UE SFA 1 Limited, Urban Exposure Lendco Limited, UE Finco Ltd and Urban Exposure Amco Limited (as separate Data Controllers) each of 6 Duke Street St James’s, London SW1Y 6BN (together “we” or “us”) are committed to protecting and respecting your privacy.

This policy sets out the basis on which we process any personal data we collect about any individuals from our clients or third parties (“you”). Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

We have put in place a number of measures to ensure that any personal data we obtain from or about you is processed and maintained in accordance with accepted principles of good information handling and in accordance with the Data Protection Act 2018 (the “DPA”) and the General Data Protection Regulation (“GDPR”), collectively referred to as the “Data Protection Regulations”.

For the purpose of the Data Protection Regulations, the data controllers are UE SFA 1 Limited, Urban Exposure Lendco Limited, UE Finco Ltd and Urban Exposure Amco Limited. You can contact us at the address above or by telephone on 0845 643 2173 or e-mail at notices@urbanexposureplc.com.  Your personal information may be held by one or all of these Data Controllers.  In particular, UE SFA 1 Limited and UE Lendco Limited will hold all personal data in respect of loan transactions both pre and post execution, whereas UE Finco Ltd and Urban Exposure Amco Limited will only hold data following the successful execution of a loan transaction.


For processing of personal data to be lawful, we are required to tell you the basis or bases on which we will process your personal data. We consider the processing of personal data to be necessary for our legitimate interest of being able to determine whether to enter into a contract with any company run by you or with which you are associated and for the performance of the contract with such company.  In addition, regarding directors and other associated individuals including any guarantors to the loan, for our legitimate interests we may (directly or indirectly via our credit referencing intermediary, Smart Search (www.smartsearchuk.com)) carry out credit reference agency  checks on you so that we can assess the risk profile in respect of repayment of loans.

We also have a legitimate interest in being able to respond to your enquiries.  We have a legitimate interest in promoting our products or services to our clients where we believe these may be of interest to you. Further details are given below in the marketing section of this notice.

We will collect personal and financial information about you when you provide us with data and information over the telephone, when you send us documents, when you send us a paper application form or forms you submit on our website or from any third parties (including your broker), when you apply for a loan or request other products or services from us and when we access information held by credit reference agencies (directly or indirectly via our credit referencing intermediary, Smart Search (www.smartsearchuk.com)) about you. This will include your name, address, date of birth, employment and financial history.  If we do not do credit reference agency checks on you, the personal information we will hold about you will be limited to your name, contact details (meaning work related contact details) and any personal information you may have separately supplied to us.

In certain circumstances it may be necessary to process an individual’s sensitive personal data, such as matters relating to health where it has or could have an impact upon a company run by an individual and therefore affect that company’s ability to manage their obligations to us. We will only do this if we have the individual’s specific consent and to enable us to administer the loan in the most appropriate way.  Or if there is a substantial public interest for us to know this information.  This will be relevant if you have disability access needs (e.g. where you need us to supply you with documentation in large print).

  1. Uses of your information

We may use information held about you in the following ways.  Next to each purpose we have set out the ‘processing grounds”.

  • To verify your identity and credit standing (directly or indirectly via our credit referencing intermediary, Smart Search (smartsearchuk.com)) with credit reference agencies and to enable us to consider and process your company’s application for a loan. Please note, for directors and other associated individuals including any guarantors to the loan on whom we do credit reference agency checks (directly or indirectly via our credit referencing intermediary, Smart Search (www.smartsearchuk.com)), credit reference agencies may place a search footprint on your credit file that may be seen by other lenders.

Processing Grounds: legitimate interests (re: credit reference agency checks) and legal obligations (re: identity verification).

  • To assess your credit history and confirm any other relevant details.

Processing Grounds: legitimate interests (see above section for specific details of the legitimate interests).

  • To detect, prevent and investigate actual and potential fraud and related activities.

Processing Grounds: legitimate interests (see above) and legal obligations.

  • To collect unpaid loans and debt that may be owed by you to us.

Processing grounds: legitimate interests (see above).

  • To contact you in connection with your enquiry.

Processing grounds:legitimate interests (see above).

  • To help us administer and service the company’s loan account with us.

