Investors

Privacy Notice

Effective from 14 April 2025

Introduction

This privacy notice explains how we use your personal information, sets out your rights under the new laws and explains how the law protects you.

“Personal information” means information about a living individual who can be identified from that information (either by itself or when it is combined with other information). If we provide you or a business in which you are financially linked with a product or service, then we will use your personal information in the ways set out in this notice.

We are unable to provide you with a product or service or to process your application without having personal data about you.  Your personal data is required before you can enter into the relevant contract with us, or it is required during the life of that contract, or it is required by laws that apply to us.  If we already hold some of the personal data that we need – for instance if you are already a customer – we may not need to collect it again when you make your application.

If you make an application for your business, we will also collect the personal data about all individuals who are linked to the business, for example beneficial owners, directors or officers of your company, who you must include on the application form. You must show the Privacy Notice to all the linked individuals and ensure they know you will share their personal data with us for the purposes described in it. In addition, we ensure this Privacy Notice is accessible by all prospective customers via our website, we will share it with you when you are onboarded as a customer, and we make it available at all times within our customer portals.

Who are we?

DF Capital Group is made up of Distribution Finance Capital Holdings plc, registered in England and Wales (company number: 11911574) and its subsidiary DF Capital Bank Limited (company number: 10198535) together with its subsidiaries DF Capital Financial Solutions Limited (company number: 14891201) and DF Capital Retail Finance Limited (company number: 15788832). The registered office for each of the group companies is: Express Building, 9 Great Ancoats Street, Manchester M4 5AD. DF Capital Bank Limited is authorised by the Prudential Regulation Authority (PRA) and regulated by the Financial Conduct Authority (FCA) and the PRA (Financial Services Register No. 848291). DF Capital Financial Solutions Limited is not authorised by the PRA or FCA, its commercial lending products are not regulated. It is supervised by the FCA for anti-money laundering purposes only. DF Capital Retail Finance Limited is authorised and regulated by the FCA (Financial Services Register No. 1017795).
DF Capital Bank Limited, DF Capital Financial Solutions Limited and DF Capital Retail Finance Limited are registered with the Information Commissioner Office (ICO) (registration no ZA286044, ZB643339 and ZB728595, respectively) and are the “controllers” for the purposes of data protection laws in relation to any personal information held about you. Herein, each of the companies will be collectively referred to as ‘DF Capital’.

Our privacy promise

DF Capital wants to be a trusted financial partner and is committed to protecting and respecting your privacy. We will always treat your information as confidential, even when you are no longer a customer.

How the law protects you?

As well as our Privacy Promise, your privacy is protected by law. Under Data Protection Laws we can only process your personal information where we have a proper reason for doing so.  This includes sharing it outside the Group. The law says we must have one or more of these reasons:

  • we are required to do so by law i.e. a legal obligation
  • you have granted us consent to process your personal information
  • you have entered or you are considering entering into a contract with us for a financial product or service
  • it is in our own legitimate interests to do so

A legitimate interest is when we have a business or commercial reason to use your information for example to prevent abuse and loss, to strengthen IT and payment security or for marketing purposes. But even then, it must not unfairly go against what is right and best for you.

What personal data do we collect?

Depending on the product and services you have requested or you are interested in, we collect and process different kinds of personal data, including:

  • basic personal information, including title, name and address, residential status, date of birth and contact details.
  • documentary data, e.g. details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, driver’s license, national insurance number, or birth certificate.
  • financial information, e.g. your financial position, employment status, salary, source of funds, status, significant additional financial commitments, and history.
  • socio-demographic information, e.g. details about your work or profession, nationality, and where you fit into general social or income groupings.
  • transactional information, e.g. details about payments to and from your accounts with us.
  • social relationships, e.g. information about your family, friends and other relationships.
  • contractual information, e.g. details about the products and services we provide to you and your preferences towards them.
  • communications, e.g. what we learn about you from letters, emails, and conversations between us.

There may be times when the information we hold about you includes sensitive personal data, such as information relating to racial or ethnic background or  your health and vulnerability status. We will only hold this data when we need to for the purposes of the product or services we provide or where we are legally required to do so. We will always seek your explicit consent to process sensitive personal data.

Where do we collect your information from?

