PRIVACY POLICY

Introduction

We are committed to protecting your privacy. This Privacy Notice applies between you, the user of the website www.blackbookfinance.co.uk and Black Book Finance Limited.

This Privacy Notice sets out our privacy practices and explains how we collect, process, hold and store (collectively referred to as handle) personal data and with whom we share it. The personal data we handle is only that which is required by us so that we may deliver the services you require. Except as provided in this Privacy Notice, we do not supply personal data to any company for marketing purposes.

Black Book Finance Limited is registered (Registration Number ZA192490) as a data controller with the Information Commissioner’s Office (ICO), which is the UK’s independent body set up to uphold information rights. As a data controller, we determine the purpose for, and the manner in which personal data is processed, and we make sure that we comply with UK Data Protection Laws when we process such data.

Black Book Finance Limited is the owner and provider of the website. You may browse our website without telling us who you are or revealing any personal data about yourself. The information we collect from you is only that which is required to deliver the site functionality, information you have requested or searched for, and to provide you with our services.

Our Privacy Notice will be reviewed on a regular basis and may be updated from time to time. Any updates will be published on our website and, where appropriate, we will notify you of material changes (for example by email or other suitable means).

What Is Personal Data?

When we refer to personal data, we mean any information relating to a person who can be directly or indirectly identified, in particular by reference to an identifier.

Under Data Protection Laws, this is known as personal data. Some personal data will identify you directly – for example, by giving your name and email address. It may also be possible to identify you indirectly, from information in which your name is not given, for example, by naming your job title and employer, or by using another form of identifier such as an online identifier.

What Personal Data Do We Collect?

We may collect the various categories of personal data as outlined below:

  • Personal Details – Full name, Title, Gender, Date of Birth, and/or Profession/Job Title.

  • Contact Details – Telephone number, mobile phone number, correspondence address and/or email address.

  • Technological Details (automatically collected) – IP address, web browser type and version, operating system and/or URLs, etc.

When Do We Collect Personal Data?

Personal data may be collected at various points throughout your interaction with us. Basic personal and contact details may be collected upon your initial contact with us or upon submission of an email or website contact form, whilst more detailed personal data, including documentation and financial details, may be collected during the process of our service provision. This will usually be when we are collating the personal data required, to submit or manage, an application on your behalf.

How Do We Collect Personal Data?

The following outlines the processes we employ to collect personal data:

  • Contacting Us – we may record, use and store any telephone, postal, e-mail or other electronic communications provided by you. This is to ensure that we can refer back to any instruction you may have given to us as well as to ensure that the information we provide you with is accurate.

  • General Statistics – we collect statistics relating to pages visited, paths through the website and/or search terms used to find us. This is done to improve the visitor experience, understand our customer’s needs and help us improve site design and layout.

  • Online Forms – we collect data that you have entered into our online/contact forms. We have appropriate measures in place to ensure that users’ personal details are not misused, accidentally destroyed, lost or altered within the server environment. No data transmission over the internet can be guaranteed to be totally secure, so we cannot ensure, guarantee or warrant the security of any information which you send to us, and you do so at your own risk. Our website may contain links to enable you to visit other websites. Once you have left our site, you should note that we do not have any control over other linked websites. We cannot be held responsible therefore for the protection and privacy of any information which you provide whilst visiting such sites, and such sites are not governed by this Privacy Notice. You should exercise caution and look at the privacy notice applicable to the website in question.

  • Third Parties – we may be provided with your personal data by any third parties whom you have instructed to do so.

  • Publicly Available Sources – we may collect your personal data from any publicly available records such as internet searches.

Why Do We Collect Personal Data?

The personal data we collect is used to:

  • Enable us to provide you with information about our products and services;

  • Enable us to provide you with our products and services;

  • Enable us to contact you regarding general product and service level matters;

  • Keep you informed of new features, products and services available from us;

  • Maintain internal records;

  • Ensure that we comply with the necessary laws and regulations; and

  • Ensure that our website is compatible with the browsers and operating systems used by most of our visitors.

It is important that the information we hold about you is accurate and current. Please keep us informed if any such information were to change during the period for which we hold it.

We may use your personal data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances (see below).

For the delivery of direct marketing to you via email, we need your consent whether via an opt-in or soft-opt-in arrangement:

  • Soft-opt-in consent applies when you have previously engaged with us by enquiring about or receiving our products or services and we are marketing similar products or services. Under soft-opt-in consent, we will take your consent as given unless you opt out.

  • For other types of email marketing, we will require your explicit consent, for example asking you to tick a box to confirm that you are happy to receive these communications.

We process your personal data in order to provide you with services you have requested. The legal basis for this processing is that it is necessary for the performance of a contract to which you are, or seeking to become, party to.

Where you have opted to receive marketing communications, the legal basis for processing your data for those purposes is your consent, which you may withdraw at any time, by using the unsubscribe link included in our marketing communications or by contacting us directly.

