Capify Merchant Cash Advances and Capify Business Loans are provided by Capify UK LLC.
Capify is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you or about you (including information you provide to us), will be processed by us.
This website and our services are not intended for children and we do not knowingly collect data relating to children.
It is important that you read this policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This policy supplements the other notices and is not intended to override them.
Controller and our contact details
Capify is made up of different legal entities, details of which are provided below:
Capify UK LLC (registered in the USA)
United Kapital Limited LLC (registered in the USA)
Capiota Limited LLC (registered in the USA)
UK SME Capital LLC (registered in the USA)
United Kapital Limited (registered in England and Wales under company number 06575165)
Capiota Limited (registered in England and Wales under company number 08080805)
Capify UK Limited (registered in England and Wales under company number 11715963)
United Merchant Services Limited (registered in England and Wales under company number: 06786988)
(together “the Capify Group”).
We will let you know which entity will be the controller of your data when you purchase a product or service from us, but the nominated representative for all data privacy matters for the Capify Group is our Head of Legal, who can be contacted by post at Station House, Stamford New Road, Altrincham, WA14 1EP or by email at firstname.lastname@example.org.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Collection of your personal data
Personal data that may be collected by us includes the following:
- Information that you provide by visiting our website, including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access;
- Information provided at the time of registering with us, including, but not limited to, your name, contact number, email address, date of birth, gender, passport or other identification details and financial information (including details of card transactions);
- Information obtained from third parties providing basic information on senior decision makers at potential customers of ours, including their name, job title, employer’s name, work postal address, telephone number and email address;
- Address and contact details;
- Information provided as part of an application by a company about directors or shareholders of that company;
- Information provided as part of an application by a partnership or LLP about partners or members of the applicant;
- Information obtained from credit reference agencies as described in more detail below;
- Information provided as part of an application by a small partnership /sole trader and any connected financial associates.
- Information that you provide when providing feedback or when you report a problem with our website; and
- Information that you provide when you contact us or we contact you. We may keep a record of that correspondence and information you disclose to us.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your website usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to process your application or perform the contract we have or are trying to enter into with you (for example, to provide you with our products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Purpose and legal bases for processing
We may collect and use your personal data in the following ways:
- to process your application (or the application of a company/partnership or shareholding which you are connected to) with us;
- to make, or cause searches to be made, at a credit reference agency, and other checks which we consider appropriate or necessary to fulfil any of our legal obligations on an ongoing basis;
- to ensure that content from our website is presented in the most effective manner for you and for your computer;
- to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes or we have a legitimate interest;
- to allow you to participate in interactive features of our service, when you choose to do so; and/or
- to notify you about changes to our service.
If you are an existing customer, we may contact you by telephone, SMS, e-mail or by written material with information about goods and services similar to those which were the subject of a previous sale or to deal with any requests for information or as a result of any breach of the terms of your agreement.
If you are a potential new business customer and we do not think that we will be able to lend to your business, we may pass your data onto third parties who we think may be willing to lend to your business to contact you by electronic means or letter.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- to carry out our obligations arising from any contract entered into between you and us;
- to comply with our legal obligations, or to exercise or defend our legal or contractual rights; or
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Generally, we do not rely on consent as a legal basis for processing your personal data, although you are entitled to object to the processing of your personal data where we are relying on legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. You can exercise your rights any time by contacting us at email@example.com. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
When we may contact you
The contacting of customers and relevant parties will be exercised on the following basis:
- where the data subject has given express consent to the processing of the personal data for one or more specific purposes to either the Group or its affiliates; or
- where it is a party who we believe has a legitimate interest in the communication. This will be because a party:
- has previously utilised the services of the Group;
- has indicated an interest in the financial products provided by the Group; or
- may have a professional interest in the Group and the services it provides.
The above includes (but is not limited to) a customer abandoning an application online before submission, direct marketing, the previous provision of working capital, or where the customer has requested to be added to the communications and/or newsletter campaign emails. This would have been either by opting in to receive offers from the Group or by opting in to receive such via third party collaborative competitions.
The channels for which a legitimate interest assessment (“LIA”) has been conducted are as follows:
- Direct Marketing;
- PPC Retargeting;
- Email, SMS and other messaging services;
- Social Media;
- Customer Services; and
- Affiliate companies.
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decided which of our services may be relevant for you. You will receive marketing communications from us if you have requested information from us or engaged our services previously, and you have not opted out of receiving such marketing. We will usually get your express opt-in consent before we share your personal information with any third party for marketing purposes. The only exception to this is if you are a potential new business customer and we do not think that we will be able to lend to your business, we may pass your data onto third parties who we think may be willing to lend to your business to contact you by electronic means, post or telephone.
You can ask us or a third party to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you, by contacting us at firstname.lastname@example.org or by informing us during a call. When you opt out of receiving these marketing messages, this does not mean we will stop processing your personal data provided to us as a result of any services we provide to you.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at email@example.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data, without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
To whom may the personal data be disclosed?
We may permit selected third parties to use your data to provide you with information about products and services which may be of interest to you and they may contact you about these by email, post or telephone.
