Privacy policy

Last updated: 13/08/2024

Business Logo - Startply X Webflow TemplateCompany Logo - Startply X Webflow TemplateInstitute Logo - Startply X Webflow Template

This Privacy Policy explains and governs: how, when, what and whose personal data we collect; how and why we use your personal data; and your privacy rights in general, including how to control your personal data and how you are protected under data protection law. We commit to protect your data and keep it safe and secure at all times.

This Privacy Policy applies to personal data that we collect through the Penny (www.pennyfreedom.co.uk) and gigzzee (www.gigzzee.com) ("Website") and when you contact us through other mediums, such as by telephone or email.  This Privacy Policy will be updated from time to time to comply with the applicable laws and regulations and to meet our changing business requirements.  You are advised to periodically review this Privacy Policy for the latest amendments. We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

If you have any queries/comments on this Privacy Policy, you can contact us (including our Data Protection Officer) using the details at the bottom of the Privacy Policy.

Quick links

We recommend that you read this Privacy Policy in full to ensure you are fully informed. However, if you only want to access a particular section of this Privacy Policy, then you can click on the relevant link below to jump to that section.

What do we do?

We offer selective invoice finance to small and medium enterprises including to drivers of delivery service partners in the United Kingdom. Penny Limited (ZA553117) trading as Penny freedom and gigzzee is the data controller for the personal data collected through the individual website and other mediums (hereinafter referred to as “gigzzee”,  "Penny", “we” or “us”) and may share your personal data with third parties as mentioned below. The term “Debtor” will be used to define the entity or individuals purchasing the services from the applicant.

Your protection under the law

Under applicable data protection laws, we are authorised to use your personal data only if we have an appropriate reason for doing so and this will depend on the personal data concerned and specific context in which we collect it. Generally, this is likely to be based on one or more of the following:  

  • Your consent;
  • Our legal duty;
  • Fulfilling our contractual obligations; and/or
  • Based on our legitimate interest to do so, which does not override your rights.

We will rely on legitimate interest only where we (or a third party) have a business or commercial reason to use your personal data. We have set out below examples of when and for what purpose we rely on our (or a third party's) legitimate interest as a basis to process your personal data. We also set out any other legal basis we rely upon in relation to that particular processing.

Data Usage Table
Purpose for which your personal data is used. Our/a third party's legitimate Interests The legal basis/bases we rely on
  • Managing and maintaining of our ongoing relationship with your business.
  • Updating our records, developing new products and services, working on new pricing and providing you with updates on it.
  • Our legitimate interests.
  • Your consent.
  • Fulfilling our contractual obligations.
  • Performance of our marketing functions, including sending customers marketing materials.
  • Where we have a legitimate interest in sending your business marketing material, such as in order to provide you with information on new products or services.
  • Our legitimate interests.
  • Your consent, where legally required for marketing activities.
  • Developing new marketing strategies.
  • Developing and maintaining customer’s relationship, their needs and developing strategies for business growth.
  • Analysis of customers’ use of our products and services and those of our third parties.
  • In order to meet customer need and develop and grow our business.
  • In order to improve and develop our products and services.
  • Our legitimate interests.
  • Our legal obligation.
  • Fulfilling our contractual obligations.
  • Managing, developing and testing new products and services and ongoing maintenance of our brand.
  • For ongoing maintenance of our relationships with third party service providers to both ourselves and our customers.
  • Developing new products and services, defining the customers for which they are relevant and determining the pricing.
  • To manage our relationships with third party service providers, to ensure that our requirements continue to be met.
  • Fulfilling contractual obligations.
  • Our legitimate interests.
  • Our legal obligation.
  • Promoting and delivering our products and services.
  • Performing credit checks on applicants, personal guarantors, directors, partners, shareholders and any linked “financial associates” (i.e. person who may have joint personal financial arrangement such as joint accounts or joint credit applications, which may be your spouse or partner).
  • Performing credit checks on the Debtor, directors, partners, shareholders and any linked “financial associates” of the Debtor, any person giving warranty, guarantee or indemnity in respect of the obligations of a Debtor under the Supply Contract.
  • To process applications and rejected applications.
  • To manage the Invoices, charges, fees and legal costs in relation to our customers.
  • For debt collection and recovery.
  • In order to meet customer need and develop and grow our business.
  • In order to progress customer applications and make decisions in relation to the services/products that we are able to offer.
  • To manage our customers' accounts and keep a record of transactions.
  • In order to take necessary steps with regard to our financial position as a business.
  • Fulfilling contractual obligations.
  • Our legitimate interests.
  • Our legal obligation.
  • Obtaining your consent on certain matters, such as where legally required in order to share your data with a third party (e.g. to make a referral to another lender where an application has been rejected).
  • To fulfil our obligations in the prevention of financial crime including fraud and managing the risk.
  • To adhere to all laws and regulations applicable to us.
  • Complaints management.
  • In order to detect or prevent illegal activities.
  • Developing ways to deal more efficiently with financial crime whilst fulfilling our legal duties.
  • In order to deal with customer or other complaints.
  • Fulfilling contractual obligations.
  • Our legitimate interests.
  • Our legal obligation.
  • Efficient management of the business including day to day operations, corporate governance and audit.
  • To provide our products and services to customers, including to manage accounts and communicate with customers regarding queries.
  • To liaise with third parties as necessary in order to provide our products and services.
  • For corporate governance purposes, including to carry out regular audits in relation to our business.
  • Fulfilling contractual obligations.
  • Our legitimate interests.
  • Our legal obligation.
  • To exercise our rights set out in agreements or contracts.
  • Fulfilling contractual obligations.
  • To process biometric data (facial recognition and voice recognition) as part of identity check conducted by a third party.
  • Consent.
  • Our legal obligation.
  • Fulfilling our contractual obligations.

