Privacy Policy

This Privacy Policy explains how and why The Capital Group Asset Management Ltd use your personal data. In this policy, when we talk about personal data we mean any information that relates to an identifiable natural person – in this case, you. When we use terms such as “we”, “us” and “our” in this policy, we mean The Capital Group Asset Management Ltd.

This policy applies to personal data processed by or collected on behalf of The Capital Group Asset Management Ltd. We may collect information from you when you apply for a service, contact us by telephone or email or receive a communication from us relating to your service.

You should read this policy so you know what personal data we collect about you, what we do with it and how you can exercise your rights in connection with it. You should also read any other privacy notices that we give you, that might apply to our use of your personal data in specific circumstances from time to time.

The Capital Group Asset Management Ltd is a “Data Controller”. This is a legal term which means that we make decisions about how and why we use your personal data. As the “Data Controller”, we are responsible for making sure that your personal data is used in accordance with applicable data protection laws. As Data Controller, we are required by law to give you the information in this policy.

However, on occasions there may be other Data Controllers involved in processing your data as further explained in this Policy, or as you may be advised at the time your information is to be processed.

In this Policy we have included details of contact points which you can use if you wish to ask us for further information or to exercise your rights. We reserve the right to change the policy at any time, so please check back regularly to keep informed of updates to this Policy.

Have you been introduced to us by a supplier or other Intermediary?

Our products and services are available through equipment suppliers. In this Policy we will call these persons “suppliers and other intermediaries”.

When a supplier or other intermediary processes your personal data on our behalf, this privacy policy will apply, and you should contact us to exercise your rights under data protection laws. When a broker or other intermediary processes your personal data as a Data Controller in its own right, its own privacy policy will apply, and you should ask them for a copy if you do not have one by the time you are introduced to us.

What personal data do we collect from you?

Generally speaking, the personal data we process about you may include:

  • bullet point
    Your name
  • bullet point
    Your date of birth
  • bullet point
    Your address and correspondence address
  • bullet point
    Email addresses and contact telephone numbers
  • bullet point
    What we learn about you from letters, emails and conversations between us
  • bullet point
    Personal data which we obtain from Credit Reference and Fraud Prevention Agencies
  • bullet point
    Some special categories of personal data such as information about your health

Beneficial Owners

If you make an application for your business, we will also collect the personal data mentioned above about all individuals who you have a financial link with, for example other directors or officers of your company, who you must include on the application form. You must show this policy to any other applicants (including all beneficial owners and directors) and ensure they know you will share their personal data with us for the purposes described in it.

In order to assess your company’s suitability for the product, we need to verify that all applicants are included and the identity for all applicants is verified. To do this, we use an external agency to check all directors are included and gather publicly held data to run authentication and world checks. If the data we gather is insufficient to allow us to run these checks, we will request them directly from you.

What is the source of your personal data?

Directly from you: We will generally collect your personal data from you directly.

Data from third parties we work with:

  • bullet point
    Companies that introduce you to us
  • bullet point
    Suppliers
  • bullet point
    Credit Reference Agencies (CRAs)
  • bullet point
    Comparison websites
  • bullet point
    Social networks
  • bullet point
    Fraud prevention agencies (FPAs)
  • bullet point
    Public information sources such as Companies House
  • bullet point
    Government and law enforcement agencies

Data we collect when you use our services:

  • bullet point
    Payment and transaction data.
  • bullet point
    Umami Analytics: We use Umami, a privacy-focused, cookie-less tracking platform, to collect statistical data about our users' browsing actions and patterns. This helps us understand website performance and does not identify you as an individual or use traditional tracking cookies.
  • bullet point
    Cloudflare Turnstile: We use Cloudflare Turnstile to ensure the security of our website and prevent bot abuse. This is a strictly necessary security service that uses privacy-preserving tokens rather than intrusive tracking cookies.

From Credit Reference Agencies (CRAs):

To help us assess applications, prevent fraud, and meet our legal obligations, we may obtain information about you from credit reference agencies (CRAs). We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws.

Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices:

  • bullet point
    Creditsafe Privacy Notice: www.creditsafe.com
  • bullet point
    TransUnion CRAIN (Credit Reference Agency Information Notice): www.transunion.co.uk/crain

In addition, we may obtain your personal data from Fraud Prevention Agencies, your employer, landlord, other lenders, Her Majesty’s Revenue & Customs (HMRC), Department for Work and Pensions (DWP), publicly available directories and information (e.g. telephone directory, social media, internet, news articles).

