Feedback

Privacy and Cookies Policy for Newable Business Loans

Last updated on

GDPR Privacy Notice –

Newable Business Loans Limited

 

Introduction

Newable Business Loans Ltd is a subsidiary of Newable Ltd (both “Newable”), and is committed to implementing leading data protection standards and to respecting human rights in data management. This policy sets out how Newable will collect, use and protect an individual’s personal data, including data from Newable’s websites. It will also inform you about your privacy rights and how the law protects you. Newable is also committed to obtain user data through lawful and transparent means, with your explicit consent, where required and will only collect and process your data, limited to the stated purpose.

If you have any questions about this Privacy Notice or any questions or concerns regarding the manner in which your personal data is being processed, then please send your query to the Data Protection Officer, detailed below.

1. How Your Personal Data is Collected

Newable is the Data Controller for personal data about clients, event attendees, newsletter subscribers or when sending marketing material, which you expect to receive or have consented to receive.

Newable uses different methods to collect data from and about you including through:

Direct Interactions – you may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

  • register as a user of our products or services;
  • subscribe to our publications;
  • request marketing communications to be sent to you or you update your marketing preferences;
  • respond to a promotion regarding our products or services; or
  • provide feedback

Newable will also collect anonymised statistics to improve its website.

2. The Data we Collect about You

Personal data means any information about an individual from which that person can be identified. It does not include anonymised or aggregated data, where it is not possible to identify an individual from the data.

We collect certain personal information from you when you ask us to provide, or express an interest in our services.

This includes:

  • Your name; address; contact details; job title; information about your credit history, financial circumstances, and family circumstances; and other related information we need to provide our services and to assess your suitability for certain products or services. This includes an affordability assessment, and potentially a vulnerability assessment
  • Information relating to the types of products or services you have expressed an interested in
  • Information to enable Newable to undertake personal identification checks or credit checks, and for various other anti-financial crime and compliance purposes. This includes, for example: passport information; your driver’s licence; utility bills; and/or other verification documentation to verify your identity.
  • We may collect information about your health or medical conditions if this is relevant to the services you have requested. For example, if you are purchasing certain types of insurance where this information is required.
  • We may collect information about actual or alleged criminal convictions and sentencing if this information is needed in order to assess your suitability for products or services.

 

3. How do we use the personal information we collect?

We use the personal information that you provide to us for the following purposes:

  • To provide the services you have requested, including identifying and assessing your suitability for loans, mortgages, insurance products, and other products and services, provided by certain third-party organizations. We will share your personal information with these organizations to enable them to provide their services to you.
  • In order to carry out identification, anti-financial crime, compliance and credit checks.
  • We will use your personal information to contact you about other products and services which are similar to ours which we think you may be interested in. You can opt out of receiving these messages at any time by getting in touch with us at financeconfident@newablefinance.co.uk, or by following the instructions we provide to you alongside the relevant message.
  • To communicate with you in relation to our services. For example, to tell you about changes to terms and conditions or to our privacy policy.
  • To improve our services and the way we do business, and to ask you for feedback. We may also share your personal information with a potential investor in, or buyer of, our business, provided that they are subject to appropriate obligations of confidentiality.
  • To comply with any legal or regulatory obligations, requirements, or requests.
  • To protect, defend or enforce our legal rights, or those of others

4. What is our legal basis for using personal information?

We will only use your personal information if we have a lawful basis for doing so. In particular, we will only use your personal information:

  • To perform our contractual responsibilities. For example, if you have asked us to provide services to you relating to loans, insurance, mortgages, or other services.
  • To communicate with the Secretary of State for Business, Energy and industrial Strategy (the Guarantor) and any of its agents and auditors (including the British Business Bank plc (BBB), any affiliate of the BBB and any of their advisers, agents or contractors) (Guarantor Related Parties) (GRP)
  • To communicate with UK Export Finance or other third-parties, in association with Newable’s Export Finance loan product.
  • If it is in our legitimate interests to use it. For example, if we need to use it to improve our services or the way we do business including by analysing how you interact with our services online, to carry out regulatory or compliance checks, to provide information about products and services which we think may be of interest, or if we wish to sell the whole or part of our business to a third-party.
  • In order to process your application, we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, to check your identity, manage your account, trace and recover debts and to prevent criminal activity.
  • We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates.
  • When CRAs receive a personal or business search from Newable this will place a search footprint on you or your business credit file that may be seen by other lenders. CRAs will supply to Newable both public (including the electoral register) and shared credit and fraud prevention information.
  • The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at equifax.co.uk/crain and www.experian.co.uk/crain
  • Newable and its subsidiaries may also undertake periodic searches at CRAs and Fraud Prevention Agencies (FPAs) in order to manage your account. The personal information we have collected from you will be shared with FPAs who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by clicking here
  • If we rely on consent, you may withdraw your consent at any time by getting in touch with us or by writing to us at the address below.

