PRIVACY NOTICE

    1. Introduction
    2. The Group Companies
    3. What Kind of Personal Data Does Nucleus Collect and on Whom
    4. The Purposes for which we Use your Personal Data
    5. Disclosure of Your Information to Third Parties
    6. Marketing
    7. Overseas Transfers
    8. Your Legal Rights
    9. Complaints Policy
    10. Information Security and Encryption
    11. Policy Changes
    12. Glossary
    13. Cookie Policy
    14. CIFAS Data Processing Notice

    Introduction

    In the course of our business, Nucleus Commercial Finance (“Nucleus”) needs to collect and use certain personal data about living individuals, including past, present and prospective customers in order to run our business effectively and meet your customer requirements.

    The General Data Protection Regulation and the UK’s Data Protection Act are important laws governing the processing, including the use or holding, of personal data. They also give you, the individual, certain rights and remedies in respect of that personal data.

    Nucleus takes its responsibilities concerning the privacy, protection and security of the customers data rights extremely seriously. The purpose of this Privacy Policy (“Policy”) is to explain how the personal data we and our affiliated companies collect from you, or that you provide to us, will be processed by us.

    Terms under data protection law which are used in this Policy are defined in it or in the Glossary at the end of it.

    Nucleus has appointed a Data Protection Manager at a senior level with specific responsibility for day today matters of data protection, who acts as our contact point with the Information Commissioner’s Office (“ICO”). Please contact our Data Protection Manager, Simon Willmett, with any questions or concerns you may have about our use of personal data.

    Data Protection Manager Details

    Postal address: Data Protection Manager, Nucleus Commercial Finance Limited, Mezzanine Floor, St Albans House, 57-59 Haymarket, London SW1Y 4QX.

    Telephone number 0207 839 9442

    Email address: [email protected]

    Please read this Policy carefully to help you understand the approach we take to handling your personal data and the rights you have as an individual.

    All personal information given to us through this website will only be held and used in accordance with this Policy, the Privacy and Electronic Communications (E.C. Directive) Regulations 2003 (as amended), the General Data Protection Regulation (EU) 2016/679 or “GDPR” and before 25 May 2018 the Data Protection Act 1998, together with replacement, amending or supplementary laws or regulations relating to the protection of personal data.

    Go to Top

    The Group Companies

    Nucleus operates as part of a group of companies (“the Group”) within the UK and overseas and this Policy provides privacy information about how the Group collectively uses personal data. The Group companies will use personal data for their own purposes and will also share personal data between them, in each case as data controllers. This Policy explains how Group companies based in the European Economic Area (“EEA”) use and share personal data, including with Group companies based outside the EEA.

    The Group companies for the purposes of this Policy are:

    Nucleus Commercial Holdings Limited Registered in England and Wales with company number 09646728 Registered address Mezzanine Floor, St Albans House, 57-59 Haymarket, London SW1Y 4QX

    Nucleus Services Limited Registered in England and Wales with company number 09914635 Registered address Mezzanine Floor, St Albans House, 57-59 Haymarket, London SW1Y 4QX

    Nucleus Commercial Finance Limited Registered in England and Wales with company number 07829566 Registered address Mezzanine Floor, St Albans House, 57-59 Haymarket, London SW1Y 4QX

    Nucleus Commercial Finance1 Limited Registered in England and Wales with company number 08564200 Registered address Mezzanine Floor, St Albans House, 57-59 Haymarket, London SW1Y 4QX

    Nucleus Property Finance Limited Registered in England and Wales with company number 09747438 Registered address Mezzanine Floor, St Albans House, 57-59 Haymarket, London SW1Y 4QX

    Nucleus Property Finance2 Limited Registered in England and Wales with company number 10993690 Registered address Mezzanine Floor, St Albans House, 57-59 Haymarket, London SW1Y 4QX

    Nucleus Business Cash Advance Limited Registered in England and Wales with company number 10546776 Registered address Mezzanine Floor, St Albans House, 57-59 Haymarket, London SW1Y 4QX

    Nucleus Cash Flow Finance Limited Registered in England and Wales with company number 09990385 Registered address Mezzanine Floor, St Albans House, 57-59 Haymarket, London SW1Y 4QX

    From time to time, we may add additional legal entities to the Group and we will update our Policy to identify them when this happens. New entities will form part of the Group for purposes of this Policy and they will deal with your personal data on the same basis as other members of the Group.

