Privacy Policy

 This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By engaging with us, or by visiting our websites, you are accepting and consenting to the practices described in this policy. We operate under UK data protection legislation including the Data Protection Act 2018 (‘DPA’) and the UK General Data Protection Regulation (‘GDPR’).

 In this Privacy Notice we explain: 

1)               Who we are

2)               How you can contact us

3)               What kinds of personal data we collect and hold about you and where we get it from

4)               Why we collect your personal data and what we use it for

5)               The legal basis upon which we collect, process and store your personal data

6)               Where your personal data is stored and processed

7)               Who we share your personal data with, what personal data we share and why we do so

8)               How long we will store your personal data

9)               Your rights to your personal data and, in particular:

a.            your right of access to your personal data

b.            your right of rectification to your personal data

c.            your right of erasure of your personal data (also known as the right to be forgotten)

d.            your right to have processing of your personal data restricted

e.            your right to object to the processing of your personal data

f.             your right to data portability

g.            your right not to be subject to automated decision making and profiling

h.            your right to complain to The Information Commissioner

10)             Important information for children

11)             Fraud prevention agencies

 Note: You have the right to object to us processing your personal data - please see section 9(e) below

 1.    Who we are

 We are Bute Capital Limited, and offer lending to UK SME’s and credit broking. Bute Capital Limited registered office at PO box 687, Weybridge, Surrey KT13 3GG. Bute Capital Limited is authorised and regulated by The Financial Conduct Authority (FCA) FRN 718240.

 2.    How to contact us

 You can contact us in writing to Data Protection, PO Box 687, Weybridge, Surrey KT13 3GG.

3. What kings of personal data we collect and hold about you and where we get it from

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

 ·        Identity data includes first name, maiden name, last name, title.

 ·        Contact data includes email address, telephone numbers and business address.

 ·        Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

 ·        Usage data includes information about how you use our website and services.

 ·        Marketing and communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

a.               Finance customers

Where:

(1)              you are an individual applying for or entering into a hire purchase, lease arrangement, commercial loan agreement or giving a guarantee or other security either solely or jointly with another person for your own account or as an attorney, trustee, a partner in a partnership or as a member of an unincorporated club or association; or

(2)              our customer or person applying for or entering into a hire purchase, lease arrangement, commercial loan agreement or giving a guarantee or other security is a company or other incorporated entity and you are a relevant individual such as an owner, director and officer or authorised signatory; or

(3)              you are an individual applying for or entering into a loan facility or giving a guarantee or other security either solely or jointly with another person for your own account or as an attorney, trustee, a partner in a partnership or as a member of an unincorporated club or association; or

(4)              our customer or person applying for a loan facility or giving a guarantee or other security is a company or other incorporated entity and you are a relevant individual such as an owner, director and officer or authorised  signatory; then we may collect and process the following types of personal data about you:

  •  all the information that you, our customer or the supplier provides to us when obtaining a quote or applying for finance with us either on-line or by paper application, all the information that you, our customer or the supplier gives to us over the phone, by e-mail, by post or via our website when obtaining a quote or apply for a hire purchase or lease facility with us, such as your name, address, contact details, asset details and finance requirements.

  • all the documents that you, our customer or the supplier/third party broker sends to us when obtaining a quote or applying for finance with us, such as copies of your passport, drivers licence and utility bills.

  • all the information that you, our customer or the supplier gives to us over the phone, by e-mail, by post or via our website when we contact each other from time to time during the course of managing or arranging your finance agreement such as updated contact information and your bank details.

  •  information that our customers provide to us about you where we arrange funding to our customers to enable them to provide you (or the businesses that you work for) with finance facilities.

  • the information relating to any finance agreement such as account balance, interest rate, and payments.

  • your credit score results and financial crime check results that we receive from credit reference agencies and fraud prevention agencies.

  • where relevant, the information about you that we obtain from public registers such as HM Companies House, HM Land Registry or the Charity Commission. This will usually be to confirm your status, for example, where we are providing facilities to a company of which you are a director, confirming you are a director of a company.

  • where relevant, information provided by your or our professional advisers during the course of providing finance facilities such as valuers, solicitors and accountants. This could include, for example, valuations or financial information.

  • valuation information relating to any assets hired or leased or over which we have security.

