Privacy Policy

Last Updated: 11 May 2026

1. Introduction

This Privacy Policy explains how ScotLend Group collects, uses, stores, and protects personal data.

We are committed to protecting your privacy and processing personal data fairly, lawfully, and transparently in accordance with the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

This notice explains:

• what personal data we collect;
• how and why we use it;
• who we share it with;
• how long we retain it; and
• your rights in relation to your personal data.

2. Data Controller

The data controller responsible for your personal data is:

ScotLend Group Limited
Calder House, Suite 15
8 South Caldeen Road
Coatbridge
ML5 4EG

Telephone: 0131 297 3775
Email: info@scotlendgroup.co.uk
Company Registration Number: SC815120

3. Data Protection Officer / Privacy Contact

If you have any questions regarding this Privacy Policy or how your data is handled, please contact:

Colin Shields
Email: colin@scotlendgroup.co.uk

4. Personal Information We Collect

We may collect and process personal data including:

• name;
• address;
• date of birth;
• contact details;
• financial information;
• employment information;
• identification documents;
• loan application information;
• correspondence records;
• website usage data; and
• information required for anti-money laundering, fraud prevention, affordability, and identity verification purposes.

We may collect this information directly from you or from third parties as described below.

5. How We Collect Personal Data

5.1 By Telephone

We may use caller identification to recognise callers and maintain records of calls received. Some calls may be recorded for training, quality assurance, compliance, and monitoring purposes.

Information provided during calls may be recorded and processed in accordance with this Privacy Policy.

5.2 By Email

If you send us an unencrypted email, personal data within that email may not be secure during transmission.

Emails sent by us are encrypted during transit using Secure Sockets Layer (“SSL”) where appropriate. Additional encryption measures may also be used for sensitive information.

5.3 By Post

Applications, enquiries, and supporting documentation submitted in paper format may contain personal data relating to applicants, guarantors, brokers, funders, or other connected parties.

We process this information in accordance with this Privacy Policy.

5.4 Through Our Website

5.4.1 Website Analytics

We use Google Analytics and similar technologies to understand how visitors use our website and improve our services.

Information collected may include:

• IP address;
• browser type;
• device information;
• pages visited;
• geographic region; and
• operating system.

This information is generally anonymised and does not directly identify individuals.

We reserve the right to investigate website activity where malicious or unlawful activity is suspected.

5.4.2 Contact Forms

If you contact us through our website or by email, the information submitted will be processed securely and used to respond to your enquiry.

Website form submissions are transmitted securely using SSL encryption.

5.4.3 Cookies

Our website uses cookies necessary for website functionality and anonymised analytics.

You may disable cookies through your browser settings, although this may affect website functionality.

5.4.4 Email Marketing

If you subscribe to our marketing communications or newsletter, your information may be processed by Mailchimp on our behalf.

You may unsubscribe at any time using the unsubscribe link in communications or by contacting us directly at info@scotlendgroup.co.uk.

6. Source of Personal Data

We may collect personal data about you from:

• you directly;
• brokers or intermediaries;
• employers or clients;
• referees where relevant;
• publicly available sources including Companies House, Land Registry, websites, and professional networking platforms;
• credit reference agencies (“CRAs”);
• fraud prevention agencies;
• identity verification providers; and
• third-party service providers supporting compliance, recruitment, fraud prevention, affordability, and verification processes.

7. Credit Reference and Affordability Checks

To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs).

We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

• Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority FCA Firm Reference Number: 742313
• TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority FCA Firm Reference Number: 805757

The information we receive may include data relating to your identity, credit commitments, payment history, and public record information.

This data is used solely for legitimate business purposes including:

• creditworthiness assessment;
• affordability assessment;
• identity verification;
• fraud prevention; and
• regulatory compliance.

Further information can be found at:

• Creditsafe Transparency Notice
• TransUnion CRAIN Notice
• TransUnion Bureau Privacy Notice

We may also carry out periodic CRA checks during the lifetime of any loan or financial relationship.

