PRIVACY POLICY
1 Introduction and Summary
At Triver, we are committed to protecting the personal data of our customers who use our website and platform.
In this Privacy Policy, when we refer to “Triver”, “we”, “us” or “our” we mean Triver Ltd in the United Kingdom. When we refer to “you” or “your”, we mean visitors to our website, individuals who interact with our website and platform, our customers, individuals connected with our customers (including directors, partners, members, shareholders and beneficial owners) and individuals connected with a customer’s facility (such as customer’s debtors, individuals representing customers).
This Privacy Policy is important, so please read it carefully. It explains and governs:
- how and when we collect your personal data, and what information we collect;
- what we use your personal data for;
- who we share your personal data with;
- how long we hold your personal data for; and
- your rights to control your personal data.
By accessing and using our platform through our website, you need to confirm that you agree to be bound by this Privacy Policy. If you do not, you must immediately cease use of our website and platform, and any services provided by us.
We will amend this Privacy Policy from time to time to comply with applicable laws and regulations or to meet our changing business requirements. You are encouraged to periodically review this page for the latest information on our privacy practices and amendments to our Privacy Policy but if we make changes that we consider to be important or that affect your rights we will let you know.
2 How and when do we collect your information and what do we collect?
If you engage with us in any way, we may collect the following information about you through the methods of contact you choose to use at the point of engagement:
- information you provide through our website and through our application and verification processes;
- information you provide through communications with us, whether in writing (including by letter or email) or on the telephone (including by way of recorded calls);
- information we obtain through your engagement with us on social media, including on blogs, forums and through Facebook and Twitter; and
- information provided on your behalf by your representatives or “Agents” (such as commercial broker, service providers, accountants, other financial services providers) who engage with us on your behalf in the ways described above.
From time to time we obtain information from outside sources to help us carry out our business functions. This information, which often contains personal data, includes:
- information and reports from credit reference agencies, fraud prevention agencies, insolvency practitioners, debt advisers and tracing agents;
- information and reports from commercial databases and marketing databases; and
- public records and other publicly available information sources.
If you wish to use our platform, you will need to provide us with the following information, which we sometimes also collect from third parties:
- your personal details (including name, date of birth, current and previous postal addresses and national insurance number);
- your contact information (including phone and e-mail details);
- (for customers, those representing customers, and debtors of customers) your business name, company registration details, website, and contact information;
- financial information (including bank or building society account details, bank account transaction history, and details of payment cards used to make transfers on the Triver platform);
- information you provide in our registration or application processes (including, if you are a customer or Agent, certain personal data, identity verification, contact details and financial information about directors, partners, members, shareholders, and beneficial owners);
- information you provide in your dealings with us and through your interaction with our platform;
- if you are a customer or a director, partner, member, shareholder, or beneficial owner:
- information about your business or company, such as previous credit applications and the conduct of your accounts, and similar personal credit information, your business’ bank account transaction history;
- credit reference checks (see section 6 below for more detail);
- electoral register information;
- fraud prevention information; and
- passwords and answers to security questions.
In addition to the personal and financial information you submit or we collect as described above, we will also collect information about your computer (including, where available, your IP address, operating system and browser type), your interaction with our platform, and email performance data.
We also collect and retain:
- copies of our correspondence with you as well as other data we collect relating to your activities on our platform (via our website) and your arrangements with Triver;
- details about visitors to our website for the purposes of aggregating statistics or reporting purposes and to calculate referral fees; and
- comments made on blogs, discussion forums, and social media in connection with the products and services we provide.
We generally do not seek to collect sensitive personal data (also known as ‘special categories of data’). However we are occasionally given sensitive personal data of customers (such as medical information or criminal records).
If you provide information about other people (for example, if you represent a customer and you provide information about directors, partners, members, shareholders or beneficial owners other than yourself) then you must:
- provide a copy of this Privacy Policy to those persons and ensure that they are aware of and understand its contents; and
- when providing information about other people, ensure that you have all relevant permissions and authority: (i) to make all those disclosures; (ii) to act on their behalf; and (iii) in relation to partners, members, shareholders or beneficial owners of customers, to allow us to make credit checks at credit reference agencies in respect of those persons
3 Using Your Information
We collect, store and use your personal data:
- to inform you of developments and/or changes to our products and services
- to develop and improve our services, products and business, including analysing and improving our risk models and our customer service offering;
- if you are a customer (or a director, partner, member, shareholder, or beneficial owner):
- to ascertain your financing needs;
- to assess your financial viability and the risk of transactions; and
- if you breach your contractual obligations to trace your whereabouts, enforce repurchase of the debt, recover monies
- to transfer money;
- to carry out mandatory or other regulatory checks;
- to comply with our legal and regulatory obligations;
- to carry out statistical analysis and market research and testing;
- to contact you (including by SMS and e-mail) with products and services which Triver think may interest you (at all times taking into consideration your rights at law including your right to opt-out from receiving marketing from us);
- for targeted advertising through digital platforms, social media and television (this may entail profiling, data enrichment and audience segmentation);
- to open accounts with us and to manage and maintain those accounts;
- to verify your identity and the other information you have provided to us, including your bank account information and (if relevant) the identity of your business associates;
- to update the records we hold about you from time to time;
- to provide and administer our products and services; and
- for the prevention and detection of fraud, money laundering, or other illegal or criminal activity.
