This Privacy Notice lets you know what happens to any Personal Data that you give to us, or any that we may collect from or about you.
Date last updated: 17.05.2020
Topics covered in our Privacy Notice:
1. Who we are and who is responsible for your Personal Data
2. What information we collect about you
3. How we use your Personal Data
4. The legal bases for our processing your Personal Data
5. Sensitive Personal Data that we collect about you
6. Automated decision making
7. How we safeguard your Personal Data
8. How long we keep your Personal Data
9. Where we transfer your Personal Data to
10. Sharing your Personal Data
12. Confidential Information
13. Your rights under data protection legislation
14. Changes to this Privacy Notice
15. How to contact us
1.1 British Business Bank plc is registered in England and Wales with company number 08616013 with its registered office at Steel City House, West Street, Sheffield, S1 2GQ.
1.2 As the holding company of the group operating under the trading name of British Business Bank, British Business Bank plc is a development bank wholly owned by HM Government. It is not authorised or regulated by the Prudential Regulation Authority (PRA) or the Financial Conduct Authority (FCA). British Business Bank plc and its subsidiary entities are not banking institutions and do not operate as such.
1.3 This Privacy Notice explains how we use the Personal Data that we receive, collect or generate in relation to our services and products and through our various websites including: www.british-business-bank.co.uk; The Finance Hub: www.british-business-bank.co.uk/finance-hub/; our recruitment portal: https://isw.changeworknow.co.uk/british_business_bank/vms/e/careers/candidates/applications and the Future Fund: www.uk-futurefund.co.uk/ (the “Websites”).
1.4 For the purposes of this privacy notice, the data controller is British Business Bank plc with its registered office at Steel City House, West Street, Sheffield, S1 2GQ. You can also find further contact details towards the end of this notice.
1.5 In this Privacy Notice:
“British Business Bank” “we”, “us” or “our” means British Business Bank plc and other companies in the British Business Bank group (including without limitation): the Start Up Loans Company (registration number 08117656), British Business Finance Ltd (registration number 09091928), British Business Investments Ltd (registration number 09091930), British Business Financial Services Ltd (registration number 09174621), Capital for Enterprise Ltd (registration number 06179047), Capital for Enterprise Fund Managers Ltd (registration number 06826072), British Patient Capital (registration number 11271076).
“Personal Data” means any data which relates to a living individual who can be identified from that data or from other information which is in the possession of, or is likely to come into the possession of, British Business Bank (or its representatives, service providers or partners). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of the British Business Bank or any other person in respect of an individual.
“Partner” means any entity which delivers a BBB product or service to a third party e.g. a high street bank providing a loan under the Coronavirus Business Interruption Loan Scheme (“CBILS”), Coronavirus Large Business Interruption Loan Scheme (“CLBILS”), Bounce Back Loan Scheme (“BBLS”) or Future Fund (“FF”) scheme.
“Beneficiaries of BBB programmes” means a third party, usually a Small or Medium Sized Enterprise (SME) or sole trader who has received funding via a BBB programme for their business.
2.1 Many of the services offered by us require us to collect Personal Data about you in order to perform our services, evaluate our marketing activities and offer our products or services.
2.2 We may collect and process the following Personal Data about you:
A. Information that you provide to us.
We have set out below a description of the types of Personal Data about you which we may collect and process in different situations when you interact with us. The nature of our relationship with you will determine the kind of Personal Data we might ask for.
- Personal Data that we generally process regardless of how you contact us, or for whatever reasons (including any surveys which we use for research evaluation purposes, if you chose to respond to them), such as your: first name, family name, email address, phone number and/or correspondence address;
- Personal Data that you submit online via our Websites (including information on ethnicity and disability if you choose to provide it); and/or
- Personal Data that you submit to us, or to one of our Partners, to apply for a product or service, or to become a customer, which, in addition to the above, may include: financial information, occupation and job details, any relevant income information, proof of identification or other identity documents, age or date of birth. Please note that if an application is not successful we will retain the information you have provided in order to progress relevant ongoing communications with you, for analysis purposes and to fulfil our legal obligations as set out below.
B. Information that we collect or generate about you.
This includes (by way of non-exhaustive list):
- details of your visits to our Websites and the resources that you access (which may include, amongst other things; traffic data and communication data);
- information about our business relationships with you, such as a file with your contact history to be used for enquiry purposes so that we may ensure that you are satisfied with the services which we have provided to you; and/or,
- any Personal Data that you provide to us in correspondence and during our interactions with you (including Personal Data that you provide during telephone and email communications with us, and/or via our Websites).