    We share personal data on EU citizens with our contractor, Quantility Business Solution Private Limited (“Quantility”), a company incorporated in the Republic of India under corporate identification number U74999MH2016PTC280925, which provides administrative and other support to the Group companies. This Policy also provides privacy information for Quantility in relation to its processing of EU citizens’ personal data.

    Go to Top

    What Kind of Data Does Nucleus Collect and on Whom?

    We use different methods to collect personal data from and about you, including:

    • Direct interactions. You may give us your information by filling in forms, on the telephone, or by corresponding with us by post, fax, email or otherwise. This includes personal data you provide when you:
      • ask us to send information to you;
      • provide us (yourself or on behalf of an organisation) with goods or services or obtain products and services from us; or
      • provide us feedback or contact us about our products or services.
    • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
      • Directors, shareholders and employees at any business or organisation you are associated with;
      • Data brokers who are in the business of legally reselling or transferring personal data;
      • Brokers and Insurers;
      • Recruiters and recruitment agencies;
      • Credit reference agencies (“CRA”) (see Credit Reference Checks section below);
      • an Agency, for it and others searching its records to use to help make decisions about me/us, my associated businesses or household’s members;
      • service providers (including insurers, for underwriting purposes (who may pass it to persons they deal with and to users of their services and give Nucleus information and personal data from their own sources)), to help them carry out their services;
      • Electronic identity verification services;
      • The Land Registry;
      • Publicly-accessible sources, including websites.
      • any person giving (or potentially giving) a guarantee, indemnity or other commitment to Nucleus in relation to this matter, to assess their obligations to Nucleus;
      • bankers, financiers or other advisers acting on behalf of Nucleus, me/us or any organisation in relation to this matter, so that they can carry out their services to such persons;
      • to assess my/our financial position or consider offering facilities in relation to this matter; and
      • any person where Nucleus are allowed or required to do so by law.
    • Group companies. Group companies who obtain data in direct interactions with you or from third parties or publicly available sources may share your personal data with other members of the Group.

    We may collect, use, store and transfer different kinds of personal data about you. The personal data we collect will depend on the relationship you have with Nucleus.

    If you are:

    An employee of Nucleus, someone working with us under a contract for services, or someone who applies for employment or work with us, we will provide you with specific privacy information and ask for your consent to use your personal data. We will also collect the following information on you:

    • Identity Data including first name, last name, title, job title, role or similar identifier, and gender, as well as proof of identity and your right to work in the UK.
    • Contact Data which may include your address, email address and telephone numbers.
    • Financial Data to provide pay, benefits and conduct other financial transactions with you.

    A business contact, including persons who supply us with goods (including hiring things to us) or services and any contacts at a company or other organisation which does so, and clients or prospective clients (including contacts at companies or other organisations) to whom we supply or may in future wish to supply our products and services, as well as the customers and debtors of our clients, we may collect the following types of data on you:

    • Identity Data includes first name, last name, title, job title, role or similar identifier, and gender.
    • Contact Data includes your work address, email address and telephone numbers.
    • Financial Data if we supply or purchase goods and services to or from you as an individual (including some sole traders and partnerships), we may record and retain details of those transactions.

    A person associated with a customer or debtor of one of our clients, whose data may be relevant to the business you or your organisation does with our client, with contracts entered into, debts incurred or to be incurred or historic business transactions between you/your organisation and our client, and for preventing fraud and setting credit limits and availability, we may collect the following types of data on you:

    • Identity Data includes first name, last name, title, job title, role or similar identifier, and gender.
    • Contact Data includes your work address, email address and telephone numbers. Where you are personally a party to a transaction with us or with our client, we may obtain your home address.
    • Financial Data if our client supplies or purchase goods and services to or from you as an individual (including some sole traders and partnerships), or if you are involved in financial transactions with our client (e.g. as a guarantor) we may record and retain details of those transactions and may include bank statements, business accounts and any other financial documents provided by our client or you.

