Privacy Policy

1. How We Collect Your Personal Data

We collect personal data from:

• You directly (e.g. applications, enquiries, forms)
• Third parties, including fraud prevention agencies
• Your use of our services, including transactions and account activity
• Technical data, such as IP address and device identifiers

2. Types of Personal Data We Collect

We may collect:

• Identity details (name, date of birth)
• Contact details (address, email, phone number)
• Financial information (income, expenditure, bank details)
• Employment details
• Residential status
• Transaction data
• Technical data (IP address, device data)
• Any other information you choose to provide

We only collect data necessary to provide our services or meet legal obligations.

3. Personal Data Collected Through This Website

When you submit an enquiry or callback request via this website, we collect:

• Full name
• Phone number
• Email address (where provided)
• Asset details and approximate value (where provided)
• Loan amount and timeline (where provided)
• Preferred contact method and time
• Your High Net Worth self-certification, including the name and date you provide
• Technical data such as IP address and user agent (for security and abuse prevention)

This information is stored in our secure database and emailed to our enquiries team in real time.

4. How We Use Your Personal Data (Legal Basis)

We process your data under the following lawful bases:

Contractual Necessity

• Assess and process applications
• Manage your account
• Collect payments

Legal Obligations

• Prevent fraud and money laundering
• Comply with applicable financial regulations, including the Financial Conduct Authority’s financial promotion rules, anti-money laundering (AML) and counter-terrorist financing (CTF) requirements, and other regulatory obligations
• Respond to legal requests

Legitimate Interests

• Improve products and services
• Customer support and administration
• Risk management and business operations

Consent (where required)

• Marketing communications
• Optional data processing, including website analytics cookies

You may withdraw consent at any time.

5. Fraud Prevention, Identity Verification and Credit Checks

We use fraud prevention agencies and identity verification services to verify identity, prevent fraud and financial crime, and meet anti-money laundering (AML) requirements. These agencies may retain your data for up to 6 years. If a fraud risk is identified, services may be refused.

Where a personal guarantee is required as part of a loan (which is rare in our standard asset-backed lending), we may use credit reference agencies to assess the guarantor’s creditworthiness. This may leave a record on the guarantor’s credit file. Personal guarantees are not part of our standard process.

6. Sharing Your Personal Data

We may share your data with:

• Group companies and affiliates
• Service providers (e.g. payment processors, IT providers, auditors)
• Regulators, law enforcement, and authorities
• Fraud prevention and identity verification agencies
• Potential buyers in the event of a business sale

All third parties are required to protect your data. We work with the following data processors to operate this website:

• Vercel Inc. (United States) — website hosting
• Supabase Inc. (database hosted in the United Kingdom) — secure storage of enquiry data
• Resend Inc. (United States) — transactional email notifications
• Google LLC (United States) — website analytics (Google Analytics 4)
• Microsoft Corporation (United States) — website analytics (Microsoft Clarity)

7. International Transfers

Your data may be transferred outside the UK. Where this happens, we ensure appropriate safeguards, including UK-approved Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA), adequacy regulations where applicable, and secure international data frameworks.

Specifically, our website hosting (Vercel), email notifications (Resend), and analytics (Google Analytics 4 and Microsoft Clarity) involve processing in the United States under SCCs / IDTA. Our enquiry database (Supabase) is hosted in the United Kingdom.

8. Data Retention

We retain personal data only as long as necessary: for the duration of your relationship with us, to meet legal and regulatory requirements, and for fraud prevention and dispute resolution. Retention periods typically align with regulatory requirements (up to 6 years or more where required).

9. Marketing Communications

We may contact you by email, SMS, phone, or post, only where you have given consent or where permitted by law. You can opt out at any time by contacting us at enquiries@safelendingco.com.

10. Your Data Protection Rights

Under UK GDPR, you have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion (in certain circumstances)
• Restrict processing
• Object to processing (including marketing)
• Data portability
• Not be subject to solely automated decisions with significant effects

We will respond to any data subject request within one month of receipt, in line with UK GDPR. You also have the right to complain to the Information Commissioner’s Office (ICO).

11. Security of Your Data

We implement appropriate technical and organisational measures to protect your data, including encryption and secure systems, access controls, and data minimisation and anonymisation where possible. However, no system is completely secure, especially when transmitting data online.

12. Special Category Data

We do not normally collect sensitive personal data (e.g. health, ethnicity, religion). If required, we will inform you clearly and obtain explicit consent where necessary.

13. Call Recording

Telephone calls may be recorded for training, compliance, and quality assurance.

14. Cookies and Similar Technologies

When you first visit this website, we ask for your consent before placing any non-essential cookies. No analytics cookies are set unless you accept. You can change or withdraw your choice at any time using the “Cookie Preferences” link in the footer of every page.

Strictly necessary (no consent required)

Analytics — only set if you accept

We use Google Analytics 4 (provided by Google) and Microsoft Clarity (provided by Microsoft) to understand how visitors use our site so we can improve it. These tools are only activated after you give consent. Google Analytics sets cookies including:

Microsoft Clarity sets cookies including:

Analytics data may be processed outside the UK, with appropriate safeguards in place (see “International Transfers” above). For more detail, see Google’s privacy notice and Microsoft’s privacy statement. If you reject analytics cookies, or withdraw consent later, these cookies are not set and analytics tracking does not run.

15. Updates to This Policy

We may update this policy from time to time. Any changes will be published on this page with a revised “Last updated” date.

16. Contact Us

If you have questions or wish to exercise your rights, contact us:

17. Complaints

If you are unhappy with how we handle your data, please contact us first. You may also complain to the Information Commissioner’s Office at ico.org.uk.