  • we obtain information about you from HM Companies House, HM Land Registry, The Charities Commission, Credit Safe and other Credit Reference Associations ‘CRAs’ like Equifax. We may also obtain information about you from a search of publicly available information on all search engines like Google, Bing, etc.

b.               Suppliers, lenders and other business

Where:

  (1)              you are a sole trader, a partner in a partnership or a member of an unincorporated club or association or an employee of one of these providing goods or services to us; or

(2)              you are a company or other incorporated entity and you are a relevant individual such as an owner, officer, authorised signatory or employee with whom we deal in the provision of those goods or services;

then we will collect and process the following types of personal data about you:

  •  all the information that you, our supplier provides to us when tendering for or negotiating for the supply of goods or services contracts, for example name, address, contact details, and the credentials of key people providing the goods or services or running the supplier.

  • all the information that you, our supplier gives to us over the phone, by e-mail, by post or via our website when we contact each other from time to time during the course of managing the supply of goods or services, for example, updated contact information and bank details.

  • your credit score results and financial crime check results that we receive from credit reference agencies and fraud prevention agencies during our supplier take-on process and during the course of managing the supplier relationship.

  • where relevant, third party references we obtain as to your suitability as suppliers.

  • where relevant, the information about you that we obtain from public registers such as HM Companies House, HM Land Registry or the Charity Commission. This will usually be to confirm your status, for example, where we are providing facilities to a company of which you are a director, confirming you are a director of a company.

  • where relevant, information provided by your or our professional advisers during the course of the supplier take-on and on-going supplier relationship management, such as from solicitors and accountants. information from our own internet searches, for example location and services information or reviews from websites like Google or information to support background checks where this is relevant to your track record as a supplier.

  • we obtain information about you from HM Companies House, HM Land Registry, The Charities Commission, Credit Safe and other Credit Reference Associations ‘CRAs’ like Equifax. We may also obtain information about you from a search of publicly available information on all search engines like Google, Bing, etc.

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity, and Contact Data by filling in forms, by corresponding with us by post, phone, email or otherwise and specific third party providers such as Credas. This includes personal data you provide when you:

•        complete our enquiry form on our website,

•        contact us by telephone or email to seek a quote; and

•        when you instruct us to provide services for you by telephone or email and you become our client.

  •  Third parties or publicly available sources. We may receive personal data about you from various third parties, including introducers, finance brokers, data providers and Technical Data from analytics providers such as Google, Bing, Edge etc based outside the EU.

  •  Cookies. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, refer to our Cookie Policy as detailed on the website.

•          Cookies are pieces of information that a website transfers to your computer’s hard disk for record- keeping purposes. Cookies can make the internet more useful by storing information about your preferences on a particular site, such as your personal preference pages.

•          The use of cookies is an industry standard, and most websites use them to provide useful features for their customers. Cookies in and of themselves do not personally identify users, although they do identify a user’s computer. Most browsers are initially set to accept cookies.

•          If you would prefer, you can set yours to refuse cookies. However, you may not be able to take full advantage of a website if you do so.

 4.    Why we collect your personal data and what we use it  for

 a.     Finance customers

 We collect and process your personal data:

  •  so that we can properly provide our services to you, including for example, to search, find and broker to appropriate lenders and finance providers for you, take instructions and operate your account, enter into lending agreements with you, undertake appropriate due diligence, manage the relationship with you, assist in managing our lenders credit risk, deal with payments, deal with repayment and where appropriate deal with the asset at the end of the hire purchase or lease and close your account.

  •  so that we can fulfil our legal and regulatory obligations, for example, to undertake proper checks on our customers to help prevent and detect crime

  •  to comply with our legal and regulatory obligations, for example, to report to regulators and authorities about the products and services that we provide to you

  •  to offer you products and services

  •  to maintain and improve the quality of our products and the way we provide our services, to protect and defend our legal rights

b. Suppliers, Broker and other business

We collect and process your personal data:

  •  so that we can assess the suitability of the supplier, including undertaking appropriate background checks and on- going monitoring;

  • to contact the supplier and manage the supplier relationship and provision of the goods or services; and to protect and defend our legal rights

5.    The legal basis upon which we collect, process and store your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract, we are about to enter into or have entered into with you.