    A person associated with a supplier or other creditor of one of our clients, whose data may be relevant to the business you or your organisation does with our client or their obligations to you or your organisation, with contracts entered into, debts incurred or to be incurred or historic business transactions between you/your organisation and our client, and for preventing fraud and making payments on behalf of our clients from any facility they may from time to time have with us:

    • Identity Data includes first name, last name, title, job title, role or similar identifier, and gender.
    • Contact Data includes your work address, email address and telephone numbers. Where you are personally a party to a transaction with us or with our client, we may obtain your home address.
    • Financial Data if you are involved in financial transactions with our client (e.g. as a guarantor) or its creditor, we may record and retain details of those transactions including bank statements or any other financial documents provided by our client or you.

    If you are a director, officer, shareholder or proposed personal guarantor in relation to a facility with one of our clients, then ahead of entering into a customer agreement with you or with our client, we will as a matter of course undertake anti money-laundering checks and may conduct credit reference checks with third-party agencies. These checks are a crucial and necessary step Nucleus must undertake before we are able to enter into a contract with your organisation.

    When CRAs receive a search request from Nucleus they may:

    • place a credit search “footprint” on the consumer credit file of the Directors, officers, beneficial owners or those who financially guarantee obligations of a client or prospective client following each credit application, whether or not that application proceeds. The footprint may be seen by other organisations when the client or prospective client applies for credit in the future;
    • link together the previous and subsequent names advised by you of anyone that is a party to the account;
    • place an enquiry or identification search on the record of any shareholder or beneficial owner and who Nucleus has checked; and
    • create a record of the name and address of your business and its proprietors (if there is not one already).

    We will give details of all financial commitments of a client or prospective client to us or which we become aware of during our enquiries, and how those commitments are managed, to the CRAs. If you borrow and do not repay in full and on time, the CRAs will record the outstanding debt and, in some cases, the length of time that the debt remains outstanding; other organisations may see these updates and this may affect your ability to obtain credit in the future.

    Any records shared with CRAs will remain on file for six years after your account is closed, whether any outstanding sums have been settled by you or following a default. The CRAs are responsible for data held on their files and you should contact them with concerns regarding any information they hold or may hold on you.

    You can contact the CRAs currently operating in the UK. The information they hold may not be the same, so you may consider contacting them all. They will charge you a small statutory fee. They are:

    • Experian, Consumer Help Service, PO Box 8000, Nottingham NG80 7WF or call 0844 4818000 or log on to www.experian.co.uk
    • Creditsafe Business Solutions Limited, Bryn House Caerphilly Business Park, Van Road, Caerphilly, CF83 3GG, or call 02920 886 500

    If you fail to provide personal data

    Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested:

    • We may not offer your organisation a facility and if your organisation is an existing client, it may be placed in breach of the terms of a finance agreement with us
    • If you have personally guaranteed or been asked to personally guarantee obligations of a client or prospective client, we may not accept your guarantee, you may be placed in breach of your obligations under an existing guarantee, and in each case this may affect whether we will provide or continue providing finance to the client or prospective client, who may also be placed in breach of its obligations to us as a result
    • We may not be able to agree, enter in to or perform a contract we have or are trying to enter into with you, a client, or a person or organisation associated with you. Our client may also be placed in breach of the terms of a finance agreement with us
    • If you are an employee, contractor or applicant for a position with us, we may not be able to consider your application, provide you with pay or benefits, or administer a contract for services or contract of employment with you

    We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for (or any purpose which is not incompatible with those purposes), including for the purposes of satisfying any legal, accounting, or reporting requirements.

