Your privacy matters to us and we ensure that we comply with the General Data Protection Regulation and Data Protection Act 2018 when storing or processing your data.
It’s important to us that you understand which data we collect, and how we use it, so that you can make informed decisions about providing your data to us. This privacy notice (also sometimes referred to as a “Fair Processing Notice”) has been written to help you to do that.
In this notice “we” and “us” refers to the Liberis Limited and its respective subsidiary and/or affiliated group companies. Liberis Limited is the data controller for the purpose of the General Data Protection Regulation and Data Protection Act 2018. We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this Privacy Notice. You can find details of our registered address, as well as how to contact our Data Protection Officer with questions regarding data protection or privacy, at the end of this notice.
As Liberis Limited is based in the United Kingdom, we have appointed Liberis Sweden AB (company number 559205-5494) to be our representative within the EEA. Their contact details are Birger Jarlsgatan 18, 114 34 Stockholm or contact them by emailing email@example.com.
Many of the individuals about whom we collect personal data provide it to us as representatives of a company or other legal entity that they own or that they are engaged by. References to “your business”, “your account”, “your application”, “your enquiry” and other similar terms below, are deemed to include references to the business, account, application or enquiry of the entity that you represent, as applicable.
This notice is for data that Liberis processes. For specific information on how Sage Pay processes personal information online and how it affects you, please see Sage Pay’s privacy notice.
The data we collect
You’re free to browse our website without providing us with any personal information. Please review our Cookies Policy here.
Data we collect, and how we use it
Our lawful basis and purposes for processing your data
We always ensure that we have a fair and legal basis for processing your data. Below we have set out our lawful bases for processing your data at various stages in your journey with us, alongside our purposes for processing your data. Where we are relying on our legitimate interests to process your data, the purposes for processing set out below are our identified legitimate interests. You can find out more about the various lawful bases for processing on the ICO website, https://ico.org.uk/, if this terminology is unclear.
We request that where possible you do not provide us with special category / sensitive data (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, or data concerning health, sex life or sexual orientation, or data relating to criminal convictions or offences). If we do receive such information, we endeavour to delete it where possible.
Data you provide directly to us
Data we collect indirectly or from third parties
We collect a variety of data about you from third parties. This includes the data listed below and may include other data that we notify you about from time to time.
Sharing data with third parties
In the process of providing you with a quote, in reviewing your application for one of our products, and in performing the contracts that we enter into with you, we may share your data with third parties. Details of these third parties are below. We will only share data with third parties where it is lawful for us to do so.
• We may share your details with Credit Reference Agencies if you apply for one of our products. Should you require further information regarding the use of data by Credit Reference Agencies in the UK, they have provided a shared document regarding their use of personal data – you can find it here: https://www.equifax.co.uk/crain.html
• We may share details of any breach of the terms of your agreement with us with credit reference agencies. In the case of a limited liability entity, we may report the directors and/ or shareholders and/or guarantors of such entity with credit reference agencies concerning any breach of the terms of your agreement with us.
• We share your data with Facebook so that we can create custom audiences for advertising campaigns. Facebook also process your data to measure the performance of advertising campaigns
• We use Sagepay and Go Cardless to store and process payment details only
• In the event of payment default, we may send your details to Azzurro (UK) who will represent us in collecting any outstanding debts.
• We hold customer data on the Salesforce Cloud platform. Salesforce do not use or look at your data, but their servers do hold the data.
• We hold customer data on the Microsoft Azure Cloud platform. Microsoft do not use or look at your data, but their servers do hold the data.
• We will share your information with Fraud Prevention agencies, and we (or they) may also allow law enforcement agencies to access and use this personal data to detect, investigate, and prevent crime.
• If your details were provided to us by a third party (such as a financial broker, or via a referral website) then we may provide updates regarding the status of your application back to them.
• If our business (or the majority of our company assets) is acquired by another party, your information will be part of the transfer of assets.
• If we sell or buy any business or assets, we may share your data with the prospective buyer or seller.
• Where we engage with third parties for the purposes of raising investment, we may provide data on a strictly need-to-know basis for due diligence purposes.
• We share your business name and contact details with other organisations that may offer you services of interest to you – but only if you explicitly provide us with permission to do so.
• We may share your data with other Liberis group companies for the purposes of managing your account.
We also disclose your data in the following circumstances:
We work with various third-party service providers:
• We share your information with payment processors that process financial transactions on your behalf.
• We use cloud computing providers to store your data, and to help us process your application efficiently.
• We may use third parties (e.g. mailing houses) to send you marketing or account information on our behalf. To do this we would need to provide them with your name and address or email address at a minimum.
• We use a third-party help and support system to help us respond to your questions quickly when you’re using our website, your data are shared here only when you request assistance.
• We may use third party contact centres to help us contact you by phone, and we would need to pass your information to them to enable them to reach you. They will additionally record the information that you provide to them and pass it back to us.
• We may use third party operational fulfilment centres to process some parts of your application.
• We use cloud based electronic signature providers during our application process, we will provide all details required to produce your contract to these providers in order to provide you with this service.
