Privacy Policy

UK & EU Privacy Policy

Last updated: 20/09/22

Link to US Privacy Policy

Your privacy matters to us and we ensure that we comply with applicable privacy rules (including the General Data Protection Regulation and Data Protection Act 2018) when storing, processing or using your data.

It’s important to us that you understand which data we collect, and how we use it, so that you can make informed decisions about providing your data to us. This privacy notice (also sometimes referred to as a “Fair Processing Notice”) has been written to help you to do that.

In this notice “we” and “us” refers to the Liberis Limited and its respective subsidiary and/or affiliated group companies.  Liberis Limited is the data controller for the purpose of the General Data Protection Regulation and Data Protection Act 2018. We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this Privacy Notice. You can find details of our registered address, as well as how to contact our Data Protection Officer with questions regarding data protection or privacy, at the end of this notice.

As Liberis Limited is based in the United Kingdom, we have appointed Liberis Sweden AB (company number 559205-5494) to be our representative within the EEA. Their contact details are Kungsgatan 8, 111 43 Stockholm.

Many of the individuals about whom we collect personal data provide it to us as representatives of a company or other legal entity that they own or that they are engaged by.  References to “your business”, “your account”, “your application”, “your enquiry” and other similar terms below, are deemed to include references to the business, account, application, or enquiry of the entity that you have submitted an application on behalf of.

The data we collect

You’re free to browse our website without providing us with any personal information. Please review the section below on our use of Cookies.

Data we collect, and how we use it

We always ensure that we have a fair and legal basis for processing your data. In most cases, we will use your data in the following ways:

  • To enable us to take actions required for us to provide you with our product and related services (for example, to pay the Business Cash Advance (BCA) into your account).
  • To enable us to meet our legal obligations (for example, getting proof of your identity to meet our anti-money laundering obligations).
  • To understand how customers use our products so we improve the products and services we provide.
  • To provide internal training sessions to ensure that we are constantly learning and improving.
  • If we have your consent to use your information for a specified purpose (e.g. to send you marketing emails).
  • We generally do not collect sensitive personal data (also known as special categories of personal data), however where we do the legal basis is that it is in the substantial public interest (for example, to support you if you are or become a vulnerable customer).

Below we have set out our lawful bases for processing your data at various stages in your journey with us, alongside our purposes for processing your data.

You can find out more about the various lawful bases for processing on the ICO website, https://ico.org.uk/, if this terminology is unclear.

Data you provide directly to us

Categories of Data Lawful Bases Purposes of Processing
Your business name

(depending on the type and size of the business, this may not be personal data)

Legitimate interest Our products are for businesses, not individuals, and so this is the most important piece of information for us. We’ll need this to provide you with an accurate quote, to provide you with a contract, and to make sure we can contact you regarding the products or services you express an interest in. If you don’t complete your application online, we’ll try to reach you to see if you need any further help, and we’ll offer you the opportunity not to be contacted again.
Information regarding the industry or sector in which your business operates

(depending on the type and size of the business, this may not be personal data)

Legitimate interest We will use information regarding the sector your business operates in to help us understand your business and the way it operates and evaluate your application, as well as to ensure that we offer our products and services responsibly. We may also use this information to ensure we offer you the most appropriate pricing for your business. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Details about your business’ financial revenues.

(depending on the type and size of the business, this may not be personal data)

Legitimate Interest We’ll use your revenue to help, evaluate your application, and to decide on the right amount or pricing that we should offer to you. We may also use this information for the purposes of learning for the evaluation of other applications in future.

If we enter into a contract with you and/or your business for one of our products, we may need this information to perform that contract.

Personal information of directors/shareholders/Persons of Significant Control of your Limited company or, in the case of sole traders and partnerships, the proprietor(s) of your business:

Name

Address

Date of birth

Home ownership

Identity documents

Legitimate interest We’ll use this information to undertake checks for the purposes of evaluating your application, preventing fraud and money laundering, and to verify the identity of your business’ directors before we provide any products or services to your business. We may also use this information for the purposes of learning for the evaluation of other applications in future.

If you provide us with personal information relating to a third party, you must notify them about this and direct them to read this Privacy Notice.

We’ll also use the address you’ve provided to us to contact you via post for any matters relating to an application for our products in respect of the business or for the performance of the resulting contract that we enter into with you and/or your business. We may write to you in future with offers for similar products provided by us.

Email address Legitimate interest We’ll ask you for your email address so that we may provide you with a link to electronically sign your contract with us. We may also use your email address to keep you updated regarding the status of your application and/or contract. If you do not complete your application having provided us with your email address, we may contact you to try and assist you with completing the application process and also to send you monthly statements should you take out one of our products.
Business phone number Legitimate interest We’ll use the phone number that you provide to contact you regarding your application, and if you do not complete your application having provided us with your phone number we may contact you to try and assist you with completing the application process.

We may use your phone number to contact you about the performance of any contracts that we enter into with you or your business.

Intended use of funds Legitimate interest We need to record and assess your intended use of funds for the purposes of preventing fraud, money laundering and crime. We may also use details regarding your intended use of funds to aid in evaluating your application. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Bank account details Where necessary to carry out our agreement or to take steps to enter into an agreement with you We will need your bank account details in order to provide you with funds. We may also ask you for additional documentation regarding your bank account so that we can verify your ownership of the account, and to verify your identity.
Bank Statements Legitimate interest We may ask you for copies of bank statements during your application process to help us verify your business’ revenues, and to evaluate your application. We may also use this information for the purposes of learning for the evaluation of other applications in future.
The personal data you submit in your application to us Where necessary to carry out our agreement or to take steps to enter into an agreement with you.