    Go to Top

    Purposes for Which We will Use your Personal Data

    We will only use your personal data when the law allows us to. Most commonly, we will use, analyse and assess your personal data in the following circumstances:

    • To provide you with information, products or services that you ask for;
    • To let you know about other products and services that we think you might be interested in (if you have said that you are happy to be contacted in this way);
    • to make financial risk assessments, prevent money laundering, fraud or other wrongdoing;
    • making payments to you and/ or your business;
    • recovering monies;
    • training, product and statistical analysis and development of new products;
    • protecting our interests (including the provision of the information to third parties retained by us for them to conduct their services for us);
    • To make a decision as the whether to extend credit to a client or prospective client, or whether to vary the terms of our agreements with a client;

    In obtaining or storing information about you we may:

    • Store and process information about you including on our computers and in any other way;
    • Search your record at a credit reference or fraud prevention agency of our choice. Details of our searches may be kept by such agency and may be seen by other organisations that makes searches with the agency;
    • Monitor and/ or record telephone conversations with you for training and/ or security purposes;
    • Approach you for market research or direct marketing purposes;
    • Seek and record any further information that we may require from any source, including banks for any of the purposes set out above;
    • Transfer such of the information that we may have to other members of a group of companies of which Nucleus is a part; to our financiers; to associates or persons acting on our behalf; to guarantors or indemnifiers and to businesses providing similar serves to those of Nucleus, all of whom may use such information for any of the purposes set out herein (including transfer within the group of companies). We shall, as far as we are able but without guarantee, seek to ensure that such financiers will always keep control of the information within the terms of this Policy.

    We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

    We do not use any fully automated decision-making process.

    Note that we may process your personal data on more than one lawful basis, depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

    Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
    To assess and make decisions about prospective clients who may wish to obtain financial products and services from us (a) Identity data (b) Contact data (c) Financial data (for credit purposes) (a) Performance of a contract with you (b) Necessary for our legitimate interests in promoting or providing our products and services to you or your organisation (c) Your consent
    To register you (or your employer or a person or entity to whom you provide services) as a new client. (a) Identity data (b) Contact data (c) Financial data (for credit purposes) (a) Performance of a contract with you (b) Necessary for our legitimate interests in promoting or providing our products and services to you or your organisation (c) Your consent
    To fulfil our contractual obligations to a client, to you or your organisation or to enforce your or your organisation’s obligations to us or to our client, including to (a) Manage payments, fees and charges (b) Collect and recover money owed to us (a) Identity data (b) Contact data (c) Financial data (d) Transaction data (a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)
    To manage our relationship with you which will include: (a) Notifying you about changes to our terms or Policy (b) Contacting you about products or services we obtain from or provide to you or your employer (a) Identity data (b) Contact data (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how our products/services are used and received)
    To administer and protect our business which may include: a) Financial risk assessment, preventing money laundering, fraud or other wrongdoing; b) Contacting credit reference agencies and making credit related decisions; c) Recovering monies and making payments to you and/ or your business. (a) Identity data (b) Contact data (a) Necessary for our legitimate interests (b) Necessary to comply with a legal obligation
    To administer a contract for services or contract of employment between us – we will provide you with further information about this when we collect information from you and during the course of our relationship) (a) Identity data (b) Contact data (c) Financial data (a) Performance of a contract with you (b) Necessary for our legitimate interests (to administer the economic relationship between us) (c) Necessary to comply with a legal obligation (related to your work or workplace or our obligations under the law in relation to these)

    We will also use personal data about you for marketing purposes. Further information is set out in the Marketing section of the Policy, below.

    Go to Top

    Disclosure of your Information to Third Parties

    We may have to share your personal data with the parties set out below for the purposes set out in the table above.

    • Organisations associated with fraud prevention
    • External Third Parties as set out in the Glossary.
    • Specific third parties listed in the table above.
    • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Notice.
    • We use third parties to store personal data.
    • We use a third party to host, manage and support our website. They therefore have access to any data that you submit via this website.

    We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

    Go to Top

    Marketing

    We may from time to time wish to contact you via email, telephone, letter or SMS in order to keep you informed about products, goods or services which may be of interest to you and to provide news and information about our business and that of any business within our Group.

