Welcome to our privacy policy (the “Privacy Policy”)

Whether you are a borrower, lender, person connected with the borrower or lender, persons connected with a borrower’s loan, or just visiting our Website (each a “User”, and together the “Users”) we think it is important that you understand:

  • How and when we collect your Personal Data;
  • What Personal Data we collect;
  • Why we use your Personal Data; and
  • Your rights and choices

This Privacy Policy (together with our terms of use, terms and conditions, and any other documents referred to therein) sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us. Please read this Privacy Policy carefully. By using or accessing our Website and/or Platform, contacting us by telephone, by emailing us or otherwise providing information to us (for example through our social media or our originators), you confirm that you have read this Privacy Policy, and you understand and agree to be bound by the practices described herein.

If, and to the extent, you provide Personal Data relating to any third party to us, you confirm that they have appointed you to act on their behalf, you have obtained their consent to pass their Personal Data to us and for us to process that Personal Data in the manner and for the purposes described in this Privacy Policy.

Our Website, Platform and this Privacy Policy may provide links to other resources (which we believe to be useful) and other websites. These links will lead you to websites operated by third parties that operate under their own privacy policies. Should you follow one of these links you will be leaving our Website for a site over which we have no control, and we are not responsible for such a site.

Definitions used in this Privacy Policy

Data Controller means an individual, company or other organisation who determines the purposes for which and the manner in which any Personal Data are, or are to be processed. We act as the Data Controller when processing Personal Data relating to our Users;

Data Processor means, in relation to Personal Data, any person (other than an employee of the Data Controller) or organisation which processes data on behalf of a Data Controller;

Data Subject means a person who is the subject of Personal Data;

EEA means European Economic Area

Personal Data means data which relate to a living individual who can be identified from:

  1. such data; or
  2. such data and other information which is in or is likely to come into the possession of the Data Controller, and includes any expression of opinion about the individual and any indication of the intentions of the Data Controller or any other person in respect of the individual;

Platform means the private site for our Users that appears at my.smecapital.com;

Services means the services we provide to Users via the Platform;

Website means our public website that appears at www.smecapital.com; and

“we”, “us”, “our”, means SME Platform Ltd (t/a SME Capital) and where applicable, our officers, consultants, agents and employees.

For ease of reading these words “we”, “us”, “our”, “you” and “your” are not shown in capitals.

  1. What type of data we collect and process

    We collect and process:

    1. Contact Details: e.g. your name, address, job title, telephone number and email address;
    2. Financial Information: e.g. audited accounts, management accounts.
    3. Data that identifies you:
      1. monitoring use of our Website and/or Platform for security purposes and to check whether Users comply with our terms of use and terms and conditions;
      2. your internet protocol (“IP”) address used to connect your computer to the internet, login information, browser type and version, time zone setting, browser plug in-types and versions, geolocation information about where you might be operating systems and versions, each device’s unique identifying code (MAC address), operating system, platform and electronic signatures;
      3. all of the information you choose to submit to us including any information provided by you to us when making an application or registering your interest for our Services via our Platform along with the information you send to us in hard copy, emails and text messages (including WhatsApp messages), or interacting with us on social media platforms (such as LinkedIn, Facebook or Twitter); and
      4. when you opt-in to marketing messages.
    4. Data on how you use our Platform and/or Website:
      1. your URL clickstream (the path you take through our site), products and services viewed, pages response time, download errors, how long you stay on our pages, what you do on those pages (such as scrolling, clicks and mouse-overs), number and nature of edits made to certain sections and information and methods used to browse away from the page;
      2. information otherwise obtained in conjunction with your use of the Platform, including any information that you post to your profile, a company’s profile, any alerts that you set, questions and answers that you view, widgets used and any preferences listed in your dashboard; and
      3. information about you received from other sources. We work closely with third parties (including, for example, business partners, sub-contractors in technical and delivery services, analytics providers and search information providers) and may receive information about you from these sources.
    5. Other data:
      1. information that you send to us as part of our “know your client” compliance checks;
      2. all of the information provided to us by third parties such as information provided by your employer or organisations who enable us to carry out identity checks and/or other fraud prevention services;
      3. data from your contracts, such as for example your contract templates, smart fields, data integrated into contracts from third party providers, counterparty names and e-mail address, comments, activity on contracts and signatures; and
      4. information you give us when you report a problem with our Website and/or Platform.
  2. How we collect your Personal Data

    We collect Personal Data via:

    1. information given to us by you;
    2. information we collect about you; and
    3. information received from other sources.
  3. Why we collect your Personal Data

