Who will see my data, and how is it kept secure?

Q: Who will see my data, and how is it kept secure?

Best Business Loans shares your information only with matched lenders, brokers and trusted processors needed to handle your enquiry. We use UK GDPR-compliant policies, TLS encryption in transit, secure storage, and strict access controls to protect your data. You can request access, correction or deletion and complain to the ICO if needed.

Short answer

When you submit a Quick Quote to Best Business Loans we only share your information with carefully selected lenders, brokers and authorised service providers who can help with your enquiry.

Your data is processed under UK data-protection law and protected by industry-standard technical and organisational measures, including encryption, access controls and regular security reviews.

Who can access your information?

Best Business Loans acts as an introducer and does not provide loans directly.

When you submit a Quick Quote we may share your details with a small group of recipients strictly related to your enquiry.

These recipients typically include: the Best Business Loans matching team, one or more matched lenders or brokers, and third-party service providers who help us operate the platform (for example CRM, identity checks, payment processors and analytics tools).

Matched lenders and brokers receive only the information needed to evaluate your request and check eligibility.

We never sell your data to marketing lists or unknown third parties.

If a lender or broker needs more information they will ask you directly before taking any credit decision.

How your data is processed: step-by-step

We minimise data collection and only ask for the fields required to match you to suitable finance options.

Typical data we collect includes business name, company registration details, turnover ranges, loan purpose, and contact details.

Processing steps after you click submit are:

1) Secure intake — your form is transmitted over TLS/HTTPS and stored in an encrypted database.

2) AI matching — our algorithms analyse the profile to shortlist suitable providers from our network.

3) Introduction — shortlisted lenders or brokers receive your enquiry to respond or request clarification.

Every processing step uses role-based access to ensure only authorised staff or processors see sensitive fields.

We log access and actions to maintain an audit trail and detect unauthorised activity.

Technical and organisational security measures

We follow widely accepted security practices to protect data in transit and at rest.

Key measures we employ include TLS for data in transit, encryption for stored data where applicable, and secure, patched hosting environments.

Access control and monitoring

• Role-based access control (RBAC) limits who can view or edit data.

• Multi-factor authentication (MFA) is required for internal accounts with privileged access.

Operational safeguards

• Regular security scans and vulnerability assessments are carried out.

• We use secure development practices and maintain incident response plans to act quickly in the event of a breach.

Third-party assurance

• We select processors with contractual data protection obligations and reasonable security credentials.

• Where available, suppliers are assessed for certifications or documented controls.

Legal basis, rights and compliance

We process your personal data under lawful bases that include your consent and our legitimate interests in matching you to finance providers.

When we rely on legitimate interests we document the balancing test used to make sure your rights are protected.

Your rights under UK GDPR and how to use them

• Right of access — you can ask what we hold about you and receive a copy.

• Right to rectification — request corrections to inaccurate information.

• Right to erasure — ask us to delete your data in certain circumstances.

• Right to restrict processing or object — you can limit or object to processing based on our legitimate interests.

• Right to portability — request a structured copy of your data for transfer to another provider.

To exercise any of these rights or for privacy questions, contact us at hello@bestbusinessloans.ai.

If you remain dissatisfied you may complain to the Information Commissioner’s Office (ICO).

Data sharing, retention, transfers and transparency

We share data only as necessary to process your enquiry and to meet legal obligations.

Examples of lawful sharing include introductions to lenders/brokers, credit-check services (where you consent) and fraud-prevention agencies.

Retention policy

We retain personal data only for as long as needed to fulfil the introduction and related compliance obligations.

Retention periods vary by data type; non-essential anonymised data may be kept longer for analytics and product improvement.

Transfers outside the UK

Where a processor operates outside the UK we ensure adequate safeguards are in place, such as standard contractual clauses or equivalent protections permitted under UK law.

We will notify you where international transfers are material and provide details on safeguards on request.

Transparency and traceability

We keep records of sharing events and the purpose of each transfer.

You can ask for a list of third parties that received your data and the date of transfer.

How Best Business Loans protects you when lenders contact you

Matched lenders and brokers will identify themselves and explain how they will use your data.

They must comply with their own regulatory and legal obligations when contacting you.

If you prefer to be contacted only by broker or lender phone calls or emails, tell us in the Quick Quote form and we will respect that preference where possible.

Compliance statements and advertising conduct

Best Business Loans is an independent introducer and not a lender.

We are not authorised by the Financial Conduct Authority (FCA) to arrange regulated consumer credit, but we adhere to fair, clear and not misleading standards when advertising.

We aim to follow FCA guidance, ASA principles and Google’s advertising policies to ensure transparency and compliance in how we present finance options.

How we handle sensitive or special category data

We generally avoid collecting special category personal data unless it is necessary for a specific service and you consent.

If special category information is required we will explain why, obtain explicit consent and apply extra safeguards.

Key takeaways

We share your enquiry only with matched lenders, brokers and trusted processors needed to help you.
Your data is protected by encryption, access controls, monitoring and contractual safeguards with processors.
You have UK GDPR rights including access, correction, deletion and the right to complain to the ICO.
Best Business Loans is an independent introducer and does not sell your data to third-party marketing lists.
Contact hello@bestbusinessloans.ai for privacy requests or questions about data handling.

Want to see how we use your answers in practice? Submit a Quick Quote to get an eligibility check and see matched options from our network.

Visit our business loans page to explore common funding routes and start your enquiry: business loans.

Updated October 2025. No obligation. Fast, secure and confidential.