We think it is important that you know what information we collect about you and how we use it.
This policy sets out full details of the information we collect about you and how we use it. Please read this policy carefully. By using our Website, contacting us by telephone, by emailing us or otherwise providing information to us (for example through our social media), you agree to its terms.
We’ve included some links to other websites in this policy. Please note that these websites are controlled by other people, not us, and we are not responsible for them.
Data Controller - an individual, company or other organisation who determines how and for what purpose Personal Data is processed. We act as a Data Controller when processing Personal Data relating to our customers;
Data Processor - any person or organisation which processes Personal Data on behalf of a Data Controller (except for an employee of the Data Controller);
Data Subject - a person who is the subject of Personal Data. If you are one of our customers, you are a Data Subject and we are responsible for processing your Personal Data;
EEA - European Economic Area
Personal Data - data which relates to a living person, who can be identified from the contents of that data, or from that data when it is combined with information which is in or is likely to come into the possession of the Data Controller, and includes any expression of opinion about the individual and any indication of the intentions of the Data Controller or any other person in respect of the individual;
Platform - the Website on which our Services are available;
Services - the services we provide to borrowers and lenders via the Platform;
Website - our website that appears at www.smecapital.com; and
“we”, “us”, “our”, - SME Platform Ltd (t/a SME Capital).
For ease of reading these words “we”, “us”, “our”, “you” and “your” are not shown in capitals.
Your login details
If you choose to access the secure areas of our Website, which are designed for accountholders or members only, you are able to access these only with your login details. Your login details should never be shared with anyone else and we recommend that any password or PIN you set is not easily guessable, and changed frequently (at least once a month).
Because we cannot guarantee the confidentiality of information sent on the internet, you should never send your login details via email. Should you wish to contact us about your account, you should do so by e-mail or by telephone.
How we may communicate with you
Unless you have specified that you do not wish to receive such marketing communications, we may from time to time send you information regarding new products and promotions by email, post or SMS. Additionally, unless you have instructed us not to do so, we may occasionally also contact you by telephone regarding such products or promotions.
You can specify that you do not wish to receive marketing emails from us by sending an email with “END” in the subject field to firstname.lastname@example.org. If you have registered more than one email address with us, please list all your email addresses to be removed from our marketing emails in the body of the email. Please note that, while we will remove you from future marketing emails, any marketing emails already in production may still be received for a short time after you send us your request.
If you have specified that you do not wish to receive marketing emails from us, we will still send you email messages which you specifically request to receive, or which relate to the provision of the Services you currently receive from us, such important information about your account and regulatory information.
If, having specified that you do not wish to receive marketing communications from us, you then wish to do so, you should email us at email@example.com or contact Customer Services on the contact details available here.
Security of communications
If you ever receive a communication from us that you are concerned may be from a third party impersonating one of our staff, please contact us immediately. If you are ever concerned that the person calling may not be from us, you can always ask to call us back on telephone number available here.
We will never ask for your client number or password, but will ask security questions to confirm your identity before we can discuss matters relating to your account.
How we comply with the Data Protection Act
The Data Protection Act 1998 (“the Act”) regulates the processing of Personal Data. The Act seeks to protect your rights to your Personal Data by setting out, amongst other things, the conditions under which the processing of Personal Data is lawful, the rights of Data Subjects and the standards that organisations who deal with Personal Data must adopt.
What Personal Data do we collect?
We only collect information that we will genuinely use for the purposes set out in this policy.
Specifically, we collect:
- all of the information you choose to submit to us including any information provided by you to us when making an application or registering your interest for our Service along with the information you send us in emails and text messages, or interacting with use on social media platforms (such as LinkedIn, Facebook or Twitter);
- all of the information provided to us by third parties such as information provided by your employer or organisations who enable us to carry out identity checks and/or other fraud prevention services;
- information otherwise obtained in conjunction with your use of the Website, including any information that you post to your profile, a company’s profile, virtual portfolios, any alerts that you set, questions and answers that you view, widgets used and any preferences listed in your dashboard;
- technical information about the devices you use to access our Website. We may collect each device’s unique identifying code (MAC address), relevant IP address, operating system and version, web browser and version, and/or geographic location;
- information you provide to us in response to surveys or competitions;
- information you send us on email or secure message;
- information you give us when you contact via the telephone;
- information about the Services you use including on our Website, or via our telephone service, including the time and date of purchase, the Services that you use and details of any relevant payment card (such as a credit or debit card) you use;
- information that you send to us as part of our “know your client” compliance checks;
- information collected independently by online advertising networks through which we place advertisements (e.g. Google Analytics). The information we obtain varies from network to network. It often summarises the actions of lots of people, and so does not enable us to identify you individually. It relates to what you view, click on, and access through websites in their network, including the subject matter of the website you started at and where you subsequently go. It may also include their analysis of your behaviour across the wider internet and a profile of you. If you are unhappy about this happening you should look out for "settings" and "Do Not Track" options in online advertisements and in the privacy and cookies functionality on your devices and consider changing your settings to block third party cookies in particular. We do not control the information on you that such networks obtain, or the technology they use to do so; and
- the information you give us during the registration process or your use of our Services, may contain your or another person’s Personal Data. If you provide us with information about another person, you confirm that they have appointed you to act for them, they consent to you providing their Personal Data to us and any processing of their Personal Data and that you have informed them of our identity and the purpose (as set out below) for which their Personal Data will be processed (as set out in this policy).
