Our Privacy Policy

This Privacy Policy applies to personal data that is held and processed by the Reward Finance Group (“Reward”).

References to the Reward Group in this Privacy Notice is to each of the companies listed below. All of these companies are registered with the Information Commissioner’s Office with the ICO registration numbers given below. You will also note our registration numbers at Companies House:

(a)         Reward Capital Limited ICO registration number ZA104349 and company registration number 09432492;

(b)         Reward Invoice Finance Limited ICO registration number ZA104340 and company registration number 09432479;

(c)          Reward Capital (A) Limited ICO registration number ZB542173 and company registration number 13558424

(d)         Reward Invoice Finance (A) Limited ICO registration number ZB542175 and company registration number 13558429

(e)         Reward Finance Group Limited ICO registration number ZB540835 and company registration number 7385919

(f)          Reward SPV1 Ltd ICO registration number ZB542237 and company registration number 12373901

(g)         Reward SPV2 Ltd ICO registration number ZB542241 and company registration number 12518501

(h)         Reward Asset Finance Ltd ICO registration number ZB664453 and company registration number 13919550

All of the Reward Group companies have their registered office at 12 King Street, Leeds, LS1 2HL.

Reward Finance Group Limited (“Reward”) takes the utmost care in its processing of personal data. This notice applies to clients of Reward, prospective clients of Reward (being individuals with whom Reward is actively engaging with the intention that they become customers), clients of Reward (including those who provide personal guarantees), contacts of Reward (being individuals with whom Reward may promote Reward products), introducers to Reward, suppliers to Reward and individuals who visit our website at https://www.rewardfinancegroup.com/ (“Website”). By visiting the Website, you are accepting and consenting to the practices described in this privacy policy. If you do not consent, please do not submit any personal data to us.

When we process your personal data we are required to comply with the Data Protection Act 2018 and the General Data Protection Regulation 2016 and associated laws (“Data Protection Laws”).

Your personal data includes all the information we hold that identifies you or is about you, including but not limited to information you give us by completing enquiry forms on the Website or by corresponding with us by phone, email or otherwise. The information you give us may include your name, email address, postal address, date of birth, location data and in some cases opinions that we document about you.

Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it. We are therefore required to comply with the Data Protection Laws to make sure that your information is properly protected and used appropriately.

This notice provides information about the personal data we process about you, why we process it and how we process it.

Our responsibilities

Reward is the data controller of the personal data you provide. We have appointed Tim Stafford as our privacy officer and he will have day to day responsibility for ensuring we comply with the Data Protection Laws and dealing with any requests we receive from individuals exercising their rights under the Data Protection Laws.

Your responsibilities

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Why do we process your personal data and what personal data is involved?

Exactly what personal data we process, and why we process it, will depend upon the relationship you have with Reward.

We may need personal data from you to be able to enter into a contract with you and provide you with all the information you need. If we do not receive that personal data from you, we may be unable to fulfil our obligations to you.

1. Our clients

We hold and process data about our business customers, being directors, persons with significant control, partners and / or sole traders. In this regard we hold data relating to those individuals.

The personal data that we process in relation to these people depends upon the nature of the relationship and what we will do, or propose to do, for these individuals and their business.

For those to whom we provide finance client management this may comprise:

Names; business email addresses; home addresses; addresses of land owned as assets; credit reports; anti-money laundering reports; insurance details; bank statements and management accounts.

For those to whom we provide invoice finance client management this may comprise:

Names; business email addresses; personal email addresses; dates of birth; copies of certified identification documents (passports, driving licences, utility bills); home addresses; details of assets and liabilities; addresses of land owned as assets; mortgage statements; EPC; gas and electrical safety certificates; insurance details; director searches; credit reports; bankruptcy search results; business and personal bank statements.

It is necessary for us to process the data obtained for the purpose of a contract with these business customers, or in anticipation that we may enter into a contract with these customers.

We hold and process this data even if the transaction does not proceed.

