1.1 How we collect your personal data

Information about you, including your personal data, is gathered when you apply for a job with us either directly or indirectly via employment agencies or online job websites. We also may obtain personal data indirectly from referees you nominate to us or from your professional social media profile link you provide to us as part of the job application.

1.2 The Personal Data We Use

Capitalflow will process and use all personal data included in your CV, job application correspondence and collected as part of the application process, including: IDENTITY DATA, including your first name, surname, salutation; date of birth (if included on your CV); photographic identification, where your photograph is included on your CV; CONTACT DATA, including your email address, personal address, telephone number(s); PREFERENCES, in respect of the job you are applying for with Capitalflow; OCCUPATIONAL, including the name of your employer, your job title and department; your employment and education history and any other information contained in a CV provided to us as part of a job application; STATEMENTS ABOUT YOU, including references we obtain from your nominated referees as part of a job application; statements made as part of the interview and evaluation process when you apply for a job with us; LOCATION, whereby, in the event of an interview in our offices, we can identify when you were on our premises by way of access/sign-in controls;

1.3 The Purpose and Legal Basis For Processing Your Personal Data

We process your personal data for the purpose of recruiting staff. This includes the following, which we deem necessary for the purposes of entering into an employment contract with you (i.e. assess your suitability to enter into the contract): Identifying you and processing your job application; Verifying the information you provided and assessing your suitability for the role; Making a decision on whether to offer you a job and the provision of feedback to you in relation to your application; We may also need to use your personal data for the purpose of satisfying our employment law obligations, in particular in relation to equality.

1.4 Who We Share Your Personal Data With

Your personal data will be shared to relevant staff within the Capitalflow Group but also to a limited number of third parties where it is necessary to do so, including: To your nominated referees; To third party companies or individuals who are providing recruitment services to us; To statutory, regulatory, government or law enforcement bodies as required by law;

2.1. How we collect your personal data

We collect your personal data: Directly from you. Examples include when you: Interact directly with us via telephone, email, post and/or in person; Submit inquiries and information via our website; Provide information as part of an inquiry about a credit facility from us; Obtain a credit facility from us and conduct transactions with us; From third parties. Examples include collection from: Representatives, intermediaries or brokers acting on your behalf; Publicly available information. For example, from company registers (including the Companies Registration Office), press publications, electoral register, online search engines and related results; Third parties who provide services to you (e.g. legal advisors); Third parties who provide services to us including our advisors, suppliers and IT support providers; Introducers or common business associates who may pass on your details to us; Credit reference agencies (including the Irish Credit Bureau), credit registers (including the Central Credit Register) and fraud prevention agencies; Company and credit information databases, such as Vision-Net.ie and Experian.co.uk, which provide credit information on businesses and individuals, including information on directors, shareholdings, judgments, bankruptcies and more; Sanctions and politically exposed persons databases as part of our anti-money laundering practices; and Our banking providers, in the event that you make payments to us.

2.2. The personal data we use

We will process and use all personal data included in your CV, job application correspondence and collected as part of the application process, including: IDENTITY DATA, including your first name, surname, salutation, business name (sole trader), age, date of birth, marital status, homeowner confirmation, customer number, gender, photographic ID, signature; CONTACT DATA, including your email address, business address (sole trader), personal address, billing address, telephone number(s); PREFERENCES, in respect of the job you are applying for with us; FINANCIAL, including bank account details, tax number, financial needs, income and expenditure details, credit history, credit ratings, vehicle details (make, model, registration, chassis/serial), photo, shareholding details, details of your Capitalflow and other (non-Capitalflow) hire-purchase and lease agreements, details of your Capitalflow and other (non-Capitalflow) personal guarantee(s), insolvency/bankruptcy details; STATEMENTS AND OPINIONS about you as a potential or existing customer; INTERACTIONS with Capitalflow staff by way of email or letter correspondence, minutes of meetings or otherwise.

2.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed: For the purposes of entering into and performing a hire-purchase or lease agreement, including: Establishing your eligibility as a customer; Processing the credit application and related forms; Conducting financial, security and credit due diligence and reviews; Contacting you on matters relating to the agreement; Recovering debts you may owe us. To enable us to comply with our legal, statutory and regulatory obligations. For example: Supplying information to the Central Credit Register and using the Central Credit Register when considering credit applications, in accordance with the Credit Reporting Act 2013; Establishing your identity in order to comply with legislation regarding the prevention of money laundering, fraud and terrorist financing; Submitting returns to the Revenue Commissioners in order to comply with taxation legislation; The preparation and audit of financial statements in compliance with company law; Reporting and responding to requests from regulatory bodies, law enforcement agencies, the courts or otherwise; To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights.

2.4. Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows: To the Strategic Banking Corporation of Ireland (“SBCI”) where you wish to or have availed of Asset Finance products financed by the SBCI (“SBCI Scheme”). The personal data are shared with the SBCI for the purposes of: determining eligibility for the particular SBCI Scheme; anti-money laundering / financing of terrorism or fraud; Capitalflow and SBCI’s reporting functions in accordance with the Scheme; and conducting relevant surveys by or on behalf of the SBCI. Such processing is undertaken pursuant to the SBCI’s statutory purposes and in relation to personal data that it obtains, the SBCI acts as data controller for the purposes of Data Protection Legislation. The SBCI may also disclose the information to its respective advisors, contracted parties, delegates and agents, and the SBCI’s own funders (details of which are available at: https://sbci.gov.ie/ ). For further information on how the SBCI handles personal data, including information about the applicant’s data protection rights (in respect of the SBCI) and the contact details of the SBCI’s data protection officer, please refer to the SBCI’s data protection statement which is available at https://sbci.gov.ie/. To your authorised representative, broker or intermediary, to a third party who is providing services to you and any other third party you have provided us with authorisation to share with; To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data; To our bank when we are transacting with you; To our clients and prospective clients where you have provided us with consent to do so; To statutory, regulatory, government or law enforcement bodies as required by law. For example, we transmit personal data to the Central Credit Register to comply with our legal obligations under the Credit Reporting Act 2013; For details on the way in which information is shared with the CCR, and the manner in which the CCR uses and discloses this information please see: https://www.centralcreditregister.ie/borrower-area/data-protection-statement/ Insurance providers, including insurance underwriters, coverholders, brokers, introducers, claims handlers and other such associated third parties; To third parties in connection with a sale or purchase of assets by us; To our funders as part of our credit management processes and funding processes; To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us; To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement; and To other banks and third parties where there is suspicion of financial crime or where required by law to resolve misdirected third-party payments.

3.1. How we collect your personal data

If you are not a customer of ours, you may still opt in to receive marketing communications from us which we consider may be of interest to you. You will presented with an option to opt in for such communications via our website or social media online advertisements. If you are a customer of ours, have registered for an event of ours or have engaged with us about our products or services, we may send you marketing communications to you from time to time where we believe they may be of interest to you. If you wish to be removed from our list (opt-out), at any time, you can do so by clicking on the unsubscribe link at the bottom of each email communication you receive from us. You can also opt out by contacting us at marketing@capitalflow.ie

3.2. The personal data we use

The personal data we use in order to manage our email marketing communications to you are: IDENTITY DATA, including your first name, surname, business name (if sole trader); CONTACT DATA, being your email address; and PREFERENCES, including your interest in our products and your marketing preferences.

3.3. The purpose and legal basis for processing your personal data

Where you have opted-in to receive marketing communications from us, we will only use your personal data for this purpose based on the consent you have provided. You can withdraw your consent at any stage by opting out, as explained in section 4.1 above. For existing customers, we send marketing communications in line with our legitimate interests to develop our relationship with you, provide information to you that may be of interest and to market our brand, product and service to you. If you have opted-out, we will no longer issue marketing communications to you albeit we may need to retain your email address and opt-out preference data to ensure that your preference is recorded and upheld.

3.4. Who we share your personal data with

We only share your personal data with third parties where it is necessary to manage our marketing communications to you. Sharing occurs with a limited set of individuals and organisations and in limited circumstances as follows: With the social media platforms where we have hosted our online advertisement and where you have opted-in to receive marketing communications from us; and With Mailchimp as the third party software provider we use to store our marketing subscriber database.

3.5. How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary. You will remain on our mailing list until such time when you unsubscribe. You can unsubscribe at any time by clicking the “unsubscribe” button within our emails, or by emailing us at marketing@capitalflow.ie.

4.1. How we collect your personal data

In your capacity as a guarantor for a borrower’s debts to Capitalflow, we collect your personal data directly from you as part of the credit application process and the entrance into and performance of the guarantee contract. We also collect personal data indirectly from third party sources, examples of which include: From the borrower; From introducers or brokers; From publicly available information. For example, from company registers (including the Companies Registration Office), press publications, trade directories and online search engines and related results. From credit reference agencies (including the Irish Credit Bureau), credit registers (including the Central Credit Register) and fraud prevention agencies; and Vision-Net.ie, which provides credit information on businesses and individuals, including information on directors, shareholdings, judgments, bankruptcies and more. Sanctions and politically exposed persons databases as part of our anti-money laundering practices; Third parties who provide services to you or the borrower (e.g. representatives, advisors, etc.); Third parties who provide services to us including via our software providers, our advisors, our IT support providers; Our banking providers, in the event that you make payments to us.

