Privacy Policy

Read our Privacy Policy which outlines how we protect your data

Currently, data protection is regulated by the Data Protection Act 1998. The new General Data Protection Regulation (GDPR) will come in force on the 25th of May 2018 but this Privacy Policy highlights your privacy rights. This Privacy Policy will be updated from time to time and will be available for review on the Fleximize website. 

Who is Alterium Group of Companies 

Alterium and its Group of Companies is made up of Alterium Limited (ZA021336) Fleximize Limited (ZA021338), Fleximize Capital Limited (ZA244436) & Fleximize Services Limited (ZA046956), hereinafter referred to “we” or “us”.

You can contact our Data Protection Officer on the below details, if you have any queries/comments on this Privacy and Cookies Policy.

The Data Protection Officer Holbrook House, 51 John Street, Ipswich, IP3 0AH 

Email:  Telephone: (+44) 02071000110

Use of your personal information

This Privacy Policy informs you of your rights under the GDPR. It also informs you of the way we look after your personal data and includes the information we collect from you about yourself, your business and any linked associates, data we collate during the relationship of you being our customer, and your marketing preferences in respect to our products and services. This Privacy Policy explains and governs:

We commit to protect your data and keep it safe and secure, and to provide you with a simple way to have control over, manage and review your marketing preferences at any time you wish.

We advise you read this Privacy Policy carefully. By accessing and using our website, you confirm that you have had an adequate opportunity to read this Privacy Policy, you understand it and you agree to be bound by its terms. If you have any queries, you can email us at or call us on (+44) 02071000110 but if you do not want to be bound by the terms of use of our website and this privacy policy, you must immediately cease use of our website.

We will amend this Privacy Policy from time to time in order to comply with the applicable laws and regulations and to meet our changing business requirements. You are advised to periodically review this Privacy Policy for the latest amendments. By continuing to use our website you are bound by all updates and changes made to it.

Your protection under the law

In addition to our commitment to protect your personal data, your privacy is also protected under the law. An explanation on how it works is provided below.

Under GDPR, we are authorised to use your personal data only if we have an appropriate reason for doing so and this may involve sharing it with third parties, if it is based on one or more of the following: 

Legitimate Interest

A legitimate interest is one of the six bases for processing your personal data under the law. However, we must do so in a lawful, fair and transparent manner.  We will rely on legitimate interest only where we have a business or commercial reason to use your personal data but will not allow it to unfairly go against your interests. We have highlighted below when and for what purpose we rely on our legitimate interest as a basis to process your personal data. 

Purpose for which your personal information is used. The bases we rely on Our legitimate Interests
• Managing and maintaining of our ongoing relationship with your business.

• Your unambiguous consent.

• Fulfilling our contractual obligations.

• Updating our records, developing new products and services, working on new pricing and providing you with updates on it.

• Performance of our marketing functions and developing new strategies.

• Developing and maintaining customer’s relationship, their needs and developing strategies for business growth.

• Analysis of customers’ use of our products and services and those of our third parties.

• Our legitimate interests.

• Our legal obligation.

• Obtaining your consent on certain matters where we are required to contact you.

• To fulfil our legal and contractual duties efficiently.

• Managing, developing and testing new products and services and ongoing maintenance of our brand.

• For ongoing maintenance of our relationships with third party service providers to both ourselves and our customers.

• Fulfilling contractual obligations.

• Our legitimate interests.

• Our legal obligation.

• Developing new products and services, defining the customers for which they are relevant and determining the pricing.

• To fulfil our legal and contractual duties efficiently.

• Promoting and delivering our products and services.

• Performing credit checks on applicants, directors, partners, shareholders and any linked “financial associates” (i.e. person who may have joint personal financial arrangement such as joint accounts or joint credit applications, which may be your spouse or partner).

• To manage the amount lent, interest, charges, fees and legal costs in relation to our customers.

• For debt collection and recovery.

• Fulfilling contractual obligations.

• Our legitimate interests.

• Our legal obligation.

• To fulfil our legal and contractual duties efficiently.

• Complying with regulations that apply to us.

• To fulfil our obligations in the prevention of financial crime including fraud and managing the risk.

• To adhere to all laws and regulations applicable to us.

• Complaints management.

• Fulfilling contractual obligations.

• Our legitimate interests.

• Our legal obligation.

• Developing ways to deal more efficiently with financial crime whilst fulfilling our legal duties.

• Fulfilling our legal duties.

• To fulfil our legal and contractual duties efficiently.

• Efficient management of the business including day to day operations, corporate governance and audit.

• Fulfilling contractual obligations.

