This privacy policy is issued by Maslow Capital LLP (Maslow) (registered number OC345252). Maslow is registered to process personal information with the UK regulator, the Information Commissioner’s Office (the ICO) with registration number ZA159232. Maslow respects your privacy and is committed to protecting it. Please read this privacy policy carefully as it gives you information about who we are, what personal information we collect, why we collect it, how you can access this and your rights in relation to it.
This privacy policy does not apply to any third-party websites that may have links to our own website.
Maslow is responsible for the collection and use of your personal information for the purposes described in this privacy policy and its contact details can be found in the “How to Contact Us” section below.
Clients of Maslow should read this policy alongside our Heads of Terms document, which provides further information on confidentiality.
This policy will update any previous information we have given you about using your personal information in relation to our business customer relationships. We’ll update this policy if we make any significant changes affecting how we use your personal information, and if so we’ll contact you to let you know about the change.
1. Key terms
In this policy:
reference to you is to:
- partners or trustees who have approached Maslow; or
- people to whom Maslow will send marketing and other similar communications; or
- the directors or owners of any incorporated entity (Corporate Entity) who have approached Maslow on behalf of the Corporate Entity.
For the avoidance of doubt reference to “you” does not refer to a Corporate Entity but as the context allows the relevant personnel of the Corporate Entity.
We, us or our means Maslow Capital LLP and each our group companies listed in section 2 below ‘About the Maslow Group‘.
personal information means any information relating to an identified or identifiable individual.
special category data means personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic data, biometric data (where used for identification purposes) and personal information concerning health, sex life or sexual orientation.
2. About the Maslow Group
Where we collect and determine the means of processing of your personal information, we are what is known as the ‘controller’ of your personal information. We will be a controller of your personal information when we collect your personal information from you and when we make decisions about what to do with your personal information and in those situations, this privacy policy will apply. There will be some instances where we will be a processor of your personal information e.g. where we act under the instructions of our lending partner in respect of your personal information in which case, the lending partner’s privacy policy will apply (for further information see below ‘Who we share your personal information with’).
When we say ‘Group’ we mean other members of our group of companies, including holding and subsidiary companies. The companies within our Group are:
- Maslow Capital Global Limited
- Maslow Capital Partners Limited
- Maslow Capital Advisers Limited
- Maslow Brokerage Limited
- Maslow Capital Advisers II Limited
- Maslow Capital Advisers III Limited
- Maslow Global Partners Limited
- Maslow Capital España S.L.
3. Personal information we collect about you
Before we arrange funding for any development, Maslow undertakes an underwriting process, which requires potential borrowers to send us personal information in order that we can make sufficient background checks, including Know Your Customer (KYC) and Anti-Money Laundering (AML) checks (Compliance Data).
The personal information we collect about you depends on the particular products we provide to you. We will collect and use the following personal information about you:
- your name and contact information, including email address and telephone number and company details;
- information to check and verify your identity, e.g. your date of birth;
- location data;
- copies of your ID e.g. passport, driver’s license;
- World check name match – search result;
- your professional online presence, e.g. LinkedIn profile;
- information to enable us to undertake credit or other financial checks on you;
- information about how you use our website, IT, communication and other systems;
- credit scores;
- information from the electoral roll;
- details of any disqualification from holding directorship;
- information provided by you on any heads of terms or pre-contractual documentation;
- details provided by you on our website enquiry form;
- detail on your assets and liabilities; and
We collect and use this personal information for the purposes described in the section ‘How and why we use your personal information’ below. If you do not provide personal information we ask for, it may delay or prevent us from providing products and services to you.
4. How your personal information is collected
We collect most of this personal information directly from you—in person, by telephone, text or email and via our website.
However, we may also collect information:
- from publicly accessible sources, e.g. Companies House or HM Land Registry;
- directly from a third party, e.g. sanctions screening providers; credit reference agencies and customer due diligence providers;
- from a third party with your consent, e.g. your bank or building society, another financial institution or advisor; your employer and/or trade union, professional body or pension administrators; or your doctors, medical and occupational health professionals;
- via our website — we use cookies and similar technologies on our website;
- from door entry systems and reception logs; and
- through automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.
