This notice explains how Esme will use your personal information during this application process.
At Esme, we use and share your information to manage our risk, to protect our business and to comply with laws, such as checking your identity to prevent fraud and money laundering.
The organisation responsible for processing your personal and financial information is Esme Loans Limited (“Esme”), a member of the Royal Bank of Scotland Group (“RBS”).
When you apply for a loan we may request information about you, your business and the proprietors of that business from credit reference and fraud prevention agencies to manage and take decisions about your loan application, including checking your credit status and that of any associated individuals. This includes any other directors and shareholders who are beneficial owners of 25% or more of the business. If you are a director, we will seek confirmation, from credit reference agencies, that the residential address that you provide is the same as that shown on the restricted register of directors’ usual addresses at Companies House.
If you are married, are in a relationship, or have an association with someone with whom you have created a joint financial interest (i.e. a joint account we may also check your financial partner’s personal accounts). While this type of search will not be traceable or recorded on the files of credit reference agencies, you should let them know that this might happen. Any financial connection will remain on your record until you request the third party’s information to be removed from your record and you can do this by filing a “notice of disassociation” with the credit reference agencies.
While you have an agreement with us we’ll continue to share information with credit reference agencies about how you manage your account, for example your balance, payments, credit limits and any missed payments to loans. Credit reference agencies will share this with other organisations. Further information about credit reference agencies can be obtained directly from them: Experian, Equifax and Callcredit.We may use other agencies from time to time.
If we identify or suspect fraud we will record this with fraud prevention agencies, and we may refuse to provide you with products.
Credit reference and fraud prevention agencies use your information because they have to prevent fraud and money laundering, to protect their business and to comply with laws.
We make decisions based on automated checks of data we hold and receive about you. You have rights in relation to automated decisions, including a right to appeal if your application is declined. If your application is declined we will usually keep your information for up to six years.
We may also have to share some of your details with banking industry regulators, government departments and similar organisations like, for example, HM Revenue and Customs. And they might in turn have to share it with other countries.
By continuing with this application, you confirm that you understand how we may use your information and are happy to proceed.
You are also confirming that you hold authorisation from the other officers and beneficial owners to agree to the searches against them as individuals and use of the information indicated in this agreement. You will notify them of any changes advised by us to the use of information in this application and you have retained a copy of our privacy notice and have provided the other officers and beneficial owners with a copy of it also.
1.1. This privacy notice (the “Privacy Notice”) applies to all personal information processing activities carried on by the Esme Loans Ltd (“Esme’).
1.2. Esme is a data controller in respect of personal information that we process in connection with our business (including the products and services that we provide). In this notice, references to “we”, “us” or “our” are references to Esme.
1.3. Our principal address is Esme Loans Limited, 8 Devonshire Square, London EC2M 4PL and our contact details can be located at www.esmeloans.com.
1.4. We are a member of The Royal Bank of Scotland Group Plc (“RBS group”). More information about the RBS group can be found at www.rbs.com by clicking on ‘About Us’.
1.5. We respect individuals’ rights to privacy and to the protection of personal information. The purpose of this Privacy Notice is to explain how we collect and use personal information in connection with our business. “Personal information” means information about a living individual who can be identified from that information (either by itself or when it is combined with other information). We may update our Privacy Notice from time to time, by communicating such changes to you and publishing the updated Privacy Notice on our website. We would encourage you to visit our website regularly to stay informed of the purposes for which we process your information and your rights to control how we process it.
2.1 We collect and process various categories of personal information at the start of and for the duration of your relationship with us. We will limit the collection and processing of information to information necessary to achieve one or more legitimate purposes as identified in this notice. We will process information about: (a) you and your business partners, including any other directors; and (b) shareholders who are beneficial owners of 25% or more of the business. Personal information may include:
a) basic personal information, including name and address, date of birth and contact details;
b) financial information, including account and transactional information and history (including where you have chosen to link your bank account to us, to retrieve historic 12 month statement information on an ongoing basis about your business bank account);
c) information about your family, lifestyle and social circumstances (such as dependents, marital status, next of kin and contact details);
d) information about your financial circumstances, including personal wealth, assets and liabilities, proof of income and expenditure, credit and borrowing history and needs and goals;
e) education and employment information;
f) goods and services provided;
g) visual images and personal appearance (such as copies of passports); and
h) online profile and social media information and activity, based on your interaction with us and our websites and applications, including for example, your login information, Internet Protocol (IP) address, smart device information, location coordinates, online and mobile banking security authentication, mobile phone network information, searches, site visits and spending patterns.
