Privacy Policy

Your data privacy is very important to Capitalflow

PRIVACY STATEMENT
Updated 7 January 2021

Introduction

Your data privacy is very important to Capitalflow

When we refer to “we” or “us” in this document, it means Capitalflow and the Capitalflow Group as defined below:

(i) Capitalflow means Capitalflow Group DAC which is incorporated in Ireland with limited liability having its registered office at Second Floor, Block A, The Crescent Building,
Northwood Business Park, Santry, Dublin 9, D09 X8w3, with registered company number 574943; and

(ii) The Capitalflow Group means Capitalflow and all other member entities whose holding company is Capitalflow Holdings DAC. These members include:

  • Capitalflow DAC
  • Capitalflow (Asset Finance) DAC
  • Capitalflow AF1 DAC
  • Capitalflow AF2 DAC
  • Capitalflow (Commercial Real Estate) DAC
  • Capitalflow (Cre 1) DAC

Capitalflow is a group of financial services companies which provides invoice discounting, asset finance and property finance to local businesses.

We respect your right to privacy and comply with our obligations under the General Data Protection Regulation EU 2016/679 (“GDPR”), the Irish Data Protection Acts 1988-2018 and all other legislation that may apply to our processing of your personal data, including the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 when processing your personal data for marketing purposes (together “Data Protection Legislation”). The purpose of this Privacy Statement is to outline what personal data we process, how and why we process the data and what your rights are in respect of your personal data.

The statement has been written to provide you with clear and transparent information in an easy to understand format. To help with this, the statement is split into three sections:

 

  • PART A “SPECIFIC INFORMATION”: This contains different sections for each type of individual whose personal data we process, with each section providing information on how we process personal data specifically belonging to that type of individual. So to understand how we process your personal data, go to the section(s) that relates to you.
  • PART B “GENERAL INFORMATION”: This contains information about processing that is relevant to ALL individuals.
  • PART C “YOUR RIGHTS”: different sections for each type of individual whose personal data we process. For information on how we process your personal data, go to the section(s) that relates to you.

If you have any questions or queries about how we gather, store, share or use your personal data or if you wish to exercise any of your personal data rights, please contact our data protection officer:

 

Email:                  dataprotection@capitalflow.ie

Telephone:         +353 (0)1 5547350

Postal Address: Data Protection Officer, Second Floor, Block A, The Crescent Building, Northwood Business Park, Santry, Dublin 9, D09 X8w3

We will update this Privacy Statement from time to time. Any changes will be made available on https://www.capitalflow.ie/privacy-policy/ and, where appropriate, notified to you by written notice or e-mail.

 

PART A: Specific Processing Information

This notice applies to any personal data we receive from you, create or obtain from other sources and explains how it will be used by us.

It is important that you take the time to read the information detailed below for each category of relationship with Capitalflow so that you understand how we will use your personal data and your rights in relation to your personal data. 

For information specific to your relationship, please select the appropriate relationship category.

1. Applying for a job with us at Capitalflow

Information about you, including your personal data, is gathered when you apply for a job with us either directly or indirectly via employment agencies or online job websites. We also may obtain personal data indirectly from referees you nominate to us or from your professional social media profile link you provide to us as part of the job application.

Capitalflow will process and use all personal data included in your CV, job application correspondence and collected as part of the application process, including:

  • IDENTITY DATA, including your
  1. first name, surname, salutation;
  2. date of birth (if included on your CV);
  3. photographic identification, where your photograph is included on your CV;
  • CONTACT DATA, including your email address, personal address, telephone number(s);
  • PREFERENCES, in respect of the job you are applying for with Capitalflow;
  • OCCUPATIONAL, including
  • the name of your employer, your job title and department;
  • your employment and education history and any other information contained in a CV provided to us as part of a job application;
  • STATEMENTS ABOUT YOU, including
  • references we obtain from your nominated referees as part of a job application;
  • statements made as part of the interview and evaluation process when you apply for a job with us;
  • LOCATION, whereby, in the event of an interview in our offices, we can identify when you were on our premises by way of access/sign-in controls;

We process your personal data for the purpose of recruiting staff. This includes the following, which we deem necessary for the purposes of entering into an employment contract with you (i.e. assess your suitability to enter into the contract):

  1.  Identifying you and processing your job application;
  2. Verifying the information you provided and assessing your suitability for the role; 
  3. Making a decision on whether to offer you a job and the provision of feedback to you in relation to your application;

 We may also need to use your personal data for the purpose of satisfying our employment law obligations, in particular in relation to equality.

