Buyline Ltd. (“Buyline”) is committed to protecting your information when you use our services, obtain our products, or otherwise interact with us.
Buyline collects, processes, and stores personal data about you and, in certain circumstances, your business. When we do so we are required to comply with data protection legislation.
For the purposes of the Data Protection Act 2018, Buyline Ltd is the data controller. Our registered and trading address is: B12 Elmbridge Court, Cheltenham Road East, Gloucester, Gloucestershire, GL3 1JZ.
The information in this privacy notice applies to personal information we collect:
This privacy information notice explains:
When we use “we” or “us” in this notice we mean us or anyone acting on our behalf. When we use “you”, we mean the customer or applicant acting on their own behalf or for a business; individuals associated with our commercial clients, Business Partners (partners, retailers, and suppliers); registered shareholders and indirect or beneficial shareholders. By ‘your information’ we mean any information about you that you or third parties provide to us.
This privacy notice was last updated on 24 August 2021.
We encourage you to review this page regularly for the latest information on our privacy practices. If we make material changes, we will notify you by updating our website together with any other methods as may be appropriate.
Information you provide voluntarily to us:
You may give us your personal information when you:
Telephone calls to and from our office are recorded for monitoring and training purposes and to store customer feedback and information.
Information we collect automatically:
Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used to make websites work or work more efficiently and to provide information to website owners.
We, or the companies which work on our behalf, use cookies to improve your experience while you navigate through the website. Necessary cookies are stored on your browser as they are essential for the basic functionality of our website to work. We also use third party cookies, for example, to help us to analyse and understand how you use our website, but these are only stored on your browser with your consent. Please see our ‘Cookies’ section for more information.
Information we collect from third parties:
We also collect information from other companies, for example, to supplement the data we hold. Where this happens, we will take appropriate steps to assure ourselves that your information was collected legally.
For example, we collect information from credit reference agencies (“CRAs”) to assess your application, to trace your whereabouts and we may also verify information you’ve given us in the same way.
We collect information when you’ve agreed to be referred to us for example, from credit brokers or other intermediaries such as employment agencies or from our other Business Partners which may include those retailers or suppliers you have purchased goods or services from with a Buyline loan.
We also collect information from those working on our behalf, for example, our debt recovery partners who may share information with us in relation to the repayment of your loan(s).
We collect information about your business and its owners and proprietors when you apply as part of our affiliate scheme or if you apply to us for a business loan.
Information which is publicly available:
Your personal information may be available to us from external publicly available sources, for example, public registers such as the insolvency register, Companies House, and press reports. Depending on your privacy settings for social media services, we may also access information from those platforms.
We may collect, store, and / or use the following types of information:
Where you supply us with information on behalf of another individual, for example, if you make an application on behalf of another individual or a joint or guarantor application or an application on behalf of a business then this privacy notice will also apply to those individuals. By providing their information to us you confirm that you have told them their details will be shared with us and you have drawn their attention to this privacy notice.
Where we process card payments, we do so in compliance with The Payment Card Industry Data Security Standard (“PCI DSS”), which is a set of requirements intended to ensure that all companies that process, store or transmit card information maintain a secure environment and protect against payment card fraud.
Job applicants
We may also collect, store, and / or process the following additional types of information about you:
If you are unsuccessful in obtaining employment, we may seek your consent to retaining your data for longer than our usual retention periods in case other suitable job vacancies arise in the Company for which we think you may wish to apply. You are free to withhold your consent to this and there will be no consequences for withholding consent.
The information we collect and receive for many purposes, including to:
The legal grounds we rely on to process your information
We rely on the following legal grounds:
When we rely on our legitimate interests, these are usually for:
Special category data
Where we process information that is particularly sensitive (“special category data”), such as health data, we process that information on the basis that you have provided explicit consent for us to do so or on the basis that processing is necessary in the establishment, exercise, or defence of legal claims.
We process personal data related to health:
We, or individuals and companies working on our behalf, share your information as follows:
Data processors
To fulfil contracts and to pursue our legitimate interests, we may share your information with third parties who provide services to us. This includes, for example:
We do not authorise these companies to use or disclose your personal information except for the purpose of providing the service. Buyline is based in the United Kingdom (“UK”), but some data processors may be based outside of the UK. See the ‘Sending information outside of the United Kingdom (“UK”)’ for more information.
We will not share your data with third parties, other than recruitment agencies as necessary, unless your application for employment is successful and we make you an offer of employment. We may then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks and the Disclosure and Barring Service to obtain necessary criminal records checks.