Types and Sources of Personal Data

During your interaction with us, we collect different kinds of personal data on you, your business and your linked associates. Below is a list of all the different types of information we collect:  

Personal Data Table
Personal data Description
Financial Information The financial position of your business, (i) your personal position, credit status and history (ii) credit history of any linked financial associates i.e person with whom may have or had a joint personal financial arrangement such as joint accounts or have made joint credit applications which may be your spouse or partner (not a business partner). We may check the records, including the credit details of other individuals acting as personal guarantors to the invoice facility. (iii) if the applicant is a limited company, the credit history and status of each director and shareholder and their financial associates. (iv) if the applicant is a sole trader or a partnership, driver of a delivery service provider, the credit history of the sole trader or each partner or each driver and their financial associates. (v) Where relevant the Debtor’s financial information, the credit history and status of each director and shareholder and their financial associates. (vi) the credit history of a person who has or may give a warranty, guarantee or indemnity in respect of the obligations of a Debtor under a Supply Contract. The financial information we may access through our trusted partner or submitted directly by yourself will cover your business data, customer data, supplier data, invoice (sales invoice) data, bill (purchase invoice) data, credit note data, payments data, profit & loss data, balance sheet. This will also cover no of collections, no of drops, mileage covered, hours worked and routes as stated on the submitted timesheets.
Contact Details The registered and trading address of your business, personal and business phone number supplied and email address of applicants, directors, partners, shareholders, linked associates, Debtors and ownership status.
Profile and usage data This includes the member area that we set up when your invoice facility application is successful and the profile you create to identify yourself when you connect to our internet services. It also includes other data about how you use those services. We gather this data from devices you use to connect to those services, such as computers and mobile phones, using cookies and other internet tracking software (see below section on "Cookies").
Transactional Details Details about payments to and from your bank account, bank statements you submit to us through our portal or our trusted partner. All Invoice facility made by us and all payments made by the business and yourself to us. Management Information or additional information you provide on your business. This also include bank account details of the Debtor.
Products and services Information on the financial products and services we have provided to you, e.g. amount in relation to the invoice facility, purpose and term.
Location Location and device data from which you are applying for the invoice facility, i.e. your phone, the IP address on connecting to your internet, the operating system and the browser type.
Technical Details on the devices and technology you use to apply for the invoice facility with us, browse our Website and manage your account.
Communications Includes all exchanges between yourself and us including letters, emails, face-to-face interactions and telephone conversations (included by way of recorded calls).
Public Records Details about your business, yourself, your financial associates; details about you that are in public records such as companies house, electoral register; and information about you that is openly available on the internet.
Identification and Verification data Details about you that are stored in documents in different formats, or copies of them. This could include documents such as your passport, drivers licence, utility bills or other verification of residential address or date of birth and may extend to other directors, shareholders and partners and their linked financial associates, including where applicable the Debtors.
Consents Any permissions, consents or marketing preferences that you provide to us.

