Privacy Policy

Effective Date: June 6, 2025
Last updated: June 6, 2025

EVG Finance Limited (“EVG Finance,” “we,” “us,” or “our”) is committed to protecting the privacy of COMPANIES who visit our website, engage with our services, and apply for or receive loans. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal data when you interact with us—whether online via https://evgfinance.com (the “Site”), through our mobile applications, by telephone, or in person. It also explains your rights regarding that data under applicable data protection laws, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

By accessing or using our Site or otherwise providing personal information to us, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our policies and practices, your choice is not to use our Site or to discontinue any interaction with us.

1. Who We Are

Company: EVG Finance Limited.
Registered Office: Flat 17 Ingelow House, HOlland Street w84nf
Company Number: 16477951
Data Protection Officer: Nikolai Ueker, Email: dataprotection@evgfinance.com

EVG Finance is a UK-based financial services provider specialising in flexible lending solutions for small and medium-sized enterprises (SMEs) and lower mid-market businesses.

2. Personal Data We Collect

We collect various categories of personal data about you directly from you, from third parties (including brokers, credit reference agencies, and professional advisors), and automatically through your use of our Site and services. Depending on how you interact with us, we may collect:

2.1 Information You Provide Directly

  • Identity and Contact Information as a Director: Name, date of birth, national insurance number, passport or driver’s license details, home address, email address, telephone number, and business address.

  • Financial and Transaction Data: Bank account details, income and turnover data, business revenue, expense information, credit history, loan amounts requested, repayment terms, and details of outstanding debts or liabilities.

  • Business Information: industry sector, company turnover, number of employees, business type (partnership, limited company), details of shareholders or beneficial owners.

  • Supporting Documentation: Copies of identification documents (e.g., passport, driver’s license), proof of address (utility bills, bank statements), business bank statements, financial statements, credit applications, and any other documents you submit to support your loan application.

  • Correspondence: Any communications, feedback, inquiries, or complaints you send to us by email, telephone, or in writing.

  • Marketing Preferences: Your preferences regarding receiving marketing communications from us.

2.2 Information from Third Parties

  • Brokers and Referrers: If a commercial finance broker, accountant, or professional advisor refers you to us, we may receive information such as your name, contact details, business financials, and credit history.

  • Credit Reference and Fraud Prevention Agencies: Credit file information, credit score, electoral roll data, and fraud indicators to assess creditworthiness and verify your identity.

  • Publicly Available Sources: Information in publicly available databases (e.g., Companies House, Land Registry) to confirm details about your business, directors, or property.

  • Service Providers: When you use third-party platforms or tools (e.g., accounting software integrations), we may receive transactional data or other relevant information subject to separate terms you have with those providers.

2.3 Information Collected Automatically

  • Usage Data: Pages you visit on our Site, time spent on those pages, links clicked, and other browsing behaviour collected via cookies and similar tracking technologies.

  • Device and Log Information: IP address, browser type and version, device type and operating system, unique device identifiers, and your interaction with Site features.

  • Location Data: Approximate location derived from your IP address or device settings, if you have granted permission via your browser or device.

3. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

3.1 Processing Loan Applications and Servicing Loans

  • Underwriting and Credit Assessment: To evaluate your creditworthiness, verify your identity, assess your business’s financial health, and make lending decisions (e.g., approval, pricing, and terms).

  • Account Setup and Management: To open and maintain your borrower account, disburse loan funds, collect repayments, and manage any security or collateral associated with your loan.

  • Customer Support: To respond to your inquiries, provide assistance, handle disputes, and resolve complaints or errors.

3.2 Compliance with Legal, Regulatory, and Security Obligations

  • Anti-Money Laundering (AML) and Know Your Customer (KYC): To perform identity verification checks, screen against sanctions lists, and comply with our AML obligations and other regulatory requirements.

  • Fraud Prevention and Detection: To detect, prevent, and investigate suspected fraudulent activity or security incidents; share information with fraud prevention agencies and law enforcement as required.

  • Regulatory Reporting: To fullfill our obligations under FCA rules, the UK GDPR, the Data Protection Act 2018, and other applicable laws (e.g., reporting statistical data to regulators).

