Privacy Policy

Last updated: 07/03/2022

This Privacy Policy explains and governs how, when, what and whose personal data we collect; how and why we use your personal data; and your privacy rights in general, including how to control your personal data and how you are protected under data protection law. We commit to protect your data and keep it safe and secure at all times.

This Privacy Policy applies to personal data that we collect through the Approvity website ( ) ("Website"), when you submit an application for funding through Approvity directly or through one of our brokers/partners or when you contact us through other mediums, such as by telephone or email. This Privacy Policy will be updated from time to time to comply with the applicable laws and regulations and to meet our changing business requirements. You are advised to periodically review this Privacy Policy for the latest amendments. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

If you have any queries/comments on this Privacy Policy, you can contact us on (including our Data Protection Officer) using the details at the bottom of the Privacy Policy.

Quick links

We recommend that you read this Privacy Policy in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Policy, then you can click on the relevant link below to jump to that section.

What Does Approvity Do?
Your Protection Under The Law
Types and Sources of Personal Data
Not Providing Your Personal Data
Third Parties We Share Your Personal Data With
Credit Reference Agencies (CRAs)
Fraud Prevention
Automated Decisions
Overseas Transfers
Keeping Your Personal Data Secure
Period of Time we Can Retain Your Personal Data
How to Access Your Personal Information
How to Contact Us
Linked Websites

What does Approvity do?

Approvity is a trading name of Fleximize Limited (ZA021338). We act as a lender and a broker.

“you” means a customer, broker or a partner submitting an application for funding through Approvity.

Fleximize Limited (ZA021338) is part of the Alterium Group of Companies, made up of Alterium Limited (ZA021336), Fleximize Capital Limited (ZA244436), Fleximize Services Limited (ZA046956), Fleximize Technology Services Limited (10381710) and Flexicard Limited (10223497). Fleximize Limited (ZA021338) is the data controller for the personal data collected when you submit an application for funding through Approvity website ( ), or via our brokers/partners or when you contact us through other mediums, such as by telephone or email (hereinafter referred to as "Approvity” “we” or “us”) and may share your personal data with the other Group Companies (see below).

Your protection under the law

Under applicable data protection laws, we are authorised to use your personal data only if we have an appropriate reason for doing so and this will depend on the personal data concerned and specific context in which we collect it. Generally, this is likely to be based on one or more of the following:

  • Your consent;
  • Our legal duty;
  • Fulfilling our contractual obligations; and/or
  • Based on our legitimate interest to do so, which does not override your rights.

We will rely on legitimate interest only where we (or a third party) have a business or commercial reason to use your personal data. We have set out below examples of when and for what purpose we rely on our (or a third party's) legitimate interest as a basis to process your personal data. We also set out any other legal basis we rely upon in relation to that particular processing.