We hold personal and financial information about you (or your business) which you have provided to us or which we have collected/received from elsewhere such as:

  • information you give us on application forms;
  • information we get from how you use your facilities;
  • details of who supplies goods and services to you;
  • when you use our website, mobile device apps, including secure messages online. We automatically collect data about your equipment, browsing actions and patterns which we collect using cookies and other similar technologies when you accept to their usage;
  • information from other organisations, such as credit reference agencies, fraud prevention agencies, data aggregators, comparison websites;
  • government and law enforcement agencies;
  • information that we gather from publicly available sources including but not limited to  press, social media and networks, the electoral register, Companies House and online search engines;
  • when you talk to us on the phone;
  • in emails and letters;
  • in customer surveys;
  • if you take part in a competition or promotions;
  • information from people or businesses you are financially linked to;
  • information that other people give us such as your advisors, brokers, introducers, dealers or agents working on our behalf; and
  • information we get from analysing your financial situation and transaction history.

Why do we collect your information?

DF Capital stores and uses your information to manage your facilities and products and to provide services that suit your needs. This includes making payments, loan advances, customer services, customer administration, credit assessment and marketing as well as compliance with statutory obligations. Additionally, we may need to use your data for several other reasons including the following:

Assessing the suitability of products or services

We will use your information to assess whether our products and services are suitable for you or for a business you are financially linked to, including making credit decisions. This may involve credit scoring and regular statistical analysis to produce management information relating to risk. We may look at your information when deciding whether to approve an application for credit by a person you are linked to, including when that person applies on behalf of a business.  We may also link your information to the information relating to other people you are financially linked to, if you make a joint application or if you tell us that you have a husband, wife, civil partner or partner. You should make sure you have shared the relevant information from this notice with them.

Verifying your identity and using Credit Reference Agencies

If you apply for a new product or service from us, we may perform credit and identity checks on you and certain individuals connected to you or your business with one or more credit reference agencies (“CRAs”), data aggregators or digital identification screening providers. We may also make periodic searches with these third parties to manage your account and maintain up to date records.

To do this, we will supply your personal information to the CRAs and digital identification screening providers, and they will give us information about you. This may include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.

We will use this information to:

  • Assess your creditworthiness and whether you can afford to take a product
  • Verify the accuracy of the information you have provided to us
  • Confirm identities
  • Prevent criminal activity, fraud and money laundering
  • Manage your account(s)
  • Trace and recover debts
  • Ensure any offers provided to you are appropriate to your circumstances

We may continue to exchange information about you with CRAs while you have a relationship with us. We may also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.

When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other organisations. The type of footprint left is dependent upon the search that is conducted but the search could appear on your credit history and be seen by other companies. Whether an application is successful, unsuccessful or you choose not to proceed, this search may affect your credit history and score.

If you are making a joint application, or tell us that you have a spouse or financial associate, we may link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application.

We need to confirm your identity before we provide products or services to you or your business.

Once you have become a customer of ours, we will also share your personal information as needed to help detect fraud and money-laundering risks. We use CRAs to help us with this.

We or a CRA (in their fraud prevention role) may allow law enforcement agencies to access your personal information. This is to support their duty to detect, investigate, prevent and prosecute crime.

CRAs can keep personal information for different lengths of time. For example, they can keep your information for up to six years if they find a risk of fraud or money-laundering.

We and CRAs may process your personal information in systems that look for fraud by studying patterns in the data. We may find that an account is being used in ways that fraudsters work. Or we may notice that an account is being used in a way that is unusual for you or your business. Either of these could indicate a possible risk of fraud or money-laundering.

If we or a CRA decide there is a risk of fraud, we may stop activity on the accounts or block access to them. CRAs will also keep a record of the risk that you or your business may pose.

This may result in other organisations refusing to provide you with products or services, or to employ you.

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at https://www.experian.co.uk/crain.

Fraud prevention agencies

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering.

If you provide false or inaccurate information and we find that you have committed fraud, you could be refused certain services, finance, or employment and  we may pass your details to fraud prevention agencies. Law enforcement agencies may also access and use this information.

Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found by visiting www.cifas.org.uk/fpn

Protecting you

We may record or monitor phone calls for security and compliance purposes. We may also collect information associated to your wellbeing of status as a vulnerable individual, to enable us to adjust our product or service offering accordingly. We will always seek your consent before recording any sensitive data.

Research purposes

We may also use your information for research purposes which may include profiling to understand your buying preferences. Using your personal information in this way allows us to develop, improve and market our products and services to meet our legitimate interests Where we consider that, on balance, it is appropriate for us to do so, we will process your personal data to the extent necessary for following legitimate interests which apply to us such as administering and managing your account and services, testing the performance of our products, services and internal processes and for management and audit of our business operations including accounting.

Sharing your information

We do not sell or trade your information to third party organisations. There are circumstances where we need to provide information to other people who assist us in conducting our business or servicing you or your business or in identifying potential financial crime or where we are under a legal or regulatory obligation to do so. For these reasons we may share your personal information with, for example:

  • Credit reference agencies
  • Identity verification agencies
  • Fraud prevention agencies
  • Asset registration services
  • Data aggregators
  • Open banking partners as outlined in the “Open Banking” section below
  • HM Revenue & Customs, regulators and other statutory bodies and authorities
  • UK Financial Services Compensation Scheme and the Financial Ombudsman Service
  • Our regulators and certain statutory bodies as required by law
  • Any trustees, beneficiaries, administrators or executors associated with your account
  • Someone you nominate or authorise to act on your behalf
  • People who give guarantees or other security for any amounts you owe us
  • Companies we have a joint venture or agreement to co-operate with
  • Our professional advisors and auditors
  • Organisations that introduce you to us
  • Companies that we introduce you to or who introduce us to you
  • Independent market researcher organisations
  • Your financial advisors or agents working on our behalf
  • Price comparison websites and similar companies that offer ways to research and apply for financial products and services
  • People you ask us to share your information with
  • Direct Debit scheme, if you use direct debits
  • Other lenders who also hold a charge on the asset, if you have a secured loan with us
  • Other companies in the Group to assess credit risk or to help us run your facilities. We may also share your information within the Group to prepare research and analyse statistics (including analysing risk and credit) so that we can improve our services.

We will sometimes arrange for service providers, agents and subcontractors, including those from outside the European Economic Area (EEA), to provide services and process your information on our behalf. We will make sure that these service providers, agents and subcontractors have a duty to keep your information confidential and secure, and that they only process your information as set out in a written contract. Where we use third parties from outside the EEA, we will ensure that your rights under Data Protection Laws are safeguarded through the appropriate protections.

To meet our duties to regulators, we may allow authorised people to see our records (which may include information about you) for reporting, compliance and auditing purposes. For the same reason, we will also hold the information about you when you are no longer a customer.

We may also share your personal information with other organisations if we sell, transfer, or merge parts of our business or our assets, or if we seek to acquire other businesses or merge with them. If any such change to our business happens, these other parties may then use your information in the same way as set out in this Privacy Notice. Any parties we share your information with agree to keep all information supplied secure and protected from unauthorised access.

How long do we keep your information?

We will only keep your personal information for as long as is necessary to administer any relationships that you hold with us. This means that we may hold your personal information after your relationship with us ends for up to seven years.

We may do this for the following reasons:

  • to respond to any questions or complaints;
  • to show that we treated you fairly;
  • to maintain records according to regulatory and statutory rules that apply to us; and
  • To allow us to preserve, defend or enforce any relevant legal rights we may have.

We may keep your data for longer than seven years if we cannot delete it for legal or regulatory reasons. If we do, we will make sure that your privacy is protected and only use it for those purposes.

Your privacy rights

You have a number of rights under the Data Protection Laws in relation to the way we process your personal data, which are set out below. We will aim to respond to any request received from you in relation to exercising your rights within 30 days from your request, although this may be extended in some circumstances in line with Data Protection Laws.