C. Information we collect through others
- In some instances, for example in relation to applications to the Future Fund, one individual may provide information (including Personal Data) on behalf of other related individuals e.g. a lead investor on behalf of syndicate members or a CFO on behalf of a business management team. We will ask the individual providing the information to confirm they have the agreement of the others to do so. A confirmation of the fact that this submission has been made along with details of this Privacy Notice will be sent in due course to all individuals.
D. Information we obtain about you from other sources
This includes (by way of a non-exhaustive list):
- information from publicly available sources (including third party agencies such as credit reference agencies, fraud prevention agencies, law enforcement agencies and public registers), such as your credit history; and/or,
- information obtained from sanctions checking and background screening providers and information, such as your reasons for being on the sanctions list.
3.1 We will process Personal Data primarily to provide you with a service or product you have requested. However, there may be times when we are required to process Personal Data that is not part of our core business, for example where we have to comply with a legal obligation or a public duty required of us by law.
3.2 Your Personal Data may be stored and processed by us in the following ways and for the following purposes:
A. Maintain and improve customer experience
This includes (by way of a non-exhaustive list):
- To allow you to use and access the services and products provided by us.
- For analytical and administrative purposes
- For our internal purposes, such as research and analysis, reporting, quality control, Website performance, system administration and to evaluate use of our Websites, so that we can continuously improve them and provide you with enhanced services.
- To prevent any potential disruptions or cyber-attacks.
- To allow you to participate in interactive features of volunteering, when you choose to do so.
B. Provide updates about products and services you are using
To notify you about changes to our products and services of which you are a customer.
C. Market products and services
- To provide you with information on our products or services that you request from us, or which we feel may interest you.
- To communicate with you in order to provide you with information about our products, services and mandate.
- To keep you updated about events in your area that could help you with your business.
- To invite you to attend focus groups to further improve our Websites and/or products and services.
- We may also use your Personal Data in case studies that we produce which will then be used for advertising and marketing purposes. We will obtain your consent to do this in advance.
D. Deal with complaints
- For complaint handling purposes.
E. Fulfil our legal obligations
- In order to comply and assess compliance with applicable laws, rules and regulations, and internal policies and procedures.
F. Product and service design and improvement
- To help us improve our products and services.
- To request feedback on our services and products and to help provide more information on the use of those products and services quickly and easily.
G. Equality, diversity and monitoring
- For monitoring and equal opportunities purposes, including where requested assessing how well we are achieving the government’s diversity objectives in relation to the Coronavirus Business Interruption Loan Scheme (CBILS) and other Coronavirus related schemes.
H. Maintain our business processes
- To allow us to effectively and efficiently manage and administer the operation of our business.
I. Comply with internal policies
- To maintain compliance with internal policies and procedures.
J. Monitor our copyright materials
- To monitor the use of our copyrighted materials.
K. Legal rights
- To exercise and defend our legal rights.
L. Credit worthiness checks
We may make periodic searches of our own group records and at credit reference agencies to manage your account, including whether to make credit available or to continue or extend existing credit.
We may use the Personal Data you provide to us to perform a credit check. In order to do this we may share your Personal Data with credit reference agencies. We will use the information we receive from credit reference agencies to:
- assess your application for credit and/or;
- check details on applications for credit and credit related or other facilities;
- verify your identity and, the identity of your spouse, partner or other directors/partners but only if they are a party to your application;
- undertake checks for the prevention and detection of crime, fraud and/or money laundering; and
- undertake periodic statistical analysis or testing to ensure the accuracy of existing and future products and services.
M. Application processing
- We often use Partners who have expertise in certain areas to help us deliver our products and services. We will share your Personal Data with the relevant Partner to progress your application. Partners have an obligation to keep your data secure.
N. Debt Collection
- If you borrow and do not repay in full and on time, the credit reference agencies may be advised and steps will be taken to trace you and to recover the debt owed. In this case a contract debt collection agency may be instructed to help recover the funds.
O. Preventing fraud
- To help us prevent fraud, money laundering and other crimes.
We may conduct a search at fraud prevention agencies for information held about you, any addresses at which you have lived and any information about your business (if you have one). If you give us false or inaccurate information and we suspect or identify fraud we will record this and may also pass this information to fraud prevention agencies, Government agencies and other organisations involved in crime and fraud prevention.