4.2. The personal data we use

The personal data we process is limited to what is necessary to enter and manage the guarantor agreement and relationship with you, including: IDENTITY DATA, including your first name, surname, salutation, business name (sole trader), photographic ID, signature; CONTACT DATA, including your email address, business address (sole trader), personal address, telephone number(s); OCCUPATIONAL, including, your employer name, your job title, your department; FINANCIAL, including your salary and related employment details, asset and liability information, income and expenditure details; INTERACTIONS with Capitalflow staff by way of email or letter correspondence, minutes of meetings or otherwise.

4.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed: For the purposes of entering into and performing a guarantor contract, including: Establishing your eligibility as a guarantor; Processing the credit application and related guarantor forms; Conducting financial, security and credit due diligence and reviews; Contacting you on matters relating to the guarantee; Recovering debts you may owe us. To enable us to comply with our legal, statutory and regulatory obligations. For example: Supplying information to the Central Credit Register and using the Central Credit Register when considering credit applications, in accordance with the Credit Reporting Act 2013 (where applicable); Establishing your identity in order to comply with legislation regarding the prevention of money laundering, fraud and terrorist financing; The preparation and audit of financial statements in compliance with company law; Reporting and responding to requests from regulatory bodies, law enforcement agencies, the courts or otherwise; To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights.

4.4. Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows: To the borrower’s or your authorised representative, broker or intermediary, to a third party who is providing services to the borrower or you and any other third party the borrower has or you have provided us with authorisation to share with; To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data; Credit reference and rating agencies and registers, whose services we rely upon to protect our interests. To statutory, regulatory, government or law enforcement bodies as required by law. Insurance providers, including insurance underwriters, coverholders, brokers, introducers, claims handlers and other such associated third parties; To third parties in connection with a sale or purchase of assets by us; To our funders as part of our credit management processes and funding processes; To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us; To the Strategic Banking Corporation of Ireland (“SBCI”) where the borrower wishes to or has availed of Asset Finance products financed by the SBCI (“SBCI Scheme”). The personal data are shared with the SBCI for the purposes of: determining eligibility for the particular SBCI Scheme; anti-money laundering / financing of terrorism or fraud; Capitalflow and SBCI’s reporting functions in accordance with the Scheme; and conducting relevant surveys by or on behalf of the SBCI. Such processing is undertaken pursuant to the SBCI’s statutory purposes and in relation to personal data that it obtains, the SBCI acts as data controller for the purposes of Data Protection Legislation. The SBCI may also disclose the information to its respective advisors, contracted parties, delegates and agents, and the SBCI’s own funders (details of which are available at: https://sbci.gov.ie/ ). For further information on how the SBCI handles personal data, including information about the applicant’s data protection rights (in respect of the SBCI) and the contact details of the SBCI’s data protection officer, please refer to the SBCI’s data protection statement which is available at https://sbci.gov.ie/. To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement; and To other banks and third parties where there is suspicion of financial crime or where required by law to resolve misdirected third-party payments.

5.1. How we collect your personal data

We gather your personal data from both direct and indirect sources: Directly from you. Examples include when you, on behalf of the Corporate Customer: Interact directly with us via telephone, email, post and/or in person; Submit inquiries and information via our website; Provide information as part of an inquiry about a credit facility from us; Obtain a credit facility from us and conduct transactions with us; From third parties. Examples include collection from: the Corporate Customer; Representatives, intermediaries or brokers acting on behalf of the Corporate Customer; Publicly available information. For example, from company registers (including the Companies Registration Office), press publications, electoral register, online search engines and related results. Third parties who provide services to the Corporate Customer (e.g. legal advisors) and who are authorised representatives of the Corporate Customer. Third parties who provide services to us including via our software providers’ platforms (e.g. invoice discounting customer portal), our advisors, our suppliers, our IT support providers; Introducers or common business associates who may pass on your details to us; Credit reference agencies and fraud prevention agencies (directors and shareholders only); Company and credit information databases, such as Vision-Net.ie and Experian.co.uk, which provide credit information on businesses and individuals, including information on directors, shareholdings, judgments, bankruptcies and more (directors and shareholders only); and Sanctions and politically exposed persons databases as part of our anti-money laundering practices.

5.2. The personal data we use

As you are acting on behalf of Your Organisation and not a personal capacity, the personal data we use for the business to business relationship is limited and includes: IDENTITY DATA, including: your first name, surname, salutation, signature, age and, for directors only, marital status and homeowner confirmation; date of birth (directors, shareholders, authorised signatories and ultimate beneficial owners only); photographic and other identification documents (directors, shareholders, authorised signatories and ultimate beneficial owners only); photograph and/or video imagery (where you provide consent for us to feature such personal data for marketing purposes); CONTACT DATA, including your personal address (directors, shareholders, authorised signatories and ultimate beneficial owners only), your business email address, business telephone number(s); RELATIONSHIPS, including family, social and business relationship where relevant as part of the credit assessment process; OCCUPATIONAL, including the name of your employer, your job title; career information, directorship information. FINANCIAL, including, where relevant, financial position details, insolvency details, bankruptcy details, credit rating, judgment details. OPINIONS, where you consent to provide testimonials or references. STATEMENTS ABOUT YOU, where relevant as part of the credit assessment process; INTERACTIONS with Capitalflow staff by way of email or letter correspondence, minutes of meetings or otherwise; PREFERENCES, regarding the marketing communications you wish to receive from Capitalflow.

5.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed: To facilitate our legitimate interests to identify new business opportunities, develop enquiries, generate new business leads and develop a business relationship with you and the Corporate Customer; For the purposes of entering into and performing a contract with the Corporate Customer, including: Establishing the Corporate Customer’s eligibility; Processing the credit application; Conducting financial, security and credit due diligence and reviews of the Corporate Customer; Contacting you on matters relating to the contract; Recovering debts the Corporate Customer may owe us. To enable us to comply with our legal, statutory and regulatory obligations. For example: Conducting anti-money laundering checks on beneficial owners of the Corporate Customer; The preparation and audit of financial statements in compliance with company law; Reporting and responding to requests from regulatory bodies, law enforcement agencies, the courts or otherwise; To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights. To provide you with, on a legitimate interest basis, direct marketing information about products, events and news that we believe are of relevant interest to the Corporate Customer. You can opt-out of receiving such communications at any time by emailing info@capitalflow.ie Where you have provided us with consent to use your personal data for marketing or referral purposes.

5.4. Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows: To authorised representatives, brokers, intermediaries and to third parties providing services to the Corporate Customer; To third parties who are providing services to us to enable us to manage the relationship with the Corporate Customer. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data; To statutory, regulatory, government or law enforcement bodies as required by law; To third parties in connection with a sale or purchase of assets by us; To our funders as part of our credit management processes and funding processes; To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us; To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement; To the Strategic Banking Corporation of Ireland (“SBCI”) where the Corporate Customer wishes to or has availed of Asset Finance products financed by the SBCI (“SBCI Scheme”). The personal data are shared with the SBCI for the purposes of: determining eligibility for the particular SBCI Scheme; anti-money laundering / financing of terrorism or fraud; Capitalflow and SBCI’s reporting functions in accordance with the Scheme; and conducting relevant surveys by or on behalf of the SBCI. Such processing is undertaken pursuant to the SBCI’s statutory purposes and in relation to personal data that it obtains, the SBCI acts as data controller for the purposes of Data Protection Legislation. The SBCI may also disclose the information to its respective advisors, contracted parties, delegates and agents, and the SBCI’s own funders (details of which are available at: https://sbci.gov.ie/ ). For further information on how the SBCI handles personal data, including information about the applicant’s data protection rights (in respect of the SBCI) and the contact details of the SBCI’s data protection officer, please refer to the SBCI’s data protection statement which is available at https://sbci.gov.ie/. To our business partners where you have provided us with consent to do (for example, where you have been introduced to us by one of our business partners and we seek your consent to inform the business partner that you made contact with us); and To the general public via our website and our professional social media pages where you have provided us with consent to use your personal data for marketing purposes.

6.1. How we collect your personal data

In our business to business relationships with third party companies and organisations (e.g. suppliers, broker, introducer, government agency, property landlord, etc.), we will process some personal data belonging to individuals who represent those companies and organisations in the capacity of an employee, director, shareholder or otherwise. If you fall into this category of individual where you are representing a company or organisation (“Your Organisation”), we gather your personal data from both direct and indirect sources: Directly from you. Examples include when you, on behalf of Your Organisation: Interact directly with us via telephone, email, post and/or in person; Submit inquiries and information to us in relation to our relationship with Your Organisation; From third parties. Examples include collection from: Publicly available information. For example, from press publications, online search engines and related results. Third parties who provide services to Your Organisation. For example, from legal advisors and authorised representatives. Third parties who provide services to us. For example, asset valuation advisors. Introducers or common business associates who may pass on your details to us; Third parties who provide services to Your Organisation (e.g. representatives, advisors, delivery drivers, etc.).