Credit reference agencies
These agencies may create a record of the name and address of your business and its proprietors if there is not one already. They will add to their record about your business, details of our search and your application, whether your application proceeds or not, and this will be seen by other organisations that make searches. This and other information about your business and those with whom you are linked financially may be used to make credit decisions about your business, verify your identity or that of your directors / partners / owners / shareholders and undertake checks for the prevention and detection of financial crime such as fraud and money laundering. The credit reference agencies supply to us both public (including electoral register) and shared credit information. If you are a director or owner, including beneficial owners, of the business, we will seek confirmation, from credit reference agencies, that the residential address that you provide is correct. We may use credit scoring or other automated decision-making systems.
If you give us false or inaccurate information or we identify fraud, we may record this with fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may access and use information recorded by fraud prevention agencies in other countries. We may also report other financial crime to the relevant law enforcement agencies or Government bodies.
To process your application, we may perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). We may also verify some of the information you gave to us when you applied, for example your income and credit commitments.
We will also share information with CRAs while you have a relationship with us, for example, how you manage your loan account(s) with us. We will inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, we will notify CRAs, and they will record any adverse payment markers (such as late or missed payments or default) and the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you give us false or inaccurate information or we identify fraud, we may record this with fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may access and use information recorded by fraud prevention agencies in other countries. We may also report other financial crime to the relevant law enforcement agencies or Government bodies.
We may, before entering into any Agreement with you / your business, search records at CRAs which may be linked to your spouse / partner / other persons with whom you are linked financially. For the purposes of any application or our Agreement you may be treated as financially linked, and you will be assessed with reference to “associated records” so you must be sure that you have the agreement of your associate to disclose information about them.
Where any search or application is completed, or agreement entered involving joint parties, including any guarantor(s), you all consent to our recording details at CRAs when you apply for, or enter, an Agreement with us. As a result, an “association” will be created that will link your financial records and your associates’ information may be taken into account when a future search is made by us or another lender unless you file a “disassociation” at the CRA.
If you require more information about how the CRAs use your personal data, please look here:
https://www.transunion.co.uk/crain
Please telephone us on 03330 230 134 if you want to have details of the credit reference agencies from whom we obtain, and to whom we pass, information about you.
Corporate transactions
We may share information with third parties involved in any reorganisation, restructuring, merger or sale, or other transferring of assets (including assigning any of our rights or obligations under any Agreement we may have with you), provided the receiving party gives appropriate assurances of compliance with the general data protection regulation.
Other third parties
We may share information with individuals or companies you have instructed to act on your behalf, for example, debt management companies; debt advisers and debt advice organisations; family and friends.
We may also disclose your information to regulators such as the Financial Conduct Authority (“FCA”) and Information Commissioner’s Office (“ICO”); law enforcement agencies and courts and tribunals where we have a legal obligation to do so or where we believe compliance with the request to be fair, reasonable, and lawful, for example, to prevent or investigate security breaches, fraud and other crimes.
We will also disclose information:
You have the following rights in relation to the personal data we hold about you. To help us to respond efficiently to your request, we may ask you to verify your identity. You can exercise your rights by emailing us at hello@buyline.co.uk or by writing to us at the address at the top of this page.
It is normally free to exercise your rights. However, in some circumstances we may charge a reasonable fee, for example, if your request is manifestly unfounded or excessive or repetitive. We will tell you if this is the case.
We may refuse to act on your request to exercise a right. Where we do so we will explain why and tell you about any further rights you may have.
We will do our best to respond to you as quickly as possible and within one month of the receipt of your written request. If we need longer to respond, for example, due to the complexity of your request, we will tell when you can expect to hear from us.
You may only exercise these rights as, or on behalf of, an individual. Therefore, these rights do not apply to companies or other legal entities. However, you may exercise your rights as an individual employee or sole trader or if you are a partner of a partnership.
Right of Access
You can ask us to confirm whether we hold and are using your personal data. You can also ask to get a copy of your personal data from us and for information on how we process it.
We may need to verify your identity to provide information to you and, if a third party is acting on your behalf, we may need to check you have given your consent to us disclosing this information to them.
Sometimes, we may release the information to you directly rather than your third party to give you the opportunity to choose what information you may share with them.
Right of Rectification
We want to make sure that your personal information is up to date and accurate. Please always let us know if you think it is not and needs updating. You can contact us by emailing us at hello@buyline.co.uk or by telephoning us on 03330 230 134 or by writing to us at the address at the top of this page.
We may need to verify the accuracy of any information you provide.
Right to Restrict Processing
You can ask us to pause processing your information in certain circumstances, for example, when you are disputing its accuracy.