Where relevant, we will hold and process your sensitive personal data to allow us to make decisions about you and your accounts with us or with which you are connected. This may involve us sharing your sensitive personal data with your Agents. We will process sensitive personal data only in accordance with our legal rights and obligations. If this processing is carried out with your consent, at the point of collection you will be informed of your right to withdraw that consent at any time, and the process for doing so.
We continually review the legal basis for us using your personal data in the ways described above. In most instances it is in our legitimate interests to use your information in the manner described above to provide you with the services we offer via our platform. We consider this data processing to be proportionate and not prejudicial or detrimental to you. In some, specific circumstances, the processing is necessary for the performance of a contract to which you are a party, necessary for compliance with a legal obligation to which we are subject, or necessary in order to protect your vital interests or the vital interests of other small business owners. We sometimes rely on consent, and in those instances we have processes in place to ensure that we obtain your freely-given and informed consent to use your personal data for agreed, specific purposes.
We use the information we collect about your computer for: (i) our legitimate purposes; (ii) marketing; administration of the products and services we offer; and (iii) service improvement. Our Cookies Policy describes these processes in more detail and explains how we respect your right to privacy when collecting these types of data and do not seek to bypass browser settings set to ‘do not track’ or similar.
4 Sharing and disclosing your information
We may disclose your personal data:
- to our suppliers, sub-contractors and third party data processors (including card payment and direct debit payment processors, agents, marketing and data analytics service providers, collection agents, tracing agents, insolvency practitioners, professional advisers and persons who provide us with the following services from time to time: identification and fraud check; marketing; technology; product support; and back-up and business continuity);
- with any third party you have asked us to share your personal data with, including social media sites if you have asked us to connect with your social media account;
- to credit reference and fraud prevention agencies (see sections 7 and 8 below for more information on this);
- to third parties who may be in a position to arrange credit for you;
- to a third party if it acquires all or part of our business or assets in connection with the acquisition, or to a successor in interest in the unlikely event of our insolvency, winding up or liquidation;
- if we are required to do so by applicable law and regulation or by any governmental, tax, regulatory body or law enforcement agency;
- if you are represented by an Agent, to your Agent; and
- to any other person with your prior consent to do so.
Third parties who process your personal data on our behalf are only permitted to process your personal data in accordance with our instructions and we take steps to ensure that the transfer and any on-going processing by those third parties is carried out securely and in accordance with applicable privacy laws.
5 Data Retention
We will not keep your personal data for longer than is necessary for the purposes for which it was collected and is processed and for the purposes of satisfying our legal, accounting or regulatory reporting requirements. These requirements generally permit us to retain our customer files for a period of six years after the customer’s account has been closed (i.e. the date on which we no longer provide services to you as a customer). We may retain data for longer than this in certain circumstances, for example in the event of an ongoing dispute.
6 Overseas Transfers
We may transfer your information to other countries, including those outside the European Economic Area, either for storage purposes or if we engage suppliers, sub-contractors or third party data processors who are based or have operations overseas. We will always take steps to ensure that your information is protected and that those transfers comply with applicable privacy laws.
7 Credit Reference Agencies (“CRAs”)
From time to time we undertake credit reference checks against customers (and against directors, partners, members, shareholders and beneficial owners of customers), and Agents:
- as part of the application process, to assess financial viability and product suitability;
- for general risk management, account management and identity/know-your-customer (KYC), AML, and fraud checks during the life of your account;
- to trace and recover monies if there are late repayments or default; and
- to prevent criminal activity.
In order to do this, we will supply businesses information and your personal information to CRAs and they will give us information about your business and you such as about your financial history. We may request the following from CRAs:
- Enquiry against the credit file of the business. Enquiries are not visible to other organisations when your business applies for credit in the future;
- Commercial Credit Search relating to the credit file of the business, whether or not your application for financing is successful. This type of request for information may be visible to other organisations when your business applies for credit in the future;
- Eligibility Search against the personal credit file of the directors, partners, members, beneficial owners and shareholders of the business. An Eligibility Search is not visible to other organisations when your business applies, or the directors, partners, members, beneficial owners and shareholders of your business apply, for credit in the future; and
- Consumer Credit Search against the personal credit file of the directors, partners, members, beneficial owners and shareholders of the business. This type of request for information may be visible to other organisations when your business applies, or the directors, partners, members, beneficial owners and shareholders of the business apply, for credit in the future.