Your personal data will be shared to relevant staff within the Capitalflow Group but also to a limited number of third parties where it is necessary to do so, including:

  • To your nominated referees;
  • To third party companies or individuals who are providing recruitment services to us;
  • To statutory, regulatory, government or law enforcement bodies as required by law;

2. Asset Finance Customers
(Individuals And Sole Traders)

 

Where you, in the capacity as an individual or sole trader, are a prospective, existing or legacy asset finance customer of Capitalflow, this section relates to you.

We collect your personal data:

  • Directly from you. Examples include when you:
    1. Interact directly with us via telephone, email, post and/or in person;
    2. Submit inquiries and information via our website;
    3. Provide information as part of an inquiry about a credit facility from us;
    4. Obtain a credit facility from us and conduct transactions with us;
  • From third parties. Examples include collection from:
    1. Representatives, intermediaries or brokers acting on your behalf;
    2. Publicly available information. For example, from company registers (including the Companies Registration Office), press publications, electoral register, online search engines and related results;
    3. Third parties who provide services to you (e.g. legal advisors);
    4. Third parties who provide services to us including our advisors, suppliers and IT support providers;
    5. Introducers or common business associates who may pass on your details to us;
    6. Credit reference agencies (including the Irish Credit Bureau), credit registers (including the Central Credit Register) and fraud prevention agencies;
    7. Company and credit information databases, such as Vision-Net.ie and Experian.co.uk, which provide credit information on businesses and individuals, including information on directors, shareholdings, judgments, bankruptcies and more;
    8. Sanctions and politically exposed persons databases as part of our anti-money laundering practices; and
    9. Our banking providers, in the event that you make payments to us.

We will process and use all personal data included in your CV, job application correspondence and collected as part of the application process, including:

  • IDENTITY DATA, including your first name, surname, salutation, business name (sole trader), age, date of birth, marital status, homeowner confirmation, customer number, gender, photographic ID, signature;
  • CONTACT DATA, including your email address, business address (sole trader), personal address, billing address, telephone number(s);
  • PREFERENCES, in respect of the job you are applying for with us;
  • FINANCIAL, including bank account details, tax number, financial needs, income and expenditure details, credit history, credit ratings, vehicle details (make, model, registration, chassis/serial), photo, shareholding details, details of your Capitalflow and other (non-Capitalflow) hire-purchase and lease agreements, details of your Capitalflow and other (non-Capitalflow) personal guarantee(s), insolvency/bankruptcy details;
  • STATEMENTS AND OPINIONS about you as a potential or existing customer;
  • INTERACTIONS with Capitalflow staff by way of email or letter correspondence, minutes of meetings or otherwise.

 

We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed:  For the purposes of entering into and performing a hire-purchase or lease agreement, including:

    • Establishing your eligibility as a customer;
    • Processing the credit application and related forms;
    • Conducting financial, security and credit due diligence and reviews;
    • Contacting you on matters relating to the agreement;
    • Recovering debts you may owe us.
  • To enable us to comply with our legal, statutory and regulatory obligations. For example:
    • Supplying information to the Central Credit Register and using the Central Credit Register when considering credit applications, in accordance with the Credit Reporting Act 2013;
    • Establishing your identity in order to comply with legislation regarding the prevention of money laundering, fraud and terrorist financing;
    • Submitting returns to the Revenue Commissioners in order to comply with taxation legislation;
    • The preparation and audit of financial statements in compliance with company law;
    • Reporting and responding to requests from regulatory bodies, law enforcement agencies, the courts or otherwise;
  • To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights.

 

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:

  • To the Strategic Banking Corporation of Ireland (“SBCI”) where you wish to or have availed of Asset Finance products financed by the SBCI (“SBCI Scheme”). The personal data are shared with the SBCI for the purposes of:
    1. determining eligibility for the particular SBCI Scheme;
    2. anti-money laundering / financing of terrorism or fraud;
    3. Capitalflow and SBCI’s reporting functions in accordance with the Scheme; and
    4. conducting relevant surveys by or on behalf of the SBCI.

