Privacy Policy

We may collect, store, and / or use the following types of information:

• name and contact details including postal address; telephone numbers; email addresses.
• lifestyle information such as marital status; living arrangements.
• identification information such as your date of birth; identity documents; proof of address.
• financial information for example, bank account and payment card details; salary information; payslips; credit commitments and debts; mortgage details; financial expenditure; utility bills; bank statements; credit reports; entitlement to benefits.
• employment information.
• health information.
• information about your business, its owners, shareholders, and proprietors.
• details about the product(s) and service(s) we provide to you and how you use them.
• information you provide on other individuals (for example, dependants and third parties you may have instructed to act on your behalf).
• correspondence you have had with us.
• information about your computer / mobile device; the telephone number(s) you call us from; your visits to our website.
• any other information provided, collected, or shared with us as described in the section above entitled ‘The information we collect’.

Where you supply us with information on behalf of another individual, for example, if you make an application on behalf of another individual or a joint or guarantor application or an application on behalf of a business then this privacy notice will also apply to those individuals. By providing their information to us you confirm that you have told them their details will be shared with us and you have drawn their attention to this privacy notice.

Where we process card payments, we do so in compliance with The Payment Card Industry Data Security Standard (“PCI DSS”), which is a set of requirements intended to ensure that all companies that process, store or transmit card information maintain a secure environment and protect against payment card fraud.

Job applicants

We may also collect, store, and / or process the following additional types of information about you:

• your gender.
• previous employment information.
• whether or not you have a disability for which we may need to make reasonable adjustments during the recruitment process.
• information about your current level of remuneration including benefit entitlements.
• information about your right to work in the UK.
• your CV and information contained on your CV.
• equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.

If you are unsuccessful in obtaining employment, we may seek your consent to retaining your data for longer than our usual retention periods in case other suitable job vacancies arise in the Company for which we think you may wish to apply. You are free to withhold your consent to this and there will be no consequences for withholding consent.

The information we collect and receive for many purposes, including to:

• deliver our products and services.
• engage with you to understand your situation.
• assess creditworthiness and whether you can afford our loan product(s).
• verify your identity.
• verify the accuracy of certain information you have provided to us.
• assess whether to enter an affiliate relationship with you.
• prevent criminal activity, including fraud, and money laundering.
• take payment(s) and make and manage payment(s).
• administer your account(s) and communicate with you.
• trace you if you have an outstanding loan and you have moved without informing us.
• recover money which you owe.
• respond to complaints or disputes and seek to resolve them.
• develop and enhance your online experience.
• develop and manage our products and services and test new products and services.
• better understand our customers in general.
• let you know about products and services that may be of interest to you (unless you ask us not to).
• put you in touch with other companies whose products or services may be of interest (unless you ask us not to).
• communicate with regulators and law enforcement agencies.
• administer and keep safe and secure our website and internal operations.
• decide whether to interview you for any suitable roles we may have in our company.
• make decisions about who to offer employment to and decisions about salary and other benefits.
• train our staff and measure the quality of services we provide.
• to carry out risk management.
• comply with laws and regulations applicable to us.

The legal grounds we rely on to process your information

We rely on the following legal grounds:

• to enter or carry out a credit agreement we have with you.
• to enter or carry out an affiliate agreement with you / your business.
• to enter or carry out a contract for services with you / your business.
• to enter and perform the employment contract we are party to.
• to pursue our legitimate interests (for example, to facilitate your use of our website).
• to establish, exercise or defend our legal rights.
• your consent.
• to protect your interests.
• to fulfil a legal duty.

When we rely on our legitimate interests, these are usually for:

• keeping our records up to date.
• charging for products and services.
• developing products and services.
• marketing our products and services.
• administering our website and keeping it safe and secure.
• identifying customer trends.
• generally enhancing and improving our business, products, and services.

Special category data

Where we process information that is particularly sensitive (“special category data”), such as health data, we process that information on the basis that you have provided explicit consent for us to do so or on the basis that processing is necessary in the establishment, exercise, or defence of legal claims.