5. How and why we use your personal information
Under data protection law, we can only use your personal information if we have a proper reason, e.g.:
- you have given consent — where we need your consent, we will ask for it separately of this privacy policy and you can withdraw consent at any time;
- to comply with our legal and regulatory obligations;
- to fulfil our contract with you or take steps at your request before entering into a contract; or
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your personal information, so long as this is not overridden by your own rights and interests. You have the right to object to processing based on legitimate interests. We must then stop the processing unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms or that the processing is required to establish, exercise or defend legal claims.
The table below explains what we use your personal information for and why.
For the purposes of this table, the different categories of personal information (Data Categories) have been grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, signature, National Insurance number and photographic identification data.
- Contact Data includes address, email address and telephone numbers.
- Financial Data includes bank account details.
- Transaction Data includes details about payments to and from you.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
- Profile Data includes your username and password, services used by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
| What we use your personal information for | Our reasons | Data Category |
| Providing services to you | To enable us to arrange financing for you or take steps at your request to facilitate the same | Identity
Contact Financial Transaction Marketing and Communications |
| Preventing and detecting fraud against you or us | For our legitimate interests, i.e. to minimise fraud that could be damaging for you, our funding partners and/or us | Identity
Contact Financial |
| Conducting checks to identify you and verify your identity
Screening for financial and other sanctions or embargoes Other activities necessary to comply with regulatory obligations that apply to our business or those of our funding partners |
Depending on the circumstances:
· to comply with our legal and regulatory obligations and those of our funding partners · for our legitimate interests |
Identity
Contact Financial |
| To enforce legal rights or defend or undertake legal proceedings | Depending on the circumstances:
· to comply with our legal and regulatory obligations and those of our funding partners · for our legitimate interests and those of our funding partners, i.e. to protect our business, interests and rights |
Identity
Contact Financial Transaction Profile Usage Marketing and Communications Technical |
| Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies | Depending on the circumstances:
· to comply with our legal and regulatory obligations and those of our funding partners · for our legitimate interests |
Identity
Contact Financial
|
| Ensuring internal business policies are complied with, e.g. policies covering security and internet use | For our legitimate interests, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you | Identity
Contact Technical
|
| Operational reasons, such as improving efficiency, training and quality control | For our legitimate interests, i.e. to be as efficient as we can to support your financing needs | Identity
Contact Financial Transaction Profile Usage Marketing and Communications Technical
|
| Ensuring the confidentiality of commercially sensitive information | Depending on the circumstances:
· for our legitimate interests, i.e. to protect commercially valuable information · to comply with our legal and regulatory obligations |
Identity
Contact Financial Transaction
|
| Statistical analysis to help us manage our business, e.g. in relation to our financial performance, services range or other efficiency measures | For our legitimate interests, i.e. to be as efficient as we can to support your financing needs | Identity
Contact Technical
|
| Protecting the security of systems and data used to provide services, preventing unauthorised access and changes to our systems | Depending on the circumstances:
· for our legitimate interests, i.e. to prevent and detect criminal activity that could be damaging for you, our funding partners and/or us · to comply with our legal and regulatory obligations |
Identity
Contact Technical
|
| Updating and enhancing our customer records | Depending on the circumstances:
· to enable us to arrange financing for you or take steps at your request to facilitate the same · to comply with our legal and regulatory obligations · for our legitimate interests, e.g. making sure we can keep in touch with our customers about existing and new services |
Identity
Contact Financial Transaction Profile Usage Marketing and Communications Technical
|
| Statutory returns | To comply with our legal and regulatory obligations | Identity
Contact Financial Transaction Technical
|
| Marketing our services and those of selected third parties to existing and former customers and third parties | Depending on the circumstances:
· for our legitimate interests, i.e. to promote our business · where you have given your consent |
Identity
Contact Profile Usage Marketing and Communications Technical
|
| Credit reference checks via external credit reference agencies | For our legitimate interests, i.e. to ensure you are likely to be able to pay back any money borrowed | Identity
Contact Financial |
| External audits and quality checks, e.g. for ISO or Investors in People accreditation and the audit of our accounts | Depending on the circumstances:
· for our legitimate interests, i.e. to obtain and maintain any accreditations we may seek so we can demonstrate we operate at the highest standards · to comply with our legal and regulatory obligations |
Identity
Contact Financial Transaction Profile Usage Marketing and Communications Technical |
| To share your personal information with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale or in the event of our insolvency
In such cases information will be anonymised where possible and only shared where necessary |
Depending on the circumstances:
· to comply with our legal and regulatory obligations · in other cases, for our legitimate interests, i.e. to protect, realise or grow the value in our business |
Identity
Contact Financial Transaction Profile Usage Marketing and Communications Technical
|
Where we process special category data (see above ‘Key terms’), we will also ensure we are permitted to do so under data protection laws e.g.:
- we have your explicit consent;
- the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent;
- the processing is necessary to establish, exercise or defend legal claims; or
- the processing is necessary for reasons of substantial public interest.