2.2 We may also process certain special categories of information for specific and limited purposes, such as detecting and preventing financial crime or to make our services accessible to customers. We will only process special categories of information where we’ve obtained your explicit consent or are otherwise lawfully permitted to do so (and then only for the particular purposes and activities set out at Schedule A for which the information is provided). This may include:
a) information about racial or ethnic origin,
b) religious or philosophical beliefs,
c) trade union membership;
d) physical or psychological health details or medical conditions; and
e) biometric information, relating to the physical, physiological or behavioural characteristics of a person, including for example using voice recognition or similar technologies to help us prevent fraud and money laundering.
2.3 Where permitted by law, we may process information about criminal convictions or offences and alleged offences for specific and limited activities and purposes such as to perform checks to prevent and detect crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions. It may involve investigating and gathering intelligence on suspected financial crimes, fraud and threats and sharing data between banks and with law enforcement and regulatory bodies.
3.1 Your information is made up of all the financial and personal information we collect and hold about you/your business and the proprietors, officers and beneficial owners of that business and your transactions. It includes:
a) information you give to us;
b) information that we receive from third parties (including other RBS group companies, third parties who provide services to you or us, and credit reference, fraud prevention or government agencies);
c) information that we learn about you through our relationship with you and the way you operate your accounts and/or services, such as the payments made to and from your accounts; and
d) information that we gather from the technology which you use to access our services (for example location data from your mobile phone, or an IP address or telephone number) and how you use it (for example pattern recognition); and
e) information that we gather from publicly available sources, such as the press, the electoral register, company registers and online search engines).
4.1 We want to make sure you are aware of your rights in relation to the personal information we process about you. We have described those rights and the circumstances in which they apply in Table A below.
4.2 If you wish to exercise any of these rights, or if you have any queries about how we use your personal information which are not answered here, please contact us at 020 3936 4800 or firstname.lastname@example.org.
4.3 Our Data Protection Officer can be contacted at 03457 24 24 24. Please note that in some cases, if you do not agree to the way we process your information, it may not be possible for us to continue to operate your account and/or provide certain products and services to you.
From time to time we may change the way we use your information. Where we believe you may not reasonably expect such a change we will notify you and will allow a period of at least 30 days for you to raise any objections before the change is made. However, please note that in some cases, if you do not agree to such changes it may not be possible for us to continue to operate your account and/or provide certain products and services to you.
We will only use and share your information where it is necessary for us to lawfully carry out our business activities. Your information may be shared with and processed by other RBS group companies. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail in a table in Schedule A – Schedule of Purposes of Processing.
7.1 We will not share your information with anyone outside RBS except:
a) where we have your permission;
b) where required for your product or service;
c) where we are required by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world;
d) with other banks and third parties where required by law to help recover funds that have entered your account as a result of a misdirected payment by such a third party;
e) with third parties providing services to us, such as market analysis and benchmarking and third parties acting on our behalf;
f) with other banks to help trace funds where you are a victim of suspected financial crime and you have agreed for us to do so, or where we suspect funds have entered your account as a result of a financial crime;
g) with debt collection agencies;
h) with credit reference and fraud prevention agencies;
i) with third party guarantors or other companies that provide you with benefits or services (such as insurance cover) associated with your product or service;
j) where required for a proposed sale, reorganisation, transfer, financial arrangement, asset
k) disposal or other transaction relating to our business and/or assets held by our business in anonymised form as part of statistics or other aggregated data shared with third parties; or
l) where permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent with the purposes listed above.
7.2 If you ask us to, we will share information with any third party that provides you with account information or payment services. If you ask a third party provider to provide you with account information or payment services, you’re allowing that third party to access information relating to your account. We’re not responsible for any such third party’s use of your account information, which will be governed by their agreement with you and any privacy statement they provide to you.
7.3 In the event that any additional authorised users are added to your account, we may share information about the use of the account by any authorised user with all other authorised users.
7.4 We will not share your information with third parties for their own marketing purposes without your permission.
8.1 We may transfer your information to organisations in other countries (including to other RBS group companies) on the basis that anyone to whom we pass it protects it in the same way we would and in accordance with applicable laws.
