Privacy Policy banner

Privacy Policy

Contact Us

Download a PDF copy of our Privacy Policy

1. INTRODUCTION
This Privacy Policy sets out how the Propel may collect and use your personal data and contains important information about:


• the type of personal data we may collect from you;
• how we will use, store and protect your personal data;
• with whom we may share personal data; and
• your rights under relevant data protection laws.


Personal data is any information about an individual from which that person can be directly or indirectly identified. The processing of personal data includes any activity that involves the use of personal data, including collecting, recording or storing, organising, amending, retrieving, using, disclosing, erasing or destroying, or transmitting or transferring the personal data to third parties.


It is therefore important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why Propel uses your personal data. This Privacy Policy supplements the other notices and is not intended to override them.


In this Privacy Policy, any references to: “Propel”, “we” or “us” or “our” shall refer to:


• Propel Finance Plc, a company registered in Wales, Company no 04015132; and
• Propel Finance No.1 Limited, a company registered in Wales, Company no. 10003271.


The Propel website may contain links to and from other applications, plug-ins and websites of other networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services. Please check these policies before you submit any personal data to these websites or use such services.


We may need to make changes to this Privacy Policy from time to time, for example, to reflect new technologies or other developments in data protection laws. You should check our website periodically to view our most up to date Privacy Policy.


2. ABOUT US
Propel is an asset finance company offering various types of asset finance such as hire purchase, finance lease and asset refinance to UK
businesses.


In order for us to provide our services, we need to process personal data and we will be acting as a controller of your personal data when we do so. As a controller, we are responsible for the processing of your personal data in compliance with UK data protection laws: the UK GDPR and the Data Protection Act 2018 (together referred to as the “Data Protection Legislation”).


We will be acting as a controller when we collect personal data of prospective and existing customers, business contacts, candidates applying to work at Propel and website users.


The relevant Propel company acting as controller of your personal data will depend on our relationship with you. If you are unsure about who the controller of your personal data is, please contact us at any time using the contact details provided in the “Contacting Us” section below (see section 13 below).


3. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?


3.1. Overview
Personal data is any information from which you can be directly or indirectly identified and the type of personal data that we collect, will depend on your relationship with us.


Certain categories of personal data require special protection under Data Protection Legislation and are known as “special category data”. This is information relating to your health, genetic or biometric data, criminal convictions, sex life or sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. In certain circumstances, we may need to collect and process your special category data.


If you are required to provide any personal data to us which relates to other individuals, you agree that you will refer them to or provide them with this Privacy Policy and obtain any required consent in accordance with this Privacy Policy.


More information on the types of personal data that we will be likely to collect and process about you is detailed below. Please click on the dropdown below which best describes your relationship with us.

3.2. Prospective and Existing Propel Pay Customers
Propel Pay is a digital business-to-business merchant asset finance platform. This section will apply to you where you: (i) work for a Propel Pay Customer and are completing a Propel Pay application on behalf of your company (“Customer Contact”), (ii) are a director of a Propel Pay Customer. (“Director”) or (iii) are a significant shareholder of a Propel Pay Customer whose information will form part of Propel’s KYC checks (“Significant Shareholders”).


a) What personal data do we collect about you?


We collect the following personal data about Customer Contacts:
• name and contact details including email address and telephone number;
• your job title/employment details;
• information obtained through our use of cookies and similar technologies such as IP address, device identification and fraud detection data (e.g., to check whether the device you are using to contact us has been used before for fraudulent purposes). Please see our cookies policy here for more information; and


We do not process special category data about you.


We collect the following personal data about Directors:
• name and contact details including email address and telephone number;
• your position at the company;
• identity documents such as passport or driving licence;
• e-signature;
• information obtained from identity verification and fraud checks (for further information on how your data is processed for fraud prevention and the potential consequences, please see section 6);
• information obtained through our use of cookies and similar technologies such as IP address, device identification and fraud detection data (e.g., to check whether the device you are using to contact us has been used before for fraudulent purposes). Please see our cookies policy here for more information;
• information about your marketing preferences; and/or
• Special category data and criminal conviction data: If our fraud and anti-money laundering checks uncover any data relating to criminal convictions or fraud.


We will process your biometric data (face recognition and eye scanning) which is a type of special category data. Please see section 12 below for more information on how we may process your biometric data.


We collect the following personal data about Significant Shareholders:
• name; and
• information obtained from fraud, KYC, and credit checks. Including special category data and criminal conviction data: If our fraud and anti-money laundering checks uncover any data relating to criminal convictions or fraud (for further information on how your data is processed for fraud prevention and the potential consequences, please see section 6).


b) How will we collect your personal data?


Customer Contact
Your personal data will be collected:
• directly from you, for example, when you complete an application on behalf of your company for Propel Pay; make an enquiry about our services; and each time you interact or correspond with us (e.g., via email); and/or
• from the vendor partner introducing you to PropelPay.


