GDPR Policy
Table of Contents
- 1. Introduction
- 2. Data Controller
- 3. What Personal Data We Collect
- 4. Legal Basis for Processing
- 5. How We Use Your Personal Data
- 6. Who We Share Your Data With
- 7. International Transfers
- 8. Data Retention
- 9. Your Rights Under GDPR
- 10. Data Security
- 11. Credit Reference and Fraud Prevention Agencies
- 12. Marketing Communications
- 13. Cookies and Website Analytics
- 14. Changes to This Policy
- 15. Complaints
- 16. Contact Us
1. Introduction
Liverpool Commercial Finance (“we”, “us”, or “our”) is committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all applicable data protection legislation.
This GDPR Policy explains how we collect, use, store, and protect your personal data, and outlines your rights as a data subject.
2. Data Controller
Liverpool Commercial Finance is the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, please contact us:
Data Protection Contact:
Email: compliance@liverpoolcommercialfinance.co.uk
Address: 49 Jamaica Street, Liverpool L1 0AH
3. What Personal Data We Collect
Depending on our relationship with you, we may collect and process the following categories of personal data:
3.1 Client and Prospective Client Data
- Personal identification information (name, date of birth, contact details)
- Financial information (income, credit history, bank details, business accounts)
- Employment and business information
- Identification documents (passport, driving licence, utility bills)
- Information obtained from credit reference agencies
- Records of communications with us
3.2 Website Visitors
- IP addresses and device information
- Browser type and version
- Pages visited and time spent on site
- Referral sources
- Cookie data (subject to cookie preferences)
3.3 Business Contacts and Suppliers
- Name, job title, and business contact details
- Professional information relevant to our business relationship
- Payment and invoicing information
3.4 Employee and Contractor Data
- Information necessary for employment, payroll, and HR purposes
- This data is covered under separate employee privacy notices
4. Legal Basis for Processing
We process your personal data under one or more of the following legal bases:
- Contractual Necessity: To perform our obligations under a finance agreement or to take steps at your request before entering into a contract
- Legal Obligation: To comply with regulatory requirements, anti-money laundering legislation, and other legal duties
- Legitimate Interests: To pursue our legitimate business interests (such as improving our services, fraud prevention, and direct marketing) where these do not override your rights and interests
- Consent: Where you have given explicit consent for specific processing activities (you may withdraw consent at any time)
5. How We Use Your Personal Data
We use your personal data for the following purposes:
- Assessing and processing finance applications
- Providing financial services and managing client accounts
- Conducting credit checks and fraud prevention
- Complying with legal and regulatory obligations (including anti-money laundering checks)
- Communicating with you about our services
- Improving our products, services, and website
- Marketing our services (where you have consented or we have a legitimate interest)
- Maintaining business records and accounts
- Defending or pursuing legal claims
We may share your personal data with the following third parties:
- Credit reference agencies (such as Experian, Equifax, TransUnion) for creditworthiness assessments
- Fraud prevention agencies for identity verification and fraud detection
- Lenders and financial institutions to facilitate finance arrangements
- Professional advisers including lawyers, accountants, and auditors
- IT service providers who support our systems and website
- Regulatory bodies including the Financial Conduct Authority (FCA) and HMRC
- Law enforcement agencies when required by law
We ensure all third parties respect the security of your data and treat it in accordance with the law. We only permit them to process your data for specified purposes and in accordance with our instructions.
7. International Transfers
We primarily store and process data within the UK. If we need to transfer your data outside the UK or European Economic Area, we will ensure appropriate safeguards are in place, such as:
- Standard contractual clauses approved by the UK authorities
- Transfers to countries with adequacy decisions
- Other lawful transfer mechanisms
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
- Active client records: Duration of the relationship plus 7 years (to meet regulatory and tax obligations)
- Unsuccessful applications: Up to 6 years (for potential claims and regulatory purposes)
- Marketing data: Until you withdraw consent or we determine it is no longer relevant
- Website analytics: Typically 26 months
Some data may be retained longer if required by law or for legitimate business purposes such as defending legal claims.
9. Your Rights Under GDPR
You have the following rights regarding your personal data:
9.1 Right of Access
You can request a copy of the personal data we hold about you (Subject Access Request).
9.2 Right to Rectification
You can ask us to correct inaccurate or incomplete personal data.
9.3 Right to Erasure (Right to be Forgotten)
You can request deletion of your personal data in certain circumstances, though this may be limited by legal retention requirements.
9.4 Right to Restriction of Processing
You can ask us to restrict processing of your data in certain situations.
9.5 Right to Data Portability
You can request your data in a structured, commonly used format to transfer to another provider.
9.6 Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes.
9.7 Rights Related to Automated Decision Making
You have rights regarding automated decision-making and profiling, including the right to request human intervention.
9.8 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, please contact us at compliance@liverpoolcommercialfinance.co.uk
We will respond to your request within one month, though this may be extended by two further months for complex requests.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:
- Encryption of data in transit and at rest
- Regular security assessments and updates
- Access controls and authentication measures
- Staff training on data protection
- Secure backup and disaster recovery procedures
- Confidentiality agreements with staff and third parties
11. Credit Reference and Fraud Prevention Agencies
When you apply for our services, we will share your personal data with credit reference agencies (CRAs) and fraud prevention agencies (FPAs). They will use this information to:
- Assess creditworthiness and verify identity
- Detect and prevent fraud and money laundering
- Trace debtors and recover debt
- Manage accounts
The CRAs and FPAs will keep records of our enquiries, and this may be seen by other organisations that make searches. This could affect your ability to obtain credit elsewhere.
If you provide false or inaccurate information or we suspect fraud, details may be passed to fraud prevention agencies and may be recorded and shared with other organisations to prevent fraud and money laundering.
12. Marketing Communications
We may use your contact details to send you information about our products and services that may be of interest to you. We will only do this:
- Where you have consented to receive marketing, or
- Where we have a legitimate interest and you have not objected
You can opt out of marketing communications at any time by:
- Clicking the unsubscribe link in any marketing email
- Contacting us at admin@liverpoolcommercialfinance.co.uk
- Writing to us at our postal address
13. Cookies and Website Analytics
Our website uses cookies to improve your browsing experience and analyse website traffic. For detailed information about the cookies we use and your choices, please see our Cookie Policy available on our website.
14. Changes to This Policy
We may update this GDPR Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on our website at liverpoolcommercialfinance.co.uk, and the “Last Updated” date at the top of this policy will be revised.
For significant changes, we will notify you by email or through a prominent notice on our website.
15. Complaints
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
We would appreciate the opportunity to address your concerns before you contact the ICO, so please contact us first at compliance@liverpoolcommercialfinance.co.uk
16. Contact Us
If you have any questions about this GDPR Policy or how we handle your personal data, please contact us:
Liverpool Commercial Finance
49 Jamaica Street
Liverpool L1 0AH
Email: compliance@liverpoolcommercialfinance.co.uk
General enquiries: admin@liverpoolcommercialfinance.co.uk