We may collect personal data about you and your business when you are:

  • Applying for an invoice facility with us from our Website or from one of our financial brokers, affiliates and other third-party introducers;
  • Speaking to us face to face or on the telephone;
  • Browsing our Website and using webchats;
  • Using emails, letters and sms to communicate with us;
  • Completing our customer surveys or participating in any of our competitions or promotions; and
  • When you inform us of your marketing preferences.

In addition to the above, we can also access your personal data from a number of third parties we work with such as third party brokers, affiliates and other third-party introducers that introduce you to us, credit reference agencies (CRAs), comparison websites, social networks such as Facebook, Twitter and LinkedIn, Land Registry, property search engines, Companies House and Creditsafe, debt recovery agents, external solicitors for invoice facility arrangement and debt recovery, market research agents, and law enforcement agencies.  

Not providing your personal data

We may need to collect personal information by law, or under the terms of a contract we have with you. If you choose not to give us this personal data, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services needed to run your accounts. It could mean that we cancel a product or service you have with us. Any data collection that is optional would be made clear at the point of collection.

Third Parties we share your personal data with

We may disclose your personal data to third parties. We will take all the necessary steps required to ensure that any transfer and ongoing processing by those third parties is carried out securely and in accordance with applicable data protection regulation and privacy laws. Examples of the third parties we share your information with are as follows:

  • Your delivery service providers/contractors
  • Any of our third parties who otherwise process personal data for purposes that are described in this Privacy Policy or notified to you when we collect your personal data;
  • Third-party brokers or third-party lenders or other trusted partners to whom we may refer your application for credit in case we could not help you, if you have provided your consent;  
  • Third party trusted partners from whom you may be interested to receive products and services if you have provided your consent;
  • Our suppliers, sub-contractors, and third-party data processors (including payment processors, marketing and data analytics service providers, debt collection agents, tracing agents, insolvency practitioners, professional advisers and third parties who provide us with the following services from time to time: identification and fraud check, marketing, technology, document readers, payroll service providers, medical cover providers for staff, back-up and business continuity);
  • Third party we use to process your biometric (facial recognition and voice recognition) data;
  • Any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
  • HM Revenue & Customs, regulators, and other authorities;
  • CRAs, namely Equifax, Transunion and Experian (more information on this can be found below)
  • Fraud prevention agencies namely National Crime Agency;
  • Companies that we have an agreement to co-operate with;
  • Organisations or individuals that introduce you to us;
  • Third party brokers, affiliates and other introducers that introduce leads to us;
  • Organisations you ask us to share your data with;
  • If we decide to sell, transfer, assign, merge, acquire other businesses or change group structure, we may share your personal data with other parties that have the required standards of data protection.

Credit Reference Agencies (CRAs)

We may carry out credit and identity checks with at least two CRAs when you apply for an invoice facility for your business.

On submitting the application, you agree that you have the full consent of all parties and any linked “financial associates” i.e. a person with whom you may have had or have a joint personal financial arrangement such as joint accounts or have made joint credit applications which may be your spouse or partner, or civil partner. The consent will also cover credit checks on the Debtor where relevant.

If the applicant is a sole trader, general partner, driver of the delivery service provider, we may check any financial associate. If the application is for a business partnership, we may check each partner and their financial associates and where the application is for a limited company, we may check each director, shareholder and their financial associates. The credit file of all personal guarantors may also be checked.

The following information will be shared with the CRAs:

  • Name;
  • Date of birth;
  • Residential address;
  • History of where you have lived;
  • Contact details, such as email addresses and phone numbers (of directors, shareholders, personal guarantors, linked associates);
  • Financial data such as the company bank account details;
  • Data relating to you or your businesses products or services; and
  • Data that identifies computers or other devices you use to connect the internet such as the Internet Protocol (IP) address.

CRAs will provide us with the financial situation and credit history information on the business and the relevant individuals, including their linked financial associates. Public information from the electoral register, Companies House, county court judgments, bankruptcies and fraud prevention/anti money laundering information will also be provided.  