Director
Your personal data will be collected:
• directly from you, for example, when you undergo identity verification; and/or
• from the vendor partner introducing you to Propel Pay; and/or
• from the Customer Contact at your company who submits an application for Propel Pay on behalf of your company; and/or
• from screenings conducted by the third party fraud prevention agency, Cifas; and/or

• from our third-party payment data processor Stripe (Propel use Stripe for payment, analytics, and other business services. Stripe collects transaction and personally identifying information, which it analyses and uses to operate and improve the services it provides to us, including for fraud detection. You can learn more about Stripe and read its privacy policy here; and/or
• from our third-party identity verification provider; and/or
• from publicly available sources, e.g., the electoral register and Companies House; and/or
• from credit reference agencies such as Experian (for more information, see the section 5 headed “Credit Reference Checks”).


Significant Shareholder
Your personal data will be collected:
• from publicly available sources, e.g., the electoral register and Companies House; and/or
• from credit reference agencies such as Experian (for more information, see the section 5 headed “Credit Reference Checks”); and/or
• from screenings conducted by third-party KYC / fraud prevention agencies.


c) What will we use your personal data for?


We only process personal data for the purposes described in this Privacy Policy. When doing so, Data Protection Legislation requires companies to have a “lawful basis” to collect and use personal data and we rely on one or more of the following ‘lawful bases’ when processing your personal data:
• it is necessary to comply with our legal or regulatory obligations; and/or
• it is necessary for our/third parties’ legitimate business interests and your interests and fundamental rights do not override those interests. In each case, we will always consider your interests and rights, undertaking a balancing exercise to ensure that the relevant business interest does not cause you harm or override your own interests.


We need to have a further ‘processing condition’ when we process Directors’ biometric data, and for this we will ask for your explicit written consent.

Purpose for processing 1

Purpose for processing 2

 

d) Who will we share your personal data with?


If you are a Director or a Significant Shareholder, we may share your personal data with the following:


• the Customer Contact at your company who submits an application or Propel Pay on behalf of your company; and/or
• our third party identity verification provider; and/or
• other finance providers, if the business is placed with another finance provider (“funders”) and any person to whom we intend to assign our rights under your agreement. These third parties may wish to conduct their own credit searches using your personal data in order to secure funding for your company. A list of our Third-Party Funders and their respective Data Privacy Policies can be made available upon request to [email protected]; and/or
• third parties that assist with our fraud and anti-money laundering checks such as Cifas and Experian, fraud prevention agencies and other third parties who operate and maintain fraud detection registers (for further information on how your data is processed for fraud prevention and the potential consequences, please see section 6); and/or
• credit reference agencies (“CRAs”) (for more information, see the section 5 headed “Credit Reference Checks”).


For Customer Contacts, Significant Shareholders, and Directors, we may share your personal data with the following:


• other Propel group companies; and/or
• regulators and law enforcement agencies including the police, the Financial Conduct Authority and the Prudential Regulation Authority and the UK’s Information Commissioner’s Office; and/or
• third parties that help maintain, service or process the customer transactions or accounts and products and services including companies that perform administrative, accounting, audit, funding and brokerage services to us; and/or

• selected third party service providers support the operation of our business, such as financial and document management service providers, software providers and IT and information security providers and marketing companies; and/or
• any person to whom we may assign or transfer our rights and/or obligations under our agreement with you or any third party as a result of a restructuring or re-organisation, merger, sale or acquisition; and/or
• any companies that are in the process of joining the Propel group, for example due to a merger, restructuring/re-organisation, sale of a business or business strategies or an acquisition and their legal and technical advisers in order to manage such transactions; and/or
• liquidators, arrears agents or asset inspection agents acting for Propel or a third party as appropriate.

3.3. Other Prospective and Existing Asset Finance Customers


This section will apply to you where you: (i) work for a Customer applying for or that has asset finance with Propel and you complete the application and liaise with Propel on behalf of your company (“Customer Contact”); (ii) are a director or an authorised signatory of a Propel Customer (“Authorised Signatory”); (iii) a sole trader/partnership Customer applying for or that has asset finance with Propel (“Individual Customer”); or (iv) are a significant shareholder of a Propel Pay Customer whose information will form part of Propel’s KYC checks (“Significant Shareholder”)


a) What personal data do we collect about you?


We collect the following personal data about Customer Contacts:


• name and contact details including email address and telephone number;
• your job title/employment details;
• information obtained through our use of cookies and similar technologies such as IP address, device identification and fraud detection data (e.g., to check whether the device you are using to contact us has been used before for fraudulent purposes). Please see our cookies policy here for more information; and
• information about your marketing preferences.


We do not process special category data about you.


