. We will also pass the credit data of your business, the directors, and personal guarantors, to our trusted partners who we have outsourced certain activities to.
Third-party referrals are managed by the Approvity referral platform. Consent to refer the application to third party brokers / lenders includes agreeing for credit checks to be run by the latter on your business and associated parties, and for personal data to be processed per the Approvity Privacy Policy.
Automated decisions
We may make automated decisions (including profiling) based on personal data we hold about your business, yourself, directors, shareholders, personal guarantors and any linked associates. Automated decisions assist us in making decisions which can affect the products, services and pricing and these decisions may legally affect you or similarly significantly affect you.
Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. Examples of automated decisions are as follows.
(i) Approving Credit
We use an automated system to run your application through our initial lending criteria to determine if we are able to provide funding to your business. Your application will either be accepted or rejected based on the criteria set by ourselves. We also use credit data to assess the creditworthiness of your business and the likelihood you will pay back any money you borrow. This includes data about your credit history and that of your business. In addition to the credit score of the directors and that of the business, we may also consider additional information including other financial information to be able to reach an overall decision to lend.
(ii) Statistical Analysis
We may carry out periodic statistical analysis or testing to ensure the accuracy of existing and future products and services. To that effect, we may place you in segments to understand our customers’ needs and manage our relationships with them.
(iii) Prevention of Money Laundering
We may use personal data to (i) verify your identity, the directors, partners, shareholders, personal guarantors and that of your financial associates (ii) undertake checks for the prevention and detection of crime, fraud and/or money laundering (iii) identify if your personal or business information has been used for fraud or money laundering purposes and where we believe that there is such a risk, we will report our suspicion to the National Crime Agency as required by law (iv) process your biometric (facial recognition and voice recognition) data through a third party provider to enable us to verify your identity.
(iv) Pricing
We may decide what to charge for our products and services based on credit risk data analytics.
Your rights over automated decision
We have implemented measures to safeguard the rights and interests of individuals whose personal data is subject to automated decision-making, including Fleximize initial criteria checks and credit reference checks.
Under applicable privacy laws, you have the right to request that our initial decision to accept or reject your application is not based on the automated decision only or you can object to the latter or request for the decision to be reviewed.
Please contact us on [email protected] if you wish to have more information about these rights.
Overseas Transfers
We may transfer your personal data to countries outside the UK. These countries may have different privacy laws to those in the UK.
Specifically, we may transfer your data to other countries, including those outside the European Economic Area, either for storage and back up purposes or if we engage suppliers, sub-contractors or third-party data processors who are based or have operations overseas.
We will always take steps to ensure that your information is protected and that those transfers comply with applicable data protection laws. This includes putting in place the European Commission's Standard Contractual Clauses, where Binding Corporate Rules are in place, or where a company receiving the data in the USA is certified under the EU-US Privacy Shield
This means that your data will be processed and protected under the same standards as imposed by data protection laws within the UK.
Marketing from us and Member Benefit Schemes
As part of our marketing strategy, we may use your personal data to analyse which products, services and offers may be relevant for you.
We may use your personal data to send you marketing messages in relation to our products and services and to advise you of offers available to you via the Member Benefit Schemes.
As a member, you will have full control over your marketing preferences with us and would be able to activate and access carefully selected offers from our trusted third-party partners that we believe will be of added value to your business. We will generally update your members area with offers available to you, but we may also send you emails or letters by post to inform you of new and relevant offers. We will not pass your personal data to these organisations unless you request this or redeem an available offer. If you later decide you do not wish to receive updates on third-party offers, you can opt out via your member area.
You can ask us to stop sending you marketing messages by updating your marketing preferences by logging into your member’s area. However, you will still receive mandatory and key service communications such as any changes to your existing products and services with us.
We may ask you to confirm or update your choices, if you take out any new products or services with us in future. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business.
Keeping your personal data secure
We use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures we use, including high level encryption, are designed to provide a level of security appropriate to the risk of processing your personal data. Fleximize’s core web systems are designed and developed in-house, using a hierarchical permission structure which restricts each user’s access to reports and customer records based on the requirements of both their department and their level of seniority.
Period of time we can retain your personal data
We retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with the service you have requested or to comply with applicable legal, tax or accounting requirements).
Where you have made a full application, we will keep your personal data for up to 6 years after your account is closed. If for any technical, regulatory, legal reasons or research and statistical purposes we are unable to delete or anonymise your personal data, we may keep it longer than 6 years but will ensure your privacy rights are always protected and that deletion takes place when possible. For incomplete applications, personal data will be deleted after 6 months.
How to access your personal information
You have the right to:
- access the personal data we hold about you and request details of the third parties with whom we have shared your information and request that we amend or remove incorrect or incomplete information we hold about you. You can do so by contacting us at any time using the contact details provided under the "How to contact us" heading below;
- object to and request that we restrict the processing of your personal data and the right to be forgotten. Again, you can exercise these rights by contacting us using the contact details provided under the "How to contact us" heading below. Where we have made the personal data public and you want to exercise your right to be forgotten, we shall take reasonable steps to inform the other parties to whom your information has been passed;
- data portability, whereby you have the right to request that we transfer your personal data from us to another service provider;
- opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or by accessing the marketing preferences section of your member area. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the "How to contact us" heading below
- if we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent;
- complain to a data protection authority about our collection and use of your personal data. The data protection authority in the UK is the Information Commissioner's Office (www.ico.org.uk)
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
How to contact us
Please let us know if you have any questions, concerns or are unhappy with how we have used your personal data. You can email us or our Data Protection Officer on [email protected], write to us at Holbrook House, 51 John Street, Ipswich, IP3 0AH or call us on (+44) 02071000110.
Cookies
We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal data about you, including to serve interest-based advertising. To find out more about how we use Cookies and how you can control Cookies, please see our cookie policy.
Linked Websites
For your convenience, hyperlinks may be posted on the Website that link to other websites (the “Linked Sites”). We are not responsible for, and this Privacy Policy does not apply to, the privacy practices of any Linked Sites or of any complaints that we do not own or control. Linked Sites may collect information in addition to those we collect on our Website and therefore we do not endorse any of these Linked Sites nor the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the Privacy Policy of each Linked Site that you visit to understand how the information that is collected about you is used and protected.
These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit.
If you do not allow these cookies you may not be able to use or see these sharing tools.