Last updated: 07/03/2022
What Does Approvity Do?
Your Protection Under The Law
Types and Sources of Personal Data
Not Providing Your Personal Data
Third Parties We Share Your Personal Data With
Credit Reference Agencies (CRAs)
Keeping Your Personal Data Secure
Period of Time we Can Retain Your Personal Data
How to Access Your Personal Information
How to Contact Us
What does Approvity do?
Approvity is a trading name of Fleximize Limited (ZA021338). We act as a lender and a broker.
“you” means a customer, broker or a partner submitting an application for funding through Approvity.
Fleximize Limited (ZA021338) is part of the Alterium Group of Companies, made up of Alterium Limited (ZA021336), Fleximize Capital Limited (ZA244436), Fleximize Services Limited (ZA046956), Fleximize Technology Services Limited (10381710) and Flexicard Limited (10223497). Fleximize Limited (ZA021338) is the data controller for the personal data collected when you submit an application for funding through Approvity website (www.approvity.com ), or via our brokers/partners or when you contact us through other mediums, such as by telephone or email (hereinafter referred to as "Approvity” “we” or “us”) and may share your personal data with the other Group Companies (see below).
Your protection under the law
Under applicable data protection laws, we are authorised to use your personal data only if we have an appropriate reason for doing so and this will depend on the personal data concerned and specific context in which we collect it. Generally, this is likely to be based on one or more of the following:
- Your consent;
- Our legal duty;
- Fulfilling our contractual obligations; and/or
- Based on our legitimate interest to do so, which does not override your rights.
We will rely on legitimate interest only where we (or a third party) have a business or commercial reason to use your personal data. We have set out below examples of when and for what purpose we rely on our (or a third party's) legitimate interest as a basis to process your personal data. We also set out any other legal basis we rely upon in relation to that particular processing.
|Purpose for which your personal data is used.||Our / a third party's legitimate Interests||The legal basis/bases we rely on|
Types and Sources of Personal Data
During your interaction with us, we collect different kinds of personal data on you, your business and your linked associates directly from yourself or via a broker or partner whilst submitting an application through Approvity website or platform. Below is a list of all the different types of information we collect:
|Financial Information||The financial position of your business, (i) your personal position, credit status and history (ii) credit history of any linked financial associates i.e person with whom may have or had a joint personal financial arrangement such as joint accounts or have made joint credit applications which may be your spouse or partner (not a business partner). We may check the records, including the credit details of other individuals acting as personal guarantors to the loan application. (iii) if the applicant is a limited company, the credit history and status of each director and shareholder and their financial associates. (iv) if the applicant is a sole trader or a partnership, the credit history of the sole trader or each partner and their financial associates. The financial information we may access through our trusted partner will cover your business data, customer data, supplier data, invoice (sales invoice) data, bill (purchase invoice) data, credit note data, payments data, profit & loss data, balance sheet, financial statement, VATs including obtaining bank statements through open banking.|
|Contact Details||The registered and trading address of your business, personal and business phone number supplied and email address of applicants, directors, partners, shareholders and linked associates and ownership status.|
|Profile and Usage Data||This includes the member area that we set up when your loan application is successful and the profile you create to identify yourself when you connect to our internet services. It also includes other data about how you use those services. We gather this data from devices you use to connect to those services, such as computers and mobile phones, using cookies and other internet tracking software (see below section on "Cookies").|
|Transactional Details||Details about payments to and from your bank account, bank statements you submit to us through our portal or our trusted partner. All payments made by the business and yourself to us. Management Information or additional information you provide to us as part of the application you submit to us.|
|Products and Services||Information on the financial products and services we have provided to you, e.g., amount of loan, purpose and term from our partners.|
|Location||Location and device data from which you are applying for a loan, i.e. your phone, the IP address on connecting to your internet, the operating system and the browser type.|
|Technical||Details on the devices and technology you use to apply for a loan with us, browse our website and manage your account.|
|Communications||Includes all exchanges between yourself and us including letters, emails, face-to-face interactions and telephone conversations (included by way of recorded calls).|
|Public Records||Details about your business, yourself, your financial associates; details about you that are in public records such as companies house, electoral register; and information about you that is openly available on the internet.|
|Identification and Verification Data||Details about you that are stored in documents in different formats, or copies of them. This could include documents such as your passport, drivers licence, utility bills or other verification of residential address or date of birth and may extend to other directors, shareholders and partners and their linked financial associates.|
|Consents||Any permissions, consents or marketing preferences that you provide to us.|
We may collect personal data about you and your business when you are:
- Applying for a loan via our website;
- Applying for a loan through our brokers and partners
- Speaking to us face to face or on the telephone;
- Browsing our website and using webchats;
- Using emails, letters and sms to communicate with us;
- Completing our customer surveys or participating in any of our competitions or promotions; and
- When you inform us of your marketing preferences.