5. Consent to process and criminal records information

If you would like to receive certain products and services from us, we may ask you to

provide certain types of sensitive personal information about you, in order for us to provide those services. In particular:

  • we may ask you to provide certain information about your health or medical conditions,
  • we may ask you for information about actual or alleged criminal convictions including sentencing information.

We will only ever use this information with your consent, which we will obtain from you at the time. This information will only ever be used to assess your suitability for products and services which you have asked us about, and to provide those products and services to you.

We will share this information with relevant third-party organizations to enable us and them to provide the services you have requested.

6. We may transfer personal information outside the UK and the EEA

We or third parties with whom we share personal information in accordance with this

privacy policy, may need to transfer personal information provided to us outside the

UK and the EEA in order to provide our services to you. This may include, for

example, transferring personal information to our suppliers, legal advisers,

consultants and subcontractors operating outside the UK and the EEA. If we transfer

personal information outside the UK and the EEA, we will do so where one of the

following applies:

  • There is an adequacy decision by the UK Information Commissioner’s Office and/or the European Commission which means that the recipient country is deemed to provide adequate protection for such personal information.
  • Where the transfer of personal information is to a member of our group, and we have in place binding corporate rules with such member which safeguard the personal information.
  • Where we have in place standard model contractual clauses with the recipient which have been approved by the UK Information Commissioner’s Office. These model contractual clauses include certain safeguards to protect the personal information.
  • If such transfer is necessary to enable us to perform our contractual obligations to you, or if it is necessary to enable us to carry out steps at your request, with a view to entering into such a contract.

7. With whom do we share personal information?

We may share personal information with third parties in the following circumstances:

● We share your personal information with third party insurance providers, CRAs, FPAs, mortgage companies, lenders, and other service providers (or organizations acting on their behalf) in order to provide services you have requested or expressed an interest in.

We share your personal information with third parties which provide technical, administrative or professional services to us, including for example, IT, hosting, logistical, legal, or professional advisory or administrative services.

● We may share your personal information if we think it is necessary in order to comply with the law, regulatory or legal compliance requirements, or if we need to do so to protect, defend or enforce our legal rights, or the legal rights of others.

We may share your personal information with other members of our group, which are involved in the provision of our services, or which provide services to us.

● We may share your personal information for corporate reasons. For example, we may need to share personal information with third parties if we restructure our business, or if a third party wishes to invest in, or acquire the whole or part of our business.

 

8. Your Legal Rights (including Access to Your Data)

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Newable will only use your personal data when the law allows us to.

As an individual whose personal data is processed by Newable, you have the right to:

  • Be informed (which is the purpose of this Privacy Notice);
  • access the data Newable holds about you. Object to direct marketing (by contacting Newable at the address below or by email to dpo@newable.co.uk);
  • Object to any processing carried out on the basis of legitimate interest (to undertake the service that you would expect or in line with a contract);
  • Request erasure of data Newable holds about you (in some circumstances, this may not be possible if Newable has a legal obligation to retain it); and,
  • Request that your data be restricted or blocked from processing.

The General Data Protection Regulation (“GDPR”) includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete. An individual can make a request for rectification verbally or in writing and Newable has one calendar month to respond to a request.

You have the right to know if Newable is processing your personal data, and if so, to be provided with a copy of such personal data, along with other supplemental information, regarding the nature and scope of the processing.

It is important that such requests are handled fairly, ensuring that the application of those rights do not undermine other obligations, such as preserving the data protection or privacy rights of third parties, preserving any confidential duties and ensuring compliance with law enforcement activity.

To exercise any of these rights, write or email your request to Michael Walsh, Data Protection Officer at the address below or by email to dpo@newable.co.uk. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Newable will confirm to you that inaccurate personal data has been rectified or completed if it is incomplete.

9. Contacting You

Newable will only contact you if you’ve asked to be contacted or if your contact details are featured in a third-party contact list, in which you’ve been included by consent. You have the ability to opt-out of being contacted by Newable at any point.

We may contact you by phone, email, direct message, or SMS, with information about other products and services we offer, which are similar to those which we have provided to you, or which you have expressed interest in, such as services relating to investments, loans, business advice, or workspace solutions. You can opt out of receiving these messages at any time by, emailing us at: financeconfident@newablefinance.co.uk, or by following the instructions provided alongside the message we send you. You can also opt out by writing to us using the postal address set out below.

