Privacy policy

Protecting your personal details on our website.

Last updated: May 2018

inFund is a trading style of InFund Technologies Limited (registered number 09750661), whose registered office is at 10 Bridge Street, Bath, BA2 4AS.

inFund knows that you care how information about you is used and shared and we appreciate your trust in us to do that carefully and sensibly.

This notice describes our privacy policy and forms part of our website terms and conditions ('Website Terms').

By accepting our Website Terms or by visiting ('the Website') you are accepting and consenting to the practices described in this Privacy Policy. The Website is brought to you by InFund Technologies Limited. InFund Technologies Limited believes it is important to protect your personal data and we are committed to giving you a personalised service that meets your needs in a way that also protects your privacy.

This policy explains how we may collect personal data about you. It also explains some of the security measures we take to protect your personal data and tells you certain things we will do and not do. You should read this policy in conjunction with the Website Terms.

When we first obtain personal data from you, or when you take a new service or product from us, we will give you the opportunity to tell us if you do or do not want to receive information from us about other services or products (as applicable). You can tell us, or change your mind at any time, by contacting us or, where applicable, by unsubscribing from an email list that you had originally agreed to being included in.

Contact us

Chat: on our website
Phone: 01225 300 872
Post: inFund, 10 Bridge Street, Bath, BA2 4AS

The data that we collect

We will collect personal data about you, directors, shareholders members of limited liability partnerships and loan guarantors when you create an inFund account on our platform.

We will collect data on your business.

1. We will collect data in the following events:

  • You register on our platform to create an inFund account
  • You provide us with specific information to support your application
  • You complete the personal details form in your profile
  • You complete your application including submitting a direct debit mandate

2. We will collect the following:

  • When you register: your name, business name, phone number, email address.
  • When you complete your profile, for each director and/or shareholder: names, residential addresses to cover the previous three years, telephone numbers and email address, date of birth, marital status and education level. The latter two are used for classification purposes only.
  • When you provide additional information for your application: information about your business finance including bank statements, and documentary evidence confirming your identity and current residential address.
  • When you email us or speak to us over the phone or on chat: call recordings, email history, chat history.
  • When you visit our website: information captured by our cookies (please review the cookies section below), page visits and activity history.

3. We will collect data from:

  • Information you provide to us directly when you register and complete an application, email us or speak to us over the telephone or online chat.
  • Information that is available to the public, such as the electoral register and Companies House.
  • Third parties to whom you have provided information with your consent to pass it on to other organisations or persons.
  • Credit Reference Agencies.

What we will do with your data

Personal data about our customers is an important part of our business. We process your personal data on the basis that we have a legitimate interest in providing you with the service(s) for which you are applying or have taken.

As part of the application process, our legitimate interest extends to the prevention of fraud and money laundering to protect you, the wider public and our business.

To comply with our legal obligations, and for our legitimate interests, we will use your data to:

  • Create and manage your inFund account.
  • Help identify you when you contact us, for your protection and for ours.
  • Perform a credit assessment on your business which lets us assess affordability.
  • Conduct personal credit checks on the directors/shareholders of the business as part of the application.
  • Conduct our data analysis and modelling which enhances the products we can offer you or which you have already taken.
  • Offer you suitable products and services (which you can choose to opt-out from).
  • Help us carry out marketing analysis and customer profiling (including with transactional information), conduct research, including creating statistical and testing information – all to enhance our products and services to you.
  • Help to prevent and detect fraud or loss.
  • Help us to contact you in any way (including mail, email, telephone, visit, text or multimedia messages) about products and services offered by us where

Our legitimate interests

  • The initial assessment of you and your business for the purpose of providing a financial product.
  • The ongoing assessment and monitoring of you and your business in respect of any of our services or products used by you.
  • The appropriate management of our relationship with you.
  • The improvement of our products and services, offered to you or used by you.

Data sharing

We will not disclose your personal data to any third party except in accordance with this Privacy Policy.

We may allow other people and organisations to use personal data we hold about you in the following circumstances:

  • If we, or substantially all of our assets, are acquired or are in the process of being acquired by a third party, in which case personal data held by us, about our customers, will be one of the transferred assets.
  • If we have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings.
  • If we are working with any of the following third-party processors as part of us providing our services and products to you:
    • Software platforms which enable us to provide services to you and your business (e.g. email processors, data storage, website hosting, database hosting, data extraction)
    • Telecommunications and postal mail services
    • Social media sites: in the event you choose to post on our social medial sites
    • Referral platforms through which you have reached us and which we update with the outcome of your registration and/or application.
    • Credit reference agencies – see section below.
  • In the event we need to instruct third parties to act on our behalf in order to collect an outstanding debt.

