Privacy Policy

SWIG Finance Privacy Policy

1. Introduction
This Privacy Policy explains how SWIG Finance Limited (“SWIG Finance”, “we”, “us”, “our”) collects, uses, stores and protects personal data.
We are committed to protecting your privacy and handling personal data transparently and securely in accordance with:
• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018
• The Data (Use and Access) Act 2025 (where and when applicable)
• The Privacy and Electronic Communications Regulations 2003 (PECR) (as amended)
• Applicable Financial Conduct Authority (FCA) rules, including CONC
• The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

This policy applies to visitors to our website, business loan applicants, investors, guarantors, directors, shareholders, persons with significant control (PSCs), mentors, staff, suppliers and other individuals whose personal data we process.

2. Who We Are and Data Controller Details
SWIG Finance Limited is the data controller responsible for your personal data.
• Company number: 02688108
• Registered address:
Lowena House, Glenthorne Court
Truro Business Park, Threemilestone
Truro, TR4 9NY

SWIG Finance Limited trades as SWIG Finance.

SWIG Finance Limited is authorised and regulated by the Financial Conduct Authority (Firm Reference Number 730724).

SWIG Finance Limited is registered with the Information Commissioner’s Office (ICO registration number Z8862034).

Data Protection Contact

We have not appointed a statutory Data Protection Officer.

For all data protection matters, please contact:
info@swigfinance.co.uk
01872 227 930

Postal address as above

3. Data Protection Legislation

In this policy, Data Protection Legislation means all applicable UK data protection and privacy laws in force from time to time, including the UK GDPR, the Data Protection Act 2018, the Data (Use and Access) Act 2025 (as implemented), and PECR.

4. Personal Data We Collect
4.1 Data Collected Directly
We may collect personal data when you:
• Visit our website
• Complete online forms
• Apply for finance
• Act as a director, shareholder, PSC or guarantor of a business applicant
• Contact us by email, phone or post
• Apply for employment or act as a mentor

4.2 Data Collected from Third Parties
We may also collect personal data from:
• Credit reference agencies (CRAs)
• Fraud prevention agencies
• Finance partners and funders
• Publicly available sources (e.g. Companies House, electoral roll)
• Government, regulatory and law enforcement bodies

5. Types of Personal Data
Depending on your relationship with us, we may process the following categories of personal data.

Identity & Contact Data
• Full name
• Address and address history
• Email address
• Telephone numbers
• Date of birth

Financial & Business Data
• Bank account details
• Income and financial information
• Business financial information
• Credit history and credit scores

Regulatory & Compliance Data
• Information from credit reference agencies and fraud prevention agencies
• Electoral roll data
• Court judgments, insolvency and bankruptcy information

Employment & Background Data
• Education and employment history
• National Insurance number

Special Category Data (Optional)
• Gender and ethnicity (for equality, diversity and inclusion monitoring only)

This information is entirely optional, collected only with your explicit consent, and has no impact on lending decisions.

Criminal Offence Data
For staff and certain senior management or key roles, we may process:
• Criminal offence data
• Disclosure and Barring Service (DBS) checks

This data is processed only where legally required, in accordance with Article 10 UK GDPR and Schedule 1, Part 1 of the Data Protection Act 2018, and subject to strict safeguards.

6. Lawful Bases for Processing
We process personal data only where we have a lawful basis under the UK GDPR.

6.1 Legal Obligation (Article 6(1)(c))
Including processing necessary for:
• Anti-money laundering checks
• FCA regulatory and CONC compliance
• Affordability assessments
• Fraud prevention
• Regulatory and statutory reporting

6.2 Contract (Article 6(1)(b))
Including processing necessary for:
• Assessing loan applications
• Entering into and administering loan agreements
• Managing guarantees and related arrangements

6.3 Legitimate Interests (Article 6(1)(f))
Including:
• Assessing the creditworthiness of SME borrowers
• Verifying directors, shareholders, PSCs and guarantors
• Protecting public and lender funds
• Risk management and fraud prevention
• Improving our products and services

We balance our legitimate interests against your rights and freedoms and document this assessment where required.