Such processing is undertaken pursuant to the SBCI’s statutory purposes and in relation to personal data that it obtains, the SBCI acts as data controller for the purposes of Data Protection Legislation. The SBCI may also disclose the information to its respective advisors, contracted parties, delegates and agents, and the SBCI’s own funders (details of which are available at: https://sbci.gov.ie/ ). For further information on how the SBCI handles personal data, including information about the applicant’s data protection rights (in respect of the SBCI) and the contact details of the SBCI’s data protection officer, please refer to the SBCI’s data protection statement which is available at https://sbci.gov.ie/.

  • To your authorised representative, broker or intermediary, to a third party who is providing services to you and any other third party you have provided us with authorisation to share with;
  • To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data;
  • To our bank when we are transacting with you;
  • To our clients and prospective clients where you have provided us with consent to do so;
  • Credit reference and rating agencies and registers, whose services we rely upon to protect our interests. For example, we share personal data with the Irish Credit Bureau who use it for their legitimate interests as detailed in their Fair Processing Notice at http://www.icb.ie/pdf/Fair Processing Notice.pdf.
  • To statutory, regulatory, government or law enforcement bodies as required by law. For example, we transmit personal data to the Central Credit Register to comply with our legal obligations under the Credit Reporting Act 2013;
  • Insurance providers, including insurance underwriters, coverholders, brokers, introducers, claims handlers and other such associated third parties;
  • To third parties in connection with a sale or purchase of assets by us;
  • To our funders as part of our credit management processes and funding processes;
  • To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us;
  • To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement; and
  • To other banks and third parties where there is suspicion of financial crime or where required by law to resolve misdirected third-party payments.

 

3. Email Marketing

If you are not a customer of ours, you may still opt in to receive marketing communications from us which we consider may be of interest to you. You will presented with an option to opt in for such communications via our website or social media online advertisements. If you are a customer of ours, have registered for an event of ours or have engaged with us about our products or services, we may send you marketing communications to you from time to time where we believe they may be of interest to you. If you wish to be removed from our list (opt-out), at any time, you can do so by clicking on the unsubscribe link at the bottom of each email communication you receive from us. You can also opt out by contacting us at marketing@capitalflow.ie

The personal data we use in order to manage our email marketing communications to you are:

  •  IDENTITY DATA, including your first name, surname, business name (if sole trader);
  • CONTACT DATA, being your email address; and
  • PREFERENCES, including your interest in our products and your marketing preferences.

 

Where you have opted-in to receive marketing communications from us, we will only use your personal data for this purpose based on the consent you have provided. You can withdraw your consent at any stage by opting out, as explained in section 4.1 above.  For existing customers, we send marketing communications in line with our legitimate interests to develop our relationship with you, provide information to you that may be of interest and to market our brand, product and service to you.  If you have opted-out, we will no longer issue marketing communications to you albeit we may need to retain your email address and opt-out preference data to ensure that your preference is recorded and upheld.

We only share your personal data with third parties where it is necessary to manage our marketing communications to you. Sharing occurs with a limited set of individuals and organisations and in limited circumstances as follows:

  • With the social media platforms where we have hosted our online advertisement and where you have opted-in to receive marketing communications from us; and
  • With Mailchimp as the third party software provider we use to store our marketing subscriber database.

 

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary. You will remain on our mailing list until such time when you unsubscribe. You can unsubscribe at any time by clicking the “unsubscribe” button within our emails, or by emailing us at marketing@capitalflow.ie.

4. Guarantors

 

This section relates to individuals who have provided a guarantee or indemnity to Cf in respect of a specific borrower’s indebtedness to Capitalflow.

In your capacity as a guarantor for a borrower’s debts to Capitalflow, we collect your personal data directly from you as part of the credit application process and the entrance into and performance of the guarantee contract. We also collect personal data indirectly from third party sources, examples of which include:

  • From the borrower;
  • From introducers or brokers;
  • From publicly available information. For example, from company registers (including the Companies Registration Office), press publications, trade directories and online search engines and related results.
  • From credit reference agencies (including the Irish Credit Bureau), credit registers (including the Central Credit Register) and fraud prevention agencies; and
  • Vision-Net.ie, which provides credit information on businesses and individuals, including information on directors, shareholdings, judgments, bankruptcies and more.
  • Sanctions and politically exposed persons databases as part of our anti-money laundering practices;
  • Third parties who provide services to you or the borrower (e.g. representatives, advisors, etc.);
  • Third parties who provide services to us including via our software providers, our advisors, our IT support providers;
  • Our banking providers, in the event that you make payments to us.