In any event, where we allow other parties to use personal data we hold about you, those parties are bound by strict contractual provisions with us and only have access to personal data needed to perform their functions and may not use it for other purposes. Further, they must process the personal data in accordance with this Privacy Policy.

Credit reference agencies

When we undertake a credit check on you, the credit reference agency will require from us your name, date of birth and address history. This information is entered on the credit reference agency form each time we undertake the check which may be before you take a loan, during your loan and after your loan. We and they may keep a record of the search. Information held about you by these agencies may be linked to records relating to other people living at the same address with whom you are financially linked. These records will also be taken into account in credit and fraud prevention checks.

Information from your application and payment details of your account will be recorded with one or more of these agencies and may be shared with other organisations to help make credit and insurance decisions about you and members of your household with whom you are financially linked and for debt collection and fraud prevention. This includes those who have moved house and who have missed payments.

Data outside the European Union

When sharing your personal data with third-party processors, the data may be stored on databases outside of the EU.

We impose contractual obligations in such circumstances in order to protect your data to the standard required in the EU and ensure that your data and privacy rights are not infringed. Third-parties may be required to subscribe to recognised international frameworks intended to enable secure data sharing; reference the ICO ( for further information.

False information

If you provide false or inaccurate information to us and we suspect fraud, we will record this and may share it with other people and organisations. We, and other credit and insurance organisations, may also use technology to detect and prevent fraud.
If you need details of those credit agencies and fraud prevention agencies from which we obtain and with which we record information about you, please write to our Data Protection Officer using the details above.

Providing data on behalf of someone else

Where you give us personal data on behalf of someone else, you confirm that you have provided them with the information set out in this Privacy Policy and that they have not objected to such use of their personal data.

Automated decisions

Our process includes automated decisions which determine whether or not we will lend to you or your business, and the terms of any loan to which we agree.

Whilst automated decisions are necessary for the entry into and the performance of the Loan Agreement with you, you may wish to request human intervention or challenge a decision in certain circumstances. If you want to know more, please contact us using the details above.


  • We will retain data about you based on the purposes for which we hold it.
  • We will delete data at your request, if you do not have an active loan with us or if we are not required to retain it for regulatory or legal purposes.
  • If you have not requested it to be deleted, we will retain your data for 10 years after your most recent activity on your account or following the completion of your most recent loan.
  • We may keep your personal data for a longer period where it is necessary for legal, regulatory or operational purposes.

Protecting data

  • We have strict security measures to protect personal data.
  • We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.
  • We employ account security and segregation so that only the relevant employees have access to specific information we hold about you.
  • We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information. Our security procedures mean that we may occasionally request proof of identity before we disclose personal information to you.
  • It is important for you to protect against unauthorised access to your password and to your computer. Be sure to sign off when you finish using a shared computer.

Your rights

You have the right to complaint to the ICO ( or another supervisory authority.

GDRP and our own policy ensures that your data is protected by the following legal rights:

  1. The right to be informed
    • Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR

  2. The right of access
    • You have the right to access your personal data.
    • This is commonly referred to as subject access.
    • You can make a subject access request verbally or in writing by using the contact details above.
    • We will respond to your request within a month of receiving it.
    • In most circumstances we do not charge a fee to deal with a request.

  3. The right to rectification
    • The GDPR includes a right for you to have inaccurate personal data rectified, or completed if it is incomplete.
    • You can make a request for rectification verbally or in writing by using the contact details above.
    • We will respond to your request within a month of receiving it.
    • In certain circumstances we can refuse a request for rectification.

  4. The right to erasure
    • The GDPR introduces a right for you to have personal data erased.
    • The right to erasure is also known as ‘the right to be forgotten’.
    • You can make a request for erasure verbally or in writing by using the contact details above.
    • We will respond to your request within a month of receiving it.
    • The right is not absolute and only applies in certain circumstances.

  5. The right to restrict processing
    • You have the right to request the restriction or suppression of your personal data.
    • This is not an absolute right and only applies in certain circumstances.
    • When processing is restricted, we are permitted to store the personal data, but not use it.
    • You can make a request for erasure verbally or in writing by using the contact details above.
    • We will respond to your request within a month of receiving it.

  6. The right to data portability
    • The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
    • It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
    • Doing this enables you to take advantage of applications and services that can use this data to find them a better deal or help them understand their spending habits.
    • The right only applies to information an individual has provided to a controller.

  7. The right to object
    • The GDPR gives you the right to object to the processing of your personal data in certain circumstances.
    • You have an absolute right to stop your data being used for direct marketing.
    • In other cases where the right to object applies we may be able to continue processing if we can show that we have a compelling reason for doing so – e.g. you have an active loan with us.
    • You can make a request for erasure verbally or in writing by using the contact details above.
    • We will respond to your request within a month of receiving it.

