Privacy Notice | Moneyboat

This is Version 3.0 of our Customer Privacy Notice. Last updated: September 2025

About us

We are Evergreen Finance London Limited (EGFL), a company registered in England and Wales (Company No. 07669210). Our registered office is 188 Brent Street, London, NW4 1BE. Please note that this address should not be used for customer correspondence.

For all enquiries and correspondence, please use the following link: Contact Us | Moneyboat

For the purpose of this policy the term Moneyboat (MB) refers to Evergreen Finance London Limited (EGFL).

For the purposes of the General Data Protection Regulations (‘GDPR’), Evergreen Finance London Limited is the Data Controller for the data we process, unless otherwise specified.

We are also registered with the UK Information Commissioner’s Office (‘ICO’), and our Data Protection Register Number is Z3596140. You can find out more about the ICO here (links to an external website).

Our Data Protection officer can be contacted at data@moneyboat.co.uk.

Our regulators

As a financial services organisation, we are authorised and regulated by the Financial Conduct Authority (‘FCA’). Our Financial Services Register number is 674154. You can find out more about the FCA here (links to an external website).

About this Privacy Notice

EGFL is committed to protecting your personal data and respecting your privacy. This privacy notice explains how and why we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. It also explains what rights you have and how you can contact us if you’ve got any questions.

You should read this notice carefully before you provide us with your information. If you have any questions, or wish us to clarify how this relates to you, please contact us for help.

By accessing and using our platform through our website or other platforms, you need to confirm that you agree to be bound by this Privacy Notice. If you do not, you must immediately cease use of our website and platform, and any services provided by us.

We will amend this Privacy Notice from time to time to comply with applicable laws and regulations or to meet our changing business requirements. You are encouraged to periodically review this page for the latest information on our privacy practices and amendments to our Privacy Notice but if we make changes that we consider to be important or that affect your rights we will let you know.

Information we may collect about you

If you are a customer the majority of information we collect about you is provided by you directly, for example when you complete an application or contact us to let us know about a change to your personal circumstances.

For the most part, this information is necessary for us to enter into and to perform our contract with you when arranging or delivering our products and services. The main reasons that we collect and use your information is to comply with our Legal and Regulatory obligations, for our legitimate interests of maintaining customer payments and to continually improve the products services we provide.

Categories of personal information

Throughout the term of our relationship with you we may collect and use your personal information.

We have provided a brief description of the likely categories below:

Identifiers: Information that identifies you, such as your full name, date of birth, address, and residential status
Contactors: such as your home or mobile telephone number, email addresses and home or residential address
Financials: such as your bank details, salary, income and expenditure, proof of financial status, bank statements or payslips, credit and default history.
Account: such as details about products or services that you might previously have applied for or purchased
Employment history: such as information about your employer, your job title, work email address and work telephone number.
Lifestyle: information about your lifestyle and homelife such as the reason that you have applied for one of our products, or information that helps us to understand your personal circumstances or provide you with appropriate support if needed.
Family: Information about your household and family circumstances, such as your dependants names and income, next of kin
Employment details, for example your employer’s name, your job title, work email address and work telephone number
Health: Information about your physical or mental health and wellbeing that you provide to us
Electronic data: such as your IP address (Information about the device you are using to access our products and services, including its type and your location)
Cookie data: such as information that reveals how you interact with our website and how you use our customer contact channels. How you interact with our online ads or other digital marketing material.(This information is usually anonymised)see cookie policy for more information
Other: from time to time you may provide us with other information that you feel is relevant to tell us, this may include information about you or your family. We only store and use this information when we feel it is reasonable and necessary for our purpose.
Aggregated Data: We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing specific website features. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.

When, why and how we may collect your information

The type and volume of information that we may collect and use will vary depending on the nature and duration of our relationship and your personal circumstances.

If you decide not to provide your personal information or tell us about important changes to your circumstances, we may be unable to provide you with some or all of our products and services, and you may not receive the support you may need.

For ease, we have explained the most common relationship types within the sections below.

You are a current or former employee, or you are applying to work with us;

Please contact HR@evergreenfinance.co.uk email address for a copy of our employee privacy notice

You visit our website

When you visit our website we may automatically collect information directly from the device that you use. The nature of the information will vary depending on the cookie preferences you select. [see section: Cookies]

During your visit you may decide to provide us with your personal information when you engage with our pages, such as completing sections within our online forms or engaging with our contact center or our chat facilities.