3.3 Improving and Personalising Our Services

  • Site Analytics and Performance: To monitor and analyse how visitors use our Site, diagnose technical issues, improve user experience, and optimise our Site’s performance (e.g., through Google Analytics, cookies).

  • Product Development: To develop, test, and enhance our lending products, digital platforms, and related offerings based on aggregated and anonymised data.

3.4 Marketing and Communications

  • Promotional Messaging: To send you newsletters, educational materials, event invitations, and other marketing communications (with your consent where required), highlighting our products, services, promotions, or industry insights relevant to SMEs and lower mid-market businesses.

  • Client Relationship Management: To keep you informed about changes to our policies, terms, or services you use, and to deliver service-related notifications (e.g., payment reminders, legal notices).

3.5 Internal Administrative Purposes

  • Accounting, Auditing, and Record-Keeping: To maintain proper financial records, support auditing processes, and comply with tax, corporate, and legal record-keeping obligations.

  • Risk Management and Business Planning: To evaluate and manage credit risk, operational risk, and market risk; to develop business strategies, projections, and forecasts.

4. Legal Bases for Processing

Under the UK GDPR, we rely on the following legal bases to process your personal data:

  • Performance of a Contract (UK GDPR, Article 6(1)(b))
    Processing is necessary to enter into or perform our loan agreement with you, service your loan, and manage your account.

  • Legal Obligations (UK GDPR, Article 6(1)(c))
    We must process certain data to comply with our legal and regulatory obligations (e.g., AML, KYC, FCA reporting, tax).

  • Legitimate Interests (UK GDPR, Article 6(1)(f))
    We have a legitimate interest in operating our business, providing credit to SMEs, preventing fraud, improving services, and marketing to existing or prospective customers, provided our interests do not override your fundamental rights and freedoms.

  • Consent (UK GDPR, Article 6(1)(a))
    Where required—such as for certain marketing communications, cookies beyond strictly necessary, or optional services—we will obtain your consent. You may withdraw consent at any time (details in Section 11).

  • Vital Interests or Public Task
    In rare circumstances, we may process data to protect your life (vital interests) or to perform tasks in the public interest (e.g., cooperating with law enforcement agencies), though these bases are used infrequently.

For special categories of personal data (e.g., health data, if ever collected for insurance purposes), we would seek explicit consent or rely on other appropriate legal bases under UK GDPR (none of which are typical for standard loan applications).

5. Sharing and Disclosure of Personal Data

We may share your personal data with the following categories of recipients for the purposes described above:

5.1 Service Providers and Processors

  • IT, Cloud, and Hosting Providers: To support our Site infrastructure, data storage, and software applications.

  • Credit Reference Agencies: For obtaining credit history, credit scoring, and identity verification.

  • Payment Processors and Banking Partners: To facilitate disbursements, repayments, and account reconciliation.

  • Fraud Prevention Agencies: To detect and prevent fraud or suspicious activity; we may exchange personal data and transaction details as necessary.

  • Professional Advisors: Including accountants, auditors, legal counsel, and consultants engaged to advise or audit our business.

These third parties are authorized to use your personal data only as necessary to provide services to EVG Finance, and we require them to maintain appropriate data protection and security measures.

5.2 Business Partners and Brokers

  • Commercial Finance Brokers and Intermediaries: When you apply for a loan through a broker, we receive information from them to process your application—and we may share loan status updates, credit terms, and repayment performance with them.

  • Strategic Partners: Where you consent or where necessary to provide joint offerings (e.g., co-branded finance solutions) or marketing collaborations, we may share limited personal data (name, contact details, segmented preferences) with other businesses.

5.3 Affiliates and Subsidiaries

We may share your information within the EVG Finance corporate group (e.g., subsidiaries or affiliates) to facilitate the processing of your loan, audit, compliance, or group-wide risk reporting.

5.4 Legal and Regulatory Authorities

  • Regulators and Tax Authorities: When required by law, regulation, or by request (e.g., the FCA, HM Revenue & Customs), we share data needed to meet our legal obligations.