• Our legitimate interests.

• Our legal obligation.

• Adhering and complying with all legislations and regulations.

• To fulfil our legal and contractual duties efficiently.

• To exercise our rights set out in agreements or contracts.

• Fulfilling contractual obligations.

Types and Sources of Personal Information

During your interaction with us, we collect different kinds of personal information on you, your business and your linked associates. Below is a list of all the different types of information we collect: 

Personal information Description
Financial Information

The financial position of your business, (i) your personal position, credit status and history (ii) credit history of any linked financial associates i.e person with whom may have or had a joint personal financial arrangement such as joint accounts or have made joint credit applications which may be your spouse or partner (not a business partner). We may check the records, including the credit details of other individuals acting as personal guarantors to the loan application. (iii) if the applicant is a limited company, the credit history and status of each director and shareholder and their financial associates. (iv) if the applicant is a sole trader or a partnership, the credit history of the sole trader or each partner and their financial associates. The financial information we may access through our trusted partner will cover your business data, customer data, supplier data, invoice (sales invoice) data, bill (purchase invoice) data, credit note data, payments data, profit & loss data, balance sheet. 

Contact Details

The registered and trading address of your business, personal and business phone number supplied and email address of applicants, directors, partners, shareholders and linked associates.

Transactional Details

Details about payments to and from your bank account, bank statements you submit to us through our portal or our trusted partner. All deposits made by us and all payments made by the business and yourself to us. Management Information or additional information you provide on your business.


Information on the financial products and services we have provided to you.


Location and device data from which you are applying for a loan, i.e. your phone, the IP address on connecting to your internet, the operating system and the browser type.


Details on the devices and technology you use to apply for a loan with us, browse our website and manage your account.


Includes all exchanges between yourself and us including letters, emails, face-to-face interactions and telephone conversations (included by way of recorded calls).

Public Records

Details about your business, yourself, your financial associates; details about you that are in public records such as companies house, electoral register; and information about you that is openly available on the internet.

Identification and Verification data

Details about you that are stored in documents in different formats, or copies of them. This could include documents such as your passport, drivers licence, utility bills or other verification of residential address and may extend to other directors, shareholders and partners and their linked financial associates.


Any permissions, consents or marketing preferences that you provide to us.

At the loan application stage, we may collect personal information about you and your business in order to provide your business with our products and services: 

In addition to the above, we can also access your personal information from a number of third parties we work with such as third party brokers, affiliates and other third-party introducers that introduce you to us,  credit reference agencies (CRAs), comparison websites, social networks such as Facebook, Twitter and LinkedIn, Land Registry, property search engines, Companies House and Creditsafe, debt recovery agents, external solicitors for loan arrangement and debt recovery, market research agents, and law enforcement agencies. 

The different types of data we collect on you and your business in order to provide you with our products and services includes the following: 

Third Parties we share your personal information with

We may use third parties to process your information on our behalf for the purpose of providing our products and services.

We require all the third parties we use to comply strictly with our instruction and they should not use your personal information for their own business purposes unless you have unambiguously consented to the use of your personal information in this way. 

We will take all the necessary steps required to ensure that any transfer and ongoing processing by those third parties is carried out securely and in accordance with applicable data protection regulation and privacy laws. Examples of the third parties we share your information with are as follows:

Automated decisions

We may make automated decisions based on personal information we hold about your business, yourself, directors, shareholders, personal guarantors and any linked associates. Automated decisions assist us in making decisions which can affect the products, services and pricing.  

(i) Approving Credit

We use an automated system to run your application through our initial lending criteria to determine if we are able to provide funding to your business. Your application will either be accepted or rejected based on the criteria set by ourselves. We also use credit data to assess the creditworthiness of your business and the likelihood you will pay back any money you borrow. This includes data about your credit history and that of your business.  In addition to the credit score of the directors and that of the business, we may also consider additional information including other financial information to be able to reach an overall decision to lend.

(ii) Statistical Analysis

We may carry out periodic statistical analysis or testing to ensure the accuracy of existing and future products and services. To that effect, we may place you in segments to understand our customers’ needs and manage our relationships with them. 

(iii) Prevention of Money Laundering

We may use  personal information to (i) verify your identity, the directors, partners, shareholders, personal guarantors and that of your financial associates (ii) undertake checks for the prevention and detection of crime, fraud and/or money laundering (iii) identify if your personal or business information have been used for fraud or money laundering purposes and where we believe that there is such a risk, we will report  our suspicion to the National Crime Agency as required by law.

(iv) Pricing

We may decide what to charge for our products and services based on credit risk data analytics.