Cookies

We use small files called cookies, these contain strings of letters and numbers that are stored in your browser. We use information from Cookies to help us monitor the use and performance of our website and in some cases, interactions with our marketing emails.

When you use your device to visit our website for the first time, you will be presented with a pop up that asks you for permission to install certain cookies on your browser, cookies are categories as essential and non-essential.

Essential cookies

Some cookies are automatically installed unless you have disabled this within your own browser settings. Essential cookies are limited to those that are necessary for our website to function correctly.

Non-essential cookies

These are optional cookies that you may decline.

We rely on your consent to install cookies, you may withdraw your consent / opt out at any time.

Further information about how to withdraw consent, and about the cookies we use, including how long they remain within your device can be found on our Cookies page.

Contacting and communicating with us

We offer a range of convenient ways for you to contact us about the products and services we offer, including managing your queries, making an application, making payments and to provide us with updates about changes to your personal circumstances.

During our communications, we take reasonable steps to only collect information that is relevant to the purpose of your contact. We offer a variety of communication channels, which includes, Web-form, Chat facilities, Calls, SMS and Emails.

Document uploads

We provide secure means for you to provide us with copies of your personal identification and income documentation.

Voice calls

All our calls are recorded for quality and training purposes.

Making payments

We utilise a PCI-DSS compliant provider for payment services made via any of our payment platforms/ channels.

Contacting you

Where possible, we will use your preferred contact details when we respond to you or if we need to make contact with you to discuss missed or late payments. However, where this is unsuccessful, we may use other information you have provided. If you have provided an email address during your application or in any communication with us - whether personal or work related - we may use that email address to contact you. This does not require additional consent and does not constitute a data breach under data protection laws.

Information provided by other individuals.

Someone who has made an application has provided us with your details

When someone applies or has taken out one of our products or services they may provide us with information about you, for example they may have provided us with your name and address because you live with them. The person making the application is responsible to let you know about the information that they provide to us, and keep the information limited to what is required and to maintain its accuracy.

Someone who is financially linked to you has made an application.

If you have a joint account or act as a guarantor with someone else you are likely to be ‘financially linked’ to them.

If the person you are financially linked with applies for a product or service with us it is their responsibility to let you know. We do not need your consent to process your personal information during their application.

As a financial credit company we may rely on our legitimate interests as our lawful basis to process your personal information, such as information about your credit history and ability to repay the loan as a couple rather than as an individual. In short, as a lender we may have full access to your credit file in the same way if it were you applying for credit.

Find out more about credit searches: Credit

Your nominated representatives

You have the right to request that we speak to someone on your behalf, such as a trusted family member or a claims management company.

Before we can discuss your account or provide any information to them we must be satisfied that they are acting with your authority and confirm the nature of the information we can disclose, and the decisions they are permitted to make. As such we will ask for evidence of your consent and authorisation, such as a power of attorney or letter of authority.

While we take reasonable steps to verify the accuracy of such representations, you acknowledge that we are not liable if data is shared with a third party at your instruction and they do not act responsibly.

Before engaging with any third party we advise you to carry out your own checks, such as their reputation, credentials and data protection practices.

You apply or reapply for our products and services.

Pre-contract checks

Suitability checks

Before providing you with our products and services, we may carry out checks to confirm your identity and assess your eligibility. We do this based on our legitimate interests- to ensure the products we offer are appropriate for your circumstances, to detect and prevent fraudulent applications, and to protect our business and the interest of our stakeholders.

Detect, prevent & report criminal or inappropriate activity

We have legal and regulatory responsibilities to undertake certain activities and implement safeguards to prevent, detect and report various forms of criminal or inappropriate activities [including steps to detect and prevent fraud or money laundering.]

During the application or reapplication process we will access and use the information we have about you to verify what you have told us and to assess your eligibility for the product or service sought. We do this by

Verifying your identity
Assess for vulnerabilities
Check and analyse your income and spending
Check those financially linked to you
Review any previous products or services you have sought or accessed from us (including details of the nature of the services, and whether you missed payments.)

About credit reference agencies and credit checks

Credit reference agencies (CRAs) are licensed by the Financial Conduct Authority. They give lenders a range of information about potential borrowers, which lenders use to make decisions about whether they will offer you credit or not. They hold certain information about most adults in the UK.

