About

About

Privacy Policy

1. Introduction and Overview

1.1 – At Blue Pay, we are dedicated to safeguarding the personal data of the small business owners and investors who use our website and services.

1.2 – In this Privacy Policy, the terms “Blue Pay”, “we”, “us”, or “our” refer to Blue Pay Ltd and its affiliates in the United Kingdom. The terms “you” or “your” refer to visitors to our website, our investors and borrowers, individuals associated with investors and borrowers (including directors, partners, members, shareholders, and beneficial owners).

1.3 – This Privacy Policy is crucial, so please read it thoroughly. It outlines and regulates:

1.3.1 – the circumstances and methods of collecting your personal data, and the type of information we gather;

1.3.2 – the purposes for which we use your personal data;

1.3.3 – the entities with whom we share your personal data;

1.3.4 – the duration for which we retain your personal data; and

1.3.5 – your rights concerning the control of your personal data.

1.4 – By  using our services, you acknowledge and agree to be bound by this Privacy Policy. If you do not agree, you must immediately stop using our website and any services we provide.

1.5 – We will update this Privacy Policy periodically to comply with applicable laws and regulations or to reflect changes in our business operations. We encourage you to review this page periodically for the latest information on our privacy practices and any amendments to our Privacy Policy. If we make significant changes that affect your rights, we will notify you.

2. How and When Do We Collect Your Information and What Do We Collect?

2.1 – When you interact with us, we may collect the following information about you through the methods of contact you use at the time of engagement:

2.1.1 – information you provide via our website and through our application and verification processes;

2.1.2 – information you provide through communication with us, whether in writing (including letters or emails) or over the phone (including recorded calls);

2.1.3 – information we obtain through your interactions with us on social media, including blogs, forums, Facebook, and Twitter; and

2.1.4 – information provided on your behalf by your representatives or agents (“Agents”) who engage with us as described above.

2.2 – Occasionally, we obtain information from external sources to help us perform our business functions. This information, which often includes personal data, may come from:

2.2.1 – credit reference agencies, fraud prevention agencies, insolvency practitioners, debt advisers, and tracing agents;

2.2.2 – commercial databases and marketing databases; and

2.2.3 – public records and other publicly accessible information sources.

2.3 – If you wish to use our platform, you will need to provide us with the following information, which we may also collect from third parties:

2.3.1 – your personal details (including name, date of birth, current and previous postal addresses, and national insurance number);

2.3.2 – your contact information (including phone and email details);

2.3.3 – (for borrowers, their representatives, and relevant investors) your business name and contact information;

2.3.4 – financial information (including bank or building society account details and details of debit cards used to make transfers on the Blue Pay website);

2.3.5 – information you provide in our registration or application processes (including, if you are a borrower, Agent, or relevant investor, certain personal data, identity verification, contact details, and financial information about directors, partners, members, shareholders, beneficial owners, and guarantors);

2.3.6 – information you provide in your dealings with us and through your interaction with our platform;

2.3.7 – if you are a borrower or a director, partner, member, shareholder, beneficial owner, or guarantor of a borrower:

2.3.7.1 – information about your business or company, such as previous credit applications and the conduct of your accounts, and similar personal credit information;

2.3.7.2 – credit reference checks (see section 6 below for more detail);

2.3.7.3 – electoral register information;

2.3.7.4 – fraud prevention information; and

2.3.7.5 – passwords and answers to security questions.

2.4 – In addition to the personal and financial information you submit or we collect as described above, we also collect information about your computer (including, where available, your IP address, operating system, and browser type), your interaction with our platform, and email performance data.

2.5 – We also collect and retain:

2.5.1 – copies of our correspondence with you as well as other data we collect relating to your activities on our platform (via our website) and your arrangements with Blue Pay;

2.5.2 – details about visitors to our website for the purposes of aggregating statistics or reporting purposes and to calculate referral fees; and

2.5.3 – comments made on blogs and discussion forums in connection with the products and services we provide.

2.6 – We generally do not seek to collect sensitive personal data (also known as ‘special categories of data’). However, we may occasionally receive sensitive personal data of borrowers, investors, or guarantors (such as medical information or criminal records).