We collect the following personal data about Authorised Signatories:


• name and contact details including email address and telephone number
• your position at the company;
• identity documents such as passport or driving licence;
• e-signature;
• information obtained from identity verification and fraud checks (for further information on how your data is processed for fraud prevention and the potential consequences, please see section 6);
• information obtained from credit checks such as credit account performance information, credit and claims history data, bankruptcy records, any county court judgments made against you and information about credit searches on you and the results of such checks (for more information, see the section 5 headed “Credit Reference Checks”);
• information obtained through our use of cookies and similar technologies such as IP address, device identification and fraud detection data (e.g., to check whether the device you are using to contact us has been used before for fraudulent purposes). Please see our cookies policy here for more information;
• information about your marketing preferences; and/or
• Special category data and criminal conviction data: If our fraud and anti-money laundering checks uncover any data relating to
criminal convictions or fraud.


We collect the following personal data about Individual Customers:


• name and contact details including email address and telephone number and address;
• your position within the company;
• details about your company;
• identity documents such as passport or driving licence;
• bank details and details of transactions carried out with us;
• e-signature;
• information obtained from identity verification and fraud checks (for further information on how your data is processed for fraud prevention and the potential consequences, please see section 6);

• information obtained from credit checks such as credit account performance information, credit and claims history data, bankruptcy records, any county court judgments made against you and information about credit searches on you and the results of such checks. (for more information, see the section 5 headed “Credit Reference Checks”);
• information obtained through our use of cookies and similar technologies such as IP address, device identification and fraud detection data (e.g., to check whether the device you are using to contact us has been used before for fraudulent purposes). Please see our cookies policy here for more information;
• information about your marketing preferences; and/or
• Special category data and criminal conviction data: If our fraud and anti-money laundering checks uncover any data relating to criminal convictions or fraud.


We collect the following personal data about Significant Shareholders:
• name; and
• information obtained from fraud, KYC, and credit checks. Including special category data and criminal conviction data: If our fraud and anti-money laundering checks uncover any data relating to criminal convictions or fraud (for further information on how your data is processed for fraud prevention and the potential consequences, please see section 6).


b) How will we collect your personal data?


Customer Contacts
Your personal data will be collected:
• directly from you, for example, when you complete an application on behalf of your company for asset finance; make an enquiry about our services; and each time you interact or correspond with us (e.g., via email); and/or
• from a corporate partner introducing you to Propel.


Authorised Signatories
Your personal data will be collected:
• directly from you, for example, when you undergo identity verification and credit checks; and/or
• from the Customer Contact at your company who submits an application or Propel Pay on behalf of your company; and/or
• from screenings conducted by the third party fraud prevention agency, Cifas (for further information on how your data is processed for fraud prevention and the potential consequences, please see section 6); and/or
• from brokers or third parties who may complete an application for asset finance on behalf of your company; and/or
• from publicly available sources, e.g., the electoral register and Companies House; and/or
• from credit reference agencies such as Experian (for more information, see the section 5 headed “Credit Reference Checks”).
 

Individual Customers
Your personal data will be collected:
• directly from you, for example, when you complete an application; make an enquiry about our services; each time you interact or correspond with us (e.g., via email); and when you undergo identity verification and credit checks; and/or
• from brokers or third parties who may complete an application for asset finance on your behalf; and/or
• from publicly available sources, e.g., the electoral register and Companies House; and/or
• from credit reference agencies such as Experian (for more information, see the section 5 headed “Credit Reference Checks”).


Significant Shareholders
Your personal data will be collected:
• from publicly available sources, e.g., the electoral register and Companies House; and/or
• from credit reference agencies such as Experian (for more information, see the section 5 headed “Credit Reference Checks”) and/or
• from screenings conducted by third-party KYC / fraud prevention agencies (for further information on how your data is processed for fraud prevention and the potential consequences, please see section 6).

 

c) What will we use your personal data for?


We only process personal data for the purposes described in this Privacy Policy. When doing so, Data Protection Legislation requires companies to have a “lawful basis” to collect and use personal data and we rely on one or more of the following ‘lawful bases’ when processing your personal data:


• it is necessary to perform our contract with you; and/or
• it is necessary to comply with our legal or regulatory obligations; and/or
• it is necessary for our/third parties’ legitimate business interests and your interests and fundamental rights do not override those interests. In each case, we will always consider your interests and rights, undertaking a balancing exercise to ensure that the relevant business interest does not cause you harm or override your own interests.


We need to have a further ‘processing condition’ when we process special category data and for our use of special category data, we will rely on one or more of the following:


• we have your explicit written consent; and/or
• we need to use your special category data to comply with or help someone else comply with a regulatory requirement relating to unlawful acts and dishonesty and there is a substantial public interest in such use; and/or
• we need to use your special category data to prevent or detect unlawful acts and this use is in the substantial public interest; and/or
• it is necessary in connection with any existing/prospective legal claims, to obtain legal advice or for the establishment, exercise or defence of legal claims.

Purpose for processing 3

Purpose for processing 4

Purpose for processing 5
d) Who will we share your personal data with?