The three main consumer CRAs in the UK are Equifax, Experian and TransUnion. Most of the information held by the CRAs relates to how you have maintained your credit and service/utility accounts. It also includes details of your previous addresses and information from public sources such as the electoral roll, public records including county court judgments, and bankruptcy and insolvency data.

The information held by the CRAs is also used to verify the identity, age and residency of individuals, to identify and track fraud, to combat money laundering and to help recover payment of debts.

How we use credit reference & fraud prevention agencies

From time to time, we undertake credit checks against borrowers, investors, guarantors and agents. As part of your application process, we will check the details provided by you against central databases to identify your credit history and we may also perform ‘Know your customer’ (KYC) and ‘Anti-money laundering’ (AML) checks to assess your creditworthiness and product suitability, as well as to check whether there is a risk of fraudulent activity.

During your time with us as a customer, and in some cases after our relationship has ended, we will continue to monitor and share your information with credit reference and fraud prevention agencies.

These agencies may also share it with other financial services organisations for the purposes of identity verification, credit scoring and monitoring, and fraud prevention.

How we use your credit record

We will process information from, and share information with, credit reference agencies for the following purposes:

To verify your identity and check that the details you have provided to us are accurate and match the records other financial institutions have about you
To check the affordability of our products and services and make sure that we are lending responsibly
To trace and recover debts if there are late repayments or default
Manage any products that you have with us on an ongoing basis
Updating your records if something changes (for example your address) and you do not tell us, or we are unable to locate you and you have a product with us that has an outstanding balance
For analysis and research purposes to help us improve our products and services. For example, we might analyse your credit history and combine the information with the information from other similar customers to determine whether the amounts we offer to customers are too high, or whether we could adjust our pricing models.

Sharing your information with credit reference & fraud prevention agencies

We might share information with credit reference and fraud prevention agencies which could have an adverse effect on you and your ability to obtain financial products and services in the future. For example, if you fail to repay a debt owed to us, we will provide your details to the credit reference agencies that we work with, who will update your record with a default. This could make it difficult for you to borrow money in the future.

We will give credit reference agencies details of all loans taken through our platform and how they are managed. If you borrow and do not repay in full or on time, the Credit Reference Agencies will record the outstanding debt and in some cases, the length of time the debt remains outstanding. This information may be supplied to other organisations and this could affect your ability to obtain credit in the future.
Similarly, if we become aware of fraudulent activity, we might share your information with fraud prevention agencies and, if necessary, law enforcement. This could make it difficult for you to borrow money or apply for financial products in the future.

We will continue to share information about you and your accounts, including any debts not repaid on time, with Credit Reference Agencies and Fraud Prevention Agencies on an ongoing basis. By accepting this policy, you acknowledge that we will not seek your consent again for this data sharing. These agencies may, in turn, share this information with other organizations.

Information on credit defaults and fraudulent activity is held by credit reference and fraud prevention agencies for varying periods of time, but will generally remain on your credit file for up to six years.

The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment.

Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found here.

Creating an associated record

If you apply for a financial product jointly with someone else, this can create what’s known as an “associated record.” Associated records allow financial organisations to obtain information about an applicant from either person’s credit record if it’s available.

Associated records are created automatically when you apply for a product jointly with someone else. You are responsible for making the other person aware of applications you make.

The only way to remove the association is to successfully apply to a credit reference agency for a record “disassociation.” At this point, your records will no longer be linked together.

To check if you have an association on your credit file, you can ask any of the three main UK credit reference agencies for a copy of your information.

Credit information: Your concerns about incorrect or inaccurate information

If you believe that we are reporting inaccurate information regarding your credit activity to any of the credit reference agencies you can contact us to discuss the inaccuracy, or if you would prefer, you can contact a credit reference agency directly using the contact details provided on their website.

For more information on how credit reference agencies use your information and share it with others, you can refer to the Credit Reference Agency Information Notice (‘CRAIN’). It’s available from the three main UK credit reference agencies (TransUnion, Equifax and Experian). The CRAIN is available here:

Other third party checks we may make

During the course of your application, we may also use and / share your personal information with other third parties.

Information from agents or representatives appointed to act on your behalf, for example a debt management company
Data which is publicly available, for example media articles, information from public registers like Companies House, or social media

Repeating our credit and third party checks

If you proceed to take out one of our products or services, we implement contractual terms that permit us to repeat some or all of the checks during and after the course of our relationship with you.

Unsuccessful or withdrawn applications

Updating Credit reference agencies

Depending on the progress of your application we may be required to use your application information to update the credit reference Agency.

