Privacy Policy
1. What is the purpose of this policy?
3. How we use your personal data
4. The data we collect about you (from third parties)
7. Open Banking
8. Who we share your personal data with
10. How long we will retain your data for
12. Policy updates
1. What is the purpose of this policy?
Adelpha Capital Ltd (Adelpha Capital”, “we”, “us” and “our”), are committed to protecting and respecting your privacy. This policy (together with our Terms of Use and any other policies referred to in it) sets out the basis by which we process your personal data, what we do with your personal data, how we look after your personal data and what your rights are over your personal data. Please read this policy carefully to ensure you understand our practices regarding your personal data and how we will treat it. By visiting our website (www.adelphacapital.com) you are accepting and consenting to the practices set out in this policy.
For the purposes of the Data Protection Act 2018 the data controller is Adelpha Capital Ltd of 59 Middleton Road, London, E8 4EE. We are registered with the Information Commissioner’s Office (ICO) to process your personal data and our registration number is ZA328152.
2. Contact details
If you have any questions about this privacy policy, you can contact us in the following ways:
-
Email address: hello@adelphacapital.com
-
Postal address: 59 Middleton Road, London, E8 4EE
-
Telephone number: 02071128123
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to address your concerns before you approach the ICO so please contact us in the first instance.
3. How we use your personal data
We will only use your personal data when the law allows us to. The most common bases for processing your data are the following:
-
The processing is necessary under a contract we have with you, or is necessary in order to enter into a contract with you;
-
Where we need to comply with a legal obligation; or
-
Where it is necessary for our legitimate interests.
What do we mean by ‘legitimate interests?
There are some processing activities which do not fall within other lawful bases (e.g., it’s not a legal obligation or contractual requirement) but are still necessary for a legitimate purpose that we are trying to achieve (such as sending you a letter about a new product). This isn’t a catch-all that allows us to process your data for any reason, we can only rely on this lawful basis if it’s necessary to achieve a particular purpose and if we’ve balanced our interests against yours.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, along with the lawful basis on which we will do so. We have also identified what our legitimate interests are where appropriate.
Processing | Lawful basis |
|---|---|
Arrears management (including the instruction of third parties) | Necessary under our contract with you |
Complaints handling | To fulfil our legal/regulatory obligations |
Anti-Money Laundering checks | To fulfil our legal/regulatory obligations |
Fraud Prevention Agency checks | As a prerequisite of entering into a contract with you |
Credit Reference Agency checks | As a prerequisite of entering into a contract with you |
Marketing our products and services to you (which you can choose to opt-out from) | For our legitimate interests in the direct marketing of our products and services |
Setting up, administering and managing our customers’ accounts | Necessary under our contract with you |
Where you are a sole trader, beneficial owner, director or a guarantor, conducting personal credit, fraud and KYC checks | In order to enter into a contract with you and to comply with our legal obligations |
Incoming payments, debit card payments and funding | Necessary under our contract with you |
Application details to conduct a creditworthiness assessment | To work out product eligibility as a required step of entering into a contract with you |
In some instances, we may use your data in ways that are not described above. However, we will inform you before doing so.
4. The data we collect about you (from third parties)
We may receive personal data about you from third parties under the following circumstances:
-
If you are the borrower, or main guarantor for your company, we receive information about your financial standing (including your credit score and repayment history) and address history from credit reference agencies. We will also receive information from fraud agencies on any fraudulent activity reported by other financial institutions (this will include instances in which you were a victim of fraud);
-
If you are an additional guarantor, your name, date of birth and contact details would have been provided to us by the main guarantor. We will also collect the information listed above from credit reference and fraud agencies;
-
If you are a director or beneficial owner of one of our customers, your name, date of birth and address will have been provided to us by the main guarantor;
-
If your application was referred to us by one of our partners or brokers, then they will provide us with all information required in order to make a decision;
-
If you link your bank account as part of a credit application, we will receive the transaction history on your account directly from your bank;
-
If you are financially associated with a borrower or guarantor (via a joint bank account or mortgage, for example), we will also receive information about your financial standing from the credit reference agencies; and
-
We obtain marketing data from third party lead generators. If your business is included in this data, it may also include your name and contact details.