6.2. The personal data we use

As you are acting on behalf of Your Organisation and not a personal capacity, the personal data we use for the business to business relationship is limited and includes: IDENTITY DATA, including your first name, surname, salutation; signature on signed documents; photographic identification, where you provide consent for us to feature your photo and/or video imagery for marketing purposes; CONTACT DATA, including your business email address, business telephone number(s); OCCUPATIONAL, including the name of Your Organisation and your job title, OPINIONS, where you consent to provide testimonials or references.

6.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so, including Our legitimate interests to identify new business opportunities, develop enquiries, generate new business leads and develop a business relationship with you and Your Organisation; For the purpose of taking steps to enter into and perform a contract to sell services to Your Organisation; To enable us to comply with our legal, statutory and regulatory obligations. For example, Your Organisation may be a government body with whom we need to interact as part of our legal obligations and your personal data will be used to manage this relationship; Where you have provided us with consent to use your personal data for marketing or referral purposes; To manage our everyday business needs in line with our legitimate interests, such as customer service, accounting, complaint management, troubleshooting, technical support, fraud prevention, protection of our assets and information, and fraud prevention. Establish, exercise or defend legal claims;

6.4. Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows: To third parties who are providing services to us to enable us to manage the relationship with you and Your Organisation. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data To statutory, regulatory, government or law enforcement bodies as required by law; To our clients and prospective clients where you have provided us with consent to do so; To our business partners where you have provided us with consent to do (for example, where you have been introduced to us by one of our business partners and we seek your consent to inform the business partner that you made contact with us); To the general public via our website and our professional social media pages where you have provided us with consent to use your personal data for marketing purposes; To third parties in connection with a sale or purchase of assets by us; To our funders as part of our credit management processes and funding processes; To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us; To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement.

7.1. How we collect your personal data

You may choose to provide personal data directly to us by way of contacting us via the enquiry forms on our website or via our online advertisements.

7.2. The personal data we use

The personal data you provide when submitting an enquiry form through our website, social media or online advertisements will depend on the type of enquiry you make: Inquiry via our website (note that in relation to property lending inquiries, while we do not lend to individuals or sole traders, this does not prevent individuals or sole traders from sending enquiries to us). The personal data we collect will vary depending on different product and service lines being offered from time to time but usually will be limited to: IDENTITY DATA, including your first name and surname, mobile number, home number, sole trader business name, CRO number, VAT number and/or PPS number; CONTACT DATA, including your email address and telephone number; OCCUPATIONAL, including your company name, your role/position, and, in the case of sole traders, the business county, industry and numbers of years trading; FINANCIAL (where the enquirer is a sole trader), including approximate turnover, type of finance required, loan amount required, account number, nature of business, request information and supporting documentation (e.g. bank statement); PREFERENCES, including your interest in our products and your marketing preferences; Other online enquiries (e.g. via social media or online advertisement forms). The personal data we collect will vary depending on the online advertising campaign but usually will be limited to: IDENTITY DATA, including your first name, surname, business name (if sole trader); CONTACT DATA, including your email address and telephone number; OCCUPATIONAL, including your company name; LOCATION, including your city; PREFERENCES, including your interest in our products and your marketing preferences;

7.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so. We process the personal data you submit to us directly in line with our legitimate interests to deal with your enquiry.

7.4. Who we share your personal data with

The communications you send to us via our website are kept private by being sent directly to our CRM system, which we then use to manage and respond accordingly. The personal data are only shared with the third parties who supply software to enable us to receive, manage and respond to these communications. This inbound communication management is in line with our legitimate interests to run our business. When you inquire via Facebook and LinkedIn, your data is stored within the social media platform for a limited time frame to enable us to download the data and respond to your query.

7.5. How long we keep your personal data for

Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary. In general, where you go on to become a customer, we keep your data for a period of 7 years from the end of the relationship with you.

8.1. How we collect your personal data

We gather your personal data from both direct and indirect sources: Directly from you. Examples include when you: Interact directly with us via telephone, email, post and/or in person; Submit inquiries and information via our website; Provide information as part of an inquiry about a pension mortgage facility from us; Obtain a pension mortgage facility from us and conduct transactions with us; From third parties. Examples include collection from: the Pension Trust or Trustees; Other representatives, service providers, intermediaries or brokers acting on behalf of the Pension Beneficiary or Pension Trust or Trustees; Publicly available information. For example, from company registers (including the Companies Registration Office), press publications, online search engines and related results; Third parties who provide services to us; Introducers or common business associates who may pass on your details to us; Credit reference agencies (including the Irish Credit Bureau); Company and credit information databases, such as Vision-Net.ie, which provide credit information on businesses and individuals, including information on directors, shareholdings, judgments, bankruptcies and more; and Sanctions and politically exposed persons databases as part of our anti-money laundering practices.

8.2. The personal data we use

The personal data we use for the business to business relationship is limited and includes: IDENTITY DATA, including: your first name, surname, salutation, signature, age; date of birth; photographic and other identification documents; photograph and/or video imagery (where you provide consent for us to feature such personal data for marketing purposes); CONTACT DATA, including your personal address and, where you have provided data to us in correspondence, your email address and telephone number(s); RELATIONSHIPS, including family, social and business relationship where relevant as part of the credit assessment process; OCCUPATIONAL, including the name of your employer, your job title; directorship information; proposed retirement date. FINANCIAL, including, where relevant, Financial position details, including income (incl. income tax details) and expenditure, assets and liabilities, insolvency details, bankruptcy details, credit rating, judgment details; Pension details, including contribution, fund valuation, date of valuation, fund leverage, fund investment liquidity, pension advisor, pension trustee, Revenue approved trustee; STATEMENTS ABOUT YOU, where relevant as part of the credit assessment process; INTERACTIONS with Capitalflow staff by way of email or letter correspondence, minutes of meetings or otherwise; PREFERENCES, regarding the marketing communications you wish to receive from Capitalflow.

8.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed: To facilitate our legitimate interests to identify new business opportunities, develop enquiries, generate new business leads and develop a business relationship with you; For the purposes of entering into and performing a pension mortgage loan agreement, including: Establishing the Pension Beneficiary’s eligibility; Processing the pension mortgage application; Conducting financial, security and credit due diligence and reviews; Contacting you on matters relating to the contract; Recovering debts owed to us. To enable us to comply with our legal, statutory and regulatory obligations. For example: Conducting anti-money laundering checks on beneficial owners of the Pension Beneficiary; The preparation and audit of financial statements in compliance with company law; Reporting and responding to requests from regulatory bodies, law enforcement agencies, the courts or otherwise; To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights. Where you have provided us with consent to use your personal data for marketing or referral purposes.

8.4. Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows: To the Pension Trust or Trustees; To authorised representatives, brokers, intermediaries and to third parties providing services to the Pension Beneficiary and Pension Trust(ees); To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data; To statutory, regulatory, government or law enforcement bodies as required by law; To third parties in connection with a sale or purchase of assets by us; To our funders as part of our credit management processes and funding processes; To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us; To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement; To our business partners where you have provided us with consent to do (for example, where you have been introduced to us by one of our business partners and we seek your consent to inform the business partner that you made contact with us); and To the general public via our website and our professional social media pages where you have provided us with consent to use your personal data for marketing purposes.

9.1. How we collect your personal data

In your capacity as an individual who witnesses another person (“Signer”) signing a document to which Capitalflow is a party, we collect your personal data directly from you via the document you have signed.

9.2. The personal data we use

When you are signing a document as a witness, the personal data you provide to us is typically limited to: IDENTITY DATA, including your first name, surname, salutation, business name (sole trader), signature; CONTACT DATA, including your email address, address, telephone number(s); OCCUPATIONAL, including, your employer name and your job title;

9.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so. In this regard, your personal data are processed only for the purposes of witnessing the signing of a contract or agreement.

9.4. Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows: To authorised representatives, brokers, intermediaries and to third parties providing services to the Signer; To third parties who are providing services to us to enable us to manage the relationship with the Signer. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data; To statutory, regulatory, government or law enforcement bodies as required by law; To third parties in connection with a sale or purchase of assets by us; To our funders as part of our credit management processes and funding processes; To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us; and To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement.

10.1. How we collect your personal data

As a supplier or service provider to Capitalflow, we collect your personal data directly when you interact with us via telephone, email, post and/or person (e.g. meetings, events, conferences, etc.). We may also collect personal data from third party sources, examples of which include From publicly available information. For example, from company registers (including the Companies Registration Office), press publications, trade directories and online search engines and related results. Introducers or common business associates who may pass on your details to us; Third parties who provide services to you (e.g. your representatives, advisors, delivery drivers, etc.); Our banking providers, in relation to transactions with you;

10.2. The personal data we use

Our relationship with you as a supplier is a business to business relationship and the personal data processed are limited to what is necessary to establish a relationship with you and obtain your services, including: IDENTITY DATA, including: your first name, surname, salutation, business name; photographic and other identification documents (brokers and intermediaries only); photographic identification, where you provide consent for us to feature your photo and/or video imagery for marketing purposes; CONTACT DATA, including your email address, business address, personal address, billing address, telephone number(s); OCCUPATIONAL, including; information about your past/current clients, past/current projects and any other information that may be considered by us when assessing your suitability to provide a service; and relevant insurance and/or health and safety details where required. FINANCIAL, including bank account details and VAT or other relevant tax details to facilitate transactions with you, as well as your transactional and account history with Capitalflow;

10.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so. Typically, your personal data are processed for the purpose of entering into and performing a contract with you as a supplier to Capitalflow, including when we: Make an inquiry to purchase a product or service from you; Avail of the products and/or services from you as a supplier; Transact with you and make payments to you pursuant to the contract; Establish, exercise or defend legal claims in relation to the contract; Correspond with you throughout the relationship. Your personal data may also be used: To enable us to comply with our legal, statutory and regulatory obligations. For example, your personal data may be included in our returns to the Revenue Commissioners in complying with taxation law, as part of the preparation and audit of financial statements in compliance with company law and for compliance with legally binding requests from regulatory bodies, law enforcement agencies, the courts or otherwise; To manage our everyday business needs in line with our legitimate interests, such as accounting, complaint management, troubleshooting, technical support, protection of our assets and information, and fraud prevention. To inform potential and/or current Capitalflow clients that you are a supplier. This will be in limited circumstances and your explicit consent will be sought before it occurs.

