Introduction

This Privacy Policy (“Policy”) describes how Fiduciam Nominees Limited, registered under the Data Protection Act 2018 (Act) with the Information Commissioner’s Office under registration reference ZA155195, and the Fiduciam Group (“Fiduciam” “we”, “us”, and “our”) collect, store and use Personal Data and/or other Confidential Data including information about borrowers, guarantors, brokers, intermediaries, sub-contractors, investors, clients, contacts, suppliers, employees and job applicants. Where the aforementioned are legal entities, we may collect, store and use information about their directors, shareholders and other beneficial owners.

This Policy intends to be an umbrella policy that shall be applicable to Fiduciam Nominees Limited and the Fiduciam Group in relation to their processing of Data in the context of their financing and direct lending activities, either as Data controllers or processors and in addition to any other potential policies applicable in any specific jurisdiction in which the Fiduciam Group operates.

This Policy is an important document. We recommend that you read it carefully and print and keep a copy for your future reference. When you instruct us, interact with us, or otherwise contact us, we will assume you agree to the uses of your Personal Data and Confidential Data described in this Policy according to the terms and conditions described herein.

Definitions

“Agreement” refers to a written document which sets out the terms and conditions of the engagement of/with a specific Fiduciam entity and which describes the services to be provided, including but not limited to a facility agreement, platform agreement, personal guarantee, non- disclosure agreement, engagement letter, security document, employment contract, etc. Such Agreement terms should be relied upon in determining liability for the services provided.

“Confidential Data” means non-public information relating to legal entities, assets, financial instruments, investments, activities, Agreements and which does not constitute Personal Data.

“Data” means Personal Data and Confidential Data. 

“Fiduciam Group” means the following entities:

    • Fiduciam Nominees Limited (Dutch Branch), with registered office at Parklaan 8, 3016, BB Rotterdam, Netherlands and appointed by Fiduciam Nominees Limited as its European representative.
    • Fiduciam España L., with registered office at Calle José Abascal 41, 28003, Madrid, Spain.
    • Fiduciam GmbH, with registered office at Platz der Einheit 2, 60327 Frankfurt am Main, registered at the Amtsgericht, Frankfurt am Main under HRB 114211, Germany.
    • Fiduciam Services Limited, with registered office at Josaron House, 5-7 John Prince’s Street, London, W1G 0JN, registered under the Data Protection Act 2018 (Act) with the Information Commissioner’s Office under registration reference ZA264098.
    • Fiduciam Limited, with registered office at Albert House, South Esplanade, St Peter Port, Guernsey, GY1 1AW, and registered under the Data Protection (Bailiwick of Guernsey) Law, 2001 with the Information Office of the Data Protection Commissioner under registration reference 50241.

“Personal Data” means any information relating to an identified or identifiable natural person.

“you” and “your” (and other similar terms) refer to our borrowers, guarantors, brokers, intermediaries, sub-contractors, investors, clients, contacts, suppliers, funding partners, directors, shareholders and ultimate beneficial owners where the aforementioned are legal entities, employees, job applicants and website visitors.

Our Principles

We are aware of our obligations under the European General Data Protection Regulation as amended (the GDPR), and the Data Protection Act 2018 as amended (the DPA), and shall always ensure that your Personal Data is processed in accordance with the following principles:

      • that Personal Data is processed lawfully and in a transparent manner;
      • that Personal Data will only be processed for the purposes for which it was collected;
      • that Personal Data we hold will be relevant and limited to the purpose for which they were processed;
      • that Personal Data will be processed accurately and where relevant be kept up to date;
      • that Personal Data will be kept no longer than is necessary (in our reasonable opinion); and
      • that Personal Data and Confidential Data shall be adequately secured and protected against loss, unauthorised access or processing, and destruction or damage.