Once a contract has been fulfilled with a business customer, or once the account ends or becomes inactive, we will retain some of the data as we consider it necessary to do so in our legitimate interests but also in the legitimate interests of the former customer in order to assist in future business relationships with them and facilitate those relationships. maintain contact, advise them of new products, special offers and events. This is set out in further detail below.

In each case, it should be recognised that some of the above may not comprise personal data under a strict interpretation of the Legislation but nevertheless as a matter of good conduct we will apply to this data in terms of security and processing.

2. Individuals providing security

We hold and process data about individuals who are the owners of businesses (whether directors, shareholders, partners) who provide security for finance provided to and on behalf of their business.

This data may comprise: names; email addresses; personal addresses; telephone contact numbers; dates of birth; copies of certified identification documents (passports, driving licences, utility bills); home addresses; details of assets and liabilities; addresses of land owned as assets; mortgage statements; EPC; gas and electrical safety certificates; insurance details; director searches; credit reports; bankruptcy search results; business and personal bank statements.

It is necessary for us to hold this data as it is in the legitimate interests of our business, the businesses to whom we provide finance, and also the individuals themselves. We process this data for the purposes of the security provided and if necessary to enforce our rights.

Once a contract has been fulfilled with the business, a loan has been repaid in full, or once the account ends or becomes inactive, we will retain some of the data as we consider it necessary to do so in our legitimate interests but also in the legitimate interests of the former customer in order to assist in future business relationships with them and facilitate those relationships. maintain contact, advise them of new products, special offers and events. This is set out in further detail below.

In each case, it should be recognised that some of the above may not comprise personal data under a strict interpretation of the Legislation but nevertheless as a matter of good conduct we will apply to this data in terms of security and processing.

3. Third parties

We hold data of other companies, businesses, organisations or associations who supply goods and / or services to us or with whom we have a professional relationship or potentially common interest. This includes promotion of our business and developing our services and evaluating our performance.

The data we process in relation to such third parties comprises business / organisation names, contact names, addresses, email addresses, telephone numbers and (where we obtain goods and / or services), details of orders placed, values, and quotations.

We process this data as we consider it necessary in our legitimate interests to enhance and preserve such relationships.

As we hold this data on the basis of our legitimate interests, you can opt out of this at any time by emailing is at privacy@rewardcf.com

4. Visitors to our website

When you visit or use the website, we process information by way of the use of analytics to collect information about you by way of cookies. For more information about the cookies we use and how long the data taken will be retained for by us please see our Cookie Policy which can be found on our website.

We believe it is necessary for these cookies to use your data on the lawful basis that it is in the legitimate interests of our business for the purpose that we need to use these cookies to monitor use of our website, track the use of our website, to keep our website updated and relevant, to develop our business, to inform our marketing strategy and to improve and develop website performance. It is also necessary for us to use these cookies to enhance and assist a visitor’s experience when using our website.

We will only use the cookies for these purposes.

Our website uses cookies to distinguish you from other users of the Website. for detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.

Who will receive your personal data?

We only transfer your personal data to the extent we need to. Recipients of your personal data include:

  • group companies of Reward where this is necessary for ordinary entry and management of contracts;
  • legal and financial advisors in relation to our entry and management of any contract we have with you;
  • professional organisations that provide services relating to the provision of our services, for example valuation specialists and surveyors;
  • credit reference organisations in relation to any credit reference, customer identification or anti-money laundering checks;
  • third party providers of network services, for example email distribution systems and data centre providers;
  • the data taken by cookies on our website will also be shared with our website provider / host.

We share your personal data with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006. This may involve transferring your data outside the European

Economic Area (EEA). We ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data.

How long will we keep your personal data?

We will retain your personal data for 7 years. We retain your information for this period in case any issues arise or in case you have any queries. Your information will be kept securely at all times. Following the end of the 7 year period, your files and personal data we hold about you will be permanently deleted or destroyed. If we are required to obtain your consent to send you marketing communications, any information we use for this purpose will be kept until you withdraw your consent, unless we have other legitimate reasons to retain the data.

