Your privacy matters to us and we ensure that we comply with applicable privacy rules (including the General Data Protection Regulation and Data Protection Act 2018) when storing, processing or using your data.
It’s important to us that you understand which data we collect, and how we use it, so that you can make informed decisions about providing your data to us. This privacy notice (also sometimes referred to as a “Fair Processing Notice”) has been written to help you to do that.
In this notice “we” and “us” refers to the Liberis Limited and its respective subsidiary and/or affiliated group companies. Liberis Limited is the data controller for the purpose of the General Data Protection Regulation and Data Protection Act 2018. We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this Privacy Notice. You can find details of our registered address, as well as how to contact our Data Protection Officer with questions regarding data protection or privacy, at the end of this notice.
As Liberis Limited is based in the United Kingdom, we have appointed Liberis Sweden AB (company number 559205-5494) to be our representative within the EEA. Their contact details are Kungsgatan 8, 111 43 Stockholm.
Many of the individuals about whom we collect personal data provide it to us as representatives of a company or other legal entity that they own or that they are engaged by. References to “your business”, “your account”, “your application”, “your enquiry” and other similar terms below, are deemed to include references to the business, account, application, or enquiry of the entity that you have submitted an application on behalf of.
The data we collect
Data we collect, and how we use it
We always ensure that we have a fair and legal basis for processing your data. In most cases, we will use your data in the following ways:
Below we have set out our lawful bases for processing your data at various stages in your journey with us, alongside our purposes for processing your data.
You can find out more about the various lawful bases for processing on the ICO website, https://ico.org.uk/, if this terminology is unclear.
Data you provide directly to us
|Categories of Data
|Purposes of Processing
|Your business name(depending on the type and size of the business, this may not be personal data)
|Our products are for businesses, not individuals, and so this is the most important piece of information for us. We’ll need this to provide you with an accurate quote, to provide you with a contract, and to make sure we can contact you regarding the products or services you express an interest in. If you don’t complete your application online, we’ll try to reach you to see if you need any further help, and we’ll offer you the opportunity not to be contacted again.
|Information regarding the industry or sector in which your business operates(depending on the type and size of the business, this may not be personal data)
|We will use information regarding the sector your business operates in to help us understand your business and the way it operates and evaluate your application, as well as to ensure that we offer our products and services responsibly. We may also use this information to ensure we offer you the most appropriate pricing for your business. We may also use this information for the purposes of learning for the evaluation of other applications in future.
|Details about your business’ financial revenues.(depending on the type and size of the business, this may not be personal data)
|We’ll use your revenue to help, evaluate your application, and to decide on the right amount or pricing that we should offer to you. We may also use this information for the purposes of learning for the evaluation of other applications in future.If we enter into a contract with you and/or your business for one of our products, we may need this information to perform that contract.
|Personal information of directors/shareholders/Persons of Significant Control of your Limited company or, in the case of sole traders and partnerships, the proprietor(s) of your business:Name
Date of birth
|We’ll use this information to undertake checks for the purposes of evaluating your application, preventing fraud and money laundering, and to verify the identity of your business’ directors before we provide any products or services to your business. We may also use this information for the purposes of learning for the evaluation of other applications in future.If you provide us with personal information relating to a third party, you must notify them about this and direct them to read this Privacy Notice.
We’ll also use the address you’ve provided to us to contact you via post for any matters relating to an application for our products in respect of the business or for the performance of the resulting contract that we enter into with you and/or your business. We may write to you in future with offers for similar products provided by us.
|We’ll ask you for your email address so that we may provide you with a link to electronically sign your contract with us. We may also use your email address to keep you updated regarding the status of your application and/or contract. If you do not complete your application having provided us with your email address, we may contact you to try and assist you with completing the application process and also to send you monthly statements should you take out one of our products.
|Business phone number
|We’ll use the phone number that you provide to contact you regarding your application, and if you do not complete your application having provided us with your phone number we may contact you to try and assist you with completing the application process.We may use your phone number to contact you about the performance of any contracts that we enter into with you or your business.
|Intended use of funds
|We need to record and assess your intended use of funds for the purposes of preventing fraud, money laundering and crime. We may also use details regarding your intended use of funds to aid in evaluating your application. We may also use this information for the purposes of learning for the evaluation of other applications in future.
|Bank account details
|Where necessary to carry out our agreement or to take steps to enter into an agreement with you
|We will need your bank account details in order to provide you with funds. We may also ask you for additional documentation regarding your bank account so that we can verify your ownership of the account, and to verify your identity.
|We may ask you for copies of bank statements during your application process to help us verify your business’ revenues, and to evaluate your application. We may also use this information for the purposes of learning for the evaluation of other applications in future.
|The personal data you submit in your application to us
|Where necessary to carry out our agreement or to take steps to enter into an agreement with you.
|To provide, manage and personalise our services to you.We may also use your information to recover payments and exercise other rights we have under any agreement with you
|Open Banking authorisation and Open Banking Data
|We may ask you for an electronic authorisation to connect to your bank and retrieve information using Open Banking. We use various Open Banking providers (including TrueLayer) to access and process your open banking data. We will use this information for a number of reasons including to help us verify your business’ revenues and to evaluate your application, to assess when you may become eligible for our products (if your application was unsuccessful), to assess your ongoing business performance for financial crime, risk, and underwriting purposes, and (where applicable) to track your revenues in order to calculate the percentage revenues to be paid to Liberis.