What we do with your data

The Capital Group Asset Management Ltd has the right to process personal data in order to assess your credit worthiness and check that you are an appropriate person or business to enter into a supply relationship with, and so such processing is necessary in order for us to enter into a contract with you.


We collect and process your data for several purposes, including:

  • bullet point
    Processing necessary to perform our contract with you for your product or service or for taking steps prior to entering into it during the application stage.
  • bullet point
    To carry out “know your client” procedures, help make credit decisions, and for fraud prevention.
  • bullet point
    Prevent criminal activity, fraud and money laundering.
  • bullet point
    Trace and recover debts.
  • bullet point
    Administering and managing your account and associated services.
  • bullet point
    Sharing your personal data with certain third-party service suppliers such as payment service providers.

Processing necessary to comply with our legal obligations:

  • bullet point
    To carry out identity checks, anti-money laundering checks and checks with Fraud Prevention Agencies pre-application.
  • bullet point
    For compliance with laws that apply to us.
  • bullet point
    For establishment, defence and enforcement of our legal rights.
  • bullet point
    For activities relating to the prevention, detection and investigation of crime.

Who might we share your data with?

In order to provide our services, there will be times when we will share your data. These include:

Sharing with our contracted third-party suppliers We may share your personal data with companies whom we have contracts in place for the supply of goods and services as part of providing service to our customers. We will have in place an agreement with our service providers which will restrict how they are able to process your personal data.

Sharing where we are obliged under a legal obligation We will disclose your personal data in order to comply with any legal regulations or good governance obligations, or to enforce or to protect our rights, property, or safety. We may share your personal information with Law enforcement agencies and governmental bodies such as HMRC and the Information Commissioner’s Office.

Sharing information with Credit Reference Agencies and Fraud Prevention Agencies To process your application, we will perform credit and identity checks on you with one or more Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FPAs). We will use this information to assess your creditworthiness, verify data accuracy, prevent criminal activity, manage your account, and trace and recover debts.

Sharing under change of business ownership In the event that we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.

Transferring data abroad

We will only send your data outside of the European Economic Area (‘EEA’) to follow your instructions, comply with a legal duty, or work with our suppliers. If we do transfer your personal information outside the UK and EEA, we will make sure that it is protected to the same extent as in the UK and EEA through appropriate contracts and safeguards.

How long we keep your information

We will keep your personal data for six years from the end of the last financial year of our business relationship with you. This includes credit agreements, application forms, ID provided, credit scores, payments default records and complaints. We keep data relating to prospective and indicative customer enquiries for 3 years following the expiry of the quote or illustration. After this time, the data is securely disposed of.

Your rights

Here is a list of the rights that all individuals have under data protection laws. If you wish to exercise any of them, please contact us at info@capitalgp.co.uk:

  • bullet point
    The right to be informed: We must be transparent with you about the processing that we do with your personal data.
  • bullet point
    The right to request access: You can request the personal data held about you to obtain confirmation that it is being processed.
  • bullet point
    The right to object: You can object to the processing of your personal data where it is based on legitimate interests or direct marketing.
  • bullet point
    The right to restrict processing: You can request we restrict the processing of your data in certain circumstances.
  • bullet point
    The right to have your personal data erased: Also known as the “right to be forgotten”, enabling you to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
  • bullet point
    The right to have your personal data corrected: If it is inaccurate or incomplete.
  • bullet point
    The right to data portability: Allowing you to obtain and reuse your personal data for your own purposes across different services.

Monitoring

We may monitor where permitted by law and we will do this where the law requires it. Some of our monitoring may be to prevent or detect crime, protect the security of our communications systems, and for quality control and staff training purposes.

Use of Automated Processing and Automated Decision Making

Like many Financial Service providers, we use automated processing in our account opening and identification processes. We may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with known risks.

We use a system to decide whether to lend money to you or your business, called credit scoring. It uses past data from your application, CRAs, and data we may already hold to assess how you’re likely to act while paying back any money you borrow. You can ask that we do not make our decision based on the automated score alone and request that a person reviews it.

Data Anonymisation and Aggregated Information

Your personal data may be converted into statistical or aggregated data which cannot be used to re-identify you. It may then be used to produce statistical research and reports.

Contact us

For more on how your information is used, how we maintain the security of your information and your rights to access/alter and change information we hold on you, please write to us at:

Email: info@capitalgp.co.uk

Should you be unhappy with our processing of your personal data, you have a right to complain to the Information Commissioner's Office (ICO), which is the regulator for data protection in the UK.