Product referral organisations

In the event that we are unable to provide you with a product or service, we will obtain your explicit consent prior to sharing your details with an alternative organisation that we believe may be able to offer a suitable product or service. This process includes the retention and use of the information submitted in your application.

Withdrawn applications

If you have completed your application but decide not proceed with taking out the product or service, we may rely on our legitimate interests to retain your details (within our secure database) for a period of 18 months. We may use your information to enable us to remember your query for any repeat contact.

Rejected applications

If your application is declined because you do not qualify for our products and services, we will retain your application for a period of 18 months after your application or quotation search was made.

If your application is rejected because our checks revealed (suspected or actual) fraud or criminal activities we may retain and share certain information in order to comply with our legal responsibilities.

We may keep your data for longer than explained above if we cannot delete it for legal, regulatory or technical reasons. If we do, we will continue to make sure your privacy is protected.

Other uses of application information

We may rely on our legitimate interests to use your information to improve our customer experience, products and services; when we do this, we usually anonymise your personal details.

You take out one of our products or services

Your customer portal

Upon approval and acceptance of one of our products or services, you will be granted access to a secure online customer portal. Through this portal, you will be able to access your account information, transaction history, support resources, etc. We will also incorporate any information collected or generated throughout our relationship into this system to manage and maintain accurate records and to fulfil our data retention obligations.

Information that we collect, use and retain during the lifecycle of our relationship will vary depending on the nature of the product or service taken, how you interact with us and the payments you make.

When you become a customer we generate a customer portal which contains the information collected about you during your enquiries and application process. We continue to collect and process your information during our routine activities; this forms your customer account information.

Our routine activities

Administration of your account

For each customer we are likely to use your account information during the routine relationship, in the following ways;

Providing account information

We have obligations as a responsible lender to provide you with regular account statements and remind you of upcoming, late or missed payments. We will provide you with these communications regularly, and should we need to, these will be increased in a way that relates to your payment activity.

Assessing vulnerability and to offer support

During your relationship with us it may become apparent to us, or you may provide us with information which suggests to us that you are, or are likely to become a “vulnerable” customer and we consider that you might require additional support, for us to tailor the product and service we provide to you or to add a vulnerable customer marker to your account details.

On occasion, this information may include special category data, for example you might provide us with medical information about your health and wellbeing, such as if you let us know you are experiencing a mental health crisis.

We may make decisions based on your personal circumstances that require us to share information with other relevant parties. When we do, we will take all reasonable measures to protect your information and, where possible we will let you know before this happens, or as reasonably practicable afterwards.

We have a public interest duty to conduct vulnerability assessments and related activities, as such we do not require your consent. However, we will take your preferences into consideration wherever it is reasonably practicable to do so. See below for more information about how we use special category information.

Communicating about your products and services

When you take out a product or service we fulfil the contractual terms to tell you about important changes or developments to the features and operation of our products and services. This is to

provide you with relevant information to increase awareness of, and understanding of the financial products in more detail, and to ensure you can make an informed decision about whether or not they are appropriate for you. You cannot opt out of these communications.

We tailor marketing and other promotional communications that we believe might be of interest to you, provided that such communications do not encourage irresponsible or inappropriate borrowing. For example, we might send you a newsletter which contains information on topics like money-saving tips or borrowing responsibly.

Monitor payments and administer financial transactions

We use third parties to process payments or otherwise execute financial transactions. We ensure that only the essential information is shared, accessed and used, and is limited solely for this purpose. Our due diligence activities provide us with confidence that your information is processed and transferred via secure connections and using bank-grade encryption.

Managing a default; late or missed payments

We rely on our legitimate interests to make contact with you using all reasonable means (such as letters, calls, emails or SMS) to let you know about late or missing payments and to encourage you to make arrangements to pay.

Debt recovery

Where you fail to pay we may rely on our legitimate interests to trace your whereabouts, recover and enforce the terms of your contract to recover a debt. Where we have exhausted all other avenues available to us, we may process your data in order to begin recovery or progress with some other form of legal action against you.

While we do not sell your personal data, in the event that you default on your loan and it is classified as a bad debt, we reserve the right to assign or sell the debt to a debt recovery agency without your consent. The appointed agency, or another agency acting on their behalf, may contact you directly to pursue recovery of the outstanding amount.Bankruptcy, insolvency and Debt relief orders.