Purpose for which your personal data is used. Our / a third party's legitimate Interests The legal basis/bases we rely on
  • Managing and maintaining of our ongoing relationship with your business.
  • Updating our records, developing new products and services, working on new pricing and providing you with updates on it.
  • Our legitimate interests.
  • Your consent.
  • Fulfilling our contractual obligations.
  • Performance of our marketing functions, including sending you marketing materials.
  • Sign post the products and services of third-party partners as part of the member benefit scheme in the member’s area.
  • Where we have a legitimate interest in sending your business marketing material, such as in order to provide you with information on new products or services.
  • Our legitimate interests.
  • Your consent, where legally required for marketing activities.
  • Developing new marketing strategies.
  • Developing and maintaining customer, broker and partner’s relationship, their needs and developing strategies for business growth.
  • Analysis of customer, broker and partner’s use of our products and services and those of our third parties.
  • In order to meet customer, broker and partner’s need and develop and grow our business.
  • In order to improve and develop our products and services.
  • Our legitimate interests.
  • Our legal obligation.
  • Fulfilling our contractual obligations.
  • Managing, developing and testing new products and services and ongoing maintenance of our brand.
  • For ongoing maintenance of our relationships with third party service providers to both ourselves and our customers, broker and partners.
  • Developing new products and services, defining the customers, brokers and partners for which they are relevant and determining the pricing.
  • To manage our relationships with third party service providers, to ensure that our requirements continue to be met.
  • Fulfilling contractual obligations.
  • Our legitimate interests.
  • Our legal obligation.
  • Promoting and delivering our products and services.
  • Performing credit checks on applicants, directors, partners, shareholders and any linked “financial associates” (i.e., person who may have joint personal financial arrangement such as joint accounts or joint credit applications, which may be the spouse or partner).
  • To process loan applications and rejected loan applications.
  • In order to meet customer, broker and partner’s need and develop and grow our business.
  • In order to progress customer applications and make decisions in relation to the services/products that we are able to offer.
  • To manage our customers' accounts and keep a record of transactions.
  • In order to take necessary steps with regard to our financial position as a business.
  • Fulfilling contractual obligations.
  • Our legitimate interests.
  • Our legal obligation.
  • Obtaining your consent on certain matters via your appointed representative, partner or broker, such as where legally required in order to share your data with a third party (e.g., to make a referral to another lender where a loan has been rejected).
  • To fulfil our obligations in the prevention of financial crime including fraud and managing the risk.
  • To adhere to all laws and regulations applicable to us.
  • Complaints management.
  • In order to detect or prevent illegal activities.
  • Developing ways to deal more efficiently with financial crime whilst fulfilling our legal duties.
  • In order to deal with customer, broker or partners’ complaints.
  • Fulfilling contractual obligations.
  • Our legitimate interests.
  • Our legal obligation.
  • Efficient management of the business including day to day operations, corporate governance and audit.
  • To provide our products and services to customers, brokers or partners including to manage accounts and communicate with customers directly regarding queries.
  • To liaise with third parties as necessary in order to provide our products and services.
  • For corporate governance purposes, including to carry out regular audits in relation to our business.
  • Fulfilling contractual obligations.
  • Our legitimate interests.
  • Our legal obligation.
  • To exercise our rights set out in agreements or contracts.
  • Fulfilling contractual obligations.
  • To process biometric data (facial recognition and voice recognition) as part of identity check conducted by a third party.
  • Consent.
  • Our legal obligation.
  • Fulfilling our contractual obligations.

Types and Sources of Personal Data

During your interaction with us, we collect different kinds of personal data on you, your business and your linked associates directly from yourself or via a broker or partner whilst submitting an application through Approvity website or platform. Below is a list of all the different types of information we collect:

Personal data Description
Financial Information The financial position of your business, (i) your personal position, credit status and history (ii) credit history of any linked financial associates i.e person with whom may have or had a joint personal financial arrangement such as joint accounts or have made joint credit applications which may be your spouse or partner (not a business partner). We may check the records, including the credit details of other individuals acting as personal guarantors to the loan application. (iii) if the applicant is a limited company, the credit history and status of each director and shareholder and their financial associates. (iv) if the applicant is a sole trader or a partnership, the credit history of the sole trader or each partner and their financial associates. The financial information we may access through our trusted partner will cover your business data, customer data, supplier data, invoice (sales invoice) data, bill (purchase invoice) data, credit note data, payments data, profit & loss data, balance sheet, financial statement, VATs including obtaining bank statements through open banking.
Contact Details The registered and trading address of your business, personal and business phone number supplied and email address of applicants, directors, partners, shareholders and linked associates and ownership status.
Profile and Usage Data This includes the member area that we set up when your loan application is successful and the profile you create to identify yourself when you connect to our internet services. It also includes other data about how you use those services. We gather this data from devices you use to connect to those services, such as computers and mobile phones, using cookies and other internet tracking software (see below section on "Cookies").
Transactional Details Details about payments to and from your bank account, bank statements you submit to us through our portal or our trusted partner. All payments made by the business and yourself to us. Management Information or additional information you provide to us as part of the application you submit to us.
Products and Services Information on the financial products and services we have provided to you, e.g., amount of loan, purpose and term from our partners.
Location Location and device data from which you are applying for a loan, i.e. your phone, the IP address on connecting to your internet, the operating system and the browser type.
Technical Details on the devices and technology you use to apply for a loan with us, browse our website and manage your account.
Communications Includes all exchanges between yourself and us including letters, emails, face-to-face interactions and telephone conversations (included by way of recorded calls).
Public Records Details about your business, yourself, your financial associates; details about you that are in public records such as companies house, electoral register; and information about you that is openly available on the internet.
Identification and Verification Data Details about you that are stored in documents in different formats, or copies of them. This could include documents such as your passport, drivers licence, utility bills or other verification of residential address or date of birth and may extend to other directors, shareholders and partners and their linked financial associates.
Consents Any permissions, consents or marketing preferences that you provide to us.