 

To provide, manage and personalise our services to you.

We may also use your information to recover payments and exercise other rights we have under any agreement with you

 

Open Banking authorisation and Open Banking Data consent We may ask you for an electronic authorisation to connect to your bank and retrieve information using Open Banking. We use various Open Banking providers (including TrueLayer) to access and process your open banking data. We will use this information for a number of reasons including to help us verify your business’ revenues and to evaluate your application, to assess when you may become eligible for our products (if your application was unsuccessful), to assess your ongoing business performance for financial crime, risk, and underwriting purposes, and (where applicable) to track your revenues in order to calculate the percentage revenues to be paid to Liberis.
VAT information Legitimate interest We may request that you provide us with an up to date statement of your VAT returns. We will use this information to help us evaluate your application. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Our correspondence and communications with you Where necessary to carry out our agreement or to take steps to enter into an agreement with you

It is in our legitimate interests that complaints are investigated (for example, so that we can ensure that we are giving you great quality service)

To manage complaints, and to answer your questions about our products and services
Your product payment records

 

Where necessary to carry out our agreement or to take steps to enter into an agreement with you

Legitimate interest

To exercise the rights we have under any agreement with you, as well as to protect ourselves against harm to our rights and interests in property

 

We may also use this information for the purposes of learning for the evaluation of other applications in future.

To develop and improve products and services, by assessing and analysing the information, including credit and behaviour scoring and market research. We may also use this information to help decide whether to offer you a further product.

 

 

Publicly Accessible Information Legitimate interest We may review information regarding your business and its directors that is freely available in the public domain; for example, media coverage, your public website and business social media accounts, and any industry specific review or registration information. We will use this information to help us evaluate your application and for verifying your identity. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Personal data of those working for Liberis’ suppliers or vendors: name and business contact details (email address, phone number), confirmation of your identity (a copy of your passport or driving licence), your function (title, position, name of company), financial information (bank account details), complaints information (if relevant) and security information (CCTV footage, swipe card information etc.). If you intend to provide us with personal data about other individuals (e.g. your colleagues), you must provide a copy of this Privacy Notice to the relevant individuals. Legitimate interests  

We use the personal data listed for a number of reasons, some of which include: the process of applying for and becoming a supplier, manage our suppliers and service providers throughout the supply chain, organise tenders in preparation of or to perform  existing contracts, monitor activities at our facilities, including compliance with applicable policies as well as health and safety rules in place, archiving and record keeping, grant you access to our training modules allowing you to provide us with certain services, making payments to you for goods and/or services, complaints, and to comply with our legal obligations (e.g. to prevent fraud) .

Medical information Substantial Public Interest – Safeguarding Economic well-being We may use your medical information to temporarily postpone your payments to us and to help us consider other suitable payment options for you, in line with our Vulnerable Customer Policy.
Email and phone numbers Consent We may use this information to tell you about our products and services, and the products and services of other organisations (unless you have opted out of marketing, or we are prevented by law from doing so).

Data we collect indirectly or from third parties

We collect a variety of data about you from third parties.  This includes the data listed below and may include other data that we notify you about from time to time.

Categories of Data Source of Data Lawful bases Purpose of Processing
Credit history. Identity details.

In both cases relating to you, your business, and its directors

Regulated credit bureaux, such as Equifax or Experian

 

Legitimate interest We use this information to understand whether our products are suitable for you and your business, to evaluate your application, and to verify the identities of your business’ directors. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Financial transaction details that have been processed through your card terminal from your processor Your payment processor Legitimate interest

Where necessary to carry out our agreement or to take steps to enter into an agreement with you

 

We use this to verify the affordability of our products for you or your business, to evaluate your application and decide on the right price to offer you, and to provide you with an estimate of the duration of payments.  We may also use this information for the purposes of learning for the evaluation of other applications in future.

If contract with us for one of our products, we will use this information to perform the contract.

Various data Fraud prevention agencies Legitimate interest We will use this for the prevention of fraud and money laundering. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Company registration information, and published accounts Companies House Legitimate interest We will use this to verify that your business is correctly registered, and to help with our underwriting checks by reviewing your published accounts.  This information is part of a public record. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Technical information regarding your device The device that you use to access our website or My Liberis Mobile App (‘Mobile App’) Legitimate interest We will collect technical information during your visit to this website or our Mobile App to help us detect and resolve problems on our website or Mobile App. This information includes such information as your IP address, browser (including its version), and the type of device that you are using.
Landlord References Previous or existing business landlords Legitimate interest We will use these references to verify that you and your business do not have outstanding liabilities or other concerns that would affect your eligibility for our products. We may also use this information for the purposes of learning for the evaluation of other applications in future.
Land Registration Details Land Registry Legitimate interest We will use this information to help identify your, and your business’, current assets when reviewing your eligibility for our products. This information is part of a public record. This applies to England, Wales and Scotland.
Other publicly available information Various websites (e.g. search engines, rating sites) Legitimate interest We will use this information to help make informed decisions when reviewing your eligibility for our products. We may also use this information for the purposes of learning for the evaluation of other applications in future.

 Sharing data with third parties

In the process of providing you with a quote, in reviewing your application for one of our products, and in performing the contracts that we enter into with you, we may share your data with third parties. Details of these third parties are below. We will only share data with third parties where it is lawful for us to do so.