Right to Object / Withdrawal of Consent
You can object to any use of your personal data in the following situations:
Please be aware that you do not have a right to object to our processing your data where we are doing so to enter a contract with you or when exercising our rights and obligations under our Agreement or contract with you.
Right of Erasure
In some circumstances you may have a right to erasure (to be “forgotten”).
If there are legitimate grounds for us to continue processing your information or if the processing is for the establishment, exercise, or defence of legal claims or to comply with a legal obligation then we may not be able to comply with your request.
Right to Portability
You can ask us to transfer your data electronically to you or another organisation in certain circumstances. You may only exercise this right where we use your personal data to perform a contract with you, or where we asked for your consent to use your personal data. This right does not apply to any personal data which we hold or process outside automated means.
Finding out more about your rights
You can find out more information at: https://ico.org.uk/your-data-matters
Please be aware that you are under no obligation to provide us with your personal information. However, failure to do so may prevent us from being able to provide you with products and services or to communicate with you.
We may also use automated means to make decisions about you related to:
We may make automated decisions about you where such decisions are necessary for entering into a contract, where such decisions are required or authorised by law (for example, for fraud prevention purposes) or where it is a reasonable way of complying with regulation.
You can contact us to request an automated decision be reviewed by a human being.
We will only keep information about you for as long as we need to fulfil the purposes for which we are processing your information. After that we will either delete or anonymise your data.
The criteria we use to determine how long to retain data includes:
We take security of your information seriously and maintain appropriate safeguards to prevent the information you have provided from being accidentally lost, used, or accessed in an unauthorised way.
However, since the internet is not a 100% secure environment, we cannot ensure or warrant the security of any information you transmit to us. We have controls and processes to minimise the risk of a data breach occurring. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you’ve previously indicated to us that you’d like to hear about the products and services of our group, or other carefully selected companies, we or they may contact you by post, telephone, email, direct message or SMS. You can change your preferences / unsubscribe at any time – just utilise the unsubscribe option if available or send us an email to hello@buyline.co.uk. We’ll action your request as soon as we reasonably can.
Although we do not routinely transfer personal information outside the UK, we may need to transfer your personal data to one of our suppliers (“data processors”) who are based outside of the UK. We will take appropriate steps to ensure that your data is protected.
Please also see our ‘Sharing your information’ section for more information on who we share information with.
It is your responsibility to provide us with honest, accurate and up to date information both when you apply for a loan / account / Agreement with us and during our relationship with you.
If false or inaccurate information is provided to us and fraud is identified, details may be passed to fraud prevention agencies, or other law enforcement agencies. Further details explaining how the information held by fraud prevention agencies may be used can be found in the credit agreement we will provide you with prior to your applying for a loan with us or in your supplier or introducer agreement if you have been approved as an affiliate (“Buyline Business Partner”). We may also report other financial crime to the relevant law enforcement agencies or Government bodies.
You are responsible for maintaining the secrecy of your account information, and for always controlling access to your email communications and any unique passwords. There are some simple steps that you can take to keep your information secure; https://getsafeonline.org provides practical advice on how to protect yourself, your computers and mobile devices against fraud, identity theft, viruses and many other problems encountered online.
Cookies are small text files that are placed on your computer or mobile device by websites that you visit. They are widely used to make websites work or work more efficiently and to provide information to website owners.
We, or the companies which work on our behalf, use cookies to improve your experience while you navigate through the website. Necessary cookies are stored on your browser as they are essential for the basic functionality of our website to work. We also use third party cookies, for example, to help us to analyse and understand how you use our website, but these are only stored on your browser with your consent.
When you first visit our website, you will be notified that we place necessary cookies on your browser and to seek your consent to third party cookies. Information about the cookies we use is provided so you can make an informed decision when giving your consent.
If you wish to change your consent at any time or want more information about our cookies you can access your preferences and cookie information by clicking the ‘Manage Consent’ button at the top of this Privacy page.
Alternatively, you can control cookies through your browser settings. For more information on cookies, you can visit www.aboutcookies.org or www.allaboutcookies.org.
Our site may contain links to other websites. The information contained within this notice does not cover those links. You should read the privacy notices on the other websites you visit or contact those companies for information on how they collect and use your information.
Those under the age of 18 are not eligible for our services.
If you have a question, complaint, or query with regards to how we use your information, please contact us and we will do our best to resolve it as soon as possible. If it is a complaint concerning your data security and we have failed to deal with it to your satisfaction, you can lodge a complaint with the Information Commissioner’s Officer (ICO) or other relevant supervisory authority. You can complain to the ICO at https://ico.org.uk/global/contact-us/