    We may also provide you from time to time with information about products and services from selected third parties which may be of interest to you or your organisation.

    Where we send electronic marketing to an individual subscriber (under the Privacy and Electronic Communications Regulations (“Privacy Regulations”)), Nucleus will only do so where we have received explicit consent from you to do so and for each separate method of electronic communication.

    We are not required by law to obtain prior consent to send you marketing information if you have purchased products or services from us personally, or if we are contacting you at your organisation which is a “corporate subscriber” under the Privacy Regulations.

    You always have the right to refuse direct marketing communications directed to you personally. Should you wish to do so, please contact our Data Protection Manager.

    We may use your personal information and information about your computer (including, where available, your IP address, operating system and browser type) for market research and other marketing purposes such as announcements on our pricing, product launches, updates on the company, etc. We may also share your personal information with third parties for the purpose of conducting market research and running marketing campaigns. Third parties who process your personal data on our behalf are only permitted to do so in accordance with our instructions, which will have previously been agreed with yourself. We will take steps to ensure that the transfer and any on-going processing by those third parties is carried out securely and in accordance with applicable data protection and privacy laws and regulations. We also collect and retain:

    • copies of our correspondence with you as well as other data we collect relating to your activities on the website and your arrangements with Nucleus;
    • details about visitors to our website for the purposes of aggregating statistics or reporting purposes and to calculate referral fees; and
    • comments made on blogs and discussion forums in connection with the marketplace.

    Where you submit personal data to us using an online form, please ensure that you select the appropriate option on the form if you do not want your data to be used by us or selected third parties for marketing purposes. You can also notify us at any time if you do not wish your data to be used in this way. If you do not select the appropriate option, but wish to do so subsequently, please contact our Data Protection Manager so we can update our records.

    Go to Top

    Overseas Transfers

    We are part of a global Group of companies and, in order to support our business in the most efficient manner possible, we share infrastructure and functions across our business internationally. This means that we may transfer your personal data to, or your personal data may be accessible in, any location in which we do business.

    If your information is transferred to or accessible in a country which is not considered by the European Community to provide adequate protection for your rights and freedoms in relation to the processing of personal data (such as the USA), we will take alternative steps (as permitted by the GDPR) to ensure your information is adequately protected and that those transfers comply with data protection law.

    We may transfer your information to other countries, including those outside the European Economic Area, either for storage purposes or if we engage suppliers, sub-contractors or third-party data processors who are based or have operations overseas.

    In particular, our Group companies may transfer any personal data they hold or obtain from time to time related to prospective clients to Quantility. Quantility acts as both a data processor and data controller (for different purposes) to help review and assess data on prospective clients provided by the Group companies. Data processed by Quantility may be used to help one or more Group companies determine whether they wish to do business with a prospective client and on what terms.

    Our Group companies may also transfer to brokers and introducers personal data relating to prospective clients (as part of other data relating to them) to which they are or would be unable to offer facilities, to enable these brokers and introducers to identify and introduce alternative providers. These brokers and introducers will act as data controllers and some of these brokers may be located outside the EEA.

    Each Group company that

    1. shares personal data with Quantility provides adequate protection for the rights and freedoms of data subjects by entering into EU-approved model contracts with it as (i) a processor; and (ii) a controller, of personal data which is shared with it; and
    2. shares personal data with non-EEA brokers and introducers provides adequate protection for the rights and freedoms of data subjects by entering into EU-approved model contracts with each broker and introducer as a controller of personal data which is shared with it.

    Go to Top

    Your Rights

    You have the right to make a complaint about our use of your personal data at any time to the Information Commissioner’s Office (“ICO”). The ICO is the UK’s supervisory authority for data protection issues (www.ico.org.uk).

    If you do have a problem, question or concern about our use of your personal data, we would really appreciate the chance to try to help you before you approach the ICO, so please feel free to contact us in the first instance using the data protection compliance officer’s contact details above. You can contact us about data privacy issues in other ways, but if you contact the data protection compliance officer, that will make it much easier for us to help you.