2.7 – If you provide information about other individuals (for example, if you represent a borrower and you provide information about directors, partners, members, shareholders, or beneficial owners other than yourself), then you must:

2.7.1 – provide a copy of this Privacy Policy to those individuals and ensure that they are aware of and understand its contents; and

2.7.2 – when providing information about other people, ensure that you have all relevant permissions and authority: (i) to make all those disclosures; (ii) to act on their behalf; and (iii) in relation to partners, members, shareholders, or beneficial owners of borrowers, to allow us to conduct credit checks at credit reference agencies concerning those individuals.

3. Using Your Information

3.1 – We collect, store, and use your personal data for the following purposes:

3.1.1 – to inform you of updates and/or changes to our products and services;

3.1.2 – to develop and enhance our services, products, and business operations, including analyzing and improving our credit risk models and customer service offerings;

3.1.3 – if you are a borrower (or a director, partner, member, shareholder, beneficial owner, or guarantor of a borrower):

3.1.3.1 – to understand your borrowing needs;

3.1.3.2 – to periodically assess your eligibility for other Blue Pay products that may suit your funding needs;

3.1.3.3 – to evaluate your creditworthiness and make credit-related decisions; and

3.1.3.4 – if you miss any loan repayments, to trace your whereabouts, recover debts, enforce a loan contract or personal guarantee, and verify any payment plan you propose or income and expenditure form you submit;

3.1.4 – to facilitate money transfers;

3.1.5 – to conduct mandatory or other regulatory checks;

3.1.6 – to comply with our legal and regulatory obligations;

3.1.7 – to perform statistical analysis, market research, and testing;

3.1.8 – to contact you (including by SMS and email) with products and services that we believe may interest you (always considering your legal rights, including your right to opt-out from receiving marketing from us);

3.1.9 – for targeted advertising through digital platforms, social media, and television (which may involve profiling, data enrichment, and audience segmentation);

3.1.10 – to open accounts with us and manage and maintain those accounts;

3.1.11 – to verify your identity and other information you provide to us, including your bank account information and (if relevant) the identity of your business associates;

3.1.12 – to update the records we hold about you periodically;

3.1.13 – to provide and manage our products and services; and

3.1.14 – for the prevention and detection of fraud, money laundering, or other illegal or criminal activity.

3.2 – Where applicable, we will hold and process your sensitive personal data to make decisions about you and your accounts with us or those you are connected to. This may involve sharing your sensitive personal data with your Agents. We will only process sensitive personal data in accordance with our legal rights and obligations. If this processing is based on your consent, you will be informed at the point of collection of your right to withdraw that consent at any time and the process for doing so.

3.3 – We continually review the legal basis for using your personal data as described above. In most cases, it is in our legitimate interests to use your information in the manner described to provide you with our platform services. We consider this data processing to be proportionate and not detrimental to you. In some specific instances, the processing is necessary for the performance of a contract to which you are a party, for compliance with a legal obligation to which we are subject, or to protect your vital interests or those of other small business owners or investors. Occasionally, we rely on consent, and in those cases, we ensure that we obtain your freely-given and informed consent to use your personal data for agreed specific purposes.

3.4 – We use the information we collect about your computer for: (i) our legitimate purposes; (ii) marketing; (iii) administering the products and services we offer; and (iv) service improvement. Our Cookies Policy provides more details on these processes and explains how we respect your privacy when collecting these types of data, without attempting to bypass browser settings configured to ‘do not track’ or similar.

 

4. Sharing and disclosing your information

4.1  We may disclose your personal data to other registered members of our platform:

4.1.1 – to operate our platform and seek to match investors and borrowers;

4.1.2 – in the loan contract and personal guarantee, when investors and borrowers are matched;

4.1.3 – to provide transactional and performance information;

4.1.4 – to provide updates (including if and when there are late repayments or if and when a risk-banding has been downgraded); and

4.1.5 – if required to enforce (or make preparations to enforce) any loan contract or personal guarantee.

4.2 – In this context, investors may mean individual retail investors, corporate investors or institutional investors.

4.3 – If you, as a registered member of our platform, receive information about another registered member, then you must only use that information to communicate with us about your loan contract with that member. You acknowledge that we are not responsible for misuse of transactional or other information by other members but you must inform us promptly if you are the victim of any misuse of that information.

