How do you handle my data and ensure privacy and security?

Q: How secure is my data?

We use encryption in transit and at rest, role-based access controls, secure cloud infrastructure, and incident response procedures.

We handle your data with care, purpose, and protection. Best Business Loans only collects the information needed to assess your enquiry, match you with relevant lenders or brokers, and help you move forward with confidence. We use secure systems, encryption, strict access controls, and UK GDPR-compliant processes to keep your information safe and private.

1) What we collect, why we collect it, and the legal basis

Information we collect at enquiry stage

When you complete a Quick Quote or Eligibility Check, we ask for business details, funding needs, and contact information. Typical data includes company name, sector, trading history, turnover range, funding purpose, and your name, phone number, and email. We do not ask for sensitive personal data, and we don’t run credit checks ourselves.

We may collect optional information that helps us refine matching, such as preferred finance type, equipment needs, or vehicle requirements. If you submit documents, only provide what is necessary for initial assessment. We minimise the data we store and retain information only for as long as it is needed.

Our lawful bases for processing (UK GDPR)

We rely on legitimate interests to process your enquiry and introduce you to relevant finance professionals. We rely on consent for optional marketing communications and certain cookies. If a lender or broker wishes to conduct a credit check or open banking assessment, they will seek your explicit consent directly.

Data we don’t collect or use

We do not request national insurance numbers or highly sensitive personal data.
We do not collect special category personal data (e.g., health, biometric data).
We do not sell your data, and we do not share it with unrelated third parties.

We only share your information with finance providers relevant to your enquiry. You remain in full control and can withdraw consent for marketing at any time. Our goal is to be fair, clear, and not misleading in all communications.

How we use your information to help you

Our AI-driven system assesses your business profile and finance goals to suggest suitable lenders or brokers. We use this information to facilitate introductions, help you compare options, and save time. You choose if and how you proceed with any provider introduced.

2) How we protect your information end-to-end

Security controls we use

Encryption in transit: TLS 1.2+ for all forms and data transmissions.
Encryption at rest: Industry-standard encryption (e.g., AES-256) for stored data where applicable.
Access controls: Role-based access, principle of least privilege, and need-to-know permissions.
Monitoring and logging: Audit trails for data access and administrative actions.
Backups and resilience: Secure backups and recovery procedures to reduce risk of data loss.

We use reputable cloud infrastructure providers with strong security certifications. Administrative access is protected with multi-factor authentication where available. We review third-party tools to ensure appropriate security standards.

Training and governance

Our team receives ongoing privacy and security training. We apply data minimisation, purpose limitation, and retention controls. Internal policies guide how we collect, use, share, and dispose of data.

Incident response and breach notification

We maintain an incident response plan to identify, contain, and remediate potential issues. If a data breach occurs that risks your rights and freedoms, we will notify affected individuals and relevant authorities in line with UK GDPR requirements. Our aim is to prevent incidents through layered controls and rapid detection.

We periodically review our controls to keep pace with regulatory expectations and best practice. Security is never “set and forget” — we continuously improve. You can contact us for more detail about our security approach.

Privacy by design

We embed privacy considerations into product and process decisions from the outset. New features are assessed for data protection impacts before launch. Where appropriate, we apply data protection impact assessments (DPIAs).

3) How sharing works with lenders and brokers

Who we share with and why

We only share your details with finance providers that are relevant to your business needs. These providers may be FCA-authorised lenders or regulated brokers who can discuss finance options with you. Our introductions are designed to be targeted and proportionate to your enquiry.

We do not share your information with unrelated advertisers or non-finance third parties. We never sell your data. Sharing is solely for the purpose of exploring commercial finance options you have asked us to help you find.

Credit searches and open banking

We do not carry out credit checks ourselves. If a lender or broker proposes a soft or hard credit search, they will explain this and ask for your permission. A “soft” search should not affect your credit score, while a “hard” search may do so.

If open banking is requested, you will be asked to connect through a secure, regulated provider. You remain in control, and you can refuse or revoke access. Any banking data shared via open banking will be handled by the provider and the finance firm requesting it.

International transfers and safeguards

Our core operations are UK-focused, but some technology providers may store data in other jurisdictions. When transfers occur, we apply appropriate safeguards such as UK-approved standard contractual clauses or equivalent. We aim to keep processing within the UK or EEA wherever possible.

We maintain supplier due diligence, including security and privacy checks. We monitor changes in international data transfer rules and update safeguards accordingly. If you want more information, contact us and we’ll provide details.

Your control over introductions

You can ask us not to share your details with specific categories of providers. You can also request a summary of which providers we have introduced you to. If you prefer to pause or stop at any time, just let us know.