If you are an Authorised Signatories or a Significant Shareholder, we may share your personal data with the following:
• the Customer Contact at your company who submits an application for asset finance on behalf of your company; and/or
• other finance providers, if the business is placed with another finance provider (“funders”) and any person to whom we intend to assign our rights under your agreement. These third parties may wish to conduct their own credit searches using your personal data in order to secure funding for your company. A list of our Third-Party Funders and their respective Data Privacy Policies can be made available upon request to [email protected]; and/or
• third parties that assist with our fraud and anti-money laundering checks such as Cifas and Experian, fraud prevention agencies and other third parties who operate and maintain fraud detection registers (for further information on how your data is processed for fraud prevention and the potential consequences, please see section 6); and/or
• credit reference agencies (“CRAs”) (for more information, see the section 5 headed “Credit Reference Checks”); and/or
• liquidators, arrears agents or asset inspection agents acting for Propel or a third party as appropriate.
 

If you are an Individual Customer, we may share your personal data with the following:
• brokers or third parties who may complete an application for asset finance on your behalf. Where your application has been submitted via a person or persons acting on your behalf (e.g., a supplier, broker or franchisor), we will inform them of the outcome of your application and whether we have agreed it. We may also disclose information about you and your relationship with us throughout the term of that relationship. If you do not wish us to disclose this information, please inform us in writing; and/or
• other finance providers, if the business is placed with another finance provider (“funders”) and any person to whom we intend to assign our rights under your agreement. These third parties may wish to conduct their own credit searches using your personal data in order to secure funding for your company. A list of our Third-Party Funders and their respective Data Privacy Policies can be made available upon request to [email protected] and/or
• third parties that assist with our fraud and anti-money laundering checks such as Cifas and Experian, fraud prevention agencies
and other third parties who operate and maintain fraud detection registers (for further information on how your data is processed for fraud prevention and the potential consequences, please see section 6); and/or
• credit reference agencies (“CRAs”). For more information, see the section 5 headed “Credit Reference Checks”; and/or
• liquidators, arrears agents or asset inspection agents acting for Propel or a third party as appropriate.
 

For Customer Contacts, Significant Shareholders, Directors, and Individual Customers we may share your personal data with
the following:
• other Propel group companies; and/or
• regulators and law enforcement agencies including the police, the Financial Conduct Authority and the Prudential Regulation Authority and the UK’s Information Commissioner’s Office; and/or
• third parties that help maintain, service or process the customer transactions or accounts and products and services including companies that perform administrative, accounting, audit, funding and brokerage services to us; and/or
• selected third party service providers support the operation of our business, such as financial and document management service providers, software providers and IT and information security providers and marketing companies; and/or
• any person to whom we may assign or transfer our rights and/or obligations under our agreement with you or any third party as a result of a restructuring or re-organisation, merger, sale or acquisition; and/or
• any companies that are in the process of joining the Propel group, for example due to a merger, restructuring/re-organisation, sale of a business or business strategies or an acquisition and their legal and technical advisers in order to manage such transactions; and/or
• liquidators, arrears agents or asset inspection agents acting for Propel or a third party as appropriate.

3.4. Third Party Business Contacts
This section will apply to you if you are a contact at a broker, franchisor, vendor, business partner or supplier or third party with whom we do business or who may submit an application for financing on behalf of another company.


a) What personal data do we collect about you?
• name, date of birth and gender;
• contact details, including telephone numbers and email address;
• information obtained through our use of cookies and similar technologies such as IP address, device identification and fraud detection data (e.g., to check whether the device you are using to contact us has been used before for fraudulent purposes). Please see our cookies policy here for more information;
• financial information, including bank details for payment;
• information we collect about your professional position for example job title and work industry;
• information we collect about you as a result of our onboarding, procurement or due diligence checks;
• information captured during any correspondence with you such as telephone calls or written or email correspondence;
• information collected from CCTV recordings;
• Information obtained from credit checks such as credit account performance information, credit and claims history data, bankruptcy records, any county court judgments made against you and information about credit searches on you and the results of such checks (for more information, see the section 5 headed “Credit Reference Checks”); and/or
• Special category data and criminal conviction data: If our fraud and anti-money laundering checks uncover any data relating to
criminal convictions or fraud.


b) How will we collect personal data?


• directly from you or your employer; and/or
• other Third Party Business Contacts; and/or
• from a contact at a customer you submitted an application for financing on behalf; and/or
• publicly available sources.


c) What will we use your personal data for?


We only process personal data for the purposes described in this Privacy Policy. When doing so, Data Protection Legislation requires companies to have a “lawful basis” to collect and use personal data and we rely on one or more of the following ‘lawful bases’ when processing your personal data:
• it is necessary to perform our contract with you; and/or
• it is necessary to comply with our legal or regulatory obligations; and/or
• it is necessary for legitimate business interests pursued by us or a third party and your interests and fundamental rights do not override those interests. In each case we will always consider your interests and undertake a balancing exercise to ensure that our business interest does not cause you harm or override your own interests

Purpose for processing 6

Purpose for Processing 7

d) Who will we share your personal data with?