Information from the CRAs will help us conduct the following:

  • Confirm identities and residential address;
  • Assess the creditworthiness of your business, yourself and your financial associates;
  • Help prevent crime, fraud and money-laundering (see below for more information);
  • Manage your accounts with us;
  • Fulfil any contracts you or your business has with us;
  • Checking details on prospective candidates and employees as part of their employment; and  
  • Trace your whereabouts and recover debts that you owe us.

When you enter into an invoice facility with us, we will give details of your accounts and how you manage it to CRAs. We will continue to share your personal data with CRAs if you are our customer, and these will include information on your invoice facility, current balance and repayment history.  

The above information may be shared by the CRAs with other lenders who may want to check your credit status and that of your business.

Searches we undertake on your credit file will leave a footprint and may impact your credit file. In most cases, the footprint left will be a director search. All the footprints may be seen by other lenders.  

Where you are making an application with someone else or you tell us you have a spouse, partner or civil partner or that you are in business with other partners or directors, we link and search information about you and your associates at the CRAs.

CRAs will also link your records together and these links will remain on your credit files until you or financial associate provides proof to the CRAs that you are no longer financially linked.

You can contact the CRAs currently operating in the UK in order to check the information they hold about you.  The information they hold may not be the same, so it is worth contacting them all. Below are links to the Credit Reference Agency Information Notice which provide information about them, the data they hold, how it is shared and your data protection rights.

Transunion Equifax Experian

Fraud Prevention

Where we suspect fraud or money laundering, we and the CRA may share your personal data with law enforcement agencies.  

As far as fraud and money laundering prevention is concerned, we shall keep your data for as long as we exist, provided this is in accordance with applicable laws. However, the CRAs may keep them for a different length of time.

We may submit the information you provide to us through our automated system that will identify fraud patterns and indicate unusual activities for you and your business. Either of these could indicate a possible risk of fraud or money-laundering and where that is the case, we will reject your application and report it to the National Crime Agency accordingly. We and the CRAs may keep a record of the risk you or your business pose to our business.

Referring to Third-Party Providers

In the event, your business does not satisfy our criteria and we cannot provide an invoice facility to you, we may where you have consented to it, pass your personal details such as your name, email address, contact details, credit application to third party lenders and brokers who may assist you in obtaining credit.  You will be contacted directly by them to discuss your credit application. We will also pass the credit data of your business, the directors and personal guarantors to our trusted partners who we have outsourced certain activities to.

Automated decisions

We may make automated decisions (including profiling) based on personal data we hold about your business, yourself, directors, shareholders, personal guarantors and any linked associates. Automated decisions assist us in making decisions which can affect the products, services and pricing and these decisions may legally affect you or similarly significantly affect you.  

Automated decisions mean that a decision concerning you is made automatically on the basis of a computer determination (using software algorithms), without our human review.  Examples of automated decisions are as follows.  

(i) Approving Credit

We use an automated system to run your application through our initial lending criteria to determine if we are able to provide funding to your business. Your application will either be accepted or rejected based on the criteria set by ourselves. We also use credit data to assess the creditworthiness of your business and the likelihood you will pay back any money you borrow. This includes data about your credit history and that of your business.  In addition to the credit score of the directors and that of the business, we may also consider additional information including other financial information to be able to reach an overall decision to lend.

(ii) Statistical Analysis

We may carry out periodic statistical analysis or testing to ensure the accuracy of existing and future products and services. To that effect, we may place you in segments to understand our customers’ needs and manage our relationships with them.  

(iii) Prevention of Money Laundering

We may use  personal data to (i) verify your identity, the directors, partners, shareholders, personal guarantors and that of your financial associates including the Debtors (ii) undertake checks for the prevention and detection of crime, fraud and/or money laundering (iii) identify if your personal or business information have been used for fraud or money laundering purposes and where we believe that there is such a risk, we will report our suspicion to the National Crime Agency as required by law (iv) process your biometric (facial recognition and voice recognition) data through a third party provider to enable us to verify your identity.

(iv) Pricing

We may decide what to charge for our products and services based on credit risk data analytics.

