Business Lending Group (“BLG”)

Privacy Notice

Last updated: March 2026

1. Who We Are

Business Lending Development Finance Limited and its affiliated companies (together, the “BLG group”, trading as Business Lending Group (“BLG”)) provide lending and related services. In this Privacy Notice, references to “BLG”, “we”, “our” or “us” refer to the relevant BLG group entity acting as data controller.  A list of relevant BLG entities can be provided on request.

Different entities within the BLG group may act as data controllers depending on the nature of your relationship with us. In particular, the lending entity providing or administering a loan facility will act as the data controller in respect of your personal data.

Each BLG group entity is registered with the Information Commissioner’s Office (ICO) as a data controller where required and is  committed to protecting personal data and processing it in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Notice explains how we collect, use and protect personal data in connection with our lending activities.

For questions about this Privacy Notice or how we process personal data, please contact our Data Protection Lead:

Email: [email protected]
Address:  Rafters, Tannery Studios, Tannery Lane, Send, Woking, GU23 7EF

2. Who This Notice Applies To

This notice applies to individuals whose personal data we process, including:

• borrowers
• guarantors
• directors and shareholders
• brokers and introducers
• professional advisers
• website users

3. What Personal Data We Collect

We collect personal data including:

• name and contact details
• date of birth
• identification documents (passport, driving licence, residency status)
• financial information (income, assets, liabilities, credit history)
• bank details and transaction information
• property ownership and development information
• employment and professional background
• publicly available information
• communications with us
• IP addresses, website usage data and analytics

We may process information relating to criminal convictions or offences where necessary for fraud prevention, regulatory compliance and safeguarding the financial system, in accordance with applicable data protection legislation.

4. How We Collect Personal Data

We collect personal data:

• directly from you
• via brokers or intermediaries
• from professional advisers (e.g. solicitors, valuers)
• from credit reference and fraud prevention agencies
• from publicly available sources
• through our website and contact forms

5. How We Use Personal Data

We use personal data for the following purposes:

Assessing Applications

To assess applications for finance, including credit checks, identity verification and financial analysis.

Administering Lending Relationships

To manage loan facilities, maintain records and communicate with you.

Regulatory Compliance

To comply with legal obligations including:

• Anti-Money Laundering (AML)
• Know Your Customer (KYC)
• fraud prevention
• regulatory reporting

We will continue to monitor customer information and transactions throughout the duration of the lending relationship to comply with financial crime regulations.

Business Operations

To manage our business, improve services and maintain relationships with brokers, borrowers and advisers.

Marketing

Where permitted, we may send information about our products and services.

Where required by law, we will obtain your consent before sending electronic marketing communications. You may unsubscribe at any time.

6. Lawful Basis for Processing

We rely on the following lawful bases:

Contractual necessity
To assess and provide lending services.

Legal obligation
To comply with regulatory and legal requirements, including AML and fraud prevention.

Legitimate interests
To operate and improve our lending business.

Our legitimate interests include:

• managing risk and credit exposure
• preventing fraud and financial crime
• maintaining relationships with brokers and borrowers
• improving our products and services

Consent
Where required by law (e.g. certain marketing activities).

7. Criminal Data Processing

Where we process information relating to criminal convictions or offences, this is carried out in accordance with Schedule 1 of the Data Protection Act 2018 for the purposes of:

• fraud prevention
• regulatory compliance
• safeguarding the financial system

8. Credit Reference & Fraud Prevention Agencies

We may share personal data with credit reference agencies (CRAs) and fraud prevention agencies (FPAs).

These organisations will:

• retain a record of the information we provide
• use that information to prevent fraud and money laundering
• share data with other organisations

Further information is available in the Credit Reference Agency Information Notice (CRAIN), which can be accessed via the websites of Equifax, Experian and TransUnion.

9. Sharing Personal Data

We may share personal data where necessary with:

• credit reference and fraud prevention agencies
• solicitors and legal advisers
• valuers and quantity surveyors
• brokers and introducers
• lenders, funders and investors
• professional advisers (including auditors and accountants)
• IT and loan administration providers
• regulators, government authorities and law enforcement

All third parties are required to handle personal data securely and lawfully.

10. International Transfers

Some of our service providers may process personal data outside the United Kingdom.

Where this occurs, we ensure appropriate safeguards are in place, including:

• the UK International Data Transfer Agreement (IDTA)
• the UK Addendum to Standard Contractual Clauses

11. Data Retention

We retain personal data only as long as necessary and in accordance with legal and regulatory requirements.

Typical retention periods include:

Data Type	Retention
Loan records	7 years after redemption
AML/KYC documents	5 years after relationship ends
Financial transaction records	6–7 years
Marketing data	until consent withdrawn

12. Automated Decision-Making

BLG does not make lending decisions solely through automated decision-making without human involvement.

 

13. Cookies

Our website uses cookies to improve functionality and performance.

We use:

• strictly necessary cookies – required for website operation
• analytics cookies – to understand how users interact with the site

Where required, we will obtain your consent before placing cookies on your device.

Further details are available in our Cookie Policy.

14. Your Rights

You have the right to:

• access your personal data
• request correction of inaccurate data
• request deletion where appropriate
• restrict or object to processing
• withdraw consent where applicable

We will respond to requests within one month, unless the request is complex.

15. Complaints

If you have concerns about how we handle your data, please contact us first.

You also have the right to complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office

Wycliffe HouseWater Lane

Wilmslow

Cheshire

SK9 5AF

Website: www.ico.org.uk

16. Updates to This Notice

We may update this Privacy Notice from time to time to reflect changes in our business practices or legal requirements. The latest version will always be available on our website.