  • Access – You have the right to access the information that we are processing about you and to be told where the information comes from and what we use it for. You also have the right to be informed about how long we store your information and about those with whom we share your information. Your right of access may, however, be restricted by law, the need to protect another individual’s privacy or consideration for the DF Capital commercial business strategies and operations. You must write to us if you want to see this information. Access to your data will usually be provided free of charge, although in certain circumstances we may make a small charge where we are entitled to do so under Data Protection Laws.
  • Rectification – You have a right to rectification of inaccurate personal information and to update incomplete personal information.
  • Restriction – You have a right to request us to restrict the processing of your personal information. You may request us to restrict processing your personal information if you believe that:
    • any of the information that we hold about you is inaccurate;
    • we no longer need to process your information for the purposes for which it was provided; or
    • we are not using your information in a lawful manner
  • Erasure – You have a right to request that we delete your personal information. You may request that we delete your personal information if you believe that:
    • we no longer need to process your information for the purposes for which it was provided;
    • we have requested your permission to process your personal information and you wish to withdraw your consent; or
    • we are not using your information in a lawful manner.
  • Objection  You have a right to object to the processing of your personal information, unless we can demonstrate compelling and legitimate grounds for the processing, which may override your own interests.
  • Portability – You have a right to receive the personal information you provided to us in a portable format. You may also request us to provide it directly to a third party, if technically feasible.

Rights with respect to personal data are bound by the legitimate need for DF Capital to process data for statuary, regulatory and contractual purposes. Thus, certain of the above rights will be limited e.g. we’re required by law to retain some of your data for a particular period.

If you wish to exercise any of these rights or if you have any queries about how we use your personal information that are not answered here, you can contact our Data Protection Officer at the address at the end of the Privacy Notice..

Profiling and automated decision making

DF Capital may use automated decision making, including profiling, to approve applications for loans or credit, to prevent fraud and, in the case of profiling, to be able to offer you specific services and products that meet your preferences and to target our marketing in general. You have the right not to be subject to automated decision making (including profiling), where it affects your legal rights or has an adverse impact on you, for example, the refusal of an online credit application.  If you have given us your consent to process your data and the processing is automated, you have the right to get your personal information from us in an electronic format that can easily be reused. You can also ask us to pass your information in this format to other organisations. If you wish to exercise any of these rights, please write to our Data Protection Officer at the address at the end of this notice.

Customer experience

We are keen to keep you up to date with changes to the service we provide or interruptions to our service, or also to remind you to activate and use the online services for which you have registered. If you have given us your email address or mobile number, we may use these to send you messages. If you do not want us to contact you by text message or email, please contact us using the details provided to you and we will delete these details from our records.

Marketing

Through our marketing programme, we may identify and tell you about products and services supplied by us that we consider may be of interest to you. We may do this by phone, mail, email, text or through other digital media where you have given us your consent to being marketed by these methods. You can decide how much direct marketing you want to accept. You can contact us at any time if you do not want to receive marketing information. Whatever you choose, you will still receive statements, and other important information such as changes to your existing products and services.

Open banking

What is Open Banking?

Open Banking is the secure way of providing access to your bank or building society account to providers who are registered for this purpose. Registered providers and participating banks and building societies are listed under the Open Banking Directory. Open Banking was set up by the UK Government to encourage more competition and innovation in the financial services sector.

As a forward thinking company, we support the use of Open Banking as it allows us to process customer application efficiently, securely and in our Customer’s best interests.

By permitting access to your bank or building society account information we are able to make better affordability checks as we shall be able to verify your income, outgoings and other matters in order to assess what terms would be suitable for you based upon what you can reasonably afford.

Further information about Open Banking is available from www.openbanking.org.uk.

How will my personal data be shared and used for the purposes of Open Banking?

By proceeding with your credit application via our website you will be asked to expressly consent to us sharing your personal, contact and loan application details (“the Shared Personal Data”) with our registered Open Banking partner, Perfect Data Solutions Limited t/a LendingMetrics (“PDS”) who is also a credit reference agency. During your credit application we shall safely and securely direct you to PDS’s secure portal (“the Portal”) for the purposes of granting PDS access to your bank or building society account information (“Transaction Information”). As soon as your Transaction Information is received it shall be reported back to us in the form of a completed search in order that we may continue to process your credit application (“the Permitted Purpose”). Further information about PDS including their registered provider and regulatory status is available from www.lendingmetrics.com.

Is Open Banking secure?