We share data with:
• other Propel group companies; and/or
• liquidators, arrears agents or asset inspection agents acting for Propel or a third party as appropriate; and/or
• regulators, courts, and law enforcement agencies including the police, the Financial Conduct Authority and the Prudential Regulation Authority and the UK’s Information Commissioner’s Office; and/or
• Propel’s customers; and/or
• selected third party service providers support the operation of our business, such as financial and document management service providers, software providers and IT and information security providers and marketing companies; and/or
• any person to whom we may assign or transfer our rights and/or obligations under our agreement with you or any third party as a result of a restructuring or re-organisation, merger, sale or acquisition; and/or
• any companies that are in the process of joining the Propel, for example due to a merger, restructuring/re-organisation, sale of a business or business strategies or an acquisition and their legal and technical advisers in order to manage such transactions; and/or
• other Third Party Business Contacts, where appropriate.


3.5. Candidates applying to work at Propel
This section will apply to individuals applying to work at Propel. You should also show this Privacy Policy to anyone else whose details you provide to us, for example your family members, emergency contacts etc. Please note: Successful applicant’s personal data will be processed in line with Propel’s internal employee Privacy Policy.


a) What personal data do we collect about you?
• name, date of birth and gender;
• contact details, including address and address history, telephone numbers and email address;
• employment data (e.g. skills and experience, details of employment, employment history);
• identity documents (e.g., passport or driving licence);

• information relevant to the recruitment process such as your job title, information about your job role, your CV or cover letter and any other information which you have shared with us as part of the recruitment process and any notes taken from an interview with you;
• references;
• financial history, via a credit check; and
• information collected from CCTV recordings.


b) What special category data do we collect about you?


We typically process the following types of special category data:
• information about any criminal convictions (including offences and alleged offences and any court sentence or unspent criminal conviction).


c) How will we collect personal data?


• directly from you when you apply to work at Propel or during any form of communications such as face to face, written and phone correspondence or interviews during the recruitment process; and/or
• from correspondence with you on LinkedIn; and/or
• from correspondence with your former employer(s); and/or
• from recruitment talent management and employment agencies; and/or
• background check providers such as Disclosure and Barring Service.


d) What will we use your personal data for?


We only process personal data for the purposes described in this Privacy Policy. When doing so, Data Protection Legislation requires companies to have a “lawful basis” to collect and use personal data and we rely on one or more of the following ‘lawful bases’ when processing your personal data:


• it is necessary in order to take steps to enter into an employment contract with you; and/or
• it is necessary for legitimate business interests pursued by us or a third party and your interests and fundamental rights do not override those interests. In each case we will always consider your interests and undertake a balancing exercise to ensure that our business interest does not cause you harm or override your own interests.
 

We need to have a further processing condition in the event that we process your special category data. In those limited circumstances, we will rely on one or more of the following:
• the processing is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on us in connection with employment; and/or
• the processing is necessary for the establishment, exercise or defence of legal claim; and/or
• we have your explicit written consent.

Purpose for Processing 8

Purpose for Processing 9

e) Who will we share your personal data with?


• recruiters and your referees; and/or
• regulators, legal advisors and law enforcement agencies including the police and the UK’s Information Commissioner’s Office; and/or
• credit reference agencies (“CRAs”) (for more information, see the section 5 headed “Credit Reference Checks”); and/or
• disclosure and Barring Service; and/or
• selected third party service providers support the operation of our business, such as financial and document management service providers, software providers and IT and information security providers and marketing companies; and/or
• any person to whom we may assign or transfer our rights and/or obligations under our agreement with you or any third party as a result of a restructuring or re-organisation, merger, sale or acquisition; and/or
• any companies that are in the process of joining the Propel, for example due to a merger, restructuring/re-organisation, sale of a business or business strategies or an acquisition and their legal and technical advisers in order to manage such transactions.


3.6. Website Users


This section applies to website users of Propel.


a) What personal data do we collect about you?
• name and contact details, including, telephone numbers and email address; and
• information obtained through our use of cookies and similar technologies such as IP address, device identification and fraud detection data (e.g., to check whether the device you are using to contact us has been used before for fraudulent purposes). Please see our cookies policy here for more information.


b) How will we collect personal data?
• We will collect your personal data directly from you.


c) What will we use your personal data for?


We only process personal data for the purposes described in this Privacy Policy. When doing so, Data Protection Legislation requires companies to have a “lawful basis” to collect and use personal data and we rely on one or more of the following ‘lawful bases’ when processing your personal data:
• it is necessary for legitimate business interests to respond to website users’ queries on our website and to keep records of the
same; and/or
• in limited circumstances, where you have given consent, for example for marketing purposes.

Item 2

d) Who will we share your personal data with?