Newable also engages in business to business marketing activity.

10. Your Duty to Inform us of Changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes, by contacting us.

11. Storing Your Data

Newable will store your data securely and do its utmost to protect your data and privacy using suitable security technology.

In general, we will only keep your personal information for as long as we need to, in order to provide the services you have requested.

If we have collected personal information about you in order to carry out suitability checks for particular products or services, or to meet our compliance or regulatory requirements, we will delete your personal information once it is no longer needed for these purposes.

If we need to keep certain personal information for legal reasons, or if we are recommended by guidance to keep personal information for a particular period of time, we will retain such information for this period of time.

We will keep personal information about products and services we have previously provided to you, as well as your contact details, in order to send you marketing messages about products and services you may be interested in which are similar to ours, until you tell us that you no longer wish to receive these messages.

For other types of personal information which we collect in connection with the provision of services to you, we will retain this information for up to six years after our contract with you comes to an end.

Newable may contract with third parties to process your data on its behalf and they will do so in accordance with our principles and instructions and not for any other purpose. Newable will require any third parties with whom your data is shared, to comply with our company policy.

Newable will ensure that any third parties used in connection with the running of its website and services (for example, hosting providers) act according to its strict contractual obligations.

12. Changes to this Policy or Data Breach

Newable keeps this Privacy Notice under regular review and will publish any changes to this policy on its websites.

Where the changes to this policy are significant, Newable may also choose to email all of its registered users with the new policy.

Newable will also notify individuals of any data breach which affects you and will undertake incident investigation and corrective action to minimise the incident re-occurring.

13. Use of Cookies and Web Beacons (Pixels)

Newable will collect anonymised statistics using cookies and pixels.

A cookie is a small computer file containing letters and numbers, which a website may send to a user’s computer to improve their experience.

Newable uses cookies to:

  • collect anonymised data about the number of visitors to its website (and pages), so that it can improve the website and ensure that content is easy to find and engaging; and,
  • remember preferences for text size and colour, for example.

For information on controlling cookies visit:

https://www.aboutcookies.org.

A pixel is a small tracking image inserted into some of our marketing and communications to track engagement.

Newable uses pixels to:

  • collect anonymised data about the number of times an email has been opened and read (if at all), so that it can determine the impact of specific email campaigns; and,
  • collect anonymised data about when an email has been opened and read and the type of device used, so that it can better understand the customers it serves.

For information on pixels and other web beacons visit:

https://www.legislation.gov.uk/uksi/2003/2426/regulation/22/made

14. Anonymised Data

Newable will only share anonymised data or anonymised and aggregated data about its users with advertisers or other third parties.

15. Security Procedures and Staff Training

The GDPR requires Newable to follow strict security procedures when storing and disclosing information that you have given us, to prevent unauthorised access.

Newable will not sell, trade or rent your personal information.

Newable may provide aggregated data about its customers, sales, traffic patterns and related site information to reputable third parties but this data will never include personally identifying information.

Data processors given access to your data to provide services on behalf of Newable are subject to contractual restrictions to ensure that your data is protected. Your data will not be used independently by any such third party.

Newable reserves the right to access and disclose personally identifying information about you to comply with applicable laws, to comply with lawful government requests, to operate its systems properly and to protect its users.

All Newable staff are required to undertake and pass annual data protection and cyber security training. Where required, Newable will provide additional training to those areas of the business that Newable considers to be at a higher risk.

16. Data Retention

Newable will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements

To determine the appropriate retention period for personal data, we consider any applicable legal requirements, together with the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means.

17. Legal Information under the GDPR

For the purposes of the GDPR, Michael Walsh is the Data Protection Officer for Newable and can be contacted at:

Newable Limited, 140 Aldersgate Street, London, EC1A 4HY, United Kingdom.

Alternatively, you can email dpo@newable.co.uk.

Any queries regarding Newable’s use of data and its data policies should be addressed to the Data Protection Officer.

Newable Limited is registered in England under registration number 1653116.

For further information about Newable’s data protection processes, please refer to our separate data protection policy.

  1. Your Right to Complain

If you think that there is a problem with the way Newable handles your data or if you have a complaint, then please direct it to Newable’s Data Protection Officer, using the contact details set out in sections 8 and 9 of this Notice.

You also have the right to contact the Information Commissioner’s Office at:

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF with respect to a complaint regarding Newable’s use of your personal data.

February 2022