We may collect personal data about you and your business when you are:

  • Applying for a loan via our website;
  • Applying for a loan through our brokers and partners
  • Speaking to us face to face or on the telephone;
  • Browsing our website and using webchats;
  • Using emails, letters and sms to communicate with us;
  • Completing our customer surveys or participating in any of our competitions or promotions; and
  • When you inform us of your marketing preferences.

In addition to the above, we can also access your personal data from a number of third parties we work with such as third party brokers, affiliates and other third-party introducers that introduce you to us, credit reference agencies (CRAs), comparison websites, social networks such as Facebook, Twitter and LinkedIn, Land Registry, property search engines, Companies House and Creditsafe, debt recovery agents, external solicitors for loan arrangement and debt recovery, market research agents, and law enforcement agencies.

Not providing your personal data

We may need to collect personal information by law, or under the terms of a contract we have with you. If you choose not to give us this personal data, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts. It could mean that we cancel a product or service you have with us. Any data collection that is optional would be made clear at the point of collection.

Third Parties we Share Your Personal Data With

We may disclose your personal data to third parties. We will take all the necessary steps required to ensure that any transfer and ongoing processing by those third parties is carried out securely and in accordance with applicable data protection regulation and privacy laws. Examples of the third parties we share your information with are as follows:

  • Our group companies or any of our third parties who otherwise process personal data for purposes that are described in this Privacy Policy or other Lenders' Privacy Policies or notified to you when we collect your personal data;
  • Third-party brokers or third-party lenders or other trusted partners to whom we may refer your application for credit;
  • Third party trusted partners from whom you may be interested to receive products and services if you have provided your consent;
  • Our suppliers, sub-contractors, and third-party data processors (including payment processors, marketing and data analytics service providers, debt collection agents, tracing agents, insolvency practitioners, professional advisers and third parties who provide us with the following services from time to time: identification and fraud check, marketing, technology, document readers,back-up and business continuity);
  • Third party we use to process your biometric (facial recognition and voice recognition) data;
  • Third party platform we use to facilitate electronic signatures of our documents including agreements.
  • Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • HM Revenue & Customs, regulators, and other authorities;
  • CRAs, namely Equifax, Transunion (more information on this can be found below);
  • Fraud prevention agencies namely National Crime Agency;
  • Companies that we have an agreement to co-operate with;
  • Organisations or individuals that introduce you to us;
  • Third party brokers, affiliates and other partners that introduce leads to us;
  • Organisations you ask us to share your data with;
  • If you have an application for a secured loan, we may share information with other lenders who also hold a charge on the property; and
  • If we decide to sell, transfer, assign, merge, acquire other businesses or change group structure, we may share your personal data with other parties that have the required standards of data protection.

Credit Reference Agencies (CRAs)

We and the Lenders we match your application with, may carry out credit and identity checks on the individuals as mentioned below with at least two CRA when you apply for funding for your business through us.

On submitting the application through Approvity, you agree that you have provided a copy of the privacy policy and obtained the full consent of all parties including the directors, partners, mortgagors, co-mortgagors, shareholders, personal guarantors and any linked “financial associates” i.e. a person with whom you may have had or have a joint personal financial arrangement such as joint accounts or have made joint credit applications which may be your spouse or partner, or civil partner for credit checks to be performed. You also consent to Approvity sharing the credit data of all parties herein mentioned with your Introducer to assist in assessing the application based on Approvity’s and Lenders’ criteria.

Whilst some lenders may conduct quotation searches which does not leave a footprint on your credit file, other lenders may conduct full company searches and director searches, which will not impact your personal credit score but may impact your ability to obtain credit as they are visible to other lenders.

If you want to have more details about the type of searches a lender performs, you can request a copy of their privacy policy by emailing us on

You acknowledge by submitting the application that you have obtained the consent of the relevant parties and have read the privacy policy. If the applicant is a sole trader, we or the lenders, we pass the information to check, may check their financial associate. If the application is for a general partnership, we and/or the lenders may check each partner and their financial associate. Where the application is for a limited company, we may check each director, shareholders, personal guarantors including financial associates.