6.4 Consent (Article 6(1)(a))
Used only where required, including:
• Marketing communications
• Case studies and testimonials
• Optional equality, diversity and inclusion monitoring
• Non-essential cookies and analytics

You may withdraw consent at any time.
Where we process personal data to comply with legal or regulatory obligations, consent is not relied upon, and withdrawal of consent will not apply.

7. Special Category & Criminal Offence Data
Special Category Data
We process special category data only where:
• You have given explicit consent, or
• Processing is otherwise permitted by law
Such data is:
• Optional
• Used only for statistical or equality monitoring purposes
• Aggregated or anonymised where possible

Criminal Offence Data
Criminal offence data and DBS information is processed:
• Only where legally required
• For employment, regulatory and fitness-and-propriety purposes
• With restricted access, limited retention and documented safeguards

8. How We Use Your Personal Data
We use personal data to:
• Respond to enquiries
• Assess loan eligibility and affordability
• Comply with AML and FCA obligations
• Administer customer and business relationships
• Prevent fraud and financial crime
• Manage complaints and disputes
• Conduct internal research, analysis and reporting
• Provide information about our services where permitted

9. Automated Decision-Making and Decision Support
We use automated tools and credit scoring systems to support loan assessments, identity verification, fraud prevention and affordability checks.

Decisions are not made solely by automated means.
All loan applications are subject to human review, and automated outputs are considered alongside other relevant information in accordance with FCA CONC requirements.

In line with the Data (Use and Access) Act 2025 (as implemented), where automated processing meaningfully contributes to a decision that has a significant effect on you, you may:
• Make representations
• Request clarification
• Request human review or intervention

You may contact us using the details in this policy to exercise these options.

10. Marketing & Communications
We will send marketing communications only where you have explicitly opted in, or where otherwise permitted by law.

You can:
• Unsubscribe at any time using email links
• Change communication preferences by contacting us

We will not use your data for case studies or testimonials without your prior consent and final approval.

11. Cookies, Analytics & PECR
We use cookies and similar technologies, including Google Analytics, VWO, LinkedIn and Facebook analytics.
• Essential cookies are used to operate our website
• Non-essential cookies are used only with your consent

Where permitted under the Data (Use and Access) Act 2025 and PECR, certain low-risk cookies or storage technologies may be used without prior consent, subject to applicable ICO guidance and provided that clear information and opt-out mechanisms are available.

Further details are available in our Cookie Policy.

12. Sharing Your Personal Data
We may share personal data with:
• Group companies
• Finance partners and funders
• Professional advisers (legal, audit, compliance)
• IT and service providers
• Credit reference and fraud prevention agencies
• Government, regulatory and law enforcement bodies

We do not sell personal data.

13. International Transfers
Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:
• UK adequacy regulations
• International Data Transfer Agreements (IDTAs)
• Other lawful transfer mechanisms

14. Data Retention
We retain personal data only for as long as necessary:
• Successful loan applicants: up to six years after loan completion or longer where required by law or regulation
• Unsuccessful applicants: up to six years after the lending decision
• Mentors: up to two years after removal request
• Staff data: in line with employment, FCA and regulatory requirements

15. Your Rights
You have the right to:
• Be informed about how we use your data
• Access your personal data
• Rectify inaccurate or incomplete data
• Request erasure (where applicable)
• Restrict processing
• Object to processing based on legitimate interests
• Request data portability
• Withdraw consent at any time

Subject Access Requests (SARs)
We will respond to SARs within statutory timeframes.
Where necessary, we may ask you to clarify the scope of your request. In line with the Data (Use and Access) Act 2025 (as implemented), the response period may be paused until clarification is received.

16. Complaints
If you have concerns about how we handle your personal data, you may raise a data protection complaint directly with us using the contact details above. We aim to acknowledge complaints promptly and respond within a reasonable period.

If you remain dissatisfied, you have the right to complain to the Information Commissioner’s Office (ICO):
www.ico.org.uk
Tel; 0303 123 1113

17. Other Websites
Our website may contain links to third-party websites. We are not responsible for their privacy practices.

18. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law or our practices.

Last updated: January 2026