8.2 In the event that we transfer information to countries outside of the European Economic Area (which includes countries in the European Union as well as Iceland, Liechtenstein and Norway), we will only do so where:
a) the European Commission has decided that the country or the organisation we are sharing your information with will protect your information adequately;
b) the transfer has been authorised by the relevant data protection authority; and/or
c) we have entered into a contract with the organisation with which we are sharing your information (on terms approved by the European Commission) to ensure you information is adequately protected. If you wish to obtain a copy of the relevant data protection clauses, please write to: Esme Loans Limited, 8 Devonshire Square, London EC2M 4PL or email@example.com, or contact us at 020 3936 4800.
Unless you have told us that you do not want to hear from us, we will send you relevant marketing information (including details of other products or services provided by us or other RBS group companies which we believe may be of interest to you), by mail, phone, email, text and other forms of electronic communication. If you change your mind about how you would like us to contact you or you no longer wish to receive this information, you can tell us at any time by writing to: Esme Loans Limited, 8 Devonshire Square, London EC2M 4PL or firstname.lastname@example.org or by contacting us at 020 3936 4800.
10.1 We will contact you with information relevant to the operation and maintenance of your account (including updated information about how we process your personal information), by a variety of means including via online banking, mobile banking, email, text message, post and/or telephone. If at any point in the future you change your contact details you should tell us promptly about those changes.
10.2 We may monitor or record calls, emails, text messages or other communications in accordance with applicable laws for the purposes outlined in Schedule A – Schedule of Purposes of Processing.
11.1 When you apply for a loan, and periodically, we may access and use information about you, your business and the proprietors of that business from credit reference and fraud prevention agencies to:
a) manage and take decisions about your loan application, including assessing your creditworthiness;
b) prevent criminal activity, fraud and money laundering;
c) check your identity and verify the accuracy of the information you provide to us; and
d) trace debtors and recover debts.
11.2 Application decisions may be taken based solely on automated checks of information from credit reference and fraud prevention agencies and internal RBS records. To help us make decisions on when to give you credit, we use a system called credit scoring to assess your application. To work out your credit score, we look at information you give us when you apply; information from credit reference agencies that will show us whether you’ve kept up to date with payments on any credit accounts (that could be any mortgages, loans, credit cards or overdrafts), or if you’ve had any court action such as judgments or bankruptcy; your history with us such as maximum level of borrowing; and affordability, by looking at your available nett income and existing debts. You have rights in relation to automated decision making, including a right to appeal if you’re application is refused.
11.3 We will continue to share information with credit reference agencies about how you manage your business account including names and parties to the account, your account balance, payments into your account, the regularity of payments being made, credit limits and any arrears or default in making payments, while you have a relationship with us. This information will be made available to other organisations (including fraud prevention agencies and other financial institutions) so that they can take decisions about you, your associates and members of your household.
11.4 If false or inaccurate information is provided and/or fraud is identified or suspected, details will be passed to fraud prevention agencies. Law enforcement agencies and other organisations may access and use this information.
11.5 If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you.
11.6 A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. Fraud prevention agencies can hold your information for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
11.7 When credit reference and fraud prevention agencies process your information, they do so on the basis that they have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect their business and to comply with laws that apply to them.
11.8 We may make periodic searches of our own group records and credit reference agencies to manage your account with us, including whether to continue or extend existing credit. We may also check at fraud prevention agencies to prevent or detect fraud.
11.9 We may use credit reference agencies to trace your whereabouts and recover payments if you do not make payments that you owe us.
11.10 When credit reference agencies receive a search from us they will:
a) Record the details that are supplied on your business account (including previous and subsequent names of parties to the account and how you manage it/them);
b) place a credit search “footprint” on your company credit file whether or not this application proceeds. If the search was for a credit application the record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when your business applies for credit in the future;
c) place an enquiry search on the personal credit files of any director/owner or partner that have been searched. Place an associate enquiry search on your personal financial partner’s credit file, if that is checked. These enquiry searches will not be seen by other organisations if any director/owner or partner applies for credit in the future;
d) link together the previous and subsequent names advised by you, of anyone that is a party to the account;
e) place an enquiry or identification search on the record of any shareholder who is a beneficial owner;
f) create a record of the name and address of your business and its proprietors if there is not one already;
g) record the outstanding debt if your business borrows and does not repay in full and on time;
h) retain the records for 6 years after the loan is settled or defaulted.