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

  • Where we need to comply with a legal or regulatory obligation.

 The UK's data protection law allows the use of personal data where its purpose is legitimate and isn't outweighed by the interests, fundamental rights or freedoms of data subjects. The law calls this the legitimate interests condition for personal data processing.

As explained above, we only collect, use and store the minimum amount of personal data about you that is necessary for us to provide you with our products and services and to comply with our legal and regulatory obligations arising as a result of us providing those products and services to you. Accordingly, the basis that we collect, use and store your information is because we have a legitimate interest to do so as a finance group providing these products and services to you.

Our legitimate interests include:

  •  to act as a prudent and responsible finance broker and lender; to undertake reference checks, credit checks and risk assessments;

  • to help combat financial crime including tax evasion, bribery, fraud and money-laundering; to maintain network and information security;

  • to meet our legal and regulatory obligations; to protect and defend our legal rights;

  • to maintain accurate records including customer preferences; to enhance, modify and improve our products and services;

  • for direct marketing (if we have asked you for your consent where required or under third party license); to manage third party relationships; and

  • to pursue our commercial objectives as a finance broker and lender where this does not override your rights and freedoms as a data subject.

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).  If we have asked you for your consent to process your information for marketing purposes and you have not given it to us then we will not process your information for marketing purposes. If you decide that you do not wish to receive marketing from us then we will stop processing your information for marketing purposes at any time you tell us that you no longer wish to receive marketing from us.   Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. We do not process your data for profiling purposes.

6.   Where your personal data is stored and processed

We are based in the UK, and we keep our filing systems and databases here.

We may be required to send or allow access to personal data from elsewhere in the world. This might be the case, for example, when someone providing support services to us is based overseas or uses overseas data centres or where suppliers of assets being purchased via a hire purchase or through a lease agreement, are based overseas.

While countries in the European Economic Area all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection when it comes to personal data. As a result, if we do send personal data overseas we will make sure suitable safeguards are in place in accordance with European data protection requirements, to protect the data.

If your data has been sent overseas like this, you can find out more about the safeguards used from us.

Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to 'international frameworks' intended to enable secure data sharing.

7. Who we share your personal data with, what personal data we share and why we do so

We do not sell any of your information to third parties, we will not give anyone your information, other than those working directly with us, so that they can market to you.

•   Lenders and Asset Finance Providers

  • We will pass your relevant details on to selected members of our panel of Lenders and Asset Finance providers, for the purpose of obtaining you or your business finance. This may be used by them to search credit reference agencies and other third-party verification services.

  • They may pass your details on to credit reference agencies and fraud prevention agencies and they will receive scores and reports from them.

  • They and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. Please note that fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

  • If they, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, they may refuse to provide the services and financing you have requested or they may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services or financing to you. If you have any questions about this, please contact us on the details provided.

  • Searches they make with credit reference agencies will leave a 'footprint' on your file and they will also provide them with information relating to your performance under your account or facility. These 'footprints' and performance details may be accessed by other financial companies in connection with any applications for credit that you may make to them and may affect your ability to obtain credit with them.

  • Your application may be assessed using credit reference agency records relating to anyone with whom you have a joint account or similar financial association. Where you make a joint application and such a link does not already exist then one may be created. These links will remain until you file a "notice of disassociation" at the credit reference agencies.

  • The type of information we share includes, for example, your name, date of birth, address, financial details the fact that you have applied or operate an account with them and whether you have operated your account appropriately. 

 •   Credit Reference Agencies and Fraud Prevention Agencies

  • In order to receive credit and financial crime check information about you from credit reference agencies we are required, on a reciprocal basis, to share information about you with those credit reference and fraud prevention agencies.

  • We may pass your details on to credit reference agencies and fraud prevention agencies and we will receive scores and reports from them. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. Please note that fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

  • If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies and may result in others refusing to provide services or financing to you. If you have any questions about this, please contact us on the details provided.

  • Searches we make with credit reference agencies will leave a 'footprint' on your file and we will also provide them with information relating to your performance under your account or facility. These 'footprints' and performance details may be accessed by other financial companies in connection with any applications for credit that you may make to them and may affect your ability to obtain credit with them.