10.4. Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows: To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data To our bank when we are transacting with you; To statutory, regulatory, government or law enforcement bodies as required by law; To our clients and prospective clients where you have provided us with consent to do so; and To our business partners where you have provided us with consent to do (for example, where you have been introduced to us by one of our business partners and we seek your consent to inform the business partner that you made contact with us). To third parties in connection with a sale or purchase of assets by us; To our funders as part of our credit management processes and funding processes; To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us; To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement;

11.1. How we collect your personal data

We gather your personal data indirectly from third parties, including: the Corporate Customer; Representatives, intermediaries or brokers acting on behalf of the Corporate Customer; Third parties who provide services to the Corporate Customer (e.g. asset valuers, legal advisors, receivers, etc.) and who are authorised representatives of the Corporate Customer; Third parties who provide services to us (e.g. asset valuers). On rare occasions, we may also gather your personal data directly in the event that we need to interact directly with you as part of the performance of our contract with the Corporate Customer.

11.2. The personal data we use

The personal data we use for the business to business relationship with the Corporate Customer is limited to details about the tenancy and includes: IDENTITY DATA, including your first name, surname, salutation; signature on signed documents (e.g. lease agreement); CONTACT DATA including the address of the let unit within the Secured Property and any other contact data that may be included in the lease agreement (e.g. telephone number, email address, etc.); OCCUPATIONAL DATA that may be included in the lease agreement, including the name of your employer and your job title; TENANCY DATA, which may include rent, lease term, the lease agreement and all related lease terms or amendments.

11.3. The purpose and legal basis for processing your personal data

We will only process your personal data where it is lawful and necessary to do so, including Our legitimate interests to identify new business opportunities, develop enquiries, generate new business leads and develop a business relationship with the Corporate Customer; For the purpose of taking steps to enter into and perform a contract with the Corporate Customer; To enable us to comply with our legal, statutory and regulatory obligations. To manage our everyday business needs in line with our legitimate interests, such as customer service, accounting, complaint management, troubleshooting, technical support, fraud prevention, protection of our assets and information, and fraud prevention. Establish, exercise or defend legal claims;

11.4. Who we share your personal data with

We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows: To authorised representatives, brokers, intermediaries and to third parties providing services to the Corporate Customer; To third parties who are providing services to us to enable us to manage the relationship with the Corporate For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data; To statutory, regulatory, government or law enforcement bodies as required by law; To third parties in connection with a sale or purchase of assets by us; To our funders as part of our credit management processes and funding processes; To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us; To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement;

Cookies are small text files that can be used by websites to make a user’s experience more efficient. Our website uses different types of cookies, which are explained to all website visitors clearly in our cookie notice and consent tool when first visiting our website. We will only ever use cookies upon receipt of your consent to do so, with the exception of a limited number of cookies which are switched on by default as they are strictly necessary in order to make the website work for you. Please refer to the cookie notice and consent tool for more information and to manage your consent preferences. Social networks We maintain active social network accounts. We embed widgets from these networks to provide follow buttons, like boxes and stream embeds. This will result in cookies being set by these networks while using our site, subject to your consent to the processing of such cookies. As above, please refer to our cookie notice and consent tool on our website for details and preference management. Links Pages Some of the pages on our website contain hypertext links to websites not maintained by us. They are merely suggested websites which may be of interest to visitors to our Website. Please be reminded that different terms and conditions of use will apply to you as a user of these websites. In addition, such websites may not have the same privacy standards that we maintain. See full cookie policy

1. Consequences of not giving your data to us

You are not under any obligation to provide your personal data to us. However, we do need some personal data in order to enter certain contracts with you (for example, to be able to provide you with a loan facility or to enter a sale or purchase contract with you/your employer) or to provide services to you (for example, certain functions on our websites will not be able to function correctly without cookies) and failure to provide this information may result in us not being able to enter such contracts or provide you with such services. You will be notified if this is the case at the time.

2. How long we keep your personal data for

As a principle, we do not hold your personal data for longer than is necessary. The length of time we hold the data depends on the type of data and on a number of other factors, including to meet our legal and regulatory obligations as well our ability to perform a contract that may exist between us and you. In most cases, we retain data for 7 years after the date upon which a transaction completed or when the relationship ceased. For more information on your right to request erasure of your personal data, please see section (iii) under “PART C: YOUR RIGHTS” below.

3. How we keep your personal data safe

Capitalflow has a range of technical and organisational measures in place to protect information and keep your personal data secure across our IT systems and networks and physical storage locations. In the event of certain types of personal data breaches, we are legally obliged to notify the Data Protection Commission and affected individuals to whom the personal data belong. We have implemented internal procedures to manage personal data security breaches in accordance with our legal obligations.

4. Transfers outside the European Economic Area

In connection with the above purposes we occasionally, and only where necessary, transfer your personal data to third parties outside the European Economic Area (“EEA”). If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include: to a jurisdiction which has been subject to an “Adequacy” decision from the European Commission, meaning the jurisdiction is recognised as providing for an equivalent level of protection for personal data as is provided for in the European Union; entering into a contract governing the transfer which contains the “standard contractual clauses” approved for this purpose by the European Commission; or in respect of transfers to the United States of America, ensuring that the transfer is covered by the EU-US Privacy Shield framework.

Privacy Policy

Your trust matters. Here’s how Capitalflow collects, uses, and protects your information.

PART A: Specific Processing Information

This notice applies to any personal data we receive from you, create or obtain from other sources and explains how it will be used by us.

It is important that you take the time to read the information detailed below for each category of relationship with Capitalflow so that you understand how we will use your personal data and your rights in relation to your personal data.

For information specific to your relationship, please select the appropriate relationship category.

1. Applying for a job at Capitalflow

Information about you, including your personal data, is gathered when you apply for a job with us either directly or indirectly via employment agencies or online job websites. We also may obtain personal data indirectly from referees you nominate to us or from your professional social media profile link you provide to us as part of the job application.
Capitalflow will process and use all personal data included in your CV, job application correspondence and collected as part of the application process, including:
- IDENTITY DATA, including your
- first name, surname, salutation;
  
  date of birth (if included on your CV);
  
  photographic identification, where your photograph is included on your CV;
- CONTACT DATA, including your email address, personal address, telephone number(s);
- PREFERENCES, in respect of the job you are applying for with Capitalflow;
- OCCUPATIONAL, including
- the name of your employer, your job title and department;
- your employment and education history and any other information contained in a CV provided to us as part of a job application;
- STATEMENTS ABOUT YOU, including
- references we obtain from your nominated referees as part of a job application;
- statements made as part of the interview and evaluation process when you apply for a job with us;
- LOCATION, whereby, in the event of an interview in our offices, we can identify when you were on our premises by way of access/sign-in controls;
We process your personal data for the purpose of recruiting staff. This includes the following, which we deem necessary for the purposes of entering into an employment contract with you (i.e. assess your suitability to enter into the contract):
1. Identifying you and processing your job application;
2. Verifying the information you provided and assessing your suitability for the role;
3. Making a decision on whether to offer you a job and the provision of feedback to you in relation to your application;
We may also need to use your personal data for the purpose of satisfying our employment law obligations, in particular in relation to equality.
Your personal data will be shared to relevant staff within the Capitalflow Group but also to a limited number of third parties where it is necessary to do so, including:
- To your nominated referees;
- To third party companies or individuals who are providing recruitment services to us;
- To statutory, regulatory, government or law enforcement bodies as required by law;

2. Asset Finance Customers (Individuals And Sole Traders)

Where you, in the capacity as an individual or sole trader, are a prospective, existing or legacy asset finance customer of Capitalflow, this section relates to you.