  8. Rights in relation to automated decision making and profiling.
    • The GDPR has provisions on:
      • automated individual decision-making (making a decision solely by automated means without any human involvement); and
      • profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.
    • The GDPR applies to all automated individual decision-making and profiling.
    • Article 22 of the GDPR has additional rules to protect individuals if we are carrying out solely automated decision-making that has legal or similarly significant effects on you.
    • We can only carry out this type of decision-making where the decision is:
      • necessary for the entry into or performance of the Loan Agreement; or
      • authorised by Union or Member state law applicable to the controller; or
      • based on your explicit consent.
      In our case, the automated decision is necessary for the entry into and the performance of the Loan Agreement with you.

Please contact us using the details above for more detailed information on your rights

The internet

If you communicate with us using the internet, we may occasionally email you about our services and products. When you first give us personal data through the Website, we will normally give you the opportunity to say whether you would prefer us not to contact you by email. You can also always send us an email (at the address set out above) at any time if you change your mind.

Please remember that communications over the internet, such as emails and webmails (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered - this is the nature of the internet. We cannot accept responsibility for any unauthorised access or loss of personal data that is beyond our control.


When we provide services, we want to make them easy, useful and reliable. This sometimes involves placing small amounts of information on your computer. These are called 'cookies'.

These cookies cannot be used to identify you personally and are used to improve services for you, for example through:

  • Letting you navigate between pages efficiently
  • Enabling a service to recognise your computer so you don't have to give the same information during one task
  • Recognising that you have already given a username and password so you don't need to enter it for every web page requested
  • Measuring how many people are using services, so they can be made easier to use and that there is enough capacity to ensure they are fast

To learn more about cookies, see:

Users typically have the opportunity to set their browser to accept all or some cookies, to notify them when a cookie is issued, or not to receive cookies at any time. The last of these options, of course, means that personalised services cannot be provided and the user may not be able to take full advantage of all of a website's features. Refer to your browser's Help section for specific guidance on how it allows you to manage cookies and how you may delete cookies you wish to remove from your computer. Here are some helpful links:

Please note that web browsers may change the location of the information on cookies. If one of these links is broken, please refer to your browser’s Help section for specific guidance.

Multiple cookies may be found in a single file depending on which browser you use.

The cookies used on this website have been categorised based on the categories found in the ICC UK Cookie guide, as follows:

Category 1: strictly necessary cookies

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.

Category 2: performance cookies

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how a website works.

Category 3: functionality cookies

These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as a live chat session. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

Category 4: targeting cookies or advertising cookies

These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.

The list below shows the cookies that we use, other than those that are strictly necessary to this service. If you have any queries about these, or would like more information, please contact our Data Protection using the details above.

Cookie name Description
.ASPXAUTH This cookie is used for storing the email address you used for your most recent log in. The email address is encrypted.
fvppinFund This cookie is used to log that you have closed the information message about the use of cookies which appears on each page.
.AspNet.ApplicationCookie This cookie is used to authenticate visitors with the Server. The information contains the user ID and is encrypted.
.ASP.NET_SessionId This is a cookie which is used to identify the user’s session on the Server. The session is used to store data between http requests.
RequestVerificationToken This cookie is used for preventing AntiForgery token attack.


The Website may include third-party advertising and links to other websites. We do not provide any personally identifiable customer personal data to these advertisers or third-party websites.

These third-party websites and advertisers, or internet advertising companies working on their behalf, sometimes use technology to send (or 'serve') the advertisements that appear on the Website directly to your browser. They automatically receive your IP address when this happens. They may also use cookies, JavaScript, web beacons (also known as action tags or single-pixel gifs), and other technologies to measure the effectiveness of their ads and to personalise advertising content. We do not have access to or control over cookies or other features that they may use, and the information practices of these advertisers and third-party websites are not covered by this Privacy Policy. Please contact them directly for more information about their privacy practices. In addition, the Network Advertising Initiative offers useful information about internet advertising companies (also called 'ad networks' or 'network advertisers'), including information about how to opt-out of their information collection.

We exclude all liability for loss that you may incur when using these third-party websites.

Further information

If you would like any more information or you have any comments about our Privacy Policy, please contact us using the details above.

We may amend this Privacy Policy from time to time without notice to you, in which case, we will publish the amended version on the Website. You confirm that we shall not be liable to you or any third party for any change to this Privacy Policy from time to time. It is your responsibility to check regularly to determine whether this Privacy Policy has changed.

You can ask us for a copy of this Privacy Policy and of any amended Privacy Policy by contacting us using the details above.