  • Law Enforcement and Courts: If compelled by a valid subpoena, court order, or other legal process, or to protect our rights and property, we may disclose your personal data.

5.5 Business Transfers

If EVG Finance is involved in a merger, acquisition, sale of assets, or financing transaction, your personal data may be transferred to a third party involved in the transaction, provided that such third party agrees to comply with the terms of this Privacy Policy or a substantially similar privacy commitment.

6. Cookies and Similar Tracking Technologies

6.1 What Are Cookies?

Cookies are small text files placed on your device by your browser when you visit our Site. We use cookies and similar technologies (e.g., web beacons, pixel tags, local storage) to recognize your browser or device, remember your preferences, and collect data about how you navigate our Site.

6.2 Types of Cookies We Use

  • Strictly Necessary Cookies: Required for the operation of our Site (e.g., to secure log-in sessions, remember selections for loan calculators). These cannot be disabled.

  • Performance and Analytics Cookies: Collect anonymous information about how visitors use our Site (e.g., pages visited, time spent, errors encountered). We use Google Analytics to understand user behavior and improve our Site.

  • Functionality Cookies: Remember your preferences (e.g., language, region) and provide enhanced features (e.g., pre-filling forms).

  • Targeting and Advertising Cookies: Serve tailored advertisements based on your browsing history and interests; used by us and third parties to deliver relevant marketing content.

6.3 Managing Cookies

Most browsers allow you to refuse or delete cookies via your browser settings. However, disabling certain cookies may affect your ability to access some features or functionality of our Site. For more information about cookies and how to manage them, visit www.allaboutcookies.org.

7. Data Security

We implement and maintain appropriate technical, physical, and administrative safeguards designed to protect your personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures include:

  • Encryption: We use industry-standard encryption (e.g., TLS/SSL) to protect data in transit between your device and our servers.

  • Access Controls: Access to personal data is restricted to authorized personnel and third-party processors on a need-to-know basis, enforced through role-based access controls and unique user credentials.

  • Secure Development Practices: We follow secure coding standards and regularly test our systems (e.g., penetration testing, vulnerability assessments) to identify and remediate security weaknesses.

  • Policies and Training: Employees undergo regular data protection training, and we maintain documented policies regarding data handling, retention, and disposal.

  • Incident Response: We have an incident response plan to address potential data breaches. In the event of a breach, we will notify affected individuals and regulatory authorities as required by applicable law.

While we strive to safeguard your data, no method of transmission or storage is entirely secure. Therefore, we cannot guarantee absolute security; however, we will enforce continuous improvements and adhere to industry best practices.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law, whichever is longer. Specifically:

  • Loan Application and Account Data: We generally retain applicant and borrower data for at least six years following the closure of the loan account or until the statute of limitations expires—whichever is longer—to comply with FCA and tax record-keeping obligations.

  • Marketing Data: We hold marketing consents and preferences for up to five years from the date of collection, or until you withdraw your consent.

  • Legal and Compliance Records: Documents related to KYC, AML, auditing, and compliance may be retained for up to seven years or as required by law.

  • Website Analytics and Cookies: Performance and analytics data are usually kept for a rolling period of 26 months (per our Google Analytics settings) unless you delete cookies or revoke consent.

When the data is no longer required, we securely delete, anonymise, or aggregate them, unless legal, regulatory, or legitimate business purposes dictate otherwise.

9. Your Rights Under Data Protection Law

Subject to certain exemptions and limitations under the UK GDPR and the Data Protection Act 2018, you have the following rights with respect to your personal data:

  1. Right of Access (Subject Access Request): You may request a copy of the personal data we hold about you, and supplementary information about how we process it.

  2. Right to Rectification: You may request that we correct any inaccurate or incomplete personal data.

  3. Right to Erasure (“Right to be Forgotten”): You may request that we erase your personal data where (a) it is no longer necessary for the purposes for which it was collected, (b) you have withdrawn consent, (c) it was unlawfully processed, or (d) we are required to erase it by law.

  4. Right to Restrict Processing: You may request that we restrict processing of your personal data where you contest its accuracy, our processing is unlawful, or we no longer need it but you require it to establish, exercise, or defend legal claims.