PDS is registered under the Open Banking Directory as an account information service provider and regulated by the Financial Conduct Authority as a payment services firm under number 802599. Any data you submit via the Portal will be encrypted and its usage tracked as part of set Open Banking data security standards. We are responsible for the secure transmission of any Shared Personal Data to PDS, for safely directing you to the Portal and for the safe receipt and usage of your Transaction Information. You will not be required to share your banking password or log in details with either us or PDS. Once you have given your explicit consent to share your bank account information on the Portal you will be directed to your own bank or building society’s login page where you will enter in your own login details directly. Save as set out above or elsewhere in this Privacy Policy, we are not responsible for your direct data transmissions with PDS or with your own bank or building society.

How will my Shared Personal Data and Transaction Information be used?

PDS shall, subject to their own terms and conditions and privacy policy, and, if your bank or building society is registered to provide access under the Open Banking Directory, obtain your Transaction Information and submit this back to us for the Permitted Purpose. By way of example, the Transaction Information that we shall receive is likely to include information relating to your income, outgoings and credit worthiness. PDS shall be entitled to re-access your Transaction Information for up to 90 days from the date of your original search result in order to refresh the search results, obtain a snapshot of your data or gather additional data. PDS shall hold the Shared Personal Data and the Transaction Information they receive and retain according to their own terms and conditions and privacy policy, available on the Portal, which you will be required to read and consent to once directed there via our website. As PDS is also a credit reference agency they may also share and keep a record of your Shared Personal Data and Transaction Information.

Will you use my Transaction Information data for any other purpose?

The Transaction Information we receive about you will only be used for the Permitted Purpose. We do not sell or share Transaction Information with any third party. Save as set out above the information contained in the rest of this Privacy Policy deals with how we collate, use, transfer, store, delete and other terms applicable to your personal data including Shared Personal Data and Transaction Information.

Do I have to provide you with my consent to proceed?

As part of your credit application, you will be asked to expressly consent to us sharing your personal information and permitting access to Open Banking. You are still able to proceed with your application even if you do not provide your consent. Where your bank or building society have already permitted access to your Transaction Information you shall need to contact them directly in order to withdraw your consent under their particular Open Banking terms and conditions.

Are any of my other rights under this Privacy Policy affected?

Your individual data protection and privacy rights including the right to access, correct, delete, object, restrict, withdraw consent, request transfer and/or make a complaint, continue to apply to relevant personal data we control or process and are dealt with elsewhere in this Privacy Policy. Under Open Banking as your personal data is shared by your bank or building society and accessed by PDS you may also be able to exercise your individual data protection and privacy rights against either of them pursuant to their own terms and conditions and privacy policies.

How to withdraw your consent?

Once you have given us your consent you can withdraw it at any time, unless there is another legal reason under the Data Protection Laws that allows us to process your information.  Please note that if you withdraw your consent, we might not be able to provide you our products or services. If this is so, we will tell you.  You can withdraw your consent at any time by getting in touch with us at [email protected] or using the contact details at the end of this notice. The withdrawal of your consent will be processed as soon as possible.

Cookies and tracking pixels

Cookies are small files that a website or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the sites or service providers’ systems to recognise your browser and capture and remember certain information. We use cookies to compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

Tracking pixels are a similar technology to cookies, but they are embedded within an email rather than on a website. We may use tracking pixels to monitor whether a recipient has opened an email we have sent them. You can find out about cookies and how we use them in our cookie policy at: www.dfcapital.bank.

Changes to the Privacy Policy and your duty to inform us of changes

We keep our privacy policy under regular review. It is important that the person data we hold about you is accurate and current.  Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

How to complain

If you are unhappy with how we have handled your personal information, you can contact our Data Protection Officer at the address at the end of this notice.

You also have the right to complain to the Information Commissioner’s Office. You can call their helpline on 0303 123 1113, or you can visit their website (www.ico.org.uk) for information on how to make a data protection complaint.

Data Protection Officer

We have appointed a Data Protection Officer to advise us about our data protection obligations and to monitor compliance. You can contact the Data Protection Officer by writing to the Data Protection Officer, DF Capital, Express Building, 9 Great Ancoats Street, Manchester M4 5AD or by emailing us at [email protected].

Previous versions of our Privacy Notice

1 March 2024 – 14 April 2025

February 2024 – in use until 29 February 2024

DF Capital Logo
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.