How do we use your Personal Data
The Purposes for which we may process your Personal Data include:
- providing our Service to you;
- where you have requested a service from third-party providers, introducing you to third-party providers and sharing your Personal Data with such third-party providers, (e.g. a third party who will store your payment card details where you have opted to store those details with us) for this purpose;
- unless you have specified that you do not wish to receive marketing communications from us, marketing to you of our financial services and products, or other products of a similar or complementary nature;
- the release of your name, address, email address and telephone number to market research organisations for the purpose of confidential market research surveys carried out by post, telephone or electronically on our behalf (but only when you have told us you are happy for us to do so);
- the compliance with a request you make of us;
- verification of identity checks and bank details, including use of the services of a credit reference agency or fraud prevention agencies;
- the transfer of information to the Official Receiver or appointed insolvency practitioner(s) for the administration of your Account, if we receive notice of or are informed of your insolvency or bankruptcy, or of any insolvency proceedings/arrangements;
- enforcing or obtaining settlement of debts owed to us or in relation to investments made on your behalf, including sharing your information with any debt collection, debt tracing or other agent for these purposes;
- any use of your Personal Data to comply with legal or regulatory obligations, including disclosing Personal Data to a third party if we are required (or reasonably believe we are required) to do so by law, or if we are requested to disclose information to the Financial Conduct Authority, HM Revenue & Customs or any other regulatory or fiscal authority in any country;
- sharing with HM Revenue & Customs and/or any domestic and/or any foreign tax authority any information or documentation that you have provided to us with respect to your liability to tax in any jurisdiction (both within the UK and, if applicable, internationally) and/or in response to requests from such authorities;
- to provide you with our Website, which require a certain amount of technical information to be collected in order to work properly;
- to power security measures and related services relating to your access to our Website for example to enable us to recognise your username and password, but also reset those if you forget them;
- to gather feedback from you about our products, Website, other services and activities from time to time. We may invite you to provide this feedback on occasion, for example by emailing you to ask you if you would like to review a product you have bought or a service you have used. We may use independent research and feedback providers to do so on our behalf;
- to contact you from time to time about things you have told us you want to hear about, for example our products, news, offers, new competitions and sponsored events;
- to respond to any questions, suggestions, issues or complaints you have raised with us;
- to gather statistics about how you and other people use our Website, and what you think of our adverts, offers, news, product information, competitions, sponsored events, social media and other digital content. We then analyse these statistics to understand if these things appear interesting and meet most people’s needs, or if they should be improved, and if so, what design or other changes (e.g. around the nature and timing of communications) would be most beneficial both for our customers, and for our business;
- to carry out segmentation of our customer database, along with propensity modelling (a customer insight technique which involves analysing past observations to predict future customer behaviour) and create event triggers for specific categories of customer for marketing and servicing purposes;
- to monitor use of our Website to see if they are being abused or threatened for example by people posting inappropriate comments on our community boards or by potential hackers looking to undermine their security;
- to protect you and our business against any other potential criminal behaviour, including potential identity theft and fraud;
- to maintain administrative and statutory records about our business to enable us to understand what we have sold, how, when, where and at what price and account to the tax authorities for the related taxes that we have to pay;
- in the process of anonymising your information so that you are no longer identifiable to us; and
- to test new systems and processes as we roll them out (but generally only in anonymous form to make sure they work and will meet the high expectations we set for ourselves).
Who do we share your information with?
In order to run our business and provide you with many of our products and services, we sometimes have to pass your information to other people and businesses as set out below.
We share the information we collect with:
- all of our group companies, brands and business units that have relationships with our customers and users.
- third-party service providers where this is necessary for the purpose of continuing to provide the Service to you;
- other people and businesses who help us provide our Website, and related services to you, for example, information technology companies who design and host our Websites, and payment services companies who enable us to store details of and allow you to use payment cards with us;
- our insurers and insurance brokers where required in order for us to be able to obtain insurance against risks we face in running our business. They may retain this information for the purpose of ongoing risk assessment and insurance broking and underwriting services;
- credit reference agencies and banks and finance companies which provide anti-fraud and identity information to us. Where we do so for anti-fraud purposes, the recipient organisation may hold your information on file for the purposes of their fraud-prevention services in the future;
- our professional advisors for example our lawyers and technology consultants when they need it to provide advice to us;
- the Police, local authorities, Her Majesty’s Revenue and Customs (HMRC), the Courts and any other central or local government bodies where they request it and we may lawfully disclose it, for example for the prevention and detection of crime;
- other people who make a subject access request to us, where we are allowed to do so by law (see subject access requests below); and
- any new business partners we may have over time, for example a joint venture, reorganisation, business merger or sale affecting us.