  • We may share your details with Credit Reference Agencies if you apply for one of our products to assess your application and determine eligibility for our funding products. We may also share your information with Credit Reference Agencies on an ongoing basis whilst you still have a funding product with us (and for up to 9 months once you have paid your funding product in full) for the purposes of (a) assessing whether you may be eligible to receive a further funding product from us, (b) monitoring customers who are underperforming. This data will be used in accordance with the Small and Medium-Sized Business (Credit Information) Regulations 2015 and Small Business Enterprise and Employment Act 2015. Should you require further information regarding the use of data by Credit Reference Agencies in the UK, they have provided a shared document regarding their use of personal data – you can find it here: https://www.equifax.co.uk/crain.html.
  • We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the processing of personal information. Our appointed data processors include Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.  Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.
  • We share your data with our funding providers for their monitoring purposes and such in order that we comply with the terms of our agreements with them.
  • We share your data with ComplyAdvantage, Bisnode, Cribis, and CreditSafe (and similar or replacement providers)  in order to carry out anti-money laundering checks and/or to carry our credit checks.
  • We may share details of any breach of the terms of your agreement with us with credit reference agencies. In the case of a limited liability entity, we may report the directors and/ or shareholders and/or guarantors of such entity with credit reference agencies concerning any breach of the terms of your agreement with us.
  • If you have downloaded the Liberis App, we may share your data with Google and Apple as required to ensure functionality of the Liberis App.
  • We share your data with Facebook so that we can create custom audiences for advertising campaigns. Facebook also process your data to measure the performance of advertising campaigns
  • We use Sagepay and Go Cardless to store and process payment details only
  • In the event of payment default, we may send your details to Azzurro (UK), Shire Recoveries and other debt purchaser and collectors who will represent us in collecting any outstanding debts.
  • We hold customer data on the Salesforce Cloud platform. Salesforce do not use or look at your data, but their servers do hold the data.
  • We hold customer data on the Microsoft Azure Cloud platform, Salesforce Cloud, Snowflake and other similar providers. Microsoft do not use or look at your data, but their servers do hold the data.
  • We will share your information with Fraud Prevention agencies such as CIFAS, and we (or they) may also allow law enforcement agencies to access and use this personal data to detect, investigate, and prevent crime. For more information on how CIFAS will use your information, please see the below CIFAS Fair Processing Notice.
  • We will share data where we are required to do so to comply with applicable laws and directions from regulatory bodies, government bodies or law enforcement agencies.
  • We use Drift to engage with existing and new visitors to the Liberis websites through an online chat.  For more information on how Drift will use your information, please go here https://www.drift.com/privacy-policy/.
  • We use New Voice Media (Vonage) to store and processing recordings of our calls with you.
  • If your details were provided to us by a third party or one of our partners (such as a financial broker, your card provider or via a referral website) then we may provide updates regarding the status of your application back to them, and updates on the status of any product we provide you with, as well as your transaction data and details of any complaints you may make.
  • If your details were provided to us by a third party or partner (such as a financial broker, or via a referral website) then we may provide updates regarding the status of your application back to them, and updates on the status of any product we provide you with.
  • We may also share your data with our partners for fraud prevention purposes and for safeguarding economic well-being purposes where (in line with our Vulnerable Customer Policy) we identify you as a vulnerable customer.
  • If our business (or the majority of our company assets) is acquired by another party, your information will be part of the transfer of assets.
  • If we sell or buy any business or assets, we may share your data with the prospective buyer or seller.
  • Where we engage with third parties for the purposes of raising investment, we may provide data on a strictly need-to-know basis for due diligence purposes.
  • We share your business name and contact details with other organisations that may offer you services of interest to you – but only if you explicitly provide us with permission to do so.
  • We may share your data with other Liberis group companies for the purposes of managing your account.
  • We may share your data with our selected Partners and other third parties where you have confirmed to us that you would like to hear from such third parties about their products and services.

We also disclose your data in the following circumstances:

Service Providers

We work with various third-party service providers:

  • We share your information with payment processors that process financial transactions on your behalf.
  • We work with Open banking providers in order to access data about your financial status in order to evaluate your application, underwrite you for funding and calculate amounts owed to us.
  • We use cloud computing providers to store your data, and to help us process your application efficiently.
  • We may use third parties (e.g. mailing houses) to send you marketing or account information on our behalf. To do this we would need to provide them with your name and address or email address at a minimum.
  • We use a third-party help and support system to help us respond to your questions quickly when you’re using our website, your data are shared here only when you request assistance.
  • We may use third party contact centres to help us contact you by phone, and we would need to pass your information to them to enable them to reach you. They will additionally record the information that you provide to them and pass it back to us.
  • We may use third party operational fulfilment centres to process some parts of your application.
  • We use cloud based electronic signature providers during our application process, we will provide all details required to produce your contract to these providers in order to provide you with this service.
  • We use a service provider who provides multi-touch attribution reporting and other services for us. This third party may have access to, or process Personal Data or Client Data as part of providing those services for us.

We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.

Information outside of the EEA

Liberis is an international company with operations in and outside of the EU and EEA, this includes the US. Some of our external third party service providers are also based outside the European Economic Areas (EEA). If we are required to transfer your personal data out of the EEA or the UK, we ensure a similar degree of protection is afforded to it by:

  • only transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • or using standard contractual clauses approved by the European Commission which give personal data the same protection it has in Europe and the UK.

If you would like further information on how we safeguard your information, please contact us at dataprotection@liberis.co.uk

Non-Personally Identifiable Information

We may make non-personally identifiable information available to third parties for various purposes. This data maybe automatically collected and would be analysed to create an aggregated view of the data, ensure the reported information was anonymous.

