Last updated September 2019.
Sorodo Limited understands how important your privacy is and we take its security seriously. Please read this policy carefully, along with our Terms and Conditions and any other documents referred to in this policy, to understand how we collect, use and store your personal and business information.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We are Sorodo Limited, and this website (www.smeinvoicefinance.co.uk) ("Website") is a trading style of Sorodo Limited. We act as a business finance intermediary for you, our customer.
In this policy, whenever you see the words "We", "Us" or "Our", it refers to both Sorodo Limited and our trading website www.smeinvoicefinance.co.uk.
We respect your right to privacy and will only process personal information you in accordance with the Data Protection Legislation which for the purposes of this policy shall mean: (i) unless and until the GDPR is no longer directly applicable in the UK, the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998 and other applicable privacy laws.
We take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience.
When you use or contact our Website, you do so at your own discretion and provide any such personal details requested at your own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed below. Every effort has been made to ensure a safe and secure form to email submission process but we advise users using such form to email processes that you do so at your own risk.
As the party responsible for data processing we ensure that the processed data:
To provide our services to you, we need to collect and process personal and business data about you and disclose that personal and business data to a number of third-party funders. This personal and business data is necessary to provide you with the quotations and services that you have requested. All personal data will be held in strictest confidence and used only for the purposes of providing the service you have requested, subject to certain exceptions as described below.
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. Below is a list of the purposes for which we process your personal data, and the lawful basis on which we carry out such processing:
In some instances, it may be appropriate for us to combine your information with other information that we may be holding about you, such as combining your name with your geographic location or your browsing or purchasing history.
We collect your personal and business data in the following ways:
By visiting our Website, we automatically collect data relating to your browsing activity, including but not limited to:
The data we collect from your browsing activity is passed onto third party companies for analytical purposes only. The service provided by our third parties allows us to evaluate how visitors use our Website and this information is used to help us improve our website and our visitor’s browsing experience. All of our third-party analytics companies will not share your information or be able to identify you with any other data held by them.
By completing the application form on our Website, we will ask for the following information to be completed by yourself:
We will also collect the following information automatically when you apply. The information collected will be used for fraud prevention:
We may collect information such as your first name, last name, email address and phone number.
We may use publicly available records such as companies house, public-facing websites and social media platforms.
We may receive information about you if you use any of the other websites we, or our group companies, operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, service providers, advertising networks, analytics providers, and search information providers) and may receive information about you from them. This may be combined with other information you provide to us, as described above.
We use systems to make automated decisions based on the personal and business data that you provided to us during the application process. This helps us to make sure our decisions are quick, fair, efficient and correct, based on what we know. These automated decisions can affect the funders who can access your application information.
As those decisions have a legal (or similarly significant effect) on you, you have the right to challenge to such decisions under GDPR, requesting human intervention, expressing your own point of view, and obtaining an explanation of the decision from us.
The right described in this section does not apply in the following circumstances:
Here are the types of automated decisions we make:
We have strict filtering in place with our lenders where your application may not be passed onto a funder. For example:
Although we have filtering in place you have the right to opt out of automated decisioning and ask for us to present your application to a lender for them to manually review.
If you want to know more about these rights, please contact us.
If you choose not to provide the personal information we request, you can still visit some areas of the Website, but you may be unable to access certain options and services that involve interaction or receive our Services. You have the final decision on whether to proceed with any activity that requests personal information.
Where we need to collect personal data by law, or under the terms of a contract we have with You and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
We will never share your information for marketing purposes and the information shared will be for the purpose of providing business finance quotes only.
As we are a business finance intermediary and to provide you with business finance quotes, we will share your information with the funders listed below. Our funding partners will use your personal and business data to assess and rate your information prior to issuing a quote. Some of our funding partners may search external sources (e.g. the edited electoral roll, county court judgments, bankruptcy registers) to assess your application for accuracy. Searches of this kind may be recorded by credit agencies, but they won't affect your credit rating. We may also use other third party providers from time to time but where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
Your data will be anonymised (your personal and business identifiable information is hidden), and only the following information will be shown to the funder; loan amount, business type, how long you have been trading, do you accept card payments, your average monthly card takings and your average monthly takings. If the funder feels they can provide you with a quote, they will then be able to view your information and will contact you directly via email and/or phone to provide you with a quote.
We will only ever share your information if we are satisfied that our funding partners have sufficient measures in place to protect your information in the same way that we do. Anyone who receives information from us has a legal duty to keep it confidential.