We process personal data related to health:

• to assist you in finding solutions to repayment of your loan(s).
• to help you to access our products and services.
• to establish, exercise or defend our legal rights, for example, to defend ourselves against any legal claims or pursue any legal claims ourselves.
• where we have a legal or regulatory obligation to use such information, for example, where you have a disability for which we may need to make reasonable adjustments during our recruitment process or when regulators such as the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO) wish us to maintain certain records of any dealings with you.

We, or individuals and companies working on our behalf, share your information as follows:

Data processors

To fulfil contracts and to pursue our legitimate interests, we may share your information with third parties who provide services to us. This includes, for example:

• debt collection and recovery agent(s) who may collect or recover debt on our behalf.
• technology suppliers, for example, those who:
  • provide software to enable us to collect application data from consumers and businesses online which allows us to assess whether to lend to individuals or businesses or to enter relationships with affiliates.
  • provide our lending software.
  • supply cloud-based e-signature services allowing us to send, sign, track and manage our credit and affiliate agreement signature processes.
  • provide us with file hosting services such as cloud storage software to securely store our files and records.
  • provide our computer support services.
  • provide our telephony service including our call recording functionality.
• payment processors so we can collect loan repayments, advance loan payment(s) and pay those who work for us or on our behalf.
• the manufacturer or distributor of goods and services you have finances through us, if there is a complaint or dispute about the goods we have financed.
• insurer or insurers for administration and claims handling.
• broker(s) or introducer(s) of credit agreements and affiliate agreements (“Buyline Business Partners”).
• those who, from time to time, provide other services to us such our company bank account provider(s); legal advice services; human resource advisory services; regulatory compliance services to enable us to comply with our legal and regulatory obligations or for our legitimate interests.

We do not authorise these companies to use or disclose your personal information except for the purpose of providing the service. Buyline is based in the United Kingdom (“UK”), but some data processors may be based outside of the UK. See the ‘Sending information outside of the United Kingdom (“UK”)’ for more information.

Job applicants

We will not share your data with third parties, other than recruitment agencies as necessary, unless your application for employment is successful and we make you an offer of employment. We may then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.

Credit reference agencies

Information for affiliates and business loan applicants

These agencies may create a record of the name and address of your business and its proprietors if there is not one already. They will add to their record about your business, details of our search and your application, whether your application proceeds or not, and this will be seen by other organisations that make searches. This and other information about your business and those with whom you are linked financially may be used to make credit decisions about your business, verify your identity or that of your directors / partners / owners / shareholders and undertake checks for the prevention and detection of financial crime such as fraud and money laundering. The credit reference agencies supply to us both public (including electoral register) and shared credit information. If you are a director or owner, including beneficial owners, of the business, we will seek confirmation, from credit reference agencies, that the residential address that you provide is correct. We may use credit scoring or other automated decision-making systems.

If you give us false or inaccurate information or we identify fraud, we may record this with fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may access and use information recorded by fraud prevention agencies in other countries. We may also report other financial crime to the relevant law enforcement agencies or Government bodies.

Information for individuals

To process your application, we may perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). We may also verify some of the information you gave to us when you applied, for example your income and credit commitments.

We will also share information with CRAs while you have a relationship with us, for example, how you manage your loan account(s) with us. We will inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, we will notify CRAs, and they will record any adverse payment markers (such as late or missed payments or default) and the outstanding debt. This information may be supplied to other organisations by CRAs.

When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.

If you give us false or inaccurate information or we identify fraud, we may record this with fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may access and use information recorded by fraud prevention agencies in other countries. We may also report other financial crime to the relevant law enforcement agencies or Government bodies.

Information about financial associates

We may, before entering into any Agreement with you / your business, search records at CRAs which may be linked to your spouse / partner / other persons with whom you are linked financially. For the purposes of any application or our Agreement you may be treated as financially linked, and you will be assessed with reference to “associated records” so you must be sure that you have the agreement of your associate to disclose information about them.

Where any search or application is completed, or agreement entered involving joint parties, including any guarantor(s), you all consent to our recording details at CRAs when you apply for, or enter, an Agreement with us. As a result, an “association” will be created that will link your financial records and your associates’ information may be taken into account when a future search is made by us or another lender unless you file a “disassociation” at the CRA.

For further information about credit reference agencies

If you require more information about how the CRAs use your personal data, please look here:

https://www.transunion.co.uk/crain

Please telephone us on 03330 230 134 if you want to have details of the credit reference agencies from whom we obtain, and to whom we pass, information about you.