We may share your personal information with third parties, such as a nominated debt management company or insolvency practitioner or search available public records to determine your bankruptcy or insolvency status, or have a debt relief order and to make relevant recovery arrangements.

Mandatory communications

Under the Consumer Credit Act 1974 rules, we will continue to communicate with relevant information, such as annual statements, arrears and default notices.

Reviews

We may access your personal details, income and expenditure to undertake certain checks or reviews, such as your debt management plan, repayment amounts or to check your credit status.

County Court Judgement

Should you fail to maintain repayments we may rely on our legitimate interests to apply to the HMCTS for a County Court Judgment. During this application process, we may supply the Court with your personal details, such as your name and address and details and records relating to your repayments and how you have engaged with us.

We will notify you of our intention to proceed with a Court application and provide additional privacy details at that time.

Debt Sale

If we decide not to apply for a county court judgement against you we may consider the sale of your debt within a larger bundle of other debts to a third party. During the pre-sale process we do not share your personal information.

Following the debt sale, we will provide your personal information including your name and address, banking details and records relating to your repayments and how you have engaged with us.

Please note that companies engaged within Debt Sales have Regulatory responsibilities to ensure security and ongoing confidentiality of your personal information.

Updating your Credit status

We have a legal requirement to provide information about payment defaults to the credit reference agencies that we work with, who will update your record with a default. This could make it difficult for you to borrow money in the future.

For more information see section: When we may share your data with credit reference & fraud prevention agencies.

Using special category information

When we collect and use special category data, we will generally be doing so for one of the following reasons we do not have to seek your consent to carry out these activities

Consent: You have provided us with your explicit consent to process your data for a specific purpose that has been agreed with you. Such as to consider special circumstances that our teams should be aware of when interacting with you (for example if you’ve recently suffered the loss of a loved one)
Deliver upon your privacy and consumer rights: such as to evaluate, reply to, and if appropriate resolve, a complaint or subject access request.
Substantial public interest: We have an obligation to use the information to safeguard and or prevent financial, health or wellbeing risks to individuals (for example, we have a reasonable belief that a customer or someone else might be at risk of harm or abuse.
Substantial public interest: To detect, prevent or report fraud or criminal activities.
Establishment, exercise or defence of a legal claim that involves you or your personal information.
Compliance with a legal obligation: such as undertaking activities required by a regulator (such as FCA) or to comply with a law enforcement agency, court order or other mandatory requirement.

We may make decisions based on your personal circumstances that require us to share information with other relevant parties. When we do, we will take all reasonable measures to protect your information. Where possible we will let you know before this happens, or as reasonably practicable afterwards.

Also, please be aware that we may not always require your explicit consent to process certain categories of personal data, such as health-related information. Under Paragraph 19 of Schedule 1 of the Data Protection Act 2018, we are permitted to process, record, or share health data without your consent where it is necessary to protect your economic well-being.

This applies particularly in circumstances where:

It would be unreasonable to expect us to obtain your consent due to issues such as illness, injury, or disability (whether physical or mental); or
Obtaining consent could adversely affect our ability to provide necessary support or protection.

We only rely on this lawful basis when it is appropriate, proportionate, and in your best interests. Any such processing is handled with strict safeguards to protect your privacy and ensure your information is treated with the utmost care and confidentiality.

Other activities

We may process your data if we have a reasonable belief that our interests, or the interests of our staff or other stakeholders, are at risk of harm.

Retention of your information

Retention period

There are a number of reasons why we need to keep hold of your personal data and our aim is to only retain it for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

If you apply and or register for one of our products and/or services, we will retain your personal data for no less than six (6) years after your relationship with us ends (e.g. repay your loan).

If your application for one of our products is declined or withdrawn, we will retain your personal data for a period of up to 5 years.

"We reserve the right to retain your data for longer than the stated period where we are unable to delete it due to legal, regulatory, or legitimate business reasons.

Why we retain

We have legal obligations to retain certain information that we have collected during our relationship, this is predominantly to enable us to demonstrate that we have undertaken the activities as required by our Regulator(s). This retention requirement applies to the majority of information where we inform you that we collect and use your information to comply with a legal obligation, such as to carry out checks to verify your identity.

We also rely on our legitimate interests to retain the remainder of information* that we have collected during our relationship. The purpose(s) of our retention is explained within the section: Our use of retained information.