Your rights

You are entitled to a number of rights in relation to the Personal Data that we hold about you.  You have the following rights in respect of your Personal Data:

      • to obtain access to your Personal Data;
      • to request us to rectify, supplement and update your Personal Data;
      • to the right to obtain information about the existence and processing of your Personal Data and to be informed of the contents and origin;
      • to object to us processing your Personal Data unless we have legitimate reasons (other than use simply based on your consent) to process your Personal Data;
      • to request us to erase your Personal Data unless we hold your Personal Data for legitimate reasons (other than simply based on your consent);
      • to object to us transmitting your Personal Data to another data controller unless such transmission is for legitimate reasons;
      • not to be subject to a decision which is based solely on automated processing, including profiling which would have an adverse impact on your situation;
      • where you granted us consent to collect and process your Personal Data, to withdraw such consent at any time you wish; and
      • to file a complaint with us and with the Information Commissioner’s Office which regulates the processing of personal data.

Please note that aforementioned rights are curtailed in following instances:

      • where your Personal Data are provided to us by a third-party data controller we may not be able to share them with you, rectify them and erase them, and in such circumstances we will refer you to such third-party data controller;
      • where we have a legitimate reason to hold your Personal Data, we cannot be obliged to stop processing and transmitting or to erase such Personal Data; and
      • where the exercise of any of the above rights would cause us to be in breach of the law or regulations (for instance in the case of anti-money laundering).

How long we will keep your Personal Data

We will hold your Personal Data for as long as the purpose exists increased by any minimum period as prescribed by law, regulations and regulatory guidance.  As of the date of this Policy, this means that we will keep:

      • Personal Data relating to our anti-money laundering and other regulatory obligations for a period of 5 years after the cessation of the business relationship;
      • Personal Data relating to any mortgage or other interest in land for a period of 12 years after the end of that mortgage or interest or the cessation of any claim in relation to them (whichever is longer); and
      • Personal Data relating to any other contract for a period of 6 years after the end of the contract or the cessation of any claim in relation to it (whichever is longer).

Prior to erasing the Personal Data, we may ask your consent to hold the Personal Data for a longer period if you may wish to obtain loans from us in the future.  Furthermore, we may hold Personal Data beyond the aforementioned time limits without your consent in case of a commercial dispute, ongoing litigation or investigation.

What Personal Data and other Confidential Data do we collect?

From our initial contact with you through to providing you with our services or working together in other ways, we may collect various data (including Personal Data) about you and/or the company on behalf of which you act. We may collect, store and use the following data:

      • Information you provide us with.  You may give us information about you by filling in forms or by corresponding with us by phone, e-mail, over the internet, during meetings or otherwise. This also includes information you provide when you register with us.  The information you give us may include your name, address, e-mail address, phone number, date of birth, nationality, passport or national ID number and expiry date, marital status, tax identification number, employment details, bank details, passwords, financial information, corporate information, financial income, personal assets and liabilities, bankruptcy history, court judgements, sensitive information such as medical information, credit history, references, credit reports, track record and CV, business plans, project descriptions, trading performance, shareholders, directors, partners and beneficial owners, correspondence, etc.
      • Information from third parties.  We may obtain information about you from third parties such as fraud prevention agencies, credit agencies, banks, public authorities, tax authorities, employers, referees, insolvency practitioners, debt advisors, tracing agents, accountants, RICS surveyors, intermediaries and brokers, consultants, commercial databases, the electoral register, publicly available information sources, other lenders, etc.
      • Information from technical sources.  We may obtain information about you by web scraping, algorithmic models, cookies and tracking (IP address and URL clickstream). To know more about the use of cookies and similar technologies. Please refer to our Cookie Policy here.
      • Information we generate about you, such as payment records, credit and risk opinions, contact history, communication monitoring and activity on our websites. 

How will we use Personal Data and other Confidential Data?