Retention of your data

We’ll keep your data only for as long as we need to – that time period may be different in different circumstances. Here are our most common scenarios:

We’ll keep records of any financial transactions, and details regarding the information that you provided to us while making an application for one of our products, for a minimum of 7 years from the end of our relationship with you. We need to do this so that we can respond to any complaints or disputes.

We’ll keep the information that’s needed to provide you with the service that you’ve requested for as long as it takes us to provide the services and for 7 years from termination of the contract for provision of the services.

If you’ve asked us not to use your details for marketing purposes, we will need to keep some details to make sure our systems and processes reflect your preferences. We will implement your opt-out request as quickly as possible. However, you may receive emails for up to 30 days, or marketing by post for up to 60 days, following your opt-out request. This is because our marketing campaigns are usually prepared about a month in advance, and it is often not feasible to remove an individual’s details after this point.

In addition, we will retain any data about you which we need in order to comply with our legal obligations (for example applicable UK tax law require us to hold onto data for a minimum of 6 years).

If we no longer need your data, we will delete it or make it anonymous by removing all details that identify you.

Consequences of processing

Should you choose not to provide us with your personal data, we will not be able to assess your eligibility for one of our products, and we will be unable to enter into a contract with you.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us – you’ll find all of our details in the “Contacting us” section of this notice.

Your rights

Under the General Data Protection Regulation and UK privacy laws you have a number of important rights free of charge. In summary, those include rights to:

  • access to your personal data and to certain other supplementary information that this Policy is already designed to address
  • require Us to correct any mistakes in your information which We hold
  • require the erasure of personal data concerning you in certain situations – this is not an absolute right and is only applicable in certain circumstances.
  • receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal data concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal data
  • otherwise, restrict our processing of your personal data in certain circumstances
  • where consent is our lawful basis for processing your personal data, withdraw such consent
  • claim compensation for damages caused by our breach of any data protection laws.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual rights under the General Data Protection Regulation.

If you would like to contact us about any of the rights we’ve described above, please send your query to: dataprotection@liberis.co.uk and we will reply within the legal time limits, where applicable.

Automated decisions

As part of the processing of your personal data, decisions may be made by automated means.

We make automated decisions based on the information that you provide, and that we gather from third parties, as part of your application to determine your financial profile. Automated decisioning is the process of determining whether to approve an application for funding without the use of a manual underwriter. Instead a series of scorecards, rule and algorithms are used to make this decision automatically without any human intervention. In addition to determining whether an applicant is approved for funding the results of the automated decisioning could also drive the size of the advance a customer is able to take and the size of the fee associated with it.

This means that we may use automated decisions to provide you with a price reflecting your profile. The outcome of these automated decisions may mean that we do not approve your application for one of our products, or that our pricing is adjusted based on the information we have.

These automated decisions use a statistical process based on your historical transactions (details you have provided) and historical credit performance as a business and as an owner of a business (details you have provided and/or publicly available information). If you are an existing customer, the automated decisions will also take into account your performance of previous/current contractual obligations.

We may also automatically decide that you pose a fraud risk if our processing reveals your behaviour to be consistent with that of known fraudsters; or if there is evidence that attempts have been made to conceal your true information.

You have the right to request manual decision making in place of automated decision making. If you would like more information in relation to automated decision making or if you would like to request that your application is referred for a manual decision:  please contact us at dataprotection@liberis.co.uk.

Data security

The security of your information is important to us and we will do our best to protect your data.

Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your data transmitted to our Site; any transmission is at your own risk.

Once you provide the information to us, we store this information on our secure servers, and we have implemented reasonable administrative, technical, and physical security measures to protect against the unauthorised access, destruction or alteration of your information based on its sensitivity.

Liberis operates it’s production infrastructure inside MS Azure datacentres, we operate a change management process to implement changes inside these environments. Our production infrastructure is subject to an annual penetration test by a 3rd party, with defined timescales for any remediation actions required. We are also ISO27001 certified.

Our Azure environments are protected against DDOS attacks and common attack patterns at the Azure edge, additionally, we plan to implement an IDS/IPS solution into our production environment with the logs from these network devices being fed into a 24/7 SIEM solution.

In our corporate environment we run regular vulnerability scans and remediate accordingly to our policy documentation.

Our use of cookies

We use cookies to help provide you a great experience when using our website. A cookie is a small text file that is stored on your computer (or whichever device you use to access this website) that is unique to you, to help us tell you apart from other visitors when you move between pages, or when you come back. Details of our Cookies Policy can be found here.

Children

Our products are not for children and to qualify, you must be over eighteen (18) years of age. You must make sure the details provided by you on registration or at any time are correct and complete. You must inform us immediately of any changes to the information that you provided when registering by updating your personal details.

Changes to this privacy notice

We may amend this notice from time to time; should amendments be made they will be posted to our website. This privacy notice was last updated on 7 February 2023.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.

The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or by telephone at 0303 123 1113.
The supervisory authority in Sweden is the Datainspektionen who may be contacted at https://www.datainspektionen.se/kontakta-oss/ or by telephone at (+46) 86576100.