4) Your privacy choices and rights

Marketing preferences and cookies

We will only send marketing communications if you’ve opted in, and you can opt out at any time. Every email contains an unsubscribe link. If you opt out, we will still send essential service messages where necessary.

We use cookies and analytics to improve site performance, understand usage, and enhance user experience. Non-essential cookies are only set with your consent. You can change your cookie settings or withdraw consent through our cookie banner or browser settings.

Exercising your UK GDPR rights

Access: Request a copy of your personal data we hold.
Rectification: Ask us to correct inaccurate or incomplete data.
Erasure: Request deletion when we no longer need your data or if you withdraw consent.
Restriction: Ask us to limit processing in certain circumstances.
Portability: Request a machine-readable copy of data you provided.
Objection: Object to processing based on legitimate interests or direct marketing.

To exercise your rights, email hello@bestbusinessloans.ai with your request and verification details. We aim to respond within one month as required by law. We will explain if we need more time due to complexity.

How long we keep your data

We retain enquiry records for a limited period to support matching, follow-ups, and auditing. If an introduction leads to an active discussion with a lender or broker, we may keep related records for longer to meet legal or contractual obligations.

If you ask us to delete your data and we have no overriding legal reason to keep it, we will erase it. We also securely dispose of data when retention periods expire. Our policy balances user rights, regulatory duties, and operational needs.

Simple steps to control your data

Submit your Quick Quote with only necessary information.
Tell us if you prefer fewer introductions or a specific finance type.
Review any lender consent requests before agreeing to checks.
Update your marketing preferences at any time.
Request access, correction, or deletion if needed.

5) Transparency, compliance, and how to contact us

Clear, fair and not misleading

Best Business Loans is an independent introducer that does not supply loans directly. We aim to follow the spirit of FCA rules on financial promotions by ensuring content is clear, fair, and not misleading.

We don’t guarantee approvals, interest rates, or specific outcomes. Any eligibility guidance is indicative and subject to each lender or broker’s assessment. You remain in full control of whether to proceed with any option.

Cookies, analytics, and third-party tools

We use analytics to understand how users interact with our site and to improve performance. Where required, we ask for consent before enabling non-essential cookies. You can withdraw cookie consent at any time via our banner or browser controls.

We review third-party tools for privacy and security alignment. Only essential data is shared with service providers that help us run the website. Aggregated, non-identifiable insights may be used to improve services.

Contact, concerns, and complaints

If you have any questions about privacy and security, email hello@bestbusinessloans.ai. If you are not satisfied with our response, you can contact the Information Commissioner’s Office (ICO) in the UK. We will cooperate fully with regulators where required.

We update this page to reflect changes in law or our practices. Updated October 2025. We will always strive to keep you informed in plain, practical language.

Frequently asked questions

Do you sell my data?

No. We never sell your data. We only share it with relevant finance providers to help with your enquiry.

Will you run a credit check?

No. We do not conduct credit checks ourselves. If a lender or broker needs to run one, they will ask your permission first.

Can I choose who you share my information with?

Yes. Tell us your preferences, and we will tailor introductions. You can also ask us for a list of providers we’ve shared your details with.

How secure is my data?

We use encryption, role-based access, and secure cloud infrastructure. We also maintain policies, training, and incident response procedures.

How long do you keep my data?

Only as long as necessary for matching, follow-ups, and compliance. You can request deletion where we have no legal reason to retain it.

A practical example

Say you run a food production business seeking equipment finance. You submit a Quick Quote, and we match you with relevant equipment finance brokers.

We share only the details needed to assess fit. If you want to explore sector-focused funding further, you can learn more via our page on food industry finance options.

How to get started safely

It takes just a couple of minutes to complete your enquiry. We will keep your data secure and confidential throughout. You decide which introductions to pursue, with no obligation.

Submit your Quick Quote to check eligibility and get matched with suitable finance providers. Our AI helps you cut the noise and focus on credible options. Fast, secure, and people-first.

Key takeaways

We collect only the data needed to assess your enquiry and make relevant introductions.
We secure data with encryption, access controls, and privacy-by-design processes.
We do not sell your data, and we do not perform credit checks ourselves.
Introductions happen with your knowledge, and lenders request consent for any checks.
You can access, correct, delete, or restrict your data at any time.

About Best Business Loans

Best Business Loans helps established UK companies explore commercial finance options. We are not a lender; we are an independent introducer using AI-enabled matching to connect you with suitable lenders and brokers.

We aim to make financial information clear, fair, and not misleading in line with UK guidance. You stay in control at every step. Submit your Quick Quote to get started with confidence.