|We may request that you provide us with an up to date statement of your VAT returns. We will use this information to help us evaluate your application. We may also use this information for the purposes of learning for the evaluation of other applications in future.
|Our correspondence and communications with you
|Where necessary to carry out our agreement or to take steps to enter into an agreement with youIt is in our legitimate interests that complaints are investigated (for example, so that we can ensure that we are giving you great quality service)
|To manage complaints, and to answer your questions about our products and services
|Your product payment records
|Where necessary to carry out our agreement or to take steps to enter into an agreement with youLegitimate interest
|To exercise the rights we have under any agreement with you, as well as to protect ourselves against harm to our rights and interests in property
We may also use this information for the purposes of learning for the evaluation of other applications in future.
To develop and improve products and services, by assessing and analysing the information, including credit and behaviour scoring and market research. We may also use this information to help decide whether to offer you a further product.
|Publicly Accessible Information
|We may review information regarding your business and its directors that is freely available in the public domain; for example, media coverage, your public website and business social media accounts, and any industry specific review or registration information. We will use this information to help us evaluate your application and for verifying your identity. We may also use this information for the purposes of learning for the evaluation of other applications in future.
|Personal data of those working for Liberis’ suppliers or vendors: name and business contact details (email address, phone number), confirmation of your identity (a copy of your passport or driving licence), your function (title, position, name of company), financial information (bank account details), complaints information (if relevant) and security information (CCTV footage, swipe card information etc.). If you intend to provide us with personal data about other individuals (e.g. your colleagues), you must provide a copy of this Privacy Notice to the relevant individuals.
|We use the personal data listed for a number of reasons, some of which include: the process of applying for and becoming a supplier, manage our suppliers and service providers throughout the supply chain, organise tenders in preparation of or to perform existing contracts, monitor activities at our facilities, including compliance with applicable policies as well as health and safety rules in place, archiving and record keeping, grant you access to our training modules allowing you to provide us with certain services, making payments to you for goods and/or services, complaints, and to comply with our legal obligations (e.g. to prevent fraud) .
|Substantial Public Interest – Safeguarding Economic well-being
|We may use your medical information to temporarily postpone your payments to us and to help us consider other suitable payment options for you, in line with our Vulnerable Customer Policy.
|Email and phone numbers
|We may use this information to tell you about our products and services, and the products and services of other organisations (unless you have opted out of marketing, or we are prevented by law from doing so).
Data we collect indirectly or from third parties
We collect a variety of data about you from third parties. This includes the data listed below and may include other data that we notify you about from time to time.
|Categories of Data
|Source of Data
|Purpose of Processing
|Credit history. Identity details.In both cases relating to you, your business, and its directors
|Regulated credit bureaux, such as Equifax or Experian
|We use this information to understand whether our products are suitable for you and your business, to evaluate your application, and to verify the identities of your business’ directors. We may also use this information for the purposes of learning for the evaluation of other applications in future.
|Financial transaction details that have been processed through your card terminal from your processor
|Your payment processor
|Legitimate interestWhere necessary to carry out our agreement or to take steps to enter into an agreement with you
|We use this to verify the affordability of our products for you or your business, to evaluate your application and decide on the right price to offer you, and to provide you with an estimate of the duration of payments. We may also use this information for the purposes of learning for the evaluation of other applications in future.If contract with us for one of our products, we will use this information to perform the contract.
|Fraud prevention agencies
|We will use this for the prevention of fraud and money laundering. We may also use this information for the purposes of learning for the evaluation of other applications in future.
|Company registration information, and published accounts
|We will use this to verify that your business is correctly registered, and to help with our underwriting checks by reviewing your published accounts. This information is part of a public record. We may also use this information for the purposes of learning for the evaluation of other applications in future.
|Technical information regarding your device
|The device that you use to access our website or My Liberis Mobile App (‘Mobile App’)
|We will collect technical information during your visit to this website or our Mobile App to help us detect and resolve problems on our website or Mobile App. This information includes such information as your IP address, browser (including its version), and the type of device that you are using.
|Previous or existing business landlords
|We will use these references to verify that you and your business do not have outstanding liabilities or other concerns that would affect your eligibility for our products. We may also use this information for the purposes of learning for the evaluation of other applications in future.
|Land Registration Details
|We will use this information to help identify your, and your business’, current assets when reviewing your eligibility for our products. This information is part of a public record. This applies to England, Wales and Scotland.
|Other publicly available information
|Various websites (e.g. search engines, rating sites)
|We will use this information to help make informed decisions when reviewing your eligibility for our products. We may also use this information for the purposes of learning for the evaluation of other applications in future.
We work with various third-party service providers:
We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.