Contacting us

Should you wish to contact us with any questions or concerns you may have regarding our privacy notice, to request any amendments to the data we hold about you, or to exercise any of your other rights listed in this notice, you can contact our Data Protection Officer using any of the following methods:

Email

You can contact our Data Protection Officer via email using the following address: dataprotection@liberis.co.uk

Post

You can write to our Data Protection Officer at the following address:

Data Protection Officer

Liberis Ltd

Scale Space Building, 1st Floor,

58 Wood Lane,

London W12 7RZ

CIFAS Fair Processing Notice

General

  1. Before we provide services to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
  2. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
  3. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, and device identifiers including IP address.
  4. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
  5. We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
  6. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

Automated Decisions

  1. As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details above.

Consequences of Processing

  1. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
  2. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.

Data Transfers

  1. Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.

Your Rights

  1. Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
  2. For more information or to exercise your data protection rights, please contact us using the contact details above.
  3. You also have a right to complain to the Information Commissioner’s Office, which regulates the processing of personal data.

 

US Privacy Policy

Liberis (“Liberis” or the “Company”) recognizes, respects and protects the personal privacy rights of all our customers and works diligently to safeguard your privacy. We are committed to providing security and privacy regarding the collection and use of our customers’ personal information, as well as the personal information of all consumers who visit our institution.

Liberis Online Privacy Policy

Liberis, Inc. takes your privacy seriously. This Online Privacy Policy explains how the Company gathers and processes your personal information in compliance with the relevant data protection regulations, laws and guidance. Together with our Website Terms and Conditions, this policy provides you with important information regarding your rights and obligations, and explains how, why and when we collect and process your personal data. Please read this Online Privacy Policy carefully before using our website or registering to use our products or services. By visiting www.liberisgroup.com you are accepting and consenting to the practices described in this Online Privacy Policy.

References in this Online Privacy Policy and on our website to “we,” “our” or “us” are references to Liberis. References to “you” and “your” mean each natural or legal person who uses our website or the associated products or services and also includes the owners, executive officers, senior managers and general partners of any business that requests or receives products or services from Liberis, and any other individuals who perform similar functions (the “Principals”). References to the “business” mean the individual, corporation, association, partnership, limited liability company, estate, trust, or any other entity that applies for or obtains products and services from Liberis.

  1. What Information Do We Collect?

Liberis processes your personal information to meet our legal, statutory, and contractual obligations and to provide you with our products and services and to send you marketing messages. We will never intentionally collect any unnecessary personal data from you and do not process your information other than as specified in this Online Privacy Policy.

The types of personal information that we collect depends on the products and services you request and use. This information may include, for each Principal who is an individual:

  • Name
  • Percentage of ownership in the business
  • Home street address
  • Telephone number
  • Email address
  • Social security number
  • Date of birth
  • Bank account and Open Banking data

We may also require written authorization from each Principal to obtain consumer credit reports.

We may also require the business to provide its name, postal and email addresses, and telephone numbers; type of entity such as corporation, LLC, partnership, or sole proprietorship; Employer Identification Number; the date the business was started; its bank and routing number and account number; its bank statements and its management and/or audited accounts.

We may require the business to provide its acquirer Merchant ID(s), the purpose for which it is requesting funding, its current and historical card takings, and chargeback and refund data, as well as its Merchant Category Code(s) and/or industry type.

We may require other reports such as credit, fraud and Office of Foreign Asset Control (“OFAC”) reports on each Principal.

We may require confirmation that the business is continuing to take payments through the card terminal(s) provided to us.

  1. How we collect information

We may collect any personal information that you provide to us voluntarily, for example by completing a form on any of our websites or in hard copy, by taking part in survey, a phone or social media conversation, or by emailing us, or by permitting us to obtain information about you from a third party.

Our systems may automatically record information about your website usage, such as your browser type (e.g. Internet Explorer), operating system (e.g. Microsoft Windows), IP address (a way of identifying your internet connection) and basic information about your internet service provider. This information does not require your intervention and is used to improve our services and enhance your user experience.

For security and audit control, and to help us understand your preferences, we may also keep a record of when you access the site, which pages you visit and the actions you take on each page.

We may also collect data contained in a credit report from a consumer reporting agency (“CRA”) or from other information databases such as fraud and OFAC reporting sources.

  1. How We Use Your Personal Information

3.1 Liberis takes your privacy very seriously and will disclose and use your personal information only as described in this Online Privacy Policy. You are free to opt-out of receiving email offers at any time at any time by emailing dataprotection@liberis.co.uk or by clicking the unsubscribe link in any marketing email you receive from us. This will not unsubscribe you from critical emails required for the provision of products and services to which you have subscribed. This includes but is not limited to emails regarding payments due, payments received and payments missed. You may opt-out of future text solicitations by responding to any text with the word “STOP” and may opt-out of telephone solicitations to your residential or mobile phone by asking the caller to be placed on our do-not-call list.

3.2 Reasons we can use your personal information:

For everyday business purposes:

  • To register you as a user and to provide the services you require.
  • To decide whether to offer you a Liberis product or service.
  • To search CRA or other database records.
  • To provide you with customer support.
  • To enhance the accuracy of the information that we hold about you.
  • To notify you of any important changes to the site.
  • To prevent potentially prohibited or illegal activities.
  • To enforce our Terms and Conditions.

To enhance your experience on our website by

  • Monitoring and improving our services and customizing our website for you.

For marketing purposes:

  • To keep you informed of any products, services or offers which might be of interest to you where you have provided your consent for us to do so.
  • For internal research purposes, general website administration, and demographic and statistical analysis of our service users.

3.3 We may use your personal information to generate non-personal statistical data, for example relating to the size of our customer base and the levels of site usage. This will only be group data, such as the age range of site users, and will not include any information that could personally identify you. This may then be shared with third parties.