You acknowledge that CRAs will link your records of you and anyone that you have advised is a financial associate (e.g someone with whom you have a joint credit account) including previous and subsequent names of parties to the account. Links between financial associates will remain on your, and their credit reference files until such time as you or partner successfully files for a disassociation with the credit reference agencies.

We and/or the lenders may share personal information such as name, residential address, previous residential addresses, date of birth, telephone number, email address of directors, shareholders, personal guarantors, mortgagors, co-mortgagors, linked associates including business details with the CRAs. The latter will provide us and other lenders with the financial situation and credit history information on the business and the individuals including their linked financial associates. Public information from the electoral register, companies house, county court judgments, bankruptcies and fraud prevention/anti money laundering information will also be provided.

Approvity and the Lenders will use the information received from the CRAs to:

  • Assess the creditworthiness of the business, directors, personal guarantors, mortgagors, co-mortgagors, shareholders and your financial associates.
  • Verify the details on your application and ensure what you have told us is accurate;
  • Verify your identity and that of your financial associates and undertake checks for the prevention and detection of crime, fraud and money laundering;
  • Manage your accounts with us; and
  • Trace your whereabouts and recover debts that you owe to them.

Where you borrow from us, we will give details of your accounts and how you manage it to CRAs. We will continue to share your personal information with CRAs if you are our customer, and these will include information on your loan, current balance and repayment history.

The above information may be shared by the CRAs with other lenders who may want to check your credit status and that of your business.

Whilst some lenders undertake quotation searches which do not leave a footprint on your quotation search, others may undertake full company and director search which leave a footprint but do not impact your personal credit file. However, it may impact your ability to obtain credit as they are visible to other lenders.

Where you are making an application with someone else or you tell us you have a spouse, partner or civil partner or that you are in business with other partners or directors, we or the other lenders we pass your information to, may link and search information about you and your associates at the CRAs.

CRAs will also link your records together and these links will remain on your credit files until you or financial associate provides proof to the CRAs that you are no longer financially linked.

You can contact the CRAs currently operating in the UK in order to check the information they hold about you. The information they hold may not be the same, so it is worth contacting them all. Below are links to the Credit Reference Agency Information Notice which provide information about them, the data they hold, how it is shared, and your data protection rights.

Transunion Equifax Experian

Fraud Prevention Agencies

Where we suspect fraud or money laundering, we and the CRA may share your personal data including the individuals associated with your application with Fraud Prevention Agencies, FPA and other organisations involved in crime and fraud prevention including law enforcement agencies.

As far as fraud and money laundering prevention is concerned, we shall keep your data for as long as we exist, provided this is in accordance with applicable laws. However, the CRAs and the fraud prevention agencies may keep them for a different length of time.

We may submit the information you provide to us through our automated system that will identify fraud patterns and indicate unusual activities for you and your business. Either of these could indicate a possible risk of fraud or money-laundering and where that is the case, we will reject your application or may refuse to provide services to you and report it to the National Crime Agency and the FPAs accordingly. We and the CRAs may keep a record of the risk you or your business pose to our business. A record of any fraud or money laundering risk will be retained by the FPAs and may result in others refusing to provide services, financing or employment to you and the individuals associated with your application.

Automated Decisions

We may make automated decisions (including profiling) based on personal data we hold about your business, yourself, directors, shareholders, personal guarantors and any linked associates. Automated decisions assist us in making decisions which can affect the products, services and pricing and these decisions may legally affect you or similarly significantly affect you.

Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. Examples of automated decisions are as follows.

(i) Approving Credit

We use an automated system to run your application through our lender’s initial lending criteria to determine if they are able to provide funding to your business. Your application will either be accepted or rejected based on the criteria set by ourselves and the lenders. We also use credit data to assess the creditworthiness of your business and the likelihood you will pay back any money you borrow. This includes data about your credit history and that of your business. In addition to the credit score of the directors and that of the business, we may also consider additional information including other financial information to be able to reach an overall decision to lend.