Requesting deletion of retained information

All individuals have a right to request us to delete their personal information, however these rights are not absolute and not fully enforceable. Generally, the we will only delete your information if following applies;

It is no longer necessary for the purpose which we originally collected or processed it for.
We rely on consent as our lawful basis, and you withdraw your consent;
We rely on legitimate interests as our lawful basis, you object to the processing, and we do not have an overriding legitimate interest to continue.
We are processing for direct marketing purposes and you object.

Your right to request deletion is further explained in section: Your data protection rights.

Our use of retained information

We may access and use your retained information during the term of our retention period for the following purposes.

To comply with our Regulatory Requirements

We may use your information to comply with a legal or regulatory responsibility, we must retain and share evidence when required. These activities include;

Demonstrate that we have conducted our Regulatory compliance requirements, such as such as AML and identity checks
Respond to a subject access request or similar information rights request
Manage a complaint, concern or query
Engage with a Regulator, Court order or Law enforcement agency
Implement, defend against or investigate potential Regulatory breaches, such as implement security measures or manage data breaches.

Our legitimate interests

The following activities form part of our routine business interests and responsibilities.

Complaints, queries and claims

Should you make an additional application or wish to make a complaint or legal claim about us, or our products or services we have previously provided, we may rely on our legitimate interests to review and analyse information contained within your customer portal to make decisions about your contact, and/or to defend our legal position.

Audit and accountability

We may use your information during internal and third party compliance and quality audits. This is to demonstrate that we act fairly and deliver quality services to our customers.

To evaluate and improve our products and services

To continually improve our service quality so that we can meet the needs of our customers, and protect our business interests; to remain competitive, train and educate our team members and utilise the most effective tools and technologies.

Service quality analysis

We use data involving your interactions with our team to understand how well we are performing and whether we are meeting the expectations of our customers. We may use this data both to improve service quality and to provide training to our team. This could include information provided to us through surveys or other forms of research, or through recordings of calls you made with our contact centres.

To analyse & improve our products & services

We regularly review and analyse data to identify ways in which we can improve our products and services. This might include information on your financial transactions, credit scoring details, and your interactions with us generally. We use this information to improve customer experience, adjust existing products, and develop new products, and we might also use it to help us make decisions on whether to offer products to you or other customers in the future.

To carry out testing, research & analysis (including market research)

We use data to ensure that our systems and processes are working as expected and to carry out statistical analysis and research which might be useful for internal purposes. We might sometimes also carry out research and analysis which we summarise in publicly available material (for example, information on the number of loans that we have provided in total during a certain period).

When we conduct testing, research, or analysis we anonymise and aggregate data so that it prevents personal identification. Controls are in place to prevent the sharing of data of individual customer data for these purposes, whether internally or with our third-parties.

To monitor & improve our website & other digital services

We use analytics data, including files called cookies (see below), to monitor and improve our website and other digital services. We aggregate this data so that no individual visitor is identifiable when we review it.

Sharing information with third parties

During the course of our routine activities we share or provide access to our systems and information for a number of business operational purposes, such as to deliver our IT services, provide a contracted service or to act on our behalf.

We have regulatory obligations to ensure that when we instruct another third party and share your information it remains secure and confidential. As such, we undertake due diligence exercises to confirm that they have sufficient protections in place that provide assurances of the ongoing protection of your personal information. We also ensure that these third parties only access and use information in accordance with this privacy notice.

Our group companies & affiliates

We routinely share information with our group companies and affiliated companies (for example companies under common control). These companies assist to deliver our products and services to you.

Affiliated service companies

We make use of a number of third-party service companies who help us to deliver certain aspects of our products and services, for example debt recovery firms.

Our advisers

We may share information with our professional advisers and auditors for the purpose of seeking legal or professional advice or to meet our audit requirements.

Regulatory bodies & law enforcement

We may be required to provide your personal information to a legal, regulatory or public body or authority. In these circumstances, we must act upon instruction, and may be required to share information without conducting our own due diligence.

Digital advertisers

We may share your information with our advertising partners (including social media companies) so that they can improve our marketing and advertising strategies on our behalf. These strategies allow us to tailor our advertisements of our products and services to those most relevant to you provided that such advertising does not encourage irresponsible or inappropriate borrowing.

Marketing agencies

We may share your information to organisations who we use to provide marketing and advertising to our customers and potential customers. This could include social media companies and online display ad networks. Where we share your data, it will be done so in a secure way, and we will never share your financial information or any special categories of data.