In addition to the above, we can also access your personal data from a number of third parties we work with such as third party brokers, affiliates and other third-party introducers that introduce you to us, credit reference agencies (CRAs), comparison websites, social networks such as Facebook, Twitter and LinkedIn, Land Registry, property search engines, Companies House and Creditsafe, debt recovery agents, external solicitors for loan arrangement and debt recovery, market research agents, and law enforcement agencies.
Not providing your personal data
We may need to collect personal information by law, or under the terms of a contract we have with you. If you choose not to give us this personal data, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts. It could mean that we cancel a product or service you have with us. Any data collection that is optional would be made clear at the point of collection.
Third Parties we share your personal data with
We may disclose your personal data to third parties. We will take all the necessary steps required to ensure that any transfer and ongoing processing by those third parties is carried out securely and in accordance with applicable data protection regulation and privacy laws. Examples of the third parties we share your information with are as follows:
- Third-party brokers or third-party lenders or other trusted partners to whom we may refer your application for credit;
- Third party trusted partners from whom you may be interested to receive products and services if you have provided your consent;
- Our suppliers, sub-contractors, and third-party data processors (including payment processors, marketing and data analytics service providers, debt collection agents, tracing agents, insolvency practitioners, professional advisers and third parties who provide us with the following services from time to time: identification and fraud check, marketing, technology, document readers,back-up and business continuity);
- Third party we use to process your biometric (facial recognition and voice recognition) data;
- Third party platform we use to facilitate electronic signatures of our documents including agreements.
- Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- HM Revenue & Customs, regulators, and other authorities;
- CRAs, namely Equifax, Transunion (more information on this can be found below);
- Fraud prevention agencies namely National Crime Agency;
- Companies that we have an agreement to co-operate with;
- Organisations or individuals that introduce you to us;
- Third party brokers, affiliates and other partners that introduce leads to us;
- Organisations you ask us to share your data with;
- If you have an application for a secured loan, we may share information with other lenders who also hold a charge on the property; and
- If we decide to sell, transfer, assign, merge, acquire other businesses or change group structure, we may share your personal data with other parties that have the required standards of data protection.
Credit Reference Agencies (CRAs)
We and the Lenders we match your application with, may carry out credit and identity checks on the individuals as mentioned below with at least two CRA when you apply for funding for your business through us.
Whilst some lenders may conduct quotation searches which does not leave a footprint on your credit file, other lenders may conduct full company searches and director searches, which will not impact your personal credit score but may impact your ability to obtain credit as they are visible to other lenders.
You acknowledge that CRAs will link your records of you and anyone that you have advised is a financial associate (e.g someone with whom you have a joint credit account) including previous and subsequent names of parties to the account. Links between financial associates will remain on your, and their credit reference files until such time as you or partner successfully files for a disassociation with the credit reference agencies.
We and/or the lenders may share personal information such as name, residential address, previous residential addresses, date of birth, telephone number, email address of directors, shareholders, personal guarantors, mortgagors, co-mortgagors, linked associates including business details with the CRAs. The latter will provide us and other lenders with the financial situation and credit history information on the business and the individuals including their linked financial associates. Public information from the electoral register, companies house, county court judgments, bankruptcies and fraud prevention/anti money laundering information will also be provided.
Approvity and the Lenders will use the information received from the CRAs to:
- Assess the creditworthiness of the business, directors, personal guarantors, mortgagors, co-mortgagors, shareholders and your financial associates.
- Verify the details on your application and ensure what you have told us is accurate;
- Verify your identity and that of your financial associates and undertake checks for the prevention and detection of crime, fraud and money laundering;
- Manage your accounts with us; and
- Trace your whereabouts and recover debts that you owe to them.
Where you borrow from us, we will give details of your accounts and how you manage it to CRAs. We will continue to share your personal information with CRAs if you are our customer, and these will include information on your loan, current balance and repayment history.
The above information may be shared by the CRAs with other lenders who may want to check your credit status and that of your business.
Whilst some lenders undertake quotation searches which do not leave a footprint on your quotation search, others may undertake full company and director search which leave a footprint but do not impact your personal credit file. However, it may impact your ability to obtain credit as they are visible to other lenders.
Where you are making an application with someone else or you tell us you have a spouse, partner or civil partner or that you are in business with other partners or directors, we or the other lenders we pass your information to, may link and search information about you and your associates at the CRAs.
CRAs will also link your records together and these links will remain on your credit files until you or financial associate provides proof to the CRAs that you are no longer financially linked.
You can contact the CRAs currently operating in the UK in order to check the information they hold about you. The information they hold may not be the same, so it is worth contacting them all. Below are links to the Credit Reference Agency Information Notice which provide information about them, the data they hold, how it is shared, and your data protection rights.
Fraud Prevention Agencies
Where we suspect fraud or money laundering, we and the CRA may share your personal data including the individuals associated with your application with Fraud Prevention Agencies, FPA and other organisations involved in crime and fraud prevention including law enforcement agencies.
