Little Business Loans is committed to safeguarding the privacy of our website visitors and service users. We are committed to protecting the privacy of visitors to our Site and our service users in accordance with the following relevant legislation:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
For the purposes of the Data Protection Act 1998 (the “Act”) and the EU General Data Protection Regulation 2018 (“GDPR”) the data controller is The Buyback Service Limited, trading as Little Business Loans Limited of Po Box 11614, Edgbaston, Birmingham, B16 9ZG.
In this policy, “we”, “us” and “our” refer to The Buyback Service Limited, trading as Little Business Loans.
How we use your personal data
We may process information contained in any enquiry you submit to us, or has been submitted by your finance broker, regarding our services (“enquiry data“). The enquiry data may be processed for the purposes of offering, marketing and selling relevant services to you. The legal basis for this processing is consent.
We may process information contained in any application you submit to us regarding our services (“application data”). The application data may include your contact details, your company details and details of the service you require from us.
The source of the application data is you or your finance broker. The application data may be processed to prevent and detect fraud, money laundering and other crime, carry our regulatory checks, meet our obligations to any relevant authority, develop our services to you and protect our interests, to manage our relationship with you including (but not limited) to undertake underwriting collections and servicing activities and for the purpose of supplying our services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our business.
We may process information relating to transactions, including services, that you enter into with us (“transaction data“). The transaction data may include your contact details, your company details, your card details, financial data and accounts, details of any assets taken as security and the transaction details, details of other Directors/ Shareholders. The transaction data may be processed to prevent and detect fraud, money laundering and other crime, carry our regulatory checks, meet our obligations to any relevant authority, develop our services to you and protect our interests, to manage our relationship with you including (but not limited) to undertake underwriting collections and servicing activities and for the purpose of supplying our services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our business.
We may process information that you provide to us for the purpose of subscribing to our email notifications and newsletters (“notification data“). The notification data may be processed for the purposes of sending you the relevant notifications and newsletters. The legal basis for this processing is consent.
We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure and debt collection The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Please do not supply any other person’s personal data to us unless we prompt you to do so or you have their permission.
Providing your personal data to others
Client identity reference agency, company reference agency and fraud checks
When you apply to us to use our services, we will check our own records, your records at company identity reference agencies and the records held by client identity reference agency relating to your “financial associate” (if you have one) i.e. a person with whom you have, or have had, joint personal financial arrangements such as joint accounts or have made joint credit applications, which may be your spouse or partner (not a business partner). We may also, in certain limited circumstances, check the record, of other members of your family and if you are a director or partner in a small business, we may also check on your business.
If you are making a joint application or tell us that you have a spouse or financial associate, we will search, link and record information about you both together at client and company reference agencies (including any previous and subsequent names). You must be sure that you have your financial associate’s agreement to disclose their information to us and for us to conduct these searches. Client and company reference agencies also link your records together and these links will remain on our files until such time as you or your financial associate tell us that you are no longer financially linked and this is accepted by us.
If you give us false or inaccurate information and we suspect or identify fraud we will record this and may also pass this information to fraud prevention agencies and other organisations involved in crime and fraud prevention.
With the information that we obtain we will:
- assess this application for credit worthiness;
- check details on applications for credit and credit related or other facilities; and/or
- verify your identity and that of your financial associate; and/or
- undertake checks for the prevention and detection of crime, fraud and/or money laundering; and/or
- assess this application and to verify your identity; and/or
- manage your account with us.
We may make periodic searches of our own records and client and company reference agencies to manage your account with us, including to assist us in deciding whether to make credit available or to continue or extend existing credit. We may also check at fraud prevention agencies to prevent or detect fraud. If you have borrowed from us and do not make payments that you owe us, we will trace your whereabouts and recover debts.
When a client reference agency receives a search from us it will leave a soft-footprint which has no impact on your credit score.
Client reference and company rating agencies will supply to us:
- Public information such as County Court Judgments (CCJs) and bankruptcies in your name;
- Public information such as County Court Judgments (CCJs) and bankruptcies in the name of your company
- The filing of accounts and other statutory documents in the name of your company;
- Details of other shareholdings and company directorships you hold
- Details of previous shareholdings and company directorships
- The name of your associate(s)
- Electoral Register information.
- Fraud prevention information.