We also may share the information we collect where we are legally obliged to do so, for example e.g. to comply with a court order.
Social media, blogs, reviews, and similar services
Any social media posts or comments you make to us (e.g. on our own LinkedIn or Twitter page) will be shared under the terms of the relevant social media platform (e.g. LinkedIn or Twitter) on which they are made and could be made public by that platform. These platforms are controlled by other organisations and so we are not responsible for this sharing. You should review the terms and conditions and privacy policies of the social media platforms you use to ensure you understand how they will use your information, what information relating to you they will place in the public domain and how you can stop them from doing so if you are unhappy about it.
Any blog, review or other posts or comments you make about us, our products and our Service on any of our blog, review or user community services will be shared with all other members of that service and the public at large.
You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.
Security of your information
Much of the information we receive is provided electronically, originating with your relevant device and then transmitted to us by your relevant telecoms network provider.
Where it is within our control, we put measures in place to ensure that whilst the data is in transmission from your device to us, this data is reasonably secure.
Once your information is received by us, we take its security very seriously.
We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, offices and stores as much as possible.
In particular, our Information Security policy set is aligned to ISO027001 which is an internationally recognised security standard.
We also use secure means to communicate with you where appropriate, such as "https" and other security and encryption protocols.
Transfer of Personal Data outside of the EEA
Although we are a business based in the UK, it may be necessary in providing the Services to you, for your Personal Data to be processed in countries outside the EEA which may not have the same data protection laws as the United Kingdom or other countries in the EEA.
Please note that information protection laws do vary from country to country. Our transfer of information to other countries could result in that information being available to government and other authorities in those countries under their laws.
By using our Service you agree to this international transfer, storing and processing.
How long we may hold Personal Data for
Personal Data will not be retained for longer than necessary for us to achieve the purpose for which we obtained that data. In addition, we are required by law to retain certain types of information for specified time periods.
We will then either securely delete it or anonymise it so that it cannot be linked back to you.
Managing your information and subject access requests
You can contact us to discuss your information at any point in time using the details provided below.
It is very important to us that all the information we hold about you remains accurate and up-to-date at all times to reduce the chances of us having a misunderstanding. We try hard to make sure this is the case at all times regardless of what information we hold about you. We need your help in doing so though. If you have any online account with us, please ensure that the information you provide to us through that account (e.g. any contact information you provide) remains accurate and up-to-date. Please review and update it regularly.
If you have reason to believe any of the information we collect on you may be inaccurate, and you cannot correct such inaccuracy yourself through your registered accounts with us, please contact us (see below for how to do this).
You have certain rights under the Act in relation to your Personal Data, known as subject access rights. These rights include, but are not limited to, the right to request a copy of the Personal Data we hold which relates to you.
To make a subject access request, please write to SME Platform Ltd. (t/a SME Capital), 4th Floor, 7 Old Park Lane, London, W1K 1QR. We may have to ask you to provide evidence of your identity, or provide more information, before we can respond to your request.
In addition to subject access, you can ask us to have one of our staff review a decision about you which has been taken automatically by computer. One common example is if we decline an order you place with us online for anti-fraud or credit check reasons. Please note that these decisions can come about due to policy decisions taken by banks, card and payment processing companies, and credit reference agencies who separately hold information about you and to resolve them you may have to speak to them directly.
We reserve the right to charge you a small administration fee to meet our costs in honouring your legal rights, where permitted by the relevant law.
We reserve the right not to comply with any requests we receive where we may lawfully do so, for example if we reasonably believe a request to be malicious, technically very onerous, to involve disproportionate effort or harmful to the rights of others.
If you have any complaints about our use of your information, please contact us. We will do our very best to resolve any complaint to your satisfaction. You have a right to complain to the UK Information Commissioner’s Office (or “ICO”). Please see the section “Where to go if you want more information about your privacy rights” for further details.
For quality control, training, security and regulatory purposes, we may monitor and/or record your communications with us.
We review our use of your information regularly. In doing so, we may change what we collect, how we keep it and what we will do with it.
As a result, we will need to change this policy from time to time to keep it accurate and up to date.
If we change this policy, we will endeavour to tell you about it. That way you can check to see if you are happy with our policy, before proceeding any further. Please look out for notices from us.
If, following any changes, you continue to use our Website, contact us by telephone or otherwise provide information to us (for example through our stores or social media) we will take it that you agree to those changes.
SME Platform Limited is registered in England and Wales with company number 9321861 and our registered address is 4th Floor, 7 Old Park Lane, London, W1K 1QR.
Our data protection registration number is ZA095186.
Where to get further information about your privacy rights
The ICO regulates data protection and privacy matters in the UK.
They make a lot of information available to consumers on their website.
They make the registered details of all data controllers like us available publicly. You can access them here.
You can make a complaint to the ICO about our use of your information at any time. As mentioned above, please consider raising any issue or complaint you have with us first though. Your satisfaction is very important to us, and we strive to solve all problems and complaints wherever possible.
If you want any further information about our use of your information, our Website or have any other privacy questions relating to us, we’d be happy to help you.
Our contact details are set out here.
Last revision date: February 2017