Privacy Notice

This privacy notice sets out how DSL Business Finance Ltd uses and protects any personal information that you provide.

We are committed to ensuring that your privacy is protected. Where we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this Privacy Notice.

We may change the policy contained in this notice from time to time by updating this page

You should check this page from time to time to ensure that you are happy with any changes. This notice is effective from 1 June 2021.

As a responsible lender, DSL Business Finance Ltd has a legal obligation to take steps to ensure that our customers are creditworthy.

We use a variety of methods to try to make sure that we do not lend money to business and/or people who are in financial difficulty. One of these is to carry out a credit reference check. In
order to do this, we shall pass the personal data that you provide to us in your loan application to a credit reference agency (CRA) called Perfect Data Solutions Limited which trades as Lending Metrics. Lending Metrics provide us with data about a customer’s credit history and borrowing habits. You can contact Lending Metrics at Lancaster Court, 8 Barnes Wallis Road, Fareham, Hampshire, PO15 5TU in writing to request the information that they hold about you (please note, a small statutory fee may be payable).

Important –  Use of Your Personal Information by Credit Reference Agencies

We may use credit reference and fraud prevention agencies to help us make decisions. What we do and how both we and credit reference and fraud prevention agencies will use your information is detailed in the section called:

A condensed guide to the use of your personal information by ourselves and at Credit Reference and Fraud Prevention Agencies

By consenting to this Privacy Notice you are accepting that we may each use your information in this way.

A condensed guide to the use of your personal information by ourselves and at Credit Reference and Fraud Prevention Agencies


1)   When you apply to us for a loan, we will check the following records about you and others (see 2 below)

a) Our own database;

b) Those at credit reference agencies (CRAs). When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. They supply to us both public (including the electoral register) and shared credit and fraud prevention information.

c)  Those at fraud prevention agencies (FPAs).

We will make checks such as; assessing this application for credit and verifying identities to prevent and detect crime and money laundering. We may also make periodic searches at CRAs and FPAs to manage your account with us.


CRAs that we use include:


Equifax Ltd
Customer Service Centre
PO Box 10036

Experian Ltd
PO Box 9000

NG80 7WP

Perfect Data Solutions Limited
(trading as LendingMetrics)
Lancaster Court
8 Barnes Wallis Road
Fareham, PO15 5TU

If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together so you must be sure that you have their agreement to disclose information about them. CRAs also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.


Information on applications will be sent to CRAs and will be recorded by them. Where you borrow from us, we will give details of your accounts and how you manage it/them to CRAs. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs and FPAs to perform similar checks and to trace your whereabouts and recover debts that you owe. Records remain on file for 6 years after they are closed, whether settled by you or defaulted.


If you give us false or inaccurate information and we suspect or identify fraud we will record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention.


If you have borrowed from us and do not make payments that you owe us, we will trace your whereabouts and recover debts.


Your data may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law or where permitted under the terms of data protection Laws.


How to find out more

This is a condensed version and if you would like to read the full details of how your data may be used please visit or phone 0141 425 2930 or ask one of our staff.

Alternatively, you can contact Lending Metrics at Lancaster Court, 8 Barnes Wallis Road, Fareham, Hampshire, PO15 5TU in writing to request the information that they hold about you (please note, a small statutory fee may be payable).

By consenting to this Privacy Notice, you give your consent to your personal data being used passed to and used by us, CRAs and FPAs.



Open Banking

This section of our Privacy Policy relates to Open Banking and should be read in conjunction with the other clauses in our Privacy Policy. In the event of conflict with any other clauses, this clause shall prevail.

How will my business and/or personal data be shared and used for the purposes of Open Banking?

By proceeding with your loan application via our website you expressly consent to us sharing your business and/or personal, contact and loan application details (“the Shared Business and/or Personal Data”) with our registered Open Banking partner, Perfect Data Solutions Limited (“PDS”) which is also a credit 25 reference agency. During your loan application we will safely and securely direct you to PDS’s secure portal (“the Portal”) for the purposes of granting PDS access to your bank or building society account information (“Transaction Information”).
As soon as your Transaction Information is received it shall be reported back to us in the form of a completed search in order that we may continue to process your loan application (“the Permitted Purpose”).