We collect your personal data:

Directly from you. Examples include when you:

Interact directly with us via telephone, email, post and/or in person;

Submit inquiries and information via our website;

Provide information as part of an inquiry about a credit facility from us;

Obtain a credit facility from us and conduct transactions with us;

From third parties. Examples include collection from:

Representatives, intermediaries or brokers acting on your behalf;

Publicly available information. For example, from company registers (including the Companies Registration Office), press publications, electoral register, online search engines and related results;

Third parties who provide services to you (e.g. legal advisors);

Third parties who provide services to us including our advisors, suppliers and IT support providers;

Introducers or common business associates who may pass on your details to us;

Credit reference agencies (including the Irish Credit Bureau), credit registers (including the Central Credit Register) and fraud prevention agencies;

Company and credit information databases, such as Vision-Net.ie and Experian.co.uk, which provide credit information on businesses and individuals, including information on directors, shareholdings, judgments, bankruptcies and more;

Sanctions and politically exposed persons databases as part of our anti-money laundering practices; and

Our banking providers, in the event that you make payments to us.
We will process and use all personal data included in your CV, job application correspondence and collected as part of the application process, including:
- IDENTITY DATA, including your first name, surname, salutation, business name (sole trader), age, date of birth, marital status, homeowner confirmation, customer number, gender, photographic ID, signature;
- CONTACT DATA, including your email address, business address (sole trader), personal address, billing address, telephone number(s);
- PREFERENCES, in respect of the job you are applying for with us;
- FINANCIAL, including bank account details, tax number, financial needs, income and expenditure details, credit history, credit ratings, vehicle details (make, model, registration, chassis/serial), photo, shareholding details, details of your Capitalflow and other (non-Capitalflow) hire-purchase and lease agreements, details of your Capitalflow and other (non-Capitalflow) personal guarantee(s), insolvency/bankruptcy details;
- STATEMENTS AND OPINIONS about you as a potential or existing customer;
- INTERACTIONS with Capitalflow staff by way of email or letter correspondence, minutes of meetings or otherwise.
We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed: For the purposes of entering into and performing a hire-purchase or lease agreement, including:
- Establishing your eligibility as a customer;
  
  Processing the credit application and related forms;
  
  Conducting financial, security and credit due diligence and reviews;
  
  Contacting you on matters relating to the agreement;
  
  Recovering debts you may owe us.
- To enable us to comply with our legal, statutory and regulatory obligations. For example:
  
  Supplying information to the Central Credit Register and using the Central Credit Register when considering credit applications, in accordance with the Credit Reporting Act 2013;
  
  Establishing your identity in order to comply with legislation regarding the prevention of money laundering, fraud and terrorist financing;
  
  Submitting returns to the Revenue Commissioners in order to comply with taxation legislation;
  
  The preparation and audit of financial statements in compliance with company law;
  
  Reporting and responding to requests from regulatory bodies, law enforcement agencies, the courts or otherwise;
- To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights.
We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
- To the Strategic Banking Corporation of Ireland (“SBCI”) where you wish to or have availed of Asset Finance products financed by the SBCI (“SBCI Scheme”). The personal data are shared with the SBCI for the purposes of:
  
  determining eligibility for the particular SBCI Scheme;
  
  anti-money laundering / financing of terrorism or fraud;
  
  Capitalflow and SBCI’s reporting functions in accordance with the Scheme; and
  
  conducting relevant surveys by or on behalf of the SBCI.
Such processing is undertaken pursuant to the SBCI’s statutory purposes and in relation to personal data that it obtains, the SBCI acts as data controller for the purposes of Data Protection Legislation. The SBCI may also disclose the information to its respective advisors, contracted parties, delegates and agents, and the SBCI’s own funders (details of which are available at: https://sbci.gov.ie/ ). For further information on how the SBCI handles personal data, including information about the applicant’s data protection rights (in respect of the SBCI) and the contact details of the SBCI’s data protection officer, please refer to the SBCI’s data protection statement which is available at https://sbci.gov.ie/.
- To your authorised representative, broker or intermediary, to a third party who is providing services to you and any other third party you have provided us with authorisation to share with;
- To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data;
- To our bank when we are transacting with you;
- To our clients and prospective clients where you have provided us with consent to do so;
- To statutory, regulatory, government or law enforcement bodies as required by law. For example, we transmit personal data to the Central Credit Register to comply with our legal obligations under the Credit Reporting Act 2013; For details on the way in which information is shared with the CCR, and the manner in which the CCR uses and discloses this information please see: https://www.centralcreditregister.ie/borrower-area/data-protection-statement/
- Insurance providers, including insurance underwriters, coverholders, brokers, introducers, claims handlers and other such associated third parties;
- To third parties in connection with a sale or purchase of assets by us;
- To our funders as part of our credit management processes and funding processes;
- To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us;
- To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement; and
- To other banks and third parties where there is suspicion of financial crime or where required by law to resolve misdirected third-party payments.

3. Email Marketing

If you are not a customer of ours, you may still opt in to receive marketing communications from us which we consider may be of interest to you. You will presented with an option to opt in for such communications via our website or social media online advertisements. If you are a customer of ours, have registered for an event of ours or have engaged with us about our products or services, we may send you marketing communications to you from time to time where we believe they may be of interest to you. If you wish to be removed from our list (opt-out), at any time, you can do so by clicking on the unsubscribe link at the bottom of each email communication you receive from us. You can also opt out by contacting us at marketing@capitalflow.ie
The personal data we use in order to manage our email marketing communications to you are:
- IDENTITY DATA, including your first name, surname, business name (if sole trader);
- CONTACT DATA, being your email address; and
- PREFERENCES, including your interest in our products and your marketing preferences.
Where you have opted-in to receive marketing communications from us, we will only use your personal data for this purpose based on the consent you have provided. You can withdraw your consent at any stage by opting out, as explained in section 4.1 above. For existing customers, we send marketing communications in line with our legitimate interests to develop our relationship with you, provide information to you that may be of interest and to market our brand, product and service to you. If you have opted-out, we will no longer issue marketing communications to you albeit we may need to retain your email address and opt-out preference data to ensure that your preference is recorded and upheld.
We only share your personal data with third parties where it is necessary to manage our marketing communications to you. Sharing occurs with a limited set of individuals and organisations and in limited circumstances as follows:
- With the social media platforms where we have hosted our online advertisement and where you have opted-in to receive marketing communications from us; and
- With Mailchimp as the third party software provider we use to store our marketing subscriber database.
Personal data is kept in a form, which permits data subject identification only for as long as is permitted while following fair and lawful processing. No personal data will be kept for a period longer than necessary. You will remain on our mailing list until such time when you unsubscribe. You can unsubscribe at any time by clicking the “unsubscribe” button within our emails, or by emailing us at marketing@capitalflow.ie.

4. Guarantors

This section relates to individuals who have provided a guarantee or indemnity to Cf in respect of a specific borrower’s indebtedness to Capitalflow.

In your capacity as a guarantor for a borrower’s debts to Capitalflow, we collect your personal data directly from you as part of the credit application process and the entrance into and performance of the guarantee contract. We also collect personal data indirectly from third party sources, examples of which include:
- From the borrower;
- From introducers or brokers;
- From publicly available information. For example, from company registers (including the Companies Registration Office), press publications, trade directories and online search engines and related results.
- From credit reference agencies (including the Irish Credit Bureau), credit registers (including the Central Credit Register) and fraud prevention agencies; and
- Vision-Net.ie, which provides credit information on businesses and individuals, including information on directors, shareholdings, judgments, bankruptcies and more.
- Sanctions and politically exposed persons databases as part of our anti-money laundering practices;
- Third parties who provide services to you or the borrower (e.g. representatives, advisors, etc.);
- Third parties who provide services to us including via our software providers, our advisors, our IT support providers;
- Our banking providers, in the event that you make payments to us.
The personal data we process is limited to what is necessary to enter and manage the guarantor agreement and relationship with you, including:
- IDENTITY DATA, including your first name, surname, salutation, business name (sole trader), photographic ID, signature;
- CONTACT DATA, including your email address, business address (sole trader), personal address, telephone number(s);
- OCCUPATIONAL, including, your employer name, your job title, your department;
- FINANCIAL, including your salary and related employment details, asset and liability information, income and expenditure details;
- INTERACTIONS with Capitalflow staff by way of email or letter correspondence, minutes of meetings or otherwise.
We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed:
- For the purposes of entering into and performing a guarantor contract, including:
  
  Establishing your eligibility as a guarantor;
  
  Processing the credit application and related guarantor forms;
  
  Conducting financial, security and credit due diligence and reviews;
  
  Contacting you on matters relating to the guarantee;
  
  Recovering debts you may owe us.
- To enable us to comply with our legal, statutory and regulatory obligations. For example:
  
  Supplying information to the Central Credit Register and using the Central Credit Register when considering credit applications, in accordance with the Credit Reporting Act 2013 (where applicable);
  
  Establishing your identity in order to comply with legislation regarding the prevention of money laundering, fraud and terrorist financing;
  
  The preparation and audit of financial statements in compliance with company law;
  
  Reporting and responding to requests from regulatory bodies, law enforcement agencies, the courts or otherwise;
- To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights.
We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
- To the borrower’s or your authorised representative, broker or intermediary, to a third party who is providing services to the borrower or you and any other third party the borrower has or you have provided us with authorisation to share with;
- To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data;
- Credit reference and rating agencies and registers, whose services we rely upon to protect our interests.
- To statutory, regulatory, government or law enforcement bodies as required by law.
- Insurance providers, including insurance underwriters, coverholders, brokers, introducers, claims handlers and other such associated third parties;
- To third parties in connection with a sale or purchase of assets by us;
- To our funders as part of our credit management processes and funding processes;
- To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us;
- To the Strategic Banking Corporation of Ireland (“SBCI”) where the borrower wishes to or has availed of Asset Finance products financed by the SBCI (“SBCI Scheme”). The personal data are shared with the SBCI for the purposes of:
  
  determining eligibility for the particular SBCI Scheme;
  
  anti-money laundering / financing of terrorism or fraud;
  
  Capitalflow and SBCI’s reporting functions in accordance with the Scheme; and
  
  conducting relevant surveys by or on behalf of the SBCI.
Such processing is undertaken pursuant to the SBCI’s statutory purposes and in relation to personal data that it obtains, the SBCI acts as data controller for the purposes of Data Protection Legislation. The SBCI may also disclose the information to its respective advisors, contracted parties, delegates and agents, and the SBCI’s own funders (details of which are available at: https://sbci.gov.ie/ ). For further information on how the SBCI handles personal data, including information about the applicant’s data protection rights (in respect of the SBCI) and the contact details of the SBCI’s data protection officer, please refer to the SBCI’s data protection statement which is available at https://sbci.gov.ie/.
- To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement; and
- To other banks and third parties where there is suspicion of financial crime or where required by law to resolve misdirected third-party payments.