8. Special Category Data

In limited circumstances we may process special category data, including information relating to health, where relevant to a loan application or servicing requirement.

Such information will only be processed where there is an appropriate lawful basis and condition under applicable data protection law.

9. Legal Basis for Processing Personal Data

We process personal data in accordance with UK GDPR and the Data Protection Act 2018.

Depending on the circumstances, we rely on the following lawful bases:

9.1 Performance of a Contract

Processing necessary to:

• assess applications;
• enter into agreements;
• provide services;
• manage loans;
• communicate regarding accounts; and
• fulfil contractual obligations.

9.2 Legal Obligation

Processing necessary to comply with:

• anti-money laundering obligations;
• fraud prevention requirements;
• financial regulations;
• tax and accounting obligations; and
• legal or regulatory requests.

9.3 Legitimate Interests

Processing necessary for legitimate business purposes including:

• operating and administering our business;
• fraud prevention;
• credit risk assessment;
• affordability assessment;
• system and data security;
• audit and compliance;
• recruitment activities;
• relationship management;
• maintaining records;
• website analytics; and
• protecting TransUnion and other third-party data.

Where legitimate interests are relied upon, we carry out balancing assessments to ensure your rights and freedoms are protected.

9.4 Consent

Where required by law, we process personal data based on consent, including certain marketing communications.

You may withdraw consent at any time.

10. Sharing Personal Data

We may share personal data with:

• brokers and intermediaries;
• funders and investors;
• credit reference agencies;
• fraud prevention agencies;
• professional advisers;
• contractors and service providers;
• IT providers;
• recruitment providers;
• regulators;
• law enforcement agencies; and
• companies within our group.

We may also share data where necessary in connection with the sale, restructuring, or transfer of our business.

11. International Transfers

We may transfer personal data outside the UK and/or European Economic Area (“EEA”).

Where this occurs, we ensure appropriate safeguards are in place, including:

• UK International Data Transfer Agreements;
• approved Standard Contractual Clauses; or
• transfers to countries recognised as providing adequate protection.

Mailchimp and certain technology providers may process personal data outside the UK.

12. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected and to meet legal, regulatory, contractual, and legitimate business requirements.

Typical retention periods include:

• Loans advanced: up to 6 years after redemption (or longer where legal proceedings apply)
• Unsuccessful applications and enquiries: up to 6 years
• AML information: up to 5 years where legally required
• Intermediaries, funders, contractors, and advisers: up to 6 years after the relationship ends

Data used for credit reference or affordability checks is retained only for as long as required and then securely deleted.

13. Automated Decision Making and Profiling

Non-Automated Decision Making and Profiling

We may use automated systems and tools to support business processes such as:

• risk assessment;
• affordability checks;
• fraud prevention;
• identity verification; and
• record management.

These systems may generate indicators, recommendations, or scores using predefined criteria.

However, we do not make decisions producing legal or similarly significant effects based solely on automated processing. Any such decisions involve meaningful human review.

Individuals will not be automatically rejected or adversely affected without human involvement.

14. Your Rights

Under UK GDPR you have rights including:

• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object
• Rights relating to automated decision making

To exercise your rights please contact us using the details above.

15. Complaints

If you are dissatisfied with how we process your personal data, please contact us first so we can attempt to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”).

Information Commissioner's Office
Telephone: 0303 123 1113

16. Provision of Personal Data

The provision of certain personal data is necessary:

• to enter into contracts;
• provide services;
• process applications;
• verify identity;
• prevent fraud; and
• comply with legal and regulatory obligations.

If you do not provide required information:

• we may be unable to enter into agreements with you;
• services may be delayed or restricted; or
• applications may be declined.

Providing information for marketing purposes is optional and consent may be withdrawn at any time.

17. Data Security and Breaches

We implement appropriate technical and organisational security measures to protect personal data.

Where legally required, we will notify affected individuals and relevant authorities of personal data breaches in accordance with applicable law.

18. Keeping Information Accurate

Please notify us promptly if your personal information changes so we can maintain accurate records.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect legal, regulatory, or operational changes.

The latest version will always be available on our website.