• selected third party service providers support the operation of our business, such as document management service providers, software providers and IT and information security providers and marketing companies; and/or
• any person to whom we may assign or transfer our rights and/or obligations under our agreement with you or any third party as a result of a restructuring or re-organisation, merger, sale or acquisition; and/or
• any companies that are in the process of joining the Propel, for example due to a merger, restructuring/re-organisation, sale of a business or business strategies or an acquisition and their legal and technical advisers in order to manage such transactions.


3.7. Guarantors and witnesses


This section applies to: i) any individuals who agree to act a guarantor for any finance agreements entered into between Propel and its customers (“Guarantors”); and ii) any witnesses to such guarantee agreements (“Witnesses”).


a) What personal data do we collect about you?
• name and contact details, including, telephone numbers and email address;
• home address;
• date of birth;
• financial information; and/or
• information obtained from credit checks such as credit account performance information, credit and claims history data, bankruptcy records, any county court judgments made against you and information about credit searches on you and the results of such checks (for more information, see the section 5 headed “Credit Reference Checks”).


b) How will we collect your personal data?


Guarantors


Your personal data will be collected:
• directly from you; and/or
• from brokers or third parties involved in the finance agreement you are guaranteeing; and/or
• from the Propel customer whose finance agreement you are guaranteeing; and/or
• from publicly available sources, e.g., the electoral register and Companies House; and/or
• from third parties that assist with our fraud and anti-money laundering checks such as Cifas, fraud prevention agencies and other third parties who operate and maintain fraud detection registers (for further information on how your data is processed for fraud prevention and the potential consequences, please see section 6); and/or
• from credit reference agencies such as Experian (for more information, see the section 5 headed “Credit Reference Checks”).


Witnesses


Your personal data will be collected:
• directly from you; and/or
• from brokers or third parties involved in the finance agreement associated to the guarantee agreement you are witnessing;

and/or
• from the Propel customer whose finance agreement is associated with the guarantee agreement you are witnessing; and/or
• from the Guarantor whose signature you are witnessing.


c) We only process personal data for the purposes described in this Privacy Policy. When doing so, Data Protection Legislation requires companies to have a “lawful basis” to collect and use personal data and we rely on one or more the following ‘lawful bases’ when processing your personal data:


• it is necessary to perform our contract with you; and/or
• it is necessary to comply with out legal or regulatory obligations; and/or
• it is necessary for our/third parties’ legitimate business interests and your interests and fundamental rights do not override those interests. In each case, we will always consider your interests and rights, undertaking a balancing exercise to ensure that the relevant business interest does not cause you harm or override your own interests.


We need to have a further ‘processing condition’ when we process special category data and for our use of Guarantors’ special category data, we will rely on one or more of the following:
• we have your explicit written consent; and/or
• we need to use your special category data to comply with or help someone else comply with a regulatory requirement relating to unlawful acts and dishonesty and there is a substantial public interest in such use; and/or
• we need to use your special category data to prevent or detect unlawful acts and this use is in the substantial public interest;
and/or
• it is necessary in connection with any existing/prospective legal claims, to obtain legal advice or for the establishment, exercise or defence of legal claims.

Item 3

Item4

d) Who will we share your personal data with?
• The customer whose asset finance agreement is connected with the guarantee agreement you have signed /witnessed; and/or
• brokers or third parties who may have completed the asset finance agreement related to the guarantee agreement you have signed / witnessed; and/or
• other finance providers, if the related asset finance agreement is placed with another finance provider (“funders”) and any person to whom we intend to assign our rights under the guarantee agreement. A list of our Third-Party Funders and their respective Data Privacy Policies can be made available upon request to [email protected]. and/or
• third parties that assist with our fraud and anti-money laundering checks such as Cifas and Experian, fraud prevention agencies and other third parties who operate and maintain fraud detection registers (for further information on how your data is processed for fraud prevention and the potential consequences, please see section 6); and/or
• credit reference agencies (“CRAs”) (for more information, see the section 5 headed “Credit Reference Checks”); and/or
• liquidators, arrears agents or asset inspection agents acting for Propel or a third party as appropriate.


4. MARKETING


4.1. From time to time, we may send you marketing about our services and products by post, telephone or electronic means (e-mail or
SMS) which may be of interest to you or your company.


4.2. You may opt-out from receiving marketing from Propel at any time by:
a) following the unsubscribe link in our marketing emails or SMS;
b) emailing us at [email protected]; and/or
c) contacting us using the contact details set out in section 13.

5. CREDIT REFERENCE CHECKS


5.1. As part of the financing applications, we may perform credit checks on you with one or more credit reference agencies (CRAs). As part of these checks, we will share certain personal data of yours with the CRAs including full name, date of birth and current address and other information you provide as part of the application.