5. Credit reference agencies
In order to process your application (or an application for a credit facility which you will guarantee), we will receive credit and identity checks on you with one or more credit reference agencies (Equifax and Experian).
To do this, we will supply your name, date of birth and address history to the credit reference agencies and they will give us information about you. Credit reference agencies will supply to us both public (including electoral register) and shared credit, financial situation, financial history, and fraud prevention information.
We will use this information to:
-
Assess your creditworthiness and whether your business can afford to take the product;
-
Verify the accuracy of the data you have provided us;
-
Prevent criminal activity, fraud and money laundering;
-
Manage your account(s), including conducting ongoing credit checks to ensure that you or your business remains eligible for the agreed credit facility;
-
Trace and recover debts; and
-
Ensure any offers we provide are appropriate to you and your business’ circumstances.
When credit reference agencies receive a search request, they will place a search footprint on your credit file that may be seen by other lenders.
The identities of the credit reference agencies, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the credit reference agencies are explained in more detail at www.equifax.co.uk/crain and www.experian.co.uk/legal/crain.
6. Fraud prevention agencies
Before we provide financing to your business, we undertake checks for the purposes of preventing fraud and money laundering, and to verify the identity of the guarantors. These checks require us to process personal data about you if you are a guarantor.
The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
Details of the personal information that we will process include, for example: name, address, date of birth, contact details, financial information, employment details and device identifiers including IP address.
We and fraud prevention agencies may also enable enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the financing your business has requested.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
7. Open Banking
In the event of any conflict with any other clause, this clause shall prevail.
What is Open Banking?
Open Banking is the secure way of providing access to your bank or building society account to providers who are registered for this purpose.
Registered providers and participating banks and building societies are listed under the Open Banking Directory.
Open Banking was set up by the UK Government to encourage more competition and innovation in the financial services sector.
As a forward-thinking lender, we support the use of Open Banking as it allows us to process loan applications efficiently, securely and in our consumer’s best interests.
By permitting access to your bank or building society account information we are able to make a better lending decision as we shall be able to verify your income, outgoings and other matters in order to assess what loan terms would be suitable for you based upon what you can reasonably afford to repay.
Further information about Open Banking is available from www.openbanking.org.uk.
How will my personal data be shared and used for the purposes of Open Banking?
By proceeding with your loan application via our website you expressly consent to us sharing your personal, contact and loan application details (“the Shared Personal Data”) with our registered Open Banking partner, Perfect Data Solutions Limited (“PDS”) who are also a credit reference agency. During your loan application we shall safely and securely direct you to PDS’s secure portal (“the Portal”) for the purposes of granting PDS access to your bank or building society account information (“Transaction Information”). As soon as your Transaction Information is received it shall be reported back to us in the form of a completed search in order that we may continue to process your loan application (“the Permitted Purpose”).
Further information about PDS including their registered provider and regulatory status is available from www.lendingmetrics.com.
Is Open Banking secure?
PDS are registered under the Open Banking Directory as an account information service provider and are also regulated by the Financial Conduct Authority as a payment services firm under number 802599. Any data you submit via the Portal will be encrypted and its usage tracked as part of set Open Banking data security standards.
We are responsible for the secure transmission of any Shared Personal Data to PDS, for safely directing you to the Portal and for the safe receipt and usage of your Transaction Information.
You will not be required to share your banking password or log in details with either us or PDS. Once you have given your explicit consent to share your bank account information on the Portal you will be directed to your own bank or building society’s login page where you will enter in your own login details directly.
Save as set out above or elsewhere in this Privacy Policy, we are not responsible for your direct data transmissions with PDS or with your own bank or building society.
How will my Shared Personal Data and Transaction Information be used?
PDS shall, subject to their own terms and conditions and privacy policy, and, if your bank or building society is registered to provide access under the Open Banking Directory, obtain your Transaction Information and submit this back to us for the Permitted Purpose. By way of example, the Transaction Information that we shall receive is likely to include information relating to your income, outgoings and credit worthiness.
