How can I exercise my rights under UK GDPR?

Email hello@bestbusinessloans.ai with your request to access, correct, delete, restrict, or port your data, or to object to processing. We will respond within statutory timeframes.

How is my data kept secure, and who will see my details?

Q: Will you run a credit check?

No. We do not run credit checks. A lender or broker may request your permission to conduct a soft or hard search if you decide to proceed with them.

Q: Who exactly will see my details?

Our UK support team, our secure matching systems, and the specific lenders or brokers that you agree to be introduced to. Essential technology partners may process data under strict contracts.

Short answer: your data is protected with strong security, and only relevant professionals will see it

Your data is protected using industry-standard encryption, strict access controls, and UK GDPR-compliant processes. We only share your details with carefully selected lenders or brokers relevant to your enquiry, and only when it helps progress your request. We never sell your data, and you remain in control of how it is used.

In practice, that means your information is encrypted in transit and at rest, handled by trained staff under role‑based access, and sent only to finance providers who are a genuine match for your business needs. Any credit searches will only be initiated with your clear consent. You can ask us to correct, restrict, or delete your data at any time, subject to lawful obligations.

No obligation: submitting a Quick Quote is free and does not commit you to proceed. You can opt out of sharing at any stage before introductions are made.

What this page covers

How we secure your data end-to-end
Who will and won’t see your details
Your choices, consent, and rights under UK law
How we stay compliant with FCA, ASA, and Google standards
FAQs and simple steps to stay in control

Last updated: October 2025

Our security foundations and privacy principles

Best Business Loans is an independent introducer that helps UK businesses find suitable finance providers. We don’t lend money or make lending decisions ourselves. Our role is to match your profile to relevant providers, then introduce you when you agree.

Security and confidentiality sit at the heart of that process. We design our systems and workflows to meet the expectations of UK GDPR and the Data Protection Act 2018. We align our practices to the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and accountability.

We collect only the information we need to assess your requirements and find appropriate providers. This typically includes basic company details, funding purpose, and contact information. We avoid collecting sensitive categories unless strictly necessary for a specific product and with your explicit consent.

How we apply “privacy by design”

We build privacy into every stage of the journey, from the Quick Quote form to provider introductions. Our AI-led matching uses only the fields needed to determine suitability. We minimise who can access raw data and pseudonymise where appropriate.

We maintain clear internal policies covering access control, secure development, incident response, and data retention. Staff handling your enquiry receive data protection and information security training. Regular reviews help us improve controls over time.

We only work with trusted service providers who meet robust security standards. Where suppliers process personal data for us, they must follow our instructions and offer appropriate technical and organisational measures.

Your choices, clearly stated

You choose when and whether we introduce your details to a finance provider. We do not pass your information to providers who are not relevant to your use case. You can withdraw permission at any point before an introduction is made.

We do not conduct credit checks. If a lender or broker needs to run a soft or hard search, they will seek your permission and explain the impact first. Our aim is to keep you in control at each step.

Transparency matters: we will always strive to be clear, fair, and not misleading in how we describe our services, the matching process, and any potential outcomes.

How we protect your data end‑to‑end

We use a layered security approach to protect your information. This covers collection, storage, access, transmission, and deletion. It also extends to third parties who support our platform.

When you submit a Quick Quote, your data is transmitted using TLS encryption. This helps prevent interception and eavesdropping in transit. Within our systems, we apply strong hashing and encryption standards appropriate to the data type.

We host with reputable providers that offer modern security controls. These include network segmentation, firewalls, DDoS protection, and monitoring. We review vendors for security posture and compliance alignment.

Access control and monitoring

Access to your data is strictly limited on a need‑to‑know basis. We use role‑based permissions, multi‑factor authentication, and regular access reviews. Administrative access is logged and monitored for unusual activity.

We separate processing environments from public‑facing components. This reduces risk and helps protect sensitive information. Data sets used for development or testing are either anonymised or not used at all.

Where feasible, we pseudonymise data for AI‑supported matching. This reduces exposure of identifiable details within internal workflows. It also helps maintain the integrity of our matching logic while protecting privacy.

Data retention and deletion

We keep your personal information only for as long as needed to fulfil your enquiry and meet legal or regulatory obligations. We review retention periods regularly and remove or anonymise data when it is no longer required. You can request deletion, which we will action unless we need to retain some data for legitimate reasons.

Backups are protected and subject to lifecycle controls. Deletion requests are handled carefully to include relevant backups where technically feasible. We will communicate clearly about any limits to deletion caused by legal obligations.

Incident readiness: we maintain processes to detect, contain, and investigate potential incidents. If a notifiable data breach occurs, we follow UK GDPR requirements to inform the ICO and affected users when necessary.

Who will see your details, and when

We keep access to your data deliberately narrow. Only those who need it to help you find suitable finance will see it. This includes our UK support team and carefully selected finance providers, with your permission.

Our UK support team: trained team members may view your enquiry to clarify details, answer questions, and guide next steps. They do not conduct credit checks and will not share your information without your go‑ahead. Access is audited and time‑bound.

Our matching system: our AI‑assisted tools process your input to identify potential providers. Where possible, we use pseudonymised attributes for initial filtering. We avoid exposing contact details until you opt to proceed.