    1. Information given to us by you – we will use this information to:
      1. carry out our obligations arising from any contracts entered into between Users and us;
      2. provide you with information about products and Services that you request from us;
      3. provide you with information about other Services we offer that are similar to those that we already provide to you or that you have enquired about;
      4. provide you with information about Services we feel may interest you. If you are an existing User, we may contact you by telephone and/or electronic means with information about Services similar to those which were the subject of a previous agreement or negotiation between us. If you are a new User, we will contact you by telephone or electronic means only if you have consented to this;
      5. notify you about changes to our Services;
      6. use for data analysis (not used for marketing), testing, research, statistical and survey purposes;
      7. ensure that the content from our Website and/or Platform is presented in the most effective manner for you and your computer; and
      8. complete regulatory checks, including “KYC” checks.
    2. Information we collect about you – we will use this information to:
      1. administer our Website and/or Platform for internal operations, including but not limited to troubleshooting;
      2. use for data analysis (not used for marketing), testing, research, statistical and survey purposes;
      3. improve our Website and/or Platform to ensure that the content is presented in the most effective manner for you and your computer;
      4. keep our Website and Platform safe and secure;
      5. make suggestions and recommendations to you and other Users of our Website and/or Platform and about the Services that may interest you or them; and
      6. complete regulatory checks, including “KYC” checks.
    3. information received from other sources:
      1. we may combine this information with information you provide to us and information we collect about you;
      2. we may use this information and the combined information for the purposes set out above (depending on the types of information we receive);
      3. we may process your Personal Data from business cards where the information captures in a personal networking capacity as part of our business operations, relying on legitimate interest;
      4. we may use this information to complete regulatory checks, including “KYC” checks; and
      5. we may use this information for data analysis (not used for marketing), testing, research, statistical and survey purposes.
  4. How we use your Personal Data

    The purposes for which we may process your Personal Data include:

    1. providing our Services to you;
    2. assessing your creditworthiness and to make credit-related decisions;
    3. analysing and improving our credit risk models and our customer service offering;
    4. ascertaining your borrowing needs if you are a borrower;
    5. carrying out mandatory and regulatory checks, including but not limited to anti-money laundering checks;
    6. monitoring use of our Website and/or Platform for security purposes and to check whether Users comply with our terms of use and terms and conditions; and
    7. unless you have specified that you do not wish to receive marketing communications from us, marketing to you of our financial services and products, or other products of a similar or complementary nature.
  5. Who we disclose your Personal Data to

    In order to run our business and provide you with many of our products and services, we may share the information we collect with:

    1. the prospective seller or buyer if we sell or buy any business or assets;
    2. regulatory authorities to comply with our legal and regulatory obligations;
    3. our employees, agents, officers, consultants, business units that have relationships with our customers and Users;
    4. third-party service providers where this is necessary for the purpose of continuing to provide the Services to you;
    5. our insurers and insurance brokers where required in order for us to be able to obtain insurance against risks we face in running our business. They may retain this information for the purpose of ongoing risk assessment and insurance broking and underwriting services;
    6. credit reference agencies, banks and finance companies which provide anti-fraud and identity information to us. Where we do so for anti-fraud purposes, the recipient organisation may hold your information on file for the purposes of their fraud-prevention services in the future;
    7. lenders for credit check purposes and other loan related checks;
    8. our professional advisors for example our lawyers and technology consultants when they need it to provide advice to us;
    9. the Police, local authorities, Her Majesty’s Revenue and Customs (HMRC), the Courts and any other central or local government bodies where they request it and we may lawfully disclose it, for example for the prevention and detection of crime; and
    10. any new business partners we may have over time, for example a joint venture, reorganisation, business merger or sale affecting us.

    When we share your Personal Data with third parties, your Personal Data is shared only when strictly necessary and according to the safeguards and good practices in this Privacy Policy.

  6. Your privacy choices and rights

    Generally, we will inform you (prior to collecting your data) if we intend to use your data for marketing purposes.

    You have the right to:

    1. ask us not to process your Personal Data for marketing purposes. Please contact us at the address indicated below;
    2. request a copy of the Personal Data we hold about you and to have inaccuracies corrected. In accordance with our Data Protection Policy, we charge £10 for all information requests to cover administration costs;
    3. access information we hold about you, this includes the right to ask us information about:
      1. categories of data we are processing;
      2. purposes of data processing;
      3. categories of third parties to whom the data may be disclosed;
      4. how long data will be stored (or the criteria used to determine that period); and
      5. your other rights regarding our use of your data.

    You can contact us to discuss your information at any point in time using the details provided below:

    SME Capital, 8th Floor, 1 Knightsbridge Green, London, SW1X 7NE.