We do not allow our third-party service providers or funding partners to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Our current funding partners:
We are also allowed to disclose your information in the following cases:
We can exchange information with others to protect against fraud or credit risks.
Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under GDPR and the law.
We may need to transfer your personal data outside of the European Union in order to provide you with the services and products you require. Some of these countries may not have laws that protect privacy rights as extensively as in the European Union. If we do transfer your personal information to other territories, we will take proper steps to ensure that your information is properly protected and ensure that we will only deal with suppliers outside the EU who are GDPR compliant and have policies in place to protect your data.
By providing us with personal and business data, we will not market to your data unless you explicitly opt-in during the application process. You can opt out at any time via our website and with the opt-link provided via the marketing methods used.
We will also ensure through strict policies that the funders who receive your personal and business data will not market to your data unless you explicitly opt in with the funder.
As already indicated above, with your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email and/or telephone with information, news and offers on our Services if you opt in to do so. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended in 2004, 2011 and 2015.
In addition, if you don’t want us to use your personal data for any of the other reasons set out in this section, you can let us know at any time by contacting us at firstname.lastname@example.org, and we will delete your data from our systems. However, you acknowledge this will limit our ability to provide the best possible services to you.
Under the GDPR, You have the right to:
The accuracy of your information is important to us. You have the right to ask for a copy of the information we hold about you, this information is provided free of charge, but we reserve the right to charge a small fee for excessive requests.
We’re working on ways to make it easier for you to review and correct the information that we hold about through a secure website. In the meantime, if you any of the information we hold is inaccurate or out of date. Please email us at email@example.com, or write to us at F.A.O The Data Controller. Sorodo Limited. St Andrews Park, Queens Lane, Bromfield Industrial Estate, Mold, Flintshire, CH7 1XB, UK. Alternatively, you can telephone 01244 456 123.
At any time you can inform us to stop processing the information that we hold about you. You can request that we stop processing your data altogether or request that specific funders stop processing your data. We will automatically inform the funder(s) to remove your personal and business information from their systems.
We’re working on ways to make it easier for you to complete these process online. In the meantime, please email us at firstname.lastname@example.org, or write to us at F.A.O The Data Controller. Sorodo Limited. St Andrews Park, Queens Lane, Bromfield Industrial Estate, Mold, Flintshire, CH7 1XB, UK. Alternatively, you can telephone 01244 456 123.
If you have submitted an application through our website, then you have the right to request that we cancel and remove your personal and business data from our systems. If your application has been sent to funders will automatically inform them of your request and inform them to remove your personal and business information.
We’re working on ways to make it easier for you to complete these process online. In the meantime, if you any of the information we hold is inaccurate or out of date. Please email us at email@example.com, or write to us at F.A.O The Data Controller. Sorodo Limited. St Andrews Park, Queens Lane, Bromfield Industrial Estate, Mold, Flintshire, CH7 1XB, UK. Alternatively, you can telephone 01244 456 123.
We will only market to you if you have opted in via our application form. With all marketing methods, we provide a full opt-out link within the marketing media and on our website.
Depending on the type of information that we obtain, the times may vary. However, generally speaking, we will keep the information for as long as it takes us to provide you with the required service.
If you have requested for us not to use your information for the purposes of marketing, this will come into effect, but we may keep your information on record so that we can ensure your preferences are upheld.
The information that you enter on our website will be kept in our records for a minimum of six years from the end of your connection with us. This is so that we’re able to respond to any queries or complaints that may arise. The information will not be used for any other purpose.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example FCA regulation). We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract, you hold with us.
We have implemented various measures to ensure that the information is adequately protected against unauthorised access, use, disclosure and destruction. Please keep in mind that risk can never be eliminated but can be significantly mitigated and reduced. All measures which we have taken significantly reduce the risk. We shall not be held liable by any Third Party, including you, in any event of unauthorised access, use and/or disclosure of information provided that such is not due to gross negligence, wilful misconduct, fraud or bad faith by us.
Security measures adopted by us include:
If we give you a password upon registration on our Website, you must keep it confidential. Please don't share it.
By giving us your personal data, you agree to this arrangement. We will do what we reasonably can to keep your data secure.
We do not perform any credit checks but the funder you have been placed with may perform credit checks from a major credit reporting bureau. A missed and/or late payment may affect your credit score.
A cookie is a small file placed on your computer’s hard drive. It enables our website to identify your computer as you view different pages on our website.
Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.
All Cookies used by and on our Website are used in accordance with current English and EU Cookie Law.
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
You must be over 18 to submit an application.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, or where this is required or permitted by law.