  5. Right to Object: You may object to (a) processing based on our legitimate interests or (b) direct marketing (including profiling related to direct marketing). We will comply unless we can demonstrate compelling legitimate grounds or the processing is required for legal claims.

  6. Right to Data Portability: Where processing is based on consent or is necessary to perform a contract, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

  7. Right to Withdraw Consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect processing prior to withdrawal.

  8. Right to Lodge a Complaint: If you believe that we have not complied with applicable data protection laws, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
    Information Commissioner’s Office
    Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
    Telephone: 0303 123 1113 (UK) or +44 1625 545 700 (from outside the UK)
    Website: https://ico.org.uk

To exercise any of your rights, please submit a written request to our Data Protection Officer at dataprotection@evgfinance.com. We may require proof of identity to process your request. We will respond to requests in accordance with applicable law, typically within one month of receipt.

10. International Data Transfers

EVG Finance is headquartered in the UK. We may transfer your personal data to recipients in countries outside the UK (including the European Economic Area) to provide services, for compliance, or for hosting and IT support purposes. Where we transfer personal data to a country that does not have an adequacy decision from the UK Government, we rely on appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs): We enter into UK ICO-approved SCCs or equivalent data transfer agreements with third parties to ensure adequate protection.

  • Binding Corporate Rules (BCRs): Where transfers occur within our corporate group, we implement approved BCRs to safeguard data.

  • Other Safeguards: Where necessary, we may rely on explicit consent you provide for the transfer, or legal exceptions allowed under UK GDPR (e.g., performance of contract, public interest).

A list of third-party service providers, their locations, and the safeguards in place is available upon request by contacting dataprotection@evgfinance.com.

11. How to Manage Your Choices and Withdraw Consent

  • Marketing Communications: If you no longer wish to receive marketing emails, you can unsubscribe by clicking the “unsubscribe” link at the bottom of any marketing email or by emailing marketing@evgfinance.com. We will process your opt-out promptly.

  • Cookies and Tracking: You can manage or withdraw your consent for cookies by adjusting your browser settings or by using the cookie-consent banner available on our Site.

  • Withdrawal of Consent: For any processing based on your consent (e.g., use of certain optional services), you may withdraw consent at any time by contacting dataprotection@evgfinance.com. Withdrawal will not affect the lawfulness of processing prior to withdrawal.

12. Children’s Privacy

Our Site and services are intended Businesses and their respective management who are adults. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete that data as soon as possible. If you believe we may have any information from or about a child under 18, please contact us at dataprotection@evgfinance.com.

13. Third-Party Links and Services

Our Site may contain links to other websites or services that are not operated by EVG Finance. This Privacy Policy does not apply to those third-party websites or services. If you click on a third-party link, you will be directed to that third party’s site—any personal data you provide on that site is not governed by this Privacy Policy. We encourage you to review the privacy policies of any site you visit.

14. Changes to This Privacy Policy

We review our privacy practices regularly. We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or advances in technology. If we make material changes, we will post the updated policy on our Site with a new “Effective Date” and, where appropriate, provide notice (e.g., by email or notification on our Site). Continued use of our services after any such changes constitutes your acceptance of the revised Privacy Policy.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Data Protection Officer
EVG Finance Ltd.
Email: dataprotection@evgfinance.com

Appendix: Glossary of Key Terms

  • “Personal Data” means any information relating to an identified or identifiable natural person.

  • “Processing” means any operation performed on personal data, whether or not by automated means (e.g., collection, recording, storage, adaptation, retrieval, consultation, use, disclosure, erasure, or destruction).

  • “Controller” is the entity that determines the purposes and means of processing personal data. EVG Finance is the Controller for the processing described herein.

  • “Processor” is an entity that processes personal data on behalf of the Controller, under contract or agreement.

  • “UK GDPR” refers to the UK General Data Protection Regulation, as it forms part of UK law by virtue of the Data Protection Act 2018.

Thank you for trusting EVG Finance with your personal information. We are committed to safeguarding and respecting your privacy.