6. If you choose not to give us your personal information
If you refuse or fail to provide information when requested, which is necessary for us to consider your application (such as information required to conduct AML and KYC checks), we will not be able to process the application in question successfully. For example, if we require a credit check and you fail to provide us with relevant details, we will not be able to take the application further.
7. Marketing
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
We may use your personal information to send you updates (e.g. by email, text message, telephone, post or social media channels) about our services, including exclusive offers, promotions or new services.
For advertising purposes, we may use your information to create a “lookalike audience” or similar audience of prospective customers through the Facebook or Google advertising platforms. This allows us to target advertisements to potential customers who appear to have shared interests or similar demographics to our existing customers based on the relevant platforms’ own data. We typically do this by uploading a list of email addresses to the relevant platform. We do not have access to the identity of anybody in the lookalike audience, unless they choose to click on the advertisements. If you wish to opt out of “lookalike audiences” in Google, you can do so through your Ads Settings.
We use Google Analytics and may use other third-party analytics tools to help us collect data and measure traffic and usage trends for our website, to understand more about the interests and demographics of our users, to measure the performance of various marketing campaigns and channels, to understand how people are using our website and to continually improve our website. In general, this is aggregate data that does not personally identify individual users and simply measures overall trends. To further ensure the privacy of our users, we have enabled an optional feature in Google Analytics to anonymise IP addresses, so that your IP addresses is not stored or processed.
We have a legitimate interest in using your personal information for marketing purposes (see above ‘How and why we use your personal information’). This means we do not usually need your consent to send you marketing information. Where this is not the case, we will always ask for your consent.
In all cases, you have the right to opt out of receiving marketing communications at any time by:
- contacting us at info@maslowcapital.com
- using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal information with the utmost respect and never sell it to other organisations outside the Maslow group for marketing purposes.
8. Who we share your personal information with
We may share personal information that we collect about you with other Maslow entities or group companies for legitimate business purposes, such as providing our services, administering our databases and sending you information that you have requested about our affiliates’ products, solutions or services.
Please note:
- Maslow work with other entities in the Maslow group and your Compliance data maybe shared with these entities. These entities are registered in the UK, Spain and the Channel Islands
We are facilitators and introducers of loan finance. We do not lend money. You recognise that your personal information will be disclosed to lenders – these maybe senior or mezzanine lenders.
We may share personal information with service providers that perform services on our behalf such as IT service providers, marketing providers, analytics providers, hosting providers and our advisers. All service providers have entered into legally binding agreements requiring them to use personal information only as necessary to perform services on our behalf and to implement appropriate data security and confidentiality obligations, in accordance with applicable law.
We may share your personal information with external parties that include:
- HM Revenue & Customs, regulators and other tax authorities;
- law enforcement and fraud prevention agencies;
- credit agencies;
- or insurers and brokers;
- our banks;
- outside companies we work with to provide services to you and to run our businessg. barristers, tax advisors, local counsel and technology service providers; other third parties we use to help promote our business e.g. marketing agencies
- agents, suppliers, sub-contractors and advisers.
We may also share your personal information as follows if the make-up of our business structure changes in the future:
- we may choose to sell, transfer, or merge parts of our business, or our assets; or we may try to bring other businesses into the Maslow group;
- during any such process, we may share your data with other parties involved; and
- if the change to our group happens, then other parties may use your data in the same way as set out in this notice.