- To help us prevent fraud, money laundering and other crimes.
4.1 We make sure that our use of Personal Data complies with law and the law allows and requires us to use Personal Data for a variety of reasons, for instance where:
A. we need to do so in order to perform our contractual obligations with you (or any organisation with which you are associated);
B. we have obtained your consent;
C. we have legal and regulatory obligations that we have to discharge;
D. we may need to do so in order to establish, exercise and/or defend our legal rights or for the purpose of legal proceedings;
E. the use of your Personal Data is necessary to perform a task carried out in the public interest or in the exercise of official authority vested in British Business Bank; and/or
F. the use of your Personal Data as described is necessary for our legitimate business interest (or the legitimate interests of the British Business Bank), such as:
- allowing us to effectively and efficiently manage and administer the operation of our business;
- maintaining compliance with internal policies and procedures;
- monitoring the use of our copyrighted materials; and/or,
- enabling quick and easy access to information on our services and products.
The legal bases for processing your personal data may differ depending on the product or service you are accessing. For example, in relation to applications for the Future Fund the use of your Personal Data – in order to perform the tasks of assessing applications and making the funds available – is being carried out in the public interest.
5.1 Certain forms of “sensitive personal data” are subject to specific protection or restriction by law in certain territories, including the EU. For these purposes, “sensitive personal data” is data relating to: racial or ethnic origin; criminal activity or proceedings in certain countries; political opinions; religious or philosophical beliefs; trade union membership, genetic data, biometric data, data concerning health or sex life or sexual orientation. We will only process your sensitive personal data if permitted by law and only if one of the following conditions is met:
A. you have given explicit consent in writing to the processing of the data;
B. the processing is necessary for the prevention or detection of crime or acts of dishonesty, malpractice or other improper conduct; or
C. there is any other legal or regulatory justification for the processing.
6.1 We do not make decisions about you using only technology, where none of our employees or any other individuals have been involved. In the event that we introduce automated decision making we will update this Privacy Notice accordingly.
7.1 We will keep Personal Data secure by taking appropriate technical and staff measures to protect it against the unauthorised or unlawful processing and against accidental loss, destruction or damage.
7.2 We have extensive controls in place to maintain the security of our information and information systems. Client files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed or stored is limited to authorised employees.
7.3 British Business Bank employees and employees of our Partners are required to follow all applicable laws and regulations, including in relation to data protection laws. Access to sensitive Personal Data is limited to those who need to it to perform their roles. Unauthorised use or disclosure of Personal Data is prohibited and may result in disciplinary measures.
7.4 When you contact us about your file, you may be asked for some Personal Data. This is a safeguard designed to ensure that only you, or someone authorised by you, has access to your file.
7.5 It is essential that the Personal Data you have provided to us is kept accurate and up to date as this will help to ensure the safeguarding of your Personal Data and enable us to contact you, for example when you apply for a product or service with us.
7.6 We review this Privacy Notice and our other data protection policies annually to make sure they are appropriate and up to date. The date of our last revision is shown at the top of this notice. We also carry out regular audits to monitor our security policies, processes and procedures and revise them if necessary.
8.1 How long we will hold your Personal Data for will vary and will be determined by the following criteria:
A. the purpose for which we are using it – we will need to keep the data for at least as long as is necessary for that purpose; and
B. legal obligations – laws or regulations may set a minimum period for which we have to keep your Personal data.
9.1 We will not routinely transfer your Personal Data to, or store it, outside the European Economic Area (“EEA”).
9.2 If we do transfer your Personal Data to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. This may be done in a number of different ways, for instance:
- the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data;
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your Personal Data;
- where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
- in other circumstances the law may permit us to otherwise transfer your Personal Data outside the EEA.
9.3 In all cases we will ensure that any transfer of your Personal Data is compliant with the applicable data protection law.
9.4 You can obtain more details about the protection given to your Personal Data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us through the methods listed in the ‘How to contact us’ section below.
10.1 We may share your Personal Data within the British Business Bank group of companies for the purposes described above.
10.2 We will also share your Personal Data with our Partners so that they can consider your eligibility for support as well as Government departments, public-sector bodies and other associated partner organisations for research purposes.
