Home
Privacy statement

Privacy statement

Latest version 1 August 2025

1. WHO IS THE DATA CONTROLLER?

1.1 Swishfund Ltd is the controller and responsible for your personal data (collectively referred to as

"Swishfund", "we", "us" or "our" in this privacy policy.

1.2 Our registered office is C/O Azets, West Point, Lynch Wood, Peterborough, England, PE2 6FZ. Our company number is 11180668.

1.3 Our website can be found at: www.swishfund.co.uk

1.4 We are registered with the UK’s Information Commissioner's Office, with registration number

ZA324089.

1.5 We have appointed a data protection officer (DPO) who is responsible for overseeing questions in

relation to this privacy policy. If you have any questions about this privacy policy, including any requests

to exercise your legal rights, please contact the DPO either by writing.

2. WHAT IS PERSONAL DATA

2.1 Personal data, or personal information, means any information about an individual from which that

person can be identified.

3. WHY WE USE CUSTOMER’S PERSONAL INFORMATION

3.1 We use customers personal information for a variety of reasons related to our business activities,

including but not limited to:

3.1.1 processing an application for credit;

3.1.2 ascertaining a customer’s borrowing needs;

3.1.3 to make credit related decisions;

3.1.4 verifying a customer’s identity;

3.1.5 the administration and preparation of loan agreement and guarantees,

3.1.6 contacting customers to discuss their application and/or account;

3.1.7 transfer money;

3.1.8 trace your whereabouts and recover debts or enforce a loan contract or personal guarantee;

3.1.9 contact customers who have consented to receiving electronic marketing from with products

and services which we they may be interested in;

3.1.10 comply with our legal and regulatory obligations.

4. HOW WE COLLECT PERSONAL DATA AND WHAT WE COLLECT

4.1 We use different methods to collect data from and about customers including through:

4.1.1 Direct interactions. Customers may give us identity, contact and financial data such as personal details (including their date of birth), directorships and shareholdings. This includes personal data provided by customers when they:

• apply for our products or services;

• create an account on our website;

• request marketing to be sent;

• give us feedback or contact us, including call recordings when they speak to us over

the telephone

• information about the customers use of our website and; and

4.1.2 Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:

• Companies House;

• Credit Reference Agencies (CRAs), Fraud Prevention Agencies (FPAs) and tracing

agents

• Electoral Register

• Record of County Court Judgments

• Bankruptcy and Insolvency data;

• Financial Brokers

4.2 In addition, when a customer visits our website, we will collect information about their visit, such as

which pages they visited, how often they visit and any enquiry forms or similar interactive content they

complete.

We will also automatically collect the following information:

4.2.1 technical information, including the Internet protocol (IP) address used to connect the

customers device to the internet, their login information, browser type and version, time zone

setting, browser plug-in types and versions, operating system and platform; and

4.2.2 information about the customers visit, including the full Uniform Resource Locators (URL)

clickstream to, through and from our sites (including date and time); products you viewed or

searched for; page response times, download errors, length of visits to certain pages, page

interaction information (such as scrolling, clicks, and mouse-overs), and methods used to

browse away from the page. The customer can exercise control over some of this information, for example by adjusting their settings via their website browser. Please also see our cookies policy.

5.0 THE LEGAL BASIS FOR PROCESSING PERSONAL DATA

In most cases our use of customer information is necessary and is carried out on the following legal

grounds:

5.1.1 for the performance of a contract with a customer (such as the Company's loan agreement or

a personal guarantee they have provided);

5.1.2 where necessary for our legitimate business interests (such as the administration of our

business and managing our risks, and the provision, management and improvement of our

website, to make sure it is working properly); and

5.1.3 where necessary in order to comply with a legal obligation (for example making reports to our

regulatory authority or to law enforcement agencies).

5.2 Where our use of customer data is not necessary for one of the purposes outlined above, we may seek

the customer’s consent to use it in a particular way, for example if we want to send the customer

marketing information, ask them to provide feedback or they tell us about a change in their

circumstances.

5.3 Where we ask for a customer’s consent, the customer may refuse and can withdraw their consent at

any time, by contacting us on the details set out below in paragraph 13.

6. COLLECTING AND USING SENSITIVE INFORMATION

6.1 We always seek to be responsive to our customers individual needs. Sometimes a customer may

disclose some types of information to us which are classed as sensitive under the law. A common

example of this is information about the customers mental or physical health. Please see Chapter 10,

Vulnerable Persons, within our Collections Policy.

6.2 We will ask the customer for their consent to record this information. Not agreeing to us recording this

information may impact on our ability to make adjustments to their circumstances.

6.3 We collect this information so that we can treat our customers fairly and according to their needs and

rights.

6.4 Further information in respect of the data we collect from credit agencies can be found at Appendix 1.

7. WHO DO WE SHARE CUSTOMER INFORMATION WITH?

7.1 We may share our customers information with:

7.1.1 the broker who introduced the customer;

7.1.2 third party service providers, such as tracing agents, our legal advisors and our website

support;

7.1.3 CRAs and FPAs to which we may report positive, delinquent and default data about a

customers account(s) on a regular (minimum monthly) basis;

7.1.4 law enforcement agencies or regulatory bodies where we are required to do so;

7.1.5 other members of our group of companies, including our parent company in the Netherlands

which provides us with certain customer service, business administration and website support;

7.1.6 any purchaser or proposed purchaser of all or part of the same or their assets, together with

their professional advisors;

7.1.7 the customer or the customers third-party representatives (in line with the customers rights);

7.1.8 any person or persons seeking to acquire all or part of our business and/or assets and any

potential assignees of the customers credit agreement, along with their third-party advisors;

or

7.1.9 we believe, in good faith, that it is necessary to protect our rights, property, safety or

reputation or the rights, property, safety or reputation of any of our clients or partners.