We will only share your information with third parties where they agree to keep it safe and we are satisfied they take appropriate measures to protect your personal information. We ensure all outsourcing providers operate under service agreements that are consistent with our legal and professional obligations.
We or the third parties mentioned above may occasionally also share personal information with:
- our and their external auditors, e.g. in relation to the audit of our or their accounts, in which case the recipient of the information will be bound by confidentiality obligations;
- our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
- law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations; and
- other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition or asset sale or in the event of our insolvency—usually, information will be anonymised but this may not always be possible and the recipient of any of your personal information will be bound by confidentiality obligations.
If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).
9. Where your personal information will be held
Personal information may be held at our offices and those of our group companies, ]third party agencies, service providers, representatives and agents as described above (see ‘Who we share your personal information with’).
Some of these third parties may be based outside the UK. For more information, including on how we safeguard your personal information when this occurs, see below: ‘Transferring your personal information abroad’.
10. How long do we keep your personal information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means and the applicable legal requirement.
Compliance Data will be retained for up to ten years. If we consider that there may be circumstances which may involve disclosing the Compliance Data to a regulator or law enforcement organisation we will retain the Compliance Data for longer. If the finance does not proceed we will retain the data for three years.
Marketing Data will be reviewed and if we consider that our relationship with you is too historic and consequently there is no longer a benefit for Maslow to market to you we will automatically and without reference to you remove your marketing data.
11. Transferring your personal information abroad
It is sometimes necessary for us to transfer your personal information to countries outside the UK and EEA. This may include countries which do not provide the same level of protection of personal information as the UK or EEA.
We will transfer your personal information outside the UK and EEA only where:
- the UK government has decided the recipient country ensures an adequate level of protection of personal information (known as an adequacy decision); or
- there are appropriate safeguards in place (e.g. standard contractual data protection clauses published or approved by the relevant data protection regulator), together with enforceable rights and effective legal remedies for you; or
- a specific exception applies under data protection law.
You can contact us (see ‘How to contact us’ below) if you would like a list of countries benefiting from a UK or European adequacy decision or for any other information about protection of personal information when it is transferred abroad.
12. Your rights
Subject to applicable law, you have the following rights which you can exercise:
- to request access to and be provided with a copy of your personal information;
- rectification by us of any mistakes in the personal information we maintain about you;
- the right to require us to delete your personal information, in certain situations;
- to request the restriction of the processing of your personal information;
- the right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that information to a third party—in certain situations
- to object to the processing of your personal information by us;
- the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you; and
- the right to withdraw your consent to processing if you have provided consent .
Upon written request, we will provide you with a copy of your personal information in a structured, commonly used, machine-readable format. To exercise these rights, please contact us at info@maslowcapital.com.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. There are certain laws which may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
13. Security
We follow strict security procedures in the storage and disclosure of the personal information that you have given us. We limit access to your personal information to those who have a genuine business need to access it. Those processing your personal information will do so only in an authorised manner and are subject to a duty of confidentiality. We have implemented security polices, rules and appropriate technical and organisational measures to protect the personal information that we have under our control. The security measures are designed to prevent unauthorised access, improper use and disclosure, unauthorised modification and unlawful destruction or accidental loss.
We require our business partners, suppliers and other third parties to implement appropriate security measures to protect personal information from unauthorised access, use and disclosure.
We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are required to do so.
14. How to complain
If you are unhappy with how we have used your personal information, please let us know by contacting info@maslowcapital.com. You also have the right to complain to the regulator. In the UK this is the ICO whose website is www.ico.org.uk. In Ireland this is the Data Protection Commission (DPC) whose website is www.dataprotection.ie/. You can also report any concern to the ICO at https://ico.org.uk/concerns/ or any concerns to the DPC at https://forms.dataprotection.ie/contact.
15. How to contact us
If you have questions about how we handle your personal information or would like to exercise your rights, please reach out by emailing or writing to us at:
Maslow Capital LLP, 6 Duke Street, St James’s, London, SW1Y 6BN
Email: info@maslowcapital.com