Your rights over automated decision

We have implemented measures to safeguard the rights and interests of individuals whose personal data is subject to automated decision-making, including our initial criteria checks and credit reference checks.

Under applicable privacy laws, you have rights to request that our initial decision to accept or reject your application is not based on the automated decision only or you can object to the latter or request for the decision to be reviewed.

Please contact us on: hello@pennyfreedom.co.uk  if you wish to have more information about these rights.

Overseas Transfers

We may transfer your personal data to countries outside the UK. These countries may have different privacy laws to those in the UK.

Specifically, we may transfer your data to other countries, including those outside the European Economic Area, either for storage and back up purposes or if we engage suppliers, sub-contractors or third-party data processors who are based or have operations overseas.

We will always take steps to ensure that your information is protected and that those transfers comply with applicable data protection laws. This includes putting in place the European Commission's Standard Contractual Clauses, where Binding Corporate Rules are in place, or where a company receiving the data in the USA is certified under the EU-US Privacy Shield

This means that your data will be processed and protected under the same standards as imposed by data protection laws within the UK.  

Marketing from us and Member Benefit Schemes

As part of our marketing strategy, we may use your personal data to analyse which products, services and offers may be relevant for you.

You can ask us to stop sending you marketing messages by updating your marketing preferences by logging into your member’s area or simply by emailing us on hello@pennyfreedom.co.uk.  However, you will still receive mandatory and key service communications such as any changes to your existing products and services with us.  

We may ask you to confirm or update your choices, if you take out any new products or services with us in future. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business.

Keeping your personal data secure

We use appropriate technical and organisational measures to protect the personal data that we collect and process about you.  The measures we use, including high level encryption are designed to provide a level of security appropriate to the risk of processing your personal data.  Our core web systems are designed and developed in-house, using a hierarchical permission structure which restricts each user’s access to reports and customer records based on the requirements of both their department and their level of seniority.  

Period of time we can retain your personal data

We retain personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with the service you have requested or to comply with applicable legal, tax or accounting requirements).  

Where you have made a full application, we will keep your personal data for up to 6 years after your account is closed. If for any technical, regulatory, legal reasons or research and statistical purposes we are unable to delete or anonymise your personal data, we may keep it longer than 6 years but will ensure your privacy rights are always protected and that deletion takes place when possible. For incomplete applications, personal data will be deleted after 6 months.

How to access your personal information

You have the right to:

  • access the personal data we hold about you and request details of the third parties with whom we have shared your information and request that we amend or remove incorrect or incomplete information we hold about you.  You can do so by contacting us at any time using the contact details provided under the "How to contact us" heading below;
  • object to and request that we restrict the processing of your personal data and the right to be forgotten. Again, you can exercise these rights by contacting us using the contact details provided under the "How to contact us" heading below. Where we have made the personal data public and you want to exercise your right to be forgotten, we shall take reasonable steps to inform the other parties to whom your information has been passed;
  • data portability, whereby you have the right to request that we transfer your personal data from us to another service provider;
  • opt-out of marketing communications we send you at any time.  You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you or by accessing the marketing preferences section of your member area.  To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “How to contact us” heading below;
  • if we have collected and process your personal data with your consent, then you can withdraw your consent at any time.  Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent;
  • complain to a data protection authority about our collection and use of your personal data.  The data protection authority in the UK is the Information Commissioner's Office (www.ico.org.uk).

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

How to contact us

Please let us know if you have any questions, concerns or are unhappy with how we have used your personal data. You can email us or our Data Protection Officer on vaida@pennyfreedom.co.uk write to us at Archibald House, 50-56 Wykes Bishop Street, Ipswich, England, IP3 0DT.

Linked Websites

For your convenience, hyperlinks may be posted on the Website that link to other websites (the “Linked Sites”). We are not responsible for, and this Privacy Policy does not apply to, the privacy practices of any Linked Sites or of any complaints that we do not own or control. Linked Sites may collect information in addition to those we collect on our Website and therefore we do not endorse any of these Linked Sites nor the services or products described or offered on such Linked Sites, or any of the content contained on the Linked Sites. We encourage you to seek out and read the Privacy Policy of each Linked Site that you visit to understand how the information that is collected about you is used and protected.

Get started with Penny

Over 10,000 business owners have already changed the way they manage their cash flow.

Register an account