  • Your application will be assessed using credit reference agency records relating to anyone with whom you have a joint account or similar financial association. Where you make a joint application and such a link does not already exist then one may be created. These links will remain until you file a "notice of disassociation" at the credit reference agencies.

  • The type of information we share includes, for example, your name, date of birth, address, the fact that you have applied or operate an account with us and whether you have operated your account appropriately

  • The three main credit reference agencies (“CRAs”) in the UK (TransUnion, Equifax and Experian) have produced a Credit Reference Agency Information Notice which explains how these agencies use and share personal data which they receive about you. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at www.equifax.co.uk/crain

  •   Printers

We may use professional printers to print the account statements, letters and other documents that we send to you from time to time and so we have to share with them the password protected information that needs to be printed into those statements, letters and documents that you receive.

•   Marketing Companies

 We may use the services of an online marketing company to send you e-mails about us and relevant products and services we offer. To enable them to send you the e-mails, we provide them with your password protected, name and e-mail address and details of the relevant products and services. If you have told us that you do not wish to receive marketing information from us by e-mail then we will not send them any information about you and you will not receive these emails from them.

•   Survey Companies

 We may use the services of an online customer satisfaction survey company to gather your feedback and reviews about us. To enable them to send you the e-mail survey request, we provide them with your name and e-mail address and details of the relevant products and services. If you have told us that you do not wish to receive marketing information from us by e-mail then we will not send them any information about you and you will not receive these emails from them.

•   Regulators

We may share information about you with our regulators in order to meet our regulatory reporting obligations. We will only share the information about you with our regulators that is- necessary to meet our legal and regulatory obligations.

•   Service Providers and Suppliers

 We may, from time to time, employ the services of third parties to help us provide our products and services to you or to help us meet our regulatory and reporting obligations and it may be necessary to provide them with some of your personal data in order for them to provide us with the required services. Examples of this could be, in relation to our car finance business, providing car registrations to third party valuers to provide us with up-to-date valuations or, in relation to our property finance business, providing address details to third party valuers to provide us with up-to-date valuations or providing access to IT service providers who assist us to ensure that our IT systems are safe and secure.

 •   Legal Obligations

 We may be required to provide information about you where we are required to do so to meet a legal obligation, for example, where we are required to do so under a court order.

Please rest assured that we have quality checked all the third parties to whom we send your information and have appropriate contractual arrangements in place with them to make sure that they will only use the information for the purposes that we have sent it to them and that it will be properly protected.

 8.    How long we will store your personal data

 We shall retain your personal information for the duration of our agreement with you and for the purposes of, complying with our legal obligations, or in our legitimate interests, in accordance with data privacy laws and our retention policy.

 9.    Your rights to your personal data

a.   Your right of access to your personal data

  • You can ask us at any time to tell you what personal data we hold about you and we will do so, without undue delay, and in any event within one month of receipt of your request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will tell you of any such extension within one month of receipt of your request, together with the reasons for the delay. Where you make the request by electronic means, we will provide the information by electronic means where possible, unless otherwise requested by you.

  • We will not charge you any fee for providing this information (unless the request is manifestly unfounded or excessive, in which case we may charge you a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested. Alternatively, we may be entitled to refuse the request). If you request more than one copy of the information, then we may charge you a reasonable fee for the administration of producing the additional copies.

  • We may ask you to provide us with information to verify your identity before providing you with the information requested.

b.   Your right of rectification to your personal data

  • You have the right to have any personal data that we hold about you corrected if it is wrong or completed if it is incomplete. To have it corrected or completed, simply tell us what information is wrong or incomplete and give us the correct and complete information. We will update or complete it without undue delay. We may ask you to provide supporting evidence to verify the information you are giving to us for example, proof of address where you tell us that the address details we hold about you are wrong.

c.   Your right of erasure of your personal data (also known as the right to be forgotten)

In some circumstances you have the right to have the personal data that we hold about you permanently erased. You will have this right (1) when it is no longer necessary for us to process your personal data or (2) if there is no legal basis for us to process your personal data or (3) if we unlawfully process your personal data or (4) to comply with a legal obligation to which we are subject. If you believe that any of these circumstances apply to you then please tell us and we will ensure that your personal data is permanently erased without undue delay if one of these circumstances do exist.

