Last updated September 2019.
Sorodo Limited understands how important your privacy is and we take its security seriously. Please read this policy carefully, along with our Terms and Conditions and any other documents referred to in this policy, to understand how we collect, use and store your personal and business information.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Who are we?
We are Sorodo Limited, and this website (www.smeinvoicefinance.co.uk) (“Website“) is a trading style of Sorodo Limited. We act as a business finance intermediary for you, our customer.
In this policy, whenever you see the words “We“, “Us” or “Our“, it refers to both Sorodo Limited and our trading website www.smeinvoicefinance.co.uk.
- We are registered in England and Wales under company number 08039501, and our registered office address is St Andrews Park, Queens Lane, Bromfield Industrial Estate, Mold, Flintshire, CH7 1XB, UK.
- We are authorised and regulated by the Financial Conduct Authority under firm reference number 774781.
- We are registered as a data controller with the Information Commissioner’s Office. Our data protection registration number is ZA160887.
We respect your right to privacy and will only process personal information you in accordance with the Data Protection Legislation which for the purposes of this policy shall mean: (i) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998 and other applicable privacy laws.
We take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience.
When you use or contact our Website, you do so at your own discretion and provide any such personal details requested at your own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed below. Every effort has been made to ensure a safe and secure form to email submission process but we advise users using such form to email processes that you do so at your own risk.
As the party responsible for data processing we ensure that the processed data:
- is processed in accordance with the applicable privacy regulations; and
- is sufficiently protected to not be exposed to persons who should have no access to it, this both internally and externally by taking technical, contractual and organisational safety measures.
Why we collect information
To provide our services to you, we need to collect and process personal and business data about you and disclose that personal and business data to a number of third-party funders. This personal and business data is necessary to provide you with the quotations and services that you have requested. All personal data will be held in strictest confidence and used only for the purposes of providing the service you have requested, subject to certain exceptions as described below.
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. Below is a list of the purposes for which we process your personal data, and the lawful basis on which we carry out such processing:
- Necessary for entering into, or performing, a contract – in order to perform obligations that we undertake in providing the Services, or in order to take steps at your request to enter into a contract with us, it will be necessary for us to process your personal and business data;
- Necessary for compliance with a legal obligation – we are subject to certain legal requirements which may require us to process your information. We may also be obliged by law to disclose your information to a regulatory body or law enforcement agency;
- Necessary for the purposes of legitimate interests – either we, or a third party, will need to process your information for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your information protected. Our legitimate interests include ensuring that our operations are conducted in an appropriate and efficient manner, responding to requests and enquiries from you or a third party, optimising our website and customer experience and informing you about our products and services;
- Consent – in some circumstances, we may ask for your consent to process your information in a particular way. To the extent that we are processing your information based on your consent, you will have the right to withdraw your consent at any time. You can do this by contacting us at firstname.lastname@example.org at any time.
In some instances, it may be appropriate for us to combine your information with other information that we may be holding about you, such as combining your name with your geographic location or your browsing or purchasing history.
How we collect information
We collect your personal and business data in the following ways:
1. When you use our website
By visiting our Website, we automatically collect data relating to your browsing activity, including but not limited to:
- your referring domain (the website you were referred from);
- your IP address;
- your user-agent (your browser information);
- the pages that you visit within our Website;
- your geographic location (country only);
- the preferred language used to display the webpage;
- date and time when website pages were accessed.
The data we collect from your browsing activity is passed onto third party companies for analytical purposes only. The service provided by our third parties allows us to evaluate how visitors use our Website and this information is used to help us improve our website and our visitor’s browsing experience. All of our third-party analytics companies will not share your information or be able to identify you with any other data held by them.
2. When you complete our application form
By completing the application form on our Website, we will ask for the following information to be completed by yourself:
- Your first name;
- Your last name;
- Your company name;
- Your phone number;
- Your email address;
- Your annual turnover;
- How much funding is required?
We will also collect the following information automatically when you apply. The information collected will be used for fraud prevention:
- your ip address;
- your user-agent (browser).
3. When you email, phone, live chat or otherwise
We may collect information such as your first name, last name, email address and phone number.
4. Information we receive from other sources
We may use publicly available records such as companies house, public-facing websites and social media platforms.
We may receive information about you if you use any of the other websites we, or our group companies, operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, service providers, advertising networks, analytics providers, and search information providers) and may receive information about you from them. This may be combined with other information you provide to us, as described above.