(ii) Statistical Analysis

We may carry out periodic statistical analysis or testing to ensure the accuracy of existing and future products and services. To that effect, we may place you in segments to understand our customers’ needs and manage our relationships with them.

(iii) Prevention of Money Laundering

We including the lenders may use personal data to (i) verify your identity, the directors, partners, shareholders, personal guarantors and that of your financial associates (ii) undertake checks for the prevention and detection of crime, fraud and/or money laundering (iii) identify if your personal or business information have been used for fraud or money laundering purposes and where we believe that there is such a risk, we will report our suspicion to the National Crime Agency as required by law (iv) process your biometric (facial recognition and voice recognition) data through a third party provider to enable us to verify your identity.

(iv) Pricing

We may decide what to charge for our products and services based on credit risk data analytics.

Your rights over automated decision

We have implemented measures to safeguard the rights and interests of individuals whose personal data is subject to automated decision-making, including Fleximize initial criteria checks and credit reference checks.

Under applicable privacy laws, you have rights to request that our initial decision to accept or reject your application is not based on the automated decision only or you can object to the latter or request for the decision to be reviewed.

Please contact us on if you wish to have more information about these rights.

Overseas Transfers

We may transfer your personal data to countries outside the UK. These countries may have different privacy laws to those in the UK.

Specifically, we may transfer your data to other countries, including those outside the European Economic Area, either for storage and back up purposes or if we engage suppliers, sub-contractors or third-party data processors who are based or have operations overseas.

We will always take steps to ensure that your information is protected and that those transfers comply with applicable data protection laws. This includes putting in place the European Commission's Standard Contractual Clauses, where Binding Corporate Rules are in place, or where a company receiving the data in the USA is certified under the EU-US Privacy Shield

This means that your data will be processed and protected under the same standards as imposed by data protection laws within the UK.

Keeping your personal data secure

We use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures we use, including high level encryption are designed to provide a level of security appropriate to the risk of processing your personal data. Fleximize’s core web systems are designed and developed in-house, using a hierarchical permission structure which restricts each user’s access to reports and customer records based on the requirements of both their department and their level of seniority.

Period of time we can retain your personal data

We retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with the service you have requested or to comply with applicable legal, tax or accounting requirements).

Where you have made a full application, we will keep your personal data for up to 6 years after your account is closed. If for any technical, regulatory, legal reasons or research and statistical purposes we are unable to delete or anonymise your personal data, we may keep it longer than 6 years but will ensure your privacy rights are always protected and that deletion takes place when possible.

If you want to have more details around other lender’s data retention policy, please refer to their privacy policy by emailing us on

How to access your personal information

You have the right to:

  • access the personal data we hold about you and request details of the third parties with whom we have shared your information and request that we amend or remove incorrect or incomplete information we hold about you. You can do so by contacting us on object to and request that we restrict the processing of your personal data and the right to be forgotten. Again, you can exercise these rights by contacting us Where we have made the personal data public and you want to exercise your right to be forgotten, we shall take reasonable steps to inform the other parties to whom your information has been passed;
  • data portability, whereby you have the right to request that we transfer your personal data from us to another service provider;
  • opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or by accessing the marketing preferences section of your member area. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us on
  • if we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent;
  • complain to a data protection authority about our collection and use of your personal data. The data protection authority in the UK is the Information Commissioner's Office (

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

To request a copy of each lender’s privacy policy, email us on

How to contact us

Please let us know if you have any questions, concerns or are unhappy with how we have used your personal data. You can email us or our Data Protection Officer on, write to us at Archibald House, 50-56 Wykes Bishop Street, Ipswich, Suffolk, IP3 0DT or call us on (+44) 02071000110.


We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal data about you, including to serve interest-based advertising. To see which cookies we serve and to set your own preferences, please use our cookie consent tool or cookie settings.

Linked Websites

For your convenience, hyperlinks may be posted on the Website that link to other websites (the “Linked Sites”). We are not responsible for, and this Privacy Policy does not apply to, the privacy practices of any Linked Sites or of any complaints that we do not own or control. Linked Sites may collect information in addition to those we collect on our website and therefore we do not endorse any of these Linked Sites nor the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the Privacy Policy of each Linked Site that you visit to understand how the information that is collected about you is used and protected.