BST CAPITAL

Privacy Policy

Introduction

BST Capital Ltd (“BST Capital,” “we,” “us,” or “our”) is a commercial finance broker in the United Kingdom providing non-regulated business-to-business services. We are committed to protecting the privacy and security of your personal data. This Privacy Policy explains what information we collect, how we use and share it, and your rights regarding your personal data. It is written in accordance with UK data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We only offer services to businesses and are not regulated by the Financial Conduct Authority (FCA), as our services fall outside FCA regulation. By using our services or website, you acknowledge you have read and understood this Policy.

What Information We Collect

We may collect and process various types of information about you (as an individual acting on behalf of a business) and your business. This includes:

Personal and Contact Details: Your name, job title, and contact information (business address, email address, telephone number).
Business Information: Details about your business such as the business name, company registration number, trading address, nature of business, and other relevant background information you provide.
Financial Information: Financial details necessary to assess your eligibility for financing. This can include business bank statements, accounts receivable ledgers, profit and loss statements, balance sheets, cash flow statements, and any outstanding debt or mortgage statements.
Credit Information: Information about your credit history or credit score, and any relevant credit references or reports that you or our partner lenders provide to us for underwriting purposes.
Asset and Liability Details: Information about assets (e.g. property or equipment owned by the business) and liabilities (e.g. existing loans, mortgages or leases) that you share with us as part of a finance application.
Identification Documents (if required): We may also ask for copies of identification or proof of address for key individuals (such as directors or owners) when necessary to verify identity or comply with anti-fraud and anti-money laundering laws.
Other Information You Provide: Any other personal or business information you choose to provide when communicating with us (for example, information you enter into our website contact form, or details you share during phone calls or email correspondence with us).

How We Collect Data: In most cases, we collect this information directly from you or your authorized representatives. For instance, you may provide data by filling in forms on our website (such as the contact or application form), by corresponding with us via phone or email, or by providing documents during the finance application process. We may also receive some information from third parties with your knowledge – for example, from lenders (e.g. credit or finance offers), or from credit reference agencies or public databases for verification and credit assessment purposes. We will ensure any third parties have a lawful basis to share your data with us.

How We Use Your Information

We use your personal and business information only for legitimate business purposes and in accordance with data protection law. The main purposes for which BST Capital uses your information include:

Providing Our Finance Brokerage Services: We use the information you supply to understand your business’s financing needs and to identify appropriate financing options. This includes reviewing your details to determine what lending solutions may be suitable and preparing financing applications on your behalf.
Underwriting and Obtaining Finance Offers: As a finance broker, we share relevant information with our panel of lenders and funding partners to obtain quotes, credit decisions, or underwriting assessments. Your data is used by lenders to evaluate your application and to issue finance offers or terms. We will only share the data necessary for this purpose (see “Sharing of Information” below for more details).
Communication and Support: We will use your contact information to communicate with you about your enquiry or application. This includes responding to questions you send us via our website contact form or email, updating you on the progress of your finance application, and arranging any follow-up consultations. We may also use your details to provide customer support and answer any queries or concerns you have about our services.
Business Administration and Legal Compliance: We may process your data for internal record-keeping, administrative purposes, and to manage our relationship with you (for example, invoicing or contract management if we enter into an agreement). We also use data as necessary to comply with applicable laws and regulations – for instance, conducting due diligence to prevent fraud or money laundering, maintaining records for tax/audit purposes, or responding to lawful requests from authorities.
Improving Our Services: We might use aggregated and anonymised information (which does not identify you personally) to analyze and improve our services and website. This could involve reviewing how clients use our services or website so we can enhance user experience and our service offerings. (Any analytics or feedback process will not publicly disclose your personal data.)
Marketing (if applicable): Currently, we do not use your information for unsolicited marketing. We will not add you to any mailing list or send you marketing communications unless you have explicitly consented to it. If in future you agree to receive marketing updates (such as a newsletter or information about new services), we will only use your contact details for that purpose, and you can opt out at any time.