5.2. We undertake searches with CRAs for the purposes of verifying your identity, to check that you are eligible to receive asset finance, to provide a personal guarantee for an agreement and for anti-money laundering purposes. When CRAs receive a search request from us they will place a search footprint on your credit file that may be seen by other lenders. CRAs will then match the information we provide to them with records they hold about you and provide us with publicly available information (e.g., information from the electoral register) and shared credit information regarding your financial situation and financial history. CRAs may also use your details in the future to assist other companies for verification purposes i.e., details of the searches in respect of our application will be seen by other organisations that make searches. A record of the search will be retained.


5.3. The searches may include searches against individuals to whom you may be linked such as your spouse/partner, your fellow directors or other persons with whom you are linked financially and in the event you have a guarantor for your agreement, a search will be conducted against your guarantor. In such circumstances, you will be assessed by reference to all such “associated records”.


5.4. We will continue to exchange information about you with CRAs whilst you have a relationship with us. We will also inform CRAs
about your settled accounts. Please note that if you borrow and do not repay in full or on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.


5.5. In addition, we will update your record with CRAs with details of your agreement with us, the payments you make under it, any default or failure to keep to its terms, and any change of address you fail to tell us about where a payment is overdue.


5.6. The three main CRAs in the UK (Callcredit, Equifax and Experian) have produced a Credit Reference Agency Information Notice (CRAIN) (which can be accessed here) which explains how they use and share personal data which they receive about you. In particular, please note that these CRAs may retain your personal data for a different time period than we do, so visit the CRAIN for more information.


6. PROCESSING FOR FRAUD PREVENTION AND POTENTIAL CONSEQUENCES


6.1. We have set out in section 3 that we share your data with third parties that assist with our fraud and anti-money laundering checks. This section sets out further information about the consequences of this processing and the processing that these third parties undertake as a controller of your personal data.


6.2. Consequences of processing:
a) If following these checks, Propel or a fraud prevention agency determine that you pose a fraud or money laundering risk, we may refuse to provide Propel’s services to you.
b) A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.


6.3. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.


6.4. Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.


6.5. If you have any questions, please contact us on the details provided in the Contacting Us section of this Privacy Policy.


7. DATA TRANSFERS


7.1. We may transfer your personal data outside the UK or the European Economic Area (EEA) (which are all the European Union (EU) countries plus Norway, Iceland and Liechtenstein) to countries which may not offer the same level of data protection as the UK, for example, our staff and/or third party suppliers may be located in such countries and engaged in, among other things, the processing of your payment details, provision of support services and Propel’s marketing activities.


7.2. Examples of our regular transfers include: LinkedIn and Adobe.


7.3. In the event that your personal data is transferred outside the UK and EEA, we take steps to ensure that your personal data is adequately protected and in compliance with Data Protection Legislation such as:
a) transferring your personal data to a country or jurisdiction which has been deemed ‘adequate’ by the UK government’s Secretary of State i.e., that country or jurisdiction provides an adequate level of protection to that of UK; or
b) where your data will be transferred outside of those countries, entering into specific contractual terms, with the recipient to whom we are transferring personal data to, which have been approved by the ICO and Secretary of State and which give personal data the same protection as within the UK; or

c) the recipient of personal data in the United States has self-certified with the UK Data Bridge to the EU-US Privacy Framework).


7.4. To find out more about how your personal data is protected when it is transferred outside the UK and the EEA, please contact us using the details provided in section 13.


8. HOW DO WE PROTECT YOUR INFORMATION?


8.1. We take the protection of your personal data seriously.


8.2. We will take all appropriate steps to safeguard the security and confidentiality of any information you provide to us. These steps include restricting access to your personal data to certain employees, ensuring our internal IT systems are suitably secure, and implementing procedures to deal with any suspected data breach.


8.3. All employees are made aware of the principles of our policies through their induction process and through yearly affirmations. Internal monitoring takes place to ensure compliance with our Policies. Any employee found to be in violation of this policy may be subject to disciplinary action, up to and including termination of employment.


8.4. Finally, we will ensure that, if we outsource any processes, the supplier has appropriate technical and organisational security measures in place and will contractually require them to comply with these.


9. HOW LONG DO WE RETAIN YOUR INFORMATION FOR?


9.1. We will only keep your personal data for as long as is necessary to fulfil the purposes set out in this Privacy Policy and to comply with our legal and regulatory obligations.


9.2. When determining the appropriate retention period for your personal data, we consider the nature and sensitivity of the personal data, the purposes for which we are processing the personal data, and any applicable retention periods which are determined by legislation. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed. When we determine that personal data can longer be retained, we ensure that your data is securely destroyed.


9.3. The retention period for which we keep your personal data will therefore depend on your relationship with us and the type of
personal data. For example:
a) All call recordings are deleted after a period of two years from date of call. This deletion is completed automatically through the telephony management system without any manual intervention.
b) If you are a Director, Significant Shareholder, Authorised Signatory or Customer Contact, your personal data will be deleted 7 years after:
• The expiry of the relevant credit agreement, if the agreement was entered into; or
• The date of the application, if the application was unsuccessful.