Disclosing Personal Data to Third Parties

  • We will not sell, share or rent your name, email address, or any other personal data to any third party for marketing purposes;

  • We will disclose your personal data to the relevant Provider(s) whose products or services we will be providing to you;

  • We may disclose personal data to third parties (this may include but is not limited to, our employees, agents, accountants, contractors and other professional advisors) who may require access to personal data in the course of providing us with their services. We will at all stages ensure that these third parties have appropriate security measures in place when handling any personal data;

  • Your data may be shared with third-party payment providers who process payments (if applicable);

  • We may, at our discretion, disclose personal data that is required by the police (or other organisations with a law enforcement role) for the prevention and detection of crime or the apprehension or prosecution of offenders;

  • We may disclose specific personal data where we are required by law to do so;

  • We may share aggregated demographic information with our partners, advertisers or other third parties. This will not contain information that can identify any individual person.

Data Retention

Unless a longer retention period is required or permitted by law, we will hold your personal data on our systems only for the period necessary to fulfil the purposes outlined in this Privacy Notice or until you request that your personal data be deleted.

Even if we delete your personal data, it may remain on back-up or archival media for legal, tax or regulatory purposes.

Viewing, Changing or Removing Client Data

You have the following rights in relation to your personal data, subject to certain legal conditions and limitations:

  • Right to access – the right to request (i) copies of the personal data we hold about you at any time, or (ii) that we modify, update or delete such personal data. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is “manifestly unfounded or excessive”. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.

  • Right to correct – the right to have your personal data rectified if it is inaccurate or incomplete.

  • Right to erase – the right to request that we delete or remove your personal data from our systems in certain circumstances.

  • Right to restrict our use of your personal data – the right to ask us to restrict the processing of your personal data or limit the way in which we can use it, in certain circumstances.

  • Right to personal data portability – the right to request that we move, copy or transfer your personal data, in certain circumstances.

  • Right to object – the right to object to our use of your personal data, including where we use it for our legitimate interests, in certain circumstances.

Where we are legally permitted to do so, we may refuse to act on a request. If we do so, we will explain the reasons for our decision.

Exercising Your Rights and Making Enquiries

To make an enquiry, exercise any of your data protection rights set out above, please contact us using the details provided at the end of this Privacy Notice. You will not normally be required to pay a fee to exercise your rights. However, in accordance with data protection legislation, we may charge a reasonable fee or refuse to act on a request where it is manifestly unfounded or excessive.

We will respond to valid requests without undue delay and in any event within one month of receipt. This period may be extended by a further two months where requests are complex or numerous, in which case we will inform you of the extension and the reasons for it.

Complaints

If you are dissatisfied with how we have handled your personal data, you have the right to raise a complaint with us in the first instance using the contact details set out at the end of this Privacy Notice.

If you are not satisfied with our response, you also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters. The ICO’s contact details are: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Further information is available on the ICO’s website at https://ico.org.uk/, including access to their live chat service, or via their helpline on 0303 123 1113.

How We Store Client Data

Your data will be stored securely in line with industry best practices at all times. The security measures in place are reviewed annually and include:

  • Requiring a username and password to access your personal data;

  • Your personal data being stored on secure servers; and

  • The encryption of payment details (where applicable).

Personal data which we collect from you may be stored, processed and transferred to countries both within, and outside the European Economic Area (EEA). For example, this could occur if our servers are in a country outside the EEA or if one of our service providers is situated in a country outside the EEA. We may also share information with other group companies, some of which may be located outside the EEA.

We will only transfer personal data outside the UK where it is compliant with Data Protection Laws and the means of transfer provides adequate safeguards in relation to your personal data, e.g. by way of a personal data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission.

To ensure that your personal data receives an adequate level of protection, we have put in place appropriate safeguards and procedures with the third parties we share your personal data with. This ensures that your personal data is treated by those third parties in a way that is consistent with Data Protection Laws.

If you suspect any data breach or misuse, loss or unauthorised access to your personal data, please let us know immediately via the contact details below.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit https://www.getsafeonline.org/. Get Safe Online is supported by His Majesty’s Government and leading businesses.

Change of Business Ownership and Control

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control. Personal data as well as any other form of data provided by you will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use such data for the purposes it was originally provided to us.

We may also disclose such data to a prospective purchaser of our business or any part of it. In the above instances, we will take steps with the aim of ensuring that your privacy is protected.

General

You may not transfer any of your rights under this Privacy Notice to any other person. We may transfer our rights under this Privacy Notice where we reasonably believe your rights will not be affected.

If any court or competent authority finds that any provision of this Privacy Notice (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Notice will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

This Privacy Notice will be governed by and interpreted according to the laws of England and Wales. All disputes arising from this Privacy Notice will be subject to the exclusive jurisdiction of the English and Welsh courts.

Changes to This Privacy Notice

We reserve the right to amend this Privacy Notice at any time, either as required by law or as we consider necessary. Any updates will be published on our website and, where appropriate, we will notify you of material changes (for example by email or other suitable means).

For further information, please contact us as below:

Contact

  • Name: Jo Dempsey

  • Address: 1 Broadfields Parade, Glengall Road, London, HA8 8TD

  • Telephone Number: 0800 651 6511

  • Email: jo@blackbookfinance.co.uk

Last updated on 14.04.2026