We may also share your data with third party processors that are required in order for our business to function. These data processors include but are not limited to:
- Consumer Review Partners – including Trustpilot;
- Reward Partners;
- Paid Search Platforms – including Google AdWords’ and Analytics;
- Email service providers;
- Marketing Automations;
- Social Media platforms;
- Customer Relationship Management Systems; and
- Outbound call centres who may contact you on our behalf to find out if you are interested in certain of our products or services which we believe may be of interest to you.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may disclose your personal information (as well as any other information about your payment records under any agreement with us) to:
- relevant legal authorities or third parties if required by law;
- any member of our Group, which means subsidiaries, or the holding company both as defined in section 1159 of the Companies Act 2006 (as may be amended or re-enacted from time to time);
- third parties in the event that we sell (or otherwise dispose of, including by way of security) or buy any business or assets, in which case we may disclose your personal data to the prospective seller, disposee or buyer of such business or assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation and other agreements; or
- to protect the rights, property, or safety of the Group, subsidiaries, customers, or others; and
- any debt collecting agents, third party agents or High Court Enforcement agentsand in respect of any proposed charge of any agreement with us or our interest in any such agreement, or their advisers.
The above includes exchanging information with other companies and organisations including Credit Reference Agencies for the purposes of fraud protection and credit risk reduction.
Credit Reference Agencies and CRAIN
In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs)”. When you apply for financial products from us, we may also carry out periodic searches at CRAs to manage your account.
Where the application is in the name of a company we will carry out credit and identify checks against the directors and shareholders of the company. Where the application is in the name of a partnership or LLP we will carry out those checks against partners or members of the applicant; where the application is a small partnership or sole trader we will carry out credit checks on the owners/partners and any connected members of the applicant(s).
To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- assess creditworthiness and affordability;
- verify accuracy of the data you have provided to us;
- prevent criminal activity, fraud and money laundering
- manage your account;
- trace and recover debts; and
- ensure any offers provided to you are appropriate to your circumstances.
Using information in this way is necessary for our legitimate interests of managing our credit and regulatory risk.
We will continue to exchange information about you with CRAs while you have a relationship with the Group. If you do not repay in full and on time, we are at liberty to report the same to the CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. However, checks against any applications of financial associates will be “soft” checks and while they will be visible to you if you check your credit file (and other lenders) they will not affect your credit score.
In utilising the data held with credit reference agencies, we must abide by the Principles of Reciprocity by contributing the same level of credit performance data that we receive. As such, we will continue to exchange information about your repayment history with credit reference agencies while you have a relationship with us.
If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your file until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention and your data protection rights with the CRAs are explained in more detail in the industry-wide credit reference agency information notice (“CRAIN”).
The CRAIN is accessible from each of the three CRAs set out below – clicking on any of these three links will take you to the same CRAIN Document.
Call Credit: www.callcredit.co.uk/crain
If you would like more details of the CRAs from which we have obtained or may obtain your personal information, please contact us at firstname.lastname@example.org.
We share your personal data within the Capify Group. This will involve the transfer of your data outside the UK.
Many of our external third parties are based outside the UK, in countries such as South Africa, the USA or within the European Union, so their processing of your personal data will involve a transfer of data outside the UK. It may also be processed by staff operating outside the UK who work for us or for one of our suppliers.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:
- we will only transfer your personal data to a country that has been deemed to provide an adequate level of protection for personal data by the UK government; or
- where we use certain service providers, we may use specific contract terms approved by the UK data protection authority which give personal data the same protection it has in the UK.
Please contact us at email@example.com if you would like further information on the specific mechanism used by us when transferring your personal data outside of the EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
In the absence of the Group having any overriding lawful or contractual requirement to the contrary, personal data will be kept for a period of 6 years from the date of last contact.
Personal data rights
We want you to have in control over your information and under certain circumstances, you have the right to do the following:
- to request access to the personal data we hold on you;
- to request any rectification and /or erasure of your personal data or processing concerning the data subject;
- to object to processing of your personal data or to request restriction of processing your personal data;
- to exercise your right to data portability;
- to exercise your right to be forgotten if you no longer wish for us to store any of your personal details. Unless we have an overriding legal or contractual right, all applicable data will be deleted from our systems;
- to exercise your right to withdraw consent to processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. You should note that notwithstanding the withdrawal of consent, we may be legally required to retain some or all of your personal data; and
- to exercise your right to lodge a complaint with a supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance.
If you wish to exercise any of your rights set out above, simply contact us at firstname.lastname@example.org detailing your request. We will aim to respond to all legitimate requests relating to your rights above within one month of receipt of your request. Occasionally it may take us longer than one month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up your response.
Third party links
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. Clicking on those links may allow such third parties to collect or share data about you. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Cookies served by Equifax are held on Capify’s website. Equifax is a credit reporting agency. These cookies will be used to serve adverts to visitors based upon the websites they’ve been to previously.
Click here for more information about Equifax and how to disable this cookie.
Personal data requirement and the consequences of failing to provide it
If the personal data we require is not disclosed to us, and we require such personal data by law or under the terms of a contract, we may be unable to progress your application or perform the contract we have or are trying to enter into with you (for example, to provide you with a cash advance or a business loan). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
No automated processing
We do not use automated processing for decision-making to make decisions about individuals. All applications are reviewed and assessed by our team on their own respective merits.
IP addresses and cookies
We may collect information about your computer, including, where available, your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- to estimate our audience size and usage pattern;
- to store information about your preferences, and so allow us to customise our site according to your individual interests;
- to speed up your searches; and
- to recognise you when you return to our site.
Last updated 31 August 2021.
We’re trusted by thousands of small and
medium sized businesses.
We take pride in working with thousands of UK businesses, and we really appreciate what they say about our
products and services.