5. Individuals Connected Corporate Customers

In our business to business relationships with companies or organisations that are potential, existing or legacy Capitalflow customers (“Corporate Customers”), we will process some personal data belonging to individuals who are connected to those Corporate Customers in the capacity of an employee, director, shareholder, authorised signatories, power of attorney holders, business associate, promoter, broker, introducer, pension trustee, pension advisor, trust beneficiary or otherwise. If you fall into this category, this section relates to you.

We gather your personal data from both direct and indirect sources:
- Directly from you. Examples include when you, on behalf of the Corporate Customer:
  
  Interact directly with us via telephone, email, post and/or in person;
  
  Submit inquiries and information via our website;
  
  Provide information as part of an inquiry about a credit facility from us;
  
  Obtain a credit facility from us and conduct transactions with us;
- From third parties. Examples include collection from:
  
  the Corporate Customer;
  
  Representatives, intermediaries or brokers acting on behalf of the Corporate Customer;
  
  Publicly available information. For example, from company registers (including the Companies Registration Office), press publications, electoral register, online search engines and related results.
  
  Third parties who provide services to the Corporate Customer (e.g. legal advisors) and who are authorised representatives of the Corporate Customer.
  
  Third parties who provide services to us including via our software providers’ platforms (e.g. invoice discounting customer portal), our advisors, our suppliers, our IT support providers;
  
  Introducers or common business associates who may pass on your details to us;
  
  Credit reference agencies and fraud prevention agencies (directors and shareholders only);
  
  Company and credit information databases, such as Vision-Net.ie and Experian.co.uk, which provide credit information on businesses and individuals, including information on directors, shareholdings, judgments, bankruptcies and more (directors and shareholders only); and
  
  Sanctions and politically exposed persons databases as part of our anti-money laundering practices.
As you are acting on behalf of Your Organisation and not a personal capacity, the personal data we use for the business to business relationship is limited and includes:
- IDENTITY DATA, including:
  
  your first name, surname, salutation, signature, age and, for directors only, marital status and homeowner confirmation;
  
  date of birth (directors, shareholders, authorised signatories and ultimate beneficial owners only);
  
  photographic and other identification documents (directors, shareholders, authorised signatories and ultimate beneficial owners only);
  
  photograph and/or video imagery (where you provide consent for us to feature such personal data for marketing purposes);
- CONTACT DATA, including your personal address (directors, shareholders, authorised signatories and ultimate beneficial owners only), your business email address, business telephone number(s);
- RELATIONSHIPS, including family, social and business relationship where relevant as part of the credit assessment process;
- OCCUPATIONAL, including
  
  the name of your employer, your job title;
  
  career information, directorship information.
- FINANCIAL, including, where relevant, financial position details, insolvency details, bankruptcy details, credit rating, judgment details.
- OPINIONS, where you consent to provide testimonials or references.
- STATEMENTS ABOUT YOU, where relevant as part of the credit assessment process;
- INTERACTIONS with Capitalflow staff by way of email or letter correspondence, minutes of meetings or otherwise;
- PREFERENCES, regarding the marketing communications you wish to receive from Capitalflow.
We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed:
- To facilitate our legitimate interests to identify new business opportunities, develop enquiries, generate new business leads and develop a business relationship with you and the Corporate Customer;
- For the purposes of entering into and performing a contract with the Corporate Customer, including:
  
  Establishing the Corporate Customer’s eligibility;
  
  Processing the credit application;
  
  Conducting financial, security and credit due diligence and reviews of the Corporate Customer;
  
  Contacting you on matters relating to the contract;
  
  Recovering debts the Corporate Customer may owe us.
- To enable us to comply with our legal, statutory and regulatory obligations. For example:
  
  Conducting anti-money laundering checks on beneficial owners of the Corporate Customer;
  
  The preparation and audit of financial statements in compliance with company law;
  
  Reporting and responding to requests from regulatory bodies, law enforcement agencies, the courts or otherwise;
- To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights.
- To provide you with, on a legitimate interest basis, direct marketing information about products, events and news that we believe are of relevant interest to the Corporate Customer. You can opt-out of receiving such communications at any time by emailing info@capitalflow.ie
- Where you have provided us with consent to use your personal data for marketing or referral purposes.
We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
- To authorised representatives, brokers, intermediaries and to third parties providing services to the Corporate Customer;
- To third parties who are providing services to us to enable us to manage the relationship with the Corporate Customer. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data;
- To statutory, regulatory, government or law enforcement bodies as required by law;
- To third parties in connection with a sale or purchase of assets by us;
- To our funders as part of our credit management processes and funding processes;
- To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us;
- To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement;
- To the Strategic Banking Corporation of Ireland (“SBCI”) where the Corporate Customer wishes to or has availed of Asset Finance products financed by the SBCI (“SBCI Scheme”). The personal data are shared with the SBCI for the purposes of:
  
  determining eligibility for the particular SBCI Scheme;
  
  anti-money laundering / financing of terrorism or fraud;
  
  Capitalflow and SBCI’s reporting functions in accordance with the Scheme; and
  
  conducting relevant surveys by or on behalf of the SBCI.
Such processing is undertaken pursuant to the SBCI’s statutory purposes and in relation to personal data that it obtains, the SBCI acts as data controller for the purposes of Data Protection Legislation. The SBCI may also disclose the information to its respective advisors, contracted parties, delegates and agents, and the SBCI’s own funders (details of which are available at: https://sbci.gov.ie/ ). For further information on how the SBCI handles personal data, including information about the applicant’s data protection rights (in respect of the SBCI) and the contact details of the SBCI’s data protection officer, please refer to the SBCI’s data protection statement which is available at https://sbci.gov.ie/.
- To our business partners where you have provided us with consent to do (for example, where you have been introduced to us by one of our business partners and we seek your consent to inform the business partner that you made contact with us); and
- To the general public via our website and our professional social media pages where you have provided us with consent to use your personal data for marketing purposes.

6. Individuals Representing A Company Or Organisation

In our business to business relationships with third party companies and organisations (e.g. suppliers, broker, introducer, government agency, property landlord, etc.), we will process some personal data belonging to individuals who represent those companies and organisations in the capacity of an employee, director, shareholder or otherwise. If you fall into this category of individual where you are representing a company or organisation (“Your Organisation”), we gather your personal data from both direct and indirect sources:
- Directly from you. Examples include when you, on behalf of Your Organisation:
  
  Interact directly with us via telephone, email, post and/or in person;
  
  Submit inquiries and information to us in relation to our relationship with Your Organisation;
- From third parties. Examples include collection from:
  
  Publicly available information. For example, from press publications, online search engines and related results.
  
  Third parties who provide services to Your Organisation. For example, from legal advisors and authorised representatives.
  
  Third parties who provide services to us. For example, asset valuation advisors.
  
  Introducers or common business associates who may pass on your details to us;
  
  Third parties who provide services to Your Organisation (e.g. representatives, advisors, delivery drivers, etc.).
As you are acting on behalf of Your Organisation and not a personal capacity, the personal data we use for the business to business relationship is limited and includes:
- IDENTITY DATA, including your
  
  first name, surname, salutation;
  
  signature on signed documents;
  
  photographic identification, where you provide consent for us to feature your photo and/or video imagery for marketing purposes;
- CONTACT DATA, including your business email address, business telephone number(s);
- OCCUPATIONAL, including the name of Your Organisation and your job title,
- OPINIONS, where you consent to provide testimonials or references.
We will only process your personal data where it is lawful and necessary to do so, including
- Our legitimate interests to identify new business opportunities, develop enquiries, generate new business leads and develop a business relationship with you and Your Organisation;
- For the purpose of taking steps to enter into and perform a contract to sell services to Your Organisation;
- To enable us to comply with our legal, statutory and regulatory obligations. For example, Your Organisation may be a government body with whom we need to interact as part of our legal obligations and your personal data will be used to manage this relationship;
- Where you have provided us with consent to use your personal data for marketing or referral purposes;
- To manage our everyday business needs in line with our legitimate interests, such as customer service, accounting, complaint management, troubleshooting, technical support, fraud prevention, protection of our assets and information, and fraud prevention.
- Establish, exercise or defend legal claims;
We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
- To third parties who are providing services to us to enable us to manage the relationship with you and Your Organisation. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data
- To statutory, regulatory, government or law enforcement bodies as required by law;
- To our clients and prospective clients where you have provided us with consent to do so;
- To our business partners where you have provided us with consent to do (for example, where you have been introduced to us by one of our business partners and we seek your consent to inform the business partner that you made contact with us);
- To the general public via our website and our professional social media pages where you have provided us with consent to use your personal data for marketing purposes;
- To third parties in connection with a sale or purchase of assets by us;
- To our funders as part of our credit management processes and funding processes;
- To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us;
- To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement.