The ways in which we may use your Personal Data and other Confidential Data necessarily depends on the relationship you have with us. The list below (non-exhaustive) sets out the purposes for which we use your Personal Data and other Confidential Data, the principal categories of personal data processed and the applicable lawful bases:

PurposeData categoriesLegal basis
For contact and communication purposes as well as to manage our business contacts.Identification and contact Data.
    • The adoption of precontractual measures and performance of a contract.
    • Our legitimate interest in maintaining commercial relationship with our business contacts.
To provide our services, which may involve:
    • understanding your financial needs and interests;
    • assessing your loan application and credit profile;
    • better understanding your financial objectives;
    • evaluating your business track record;
    • evaluating your capacity to service the loan;
    • evaluating your business model;
    • opening and maintaining accounts;
    • evaluating your capacity to service the loan;
    • evaluating your guarantees; and
    • understanding your overall financial and business situation, as well as your credit track record and reputation.
Identification, contact, financial, business, loan, loan security, investment portfolio composition and transactional Data.
    • Performance of a contract.
    • Compliance with a legal obligation.
    • Our legitimate interest in evaluating the capacity of our customers before approving a loan.
To deal with suppliers, advisers, intermediaries and other professional experts, to manage internal administrative purposes which relate to the services Fiduciam offers to you, and to allow audits to be performed.Identification, contact, financial, business, loan, security, investment portfolio composition and transactional Data.
    • Performance of a contract.
    • Compliance with a legal obligation.
To comply with our legal, regulatory and internal obligations, which include:
    • anti-money laundering, counter- terrorist financing and anti-bribery regulations;
    • know-your-customer due diligences and practices;
    • tax, reporting and withholding obligations; and
    • obligations to share loan and loan performance data.
Identification, contact, financial, business, loan, security and transactional Data.
    • Compliance with a legal obligation.
    • Our legitimate interest in protecting the company against fraudulent practices.
To purchase, collect and recover debt, to collect Fiduciam’s fees, to recover costs, to make and receive payments, to service loans, to enforce loan provisions, to trace you in the case of a default, and to enforce on the loan security and/or your personal guarantee.Identification, contact, financial, business, loan, security and transactional Data.
    • Performance of a contract.
    • Our legitimate interest in managing debt, fees, and costs, enforcing contractual loan terms and exercising rights in respect of security.
To prevent fraud and to apprehend and prosecute offenders.Identification, contact, financial, loan, security and transactional Data.
    • Compliance with a legal obligation.
    • Our legitimate interest in protecting the company against fraudulent practices.
To take underwriting decisions on loans and value any loan security; to enable us to act as principal for any financial transaction including mortgage loans; and to make cross-verification to reduce risk.Identification, contact, financial, business, loan, security, investment portfolio composition and transactional Data.
    • Performance of a contract
    • Our legitimate interest in evaluating the risks involved in granting a loan, the recovery potential in case of a default of the loan and the nature of the borrower and/or sponsor.
To enable our funding partners to finance our loans, which may involve:
    • assessing the eligibility of our funding partners to join our platform;
    • providing loan participations to our funding partners;
    • enabling the assessment of credit risk and transactional terms and conditions by the funding partners;
    • to comply with the information standards imposed by the Loan Market Association in respect of loan sub- participations; and
    • to assist funding partners with their loan participations.
Identification, contact, financial, business, loan, security, investment portfolio composition and transactional Data.
    • The adoption of precontractual measures.
    • Performance of a contract.
To enable third parties to perform loan servicing, including on a standby basis, which may involve:
    • providing information about certain investors and borrowers; and
    • making available information about specific loan transactions.
Identification, financial, business, loan, security, investment portfolio composition and transactional Data.
    • Performance of a contract.
To obtain insurance, which may involve:
    • providing information to obtain insurance policies; and
    • informing the insurance providers of potential claims.
Identification, financial, business, loan, security, investment portfolio composition and transactional Data.
    • Performance of a contract.
    • Our legitimate interest in arranging and/or obtaining appropriate insurance.
For recruitment and selection purposes and to support and manage our staff.Identification, contact, national insurance, fiscal, medical and academic Data
    • Compliance with a legal obligation.
    • Performance of the employment contract.
    • Our legitimate interest in ensuring the integrity and appropriateness of staff.
For statistical analysis and improving our website.Technical Data and online identifiers.Our legitimate interest in analysing our services to improve them.
To handle complaints and enquiries.Identification and contact Data
    • Performance of a contract.
    • Our legitimate interest in dealing with complaints and enquiries.
To promote our services.Contact Data.Your consent.