9.4. Please note that credit reference agencies and fraud prevention agencies, with whom we may share your personal data with, can
hold your personal data for different periods of time, for example:
a) Records remain on file with credit reference agencies for 6 years after they are closed, whether settled by you or defaulted; and
b) Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a
fraud or money laundering risk, your data can be held for up to 6 years.
9.5. If you have any questions in relation to the retention of your personal data, please contact us using the details provided in section 13.


10. YOUR RIGHTS


10.1. Data Protection Legislation gives you a number of the rights (as set out below) which you can exercise at any time using the contact details provided in section 13. You do not have to pay a fee to access your data (or to exercise any of the other rights).
the right to access your personal data: you are entitled to a copy of the personal data we hold about you in our records and certain details of how we use it;
the right to rectification: you can ask us to correct any information about you that may be out of date, incorrect or incomplete. If you become aware that we are holding information about you which is in any way incorrect, please let us know immediately so that we may amend it as quickly as possible. Please note we may need to verify the accuracy of the new data you provide to us;

the right to restrict processing: in certain circumstances, you have the right to ask us to stop using your personal data, for example where you think that we no longer need to use your personal data or where you think that the personal data we hold about you may be inaccurate
right to erasure: you have the right to ask us to erase your personal data in certain circumstances, for example where you withdraw your consent or where the personal data we obtained is no longer necessary for the original purpose; this right, will, however, need to be balanced against other factors (for example, we may have legal obligations which mean we cannot comply with your request but which will be notified to you, if applicable, at the time of your request);
right to data portability: you have the right, under certain circumstances, to ask that we transfer securely personal data that you have provided to us to another third party of your choice;
the right to object to marketing: you can ask us to stop sending you marketing messages at any time. You can exercise this right by clicking on the “unsubscribe” link which is contained in any email that we send to you;
the right to object to processing: where we process your personal data based on our legitimate business interests (indicated in this Privacy Policy), you can object to our processing. We will consider your objection and determine whether or not our legitimate business interests prejudice your privacy rights;
the right to withdraw consent: we may ask for your consent for certain uses of your personal data – we have indicated in this Privacy Policy where we do need your consent. You have the right to withdraw your consent at any time;
rights related to automated decision-making: you can ask us to review automated decisions we make about you and you can ask us to not hold you to a decision that’s been made solely in an automated way; and
the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection regulator: you can find out more information at the ICO’s website: https://ico.org.uk/. Please note that lodging a complaint will not affect any other legal rights or remedies that you have. We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO, and we would kindly ask you to please contact us in the first instance using the contact information in section 13.


10.2. Please note that not all of your data subject rights will be absolute; this means that there may be some circumstances where we may not be able to comply with your request (such as where this would conflict with our obligation to comply with other regulatory and/or legal requirements). However, if we cannot comply with your request, we will tell you the reason and we will always respond to any request you make.


10.3. There may also be circumstances where exercising some of these rights (such as the right to erasure, the right to restrict processing and the right to withdraw consent) will mean we can no longer provide you with our services. We will inform you of these consequences when you exercise your right.


10.4. In certain circumstances, we may need to request specific information from you to help us confirm your identity and fulfil your request; this is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to assist with our handling of your request.


11. COOKIES


For more information about the cookies we use, please see:
• Our Cookies Policy https://propelfinance.co.uk/policies/cookies/ for the setting of cookies from our Website; and
• Our Propel Pay cookie policy https://propelfinance.co.uk/propelpay-cookies or the setting of cookies on our Propel Pay website.


12. PROCESSING OF BIOMETRIC DATA


If you are a Director, entering into an agreement for a Propel Pay product, we will verify your identity using biometric data. Biometric data is data that relates to your physical, physiological or behavioural characteristics which has been gathered or analysed by technology which can be used to confirm your identity. We use facial recognition and eye scanning.


Your biometric data is collected through a mobile website sun by our service provider – IDVerse (OCR Labs Global Limited) – who verify your identity on our behalf. Your biometric data will be collected and stored by them on our behalf (but strictly in accordance with our instruction and they will not use your biometric data for any other reason).


During the course of your finance application, you will receive a text message which will include an individual link which will request you to take a photograph or video of your ID document and your face. The website will then scan both your ID document and the image or video of your face and use the biometric data to make an automated decision as to whether the document is authentic and whether the individual within the ID document is likely to be the same person as photographed or videoed so as to confirm your identity.


We use this method to prevent fraud. Your biometric data will not be used for any other purpose.


Your biometric data is retained in line with Propel’s retention policy, for more information on the retention of your personal data, please contact us using the details provided in section 13.
 

13. CONTACTING US
If you have any concerns, questions, or requests, please contact us using the details set out below.


Data Protection Team,
Propel Finance Group,
Unit 5
Langstone Business Village
Langstone
Newport
NP18 2LH
Telephone: 01633 415222
Email: [email protected]

 

V9.0 01 2025