7. Online Inquirers

The personal data you provide when submitting an enquiry form through our website, social media or online advertisements will depend on the type of enquiry you make: Inquiry via our website (note that in relation to property lending inquiries, while we do not lend to individuals or sole traders, this does not prevent individuals or sole traders from sending enquiries to us). The personal data we collect will vary depending on different product and service lines being offered from time to time but usually will be limited to:

IDENTITY DATA, including your first name and surname, mobile number, home number, sole trader business name, CRO number, VAT number and/or PPS number;

CONTACT DATA, including your email address and telephone number;

OCCUPATIONAL, including your company name, your role/position, and, in the case of sole traders, the business county, industry and numbers of years trading;

FINANCIAL (where the enquirer is a sole trader), including approximate turnover, type of finance required, loan amount required, account number, nature of business, request information and supporting documentation (e.g. bank statement);

PREFERENCES, including your interest in our products and your marketing preferences;

Other online enquiries (e.g. via social media or online advertisement forms). The personal data we collect will vary depending on the online advertising campaign but usually will be limited to:

IDENTITY DATA, including your first name, surname, business name (if sole trader);

CONTACT DATA, including your email address and telephone number;

OCCUPATIONAL, including your company name;

LOCATION, including your city;

PREFERENCES, including your interest in our products and your marketing preferences;
The communications you send to us via our website are kept private by being sent directly to our CRM system, which we then use to manage and respond accordingly. The personal data are only shared with the third parties who supply software to enable us to receive, manage and respond to these communications. This inbound communication management is in line with our legitimate interests to run our business. When you inquire via Facebook and LinkedIn, your data is stored within the social media platform for a limited time frame to enable us to download the data and respond to your query.

8. Pension Beneficiary

If you are a beneficiary of a pension fund (“Pension Beneficiary”) to which we have considered and/or advanced a pension mortgage loan to, this section relates to you.

We gather your personal data from both direct and indirect sources:

Directly from you. Examples include when you:

Interact directly with us via telephone, email, post and/or in person;

Submit inquiries and information via our website;

Provide information as part of an inquiry about a pension mortgage facility from us;

Obtain a pension mortgage facility from us and conduct transactions with us;

From third parties. Examples include collection from:

the Pension Trust or Trustees;

Other representatives, service providers, intermediaries or brokers acting on behalf of the Pension Beneficiary or Pension Trust or Trustees;

Publicly available information. For example, from company registers (including the Companies Registration Office), press publications, online search engines and related results;

Third parties who provide services to us;

Introducers or common business associates who may pass on your details to us;

Credit reference agencies (including the Irish Credit Bureau);

Company and credit information databases, such as Vision-Net.ie, which provide credit information on businesses and individuals, including information on directors, shareholdings, judgments, bankruptcies and more; and

Sanctions and politically exposed persons databases as part of our anti-money laundering practices.
The personal data we use for the business to business relationship is limited and includes:

IDENTITY DATA, including:

your first name, surname, salutation, signature, age;

date of birth;

photographic and other identification documents;

photograph and/or video imagery (where you provide consent for us to feature such personal data for marketing purposes);

CONTACT DATA, including your personal address and, where you have provided data to us in correspondence, your email address and telephone number(s);

RELATIONSHIPS, including family, social and business relationship where relevant as part of the credit assessment process;

OCCUPATIONAL, including

the name of your employer, your job title;

directorship information;

proposed retirement date.

FINANCIAL, including, where relevant,

Financial position details, including income (incl. income tax details) and expenditure, assets and liabilities, insolvency details, bankruptcy details, credit rating, judgment details;

Pension details, including contribution, fund valuation, date of valuation, fund leverage, fund investment liquidity, pension advisor, pension trustee, Revenue approved trustee;

STATEMENTS ABOUT YOU, where relevant as part of the credit assessment process;

INTERACTIONS with Capitalflow staff by way of email or letter correspondence, minutes of meetings or otherwise;

PREFERENCES, regarding the marketing communications you wish to receive from Capitalflow.
We will only process your personal data where it is lawful and necessary to do so. Your personal data are processed:

To facilitate our legitimate interests to identify new business opportunities, develop enquiries, generate new business leads and develop a business relationship with you;

For the purposes of entering into and performing a pension mortgage loan agreement, including:

Establishing the Pension Beneficiary’s eligibility;

Processing the pension mortgage application;

Conducting financial, security and credit due diligence and reviews;

Contacting you on matters relating to the contract;

Recovering debts owed to us.

To enable us to comply with our legal, statutory and regulatory obligations. For example:

Conducting anti-money laundering checks on beneficial owners of the Pension Beneficiary;

The preparation and audit of financial statements in compliance with company law;

Reporting and responding to requests from regulatory bodies, law enforcement agencies, the courts or otherwise;

To manage our everyday business needs in line with our legitimate interests, such as risk management, accounting, business continuity, complaint management, troubleshooting, technical support, protection of our assets and information, and to establish, exercise and safeguard our rights.

Where you have provided us with consent to use your personal data for marketing or referral purposes.
We do not share your personal data with third parties unless it is necessary. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
- To the Pension Trust or Trustees;
- To authorised representatives, brokers, intermediaries and to third parties providing services to the Pension Beneficiary and Pension Trust(ees);
- To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data;
- To statutory, regulatory, government or law enforcement bodies as required by law;
- To third parties in connection with a sale or purchase of assets by us;
- To our funders as part of our credit management processes and funding processes;
- To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us;
- To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement;
- To our business partners where you have provided us with consent to do (for example, where you have been introduced to us by one of our business partners and we seek your consent to inform the business partner that you made contact with us); and
- To the general public via our website and our professional social media pages where you have provided us with consent to use your personal data for marketing purposes.

9. Signing Witnesses

When you are signing a document as a witness, the personal data you provide to us is typically limited to:

IDENTITY DATA, including your first name, surname, salutation, business name (sole trader), signature;

CONTACT DATA, including your email address, address, telephone number(s);

OCCUPATIONAL, including, your employer name and your job title;
We do not share your personal data with third parties unless it is necessary. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
- To authorised representatives, brokers, intermediaries and to third parties providing services to the Signer;
- To third parties who are providing services to us to enable us to manage the relationship with the Signer. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data;
- To statutory, regulatory, government or law enforcement bodies as required by law;
- To third parties in connection with a sale or purchase of assets by us;
- To our funders as part of our credit management processes and funding processes;
- To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us; and
- To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement.

10. Suppliers (Who Are Sole Traders)

Where you act as a sole trader and have supplied products or services to Capitalflow, this section relates to you.

As a supplier or service provider to Capitalflow, we collect your personal data directly when you interact with us via telephone, email, post and/or person (e.g. meetings, events, conferences, etc.). We may also collect personal data from third party sources, examples of which include

From publicly available information. For example, from company registers (including the Companies Registration Office), press publications, trade directories and online search engines and related results.

Introducers or common business associates who may pass on your details to us;

Third parties who provide services to you (e.g. your representatives, advisors, delivery drivers, etc.);

Our banking providers, in relation to transactions with you;
Our relationship with you as a supplier is a business to business relationship and the personal data processed are limited to what is necessary to establish a relationship with you and obtain your services, including:

IDENTITY DATA, including:

your first name, surname, salutation, business name;

photographic and other identification documents (brokers and intermediaries only);

photographic identification, where you provide consent for us to feature your photo and/or video imagery for marketing purposes;

CONTACT DATA, including your email address, business address, personal address, billing address, telephone number(s);

OCCUPATIONAL, including;

information about your past/current clients, past/current projects and any other information that may be considered by us when assessing your suitability to provide a service; and

relevant insurance and/or health and safety details where required.

FINANCIAL, including bank account details and VAT or other relevant tax details to facilitate transactions with you, as well as your transactional and account history with Capitalflow;
We will only process your personal data where it is lawful and necessary to do so. Typically, your personal data are processed for the purpose of entering into and performing a contract with you as a supplier to Capitalflow, including when we:

Make an inquiry to purchase a product or service from you;

Avail of the products and/or services from you as a supplier;

Transact with you and make payments to you pursuant to the contract;

Establish, exercise or defend legal claims in relation to the contract;

Correspond with you throughout the relationship.

Your personal data may also be used:

To enable us to comply with our legal, statutory and regulatory obligations. For example, your personal data may be included in our returns to the Revenue Commissioners in complying with taxation law, as part of the preparation and audit of financial statements in compliance with company law and for compliance with legally binding requests from regulatory bodies, law enforcement agencies, the courts or otherwise;

To manage our everyday business needs in line with our legitimate interests, such as accounting, complaint management, troubleshooting, technical support, protection of our assets and information, and fraud prevention.