(v) Your rights over automated decision

Under GDPR, you have rights to request that our initial decision to accept or reject your application is not based on the automated decision only or you can object to the latter or request for the decision to be reviewed.

Please contact us on if you wish to have more information about these rights.

Credit Reference Agencies (CRAs)

We carry out credit and identity checks with at least two CRAs when you apply for a loan for your business.

On submitting the application, you agree that you have the full consent of all parties and any linked “financial associates” i.e. a person with whom you may have had or have a joint personal financial arrangement such as joint accounts or have made joint credit applications which may be your spouse or partner, or civil partner.

If the applicant is a sole trader, we may check any financial associate. If the application is for a business partnership, we may check each partner and their financial associates and where the application is for a limited company, we may check each director, shareholder and their financial associates. The credit file of all personal guarantors may also be checked. By submitting any application form, you agree that you have the full consent of each related party.

We will share personal information such as name, residential address, date of birth, telephone number, email address of directors, shareholders, personal guarantors, linked associates including business details with the CRAs. The latter will provide us with the financial situation and credit history information on the business and the individuals including their linked financial associates. Public information from the electoral register, Companies House, county court judgments, bankruptcies and fraud prevention/anti money laundering information will also be provided. 

We will use the information received from the CRAs to: 

Where you borrow from us, we will give details of your accounts and how you manage it to CRAs. We will continue to share your personal information with CRAs if you are our customer, and these will include information on your loan, current balance and repayment history. 

The above information may be shared by the CRAs with other lenders who may want to check your credit status and that of your business.

Searches we undertake on your credit file will leave a footprint and may impact your credit file. In most cases, the footprint left will be a director search. All the footprints may be seen by other lenders. 

Where you are making an application with someone else or you tell us you have a spouse, partner or civil partner or that you are in business with other partners or directors, we link and search information about you and your associates at the CRAs.

CRAs will also link your records together and these links will remain on your credit files until you or financial associate provides proof to the CRAs that you are no longer financially linked.

You can contact the CRAs currently operating in the UK in order to check the information they hold about you.  The information they hold may not be the same, so it is worth contacting them all. Below are links to the Credit Reference Agency Information Notice which provide information about them, the data they hold, how it is shared and your data protection rights.

Callcredit Equifax Experian

Fraud Prevention

As part of our application process, we will need to confirm the identity of your business, your own identity, the identity of the directors, shareholders personal guarantors and linked financial associates and therefore exchange your personal information with CRAs in order for them to assist.

Both ourself and the CRAs can only use your personal information if we have a proper reason to do so; such as to obey the law or where we rely on legitimate interest and it should not unfairly go against what is best for you. The following information will be shared with the CRAs:

Information from the CRAs will help us conduct the following:

Where we suspect fraud or money laundering, the CRA and us may share your personal information with law enforcement agencies.  

As far as fraud and money laundering prevention is concerned, we shall keep your data as for as long as we exist. However, the CRAs may keep them for a different length of time.

We may submit the information you provide to us through our automated system that will identify fraud patterns and indicate unusual activities for you and your business. Either of these could indicate a possible risk of fraud or money-laundering and where that is the case, we will reject your application and report it to the National Crime Agency accordingly. We and the CRAs may keep a record of the risk you or your business pose to our business.

Overseas Transfers

We may transfer your personal information to countries outside the European Economic Area (EEA). If your information is transferred to or is accessible, in any countries which is not considered by the European Community to adequately protect personal data, we will always take steps to ensure that your information is protected, and those transfers comply with applicable privacy laws.  We may transfer your information to other countries, including those outside the European Economic Area, either for storage and back up purposes or if we engage suppliers, sub-contractors or third-party data processors who are based or have operations overseas. We will always take steps to ensure that your information is protected and that those transfers comply with applicable privacy laws.

Transferring data outside of the EEA 

We will only send your data outside of the EEA to:

Where we send data outside of EEA (other than the USA), we have in place a Model Contract with the Processor that imposes similar requirements on them whereby, we have required them to implement similar data protection standards as applicable to us. We have also assessed the security measures in the processor’s business to ensure the processing of data is effected as per the standards of the new data protection law.

Where we send data to the USA, we will ensure that we transfer to organisations that are certified under the EU-US Privacy Shield. This means that your data will be processed and protected under the same standards as imposed by the data protection regulation within the EEA. 

Marketing from us and Member Benefit Schemes

As part of our marketing strategy, we may use your personal information to analyse which products, services and offers may be relevant for you.