Corporate transactions

We may share information with third parties involved in any reorganisation, restructuring, merger or sale, or other transferring of assets (including assigning any of our rights or obligations under any Agreement we may have with you), provided the receiving party gives appropriate assurances of compliance with the general data protection regulation.

Other third parties

We may share information with individuals or companies you have instructed to act on your behalf, for example, debt management companies; debt advisers and debt advice organisations; family and friends.

We may also disclose your information to regulators such as the Financial Conduct Authority (“FCA”) and Information Commissioner’s Office (“ICO”); law enforcement agencies and courts and tribunals where we have a legal obligation to do so or where we believe compliance with the request to be fair, reasonable, and lawful, for example, to prevent or investigate security breaches, fraud and other crimes.

We will also disclose information:

• to establish or defend legal claims.
• to enforce our terms and conditions.
• to ensure the safety and security of our users, customers, third parties and staff.
• to protect our rights and property and those of our customers and staff.

You have the following rights in relation to the personal data we hold about you. To help us to respond efficiently to your request, we may ask you to verify your identity. You can exercise your rights by emailing us at hello@buyline.co.uk or by writing to us at the address at the top of this page.

It is normally free to exercise your rights. However, in some circumstances we may charge a reasonable fee, for example, if your request is manifestly unfounded or excessive or repetitive. We will tell you if this is the case.

We may refuse to act on your request to exercise a right. Where we do so we will explain why and tell you about any further rights you may have.

We will do our best to respond to you as quickly as possible and within one month of the receipt of your written request. If we need longer to respond, for example, due to the complexity of your request, we will tell when you can expect to hear from us.

You may only exercise these rights as, or on behalf of, an individual. Therefore, these rights do not apply to companies or other legal entities. However, you may exercise your rights as an individual employee or sole trader or if you are a partner of a partnership.

Right of Access

You can ask us to confirm whether we hold and are using your personal data. You can also ask to get a copy of your personal data from us and for information on how we process it.

We may need to verify your identity to provide information to you and, if a third party is acting on your behalf, we may need to check you have given your consent to us disclosing this information to them.

Sometimes, we may release the information to you directly rather than your third party to give you the opportunity to choose what information you may share with them.

Right of Rectification

We want to make sure that your personal information is up to date and accurate. Please always let us know if you think it is not and needs updating. You can contact us by emailing us at hello@buyline.co.uk or by telephoning us on 03330 230 134 or by writing to us at the address at the top of this page.

We may need to verify the accuracy of any information you provide.

Right to Restrict Processing

You can ask us to pause processing your information in certain circumstances, for example, when you are disputing its accuracy.

Right to Object / Withdrawal of Consent

You can object to any use of your personal data in the following situations:

• Direct marketing – you can ask us to stop processing your personal data for direct marketing purposes at any time. We will suppress your data to respect your preference.
• If the purpose for processing is for our legitimate interests, however, this is not an absolute right.

Please be aware that you do not have a right to object to our processing your data where we are doing so to enter a contract with you or when exercising our rights and obligations under our Agreement or contract with you.

Right of Erasure

In some circumstances you may have a right to erasure (to be “forgotten”).

If there are legitimate grounds for us to continue processing your information or if the processing is for the establishment, exercise, or defence of legal claims or to comply with a legal obligation then we may not be able to comply with your request.

Right to Portability

You can ask us to transfer your data electronically to you or another organisation in certain circumstances. You may only exercise this right where we use your personal data to perform a contract with you, or where we asked for your consent to use your personal data. This right does not apply to any personal data which we hold or process outside automated means.

Finding out more about your rights

You can find out more information at: https://ico.org.uk/your-data-matters

Please be aware that you are under no obligation to provide us with your personal information. However, failure to do so may prevent us from being able to provide you with products and services or to communicate with you.

We may also use automated means to make decisions about you related to:

• credit and affordability assessment checks to determine whether to accept your application for a loan (for example, to consider a range of factors such as how much income you have and outgoings and how you have kept up on payments in the past).
• credit limit decisions.
• anti-money laundering and sanction checks.
• identity and verification checks.
• fraud checks.
• screening of individuals who may be classed as ‘politically exposed’.
• determining if an account is dormant / has a nil balance and dealing with its closure.