    You have the right to:

    Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

    When we receive such a request we will endeavour to provide you with these details without delay and at the latest within one month of receipt. We may extend the period of compliance by a further two months where requests are complex or numerous. In such instances Nucleus will inform you within one month of the receipt of the request and explain why the extension is necessary.

    When Nucleus receives a subject access request we will provide a copy of the information held free of charge. Nucleus may charge a reasonable fee to comply with requests for further copies of the same information. This does not mean that we will charge for all subsequent access requests rather that the Nucleus reserves the right to charge a fee based on the administrative cost of providing the information.

    If the after reviewing a request the Data Protection Manager believes a request is manifestly unfounded or excessive, particularly if it is repetitive, then Nucleus may charge a ‘reasonable fee’ which will be decided on a case by case basis. In certain circumstances Nucleus may even refuse to respond to such requests.

    Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

    Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

    Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

    Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. You can exercise your right to prevent such processing by refraining from ticking certain boxes on the forms we use to collect your data whether that is on this website of via any other means. Alternatively, you can also exercise the right at any time by contacting us at [email protected]

    Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

    Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

    Go to Top

    Complaints Policy

    At Nucleus Commercial Finance we value your business and we want you to be entirely satisfied with the service you receive. If we make a mistake, or we fail to meet your expectations in some other way, we want the opportunity to put things right as quickly as we can. Furthermore, we will take steps, where appropriate, to prevent a recurrence.

    Contact details: 
    Complaints can be raised by any channel at any time. Please follow one of the steps below when making your first contact:

    By e-mail: You can e-mail [email protected] with details of your complaint.

    By post:
    Complaints Manager
    Nucleus Commercial Finance Limited, Mezzanine Floor, St Albans House, 57-59 Haymarket, London SW1Y 4QX.

  1. What to include: In order for us to help you the best way we can, we ask that you provide:
    • You full name, business address, phone number and email address
    • Your account number
    • Details of your complaint
    • What you would like us to do to resolve the issue

    Our complaints process: We will acknowledge your complaint within 3 working days of receipt and inform you of the steps we are taking to investigate it, or when you can expect a final response.

    We treat all complaints fairly and will aim to resolve your complaint as soon as possible within 5 working days.

    Where the complaint or problem is complex, we may need longer to look into the issue and ask you for more information.

    We will keep you updated on the progress of your complaint throughout the process and provide contact information for the complaint handler dealing with your case.

    If we have been unable to resolve your complaint within 8 weeks, have not sent you a final response within 8 weeks, or you are unhappy with the outcome of your complaint, you can ask the Financial Ombudsman Service (“FOS”) to carry out an independent review.

    The FOS can help with most complaints if you are:

    • A consumer
    • A business employing fewer than 10 persons that has an annual turnover that doesn’t exceed €2 million
    • A charity with an annual turnover of less than £1 million
    • A trustee of a trust with a net asset value of less than £1 million

    The contact details for the Financial Ombudsman Service are:

    The Financial Ombudsman Service, Exchange Tower, London, E14 9SR

    E-mail: [email protected]
    Website: www.financial-ombudsman.org.uk
    Telephone: 0800 023 4567

    FOS consumer leaflet

    Recording the Complaint
    Please note that, in accordance with its regulatory obligations, Nucleus Commercial Finance will compile a report of each complaint. These records will be retained for no less than three years from the date the complaint was received.

    Go to Top

    Information Security and Encryption

    Information that is transmitted via the internet is never completely secure.

    We have put suitable protection in place, however any transmission of personal data to us via the internet is at your own risk.

    Where necessary we use encryption to protect the integrity of data during submission.

    We also employ similar technologies and access control methods to keep any stored data secure.

    Go to Top

    Policy Changes

    Any changes to this Policy will be posted here and will take immediate effect.