Lawful basis

We are allowed to save and process your Personal Data on the following legal bases:

      • for the purposes of a contract;
      • to comply with a legal or regulatory obligation;
      • our legitimate interests; and
      • consent

Where we save and process your Personal Data for the purposes of a contract, these purposes include (but shall not be limited to):

      • the performance of the contractual arrangements with you, in particular the Agreements;
      • to adhere to our contractual obligations with our funding partners under the Loan Market Association sub-participation standards; to establish, exercise or defend our legal rights or for the purpose of legal proceedings; and
      • to comply with our contractual duties as a lender, security agent and trustee.

Where we save and process your Personal Data in order to comply with legal and regulatory obligations, these shall include (but not be limited to) all laws and regulations in respect of:

      • anti-money laundering;
      • counter terrorist financing;
      • anti bribery and corruption;
      • anti-tax evasion; and
      • to report to regulatory bodies and tax authorities.

Where we save and process your Personal Data for our legitimate interests, these shall include (but not be limited to):

      • the prevention of fraud;
      • to comply with our risk management, underwriting, loan servicing and other similar governance policies;
      • to report to regulatory bodies and tax authorities; and
      • to keep a contact database.

For processing operations in respect of Personal Data based on our legitimate interests, we have carried out a legitimate interest assessment to ensure that our interests are not prejudiced by your interests or fundamental rights and freedoms; you can request this assessment via the contacts listed at the end of this Privacy Policy.

Where we save and process your Personal Data based on consent, this shall typically be for:

      • marketing purposes; and
      • promotional purposes.

Potential borrowers: fraud prevention

If you are a potential borrower, you must be aware that it is a criminal offense to knowingly supply false information to obtain a loan.

Before we provide services or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process Personal Data.

The Personal Data you have provided, we have collected from you, or we have received from third parties, will be used to prevent fraud and money laundering, and to verify your identity. Where information is obtained from third parties, we shall ensure that at all times the source from which or the intermediary through which the information is provided  can be disclosed to you.

Details of the Personal Data that will be processed, for example include name, address, date of birth, address, contact details, financial information, tax information, employment details, device identifiers including IP address and personal identifiers.

We and fraud prevention agencies may also enable law enforcement agencies to access and use your Personal Data to detect, investigate and prevent crime.

We may run a search for similar loan applications you have made, as a potential borrower, to other lenders.  If fraud is suspected, we may share relevant details with those lenders.

Information we share with fraud protection agencies may be used by other entities such as lenders making financial or credit-related decisions about you.

Your Personal Data may also be used to check against the existing open accounts with other lenders to prevent and/or detect fraud.

Fraud prevention agencies can hold your personal data for different periods of time.

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you.

A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.

Who else may have access to your Personal Data and other Confidential Data?

We may need to share your Personal Data and other Confidential Data with third parties:

      • Authorities, including tax authorities, and regulators as required by law or regulation;
      • Our affiliates and subsidiaries to provide ancillary services. These entities will act as data processors, applying documented instructions from the controller.
      • Fraud prevention organisations and companies, credit reporting agencies and companies, anti-money laundering database providers, and similar organisations;
      • Our business partners, external service providers and professional subcontractors such as solicitors, surveyors, valuers, accountants, auditors, insurance underwriters and companies, software and IT sub-contractors, debt collectors, receivers, administrators and professional intermediaries. These third parties will follow documented instructions from the controller when processing your personal data.
      • Our funding partners, funding vehicles, banks, and their service providers and professional subcontractors.

These third parties may keep a record of your Personal Data and the other Confidential Data. We impose contractual obligations on these third parties to protect your Personal Data and the other Confidential Data.

Where you have provided us with Personal Data about other people

Where you provide information about other people, e.g., information about directors, partners, members, shareholders, or beneficial owners other than yourself then you confirm that you have their consent to provide us with such information, that they have read, understood and agreed to the terms of this Policy, including how we may use such information.