7.2 Records remain on file with CRAs and FPAs for 6 years after they are closed, whether settled by the

customer or defaulted. This information may be supplied to other organisations which search the

customers credit record.

7.3 More information about CRAs and how they use personal information is available at

www.experian.co.uk/crain/index.html in a document called the Credit Reference Agency

Information Notice (also known as the "CRAIN").

7.4 The customer can also contact the agencies, using the below contact details:

7.4.1 Callcredit - Consumer Services Team, PO Box 491, Leeds, LS3 1WZ Tel: 0330 024 7579 or visit

www.callcredit.co.uk

7.4.2 Experian - Consumer Help Service, PO Box 8000, Nottingham, NG80 7WF Tel: 0870 241 6212

or visit www.experian.co.uk

7.5 The personal information we have collected from the customer will be shared with FPAs who will use it

to prevent fraud and money-laundering and to verify the customers identity.

7.6 If fraud is detected, the customer could be refused certain services, finance or employment. Further

details of how customer information will be used by us and fraud prevention agencies, and the

customers data protection rights, can be found here: https://www.cifas.org.uk/fpn.

8. WHERE IS YOUR INFORMATION STORED?

The information we collect about the customer will be held on our secure servers within the European

Economic Area (the EEA) and will not be transferred or stored outside the EEA.

9. DATA SECURITY

9.1 We implement appropriate technical and organisational measures to protect the security of customers

information and to prevent unauthorised access, including encryption, fire walls, data back-ups, policies

and procedures, access protocols, etc.

9.2 Unfortunately, transmission of information via the internet may never be completely secure and the

customer is encouraged to ensure when using our website, as with any other online services, that they

have appropriate protections in place (such as anti-virus software and an up-to-date web-browser).

9.3 We never ask for payment details (such as the customers account or card number) via email so if a

customer receive a suspicious email purporting to be from us, they are strongly encouraged to make

contact via email to info@swisfund.co.uk, or by phoning 0333 006 2333.

9.4 A customers use of our website is subject to our website’s terms of use which are available on our

website homepage: www.swishfund.co.uk/wp-content/uploads/2019/02/180717-Terms-And-

Conditions-Website-Swishfund-UK-1.pdf.

10. HOW LONG WILL INFORMATION BE KEPT?

10.1 We keep customer information for as long as it is needed to provide customers with the services they

have requested and, to the extent it is necessary for the protection of our legitimate interests (the

management of legal risks and administration of our business), for six years from the end of their credit

agreement with us (if they take out a loan).

10.2 Where customers partially complete an application or have an application declined, we will keep their

information for up to six years, so they can continue with the application at a later date, should they

choose to do so.

10.3 In some certain circumstances customers may ask us to delete their data. Please see Customers Rights

below.

11. CUSTOMERS’ RIGHTS

11.1 Customers have the following rights:

11.1.1 Right of access: They have a right to access the personal information we hold about themselves

and be told why we use it.

11.1.2 Right of rectification: They can ask us to correct or update their information to ensure it is

accurate and complete.

11.1.3 Right to erasure and right to restrict processing: They can ask us to stop processing and to

delete their data in certain circumstances (for example where it is processed with their

consent, or it is no longer necessary for us to process it).

11.1.4 Right to data portability: They have a right to ask us to provide them with information in a

form that suits them, and/or to provide their information to a third party.

11.1.5 Right to object: They have a right to object to our processing of their personal information.

11.1.6 Rights relating to profiling and automated decisions: They have a right not to be subject to

automated decisions which have a legal effect and to be protected by safeguards in respect of

any profiling.

11.1.7 Right to object to direct marketing: Where they are an individual and have consented to

receive direct marketing, they can change their mind at any time by contacting us or following

the directions in each message.

11.1.8 Rights in relation to CRAs: They have a right to be told which CRAs we have used and obtain a

copy of their file from CRAs.

11.2 Customers can exercise their above rights by contacting us directly via the information displayed on our

website.

11.3 You will not have to pay a fee to access your personal data (or to exercise any of the other rights).

However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

Alternatively, we could refuse to comply with your request in these circumstances.

11.4 We try to respond to all legitimate requests within one month. Occasionally it could take us longer than

a month if your request is particularly complex or you have made a number of requests. In this case,

we will notify you and keep you updated.

11.5 Further information is also available from the ICO's website: www.ico.org.uk.

12. CONTACT AND COMPLAINTS

12.1 If a customer has a question, wishes to exercise their rights or make a complaint about our use of their

information, they should be encouraged to do so, and can contact us using the details above, or by

sending an email to complaints@swishfund.co.uk.

12.2 Customers can also make a complaint to the ICO at the following: Wycliffe House, Water Lane,

Wilmslow, Cheshire SK9 5AF, by telephone on 0303 123 1113 or via their website: www.ico.org.uk.

13. AUTOMATED DECISION MAKING

We use automated decision-making and profiling techniques to automate decline applications.

14. UPDATES

14.1 Updates to this policy are published to this page on our website from time to time.

14.2 Where appropriate, we may also send updates by email.