4.4 – We may disclose your personal data:

4.4.1 – to companies in our group and our affiliates;

4.4.2 – to our suppliers, sub-contractors and third party data processors (including card payment and direct debit payment processors, marketing and data analytics service providers, collection agents, tracing agents, insolvency practitioners, professional advisers and persons who provide us with the following services from time to time: identification and fraud check; marketing; technology; product support; and back-up and business continuity);

4.4.3 – with any third party you have asked us to share your personal data with, including social media sites if you have asked us to connect with your social media account;

4.4.4 – to credit reference and fraud prevention agencies (see sections 7 and 8 below for more information on this);

4.4.5 – to third parties who may be in a position to arrange credit for you;

4.4.6 – to a third party if it acquires all or part of our business or assets in connection with the acquisition, or to a successor in interest in the unlikely event of our insolvency, winding up or liquidation;

4.4.7 – if we are required to do so by applicable law and regulation or by any governmental, tax, regulatory body or law enforcement agency;

4.4.8 – if you are represented by an Agent, to your Agent; and

4.4.9 – to any other person with your prior consent to do so.

4.5 – Third parties who process your personal data on our behalf are only permitted to process your personal data in accordance with our instructions and we take steps to ensure that the transfer and any on-going processing by those third parties is carried out securely and in accordance with applicable privacy laws.

4.6 – Save as expressly provided above, or otherwise without your consent, we will not share your personal data with any third party.

 

5. Data Retention

We will not keep your personal data for longer than is necessary for the purposes for which it was collected and is processed and for the purposes of satisfying our legal, accounting or regulatory reporting requirements. These requirements generally permit us to retain our borrower and investor files for a period of six years after the end of the borrowing/investing relationship (i.e. the date on which we no longer provide services to you as a borrower or investor). We may retain data for longer than this in certain circumstances, for example in the event of an ongoing dispute.

 

6. Credit Reference Agencies ("CRAs")

6.1 – We periodically conduct credit reference checks on borrowers and investors (as well as on directors, partners, members, shareholders, and beneficial owners of borrowers and investors), guarantors, and Agents for the following purposes:

6.1.1 – to assess creditworthiness and product suitability during the application process;

6.1.2 – for general credit management, account management, and identity/know-your-customer (KYC) and anti-money laundering (AML) checks throughout the loan term;

6.1.3 – to trace and recover debts in case of late repayments or default; and

6.1.4 – to prevent criminal activity.

6.2 – To perform these checks, we supply your personal information to CRAs, who provide us with information about you, including your financial history. We may request the following from CRAs:

6.2.1 – An enquiry against the credit file of the business. These enquiries are not visible to other organizations when your business applies for credit in the future and are often referred to as ‘soft’ searches;

6.2.2 – A Commercial Credit Search relating to the business’s credit file, regardless of whether your loan application is successful. This type of search may be visible to other organizations when your business applies for credit in the future and is often referred to as a ‘hard’ search, which means it is visible on your credit file to other lenders;

6.2.3 – A Quotation Search against the personal credit file of the directors, partners, members, beneficial owners, and shareholders of the business. These searches are not visible to other organizations when your business or its directors, partners, members, beneficial owners, and shareholders apply for credit in the future, and are often referred to as ‘soft’ searches;

6.2.4 – A Consumer Credit Search against the personal credit file of the directors, partners, members, beneficial owners, and shareholders of the business. This type of search may be visible to other organizations when your business or its directors, partners, members, beneficial owners, and shareholders apply for credit in the future and is often referred to as a ‘hard’ search, which means it is visible on your credit file to other lenders.

6.3 – When CRAs receive a request for information from us, they may:

6.3.1 – link the previous and subsequent names advised by you of anyone that is a party to the account; and

6.3.2 – create a record of the name and address of your business and its proprietors (if one does not already exist).

6.4 – We will provide CRAs with details of all loans taken through our platform and their management. If you borrow and fail to repay in full and on time, the CRAs will record the outstanding debt and, in some cases, the duration of the outstanding debt. This information may be shared with other organizations and could affect your ability to obtain credit in the future.

6.5 – We will continue to exchange information about you with CRAs on an ongoing basis regarding your accounts and any debts not fully repaid on time. CRAs will share this information with other organizations.

6.6 – Records shared with CRAs will remain on file for six years after your account is closed, regardless of whether any outstanding sums have been settled by you or following a default. You can contact the CRAs currently operating in the UK. The information they hold may differ, so you may consider contacting them all. They will charge you a small statutory fee.