As far as fraud and money laundering prevention is concerned, we shall keep your data for as long as we exist, provided this is in accordance with applicable laws. However, the CRAs and the fraud prevention agencies may keep them for a different length of time.
We may submit the information you provide to us through our automated system that will identify fraud patterns and indicate unusual activities for you and your business. Either of these could indicate a possible risk of fraud or money-laundering and where that is the case, we will reject your application or may refuse to provide services to you and report it to the National Crime Agency and the FPAs accordingly. We and the CRAs may keep a record of the risk you or your business pose to our business. A record of any fraud or money laundering risk will be retained by the FPAs and may result in others refusing to provide services, financing or employment to you and the individuals associated with your application.
We may make automated decisions (including profiling) based on personal data we hold about your business, yourself, directors, shareholders, personal guarantors and any linked associates. Automated decisions assist us in making decisions which can affect the products, services and pricing and these decisions may legally affect you or similarly significantly affect you.
Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review. Examples of automated decisions are as follows.
(i) Approving Credit
We use an automated system to run your application through our lender’s initial lending criteria to determine if they are able to provide funding to your business. Your application will either be accepted or rejected based on the criteria set by ourselves and the lenders. We also use credit data to assess the creditworthiness of your business and the likelihood you will pay back any money you borrow. This includes data about your credit history and that of your business. In addition to the credit score of the directors and that of the business, we may also consider additional information including other financial information to be able to reach an overall decision to lend.
(ii) Statistical Analysis
We may carry out periodic statistical analysis or testing to ensure the accuracy of existing and future products and services. To that effect, we may place you in segments to understand our customers’ needs and manage our relationships with them.
(iii) Prevention of Money Laundering
We including the lenders may use personal data to (i) verify your identity, the directors, partners, shareholders, personal guarantors and that of your financial associates (ii) undertake checks for the prevention and detection of crime, fraud and/or money laundering (iii) identify if your personal or business information have been used for fraud or money laundering purposes and where we believe that there is such a risk, we will report our suspicion to the National Crime Agency as required by law (iv) process your biometric (facial recognition and voice recognition) data through a third party provider to enable us to verify your identity.
We may decide what to charge for our products and services based on credit risk data analytics.
Your rights over automated decision
We have implemented measures to safeguard the rights and interests of individuals whose personal data is subject to automated decision-making, including Fleximize initial criteria checks and credit reference checks.
Under applicable privacy laws, you have rights to request that our initial decision to accept or reject your application is not based on the automated decision only or you can object to the latter or request for the decision to be reviewed.
Please contact us on email@example.com if you wish to have more information about these rights.
We may transfer your personal data to countries outside the UK. These countries may have different privacy laws to those in the UK.
Specifically, we may transfer your data to other countries, including those outside the European Economic Area, either for storage and back up purposes or if we engage suppliers, sub-contractors or third-party data processors who are based or have operations overseas.
We will always take steps to ensure that your information is protected and that those transfers comply with applicable data protection laws. This includes putting in place the European Commission's Standard Contractual Clauses, where Binding Corporate Rules are in place, or where a company receiving the data in the USA is certified under the EU-US Privacy Shield
This means that your data will be processed and protected under the same standards as imposed by data protection laws within the UK.
Keeping your personal data secure
We use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures we use, including high level encryption are designed to provide a level of security appropriate to the risk of processing your personal data. Fleximize’s core web systems are designed and developed in-house, using a hierarchical permission structure which restricts each user’s access to reports and customer records based on the requirements of both their department and their level of seniority.
Period of time we can retain your personal data
We retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with the service you have requested or to comply with applicable legal, tax or accounting requirements).
Where you have made a full application, we will keep your personal data for up to 6 years after your account is closed. If for any technical, regulatory, legal reasons or research and statistical purposes we are unable to delete or anonymise your personal data, we may keep it longer than 6 years but will ensure your privacy rights are always protected and that deletion takes place when possible.
How to access your personal information
You have the right to:
- access the personal data we hold about you and request details of the third parties with whom we have shared your information and request that we amend or remove incorrect or incomplete information we hold about you. You can do so by contacting us on firstname.lastname@example.org object to and request that we restrict the processing of your personal data and the right to be forgotten. Again, you can exercise these rights by contacting us email@example.com. Where we have made the personal data public and you want to exercise your right to be forgotten, we shall take reasonable steps to inform the other parties to whom your information has been passed;
- data portability, whereby you have the right to request that we transfer your personal data from us to another service provider;
- opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or by accessing the marketing preferences section of your member area. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us on firstname.lastname@example.org
- if we have collected and process your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent;
- complain to a data protection authority about our collection and use of your personal data. The data protection authority in the UK is the Information Commissioner's Office (www.ico.org.uk).
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
How to contact us
Please let us know if you have any questions, concerns or are unhappy with how we have used your personal data. You can email us or our Data Protection Officer on email@example.com, write to us at Holbrook House, 51 John Street, Ipswich, IP3 0AH or call us on (+44) 02071000110.