Privacy Policy

Guiding Principles

Privacy Policy – Any information that you submit to us through our web site – whether through a survey, registration form or email – will be used exclusively by Primary Business Finance. We will use your personal information only for the specific reason for which you submitted it, (i.e., requesting a call back or information pack).

We will take every reasonable precaution to protect your personal information including encryption with SSL technology and passwords when appropriate. You will receive e-mail only for information that you have requested or as confirmation of information that you have submitted.

Information Collection & Use

Primary Business Finance is the sole owner of the information collected on this site. We will not sell, share, or rent this information to others in ways different from what is disclosed in this statement. Primary Business Finance does not sell any customer lists or e-mail addresses. your name may, however, disclose personal information if required to do so by law or in the good-faith belief that such action is necessary to

(a) conform to applicable law or comply with legal process served on;

(b) protect and defend the rights or property of, the web site, or the users; or

(c) act under exigent circumstances to protect the personal safety of users of, the web site, or the public.

Anonymous Information

In addition to the use of personal information, may also gather anonymous information which may be used by Primary Business Finance. Generally this information is collected through “traffic data” and may entail the use of Cookies and IP addresses or other computer related means.

Primary Business Finance uses such traffic data to help determine how our users use parts of the web site so we can analyse trends, administer the site, track user’s movement, and gather broad demographic information for aggregate use in order to deliver a better experience for you. IP addresses and other traffic data are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Primary Business Finance is not responsible for the privacy practices of these web sites. Primary Business Finance is not responsible for content provided on these sites or for the validity of content on these sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement applies solely to information collected by this web site.

Your Acceptance of these Terms

By using this site, you signify your acceptance of privacy policy. If you do not agree to this policy, please do not use our web site. Your continued use of following the posting of changes to these terms will mean you accept those changes.

Notification of Changes

If Primary Business Finance decides to change our privacy policy, we will post those changes prominently so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point decides to use personally identifiable information in a manner different from that stated at the time it was collected, users will be notified by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected. We do, however, recommend that you read this Privacy Policy each time you use our web site in case you missed our notice of changes to the Privacy Policy email.

For further information on Privacy Policies you can visit the ECAS website.


GDPR Update – Following the enforcement of the General Data Protection Regulation we provide the following information regarding our data collection.



Primary Business Finance Limited (PBF, we, us, our) is a specialist intermediary and consultant, which arranges debt finance solutions for business clients (Client(s)) sourced from funders for agreed purposes. Finance may be obtained for an array of purposes, both short and long term, however, PBF’s Clients are strictly businesses only, most typically Limited Companies. PBF does not operate in any FCA regulated areas and therefore does not arrange funding for individuals, sole traders and the like.

All PBF’s Clients are commercial businesses. As we interact with Clients, and any other third parties associated with these, including prospective funders, the vast majority of information we collect concerns the Client’s business operations. However, we will need to collect some personally identifiable information (Personal Data) relating to individual people connected with our Clients (Business Contact(s), you, your) that we need to contact.

We are registered with the Information Commissioner’s Office (ICO) as a data controller processing Personal Data for our business operations. Our registration number is ZA298293.

This Privacy Statement explains what Personal Data we collect, how we use/process it in our business operations, how we store and protect it, and for how long we keep it. It will also help you to understand what rights and choices you have relating to what we do with your Personal Data.


We collect and process Personal Data to enable us to conduct our activities and business operations for the benefit of our Clients.

We use publicly available sources to identify organisations, or private individuals, whose interests may align with ours.  We will contact them by direct marketing to see if they would consider using our services and to identify appropriate Business Contacts.

The information we collect relating to Business Contacts includes Personal Data such as:

  • Name;
  • Employer name;
  • Job title;
  • Phone number(s), email address(es);
  • Other business related details;
  • Home address;
  • Date of birth;
  • Financial information (where needed to perform our services).

Generally the information is obtained from:

  • Clients;
  • You;
  • Third parties connected with Clients;
  • Sources that Clients or you have authorised us to obtain information from;
  • Public sources (e.g. Client promotional material, professional networks, and media).