Information outside of the EEA
Liberis is an international company with operations in and outside of the EU and EEA, this includes the US. Some of our external third party service providers are also based outside the European Economic Areas (EEA). If we are required to transfer your personal data out of the EEA or the UK, we ensure a similar degree of protection is afforded to it by:
If you would like further information on how we safeguard your information, please contact us at email@example.com
Non-Personally Identifiable Information
We may make non-personally identifiable information available to third parties for various purposes. This data maybe automatically collected and would be analysed to create an aggregated view of the data, ensure the reported information was anonymous.
Retention of your data
We’ll keep your data only for as long as we need to – that time period may be different in different circumstances. Here are our most common scenarios:
We’ll keep records of any financial transactions, and details regarding the information that you provided to us while making an application for one of our products, for a minimum of 7 years from the end of our relationship with you. We need to do this so that we can respond to any complaints or disputes.
We’ll keep the information that’s needed to provide you with the service that you’ve requested for as long as it takes us to provide the services and for 7 years from termination of the contract for provision of the services.
If you’ve asked us not to use your details for marketing purposes, we will need to keep some details to make sure our systems and processes reflect your preferences. We will implement your opt-out request as quickly as possible. However, you may receive emails for up to 30 days, or marketing by post for up to 60 days, following your opt-out request. This is because our marketing campaigns are usually prepared about a month in advance, and it is often not feasible to remove an individual’s details after this point.
In addition, we will retain any data about you which we need in order to comply with our legal obligations (for example applicable UK tax law require us to hold onto data for a minimum of 6 years).
If we no longer need your data, we will delete it or make it anonymous by removing all details that identify you.
Consequences of processing
Should you choose not to provide us with your personal data, we will not be able to assess your eligibility for one of our products, and we will be unable to enter into a contract with you.
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us – you’ll find all of our details in the “Contacting us” section of this notice.
Under the General Data Protection Regulation and UK privacy laws you have a number of important rights free of charge. In summary, those include rights to:
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the General Data Protection Regulation.
If you would like to contact us about any of the rights we’ve described above, please send your query to: firstname.lastname@example.org and we will reply within the legal time limits, where applicable.
As part of the processing of your personal data, decisions may be made by automated means.
We make automated decisions based on the information that you provide, and that we gather from third parties, as part of your application to determine your financial profile. Automated decisioning is the process of determining whether to approve an application for funding without the use of a manual underwriter. Instead a series of scorecards, rule and algorithms are used to make this decision automatically without any human intervention. In addition to determining whether an applicant is approved for funding the results of the automated decisioning could also drive the size of the advance a customer is able to take and the size of the fee associated with it.
This means that we may use automated decisions to provide you with a price reflecting your profile. The outcome of these automated decisions may mean that we do not approve your application for one of our products, or that our pricing is adjusted based on the information we have.
These automated decisions use a statistical process based on your historical transactions (details you have provided) and historical credit performance as a business and as an owner of a business (details you have provided and/or publicly available information). If you are an existing customer, the automated decisions will also take into account your performance of previous/current contractual obligations.
We may also automatically decide that you pose a fraud risk if our processing reveals your behaviour to be consistent with that of known fraudsters; or if there is evidence that attempts have been made to conceal your true information.
You have the right to request manual decision making in place of automated decision making. If you would like more information in relation to automated decision making or if you would like to request that your application is referred for a manual decision: please contact us at email@example.com.
The security of your information is important to us and we will do our best to protect your data.
Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk.
Once you provide the information to us, we store this information on our secure servers, and we have implemented reasonable administrative, technical, and physical security measures to protect against the unauthorised access, destruction or alteration of your information based on its sensitivity.
Liberis operates it’s production infrastructure inside MS Azure datacentres, we operate a change management process to implement changes inside these environments. Our production infrastructure is subject to an annual penetration test by a 3rd party, with defined timescales for any remediation actions required. We are also ISO27001 certified.
Our Azure environments are protected against DDOS attacks and common attack patterns at the Azure edge, additionally, we plan to implement an IDS/IPS solution into our production environment with the logs from these network devices being fed into a 24/7 SIEM solution.
In our corporate environment we run regular vulnerability scans and remediate accordingly to our policy documentation.
Our products are not for children and to qualify, you must be over eighteen (18) years of age. You must make sure the details provided by you on registration or at any time are correct and complete. You must inform us immediately of any changes to the information that you provided when registering by updating your personal details.
Changes to this privacy notice
We may amend this notice from time to time; should amendments be made they will be posted to our website. This privacy notice was last updated on 7 February 2023.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or by telephone at 0303 123 1113.
The supervisory authority in Sweden is the Datainspektionen who may be contacted at https://www.datainspektionen.se/kontakta-oss/ or by telephone at (+46) 86576100.
Should you wish to contact us with any questions or concerns you may have regarding our privacy notice, to request any amendments to the data we hold about you, or to exercise any of your other rights listed in this notice, you can contact our Data Protection Officer using any of the following methods:
You can contact our Data Protection Officer via email using the following address: firstname.lastname@example.org
You can write to our Data Protection Officer at the following address:
Data Protection Officer
Scale Space Building, 1st Floor,
58 Wood Lane,
London W12 7RZ
CIFAS Fair Processing Notice
Consequences of Processing