Website links

Our website may contain links to other third party websites. It is your responsibility to review their privacy notice before you provide them with any of your personal information. We are not responsible for any data which you provide directly to a third party (i.e. data that is not shared with them by us).

When we sell or transfer our assets or legal entities

If we sell any part of our business, either through a transfer of business or assets, that organisation will be provided with the personal data that we hold on you.

However, they will be required to only use that personal data in the same way that you have permitted us to use the data; unless they obtain your explicit consent to do otherwise.

Transferring data overseas

Evergreen Finance Limited is based in the UK and we keep and maintain our Database in the UK. However, some of our affiliated partners and team members are based in countries outside of the UK or EU, and your data may be transferred to or accessed from those locations.

Whenever we share information outside the UK we require the same levels of protection to your data as would be applied in the UK. Our due diligence activities provide sufficient assurance of ongoing appropriate levels of data protection and security.

In some cases, we might have no choice as to whether we share information with a third party outside the UK (for example because it is required by law). In these cases, we will make sure that we provide the information in line with that law, and will do all that we can to maintain your data’s privacy and security (including through contractual means, where possible).

When we transfer your data outside the UK, we ensure that appropriate legal safeguards are in place, as required by law, to maintain a consistently high level of protection for your personal information.

We will not transfer personal data relating to you to a country which is outside the UK or the European Economic Area (EEA) unless one of the following scenarios under the GDPR (or equivalent scenarios under UK data protection legislation, if applicable) applies:

the country or recipient is covered by an adequacy decision of the UK under GDPR
appropriate safeguards are in place which meets the requirements of GDPR
- International Data Transfer Agreement/ Standard Contractual Clauses
- the transfer is necessary to perform, or to form, a contract to which we are a party (with you / or third party where the contract is in your interests)
- the transfer is necessary for the establishment, exercise or defence of legal claims:
- you have provided your explicit consent to the transfer
- the transfer is of a limited nature and is necessary for the purpose of our compelling legitimate interests.

If you wish to see a copy of the documentation in place used to implement the appropriate safeguards, please contact us and we will be able to assist you (please see our contact details above).

Marketing and communications

Communications about related products, services & topics

You are a potential customer

When you engage with our advertisements and marketing materials, we rely on our legitimate interests to provide you with marketing and informational material that relate to the products or services you engaged with.

Where any messages are considered to be solely marketing communications, we will ask you for your explicit consent to send them to you before we do so (or we will provide you with the opportunity to opt-out of receiving marketing communications, where permitted under applicable laws).

You are an existing customer

When you take out a product or service we fulfil the contractual terms to provide you with relevant information to increase awareness of, and understanding of the financial products in more detail, and to ensure you can make an informed decision about whether or not they are appropriate for you. You cannot opt out of these communications.

You can opt-out of receiving such messages by contacting us using the details in this notice or clicking the link or button contained within the email.

About automated processing and profiling

We make use of systems and tools which automatically review and analyse your data. This is sometimes called “profiling” because it involves reviewing the data you have provided to us and comparing it against the data that individuals similar to you have provided to us previously.

Some of the decisions we make in regard to our products involve automated decision-making where there is no human involvement. If a decision is made by us using automated systems, you can always ask us to review it manually. A manual review does not necessarily mean that the outcome will change, but we will be happy to carry out a review, should you request it.

Our use of automated decision-making and profiling

The use of automated decision making and profiling are considered in the following lawful basis

It is necessary for us to make decisions about entering into a contract, such as for a product or service with us (for example, to decide whether you represent an acceptable lending risk to us based on our pricing models)
To comply with laws and regulations (and automated decision-making is a reasonable way of allowing us to do this)
If we have explicitly gained your consent for us to carry out automated decision making

We use automated decision-making and profiling in a number of scenarios, including the following examples:

To assess the affordability of our products
To adjust and monitor credit limits
To carry our identity and regulatory checks, including fraud and anti-money laundering checks
To improve and assess our business processes, and to route you through a customer journey which we believe is optimised for you
To continually assess your circumstances, including to help us determine whether you might be at risk of becoming vulnerable, or might need additional support from us

Using special category data during automated decision-making and profiling

Where we are using special categories of personal data, we will only do so where it’s in the substantial public interest to safeguard your economic well-being.

Special categories of data used by us in automated decision-making will generally be limited to the information disclosed by you about your health, whether mental or physical. For example, we might use profiling to identify and engage with customers who have said something to us that indicates they might require additional help.