Further information about PDS including its registered provider and regulatory status is available from


Is Open Banking secure?

PDS is registered under the Open Banking Directory as an account information service provider and is also regulated by the Financial Conduct Authority as a payment services firm under number 802599. Any data you submit via the Portal will be encrypted and its usage tracked as part of set Open Banking data security standards.

We are responsible for the secure transmission of any Shared Business and/or Personal Data to PDS, for safely directing you to the Portal and for the safe receipt and usage of your Transaction Information.

You will not be required to share your banking password or log in details with either us or PDS.  Once you have given your explicit consent to share your bank account information on the Portal you will be directed to your own bank or building society’s login page where you will enter in your own login details directly.

Save as set out above or elsewhere in this Privacy Policy, we are not responsible for your direct data transmissions with PDS or with your own bank or building society.

How will my Shared Business and/or Personal Data and Transaction Information be used?

PDS shall, subject to its own terms and conditions and privacy policy, and, if your bank or building society is registered to provide access under the Open Banking Directory, obtain your Transaction Information and submit this back to us for the Permitted Purpose. By way of example, the Transaction Information that we shall receive is likely to include information relating to your income, outgoings and credit worthiness.

PDS shall be entitled to re-access your Transaction Information for up to 90 days from the date of your original search result in order to refresh the search results, obtain a snapshot of your data or gather additional data.

PDS shall hold the Shared Business and/or Personal Data and the Transaction Information it receives and retains according to its own terms and conditions and privacy policy, available on the Portal, which you will be required to read and consent to once directed there via our website.

As PDS is also a credit reference agency it may also share and keep a record of your Shared Business and/or Personal Data and Transaction Information


Will you use my Transaction Information data for any other purpose?

The Transaction Information we receive about you will only be used for the Permitted Purpose.  We do not sell or share Transaction Information with any third party.

Save as set out above the information contained in the rest of this Privacy Policy deals with how we collate, use, transfer, store, delete and other terms applicable to your business and/or personal data including Shared Business and/or Personal Data and Transaction Information.


Do I have to provide you with my consent to proceed?

We require your consent to the use of Open Banking in order for us to conduct searches against your bank account(s).  We ask you to indicate your consent (where applicable) at the end of this Privacy Notice.
As an alternative to Open Banking, you may provide us with your last
3 months consecutive business bank statements in hard copy.

Where your bank or building society has already permitted access to your Transaction Information you will need to contact them directly in order to withdraw your consent under their particular Open Banking terms and conditions.

Are any of my other rights under this Privacy Policy affected?

Your individual data protection and privacy rights including the right to access, correct, delete, object, restrict, withdraw consent, request transfer and/or make a complaint, continue to apply to relevant business and/or personal data we control or process and are dealt with elsewhere in this Privacy Policy.

Under Open Banking, because your business and/or personal data is shared by your bank or building society and accessed by PDS you may also be able to exercise your individual data protection and privacy rights against either of them pursuant to their own terms and conditions and privacy policies.


Who is responsible for your business and/or personal data?

DSL Business Finance Ltd (DSL), a Company registered under the Companies Acts under Company Number SC145739 with its registered office at Moorpark Court, 5 Dava Street, Govan, Glasgow, G51 2JA (“DSL”) is responsible for your business and/or personal data in the capacity of data controller and will comply with the General Data Protection Regulation 2016 in respect of any processing of your business and/or personal data.

What information is collected about you and how is it collected?

DSL will collect data about you (including your name, address, telephone number email address, financial information and information relating to your gender and ethnicity). We may collect this information from: 

You; and from third parties, including your bank, credit reference agencies. Credit reference agent data may include public, electoral register, shared credit and fraud prevention information. Where a credit reference check is carried out this will leave a footprint on your credit file and could be seen by other lenders. 

 Why do we collect this information and how will it be used?