Monitoring for quality assurance and training

We strive to ensure that the services we deliver to our clients are of the highest possible standard. With this aim in mind, it may sometimes be necessary for us to monitor telephone and e-mail communications between you and our employees for the purpose of quality assurance and training or as otherwise permitted by law.

We will only ever conduct communications monitoring in compliance with applicable law, and will at all times continue to protect the confidentiality of your communications in accordance with this Policy.

International transfers of Personal Data

As described above, from time to time, we may need to transfer your Personal Data to affiliates and third parties that may have offices that are located in territories outside of the UK and outside of the European Economic Area (“EEA”), in order to provide you with the services required.

Where we transfer your Personal Data to another country outside the UK or EEA, we will ensure that it is protected and transferred in compliance with our legal obligations. Transfers outside of the UK or EEA may be achieved in one of the following ways:

      • the country that we send the EEA data to is approved by the European Commission as offering an adequate level of protection for Personal Data;
      • the country that we send the UK data to is approved by the UK Government as offering an adequate level of protection for Personal Data
      • the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your Personal Data; or
      • in other circumstances the law may permit us to otherwise transfer your Personal Data outside the EEA.

How we look after your Personal Data and other Confidential Data

We use a range of measures to keep your Personal Data safe and secure, which may include encryption and other forms of security. Fiduciam requires our staff and any third-party subcontractors to comply with appropriate data protection standards. Our employees receive periodic training in respect of data protection and must adhere to this Policy as well as our Data Protection Manual.  Unauthorised use or disclosure of Personal Data or Confidential Data by an employee may result in disciplinary measures.

Personal Data and Confidential Data may be processed by either automated or manual methods. Automated decisions will only ever be made if they are necessary for us to fulfil our contractual obligations, for legal reasons, or if you have provided consent and such processing is allowed under EU or national laws applicable to us.

We have put in place appropriate technical and organisational security measures, such as confidentiality agreements, to protect your Personal Data and other Confidential Data against unauthorised or unlawful use, and against accidental loss, damage or destruction.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to or from our sites; any transmission is at your own risk.

Questions, concerns, complaints and exercising your rights

UK Privacy Rights

If you have any questions, concerns or complaints about this Policy, about how we collect, store and use Personal Data and Confidential Data, if you wish further information explaining with which fraud prevention agencies we work, how data held by fraud prevention agencies may be used, or to exercise your rights set out in this Policy, please e-mail us at:

E-mail:  [email protected].

Mail:  Josaron House, 2nd Floor, 5-7 John Prince’s Street, London W1G 0JN

Telephone:  +44 203 290 1933

Our Privacy Officer is the first point of contact for supervisory authorities, employees and customers. You also have the right to complain to the Information Commissioner’s Office in the UK (click here) if you are protected by the DPA.

European Economic Area Privacy Rights

If you have any questions, concerns or complaints about this Policy, about how we collect, store and use Personal Data and Confidential Data, if you wish further information explaining with which fraud prevention agencies we work, how data held by fraud prevention agencies may be used, or to exercise your rights set out in this Policy, please e-mail us at:

E-mail: [email protected]

Mail: Parklaan 8, 3016, BB Rotterdam, the Netherlands.

Telephone: +31 (35) 799 4106

Fiduciam is not required to appoint a Data Protection Officer as per Article 37 of the GDPR and has instead appointed a Privacy Officer. Our Privacy Officer of Fiduciam Nominees Ltd (Dutch Branch) is responsible for any queries or complaints related to EU data. Our Privacy Officer is the first point of contact for supervisory authorities, employees and customers.

We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from our Privacy Officer, you may escalate concerns to our lead supervisory authority- Autoriteit Persoonsgegevens in Netherlands (click here) or the applicable privacy regulator in your jurisdiction.

Changes to our privacy policy

We reserve the right to modify this privacy statement or any part of it at any time and any changes will be posted on our websites.

November 2023