To inform potential and/or current Capitalflow clients that you are a supplier. This will be in limited circumstances and your explicit consent will be sought before it occurs.
We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
- To third parties who are providing services to us to enable us to manage the relationship with you. For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data
- To our bank when we are transacting with you;
- To statutory, regulatory, government or law enforcement bodies as required by law;
- To our clients and prospective clients where you have provided us with consent to do so; and
- To our business partners where you have provided us with consent to do (for example, where you have been introduced to us by one of our business partners and we seek your consent to inform the business partner that you made contact with us).
- To third parties in connection with a sale or purchase of assets by us;
- To our funders as part of our credit management processes and funding processes;
- To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us;
- To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement;

11. Tenant Of Secured Property

In our business to business relationships with companies or organisations that are potential, existing or legacy Capitalflow customers (“Corporate Customers”), we will process some personal data belonging to individuals who are tenants within property that is being proposed, is held or was held as security for a credit facility (“Secured Property”). If you fall into this category, this section relates to you.

We gather your personal data indirectly from third parties, including:

the Corporate Customer;

Representatives, intermediaries or brokers acting on behalf of the Corporate Customer;

Third parties who provide services to the Corporate Customer (e.g. asset valuers, legal advisors, receivers, etc.) and who are authorised representatives of the Corporate Customer;

Third parties who provide services to us (e.g. asset valuers).

On rare occasions, we may also gather your personal data directly in the event that we need to interact directly with you as part of the performance of our contract with the Corporate Customer.
The personal data we use for the business to business relationship with the Corporate Customer is limited to details about the tenancy and includes:

IDENTITY DATA, including your

first name, surname, salutation;

signature on signed documents (e.g. lease agreement);

CONTACT DATA including the address of the let unit within the Secured Property and any other contact data that may be included in the lease agreement (e.g. telephone number, email address, etc.);

OCCUPATIONAL DATA that may be included in the lease agreement, including the name of your employer and your job title;

TENANCY DATA, which may include rent, lease term, the lease agreement and all related lease terms or amendments.
We will only process your personal data where it is lawful and necessary to do so, including

Our legitimate interests to identify new business opportunities, develop enquiries, generate new business leads and develop a business relationship with the Corporate Customer;

For the purpose of taking steps to enter into and perform a contract with the Corporate Customer;

To enable us to comply with our legal, statutory and regulatory obligations.

To manage our everyday business needs in line with our legitimate interests, such as customer service, accounting, complaint management, troubleshooting, technical support, fraud prevention, protection of our assets and information, and fraud prevention.

Establish, exercise or defend legal claims;
We do not share your personal data with third parties unless it is necessary. Sharing occurs with a limited set of individuals and organisations and in limited circumstances. Examples of when sharing may occur and the third parties to whom we share your personal data are as follows:
- To authorised representatives, brokers, intermediaries and to third parties providing services to the Corporate Customer;
- To third parties who are providing services to us to enable us to manage the relationship with the Corporate For example, our software providers, our IT support providers, our professional advisors and our financial statement auditors. Where we enter into agreements with third parties to process your personal data on our behalf, we will ensure that appropriate contractual protections are in place to protect the security of the data;
- To statutory, regulatory, government or law enforcement bodies as required by law;
- To third parties in connection with a sale or purchase of assets by us;
- To our funders as part of our credit management processes and funding processes;
- To anyone to whom we transfer or may transfer our rights and duties in respect of loans, products or services provided by us;
- To anyone to whom we may potentially or actually transfer any loan, product or service provided by us or to anyone in connection with a potential or actual secured financing, securitisation or other funding arrangement;

12. Visiting our Capitalflow website

Cookies are small text files that can be used by websites to make a user’s experience more efficient. Our website uses different types of cookies, which are explained to all website visitors clearly in our cookie notice and consent tool when first visiting our website. We will only ever use cookies upon receipt of your consent to do so, with the exception of a limited number of cookies which are switched on by default as they are strictly necessary in order to make the website work for you. Please refer to the cookie notice and consent tool for more information and to manage your consent preferences.

Social networks

We maintain active social network accounts. We embed widgets from these networks to provide follow buttons, like boxes and stream embeds. This will result in cookies being set by these networks while using our site, subject to your consent to the processing of such cookies. As above, please refer to our cookie notice and consent tool on our website for details and preference management.

Links Pages

Some of the pages on our website contain hypertext links to websites not maintained by us. They are merely suggested websites which may be of interest to visitors to our Website. Please be reminded that different terms and conditions of use will apply to you as a user of these websites. In addition, such websites may not have the same privacy standards that we maintain.

See full cookie policy

PART B: General Processing Information

You are not under any obligation to provide your personal data to us. However, we do need some personal data in order to enter certain contracts with you (for example, to be able to provide you with a loan facility or to enter a sale or purchase contract with you/your employer) or to provide services to you (for example, certain functions on our websites will not be able to function correctly without cookies) and failure to provide this information may result in us not being able to enter such contracts or provide you with such services. You will be notified if this is the case at the time.
As a principle, we do not hold your personal data for longer than is necessary. The length of time we hold the data depends on the type of data and on a number of other factors, including to meet our legal and regulatory obligations as well our ability to perform a contract that may exist between us and you. In most cases, we retain data for 7 years after the date upon which a transaction completed or when the relationship ceased. For more information on your right to request erasure of your personal data, please see section (iii) under “PART C: YOUR RIGHTS” below.
Capitalflow has a range of technical and organisational measures in place to protect information and keep your personal data secure across our IT systems and networks and physical storage locations. In the event of certain types of personal data breaches, we are legally obliged to notify the Data Protection Commission and affected individuals to whom the personal data belong. We have implemented internal procedures to manage personal data security breaches in accordance with our legal obligations.
In connection with the above purposes we occasionally, and only where necessary, transfer your personal data to third parties outside the European Economic Area (“EEA”). If and to the extent that we do so, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers, which may include:
- to a jurisdiction which has been subject to an “Adequacy” decision from the European Commission, meaning the jurisdiction is recognised as providing for an equivalent level of protection for personal data as is provided for in the European Union;
- entering into a contract governing the transfer which contains the “standard contractual clauses” approved for this purpose by the European Commission; or
- in respect of transfers to the United States of America, ensuring that the transfer is covered by the EU-US Privacy Shield framework.

PART C: Your Rights

You have a number of rights in respect to the personal data we process about you. These are:
- The right to access your personal data, which includes receiving confirmation on whether the personal data are being processed and if so, receiving the personal data and related information about why they are being processed, the categories of personal data involved, to whom the personal data have been or will be shared and how long the data will be kept for.
- The right to request that we rectify inaccurate data or update incomplete data. You may also request that we restrict the processing of the personal data until the rectification or updating has been completed, although please be aware that we may have to suspend the operation of your account or the products or services that we provide.
- The right to request that we erase your data under certain circumstances, including where you want to withdraw the consent you previously gave to us, where you object to Capitalflow processing the data for its own legitimate interests (e.g. direct marketing) or where Capitalflow’s processing of the data is unlawful. In the case of unlawful processing, you can also request that this processing is restricted rather than the personal data being erased. Please be aware that we may have to suspend the operation of your account or the products or services that we provide where data processing is restricted. Furthermore, we may need to retain and use some personal data to the extent necessary to comply with our legal obligations and for our legitimate interests such as fraud detection and prevention or protecting our assets. We also retain records to protect from accidental or malicious loss and destruction, meaning residual copies of your personal data may not be removed from our backup systems for a limited period of time.
- The right to object to the processing of your personal data, where such processing is being conducted for the purpose of:
  
  Direct marketing;
  
  Establishing, exercising or defending ourselves or others from legal claims; or
  
  Our legitimate interests, unless we can demonstrate that our interests override your interests and rights. You may request that we restrict the processing of the personal data until this analysis of legitimate interests has been concluded, although please be aware that we may have to suspend the operation of your account or the products or services that we provide where data processing is restricted.
- The right to receive your data in a portable format or, subject to it being technically feasible, have us transfer it directly to a third party. This applies where you have provided us with consent for the processing or where the processing is necessary for entering a contract with us.
- The right, at any time, to withdraw consent you have provided to us to process your personal data.
- The right to lodge a complaint to the Data Protection Commission or another supervisory authority.
If you wish to raise a complaint in relation to how we processed your personal data, please contact our Data Protection Officer. We take your privacy and data protection very seriously in Capitalflow and we endeavour to address your complaint as expediently and as thoroughly as we can in order to find a satisfactory resolution for you. You also have the right to escalate the matter to the Data Protection Commission or other supervisory authority. The Office of the Data Protection Commission can be contacted at: Email: info@dataprotection.ie Telephone: +353 (0)761 104 800 or +353 (0)57 868 4800 Postal Address: Data Protection Commission, 21 Fitzwilliam Square South,Dublin 2, D02 RD28

Further details on your rights are available from https://www.centralcreditregister.ie/borrower-area/data-protection-statement/

Full Privacy Statement

Contact Us

Get a Quick Quote

Help Centre

FAQs Application Process Rates & Repayments

View All