 

The personal data we process is limited to what is necessary to enter and manage the guarantor agreement and relationship with you, including:

  • IDENTITY DATA, including your first name, surname, salutation, business name (sole trader), photographic ID, signature;
  • CONTACT DATA, including your email address, business address (sole trader), personal address, telephone number(s);
  • OCCUPATIONAL, including, your employer name, your job title, your department;
  • FINANCIAL, including your salary and related employment details, asset and liability information, income and expenditure details;
  • INTERACTIONS with Capitalflow staff by way of email or letter correspondence, minutes of meetings or otherwise.

 

We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed:

  • For the purposes of entering into and performing a guarantor contract, including:
    • Establishing your eligibility as a guarantor;
    • Processing the credit application and related guarantor forms;
    • Conducting financial, security and credit due diligence and reviews;
    • Contacting you on matters relating to the guarantee;
    • Recovering debts you may owe us.

   

  • To enable us to comply with our legal, statutory and regulatory obligations. For example:
    • Supplying information to the Central Credit Register and using the Central Credit Register when considering credit applications, in accordance with the Credit Reporting Act 2013 (where applicable);
    • Establishing your identity in order to comply with legislation regarding the prevention of money laundering, fraud and terrorist financing;
    • The preparation and audit of financial statements in compliance with company law;
    • Reporting and responding to requests from regulatory bodies, law enforcement agencies, the courts or otherwise;
  • To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights.

 

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:

  • To the borrower’s or your authorised representative, broker or intermediary, to a third party who is providing services to the borrower or you and any other third party the borrower has or you have provided us with authorisation to share with;
  • To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data;
  • Credit reference and rating agencies and registers, whose services we rely upon to protect our interests. For example, we share personal data with the Irish Credit Bureau who use it for their legitimate interests as detailed in their Fair Processing Notice at http://www.icb.ie/pdf/Fair Processing Notice.pdf.
  • To statutory, regulatory, government or law enforcement bodies as required by law. For example, we transmit personal data to the Central Credit Register to comply with our legal obligations under the Credit Reporting Act 2013;
  • Insurance providers, including insurance underwriters, coverholders, brokers, introducers, claims handlers and other such associated third parties;
  • To third parties in connection with a sale or purchase of assets by us;
  • To our funders as part of our credit management processes and funding processes;
  • To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us;
  • To the Strategic Banking Corporation of Ireland (“SBCI”) where the borrower wishes to or has availed of Asset Finance products financed by the SBCI (“SBCI Scheme”). The personal data are shared with the SBCI for the purposes of:
    1. determining eligibility for the particular SBCI Scheme;
    2. anti-money laundering / financing of terrorism or fraud;
    3. Capitalflow and SBCI’s reporting functions in accordance with the Scheme; and
    4. conducting relevant surveys by or on behalf of the SBCI.

Such processing is undertaken pursuant to the SBCI’s statutory purposes and in relation to personal data that it obtains, the SBCI acts as data controller for the purposes of Data Protection Legislation. The SBCI may also disclose the information to its respective advisors, contracted parties, delegates and agents, and the SBCI’s own funders (details of which are available at: https://sbci.gov.ie/ ). For further information on how the SBCI handles personal data, including information about the applicant’s data protection rights (in respect of the SBCI) and the contact details of the SBCI’s data protection officer, please refer to the SBCI’s data protection statement which is available at https://sbci.gov.ie/.

  • To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement; and
  • To other banks and third parties where there is suspicion of financial crime or where required by law to resolve misdirected third-party payments.

 

5. Individuals Connected
To Corporate Customers

 

In our business to business relationships with companies or organisations that are potential, existing or legacy Capitalflow customers (“Corporate Customers”), we will process some personal data belonging to individuals who are connected to those Corporate Customers in the capacity of an employee, director, shareholder, authorised signatories, power of attorney holders, business associate, promoter, broker, introducer, pension trustee, pension advisor, trust beneficiary or otherwise. If you fall into this category, this section relates to you.