How your data may be used by fraud prevention agencies:
The information which we provide to the fraud prevention agencies about you, your financial associates and your business may be supplied by fraud prevention agencies to other organisations and used by them and us to:
- prevent crime, fraud and money laundering by, for example;
- checking details provided on applications for credit and credit related or other facilities;
- managing credit and credit related accounts or facilities;
- cross checking details provided on proposals and claims for all types of insurance;
- checking details on applications for jobs or when checked as part of employment
- verify your identity if you or your financial associate applies for other facilities including all types of insurance proposals and claims;
- trace your whereabouts and recover debts that you owe;
- conduct other checks to prevent or detect fraud;
- we and other organisations may access and use from other countries the information recorded by fraud prevention agencies;
- undertake statistical analysis and system testing.
Your data may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law or where permitted under the terms of the Act.
Third Parties (other than credit reference agencies)
We may share your information with other organisations:
- to carry out anti-money-laundering and identity checks;
- to carry out HPI checks and to register your vehicle(s) log-book(s) if used as security
- who we carefully select to assist us in providing services to you, and which may be located outside of the European Economic Area;
- if we sell or buy any business or assets, (as we may share your data with the prospective seller or buyer);
- if we or substantially all of our company assets are acquired by another party, in which case your information will be one of the transferred assets;
- if we have to share your information to comply with legal or regulatory requirements, or if we have to enforce or apply our Terms and Conditions of Use or our loan agreement with you or need to protect our rights, property or our customers;
- if your details were originally passed to Little Business Loans via a third party (such as a referral platform or financial broker) we may report your application outcome and loan status back to that financial broker;
- in the event that you do not satisfy our eligibility criteria and/or we cannot lend to you, we may pass your information including your name, email address and contact details to third parties who we think may be able to assist you. Those third parties may then contact you by telephone or email in order to discuss whether or not they can assist you.
In the event that your account is sent to debt collection, we may contact and use third part agencies for the purposes of debt collection.
Financial transactions relating to services are handled by our payment services providers, Key IVR Ltd and Worldpay (UK) Limited. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at
How to find out more:
You can contact the client and company reference agencies in the UK to request the information they hold on you. They will charge you a small statutory fee.
- LexisNexis Risk Solutions UK Limited, Data Protection Officer
80 Moorbridge Road, 1st Floor, Maidenhead
Berkshire SL6 8BW, DPO@lexisnexis.co.uk
- Company Searches Made Simple, The Made Simple Group Limited, 20-22 Wenlock Road, London, N1 7GU, firstname.lastname@example.org
- HPI Limited, Bond Court, Leeds, West Yorkshire, LS1 5EZ.
Where your information is transferred outside of the European Economic Area it may not be subject to the same level of data protection as you enjoy in Europe and so we shall ensure that all such transfers are made in accordance with applicable law.
International transfers of your personal data
Your personal data may be transferred to countries outside the European Economic Area (EEA).
We use facilities based in Australia. Transfers to this country will be protected by appropriate safeguards.
The hosting facilities for our website are situated in the United States of America.
The European Commission has made an “adequacy decision” with respect to the data protection law of this country. Transfers will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.
You acknowledge that personal data that you submit for publication through our website may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
Retaining and deleting personal data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows:
(a) If you have taken out a loan your personal and company data will be retained for a maximum period of 6 years following the date of application,
(b) If you have applied for a loan but the application has been declined or you have not accepted the loan offer, your personal data and company data will be retained for a maximum period of 3 years following the date of application,
(c) If you commence an application with us but this application is not completed, we will retain your personal and company for a maximum period of 30 days in order for us to proceed with your application should you return to it within the 30-day time period.
Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of changes to this policy by email.
You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
– the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).
We may withhold personal information that you request to the extent permitted by law.
You may instruct us at any time not to process your personal information for marketing purposes.
In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies that we use
Cookies used by our service providers
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version.
You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.
This website is owned and operated by The Buyback Service Limited.
We are registered in England and Wales under registration number 08457011, and our registered office is at Po Box 11614, Edgbaston, Birmingham, B16 9ZG.
13.3 Our principal place of business is at 7th Floor, 75 Harborne Road, Edgbaston, Birmingham, B16 9ZG.
13.4 You can contact us:
(a) by post, to the postal address given above;
(b) using our website contact form;
(c) by telephone 0121 246 1821
(d) by email, using the email address published on our website from time to time.
Data protection officer
Our data protection officer’s contact details are: Clare Sharif,