We may use your personal information to send you marketing messages in relation to our products and services and to advise you of offers available to yourself via the Member Benefit Schemes based on legitimate interest. That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.

As a member, you will have full control over your marketing preferences with us and would be able to activate and access carefully selected offers from our trusted third-party partners that we believe will be of added value to your business.  We will generally update your members area with offers available to you, but we may also send you emails or letters by post to inform you of new and relevant offers. We will not pass your personal data to these organisations unless you request this or redeem an available offer. If you do not wish to receive updates on third-party offers, you can opt-out via your member area.

You can ask us to stop sending you marketing messages by updating your marketing preferences by logging in your member’s area.  However, you will still receive mandatory and key service communications such as any changes to your existing products and services with us.

We may ask you to confirm or update your choices, if you take out any new products or services with us in future. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business.

If you change your mind you can update your choices at any time in your member’s area.

Referring to Third-Party Providers

In the event, your business does not satisfy our lending criteria and we cannot lend to you, we may where you have consented to it, pass your personal details such as your name, email address, contact details, credit application to third party lenders and brokers who may assist you in obtaining credit.  You will be contacted directly by them to discuss your credit application. We will also pass the credit data of your business, the directors and personal guarantors to our trusted partners who we have outsourced certain activities to. 

Period of time we can retain your personal information 

We will keep your personal information for up to 6 years after your account is closed. If for any technical, regulatory, legal reasons or research and statistical purposes we are unable to delete your personal data, we may keep it longer than 6 years but will ensure your privacy rights are always protected. For incomplete applications, personal information will be deleted after 6 months.

How to access your personal information

You have the right to access the personal information we hold about you and request details of the third parties with whom we have shared your information by emailing us on or writing to us at this address: Holbrook House, 51 John Street, Ipswich, IP3 0AH. This is sometimes called “Subject Access Request”. If we agree that we are obliged to provide personal information to you, we will provide it to you free of charge and respond to your request data within 30 days. If we cannot, we will inform you and respond within a further 60 days.  Before providing the personal information to you, we may request for proof of your identity and verification of address.

Telling us your personal information is incorrect

You have the right to request us to amend or remove incorrect or incomplete information we hold about you. You can email us on or write to us at this address: Holbrook House, 51 John Street, Ipswich, IP3 0AH.

If you do, we will comply promptly with your request within 30 days and let you know we have done so. However, where we are not obliged to comply with your request, we will inform you of the reasons behind our decision.

How to stop or limit the processing of your personal information?  

Under the new data protection law, you have the right to object, right to erasure and the right to be forgotten. This means that if you request us to delete, remove, stop, limit or object to us using your personal data, we may have to comply with your request as defined below.

Where your data is not accurate, has been unlawfully used, is no longer relevant and/or where you have requested us to stop using your data already, you have the right to request us to restrict the use of your personal information. Under these circumstances, we would not make use or share your information and act on your request within 30 days of receipt. However, there will be circumstances where we will be bound by our legal and contractual obligations and will not be able to fulfil your request. 

If you wish to object to how we use your data, or ask us to delete it or restrict how we use it or, please contact us on

Where we have made the personal data public and you want to exercise your right to be forgotten, we shall take reasonable steps to inform the other parties to whom your information has been passed. 

Not providing your personal information

We may need to collect personal information by law, or under the terms of a contract we have with you.

If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts. It could mean that we cancel a product or service you have with us. Any data collection that is optional would be made clear at the point of collection.


Please let us know if you are unhappy with how we have used your personal information. You can email us on You also have the right to complain to the Information Commissioner’s Office where their website will provide details. 

Data Portability

Under the new regulation, you have the right to data portability, whereby you have the right to request us to transfer your personal data from us to another service provider in a safe and secure manner and in a format that can be easily re-used. You can also ask us to pass on your personal information in this format directly to other organisations.

We will provide this information within a month and where we cannot meet such a request, we will respond within the next 2 months, but we will advise you why an extension is required.  In the event we cannot meet such a request, we will explain the reasons to you within a month of your request and also inform you of your right to complain to the Information Commissioner’s Officer; and right to a judicial remedy without undue delay. 


To find out more about how we use cookies please see our cookie policy.

Linked Websites

For your convenience, hyperlinks may be posted on the Websites that link to other websites (the “Linked Sites”). We are not responsible for, and this Privacy Policy does not apply to, the privacy practices of any Linked Sites or of any complaints that we do not own or control. Linked Sites may collect information in addition to those we collect on our websites and therefore we do not endorse any of these Linked Sites nor the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the Privacy Policy of each Linked Site that you visit to understand how the information that is collected about you is used and protected.