Where we permanently erase your personal data, we will also take reasonable steps to inform any third parties to whom we have provided your personal data of your request to have the personal data erased.

d.   Your right to have processing of your personal data restricted

In some circumstances you have the right to have the processing of your personal data restricted. You will have this right

  • if you tell us that your personal data is inaccurate, for a period enabling us to verify its accuracy; or

  • if we are not processing your personal data lawfully and you tell us that you would rather have us restrict the processing than erase it; or

  • we no longer need your personal data but you need us to store it because you need it for the establishment, exercise or defence of legal claims; or

  • if you have objected to us processing your personal data, for a period enabling us to verify whether the legitimate grounds on which we are processing it override your grounds for objection.

 This is not an absolute right, and your personal data may still be processed where certain grounds exist. This is:

  •  with your consent;

  • for the establishment, exercise, or defence of legal claims;

  • for the protection of the rights of another natural or legal person;

  • for reasons of important public interest.

Only one of these grounds needs to be demonstrated to continue data processing.

We will consider and respond to requests we receive, including assessing the applicability of these exemptions. We will tell you once a restriction on processing has been applied and before lifting any restriction.

Where we restrict the processing of your personal data we will also take reasonable steps to inform any third parties to whom we have provided your personal data of your request to have the personal data restricted.

e.   Your right to object to the processing of your personal data

As explained in this Fair Processing Notice, we process your personal data because we have a legitimate interest in doing so. However, you have the right to object to us processing your personal data, on grounds relating to your particular situation. If you object then we will stop processing your personal data unless we can show compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. For example, where we detect fraud it is unlikely that your objection may prevent us supplying that information to fraud prevention agencies and legal authorities. Another example is that it is unlikely that your objection may prevent us reporting to the regulator in relation to your account even if you object to us processing your personal data.

The only exception to this relates to where you have previously given consent to us to market to you and you change your mind and object to us using your personal data to market to you. In this case we will without undue delay stop marketing to you and we will take your objection as a withdrawal of that consent and we will update your marketing preferences

f.   Your right to data portability

New data protection legislation also contains a right to data portability that may give consumers a right in some data processing contexts, to receive their personal data in a portable format when it's processed on certain grounds, such as consent. This is not a right that will apply to your personal data because we process your personal data on the grounds of legitimate interests.

g.   Your right not to be subject to automated decision making and profiling

New data protection legislation also contains a right not to be subject to a decision based solely on automated processing. We do not make any decisions based solely on automated processing.

h.   Your right to complain to the Information Commissioner

If you are not satisfied with the way that we have processed your personal data or the way that we have dealt with you when exercising any of your rights, then you may follow our complaints procedure, the information is within this website but you may also send an email to customerservices @butecapital .com

You may also refer your concerns to the Information Commissioner's Office (or ICO), the body that regulates the handling of personal data in the UK. Information on the ICO can be found by Going to their website at  www.ico.org.uk

10.   Important information for  children

We do not offer products or services to children - i.e. anyone under the age of 18. However we may collect and process information about children when it is necessary and incidental to the provision of our products and services. Examples of this include where children are beneficial owners of a company which is our customer and in these circumstances, we process the child's personal data so that we can properly understand who is our customer and meet our combating financial crime obligations.

We will not send marketing information to children.

If you are a child whose personal data we hold then please be aware that this Fair Processing Notice also relates to you and you should read it so that you understand how we process your personal data.   Please note that children have the same rights to their personal data, as explained in this Fair Processing Notice, as an adult.

11.    Fraud prevention agencies

•   General

  • Before we provide services, goods or financing to you, we may undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

  • The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.

  • Details of the personal information that will be processed, for example: name, address, date of birth, address, contact details

  • financial information, employment details, device identifiers including IP address and vehicle details.

  • We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

  • We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.

  • Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

 •   Consequences of Processing

  • If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or to employ you, or we may stop providing existing services to you.

  •  A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details provided.

  • •   Data transfers

 

Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to 'international frame works' intended to enable secure data sharing.

•   Your rights

 

Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.

For more information or to exercise your data protection rights, please contact us using the contact details provided.

 

You also have a right to complain to the Information Commissioner's Office which regulates the processing of personal data.

 

•   Changes to this Privacy Policy

 

We may change this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.  Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date. This Privacy Policy was last updated on 01/09/2023.