  1. How we may share and disclose your personal information

4.1 Liberis shares your personal information with third parties as permitted by law, including in the following ways:

  • If your details were provided to us by a third party or one of our partners (such as a financial broker, your card provider or via a referral website) then we may provide updates regarding the status of your application back to them, and updates on the status of any product we provide you with, as well as your transaction data and details of any complaints you may make.
  • Third party service providers. We may work with third party service providers, including affiliates, to support our business functions, such as facilitating electronic fund transfers and offering customer service. For example, we will work with companies that we partner with to provide services to you, and companies that we work with to collect information about your card transactions. Liberis may share your personal information, including credit reports, with such companies, but all service providers acting on our behalf will only process your data in accordance with instructions from us and will comply fully with relevant data protection laws and any other appropriate confidentiality and security measures.
  • Credit reporting agencies. Liberis may share personal information about you with CRAs or other data-collection organizations to meet our reporting obligations. Other affiliates and third parties. We may also share your personal information, other than credit reports, with affiliates and third parties that are not affiliated with us for any legitimate purpose permitted by applicable law.

4.2 We may also share aggregated and anonymized data sets based on your personal information with third parties that does not reasonably identify you directly as an individual.

  1. Cookies and Similar Technologies

5.1 Our website may use cookies to store information about your site usage. A cookie is a small text file that is sent to your browser from a web server and then stored on your hard drive. Cookies enable us to recognize your computer and record information from your visits to the site, such as your preferred settings. This saves you having to re-enter the same data each time you use the site and allows us to provide you with a more customized experience.

5.2 We may also use cookies and analytical software to collect anonymous data for internal research purposes, including without limitation:

  • To monitor site usage.
  • To keep an audit trail.
  • To understand visitors’ browsing habits.
  • To analyze trends and demographic statistics.
  • To compile statistical reports.

5.3 Most internet browsers accept cookies by default; however, you can usually change your browser settings to reject cookies if you would prefer not to receive them. If you choose not to receive our cookies you will not be able to receive any personalized features and you may not be able to benefit from all our services.

5.4 Currently our website does not respond differently or limit practices under the terms of this Online Privacy Policy when you access our online services with a browser that uses a do not track signal or similar mechanism.

  1. Information Security

6.1 The security of your personal information is very important to Liberis. We use physical, electronic, and administrative safeguards that are designed to protect your Personal Information from loss, misuse and/or unauthorized access, disclosure, alteration and destruction.

We have several layers of security measures in place to protect your information, including:

  • An up-to-date anti-virus software to protect against viruses damaging data and infrastructure,
  • Periodic review of our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems,
  • Housekeeping measures by regular backups, encryption, and network domain policy.

In addition, Liberis uses standard security protocols and mechanisms to exchange the transmission of sensitive data such as credit card details and bank account numbers. When you enter sensitive Personal Information such as your bank account number on our site, we encrypt it using Secure Socket Layer (SSL) technology.

6.2 Liberis is also committed to reducing risks of human error, theft, fraud, and misuse of its facilities. The Company’s efforts include training employees on security policies and procedures as well as implementation of such policies and procedures. Liberis employees are required to maintain the confidentiality of services data. Employees’ obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.

  1. Protecting Children’s Privacy Online

Liberis’s website is not directed to individuals under the age of eighteen (18). We request that individuals under the age of eighteen do not provide Personal Information through our website. In the unlikely event that we learn that information from such individuals has been collected, we will immediately remove that information from our databases. The Company does not knowingly collect, use, or disclose personal information from or to children under age 13 without obtaining written, verifiable consent from a parent or legal guardian. For more information on the Children’s Online Privacy Protection Act, please visit the Federal Trade Commission website: http://www.ftc.gov/opa/reporter/privacy/coppa.shtml.

  1. Using other websites

8.1 Our websites may contain links to web sites which are owned or controlled by parties other than Liberis Inc. These links are provided for your convenience and do not imply that we have reviewed or condone the third-party sites, their content, or their privacy policies.

8.2 When using other websites, you must be aware that any personal information you supply will be handled according to their privacy policies. We recommend that you read and consider these website’s privacy policies and terms and conditions before providing any of your personal information. Liberis is not responsible for privacy practices or content on third-party websites.

8.3 Our websites may also automatically transfer you to a third party site in order to fulfil the services we provide to you. In such cases, we will carry out due diligence to ensure third parties have the appropriate data protection requirements in place.

8.4 When you access the linked third party websites you do so at your own risk. These sites may place their own cookies or other files on your computer, or collect data or solicit personal information from you. Liberis is not liable for any misuse of your information or other misconduct by the third party.

  1. Changes to this Online Privacy Policy

9.1 We may amend or update this Online Privacy Policy periodically to reflect the changes in our business and practices. The revised policy will be posted on our website. Any changes will become effective immediately upon posting to our website.

For questions, contact us at dataprotection@liberis.co.uk ,or call us at +1(844) 754-2370

  1. Your California Privacy Rights

California Consumer Privacy Act (“CCPA”)

Privacy Notice

This California Privacy Notice is for California Residents only and supplements our online Privacy Notice. This notice describes:

  • The Personal Information that Liberis (together the “Company,” “we,” “our,” or “us”) collects in the course of its business and explains how this information is collected, used, sold, disclosed, shared, and retained;
  • The rights provided by the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”) to California Residents (“consumer” or “you”) regarding their Personal Information; and
  • How consumers can exercise those rights.

Your Personal Information

What is Personal Information?

