How will my data be handled—privacy, security and GDPR compliance?

Short answer

Best Business Loans treats your personal and business data with care and in line with UK data protection law, including the UK GDPR and Data Protection Act 2018. We collect the minimum information needed to match your enquiry to lenders or brokers, secure it using industry-standard protections, and only share it with vetted partners under strict contracts. You retain clear rights over your data and can contact us or the Information Commissioner’s Office (ICO) if you have concerns.

What personal and business data we collect and why

When you submit a Quick Quote or enquiry we ask for basic business identifiers and contact details such as company name, registration number, VAT status, turnover band and contact name. We also collect information about the finance you need, the purpose of funding, and recent credit or asset details where relevant. This data helps our AI matching system identify suitable lenders or brokers from our network and present accurate, relevant options for your business.

We may also collect supporting documents that lenders commonly request, such as recent accounts, bank statements, or invoices if you choose to upload them. These documents are used only for matching and introduction purposes and are never sold to third parties. We do not collect more sensitive personal data (for example, health, racial or biometric data) unless you voluntarily provide it and we explain a lawful basis for doing so.

For site functionality we also use technical data such as IP address, device type and session cookies to protect the service, measure performance, and ensure a smooth user experience. These technical details are used to prevent fraud, detect abuse, and improve our AI matching models over time.

Lawful basis for processing and your rights

We process your data under lawful bases required by UK GDPR: typically legitimate interests (for matching you to lenders and preventing fraud), contract (to perform services you request), and where relevant, consent (for marketing communications). We will always explain when we rely on consent and provide an easy way to withdraw it. For any activity that requires explicit consent, such as direct marketing by third parties, you will be asked to opt in.

You have statutory rights under UK GDPR including the right to access the personal data we hold about you, request rectification, request erasure (subject to legal or contractual retention requirements), restrict processing, object to processing, and obtain portability of your data. You also have the right to complain to the ICO if you believe your data has been mishandled. We provide simple ways to exercise these rights via hello@bestbusinessloans.ai or our privacy portal on request.

Where decisions involve automated processing or profiling — for example our AI matching — we will provide clear information about how the decision is made and allow you to request human review. Our AI assists matching but does not automatically make lending decisions on behalf of lenders or brokers.

How we secure your data and manage third-party access

Protecting your data is central to our operations and we use multi-layer security to keep information safe. This includes encryption of data in transit (TLS) and at rest, role-based access controls, secure hosting in UK-compliant data centres, and regular security testing. Staff access is limited to people who need it to perform their role and are bound by confidentiality obligations.

Technical and organisational measures

We maintain written information security policies, employ firewalls and intrusion detection systems, and use secure backups and disaster recovery procedures. Penetration testing and vulnerability scanning are performed regularly by accredited security providers. Where required, we conduct Data Protection Impact Assessments (DPIAs) on new systems or significant changes involving personal data.

We share your details only with carefully selected lenders and regulated brokers who have agreed written contracts with us and demonstrate adequate data protection practices. When we introduce you to a lender or broker, only the minimum information necessary for that provider to assess your enquiry is transferred. We never sell your data for marketing or profiling purposes outside of the services you request.

Data retention, international transfers and processors

We retain personal and business data for as long as necessary to fulfil the purpose for which it was collected, to meet legal or regulatory obligations, and to manage disputes or queries. Typical retention periods vary — live enquiries are retained until the matter is resolved, while contact data used for marketing is retained until you opt out. We will provide specific retention periods on request.

Some of our service providers and partners (for example cloud hosts, analytics tools, or lenders) may operate outside the UK. Where that happens we ensure adequate protections are in place, such as UK adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms. We will only transfer the minimum personal data necessary and will assess third parties to ensure they meet security and compliance standards.

We use third-party processors for services such as email, payments, identity checks and analytics. All processors are contractually required to process data only on our instructions, to implement appropriate security measures, and to assist with data subject rights requests. You can request a list of our main processors at any time.

Your choices, consent, complaints and next steps

You control how we use your data. You can update or correct your information, request deletion, or limit how we use your details for marketing. Opting out of marketing will not usually affect our ability to match you with lenders for an active enquiry, but it will prevent future promotional contacts unless you re-consent.

If you have a concern about how we handle your data please contact us first at hello@bestbusinessloans.ai and we will investigate promptly. If you remain unsatisfied you can raise the matter with the Information Commissioner’s Office (ICO) at https://ico.org.uk. We will cooperate fully with any lawful regulatory requests and provide the ICO with the information it requires.

Ready to proceed with confidence? Submit a Quick Quote and we will match your enquiry securely to suitable lenders or brokers in our network. If you want funding linked to invoices, learn more about invoice finance here: invoice finance. Your enquiry is free, confidential, and starts the secure process of finding the right options for your business.

Key takeaways

Best Business Loans collects only the information needed to match your business to relevant lenders or brokers and operates under UK data protection law. We use encryption, access controls and contractual safeguards with processors and partners to protect your data. You retain rights under UK GDPR to access, correct, erase and object to processing, and may contact us or the ICO if needed.

We do not provide loans ourselves — we introduce you to lenders and brokers and share the minimum data required under strict agreements. If you value control and transparency, submit a Quick Quote and we will explain exactly how we will use your details for your specific enquiry.

Contact, complaints and regulatory notes (FCA/ASA guidance)

BestBusinessLoans.ai acts as an independent introducer and is not a lender. We aim to comply with FCA, ASA and advertising rules by being clear, fair and not misleading in all communication. We do not provide regulated advice and you should consult authorised advisers or lenders for binding finance agreements.

For data protection queries or to exercise your rights contact: hello@bestbusinessloans.ai. For regulatory complaints related to financial promotions please consult the FCA and ASA guidance noted on their websites. For data protection enforcement contact the ICO at https://ico.org.uk.