11.11 Your data will not be used by credit reference agencies to: (i) create a blacklist; or (ii) to make a decision.
11.12 Credit reference agencies and fraud prevention agencies will supply to us the following:
a) information about your business, such as previous applications for credit and the conduct of the accounts and also similar personal credit information in your name (your personal partner’s name) and of your business partners;
b) public information such as Country Court Judgments (CCJs) and bankruptcies;
c) electoral register information on you and your business partners;
d) fraud prevention information;
e) confirmation or otherwise that the usual residential addresses supplied by directors match those on the ‘restricted’ register held at Companies House (or for those directors’ addresses registered under section 243 of the Companies Act, that the usual residential addresses supplied by directors match those on the credit reference agency’s proprietary business directory). With effect from October 2009, two registers have operated at Companies House; a public register available to all and a restricted register available only to public sector organisations and credit reference agencies which may be accessed only for certain specified purposes.
11.13 If you would like a copy of your information held by the credit reference and fraud prevention agencies we use, or if you want further details of how your information will be used by credit reference agencies please visit their websites or contact them using the details below. The agencies may charge a fee.
12.1 By providing you with products or services, we create records that contain your information, such as customer account records, activity records, tax records and lending and credit account records. Records can be held on a variety of media (physical or electronic) and formats.
12.2 We manage our records to help us to serve our customers well (for example for operational reasons, such as dealing with any queries relating to your account) and to comply with legal and regulatory requirements. Records help us demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities.
12.3 Retention periods for records are determined based on the type of record, the nature of the activity, product or service, the country in which Esme is located and the applicable local legal or regulatory requirements. We normally keep customer account records for up to six years after your relationship with the bank ends, whilst other records are retained for shorter periods for example twelve months for non-investment related call recordings. Retention periods may be changed from time to time based on business or legal and regulatory requirements.
12.4 We may on exception retain your information for longer periods, particularly where we need to withhold destruction or disposal based on an order from the courts or an investigation by law enforcement agencies or our regulators. This is intended to make sure that Esme will be able to produce records as evidence, if they’re needed.
12.5 If you would like more information about how long we keep your information, please contact us at Esme Loans Limited, 8 Devonshire Square, London EC2M 4PL or email@example.com, or contact us at 020 3936 4800.
We are committed to ensuring that your information is secure with us and with the third parties who act on our behalf. For more information about the steps we are taking to protect your information please contact our Data Protection Officer.
If you choose to allow access to us for information from market place accounts, this information will be sent to us via a secure Application Programming Interface (API) and is subject to the security requirements of those market place vendors.
If you choose an account aggregation service to provide bank account information to us:
We will only use and share your information where it is necessary for us to carry out our lawful business activities. Your information may be shared with and processed by other RBS group companies. We want to ensure that you fully understand how your information may be used. We have described the purposes for which your information may be used in detail in a table below:
We promise to treat any personal information about you securely, fairly and lawfully. We are committed to protecting your privacy.
When we ask you to provide personal information online it will only be in response to you actively applying for or using one of our online products or services.
A “cookie” is a small text file that’s stored on your computer, smartphone, tablet, or other device when you visit a website or use an app.
Some cookies are deleted when you close down your browser. These are known as session cookies. Others remain on your device until they expire or you delete them from your cache. These are known as persistent cookies and enable us to remember things about you as a returning visitor.
This website (www.esmeloans.com) uses session and persistent cookies.
If you want to restrict or block the cookies we set, you can do this through your browser settings. The ‘help’ function within your browser should tell you how. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. Alternatively, you can search the internet for other independent information on cookies.
If you delete cookies relating to this website we will not remember things about you and you will be treated as a first-time visitor the next time you visit the site.
Here we explain a bit more about each of these types and how you can control their use.
Cookies that are essential for us to provide a product or service you have requested and to provide a secure online environment
Without these cookies we are unable to provide some products or services that you might request. Other essential cookies keep our website secure. This category of cookies cannot be disabled.
Essential cookies are used to:
Specific cookies used, include:
These cookies collect aggregated information and are not used to identify you.
We use this type of cookie to understand and analyse how visitors use our online services and look for ways to improve them. For example, a cookie might tell us that lots of people give up on an application process at a particular step – so we can try to make that step easier to complete.
The analytics cookies we use include:
These cookies are usually third-party cookies from marketing partners used to deliver adverts relevant to you and your interests. These cookies can track your browsing history across websites. If you wish to prevent this type of cookie, you may do so through your device’s browser security settings.
The third-party companies we partner with include:
The types of cookies we use are:
If you don’t want to accept cookies in emails, you can set your browser to restrict or reject cookies, or you can close the email before downloading any images or clicking on any links.