Processing grounds: legitimate interests (see above).

  • To carry out our obligations arising from any contracts entered into between your company and us.

Processing grounds: legitimate interests.


We may also use your personal data to develop, manage and market products and services to meet your needs and to provide you with information, products or services that you request from us or which we feel may interest you. We may contact you by SMS, post, e-mail or telephone unless you have told us that you do not wish to receive marketing communications from us. We will not sell or otherwise share your personal data with third parties, other than as stated within this privacy notice.

You have the right to opt out of receiving marketing at any time by either selecting the ‘unsubscribe option’ within any email communication or by writing to us at:

6 Duke Street St James’s




The processing grounds for any marketing activity is legitimate interests.


  1. Disclosure of your information

We may disclose your personal information to the following:

  • Our auditors, solicitors, professional advisors, sub-contractors, third party processors or any person providing services to us or who are involved in the loan application or when the loan is underway, who have agreed to treat your personal details as confidential in accordance with the provisions of Data Protection Regulations. Our lawful reason for this sharing of data is legitimate interests, specifically so that we can conduct our business in an appropriate way, assess loan applications, and fulfil our obligations under the loan agreement.
  • Any funders of ours or any proposed or actual third party involved in any mater relating to the administration of your loan with us who has agreed to keep the details confidential. Our lawful reason for this sharing of data is legitimate interests (as above).
  • Any person where such disclosure is necessary to enable us to ensure that your obligations under any loan agreement with us is being complied with and to ensure that any security given in connection with any loan is not at risk.  Our lawful reason for this sharing of data is legitimate interests (as above).

We may also disclose your personal information to third parties from time to time for the following reasons:

  • In the event that there is (or is to be) any change in ownership of our business or assets, we may disclose your personal data to the prospective or new owners so that they may continue to operate our business effectively and continue to provide services to our customers. This may include new shareholders or any organisation that may take an assignment or transfer of any agreements we have entered into with our customers.  Our lawful reason for this sharing of data is legitimate interests (as above).
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation (including with any government agencies or regulators) or to exchange information with other third parties for the purposes of fraud protection and credit risk reduction.  Our lawful reason for this sharing of data is legitimate interests and compliance with legal obligations.
  • To courts and regulatory authorities (such as the Information Commissioner’s Office).    Our lawful reason for this sharing of data is compliance with legal obligations.
  1. Credit reference agencies

Where applicable, we will share the personal data of directors and other associated individuals including any guarantors to the loan with the Credit Reference Agencies to validate the identities and other information provided in the application form. This will help us make the best possible assessment of your overall situation before we make a decision to make a loan to your company. By submitting your application to us, you authorise us to make an enquiry to credit reference agencies regarding your credit behaviour.

We may also disclose information about your transactions with us (including any defaults) to credit reference agencies who may keep a record of that information. If you provide us with false or inaccurate information, we will record this and may also pass this information to financial and other organisations involved in fraud protection to protect us, them and our respective customers from theft and fraud.

We may also contact the credit reference agencies operating within the UK to obtain further information about what information they hold about you.  Please contact us and we will provide you with their details.

In addition, please refer to the privacy policy of our preferred credit referencing intermediary, Smartsearch (https://www.smartsearchuk.com/privacy-policy) who conduct credit references via Experian or Equifax.  To understand what data these organisations may hold and how they may process it please refer to the Credit Reference Agency Information Notice (“CRAIN”) of Experian (https://www.experian.co.uk/crain/index.html) and Equifax (https://www.equifax.co.uk/crain.html).

  1. Retention of your personal information

The length of time we retain your information will depend on the purpose for which the information was provided. In general, however:

  • We will keep the information that is necessary to enable us to manage your account and provide you with a service that you have requested for as long as it takes us to provide that service.
  • We will keep records of any transactions your company enters into with us, including information relating to loan accounts held by your company, for a minimum period of six years and a maximum of 12 years from the expiry of any agreements we have entered into with you (12 years is relevant in particular to security agreements which are deeds). This is to allow us to respond to any complaints or disputes that may arise during that period.
  • We will keep other information about you if it is necessary for us to do so to comply with the law.