10.3 We may also share your Personal Data outside of the British Business Bank group with the following third parties:
- with our Partners for the purpose of carrying out our contractual or business interests (including credit reference checks where applicable);
- we may share details of your personal and/or business account (if you have one), including names and parties to the account and how you manage it/them to credit reference agencies;
- with third party agents and contractors for the purposes of enabling them to provide data analysis, customer support, storage and other services to us (for example, accountants, professional advisors, IT and communications providers and debt collectors) and any entity we may appoint from time to time to evaluate the effectiveness of the Websites. These third parties will be subject to appropriate confidentiality requirements and they will only use your Personal Data as described in this Privacy Notice;
- to the extent required by law, for example if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators), or to establish, exercise or defend our legal rights;
- if we (or any company in the British Business Bank group) undergo a business restructure or sell, buy or otherwise transfer any business or assets, in which case we may disclose your Personal Data to the prospective buyer for due diligence purposes; and
- if we are or substantially all of our assets are acquired by a third party (or any company in the British Business Bank group or substantially all of the assets of a company in the British Business Bank group are acquired by a third party), in which case Personal Data held by us about you will be disclosed to the third party buyer.
11.1 We may use your Personal Data to provide you with marketing information that you request or that we feel may interest you by post, email and/or telephone (including SMS) as follows:
- If you are an existing customer or have taken steps to become a customer by using the Websites or contacting us, we may contact you by post, email and/or telephone (including SMS) with information about products and services which are similar to those we previously provided to you, unless, at the time we collect your contact information, you have indicated that you do not want to receive marketing information; or
- If you are a new customer, we may contact you by post, email and/or telephone (including SMS) if you have consented to receiving such information.
11.2 We will not pass your Personal Data to third parties for their marketing purposes.
11.3 We operate an integrated communications programme, which means we use your Personal Data to communicate with you through several different channels; including direct mail and email. Our aim is to keep you up-to-date with information you have expressed an interest in.
11.4 If you no longer wish to receive marketing communications from us, you are able to ‘opt out’ of them at any time. You will be able to change your preferences by clicking on the relevant link at the bottom of any marketing emails you may receive. You may also ask us at any time not to use your Personal Data for marketing purposes by contacting us via the methods listed in the ‘How to contact us’ section below.
12.1 Please note that under the Freedom of Information Act 2000, we are only permitted to protect information that is actually confidential in law and where, if we were to disclose it, we could be sued for breach of confidence.
12.2 Information you give us which you may consider confidential, or may mark as confidential, may in fact not be confidential in law. However, in respect of any information we receive from you that is truly confidential, we will take steps to ensure it remains confidential.
12.3 Unauthorised disclosure or misuse of confidential information by our employees may lead to disciplinary action.
13.1 You have a number of legal rights in relation to the Personal Data that we hold about you. These rights include:
The right of access
The right to see a copy of the Personal Data we hold about you (with the exception of the assessment of any application for finance or other products).
The right to object
Where you have actively provided your consent for us to process your Personal Data, the right to withdraw your consent at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason (other than consent) for doing so.
The right to be removed from our marketing lists.
The right of data portability
In some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is feasible. Please note that this right only applies to Personal Data which you have provided to us.
The right to rectification
The right to correct any errors in Personal Data we hold about you, and to change or correct any details you have already given us.
It is important that any contact data you provide is kept accurate and up to date so that we can contact you should we need to, for example when you have applied for a product or service and we need to discuss your application.
The right to erasure
The right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data where we are legally entitled to retain it.
The right to restrict processing
The right to request that we restrict our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you ask us to restrict our processing of your Personal Data where we are legally entitled to refuse that request.
13.2 You also have the right to lodge a complaint with the Information Commissioner’s Office (details of which are provided below) if you think that any of your rights have been infringed by us.
13.3 You can exercise your rights by contacting us using the details set out in the “How to contact us” section below.
14.1 We may make changes to this Privacy Notice at any time by sending you an email with the modified terms or by posting a copy of them on our Websites.
14.2 Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on the Websites, whichever is earlier. Your continued use of our Websites after the expiry of this period means that you agree to be bound by the modified Privacy Notice.
15.1 If you have any questions or comments regarding how we handle your Personal Data, please contact our Data Protection Officer at:
Email Address: DataProtection@british-business-bank.co.uk
Post: The Data Protection Officer, British Business Bank, Steel City House, West Street, Sheffield, S1 2GQ.
15.2 If you would like to submit an FOI request, you can do so by emailing:
15.3 In the event that you would like to lodge a complaint relating to our use of your personal data you can do so by contacting the Information Commissioner’s Office:
Phone: 0303 123 1113 (9am – 4.30pm, Monday to Friday)