5. Through cookies
We use systems to make automated decisions based on the personal and business data that you provided to us during the application process. This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know. These automated decisions can affect the funders who can access your application information.
As those decisions have a legal (or similarly significant effect) on you, you have the right to challenge to such decisions under GDPR, requesting human intervention, expressing your own point of view, and obtaining an explanation of the decision from us.
The right described in this section does not apply in the following circumstances:
- the decision is necessary for the entry into, or performance of, a contract between you and us;
- the decision is authorised by law; or
- you have given your explicit consent
Here are the types of automated decisions we make:
We have strict filtering in place with our lenders where your application may not be passed onto a funder. For example:
- Some of our lenders will not accept sole trader applications.
- Some lenders require a minimum trading period, for example, you have to be trading more than 3 months.
- Some of our lenders will not accept loan amounts below or above a certain threshold.
- Some of our lenders require you to accept card payments online or offline.
Although we have filtering in place you have the right to opt out of automated decisioning and ask for us to present your application to a lender for them to manually review.
- You can ask that we do not make our decision based on the automated score alone.
- You can object to an automated decision, and ask that a person reviews it.
If you want to know more about these rights, please contact us.
If you fail to provide personal data
If you choose not to provide the personal information we request, you can still visit some areas of the Website, but you may be unable to access certain options and services that involve interaction or receive our Services. You have the final decision on whether to proceed with any activity that requests personal information.
Where we need to collect personal data by law, or under the terms of a contract we have with You and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
How do our funding partners use your personal and business data?
We will never share your information for marketing purposes and the information shared will be for the purpose of providing business finance quotes only.
As we are a business finance intermediary and to provide you with business finance quotes, we will share your information with the funders listed below. Our funding partners will use your personal and business data to assess and rate your information prior to issuing a quote. Some of our funding partners may search external sources (e.g. the edited electoral roll, county court judgments, bankruptcy registers) to assess your application for accuracy. Searches of this kind may be recorded by credit agencies, but they won’t affect your credit rating. We may also use other third party providers from time to time but where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
Your data will be anonymised (your personal and business identifiable information is hidden), and only the following information will be shown to the funder; loan amount, business type, how long you have been trading, do you accept card payments, your average monthly card takings and your average monthly takings. If the funder feels they can provide you with a quote, they will then be able to view your information and will contact you directly via email and/or phone to provide you with a quote.
We will only ever share your information if we are satisfied that our funding partners have sufficient measures in place to protect your information in the same way that we do. Anyone who receives information from us has a legal duty to keep it confidential.
We do not allow our third-party service providers or funding partners to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Our current funding partners:
Do we pass personal data to third parties?
We are also allowed to disclose your information in the following cases:
- If we want to sell our business, or our company, we can disclose it to the potential buyer.
- We can disclose it to other businesses in our group.
- We can disclose it if we have a legal obligation to do so, or in order to protect other people’s property, safety or rights.
We can exchange information with others to protect against fraud or credit risks.
Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under GDPR and the law.
Transfer of your information outside the European Union
We may need to transfer your personal data outside of the European Union in order to provide you with the services and products you require. Some of these countries may not have laws that protect privacy rights as extensively as in the European Union. If we do transfer your personal information to other territories, we will take proper steps to ensure that your information is properly protected and ensure that we will only deal with suppliers outside the EU who are GDPR compliant and have policies in place to protect your data.
By providing us with personal and business data, we will not market to your data unless you explicitly opt-in during the application process. You can opt out at any time via our website and with the opt-link provided via the marketing methods used.
We will also ensure through strict policies that the funders who receive your personal and business data will not market to your data unless you explicitly opt in with the funder.
As already indicated above, with your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email and/or telephone with information, news and offers on our Services if you opt in to do so. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015.
In addition, if you don’t want us to use your personal data for any of the other reasons set out in this section, you can let us know at any time by contacting us at email@example.com, and we will delete your data from our systems. However, you acknowledge this will limit our ability to provide the best possible services to you.
How you can access and update your information
Under the GDPR, You have the right to:
- request access to, deletion of or correction of, Your personal data held by Us at no cost to You;
- request that Your personal data be transferred to another person (data portability);
- be informed of what data processing is taking place;
- restrict processing;
- to object to processing of Your personal data; and
- complain to a supervisory authority.
