We understand that your privacy is important to you and that you care about how your information is used and shared online. We respect and value the privacy of everyone who visits our website at www.TradeRiverfinance.com and our platform at www.stepsapp.com and will only collect and use information in ways that are useful to you and in a manner consistent with your rights and our obligations under the law.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
1. WHO WE ARE
Here are the details that the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, known as General Data Protection Regulation (“GDPR”) says we have to provide to you as a 'data controller'.
We are TradeRiver (UK) Limited, a company incorporated in the England and Wales, whose registered number is 07567967 and whose registered office is at 12th Floor, 6 New Street Square, London, EC4A 3BF and principal place of business is at Salisbury House, London Wall, London, EC2M 5QQ.
We respect your right to privacy and will only process personal information you in accordance with the Data Protection Legislation which for the purposes of this policy shall mean: (i) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the
UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998 and other applicable privacy laws.
If you have any questions about how we collect, store and use personal information, or if you have any other privacy-related questions, please contact us at firstname.lastname@example.org .
2. BUYER OR SELLER SPECIFIC INFORMATION
If you are, or are applying to be, a member of TradeRiver as a Buyer, this section 2 explains the type of personal information we collect about you and how we may store, use and disclose your information.
2.1 The personal information we collect about you:
(a) When you access or browse the Website and/or Platform (including when you submit personal information to us through data entry fields on the website) or apply to be a member of TradeRiver as a Buyer, and whilst you continue to be a member of TradeRiver, we will collect information from you, which may include the following information:
(i) your name and your business name;
(ii) your current and previous home postal addresses;
(iii) your business postal address;
(iv) your business phone, fax and e-mail details;
(v) your business bank or building society account details used to make payments on TradeRiver;
(vi) your date of birth
(vii) your passwords and security question answers;
(viii) comments you make on blogs and discussion forums on the Website;
(ix) correspondence with us by email and post;
(x) answers to questions we may require for identification purposes;
(xi) information provided in your application form;
(xii) details of your visits to our Platform or Website and the resources you use;
(xiii) information about your computer (e.g. your IP address, browser, operating system, etc.) for system administration;
(xiv) Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences; and
(xv) any other applicable data about your activities using TradeRiver.
(b) If you give us false or inaccurate information, either directly or through an agent, and we suspect or identify fraud, we will record this.
(c) If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when: checking details on applications for credit and credit related or other facilities managing credit and credit related accounts or facilities, recovering debt, checking details on proposals and claims for all types of insurance, checking details of job applicants and employees Please contact us using the details provided above if you want to receive details of the relevant fraud prevention agencies. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
(d) We may also collect anonymised details about visitors to the Website for the purposes of aggregate statistics or reporting purposes and to calculate referral fees. However, no single individual will be identifiable from the anonymised details we collect or disclose for these purposes.
(e) We will check information about you held on our own records and also obtain information from credit reference agencies about you and your business partners’ personal credit behaviour and personal credit accounts if you are proprietors of a small business and are directors of that business, your business accounts, identity information on beneficial owners of the business, your business partners personal accounts (if they are a director). If you are a director, we will seek confirmation that the residential address you provide is the same as that shown on the restricted register of directors usual address at Companies House.
(f) We will also search at fraud prevention agencies for information on your business, you, your personal financial partner (if they are a director), your business partners, beneficial owners and your addresses.
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
(a) you have given consent to the processing of your personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which we are subject;
(d) processing is necessary to protect the vital interests of you or of another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and/or
(f) processing is necessary for the purposes of the legitimate interests pursued by us or by a third party such as our financial payments, except where such interests are overridden by the fundamental rights and freedoms of the data subject.
2.2 If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
2.3 How we may store, use and disclose your information
(a) We (or third party data processors, agents and sub-contractors acting on our behalf) may collect, store and use your personal information for the following purposes:
(i) to assess your application for credit, including by using scoring methods;
(ii) to check details on applications for credit and credit related and other facilities;
(iii) to verify your identity in order to prevent and detect crime and money laundering, including by using scoring methods;
(iv) to manage your TradeRiver account with us and update the records we hold about you from time to time;
(v) to provide and administer the TradeRiver Platform and services;
(vi) to identify fraud;
(vii) if you do not repay money you have borrowed, to trace your whereabouts and recover debts or enforce a Payment Obligation;
(viii) to carry out statistical analysis and market research;
(ix) to carry out regulatory checks;
(x) to develop and improve our services and products;
(xi) to make this Website and Platform available to you;
(xii) where you have given us your consent, to contact you (including by SMS and e-mail) with products and services which we think may interest you;
(b) You will be given the opportunity to opt-in to provide your consent, but, if you don't want to be contacted for marketing purposes or no longer wish to provide your consent, you may either opt out by contacting us at the following email address email@example.com .
(c) If you don’t want us to use your personal data for any of the other reasons set out in this section, you can let us know at any time by contacting us at firstname.lastname@example.org and we will delete your data from our systems. However, you acknowledge this will limit our ability to provide the best possible services to you.
(d) In some cases, the collection of personal data may be a statutory or contractual requirement, and we will be limited in the services we can provide you if you don’t provide your personal data in these cases.
(e) As identified above, we use different methods to collect data from and about you including direct interactions, automated interactions and third party sources.
(f) We may transfer your collected data to storage outside the European Economic Area (EEA). It may be processed outside the EEA to fulfil our contract with you.