PDS shall be entitled to re-access your Transaction Information for up to 90 days from the date of your original search result in order to refresh the search results, obtain a snapshot of your data or gather additional data.
PDS shall hold the Shared Personal Data and the Transaction Information they receive and retain according to their own terms and conditions and privacy policy, available on the Portal, which you will be required to read and consent to once directed there via our website.
As PDS are also a credit reference agency they may also share and keep a record of your Shared Personal Data and Transaction Information.
Will you use my Transaction Information data for any other purpose?
The Transaction Information we receive about you will only be used for the Permitted Purpose. We do not sell or share Transaction Information with any third party.
Save as set out above the information contained in the rest of this Privacy Policy deals with how we collate, use, transfer, store, delete and other terms applicable to your personal data including Shared Personal Data and Transaction Information.
Do I have to provide you with my consent to proceed?
You are not required to provide us with viewing access to your bank account transaction information (Transaction History) or internet banking access details. You may still be allowed to apply for a loan with us if you do not provide us with this information. However, if you do, it will help us make an informed decision about whether we can lend to you.
Where your bank or building society has already permitted access to your Transaction Information you shall need to contact them directly in order to withdraw your consent under their particular Open Banking terms and conditions.
Are any of my other rights under this Privacy Policy affected?
Your individual data protection and privacy rights including the right to access, correct, delete, object, restrict, withdraw consent, request transfer and/or make a complaint, continue to apply to relevant personal data we control or process and are dealt with elsewhere in this Privacy Policy.
Under Open Banking as your personal data is shared by your bank or building society and accessed by PDS you may also be able to exercise your individual data protection and privacy rights against either of them pursuant to their own terms and conditions and privacy policies.
8. Who we share your personal data with
In addition to the credit reference and fraud prevention agencies described above, we may also share your personal data with the following third-party data processors who will assist us in providing our services to you:
-
Providers of software platforms (such services will include email, data analytics, identity verification, lead management, hosting and data storage);
-
Outsourced service providers who process some of our applications and help us make fast decisions;
-
Providers of telecommunications and postal services; and
-
Social media sites, for the purposes of conducting market research and running marketing campaigns (it is important to note that, when sharing data with these sites, we ensure that your data is only used in accordance with our instructions).
If your details were originally passed to us via a partner, broker or other such referral platform, we may report your application outcome and loan status back to that platform. Likewise, you may also agree to us introducing you to other lenders, in which case, we may pass information about you and your business (and other information in support of your application) to those lenders.
We instruct third parties to act on our behalf in order to collect an outstanding debt. This can include debt collectors, lawyers, tracing agents, process servers and enforcement officers.
Your personal data will be shared within the Adelpha group of companies and details of our loan book are also shared with our investors and third parties acting on their behalf. This data can include details of guarantors (including their credit score).
9. International transfers
Some of the data processors we use are outside the EU, or may host your personal data outside the EU. Whenever we transfer your personal data out of the EU, we ensure a similar degree of protection is afforded to it
10. How long we will retain your data for
The period for which we may retain data about you will depend on the purposes for which the data was collected, whether you have requested deletion of the data, and whether we have any legal or regulatory obligation to retain the data. We will not retain data about you for longer than is necessary to fulfil the purposes for which the data was collected. We will typically keep your data for up to 10 years after you last had an active account or product with us, or 7 years after you made or started an application. We may keep your personal data for a longer period where it is necessary for legal, regulatory or operational purposes.
11. Your legal rights
You have rights under the data protection laws in relation to your personal data.
Please click on the links below to find out more about these rights:
Where the lawful basis for processing your personal data (see section 3 above) is your consent, then you will also have the right to withdraw your consent at any time. If you wish to exercise any of the rights set out above, please call, email or write to us. When you do so, we may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within two months. Occasionally it could take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
12. Policy updates
We reserve the right to update this policy to reflect any changes to the way in which we collect, process or share your personal data, or to reflect any legal requirements. When we make any changes, we will upload the new version to our site. The new version will take effect as soon as it is uploaded.
This policy was last amended in March, 2022 and supersedes any earlier versions.