In addition, we may collect data from emails received (sender name, recipient name, date and time) and calendar systems (organiser name, participant name, date and time of event) concerning interactions between PBF and senders or third parties.

We also collect information during meetings with you, Clients or thirds parties connected with Clients.

This is information that we would be reasonably expected to obtain and store for businesses purposes.

We would not hold any Special Category data on you unless you had given us your explicit consent to do so.


Anyone acting on the Client’s behalf providing us with information on:

  • The Client’s business; must ensure they have the Client’s authority to do so;
  • Any individual connected to the Client’s business; must ensure they have the individual’s authority to do so.


We will use Client information and information about you for purposes including:

Purpose Example Lawful Basis
To make sure our marketing is relevant for recipients. Identifying contacts within an organisation or private individuals who might have an interest in our business activities. Our legitimate interest. Recipients would have a reasonable expectation of our doing this. The limited amount of information held for a Business Contact(s) presents negligible risk of harm to the individual.
To ensure that our Contacts List database is accurate. To maintain an up-to-date Contacts List. Our legal obligations under data protection laws. Data Subjects would have a reasonable expectation of our doing this.
To undertake initial direct marketing and subsequent marketing campaigns. To provide Clients/Business Contacts information about our services. Our legitimate interest. Business Contacts would have a reasonable expectation of our doing this.
To conduct market research surveys. We will obtain explicit consent for some communication channels and/or Special Category Data should it be required. Any Business Contact can choose to stop receiving our messages at any time using the various opt-out or unsubscribe methods we publicise in the messages issued.
Maintaining suppression lists. To meet your request to exercise your right to erasure (to be forgotten). Our legitimate interest in being able to comply with the Business Contact’s right to be forgotten.
Administering, managing and developing our business activities. To help us run and manage our business efficiently and understand how we can improve our activities (e.g. feedback surveys). Our legitimate interest. Business Contacts would have a reasonable expectation of our doing this.
Providing information to existing Clients/Business Contacts about changes in our activities.
To also use information in aggregate form (so that no individual Client/Business Contact is identified by name) to build up marketing profiles and aid strategic development.
To deliver our activities and services to Clients. To carry out the actions necessary to meet the Client’s project/contract objectives. To perform our contract with our Clients or suppliers. Business Contacts would have a reasonable expectation of our doing this.
To maintain records to confirm or evidence the outcome of activities.
To respond to enquiries, requests or complaints. To be able to respond appropriately and keep records of the correspondence. Our legitimate interest. To perform our contract with our Client or suppliers Business Contacts would have a reasonable expectation of our doing this.
To administer employee or member records. To run our business efficiently within legal requirements and to keep appropriate records. Our legal obligations and our legitimate interests. All Data Subjects would have a reasonable expectation of our doing this.
To meet any regulatory or legal requirements. These can vary dependent upon the Client’s project or any changes in future legal or regulatory requirements. Our legal obligations (including requests from regulators). To perform our contract with our Client and our legitimate interest.

We take measures to protect the information we hold from unauthorised or unlawful processing, accidental loss, destruction, damage or disclosure, and we will do our utmost to keep it secure.

We do not sell or otherwise release information to third parties for the purpose of allowing them to market their products and services without explicit consent from Clients, or you to do so.

If you have any concerns about the processing of your information, you have the right to object to processing that is based on our legitimate interests.  For more information on your rights, please see the “Explaining your rights” section below.

Please bear in mind that an objection by you may affect our ability to carry out the tasks above for the individual or the Client’s benefit.


Like most businesses and individuals, we store information on our own devices (PC/server/laptop/tablet/phone) and use cloud service providers for back-up services, remote access by authorised users and collaborative work, and for hosting email, CRM and website services.


We may share your information with you or other organisations in any of the following situations:

  • If you have given us explicit consent to do so.
  • If we sell or buy any business or assets (as we may share your data with the prospective seller or buyer).
  • If we, or substantially all of our assets, are acquired by another party, in which case your information will be one of the transferred assets.
  • With service providers, business partners, suppliers, sub-contractors for the performance of any contract we enter with them or you.
  • If we have to share your information to comply with legal or regulatory requirements, or to protect our rights, property or our Clients. This may involve exchanging information with other organisations for the purposes of preventing financial crime.