We gather your personal data from both direct and indirect sources:

  • Directly from you. Examples include when you, on behalf of the Corporate Customer:
    1. Interact directly with us via telephone, email, post and/or in person;
    2. Submit inquiries and information via our website;
    3. Provide information as part of an inquiry about a credit facility from us;
    4. Obtain a credit facility from us and conduct transactions with us;
  • From third parties. Examples include collection from:
    1. the Corporate Customer;
    2. Representatives, intermediaries or brokers acting on behalf of the Corporate Customer;
    3. Publicly available information. For example, from company registers (including the Companies Registration Office), press publications, electoral register, online search engines and related results.
    4. Third parties who provide services to the Corporate Customer (e.g. legal advisors) and who are authorised representatives of the Corporate Customer.
    5. Third parties who provide services to us including via our software providers’ platforms (e.g. invoice discounting customer portal), our advisors, our suppliers, our IT support providers;
    6. Introducers or common business associates who may pass on your details to us;
    7. Credit reference agencies (including the Irish Credit Bureau), credit registers (including the Central Credit Register) and fraud prevention agencies (directors and shareholders only);
    8. Company and credit information databases, such as Vision-Net.ie and Experian.co.uk, which provide credit information on businesses and individuals, including information on directors, shareholdings, judgments, bankruptcies and more (directors and shareholders only); and
    9. Sanctions and politically exposed persons databases as part of our anti-money laundering practices.

 

As you are acting on behalf of Your Organisation and not a personal capacity, the personal data we use for the business to business relationship is limited and includes:

  • IDENTITY DATA, including:
    • your first name, surname, salutation, signature, age and, for directors only, marital status and homeowner confirmation;
    • date of birth (directors, shareholders, authorised signatories and ultimate beneficial owners only);
    • photographic and other identification documents (directors, shareholders, authorised signatories and ultimate beneficial owners only);
    • photograph and/or video imagery (where you provide consent for us to feature such personal data for marketing purposes);
  • CONTACT DATA, including your personal address (directors, shareholders, authorised signatories and ultimate beneficial owners only), your business email address, business telephone number(s);
  • RELATIONSHIPS, including family, social and business relationship where relevant as part of the credit assessment process;
  • OCCUPATIONAL, including
    • the name of your employer, your job title;
    • career information, directorship information.
  • FINANCIAL, including, where relevant, financial position details, insolvency details, bankruptcy details, credit rating, judgment details.
  • OPINIONS, where you consent to provide testimonials or references.
  • STATEMENTS ABOUT YOU, where relevant as part of the credit assessment process;
  • INTERACTIONS with Capitalflow staff by way of email or letter correspondence, minutes of meetings or otherwise;
  • PREFERENCES, regarding the marketing communications you wish to receive from Capitalflow.

 

We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed:  

  • To facilitate our legitimate interests to identify new business opportunities, develop enquiries, generate new business leads and develop a business relationship with you and the Corporate Customer;
  • For the purposes of entering into and performing a contract with the Corporate Customer, including:
    • Establishing the Corporate Customer’s eligibility;
    • Processing the credit application;
    • Conducting financial, security and credit due diligence and reviews of the Corporate Customer;
    • Contacting you on matters relating to the contract;
    • Recovering debts the Corporate Customer may owe us.
  • To enable us to comply with our legal, statutory and regulatory obligations. For example:
    • Conducting anti-money laundering checks on beneficial owners of the Corporate Customer;
    • The preparation and audit of financial statements in compliance with company law;
    • Reporting and responding to requests from regulatory bodies, law enforcement agencies, the courts or otherwise;
  • To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights.
  • To provide you with, on a legitimate interest basis, direct marketing information about products, events and news that we believe are of relevant interest to the Corporate Customer. You can opt-out of receiving such communications at any time by emailing info@capitalflow.ie
  • Where you have provided us with consent to use your personal data for marketing or referral purposes.

 

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:

  • To authorised representatives, brokers, intermediaries and to third parties providing services to the Corporate Customer;
  • To third parties who are providing services to us to enable us to manage the relationship with the Corporate Customer. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data;
  • To statutory, regulatory, government or law enforcement bodies as required by law;
  • To third parties in connection with a sale or purchase of assets by us;
  • To our funders as part of our credit management processes and funding processes;
  • To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us;
  • To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement;
  • To the Strategic Banking Corporation of Ireland (“SBCI”) where the Corporate Customer wishes to or has availed of Asset Finance prod