    If you have any questions about this Policy or about our use of your personal details, then please contact the Data Protection Manager

    Go to Top

    Glossary

    “Personal data” means any information about an individual, held by a data controller, from which the controller can identify a specific, living person. It does not include data about a living person that the controller can’t identify.

    Some personal data falls into “Special Categories” under the GDPR and are given greater protection. These include any personal data revealing your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and information about your health, as well as genetic and biometric data. Information about criminal convictions and offences is also treated differently from ordinary personal data under the GDPR.

    ”Lawful Basis”

    There are a number of different lawful bases for processing your personal data under the GDPR. These include:

    Legitimate Interest means the legitimate interests of Nucleus or of a third party, including in conducting a business, which must be balanced against the effect of the processing of personal data on individuals’ rights and freedoms.

    In most cases where our legal basis for processing your personal data is a legitimate interest, this will be the legitimate interest of Nucleus, of members of its Group or our clients in conducting our and their business. In the case of Nucleus and its Group, this will be to provide financing in the most efficient and effective way we can. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests or those of others. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

    Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract.

    Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

    Protecting your vital interests applies where we would otherwise require your consent to use data, but you are physically or legally incapable of giving consent, and processing is to protect your interests – for example, to facilitate urgent medical treatment.

    ”Third Parties”

    External Third Parties

    These include our and our Group’s service providers, acting as data processors, based inside and outside the EEA who provide technical, financial, logistical, information technology, data storage or other support for our work.

    Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors, insolvency practitioners, and insurers based in the EEA and of it who provide consultancy, banking, legal, insurance and accounting services.

    HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances.

    Governments and public authorities in other countries where we carry out filming who require information on our crew and contributors.

    Go to Top

    Cookies Policy

    To enhance your experience on our site, our web pages use “cookies” to distinguish you from other users. If you use this website, then you accept that we can use the cookies set out below.

    1. What are cookies? Cookies are small data files that we place in your computer or mobile’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personal information unless you choose to provide this information to us by, for example, registering at one of our sites. Once you choose to provide a web page with personal information, this information may be linked to the data stored in the cookie. A cookie is like an identification card. It is unique to your computer and can only be read by the server that gave it to you.
    2. Why do we use cookies? We use cookies to understand site usage and to improve the content and offerings on our site. For example, we may use cookies to personalise your experience on our web pages and to provide you with a better service.
    3. What cookies do we use? We use the following cookies:
      • Strictly necessary cookies. These are cookies that are required for the operation of our sites. There is no way to prevent these cookies being set other than to not use our site or not use that particular feature.
      • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our sites when they are using it. This helps us to improve the way our sites work, for example, by ensuring that users are finding what they are looking for easily.
      • Functionality cookies. These are used to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences and improve your visit.
      • Targeting cookies. These cookies record your visit to our sites, the pages you have visited and the links you have followed. We will use this information to make our sites and the advertising displayed on them more relevant to your interests. We may also share this information with third parties for this purpose.

      Generally, cookies which are strictly necessary for the operation of the website will expire when you leave the website. Other cookies may be more permanent or not expire unless you actively delete them.

    4. How to reject cookies You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. Doing so however will likely limit the functionality of our and a large proportion of the world’s websites as cookies are a standard part of most modern websites. If you are unsure as to how to manage your cookies or require more information, we have provided the following links to the settings pages for the most commonly used web browsers:

    CIFAS Data Processing Notice – In the case of finance applications with Nucleus Cash Flow Finance Limited and Nucleus Cash Flow Finance2 Limited

    GENERAL

    1. Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.

    2. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.

    3. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.

    4. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

    5. We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.

    6. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

    AUTOMATED DECISIONS 

    7. As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details above.

    CONSEQUENCES OF PROCESSING

    8. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.

    9. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.

    DATA TRANSFERS

    10. Fraud Prevention agencies may allow the transfer of your personal data outside of the UK. This may be a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.

    YOUR RIGHTS

    11. Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.

    12. For more information or to exercise your data protection rights, please contact us using the contact details above.

    13. You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data.

    Go to Top

Wordpress Social Share Plugin powered by Ultimatelysocial