Please be aware that credit reference agencies and fraud prevention agencies who we have transferred your data to in accordance with this notice, may also retain your information for a minimum period of six years, including if you are considered to pose a fraud or money laundering risk.

We share your personal information with fraud prevention agencies who will use it to prevent fraud and money laundering, and to verify your identity.  They may also enable law enforcement agencies to access and use your personal information to detect, investigate and prevent crime.  In particular, please note the following:

What is a fraud prevention agency?

A fraud prevention agency (“FPA”) collects, maintains and shares, data on known and suspected fraudulent activity. All credit reference agencies (who are mentioned in the CRAIN referred to above) also act as FPAs.  Cifas is an FPA who may have your personal data.

Fraud prevention agency processing

How data may be used by FPAs:

FPAs may supply the data received from lenders and creditors about you, your financial associates and your business (if you have one) to other organisations. This may be used by them and the credit referencing agencies to:

  • Prevent crime, fraud and money laundering by, for example;
    • checking details provided on applications for credit and credit related or other products and services;
    • managing credit and credit related accounts or products or services
    • cross-checking details provided on proposals and claims for all types of insurance; and;
    • checking details on applications for jobs or as part of employment
  • Verify your identity if you or your financial associate applies for facilities including all types of insurance proposals and claims;
  • Trace your whereabouts and recover debts that you owe;
  • Conduct other checks to prevent or detect fraud;
  • Undertake statistical analysis and system testing; and
  • Your personal data may also be used for other purposes by the FPAs where you’ve given consent or where required or permitted by law.

FPAs may also enable law enforcement agencies to access and use your personal information to detect, investigate and prevent crime.

We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us.  Cifas (an FPA who we may share your personal data with) has published its assessment of the legitimate interests in relation to the National Fraud Database (https://www.cifas.org.uk/).

  1. Data Security

We make your safety and security a top priority and are committed to protecting your personal and financial information. Where we collect personal information from you, we will protect that information with controls based upon recognised security standards, regulations, and industry-based best practices.

  1. Telephone calls

When you telephone us, we may record and retain your call for training and monitoring purposes.  Our lawful reason for this is legitimate interests of ensuring the effective training of our staff and for record keeping purposes in relation to the loan agreement.

  1. Transfers to other countries (including outside the EEA)


Some countries outside the EEA are deemed to have laws which provide for adequate protection of personal information.

We may transfer your personal information outside EEA to countries which do not have data protection laws deemed adequate.  In those cases, we are required by law to take certain steps to put in place appropriate safeguards.  For instance, putting in place EU model clause contracts (contact us if you require details), or by making the transfer to a recipient on the US Safe Harbor list with an appropriate certification.


  1. Access to information

The Data Protection Regulations give you the right to access personal information held about you called a Subject Access Request. Please contact us at the address provided at the beginning of this policy if you wish to seek such information.  Alternatively, you can contact us by email or telephone.

We will provide your information to you free of charge and within 30 days of receiving your request.

We may be entitled to extend this to two months if the request is particularly complex or involves numerous requests. We may also be permitted to charge a reasonable fee if a request is deemed to be manifestly unfounded or excessive.

  1. Right to rectification

You are entitled to have personal data rectified if it is inaccurate or incomplete.

  1. Right to erasure

In certain circumstances, such as where you exercise the right to object to processing, and where we have no lawful reason to retain the personal information,  you may have the right to have your personal data erased, for example, if you believe it is no longer necessary for the purpose for which it was originally collected and if no lawful reason justifies its retention beyond that purpose. If we are unable to accede to your request for any legal or regulatory reasons, we will tell you why.

  1. Right to restrict processing

You may have the right to ask us to restrict the processing of your data for a certain period of time. For example, if you contest the accuracy of your personal data you can ask us to restrict processing until the accuracy of the data has been verified.

  1. Right to object

You have the right to object at any time to your personal data being processed for marketing purposes or where we rely on legitimate interests for our processing.

  1. Right to lodge a complaint

If you believe we have breached the regulations, you have the right to lodge a complaint with the Information Commissioner’s Office via their website at www.ico.org.uk.

  1. Changes to our privacy policy

Any changes we may make to our privacy policy will be updated on our website.