Privacy policy

Introduction

We ask that you read this website privacy policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

This website https://fibr.com/ is operated by Lendflo Limited registered in England and Wales (No. 10861934) of registered address Ingestre Court, Ingestre Place, London, England, W1F 0JL; trading as FIBR under trade name © Fibr Limited 2020. All rights reserved.

We are an online business credit provider and for more information see [insert link to about us page] of the website.

We collect, use and are responsible for certain personal information about you when you visit our website and when you apply to and / or purchase products and services from us. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union and the United Kingdom and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union and the United Kingdom and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Important information and who we are

Purpose of this privacy policy

This privacy policy aims to give you information on how FIBR collects and processes your personal data through your use of our website, including any data you may provide through our website when you create an account with us.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

Controller

FIBR is the controller and responsible for any personal data provided to us (referred to as “FIBR”, “we”, “us” or “our” in this privacy policy).

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights (defined below), please contact the DPO using the details set out below.

Contact details

If you have any questions about this privacy policy or our privacy practices, please contact our DPO in the following ways:

Full name of legal entity: Remi Tuyaerts, Lendlfo Limited
Email address: remi.tuyaerts@lendflo.com
Postal address: Ingestre Court, Ingestre Place, London, England, W1F 0JL

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to the privacy policy and your duty to inform us of changes

We keep our privacy policy under regular review. This version was last updated on the 10th September 2020.

If you are purchasing any of our FIBR credit products or subscribing to any of our services, it is important that the personal data we hold about you is accurate and current, therefore please keep us informed if your personal data changes during your relationship with us.

Third-party links

Our website may include links to third-party websites, platforms, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our platform, we encourage you to read the privacy policy of every platform you visit.

CIFAS STATEMENT: Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.

Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested. Cifas has published its assessment of the legitimate interests in relation to the National Fraud Database.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact the organisation that referred you to this page.

CONSEQUENCES OF PROCESSING: If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact the organisation that referred you to this page.

DATA TRANSFERS: Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to “international frameworks” intended to enable secure data sharing. Cifas has published more information about data transfers.

Listed below are third party providers that link into our website when you sign up to subscribe to our services in order to provide you with our overall service under our contract with you.

Acceptance of this privacy policy shall be deemed acceptance of such third parties using your personal data in accordance with the privacy policies which relate to such third parties:

Auth0: https://auth0.com/privacy

Amsterdam Trade Bank: https://www.amsterdamtradebank.com/about-us/corporate-governance/privacy-statement/

Clearbooks: https://www.clearbooks.co.uk/terms/privacy/

CRAIN: In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). Where you take banking services from us we may also make periodic searches at CRAs to manage your account with us.

To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

We will use this information to:

  • Assess your creditworthiness and whether you can afford to take the product;
  • Verify the accuracy of the data you have provided to us;
  • Prevent criminal activity, fraud and money laundering;
  • Manage your account(s);
  • Trace and recover debts; and
  • Ensure any offers provided to you are appropriate to your circumstances.

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organizations by CRAs.

When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.

If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at [LINK TO CRAIN]. CRAIN is also accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document: Callcredit www.callcredit.co.uk/crain; Equifax www.equifax.co.uk/crain; Experian www.experian.co.uk/crain.

Experian: https://www.experian.co.uk/privacy-and-your-data.html

Equifax: https://www.equifax.co.uk/About-us/Privacy_policy.html

Freeagent: https://www.freeagent.com/fieldguide/legal/privacy/

Intercom: https://www.intercom.com/terms-and-policies#cookie-policy

Intuit: https://quickbooks.intuit.com/uk/privacy-policy/

Kashflow: https://www.kashflow.com/data-protection-at-kashflow/

Onfido: https://onfido.com/privacy/

Paynet: https://paynet.com/privacy-policy/

Rails Bank: https://www.railsbank.com/privacypolicy

Sage: https://www.sage.com/en-gb/legal/privacy-and-cookies/

Sphonic: https://www.sphonic.com/privacy-policy/

TrueLayer: we use a tool provided by TrueLayer Limited (www.truelayer.com) (“TrueLayer”) that allows you to send information on your payment accounts to us and other service providers. In order to use our services, you will be asked to enter your payment account details with TrueLayer and agree to their Terms of Service (https://truelayer.com/enduser_tos/). The Terms of Service set out the terms on which you agree to TrueLayer accessing the information on your payment accounts for the purposes of transmitting that information to us. TrueLayer is subject to UK and EU data protection laws and is required to treat your data in accordance with those laws, as well as the Terms of Service and TrueLayer’s Privacy Policy (https://truelayer.com/privacy/). TrueLayer is authorised by the UK Financial Conduct Authority under the Payment Services Regulations 2017 to provide account information services and payment initiation services (Firm Reference Number: 793171).

Xero: https://www.xero.com/uk/about/legal/privacy/

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data (as applicable dependant on the use of our website by you) about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account information (including account type, account name, IBAN/account number/sort code/ SWIFT), account balance information (including current balance), payment card details (including available balance, payment due date, minimum payment due), invoice details, loans data, insurance data, investments data.
  • Transaction Data includes details (time, description, amount, meta-data) about payments to and from you, details of payments made to us by third parties in relation to the payments made to you, and other details of services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this platform.
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our platform and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.