 

7. False Information and Fraud Prevention Agencies ("FPAs")

7.1 – If we suspect or detect fraud, we may document this information and share it with FPAs (such as CIFAS) and other entities involved in crime and fraud prevention, including law enforcement agencies. Both we and fraud prevention agencies may allow law enforcement to access and utilize your personal data for the purposes of detecting, investigating, and preventing criminal activity.

7.2 – The processing of your personal data by us and fraud prevention agencies is based on our legitimate interest in preventing fraud and money laundering and in verifying your identity to fulfill our legal and regulatory duties, ensuring the protection of our platform and its users. This processing is mandatory if you wish to invest or borrow through our platform.

7.3 – We and other organizations may use this information to prevent fraud, money laundering, or other criminal activities (for example, by checking details on credit applications, managing credit, and recovering debt). We also use FPAs for screening job applicants and employees.

7.4 – Fraud prevention agencies may retain your personal data for varying durations, and if you are deemed to pose a fraud or money laundering risk, your data may be kept for up to six years.

7.5 – Should we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the requested services, or we may cease to offer current services to you.

7.6 – Any record of fraud or money laundering risk will be held by fraud prevention agencies, which could lead to other entities refusing to provide services, financing, or employment to you.

7.7 – When fraud prevention agencies transfer your personal data outside the European Economic Area, they enforce contractual obligations on the recipients to protect your personal data to the required standards of the European Economic Area. They may also require the recipient to adhere to “international frameworks” designed for data sharing.

7.8 – Please contact us if you would like to obtain details of the relevant fraud prevention agencies.

 

8. Your Rights

8.1 – You may, at any time:

8.1.1 – exercise your right to request access to certain personal data records we hold about you (a subject access request) by emailing admin@bluepay.com with the subject line “subject access request”;

9.1.2 – request that we update and correct any out-of-date or inaccurate personal data we hold about you by emailing us at admin@bluepay.com with the subject line “data update request,” 

9.1.3 – contact us to specify your preferences for how we communicate with you at admin@bluepay.com or by calling us on (0118) 932 3758;

9.1.4 – opt out of any marketing communications from Blue Pay by emailing us at admin@bluepay.com, calling us on (0118) 932 3758, following the link on any email marketing you have received, or using the appropriate opt-out procedures included in all marketing materials;

9.1.5 – exercise your right to object to our continued processing or your right to erasure, which are not absolute rights. We will consider such requests and take into account any compelling legitimate grounds to continue processing, such as our need to process your personal data to comply with legal or regulatory requirements;

9.1.6 – inform us if you have changed your mind about being referred to a third-party broker or lender.

9.2 – When you contact us, please provide sufficient information to verify your identity so that we can assist you in fulfilling your request. We aim to respond to all legitimate requests within one month. Occasionally, it may take longer if your request is particularly complex or if you have made multiple requests. In such cases, we will handle your request as quickly as possible and keep you informed of the progress.

9.3 – You may also request that the CRAs we use provide you with the information they hold about you. You must contact them directly to do this.

 

9. Security and Third-Party Involvement

9.1 – Blue Pay employs appropriate technical and organisational measures to protect the personal data you provide to us. However, we do not accept liability if communications are intercepted by unauthorised parties, incorrectly delivered, or fail to be delivered.

9.2 – When we transfer your information to third parties, we take steps to ensure that the transfer and any subsequent processing by those third parties are performed securely and in compliance with applicable privacy laws.

9.3 – Our website may include links to external websites operated by third parties. This Privacy Policy only covers personal data collected by Blue Pay, and we are not responsible for the personal data collected, stored, or used by third parties through their websites.

9.4 – You are also responsible for ensuring the security of your information. If you have an online account with us, you should:

9.4.1 – keep your login credentials confidential;

9.4.2 – log out of your account when it is not in use;

9.4.3 – maintain robust internet security practices (for instance, exercise caution when using public WiFi or shared internet connections); and

9.4.4 – inform us immediately if you believe your data has been compromised.

 

10. Contact Details

 10.1 – If you have any questions or concerns about this Privacy Policy, how we process your personal data, or if you wish to exercise any of your rights as a data subject, you can contact us at admin@bluepay.com. Alternatively, you can write to us at

The White Building
Reading
Berkshire
RG1 3AH

Please ensure all correspondence is marked for the attention of our Data Protection Officer to facilitate a prompt response.

11.2 – If you have concerns about how we handle your personal data, you can file a complaint with the UK Data Protection Authority, the Information Commissioner’s Office. Their contact details can be found here: ICO Contact Information.