Legal Basis for Processing: We will only use your personal data where we have a lawful basis under UK data protection law. The typical bases we rely on are: (1) Contractual Necessity – processing your data to provide our services or take steps at your request prior to entering a contract (for example, using your information to seek finance offers is necessary to perform our brokerage service contract with you); (2) Legitimate Interests – using your data is necessary for our legitimate business interests (such as facilitating finance deals and running our operations) in a way that is proportionate and does not override your rights or interests; (3) Legal Obligation – processing your data to comply with a law or regulatory requirement (e.g. verifying identity to prevent fraud). In limited cases, we may rely on Consent (for example, if you opt-in to marketing), in which situation you have the right to withdraw that consent at any time. We do not generally process any “special category” sensitive personal data, and we will only do so with additional safeguards and legal justifications if it becomes necessary.

We will not use your personal information for any purpose incompatible with the purposes outlined above. If we need to use your data for a new purpose, we will update this Privacy Policy or notify you as required by law.

Sharing of Information

We value your privacy and will never sell or rent your personal data to third parties for marketing or any unrelated purposes. We only share your information in the following circumstances:

Lenders and Finance Partners: As part of providing our service, we share relevant information with third-party lenders, banks, or financial institutions in order to seek financing options, underwrite loans, and obtain finance offers for you. For example, if you apply for a business loan through us, we will forward your application details and supporting documents to appropriate lender(s) so they can evaluate and process the application. These lenders will use your information only for assessing your eligibility and (if approved) extending a financing offer. Each lender acts as an independent data controller of the information we provide to them; they are responsible for complying with data protection laws and should have their own privacy policies which govern how they handle your data.
Service Providers and Professional Advisors: We may disclose your information to trusted third-party service providers who perform functions on our behalf, only to the extent necessary to deliver our services. Examples include IT and cloud storage providers (who securely host our data), customer relationship management software, or professional advisors (such as accountants or legal advisors) who need access to certain records. In all cases, these parties are bound by confidentiality and data protection obligations. They cannot use your information for any purposes other than carrying out work for us.
Business Transfers: In the unlikely event that BST Capital undergoes a business transition such as a merger, acquisition, or sale of assets, the personal data we hold may be transferred as part of that transaction. If this happens, we will ensure your data remains protected and inform you of any significant changes in ownership or usage of your personal information.
Legal Requirements: We may share your information if we are under a duty to disclose or share it in order to comply with a legal obligation or lawful request. For instance, we might provide information to law enforcement, regulators, government authorities, or courts when we are legally required to do so. We may also share data to enforce our contractual terms or to protect the rights, property, or safety of BST Capital, our clients, or others (this could include exchanging information with other companies and organisations for the purposes of fraud protection or credit risk reduction, where legally permissible).

International Data Transfers: Your personal data is stored and processed on secure servers located in the UK. We do not transfer or store your personal data outside the United Kingdom or the European Economic Area (EEA). In the event we (or one of our service providers) need to transfer data internationally, we will only do so in compliance with data protection law and will ensure appropriate safeguards (such as UK International Data Transfer Agreements or Standard Contractual Clauses) are in place to protect your information.

We will always strive to share the minimum amount of personal data necessary with any third party and will ensure that your information remains secure and confidential as described in this Policy. If you have questions about third parties with whom we share data, you can contact us for more information.

Your Rights

As an individual, you have certain rights under data protection law regarding your personal data. Even though we deal exclusively with business-to-business services, these rights apply to any personal data (for example, your own name or contact details) that we process. Your key rights include:

Right to be Informed: The right to be given clear and transparent information about how your personal data is collected and used. This Privacy Policy aims to fulfil this right.
Right of Access: You have the right to request a copy of the personal data we hold about you, and to obtain information about how we process it. This is often called a “Subject Access Request.”
Right to Rectification: If any personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected or updated without undue delay.
Right to Erasure: You have the right to request that we delete or remove your personal data in certain circumstances – for example, if the data is no longer necessary for the purposes for which it was collected, or if you withdraw consent and we have no other legal basis to continue processing. This is sometimes known as the “right to be forgotten.” (Please note, this right is not absolute; we may need to retain certain information where required by law or for legitimate business purposes.)
Right to Restrict Processing: You can ask us to suspend or limit the processing of your personal data in specific situations – for instance, if you contest the accuracy of the data or object to us processing it, we will review and, if appropriate, halt processing your data for a period of time.
Right to Data Portability: Under certain conditions, you have the right to request that we provide you (or a third party you designate) with a copy of your personal data in a structured, commonly used, machine-readable format. This typically applies to information you provided to us, and that we process by automated means based on your consent or on a contract with you.
Right to Object: You have the right to object to our processing of your personal data when we are relying on legitimate interests as our legal basis. If you object, we must stop processing your data unless we can demonstrate compelling legitimate grounds that override your rights or unless the processing is for the establishment, exercise, or defence of legal claims. You also have an absolute right to object at any time to the use of your personal data for direct marketing purposes (although, as noted, we currently do not process your data for marketing without consent).
Right to Withdraw Consent: In cases where we process your data based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we carried out before your withdrawal.
Rights Related to Automated Decision Making: You have rights relating to automated decision-making and profiling. Note: BST Capital does not currently make any solely automated decisions about you (i.e., decisions without any human involvement) that have legal or similarly significant effects. If this changes in future, we will inform you and ensure your rights are protected (including the right to request human intervention or to contest the decision).

To exercise any of these rights, please contact us using the details in the “Contact Us” section below. We will respond to legitimate requests as soon as possible, and within the timeframes required by law (generally within one month). We may need to verify your identity before fulfilling certain requests, to ensure we do not disclose data to the wrong person. Exercising your rights is free of charge in most cases. However, if a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on it (we will explain our reasons in such cases).

Complaints: If you believe your data has been mishandled or your rights have not been respected, we encourage you to contact us first so we can try to resolve your concern. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO), the supervisory authority for data protection in the UK. You can find more information on the ICO’s website (www.ico.org.uk) or contact them by phone at 0303 123 1113.

Data Security

We understand the importance of keeping your personal data secure. BST Capital has implemented appropriate technical and organisational measures to protect your information from unauthorised access, loss, alteration, disclosure, or destruction. These measures include:

Secure Servers: All personal data you provide to us is stored on secure servers. We use reputable hosting services with robust security protocols (such as firewalls, encryption, and intrusion detection systems) to safeguard our data storage.
Encryption: Wherever feasible, we use encryption to protect sensitive data, both in transit and at rest. For example, our website is encrypted using SSL/TLS technology (you will see a padlock or “https” in your browser address bar when using our online forms), which protects information you submit through the site.
Access Controls: Access to personal data within our organisation is restricted on a need-to-know basis. Only authorised personnel who require your information to perform their job (for example, our finance brokers or support staff) are granted access. All staff are subject to confidentiality obligations and trained on data protection principles.
Monitoring and Testing: We regularly review our security measures and update them in line with technological advancements. Our systems are monitored for potential vulnerabilities and attacks, and we perform testing (and engage specialists when necessary) to ensure our defences remain strong.
Data Breach Procedures: In the unlikely event of a data breach (such as unauthorised access to or disclosure of personal data), we have procedures in place to contain the incident and mitigate harm. We will notify you and any applicable regulator (such as the ICO) when we are legally required to do so, and will take steps to remedy the situation.

While we strive to protect your information with the highest standards of security, it’s important to note that no method of transmission over the internet or method of electronic storage is completely infallible. However, we continuously work to improve our safeguards to ensure that your personal data remains safe and secure. We also urge you to take precautions when sending information to us (for example, use our secure upload channels when provided, and be careful about the information you share via email). If you have any reason to believe that your interaction with us or your data might no longer be secure (for instance, if you suspect a security vulnerability on our website), please contact us immediately so we can address the issue.

Data Retention: We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. In general, this means we keep your data for the duration of our relationship with you and for a period afterward where there is a legitimate need (for example, to answer queries, comply with recordkeeping obligations, resolve disputes, or enforce agreements). The exact retention period may vary depending on the type of information and the context. Once your personal data is no longer required, we will securely erase, anonymise, or archive it in accordance with applicable laws.

Cookies and Website Data

When you visit our website (bstcapital.co.uk), we may automatically collect certain information about your device and browsing actions through the use of cookies and similar technologies. This section explains how we use cookies and what data is gathered via our website.

