Privacy Policy
1/ Introduction
Smart Business Group (which includes Smart Business Link Limited, Smart Asset Finance Limited, Smart Asset Finance Limited and Smart Tech IO Limited) is committed to keeping your personal data safe. We will always treat your personal data with respect and design our products and services with your privacy in mind.
This Privacy Notice will help you understand how we collect, use, and protect your personal data. You acknowledge that by providing your personal data to us, you consent to its processing in the manners outlined below. When providing personal data about others, you confirm that you have the consent of these individuals to supply their personal data. We are unable to offer you any product or service that requires the processing of special category personal data, as defined in the General Data Protection Regulation (GDPR), unless you provide explicit consent for the collection and use of such data.
Who are we?
Smart Business Group is invoice factoring company. We provide payment solutions to most UK business sectors.
Our Data Protection Officer (DPO) / GDPR Owner and data protection representatives can be contacted directly here: (Accounts@SmartBusinessGroup.com) Tel: 01132 898 839.
2/ Scope
All data subjects whose personal data is collected, in line with the requirements of the GDPR.
3/ Responsibilities
The I.T Director is responsible for ensuring that this notice is made available to data subjects prior to Smart Business Group collecting and processing their personal data.
All Employees of Smart Business Group who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.
4/ The personal data we will collect from and process on you includes but it not limited to the following.
Personal data type: |
Source (where Smart Business Group obtained the personal data from if it has not been collected directly from you, the data subject): |
Name, Address, Asset Description (eg Vehicle Registration) |
The client |
Call recording and monitoring
|
We may monitor or record calls, emails, SMS messages or other communications for:
|
5/ How we obtain information
The majority of the Personal Data which we process will be collected directly from you. Your information is made up of all the financial and personal information we collect and hold about you and your transactions. It includes:
- information you give us;
- information that we receive from third parties – including third parties who we provide services to you and us, and financial institutions (where permitted by law);
- information that we gather from the technology which you use to access our services (for example an IP address or telephone number) and how you use it
6/ The personal data we collect will be used for the following purposes:
- to enable correspondence with you, your agents, legal and other professional advisers, attorneys, and such other representatives appointed to act on your behalf in relation to transactions to be considered or entered into between you and Smart Business Group via email, phone, mail, or other means of communication;
- to produce legal documentation for transactions between you and Smart Asset Finance;
- to make payments of sums due under legal transaction documentation entered into between you and Smart Business Group
- to comply with legal requirements,
- to address any complaints, investigate, review, and conclude any complaints made;
- to protect Smart Business Group confidential and proprietary information, and intellectual property;
- to prevent fraud against you, third parties or Smart Business Group if a business transfer or change of ownership occurs or is planned
7/ Legitimate Interests
There are certain circumstances where we process your personal data for our legitimate business interests. These can be commercial or societal benefits and in order for us to process your data, we will always balance our interests against your own to ensure it is fair.
The following processes rely on legitimate interest:
- Fraud detection and prevention
- Engaging and contacting you throughout the lifecycle of your finance agreement to ensure you have a good experience
- Internally auditing our processes to maintain our high standards
- Undertaking market research, product development and statistical purposes
- Sharing data with selected third parties in order to add value to our products
This list is not exhaustive, and we may undertake additional processing of Personal Data in line with the purposes set out above. We will update this Privacy Notice from time to time to reflect any notable changes in the purposes for which it processes your Personal Data.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
8/ When data is collected
We will collect your personal data when:
- You make customer enquiries
- You register for information or other services
- You respond to communications or surveys
- We require additional information from you for validation purposes
9/ How your data is used
- Fraud prevention and detection
- Verifying your identity when required
- Undertaking market research, product development and statistical purposes
- For assessment and analysis to enable us to review, develop and improve the services which we offer and to enable us to provide you and other customers with relevant information.
10/ Who has access to your data
Apart from us, other companies that may have access to your data include:
Companies or associates that are used to enable the finance of the asset. These will primarily be the financiers used to facilitate the funding.
11/ Disclosure
We will endeavour to treat your personal data as private and confidential.
We would like to bring to your attention to our obligations to disclose data in the following four exceptional cases permitted by law, and the other situations set out below. These are:
- Where we are legally compelled to do so
- Where there is a duty to the public to disclose
- Where disclosure is required to protect our interest
- Where disclosure is made at your request or with your consent
If you make a complaint about the service we have provided, we may be obliged to forward details about your complaint, including your personal data, to the relevant ombudsman. You can be assured that they are similarly obliged to adhere to the Data Protection Act and keep your personal data strictly confidential.
12/ Retention period
Your personal data will be kept for as long as we require it in order to provide you with the agreed product(s) or service(s). It will continue to be retained after any account, policy or service has been closed or otherwise come to an end in line with our legal and regulatory requirements, this information is used for reporting/ tending within the business.