When CRAs receive a request for information from us they may:
- link together the previous and subsequent names advised by you of anyone that is a party to the account; and
- create a record of the name and address of your business and its proprietors (if there is not one already).
We will give to the CRAs details of all facilities and financing taken through our platform and how they are managed. If you use the facility and do not repay in full and on time, the CRAs will record the defaulted balance remaining outstanding. This information may be supplied to other organisations and this could affect your ability to obtain credit in the future.
We will also continue to exchange information about you with CRAs on an ongoing basis about your accounts and any breach of your contractual obligations. CRAs will share this information with other organisations.
Any records shared with CRAs will remain on file for six years after your account is closed, whether any outstanding sums have been settled by you or following a default. You can contact the CRAs currently operating in the UK. The information they hold may not be the same so you may consider contacting them all. They will charge you a small statutory fee.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:
- TransUnion Credit Reference Agency Notice (TransUnion CRAIN)
- Equifax Credit Reference Agency Notice (Equifax CRAIN); and
- Experian Credit Reference Agency Notice (Experian CRAIN)
8 False information and Fraud Prevention Agencies (“FPAs”)
The personal information we collect from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found below.
Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
The personal data you provide, we collect from you, or we receive from third parties will be used to prevent fraud and money laundering, and to verify your identity.
Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details below
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
The identity of the fraud prevention agency, and the ways in which they use and share personal information, are explained in more detail at:
- CIFAS fraud prevention agency notice: cifas.org.uk/fpn
9 Your Rights
Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data, request that your personal data is erased or corrected, and request access to your personal data.
You may, at any time:
- exercise your right to request access to certain personal data records we hold about you (a subject access request), by emailing [email protected] with the subject line “subject access request”;
- request that we update and correct any out-of-date or inaccurate personal data we hold about you by emailing us at [email protected] with the subject line “data update request”, and also log-in to your Triver account and make changes yourself;
- contact us to register your preferences for how we contact you at [email protected];
- opt out of any marketing communications that Triver may send you by emailing us at [email protected] addressed to our Data Protection Officer or by following the link on any email marketing you have received or by following the appropriate opt-out procedures that we include on all marketing materials;
- exercise your right to object to our continued processing or your right of erasure, neither of which is a guaranteed or absolute right. We will consider all requests of this nature and take into account any compelling legitimate grounds to continue processing, for example our need to continue to process your personal data in connection with any legal or regulatory requirements to which we are subject; and
For more information or to exercise your data protection rights, please contact us using the contact details below.
You also have a right to complain to the Information Commissioner’s Office, which regulates the processing of personal data.
When you contact us, we will need you to provide us with adequate information to identify yourself to enable us to assist you in fulfilling your request. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will deal with your request as soon as possible and will keep you updated.
You may also request that the CRAs and Fraud Prevention Agencies we use provide you with information that they hold about you. You must contact them directly to do this.
10 Security and other Third Parties
Triver takes appropriate technical and organisational measures to safeguard the personal data that you provide to us, but we accept no liability if communications are intercepted by third parties or incorrectly delivered or not delivered.
If we transfer your information to third parties we will take steps to ensure that the transfer and any on-going processing by those third parties is carried out securely and in accordance with applicable privacy laws.
Our website contains links to other websites operated by third parties. This Privacy Policy applies only to the personal data that Triver collects and we are not responsible for personal data that third parties may collect, store and use through other websites.
You also have a responsibility to ensure that your information is kept secure. If you have an online account with us, you must:
- keep your login details secret;
- log out of your account when not using it;
- maintain good internet security (for example, be careful when using public WiFi or shared access internet connections); and
- tell us immediately if you think your account has been compromised.
11 Contact Details
If you have any questions or concerns about this Privacy Policy, how we process your personal data, or if you wish to exercise any of your rights as a data subject, you can contact us at [email protected] . Please be sure to mark all correspondence for the attention of our Data Protection Officer so that we can get back to you quickly.
If you have concerns about how we manage your personal data, you can make a complaint to the UK Data Protection Authority, the Information Commissioner’s Office. You can find their contact details here: https://ico.org.uk/global/contact-us/ .
12 About Triver
Triver Ltd is a company incorporated in England and Wales, with registered number 14153437 and registered office at 123 Blythe Road, London, England, W14 0HL.
Triver Ltd is registered with the Information Commissioner with registration number ZB491972.
Last Updated: March 30th, 2023