DSL Business Finance Limited will use the business and/or personal information you have given us to assess your eligibility for funding, to provide the services you have requested from us, the administration of those services (including carrying out risk assessments) for the purposes of processing and administering your loan application; to comply with our obligations under the law (including fraud prevention) and to comply with our reporting and auditing requirements with third party funders and agencies and for statistical and research purposes.

We will only use information about your ethnicity for the purposes of monitoring and promoting equal opportunities.

It might sometimes be necessary for us to transfer your business and/or personal information outside of the European Economic Area (EEA) to locations that may not provide the same level of protection as the UK.  However, we will only transfer your business and/or personal information out of the EEA if we have put in place appropriate safeguards and protections as stated under UK law for example by the use of a data-transfer agreement incorporating certain standard model protection clauses.  

Who will we share your data with?

As well as the CRAs and FPAs discussed above, we may share your details with our business partners to whom your loan relates which includes the British Business Bank, Scottish Growth Scheme – DSL Business Finance Microfinance LP, Scottish Government, The Start Up Loans Company, Falkirk Council, Westray Development
Trust, Rousay, Egilsay & Wyre Development Trust and their auditors, Business Gateway, Local Authorities, banks and other professional bodies associated with regulated activities including DSL’s auditors.  DSL will also share your business and/or personal data with its panel members who assess any loan applications on behalf of DSL.  DSL will ensure that it puts in place a suitable data sharing agreement with these panel members in order to ensure that the data is used in accordance with your loan application and for no other purposes.  We require that all parties with whom we share your business and/or personal data treat your business and/or personal information as confidential and as securely as we do and that they comply with the requirements of the General Data Protection Regulation 2016.

We may share statistics and customer profiling information with third parties and within the CEIS and DSL Group but you will not be identifiable.

To the extent that we assess your application using the information provided within this application form and are of the view that your circumstances may be better suited to a different loan fund, we may use the information that you have provided us in assessing your suitability for funding under that different loan fund.  This may
require us to share your business and/or personal data with the relevant bodies connected with that different fund.  To the extent that this is the case, you hereby consent to us sharing your business and/or personal data with these bodies. 

Where we have your consent to marketing communications, we may disclose your business and/or personal data to DSL’s partners and other carefully selected partners such as our PR and Media Partner who may contact you by electronic means, including by email, SMS and/or voicemail, with offers about goods and/or services which they consider may be of interest to you.  Where you have not consented, this will not happen. 

How long we keep your information for

How long DSL keeps your information will depend on the purpose for which DSL requires to use it. DSL will only retain your business and/or personal information for as long as is necessary for those purposes.    Unless a longer retention period is required or permitted by law or by any organisation from which any loan funds you
receive requires of us, we will only hold your business and/or personal information on our systems for the period necessary to fulfil the purposes outlined in this Privacy Notice, or until you request it is deleted and we have no reason to continue to hold it.  In the event that your application is withdrawn by you or declined, your business
and/or personal data will be kept for a maximum of three months from the point of withdrawal or decline. If, having registered for any of our Services, you do
not use them for a reasonable time (which may vary depending on the Service(s) you’ve registered for) we may contact you to ensure you’re still happy to receive communications from us.  Even if we delete your business and/or personal information it may persist on backup or archival media for legal, tax or regulatory purposes.

 Your Rights

You will have the following rights:

(i)    Right
to access
: the right to request copies of your personal information from us;

(ii)   Right to
: the right to have your personal information rectified if it is inaccurate or incomplete;

(iii)  Right to
 the right to request that we delete or remove your personal information from our systems;

(iv)  Right to
restrict our use of your information
: the right to ‘block’ us from using your personal information or limit the way in which we can use it this includes a right to withdraw any consent which you may give us to process your personal information or receive marketing communications;

(v)    Right to data
: the right to request that we move, copy or transfer your personal information; and

(vi)  Right to
: the right to object to our use of your personal information including where we use it for our legitimate interests.

To make enquiries, exercise any of your rights set out in this notice and/or make a complaint please contact our Data Protection Officer, DSL Business Finance Limited, Moorpark Court, 5 Dava Street, Glasgow, G51 2JA