We may make automated decisions about you where such decisions are necessary for entering into a contract, where such decisions are required or authorised by law (for example, for fraud prevention purposes) or where it is a reasonable way of complying with regulation.

You can contact us to request an automated decision be reviewed by a human being.

We will only keep information about you for as long as we need to fulfil the purposes for which we are processing your information. After that we will either delete or anonymise your data.

The criteria we use to determine how long to retain data includes:

• the type of data and the nature of our relationship with you (for example, whether you have an outstanding loan / Agreement / account with us).
• the original purpose of the processing.
• any legal or regulatory obligations (for example, to comply with Money Laundering Regulations, HMRC requirements or Financial Conduct Authority rules).
• any other legitimate interest we may have (for example, in the establishment, exercise or defence of legal claims or complaints; to assist with fraud prevention and monitoring).
• any other legitimate reason (for example, to maintain records for audit purposes or to maintain records of those who do not wish to receive marketing from us).

We take security of your information seriously and maintain appropriate safeguards to prevent the information you have provided from being accidentally lost, used, or accessed in an unauthorised way.

However, since the internet is not a 100% secure environment, we cannot ensure or warrant the security of any information you transmit to us. We have controls and processes to minimise the risk of a data breach occurring.  We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you’ve previously indicated to us that you’d like to hear about the products and services of our group, or other carefully selected companies, we or they may contact you by post, telephone, email, direct message or SMS. You can change your preferences / unsubscribe at any time – just utilise the unsubscribe option if available or send us an email to hello@buyline.co.uk.  We’ll action your request as soon as we reasonably can.

Although we do not routinely transfer personal information outside the UK, we may need to transfer your personal data to one of our suppliers (“data processors”) who are based outside of the UK. We will take appropriate steps to ensure that your data is protected.

Please also see our ‘Sharing your information’ section for more information on who we share information with. 

It is your responsibility to provide us with honest, accurate and up to date information both when you apply for a loan / account / Agreement with us and during our relationship with you.

If false or inaccurate information is provided to us and fraud is identified, details may be passed to fraud prevention agencies, or other law enforcement agencies. Further details explaining how the information held by fraud prevention agencies may be used can be found in the credit agreement we will provide you with prior to your applying for a loan with us or in your supplier or introducer agreement if you have been approved as an affiliate (“Buyline Business Partner”). We may also report other financial crime to the relevant law enforcement agencies or Government bodies.

You are responsible for maintaining the secrecy of your account information, and for always controlling access to your email communications and any unique passwords. There are some simple steps that you can take to keep your information secure; https://getsafeonline.org provides practical advice on how to protect yourself, your computers and mobile devices against fraud, identity theft, viruses and many other problems encountered online.

Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used to make websites work or work more efficiently and to provide information to website owners.

We, or the companies which work on our behalf, use cookies to improve your experience while you navigate through the website. Necessary cookies are stored on your browser as they are essential for the basic functionality of our website to work. We also use third party cookies, for example, to help us to analyse and understand how you use our website, but these are only stored on your browser with your consent.

When you first visit our website, you will be notified that we place necessary cookies on your browser and to seek your consent to third party cookies. Information about the cookies we use is provided so you can make an informed decision when giving your consent.

If you wish to change your consent at any time or want more information about our cookies you can access your preferences and cookie information by clicking the ‘Manage Consent’ button at the top of this Privacy page.

Alternatively, you can control cookies through your browser settings. For more information on cookies, you can visit  www.aboutcookies.org or www.allaboutcookies.org.

Our site may contain links to other websites. The information contained within this notice does not cover those links. You should read the privacy notices on the other websites you visit or contact those companies for information on how they collect and use your information.

Those under the age of 18 are not eligible for our services.

If you have a question, complaint, or query with regards to how we use your information, please contact us and we will do our best to resolve it as soon as possible.  If it is a complaint concerning your data security and we have failed to deal with it to your satisfaction, you can lodge a complaint with the Information Commissioner’s Officer (ICO) or other relevant supervisory authority. You can complain to the ICO at https://ico.org.uk/global/contact-us/