    We may have to ask you to provide evidence of your identity, or provide more information, before we can respond to your request.

    We reserve the right not to comply with any requests we receive from Users where we may lawfully do so, or where there is a legitimate business interest to not do so.

  7. For how long we store your Personal Data

    Personal Data will not be retained for longer than necessary for us to achieve the purpose for which we obtained that data, but we may retain information about Users after the closure of the relevant file for as long as permitted for legal, regulatory, fraud and other financial crime prevention and for legitimate business purposes. In addition, we are required by law to retain certain types of information for specified time periods.

  8. Data relating to third parties

    If, and to the extent, you provide Personal Data relating to any third party to us, you confirm that they have appointed you to act on their behalf, you have obtained their consent to pass their personal data to us and for us to process that Personal Data in the manner and for the purposes described in this Privacy Policy.

  9. What data we do not collect

    We do not knowingly collect any Personal Data from any person under 16 years of age.

  10. Transfer of Personal Data outside of the EEA

    Although we are a business based in the UK, for the purposes of providing the Services to you, the data we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). By submitting your Personal Data, you agree to this transfer, storing and processing by us. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and our Cookie Policy.

  11. How we use Cookies

    A cookie is a small file of letters and numbers that web servers can store on your browser or the hard drive of your computer when you visit a website (unless you adjust your browser settings to refuse cookies). Cookies enable users to navigate around websites, record which areas of the website have been visited and for how long and (where appropriate) enable us to tailor the content to fit the needs of Users who have accessed the Website and/or Platform.

    Cookies contain information that is transferred to your computer’s hard drive. Our site uses cookies to distinguish you from other Users. This helps us to improve (i) our Website and/or Platform; and (ii) your user experience when you browse our Website and/or Platform. For more information about cookies, please read our Cookie Policy.

  12. Social media, blogs, reviews, and similar services

    Any social media posts or comments you make to us (e.g. on our own Facebook, LinkedIn or Twitter page) will be shared under the terms of the relevant social media platform on which they are made and could be made public by that platform. These platforms are controlled by other organisations and so we are not responsible for this sharing. You should review the terms and conditions and privacy policies of the social media platforms you use to ensure you understand how they will use your information, what information relating to you they will place in the public domain and how you can stop them from doing so if you are unhappy about it.

    Any blog, review or other posts or comments you make about us, our products and our Services on any of our blog, review or user community services will be shared with all other members of that service and the public at large.

    You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.

  13. Security of communications

    1. Passwords and log-in details:
      1. Where we have given you a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. Please do not share this password with anyone else.
      2. If you ever receive a communication from us that you are concerned may be from a third-party impersonating one of our staff, please contact us immediately. If you are ever concerned that the person calling may not be from us, you can always ask to call us back on the telephone number available here.
      3. We will never ask for your client number or password.
    2. Security measures:
      1. We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, offices and stores as much as possible.
      2. In particular, our Information Security policy set is aligned to ISO27001 which is an internationally recognised security standard.
      3. We also use secure means to communicate with you where appropriate, such as "https" and other security and encryption protocols.
      4. The transmission of information via the internet may not be completely secure. Although we do our best to protect your Personal Data, unfortunately, no data transmission is guaranteed to be 100% secure. We cannot guarantee the security of your data transmitted to our Website and/or Platform. You are responsible to keep secret and safe your username and password. Once we have received your information, we will use strict procedures and security features to reasonably prevent unauthorised access.

    If you believe your privacy rights have been breached, please contact us at SME Capital, 8th Floor, 1 Knightsbridge Green, London, SW1X 7NE.

  14. Monitoring

    For quality control, training, security and regulatory purposes, we may monitor and/or record your communications with us.

  15. Updates to this Privacy Policy

    We review our use of your information regularly. In doing so, we may change what we collect, how we keep it and what we will do with it. As a result, we will need to change this Privacy Policy from time to time to keep.Any changes we may make to this Privacy Policy in the future will be posted on our Website, and where appropriate, we shall notify you by e-mail.

  16. About us

    SME Platform Ltd. is registered in England and Wales with company number 9321861 and our registered address is 1 Knightsbridge Green, London, SW1X 7NE. Our data protection registration number is ZA095186.

  17. Contact us

    If you have questions, comments, requests or want any further information about our use of your information, our Website and/or Platform or this Privacy Policy, please contact us at SME Capital, 8th Floor, 1 Knightsbridge Green, London, SW1X 7NE so we have a chance to address your concerns.

    If we fail to address your concerns in a manner satisfactorily to you, you also have the right to contact or complain to the Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk.

Last revision date: March 2019