Cookies – What They Are: Cookies are small text files that are placed on your computer or device when you visit a website. They allow the website to recognise your device and store some information about your preferences or past actions. Cookies can be “session cookies” (which expire when you close your browser) or “persistent cookies” (which remain on your device for a set period or until you delete them). We use cookies to make our website function properly and to enhance your user experience.

How We Use Cookies: BST Capital’s website uses cookies for several reasons:

Essential Cookies: These are necessary for the basic functioning of our site – for example, to enable you to navigate the pages and access secure areas. Without these cookies, the website might not perform as intended. (We do not require your consent to place essential cookies.)
Analytics and Performance Cookies: We may use analytic tools (such as Google Analytics or similar services) that employ cookies to collect anonymised information about how visitors use our sitebstcapital.co.uk. This can include data such as which pages are visited, how long users stay, and which links are clicked. We use this information to understand website traffic and user behaviour, allowing us to improve the site’s content and structure over time. The data collected via analytics cookies does not identify you personally; it is aggregated and used for statistical analysis.
Functionality Cookies: These cookies remember choices you make (such as your preferred language or region) and provide enhanced features to improve your experience. For example, if our site has a login or remembers your details between visits, a cookie might save you from re-entering information.
Targeting/Advertising Cookies: Note: At present, our website does not use third-party advertising cookies or targeted advertising. We do not display third-party ads, nor do we use retargeting cookies on our site. If this changes in the future, we will update our cookie information and obtain any necessary consents.

By using our website, you are given the opportunity to consent to non-essential cookies where required by law. You can control or delete cookies at any time by adjusting your browser settings. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies or alert you when a cookie is being placed on your device. For example, you can typically find cookie settings in your browser’s “Options” or “Preferences” menu. Please be aware that if you disable or reject certain cookies, some features of our site may not function properly or you may not be able to access parts of the site. For more information about cookies, you can visit www.allaboutcookies.org (an independent resource).

Web Forms and Contact Data: In addition to cookies, our website features a contact form (and/or application form) through which you may submit personal and business information. For instance, when you fill out the “Get in Touch” form on our Contact Us page, we collect the details you provide, which typically include your name, email address, phone number, company name, and the content of your message or enquiry. We use this information solely for the purpose of responding to you and providing assistance or services you requested. This data is sent to us via secure methods and is subject to the same protections outlined in this Privacy Policy. We advise you not to include sensitive personal information in free-text fields of online forms.

Server Logs and Usage Data: Our web server may automatically log certain information about your visit, such as your IP address, browser type and version, device identifiers, the pages you visit, and the times/dates of access. We collect this data primarily for system administration, to monitor site stability and performance, and to detect and prevent fraud or misuse of our website. This kind of technical data generally does not identify you as an individual, and we do not use it to attempt to identify you. It is used only for the purposes of maintaining a secure and properly functioning site.

We do not knowingly collect any personal data from children via our website or services. Our offerings are directed to businesses and not to individuals under 18. If you are a parent or guardian and believe your child may have provided personal information to us, please contact us so we can delete it.

By continuing to use our website, you acknowledge that you have been informed of our use of cookies and website data practices. Where required, we will additionally prompt you for consent to certain cookies on your first visit.

Contact Us

If you have any questions about this Privacy Policy or about how we handle your personal data, or if you wish to exercise any of your rights, please do not hesitate to contact us. You can reach us through the following methods:

Email: Send us an email at office@bstcapital.co.uk. This is the quickest way to get in touch regarding privacy matters or to submit requests related to your personal data.
Postal Mail: You may also write to us at our registered business address:

BST Capital Ltd
Unit 9, Brenton Business Complex
Bond Street
Bury, BL9 7BE
United Kingdom

We will endeavour to respond to all queries or requests as promptly as possible. In general, privacy-related requests will be addressed within one month, as required by law.

Your Responsibility to Update Us: To help us maintain accurate records, please inform us if any of your personal or business information changes during your relationship with us. You can do this by contacting us at the above email or address.

Changes to This Privacy Policy

BST Capital may update or revise this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify you by appropriate means – for example, by posting the updated policy on our website with a new effective date, and/or by emailing clients for whom we have contact details. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.

This Privacy Policy is effective as of the date stated below. Your continued use of our services or website after any changes to this Policy will be deemed acceptance of those changes.

Last Updated: 27 May 2025