However, we may retain some basic contact data indefinitely where it is held in our legitimate interests for marketing or business development purposes. We do not consider that doing so affects the fundamental rights and freedoms of those to whom this personal data relates.

Cookies

Our website uses cookies to distinguish you from other users of the Website. for detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.

What are your rights?

You benefit from a number of rights in respect of the personal data we hold about you. We have summarised your rights below, and more information is available from the Information Commissioner’s Office website (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/). These rights apply for the period in which we process your data.

Access to your data

You have the right to ask us to confirm that we process your personal data, as well as access to / copies of your personal data. You can also ask us to provide a range of information, although most of that information corresponds to the information set out in this notice.

We will provide the information free of charge unless your request is manifestly unfounded or excessive or repetitive, in which case we are entitled to charge a reasonable fee.

We will provide the information you request as soon as possible and in any event within one month of receiving your request. If we need more information to comply with your request, we’ll let you know.

Rectification of your data

If you believe personal data we hold about you is inaccurate or incomplete, you can ask us to rectify that information. We will comply with your request within one month of receiving it, unless we don’t feel it’s appropriate in which case we’ll let you know why. We’ll also let you know if we need more time to comply with your request.

Right to be forgotten

In some circumstances, you have the right to ask us to delete personal data we hold about you. This right is available to you:

  • where we no longer need your personal data for the purpose for which we collected it;
  • where we have collected your personal data on the grounds of consent and you withdraw that consent;
  • where you object to the processing and we don’t have any overriding legitimate interests to continue processing the data;
  • where we have unlawfully processed your personal data (i.e. we have failed to comply with GDPR); and
  • where the personal data has to be deleted to comply with a legal obligation.

There are certain scenarios in which we are entitled to refuse to comply with a request. If any of those apply, we’ll let you know.

Right to restrict processing

In some circumstances you are entitled to ask us to suppress processing of your personal data. This means we will stop actively processing your personal data but we don’t have to delete it. This right is available to you:

  • if you believe the personal data we hold isn’t accurate – we’ll cease processing it until we can verify its accuracy;
  • if you have objected to us processing the data – we’ll cease processing it until we have determined whether our legitimate interests override your objection;
  • if the processing is unlawful; or
  • if we no longer need the data but you would like us to keep it because you need it to establish, exercise or defend a legal claim.

Data portability

You have the right to ask us to provide your personal data in a structured, commonly used and machine-readable format so that you are able to transmit the personal data to another data controller. This right only applies to personal data you provide to us:

  • where processing is based on your consent or for performance of a contract (i.e. the right does not apply if we process your personal data on the grounds of legitimate interests); and
  • where we carry out the processing by automated means.

We’ll respond to your request as soon as possible and in any event within one month from the date we receive it. If we need more time, we’ll let you know.

Right to object

You are entitled to object to us processing your personal data:

  • if the processing is based on legitimate interests or performance of a task in the public interest or exercise of official authority;
  • for direct marketing purposes (including profiling); and/or
  • for the purposes of scientific or historical research and statistics.

In order to object, you must have grounds for doing so based on your particular situation. We will stop processing your data unless we can demonstrate that there are compelling legitimate grounds which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of legal claims.

Automated decision making

Automated decision making means making a decision solely by automated means without any human involvement. This would include, for example, an online credit reference check that makes a decision based on information you input without any human involvement. It would also include the use of an automated clocking-in system that automatically issues a warning if a person is late a certain number of times (without any input from HR, for example).

We don’t carry out any automated decision making using your personal data.

Your right to complain about our processing

If you think we have processed your personal data unlawfully or that we have not complied with GDPR, you can report your concerns to the supervisory authority in your jurisdiction. The supervisory authority in the UK is the Information Commissioner’s Office (“ICO”). You can call the ICO on 0303 123 1113 or get in touch via other means, as set out on the ICO website – https://ico.org.uk/concerns/.

Any questions?

If you have any questions or would like more information about the ways in which we process your data, please contact privacy@rewardcf.com.