Impacts and outcomes of using automated decision-making and profiling

Before we use automated decision making or profiling, we undertake assessments that consider the potential impact, some of which include;

You may be denied a credit product, which could affect your credit file
Your account and products may be flagged as being at an increased risk of fraud or money laundering, particularly if high-risk behaviours are detected. However, these will be reviewed by one of our team before we take any further action.
You may receive personalised communications and marketing, and adjustments to your customer journey
You may receive personalised products and services, for example adjusted credit limits or different pricing models, based on your history or the history of others who have similar characteristics to you

Rights relating to our use of automated decision making and profiling

You have a number of rights when we use automated decision-making and profiling. We would be pleased to provide you with further information. Simply contact us and we’ll be happy to help.

Your Data Protection Rights

The Data Protection Regulations provide you with the following rights relating to your personal information, these are the right to:

The Right to be informed [receiving privacy information] - The right to be informed means that you have the right to be provided with clear, transparent, and easily accessible information about how your personal data is being collected, used, and processed. This includes details such as the purposes for which your data is being used, how long it will be retained, the legal basis for processing, and your rights regarding your data.This right is essential for maintaining transparency and trust between you and our organizations. It empowers you to understand your privacy rights and how to exercise them effectively.
Right to access your personal data - Right to access your personal data (commonly known as a ‘Data Subject Access Request). This enables you to receive a copy of the personal data we hold about you.
Right to rectification - Here is a formal This right enables you to request the correction of any incomplete or inaccurate personal data we hold about you. Please note that we may need to verify the accuracy of the new information you provide before making any changes."
Right to object to direct marketing - You have the right to object to direct marketing at any time by following the opt-out links on any marketing message sent to you or by contacting us.
Right to erasure of your personal data - This right, also known as the 'right to be forgotten,' allows you to request the deletion or removal of your personal data in certain circumstances. These include: when the data is no longer necessary for the purpose for which it was collected; where processing was based on your consent and you choose to withdraw that consent; where you have successfully exercised your right to object to our processing; where your data has been processed unlawfully; or where we are required to erase your data to comply with a legal obligation.
Right to Object to processing and automated decision making - You have the right to object processing including profiling of your personal data where we are relying on a Legitimate Interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. You have the right to object where we are processing your personal data for direct marketing purposes.
Right to restriction of processing - This enables you to ask us to suspend the processing of your personal data if you want to: a. establish the data’s accuracy; b. where our use of the data is unlawful but you do not want us to erase it; c. where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; d. or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to data portability - You have the right to data portability of your personal data to you or a third party. We will provide to you or to a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you .
Right to make a complaint to us and to the ICO - You have the right to file a complaint with us if you believe we have mishandled your personal data or violated your data protection rights, we will try our best to resolve it. Additionally, you can also submit a complaint to the Information Commissioner’s Office (ICO) if you feel that your concerns have not been addressed or resolved appropriately. The ICO is the UK's independent authority that oversees data protection and ensures that organizations comply with privacy laws. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Right to withdraw consent- if you have previously given consent for an organisation to process your personal data, you have the right to change your mind and withdraw that consent at any time. Once you withdraw your consent, we will stop processing your data for the specific purpose for which you initially provided consent. It’s important to note that withdrawing consent does not affect the lawfulness of any processing that took place before you withdrew your consent. Also, where we rely on other legal bases (such as contractual necessity or legal obligation), we may still be able to process your data for those purposes even after consent is withdrawn. We take information rights requests seriously, and do all that we can to work with you to accommodate your wishes and resolve any issues.

However, the Data Protection Rights are not absolute, this means that on occasion we may be unable to comply with some or all of your requests.

For example, if you ask us to delete or access certain information which we must retain or keep confidential in order to comply with a law or regulation, we will be unable to complete your request, as doing so would cause us to breach a mandatory requirement imposed upon us. When this happens, we will endeavour to explain our decision to you.

Please visit For the public for more information about these rights.

Making a request

To make a request to exercise your data protection rights, please contact us.

Making a complaint or submit a query

If you have any questions or concerns about the information provided within this notice, or wish to make a complaint about how we have handled your information or responded to an information rights request, please do not hesitate to contact us;

Address: PO Box 33969, Poole, BH15 9EL FAO: Privacy team

Call us +44 (0) 203 818 7470

You also have the right to complain directly to the Information Commissioners Office (ICO). You can submit your complaint to the ICO online through their website.

Make a complaint.

You can call their helpline at 0303 123 1113.