• We use a service provider who provides multi-touch attribution reporting and other services for us. This third party may have access to, or process Personal Data or Client Data as part of providing those services for us.
We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.
Information outside of the EEA
Liberis is an international company with operations in and outside of the EU and EEA and we use service providers in locations based outside of the EEA. If we transfer your information to a service provider in one of these locations, we will take steps to ensure your data and rights are protected through methods approved within the relevant Data Privacy laws. Please contact us if you would like further information about how we protect your information, please contact us at firstname.lastname@example.org
Non-Personally Identifiable Information
We may make non-personally identifiable information available to third parties for various purposes. This data maybe automatically collected and would be analysed to create an aggregated view of the data, ensure the reported information was anonymous.
We may also disclose information to third parties if you consent to us doing so.
Retention of your data
We’ll keep your data only for as long as we need to – that time period may be different in different circumstances. Here are our most common scenarios:
We’ll keep records of any financial transactions, and details regarding the information that you provided to us while making an application for one of our products, for a minimum of 6 years from the end of our relationship with you. We need to do this so that we can respond to any complaints or disputes.
We’ll keep the information that’s needed to provide you with the service that you’ve requested for as long as it takes us to provide the services and for 7 years from termination of the contract for provision of the services.
If you’ve asked us not to use your details for marketing purposes, we will need to keep some details to make sure our systems and processes reflect your preferences. We will implement your opt-out request as quickly as possible.
However, you may receive emails for up to 30 days, or marketing by post for up to 60 days, following your opt-out request. This is because our marketing campaigns are usually prepared about a month in advance, and it is often not feasible to remove an individual’s details after this point.
In addition, we will retain any data about you which we need in order to comply with our legal obligations (for example applicable UK tax law).
Consequences of processing
Should you choose not to provide us with your personal data, we will not be able to assess your eligibility for one of our products, and we will be unable to enter into a contract with you.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us – you’ll find all of our details in the “Contacting us” section of this notice.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
• Access to your personal data and to certain other supplementary information that this Policy is already designed to address
• Require Us to correct any mistakes in your information which we hold
• Require the erasure of personal data concerning you in certain situations
• Receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
• Object at any time to processing of personal data concerning you for direct marketing
• Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• Object in certain other situations to our continued processing of your personal data
• Otherwise restrict our processing of your personal data in certain circumstances
• Where consent is our lawful basis for processing your personal data, withdraw such consent
• Claim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the General Data Protection Regulation.
As part of the processing of your personal data, decisions may be made by automated means.
We may automatically decide that you pose a fraud or money laundering risk or if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity.
We make automated decisions based on the information that you provide, and that we gather from third parties, as part of your application to determine your financial profile. We may use automated decisions to provide you with a price reflecting your profile. The outcome of these automated decisions may mean that we do not approve your application for one of our products, or that our pricing is adjusted based on the information we have.
These automated decisions use a statistical process based on your historical transactions (details you have provided) and historical credit performance as a business and as an owner of a business (details you have provided and/or publicly available information). If you are an existing customer, the automated decisions will also take into account your performance of previous/current contractual obligations.
You have the right to request manual decision making in place of automated decision masking however this may mean we are unable to offer you are products. If you would like more information in relation to automated decision making: if you want to know more please contact us at email@example.com.
International data transfers
Whenever we, or anyone we share your data with, transfer your personal data outside of the United Kingdom or European Economic Area, we impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. We may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
The security of your information is important to us and we will do our best to protect your data.
Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk.
Once you provide the information to us, we store this information on our secure servers, and we have implemented reasonable administrative, technical, and physical security measures to protect against the unauthorised access, destruction or alteration of your information based on its sensitivity.
Our products are not for children and to qualify, you must be over eighteen (18) years of age. You must make sure the details provided by you on registration or at any time are correct and complete. You must inform us immediately of any changes to the information that you provided when registering by updating your personal details.
Changes to this privacy notice
We may amend this notice from time to time; should amendments be made they will be posted to our website. This privacy notice was last updated 09/03/2020.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or by telephone at 0303 123 1113.
The supervisory authority in Sweden is the Datainspektionen who may be contacted at https://www.datainspektionen.se/kontakta-oss/ or by telephone at (+46) 86576100.
Should you wish to contact us with any questions or concerns you may have regarding our privacy notice, to request any amendments to the data we hold about you, or to exercise any of your other rights listed in this notice, you can contact our Data Protection Officer using any of the following methods:
You can contact our Data Protection Officer via email using the following address: firstname.lastname@example.org
You can call our Data Protection Officer using this number: 0441276 944512
You can write to our Data Protection Officer at the following address:
11th Floor, 1 Lyric Square
Liberis Limited will be delivering the Business Cash Advance service. Sage Pay will receive a commission if you decide to take out this product through Liberis.
Business Cash Advance (Sage Pay Business Finance) is not an FCA regulated product.
Other options are available for business finance. You should carefully consider the total cost of finance and repayment terms to ensure you can afford the advance alongside your business expenses.