Shortlisted lenders and brokers

When you are ready, we can introduce you to a small number of relevant providers. We only share the details necessary to assess eligibility and progress your enquiry. You will always know who is being introduced and why they are a match.

Each lender or broker will have its own privacy and compliance duties. They may require additional information to verify your business, directors, or affordability. Any credit checks will be explained to you by the provider, with your explicit consent.

No selling of data: we do not sell personal data to third parties. We will not share your details for unrelated marketing.

Our service providers and legal obligations

We use trusted technology partners for hosting, analytics, email delivery, and security tooling. These partners act as data processors and must follow our instructions. They cannot use your data for their own purposes.

In limited circumstances, we may disclose data if required by law or to respond to lawful requests. This might include fraud prevention or safeguarding obligations. We take care to ensure disclosures are appropriate and proportionate.

We prefer UK or EEA data storage. If data is transferred outside the UK/EEA, we use appropriate safeguards, such as UK adequacy decisions or Standard Contractual Clauses, where applicable.

Example: sector‑specific introductions

If you run a farm and seek equipment finance, we may match you with providers experienced in agriculture. You can explore funding context on our dedicated page for agriculture business loans. We only introduce you when you confirm you want to proceed.

This tailored approach reduces noise and protects your time. It also limits unnecessary sharing by focusing only on suitable options. Relevance helps both privacy and outcomes.

Remember: you can pause or stop the process at any time before an introduction.

Your choices, consent, and rights under UK GDPR

You remain in control of your information throughout your journey. You can choose whether to be introduced to providers. You can also update or restrict how we use your details at any time.

Consent and preference management: we will ask your permission before sharing your data with finance providers. You can opt out of non‑essential communications. We aim to keep consent clear, granular, and easy to manage.

We avoid excessive data collection. If a piece of information is optional, we state it clearly. If a field is necessary, we explain why.

Your data protection rights

Under UK GDPR, you have rights to access, rectification, erasure, restriction, objection, and portability. You also have rights related to automated decision‑making and profiling, where applicable. We will respond to all valid requests within statutory timeframes.

To exercise your rights, contact our privacy team at hello@bestbusinessloans.ai. We may need to verify your identity before acting on a request. We will keep a record of requests to ensure accountability.

Marketing choices: you can opt out of marketing at any time. Opting out of marketing will not affect service‑related communications needed to handle your enquiry.

Credit checks and fairness

We do not run credit searches. A lender or broker will only run a search with your consent, and will explain the difference between a soft and a hard search. A soft search usually does not affect your credit score; a hard search may do so.

We strive to act in your best interests, including being clear about potential impacts before you proceed. Our goal is to help you make an informed decision. There is no obligation to accept any offer presented by a provider we introduce.

Complaints and concerns: if you are unhappy with how your data has been handled, please email hello@bestbusinessloans.ai. You also have the right to raise concerns with the ICO at ico.org.uk.

Compliance, transparency, and FAQs

We follow the spirit of the FCA’s “clear, fair and not misleading” rules for financial promotions, even though we are an introducer and do not provide loans directly. We also act in line with ASA broadcast and non‑broadcast advertising standards and Google’s financial services policies. Our aim is to give you balanced information so you can make informed choices.

Honest positioning: we cannot guarantee funding or the lowest rates. Eligibility and terms are set by the finance provider and depend on your business circumstances. Submitting a Quick Quote is free, secure, and carries no obligation.

We provide content that is readable, up‑to‑date, and relevant to UK businesses. We avoid jargon where possible and explain key terms. We link to helpful resources and sector guides as part of our people‑first approach.

Cookies, analytics, and security tools

We use cookies and similar technologies to improve site performance and measure usage. Non‑essential cookies are optional and controlled via consent tools. Security tools may process limited technical data to protect against fraud and abuse.

Email communications are sent via secure providers that meet strong privacy standards. You can unsubscribe from marketing at any time with one click. Service emails related to your enquiry may still be necessary.

International considerations: if we ever transfer data outside the UK/EEA, we apply recognised safeguards. We monitor regulatory changes and update our measures accordingly.

Frequently asked questions

Do you sell my data? No. We never sell personal data. We only share your details with suitable finance providers when you want us to introduce you.

Will you run a credit check? No. We do not run credit checks. A lender or broker may ask your permission to conduct a soft or hard search if you choose to proceed.

Who exactly will see my details? Our UK support team, our secure matching environment, and the specific lenders or brokers you agree to be introduced to. Essential technology partners may process data under strict contracts.

How long do you keep my information? Only as long as necessary to serve your enquiry and meet legal obligations. We regularly review retention and delete or anonymise data when no longer needed.

How can I exercise my rights? Email hello@bestbusinessloans.ai with your request. We will respond within statutory timeframes and keep you informed throughout.

Ready to check your eligibility?

It takes a couple of minutes to submit a Quick Quote for an indicative view. We will only introduce you to providers if you want us to proceed. There is no obligation, and your information is handled securely and confidentially.

Key takeaways

Security first: encryption in transit and at rest, strict access controls, and vetted suppliers.
Minimal sharing: only with relevant lenders or brokers, and only with your permission.
No selling of data: your details are never sold to third parties.
Transparency: clear consent, no credit checks by us, and balanced information that is not misleading.
Your rights: access, rectification, deletion, and more under UK GDPR — contact hello@bestbusinessloans.ai.