We may collect, use, or disclose your Personal Information. Personal Information is information that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, with you (“Personal Information”). It can also include other pieces of information which can be used to identify you, either directly or indirectly, such as a cookie. Personal Information does not include: (1) publicly available information, such as information that is lawfully made available from federal, state, or local records, or (2) de-identified or aggregate consumer information.

What types of Personal Information do we collect and use?

The CCPA requires us to disclose certain information regarding our collection, use, sale, sharing, disclosing, and retention of your Personal Information in the course of providing our financial services to you. In the past twelve (12) months, we have collected the following categories of Personal Information for business or commercial purposes:

  • Identifiers (e.g., passport, driver’s license, social security number, taxpayer identification number, email address, real name, alias, internet protocol address, or other similar identifiers, address, telephone number, and other contact information);
  • Personal information described in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e)) (e.g., name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information);
  • Characteristics of a protected class (e.g., nationality, race, etc.);
  • Commercial records (e.g., contractual/contact information (i.e., our ‘history’ together – services provided or discussed, payment information (e.g., bank account or wiring instructions));
  • Internet or other electronic network activity (e.g., browsing history, search history, information regarding your interaction with our website, cookies);
  • Geolocation data;
  • Audio, electronic, visual and similar information (e.g., call and video recordings);
  • Professional or Employment information (e.g., job title, company name, address, telephone number, employment history, type of entity, Employer Identification Number, date business started, financial information including account and routing numbers and management and/or audited accounts);
  • Inferences drawn from other personal information (for example, data, assumptions, or conclusions derived from facts, evidence, or another source of information or data reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes); and
  • Sensitive Personal Information (e.g., social security number, driver’s license number, passport number, account number, precise geolocation, racial or ethnic origin, etc.).

Where do we collect your Personal Information from?

Typically, we will collect information from you when you contact us directly or provide information to us to provide you with our products and services.  In addition, we collect information from and about you in the following ways:

  • You (or your representative)
  • Data Analytics Providers
  • Marketing Partners
  • Our website and mobile applications
  • Third-party websites
  • Services Providers
  • Credit Reporting Agencies
  • Government Agencies
  • Third parties (such as your card processor, brokers or our partners) who refer you to us for our products and Services.
  • Publicly accessible databases

We will only use your Personal Information for the reasons for which we collected it. If we need to use your Personal Information for another purpose, we will tell you about it, explain the legal basis which allows us to do so, and obtain your explicit consent.

What do we do with your Personal Information?

We may use your Personal Information for one or more of the following business or commercial purposes:

  • To provide you with our products and associated services: We use personal information to assess your eligibility for our funding products, offer and provide our funding products and associated services, including: (1) establishing, maintaining, supporting, and servicing your product; (2) providing services, products, or information you may have requested from us; and (3) performing services such as maintaining or servicing your MyLiberis accounts, providing customer service, verifying customer information, providing financing, searching CRA or other database records, providing analytic services, or providing similar services on our own behalf or on the service provider’s behalf.
  • Security and Fraud Detection: We use personal information for our security and fraud detection services including: detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity; and prosecuting those responsible for that activity.
  • Debugging: We use personal information to engage in debugging to identify and repair errors that impair existing intended functionality.
  • Improvement of Products and Services: We use personal information to verify, maintain, and improve our products and services.
  • Internal Research: We use personal information for our internal research related to technological development and demonstration.
  • Advertising and Marketing Services: We use personal information to provide advertising or marketing services on our own behalf.
  • Audits: We use personal information to audit current interactions with you and related transactions (e.g., counting and verifying ad impressions, auditing compliance).
  • Merger/Acquisition/Bankruptcy, etc.: We may use your personal information as part of a merger, acquisition, bankruptcy,  other transaction where a third party assumes control of us, or where such information is requested by our lenders.
  • Commercial/Economic Interests: We use personal information to advance our commercial or economic interest.
  • Legal Obligations: We use personal information to comply with legal obligations, including enforcing our Terms and Conditions.
  • Aggregated information:  We may use your personal information to generate non-personal statistical data, for example relating to the size of our customer base and the levels of site usage. This will only be group data, such as the age range of site users, and will not include any information that could personally identify you. This may then be shared with third parties.

Who do we disclose your Personal Information with?

We may disclose your personal information to employees, service providers, or contractors in order to carry out specific business or commercial purposes.  In the preceding 12 months, we have disclosed the following categories of consumer personal information for business or commercial purposes to service providers and the following categories of third parties:

Identifiers: We share this information with Third party firms which provide background checks for due diligence and anti-money laundering and External legal counsel, and consultants (including regulatory and tax).

Personal information described in the California Customer Records Statute (Cal. Civ. Code § 1798.80(e)): We share this information with Third party firms which provide background checks for due diligence and anti-money laundering and External legal counsel, and consultants (including regulatory and tax).

  • Commercial records: We share this information with Third party firms which provide background checks for due diligence and anti-money laundering and External legal counsel, and consultants (including regulatory and tax).
  • Audio, electronic, visual and similar information: We share this information with Third party firms which provide background checks for due diligence and anti-money laundering and External legal counsel, and consultants (including regulatory and tax).

We do not and will not sell or share (for cross-contextual behavioral advertising) your Personal Information to any third party, nor have we done so in the preceding 12 months. Similarly, we do not and will not collect, sell, or share (for cross-contextual behavioral advertising) the Personal Information of minors under 16 years of age.

How will we use your sensitive Personal Information?

