Brokerage Services

What we collect

We collect personal data necessary to manage our relationship with you and to deploy our brokerage services effectively.

The types of data we collect, and process can vary, it may include:

  • Your name
  • Date of birth
  • Company name
  • Email address
  • Business telephone number: direct dial-in (DDI) and mobile
  • Job title
  • Personal Assets (if you are a sole trader, for example)

We collect this data:

  • Directly from you, for example, over a telephone or email introduction.
  • Indirectly through our interactions with you.

How we use your personal data and legal basis for processing

We process your personal data on the following legal bases for the following purposes.

Purpose Legal basis
  • To introduce you to prospective lenders who offer products that meet your needs and the needs of your business.
We have a legitimate interest in using your data for these purposes. We have carried out a Legitimate Interests Assessment (LIA) whereby we have weighed your interests and the risks posed to you against our own interests and consider that they are proportionate and appropriate.
  • To comply with any requirement of law, regulation or a professional body of which we are a member.
We do this to comply with our legal, regulatory and professional obligations.


Sharing and disclosing your personal data

We use third party processors to provide several services and business functions. Those processors will have access to your personal data for these purposes; we require all processors acting on our behalf to only process your data in accordance with instructions from us and to comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.

Your personal data may be shared with:

  • Prospective Lenders
  • Our email hosting provider (for example, when we send emails to you)

Occasionally, we may also need to disclose your personal data in the following circumstances:

  • Based on our legitimate interests, to third parties if we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • To law enforcement officials, law courts and government and regulatory authorities: (a) if we believe disclosure is required by any applicable law, regulation or legal process; or (b) to protect and defend our rights, or the rights or safety of third parties, including to defend against legal claims based on our legitimate interests.
  • In exceptional circumstances, to third parties to protect your vital interests if you fell ill or suffered an injury at one of our events or on our premises.

How long we keep your data

We only ever retain personal data for as long as is necessary for the purposes for which it was collected, and we have strict review and retention policies in place to meet these obligations. We keep personal data in accordance with our internal retention policies, which are determined in accordance with our regulatory obligations and good practice.

We retain records and documentary evidence created in the provision of our professional services for 7 years after the end of the engagement, in the absence of specific legal, regulatory or contractual requirements.


When applying for an iwoca Product

For the purposes of this notice, “iwoca” refers to IWOCA LTD (Company Number: 07798925).

iwoca is one of the prospective lenders we may connect you with. Should you decide to apply for an iwoca product, iwoca will run a personal credit check on you if you are applying on behalf of a company (or if you are a sole trader) along with any other person providing a personal guarantee.

For more information about how iwoca process your personal data, please refer to their privacy notice:


CIFAS Fair Processing Notice for the Purpose of Fraud Prevention and Detection – Full Notice

For the purposes of the following “our lenders” refers to prospective lenders we introduce you to who are CIFAS members.


  1. Our lenders will undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require them to process personal data about you.
  2. The personal data you have provided, we have collected from you, or we have received from third parties will be used by our lenders to prevent fraud and money laundering, and to verify your identity.
  3. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details and device identifiers including IP address.
  4. Our lenders and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
  5. Our lenders will process your personal data on the basis that they have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect their business and to comply with laws that apply to them. Such processing is also a contractual requirement of the services or financing you have requested.
  6. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

Consequences of processing

  1. If our lenders, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, they may refuse to provide the services or financing you have requested.
  2. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.

Data transfers

  1. Whenever fraud prevention agencies transfer your personal data outside of the United Kingdom or European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

Your rights

  1. Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
  2. For more information or to exercise your data protection rights, please contact us using the contact details above.
  3. You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data.