If we do store or transfer data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA and under the GDPR. Such steps may include, but not be limited to, the use of legally binding contractual terms between us and any third parties we engage and the use of the EU-approved Model Contractual Arrangements. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
(g) By giving us your personal data, you agree to this arrangement. We will do what we reasonably can to keep your data secure.
(h) Any payments made to us in the provision of our services will be via bank transfers, which will be secure and subject to the bank’s security measures.
(i) If we give you a password, you must keep it confidential. Please don't share it. Although we try to provide protection, we cannot guarantee complete security for your data, and you take the risk that any sending of that data turns out to be not secure despite our efforts.
2.4 Disclosure of data
We may disclose your personal information as follows:
(a) Where we need to perform the contract we are about to enter into or have entered into with you;
(b) to credit reference agencies who will record information about your application, your business, you and your business partners. For the avoidance of doubt, we will not disclose any management account information you supply to us to credit reference agencies;
(c) to credit reference and fraud prevention agencies, where it will be recorded by them, and supplied to other organisations to perform similar checks, trace your whereabouts and recover debts you owe;
(d) we may provide information about your loans at TradeRiver and how you manage them to credit reference agencies, where it will be recorded by them, but we will not disclose information on your other loans outstanding that has been provided to us from credit reference agencies;
(e) we may provide information about other loans outstanding with TradeRiver lenders;
(f) to and via an organisation which provides a centralised matching service which it collects from mortgage and/or credit applications, for the purpose of preventing and detecting fraud;
(g) if you consent, to a reputable, licensed credit broker in the event that you apply to borrow money using TradeRiver and your application is declined, or the loan monies are otherwise unavailable and we reasonably believe that the credit broker may be able to help you obtain a loan;
(h) to other members of TradeRiver if required to enforce any Loan Contract. If we provide you with information about other TradeRiver members for this purpose then you must only use it to communicate with us about your Loan Contract;
(i) to our third party sub-contractors, including but not limited to payment processors and companies that assist us in carrying out identification and fraud checks;
(j) to a third party if it acquires all (or substantially all) of our business and/or assets in connection with the acquisition;
(k) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
(l) where we are required to do so by applicable law, by a governmental body or by a law enforcement agency.
(m) We will also provide transactional information to other members of TradeRiver but this information will not include your postal address or payment details. The name of your business will be used in the Key Contract Terms. We are not responsible for misuse of this transactional information by other TradeRiver members but you should let us know about any misuse of such information.
(n) We will not provide the following information to other TradeRiver members:
(i) addresses and personal details of directors;
(ii) ownership of different shareholders;
(iii) employee details;
(iv) contact numbers or email addresses of the business; and
(v) any other data used in the verification of the directors.
(o) We are also allowed to disclose your information in the following cases:
(i) If we want to sell our business, or our company, we can disclose it to the potential buyer.
(ii) We can disclose it to other businesses in our group.
(iii) We can disclose it if we have a legal obligation to do so, or in order to protect other people's property, safety or rights.
(iv) We can exchange information with others to protect against fraud or credit risks.
Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under GDPR and the law.
2.5 How we may store, use and disclose information provided to us about third parties
We may use information you provide to us about directors/business partners and shareholders of your business to verify their identity. We may also disclose information about your business partners and shareholders to credit reference agencies so you must be sure that you have their agreement to do this. Information on shareholders who are beneficial owners will be used and supplied to others only for the purpose of the performance of identity checks and with their specific consent.
2.6 Third Parties
As stated above, it may be necessary for us to contract with third parties on your behalf to enable us to supply our services to you. These may include IT services, search engine facilities, advertising and marketing, financial services. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
3. HOW WE STORE YOUR DATA
We only keep your data for as long as we need to in order to use it, and/or for as long as we have your permission to keep it. In any event, we will conduct an annual review to ascertain whether we need to keep your data. Your data will be deleted if we no longer need it in accordance with the terms of our Data Retention Policy.
Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our Website and our Platform.
Whilst we take appropriate technical and organisational measures to safeguard the personal information that you provide to us, we accept no liability if communications are intercepted by third parties or incorrectly delivered or not delivered.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. YOUR RIGHTS
When you submit information via our Website, you may be given options to restrict our use of your data. We aim to give you strong controls on our use of your data (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details AND/OR by sending your request to email@example.com ).
6.1 You have the following rights:
(a) the right to ask us to provide you with copies of personal information that we hold about you at any time;
(b) the right to ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge; and
(c) the right to opt out of any marketing communications that we may send you.
6.2 Furthermore, under the GDPR, you have the right to:
(a) request access to, deletion of or correction of, your personal data held by us at no cost to you;
(b) request that your personal data be transferred to another person (data portability);
(c) be informed of what data processing is taking place;
(d) restrict processing;
(e) to object to processing of your personal data; and
(f) complain to a supervisory authority 6.3 If you wish to exercise any of the above rights, please contact us using firstname.lastname@example.org .
7. THIRD PARTY SITES
8. CHANGE YOUR PURPOSE
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
10. DISPUTE RESOLUTION
10.2 If any such dispute cannot be settled amicably through ordinary negotiations between the parties, or either or both is or are unwilling to engage in this process, either party may propose to the other in writing that structured negotiations be entered into with the assistance of a fully accredited mediator before resorting to litigation.