Generally Smart Business Group will store the personal data collected for 7 years.
13/ Your rights as a data subject
You have a number of rights as a data subject. Please note that these rights do not apply in all circumstances.
14/ Request your data
In order to access the data, we hold about you, you need to make a ‘Data Subject Access Request’, or DSAR. To make a SAR please email us at: Accounts@SmartBusinessGroup.com / Tel: 01132 898 839.
Please provide:
1. Your name, address, policy/claim number and what information you would like.
2. Identification documents; one which shows your name and signature (e.g., a copy of your passport) and one which shows your Name and Address (e.g., a copy of a recent bill or bank statement or other official document). We will accept just one identification document if it shows your name, address, and signature such as a copy of your driving license. (This is to take reasonable steps to confirm your identity before providing you with details of any personal information we may hold about you.)
Once we have received your request and identification documents, we will have one month to fulfil your request. Where for some reason this will not be possible, for instance due to large volumes of data being involved, we are permitted by law to take up to an additional two months to fulfil your request. Where any such delay is anticipated we will inform you of this as soon as possible along with details of when we expect to be able to provide you with the requested documentation.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing
- Right of portability – you have the right to have the data we hold about you transferred to another organisation
- Right to object – you have the right to object to certain types of processing such as direct marketing
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling
- Right to judicial review: in the event that Organisation Name refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in complaints section below
All of the above requests will be forwarded on should there be a third party involved (as stated above) in the processing of your personal data.
No fee usually required.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
15/ Complaints
In the event that you wish to make a complaint about how your personal data is being processed by [Smart Business Group] (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Smart Asset Finance’s data protection representatives Data Protection Officer (DPO) / GDPR Owner.
The contacts are: Accounts@SmartBusinessGroup.com / Tel: 01132 898 839.
If you have any complaints relating to the processing of your personal data, you also have the right to complain to the relevant Supervisor Authority. In the UK this is the Information Commissioner’s Office (ICO). They can be contacted at:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
16/ information Security
On our websites/ systems we protect any data you have given us by industry standard security to encrypt sensitive data in transit to our servers.
It may be necessary to transfer your personal data to other Group companies or service providers.
Please be aware that communications over the Internet, such as emails, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the Internet. We cannot accept responsibility for any unauthorised access, or loss of personal information, that is beyond our control.
Additionally, you can protect your system by installing anti-virus and running scans as recommended by the vendor. You should also run any security updates / patches you receive for your system from the supplier.
Never respond to unsolicited emails from unfamiliar sources. Such emails may be fraudulent and attempt to get you to provide your personal details.
17/ Changes to this Privacy Notice
This Privacy Notice was last updated on 27/10/2023. We reserve the right to make changes to this notice and you will be informed of any changes when you next visit our website.
From time to time, we may need to change the way we use your personal data. Where we believe you may not reasonably expect such a change, we will write to you. When we do so, you will have 60 days to object to the change but if we do not hear from you within that time you consent to that change.
Privacy Statement
Read more about how and why we use your data within the rest of this document
Personal data
Under the UK’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
How we use your information
This Privacy Notice tells you how we, Smart Asset Finance, will collect and use your personal data for profiling, complaints, subscriptions, operational decisions.
Why does Smart Business Group need to collect and store personal data?
In order for us to provide you and our clients with a service we need to collect personal data for the administration of payments by the asset funder. In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose, and does not constitute an invasion of your privacy. In terms of being contacted for marketing purposes Smart Business Group would contact you for additional consent
Will Smart Business Group share my personal data with anyone else?
We will pass your details to the lender for the administration of payments.
How will Smart Business Group use the personal data it collects about me?
Smart Business Group will process (collect, store and use) the information you provide in a manner compatible with the UK’s General Data Protection regulations. We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. Smart Business Group is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Under what circumstances will Smart Business Group contact me?
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
Can I find out the personal data that the organisation holds about me?
Smart Business Group at your request, can confirm what information we hold about you and how it is processed. If Smart Business Group does hold personal data about you, you can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU
- Contact details of the data protection officer, where applicable
- The purpose of the processing as well as the legal basis for processing
- If the processing is based on the legitimate interests of Smart Business Group or a third party, information about those interests
- The categories of personal data collected, stored and processed
- Recipient(s) or categories of recipients that the data is/will be disclosed to
- If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The UK and the EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information
- How long the data will be stored
- Details of your rights to correct, erase, restrict or object to such processing
- Information about your right to withdraw consent at any time
- How to lodge a complaint with the supervisory authority
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data
- The source of personal data if it wasn’t collected directly from you
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
Smart Business Group accepts the following forms of ID when information on your personal data is requested: Passport, driving licence, birth certificate, utility bill (from last 3 months).
Contact details of the Data Protection Officer (DPO) / GDPR Owner: The contacts are: Accounts@SmartBusinessGroup.com / Tel: 01132 898 839.