The information may be processed by our service providers at a destination outside the UK. We use well-known service providers (e.g. Dropbox, Pipedrive) who are fully aware of the need to satisfy the relevant data protection legislation for the UK, EEA and the USA. If you do not want your information to be transferred to or stored outside the UK, please contact us to let us know using the contact details in the “Contact Us” section at the end of this Privacy Statement.


Whilst we consider the amount, nature, and sensitivity of the Personal Data we hold to have a very low level of potential risk of harm from unauthorised or unlawful processing, accidental loss, destruction, damage or disclosure, we will do our utmost to keep it secure.

We have put in place security measures to deal with any suspected breach of security (e.g. Access security protocols, firewalls, encryption transmission).

We will notify you and any applicable regulator of a breach where we are legally required to do so.


Business Contact’s Personal Data will be kept for as long as we have, or need to keep a record of, a relationship with the Client, or as required by applicable law or regulation. However, we would expect to replace your contact details in our Contacts List with your successor’s details.

In the absence of specific legal, regulatory or contractual requirements, our baseline retention period for records and other documentary evidence created in the provision of services is 8 years. However, this may be extended from time to time depending on the specific requirements and/or finance facility delivered to a Client. Our destruction/archiving period is scheduled during April-June annually.

We consider the amount, nature, and sensitivity of the Personal Data we hold to have a very low level of potential risk of harm to you from unauthorised use or disclosure.


Data protection law gives you the following rights:

Withdraw consent: Where we are using your Personal Data on the basis of your consent, you have the right to withdraw that consent at any time.

Right to be informed: You have the right to be told how your Personal Data will be used. This Privacy Statement, and shorter summary statements used on our communications, are intended to be a clear and transparent description of how your data may be used.

Right of access: You can write to us asking what information we hold on you and to request a copy of that information.  This is called a Subject Access Request.  From 25th May 2018 we will have 30 days to respond to you once we are satisfied you have rights to see the requested records and we have successfully confirmed your identity.  Details on how to submit a Subject Access Request can be made available by emailing

Right of erasure: You have the right to be forgotten (i.e. to have your Personal Data deleted). However, we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you. In some cases, we may supress you from future communications, rather than data deletion.

Right of rectification: If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. This enables you to have any incomplete or inaccurate information we hold about you corrected.  We may need to verify the accuracy of the new data provided to us.

Right to restrict processing: In certain situations you have the right to ask for processing of your Personal Data to be restricted because there is some disagreement about its accuracy or legitimate usage.

Right to data portability: Where we are processing your Personal Data under your consent, the law allows you to request data portability from us to another service provider. As this right only applies where we use the information to perform a contract, or service with you this will not apply to most of our Business Contacts.

Right to object: You have an absolute right to stop the processing of your Personal Data for direct marketing purposes.  Simply contact using the details shown in the “Contact Us” section at the end of this Privacy Statement.

Right to object to automated decisions: In a situation where a data controller is using your Personal Data in a computerised model or algorithm to make decisions “that have a legal effect on you”, you have the right to object. However, we do not undertake this type of processing.


Please note:

  • If you do not agree to our keeping records of information about you, or if you do not allow us to use the information in the way we need, then we may not be able to deliver our services.
  • We can move our records between our computers and IT systems, as long as your details are protected from being seen by others without your permission.


If, for any reason, you have a complaint, please contact Neil Taylor, who is responsible for data protection matters, to discuss your concerns.

Following this, if you are still dissatisfied, you are able to contact the Information Commissioner’s Office directly at the contact details below.

Information Commissioner: Contact telephone: 0303 123 1113. Website: ICO website


Any changes we may make to our Privacy Statement in the future will be posted on this page. You should read the new terms and exercise your rights as described in the statement if you object to the changes.


If you have any queries about this Privacy Statement, please contact us using any of the below

  • Email:
  • Phone: 01763 299473
  • Post: 5 The Courtyard, Alswick, Buntingford, Hertfordshire, SG09 0AA