The accuracy of your information is important to us. You have the right to ask for a copy of the information we hold about you, this information is provided free of charge, but we reserve the right to charge a small fee for excessive requests.
We’re working on ways to make it easier for you to review and correct the information that we hold about through a secure website. In the meantime, if you any of the information we hold is inaccurate or out of date. Please email us at firstname.lastname@example.org, or write to us at F.A.O The Data Controller. Sorodo Limited. St Andrews Park, Queens Lane, Bromfield Industrial Estate, Mold, Flintshire, CH7 1XB, UK. Alternatively, you can telephone 01244 456 123.
How you can request that we stop processing your information
At any time you can inform us to stop processing the information that we hold about you. You can request that we stop processing your data altogether or request that specific funders stop processing your data. We will automatically inform the funder(s) to remove your personal and business information from their systems.
We’re working on ways to make it easier for you to complete these process online. In the meantime, please email us at email@example.com, or write to us at F.A.O The Data Controller. Sorodo Limited. St Andrews Park, Queens Lane, Bromfield Industrial Estate, Mold, Flintshire, CH7 1XB, UK. Alternatively, you can telephone 01244 456 123.
How you can request that we delete the information we hold about you (right to be forgotten)
If you have submitted an application through our website, then you have the right to request that we cancel and remove your personal and business data from our systems. If your application has been sent to funders will automatically inform them of your request and inform them to remove your personal and business information.
We’re working on ways to make it easier for you to complete these process online. In the meantime, if you any of the information we hold is inaccurate or out of date. Please email us at firstname.lastname@example.org, or write to us at F.A.O The Data Controller. Sorodo Limited. St Andrews Park, Queens Lane, Bromfield Industrial Estate, Mold, Flintshire, CH7 1XB, UK. Alternatively, you can telephone 01244 456 123.
How you can request that we stop marketing to you
We will only market to you if you have opted in via our application form. With all marketing methods, we provide a full opt-out link within the marketing media and on our website.
How long we keep your information
Depending on the type of information that we obtain, the times may vary. However, generally speaking, we will keep the information for as long as it takes us to provide you with the required service.
If you have requested for us not to use your information for the purposes of marketing, this will come into effect, but we may keep your information on record so that we can ensure your preferences are upheld.
The information that you enter on our website will be kept in our records for a minimum of six years from the end of your connection with us. This is so that we’re able to respond to any queries or complaints that may arise. The information will not be used for any other purpose.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example FCA regulation). We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract, you hold with us.
Security precautions in place to protect the loss, misuse or alteration of your information
We have implemented various measures to ensure that the information is adequately protected against unauthorised access, use, disclosure and destruction. Please keep in mind that risk can never be eliminated but can be significantly mitigated and reduced. All measures which we have taken significantly reduce the risk. We shall not be held liable by any Third Party, including you, in any event of unauthorised access, use and/or disclosure of information provided that such is not due to gross negligence, wilful misconduct, fraud or bad faith by us.
Security measures adopted by us include:
- Access to the information stored within Sorodo Limited servers is restricted to a limited number of Sorodo Limited employees and to users designated on our Customer’s accounts and Third Parties who can access the information only in specific and limited circumstances and are bound by confidentiality;
- Sorodo Limited servers are protected by;
- firewalls establishing a barrier between Our trusted, secure internal network and the Internet,
- DDoS mitigation and
- IP restrictions, limiting access to whitelisted IPs
- Each Customer may only access information pertaining to its Customer Website that it is tracking and to the specific End Users visiting such Customers Website.
- We use HTTPS for our services providing secure transfer of data to prevent wiretapping and man-in-the-middle attacks.
If we give you a password upon registration on our Website, you must keep it confidential. Please don’t share it.
By giving us your personal data, you agree to this arrangement. We will do what we reasonably can to keep your data secure.
Credit checks and potential impact to credit score
We do not perform any credit checks but the funder you have been placed with may perform credit checks from a major credit reporting bureau. A missed and/or late payment may affect your credit score.
Cookies and how we use them
A cookie is a small file placed on your computer’s hard drive. It enables our website to identify your computer as you view different pages on our website.
Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.
All Cookies used by and on our Website are used in accordance with current English and EU Cookie Law.
Third party websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
Changes to this policy
You must be over 18 to submit an application.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, or where this is required or permitted by law.