We only collect or use sensitive Personal Information for the following business or commercial purposes:

  • To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
  • To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted Personal Information.
  • To resist malicious, deceptive, fraudulent, or illegal actions directed at the business and to prosecute those responsible for those actions.
  • For short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer’s current interaction with the business.
  • To perform services on behalf of the business.
  • To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by the business.
  • To collect or process sensitive Personal Information where such collection or processing is not for the purpose of inferring characteristics about a consumer.

How Long We Retain Your Personal Information

We store Personal Information for as long as we believe is reasonably necessary or appropriate to fulfil our business  or commercial purposes or to comply with applicable law, audit requirements, regulatory requests, or orders from competent courts.

Your Rights under the CCPA

The CCPA provides you with certain rights regarding the collection, use, and disclosure of your Personal Information. As described in more detail below, the CCPA provides you with the following rights:

  1. The Right to Know/Access what Personal Information we have collected about you. Before or when we collect your Personal Information, you have the right to know:
  • The categories of Personal Information (including Sensitive Personal Information) we collect, the business or commercial purpose for which we collect and use the Personal Information, and whether we sell or share that information; and
  • How long we intend to keep each category of Personal Information, including Sensitive Personal Information.

You also have the right to request that we provide you with certain information about the Personal Information we collect, use, share, disclose, or sell, as well as the categories and specific pieces of information that we have collected about you. Specifically, you have the right to request the following information:

  • The categories of Personal Information we collect.
  • The categories of sources from which the Personal Information is collected.
  • The business or commercial purpose for collecting, selling, or sharing Personal Information.
  • The categories of third parties to whom we disclose Personal Information.
  • If we disclosed your Personal Information for a business purpose, the categories of Personal Information that we disclosed about you and the categories of third parties to which we disclosed that Personal Information for a business purpose.
  • The specific pieces of Personal Information the business has collected about you.
  1. The Right to Delete the Personal Information we collected and maintained about you once we verify your request. However, there may be reasons we need to keep your Personal Information and we will inform you if that is the case.
  2. The Right to Correct inaccurate Personal Information we have collected from you and maintained about you. Once we verify your request, including the inaccurate information, we will update your inaccurate Personal Information from our records and our service provider’s records.
  3. The Right to Limit the Use and Disclosure of Sensitive Personal Information if we use the information for reasons that are not aligned with why we obtained such information. However, we can use this information as permitted by law, to follow the law, and to give you the best service.
  4. The right to Non-Discrimination or Non-Retaliation, which means we cannot discriminate or retaliate against you if you exercise your rights under the CCPA.

You also have the Right to Opt-Out of the sale or sharing (for targeted advertising) your Personal Information. However, we do not sell or share your Personal Information.

Submitting a Verifiable Request to Know, Correct, or Delete Personal Information

To exercise your Right to Know, Correct, or Delete your Personal Information, please submit a request to us by:

  • Email:  dataprotection@liberis.co.uk
  • Mail: Data Protection Officer, Liberis Ltd., Scale Space Building, 1st Floor, 58 Wood Lane, London, W12 7RZ

To submit a request, we must verify your identity:

  • Password-Protected Accounts: If you have a password-protected account with us, we may verify your identity through our existing authentication practices for your account. We will also require you to re-authenticate yourself before we disclose your Personal Information. If we suspect fraudulent or malicious activity on or from your account, we will need to perform further verification to determine whether your request is authentic, and you are the person about whom we have collected the Personal Information.
  • Non-Account Holders:  If you do not hold a password-protected account with us, we will verify you as follows:
    • If you submit a request to know the categories of Personal Information, we will ask you for at least two pieces of information, which we will match with at least two data points in our system to verify your identity.
    • If you submit a request to know specific pieces of Personal Information, we will ask you for at least three pieces of information, which we will match with at least three data points in our system to verify your identity.  You will also be required to submit a signed declaration under penalty of perjury stating that the requestor is the consumer whose Personal Information is the subject of the request. Please note there is certain information we are not permitted to provide you, such as certain Sensitive Personal Information.

We will generally avoid requesting additional information from you to verify you unless necessary.  This information will only be used to verify your identity and will delete any new Personal Information we collect to verify your identity as soon as possible.

If we are unable to verify your identity, we will let you know and explain why we were unable to verify your identity.

If you would like to use an authorized agent, which is an individual or business registered with the Secretary of State, to submit a verifiable request, you must provide the authorized agent with written permission to do so and verify your own identity directly with us or directly confirm that you provided the authorized agent with permission to submit the request.  We may deny a request from an agent that does not submit proof that they are authorized to act on your behalf.

Please note that we will not respond to a request for your Personal Information if you have submitted more than two requests in a 12-month period.

Responding to a Request to Know, Correct, or Delete Personal Information

Once we receive your request, we will send you an acknowledgment email within 10 days and provide you with next steps for processing your request, including verifying your identity.  We will respond to your request within 45 days unless we need more time.  We will provide you with additional information if that is the case.

Changes to Our California Privacy Notice

We are required by law to update this California Privacy Notice at least once every 12 months. We will notify you when we make changes to this privacy notice. This California Privacy Notice was last updated on February 7, 2023.

Contact Information

If you have any questions regarding our privacy policies, our California Privacy Notice, the ways in which we collect, use, or disclose your Personal Information, or how to exercise your rights under the CCPA, please do not hesitate to contact us at:

Data Protection Officer

Liberis Ltd.

Scale Space Building, 1st Floor

58 Wood Lane

London W12 7RZ

Email:  dataprotection@liberis.co.uk