Privacy and Cookie Policy

FBX Capital Partners Limited (“FBX Capital,” “we,” “us,” “our”) is a UK-based financial services firm committed to protecting your privacy. We handle personal data in accordance with the UK GDPR and the Data Protection Act 2018. This Privacy & Cookie Policy explains what personal data we collect, how we use and protect it, your data rights, and our use of cookies when you use our website (fbxcapital.co.uk) or engage our services. FBX Capital Partners Limited (company No. 13456241) is registered in England and Wales; as Data Controller we determine the purposes and means of processing personal data. Our contact details (including those of our Data Protection Officer) are given below.

Personal Data We Collect

We collect information from you directly and through website interactions. This may include:

• Identity & Contact Data: Your name, date of birth, address, email, telephone number and other identifiers. (E.g. when you register or contact us.).
  
  
• Financial and Business Data: Financial information relevant to business finance or loan applications (e.g. bank details, credit reports, filed accounts, VAT returns, personal income, property equity).
  
  
• Transactional Data: Details of any financial transactions you make with us or through our services.
  
  
• Usage & Technical Data: Internet protocol (IP) address, browser type, device information, website usage analytics (pages visited, duration, referral data) collected via cookies and web logs.
  
  
• Communications Data: The content of emails, calls, or messages between you and us (such as feedback or support queries).
  
  

We may also receive Open and Public Data (e.g. company registry or social media information) and Documentary Data (e.g. copies of identity documents or contracts) when provided. We do not collect special category data (sensitive personal data) such as health or ethnic data, unless you voluntarily provide it with your consent and we have a lawful basis to do so. We will not accept personal data about others unless they have consented to our processing as outlined herein.

Legal Basis for Processing

Under UK GDPR Article 6, we only process personal data where we have a lawful basis. Our lawful bases include:

• Contractual Necessity: Processing necessary to perform our contracts with you (e.g. to provide financial services, process loan applications, or manage your account).
  
  
• Legal Obligation: Processing required to comply with UK or EU law (e.g. anti-money laundering, tax, or regulatory requirements).
  
  
• Legitimate Interests: Where processing is necessary for our legitimate business interests (e.g. system administration, fraud prevention, network security, improving our services, or direct marketing of similar services) and does not override your rights.
  
  
• Consent: When required, we will obtain your clear consent before processing (e.g. for marketing emails or non-essential cookies). You may withdraw consent at any time (see Your Rights below).
  
  

Each purpose of processing has a specific basis; we document our bases and only process data “necessary” for the stated purposes.

How We Collect Your Data

We collect data directly from you when you: submit forms (e.g. inquiry or application forms), communicate with us (by email, phone, or in person), or sign up for services. We also collect data automatically via cookies and analytics tools when you use our website. In some cases, we may receive data from third-party sources such as credit reference agencies or publicly available databases, but only as permitted by law (e.g. for credit checks or identity verification). Wherever possible, we collect data openly and fairly; we will inform you if data originates from other sources.

How We Use Your Personal Data

We use your data to provide and improve our financial services and website, including:

• Provision of Services: To process and administer your loan or finance applications and related services. (This is necessary to fulfil our contract with you.)
  
  
• Customer Support: To contact you with account information, service notices, or support requests.
  
  
• Compliance: To verify your identity, perform credit and affordability checks, prevent fraud, and comply with legal and regulatory obligations (e.g. KYC/AML).
  
  
• Improving Experience: To analyse website usage and improve our site and services (using tools like Google Analytics).
  
  
• Marketing and Communications: We may (with your consent or under legitimate interest) send you information about relevant products or news. You can opt out of marketing at any time.
  
  

We will not use your data for purposes beyond what we inform you here without notifying you. We never sell or lease your personal information to unrelated third parties.

Third-Party Service Providers

We work with trusted service providers (data processors) who help us run our business. These include:

• Analytics & CRM: Google Analytics for website statistics; a CRM/email system (e.g. HubSpot or Salesforce) to manage customer relationships and communications.
  
  
• Advertising and Marketing: Platforms like Google Ads or social media (LinkedIn) for advertising and remarketing (always based on consent or legitimate interest in targeting business audiences).
  
  
• Payment and Data Hosting: Cloud services (e.g. AWS, Microsoft Azure) for hosting our website and databases; payment processors if handling transactions.
  
  
• Professional Advisers: Accountants, legal advisers, credit reference agencies, and other financial partners to whom we may share data to secure financing or meet regulatory requirements (always under strict confidentiality).
  
  

We enter into data processing agreements with all third parties to ensure they also protect your personal data. These providers may have access to your personal data only as necessary to perform their functions and must not use it for other purposes. (For example, Google Analytics collects pseudonymised user data about your site use under strict privacy controls.)

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimisation, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email. You may opt out of receiving this advertising by visiting https://app.retention.com/optout. You also have the option to opt out of the collection of your personal data in compliance with GDPR. To exercise this option, please visit https://www.rb2b.com/rb2b-gdpr-opt-out.

Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected, and to comply with our legal and regulatory obligations. This generally means:

• Active Customers: We keep data for the duration of our business relationship to manage your account and services.
  
  
• Post-Contract: After services end, we may retain data for a defined period (typically up to 6–7 years) as required by financial regulations (e.g. anti-money laundering, tax, or Statute of Limitations).
  
  
• Anonymised Data: We may retain anonymised (non-identifiable) data for statistical or research purposes.
  
  

When personal data is no longer needed, we will securely delete or anonymise it. You can contact us if you believe we are holding data longer than necessary; we will review and erase it if appropriate.

Your Data Protection Rights

Under the UK GDPR, you have the following rights regarding your personal data:

1. Right to Be Informed: You have the right to know how and why we use your data and whom we share it with. This policy and any notices serve that purpose.
   
   
2. Right of Access: You can request a copy of the personal data we hold about you, free of charge (subject to any legal limitations).
   
   
3. Right to Rectification: You can ask us to correct or update any inaccurate or incomplete data.
   
   
4. Right to Erasure (“Right to be Forgotten”): You can request deletion of your personal data where there is no lawful reason to keep it.
   
   
5. Right to Restrict Processing: You can ask us to suspend processing your data if you dispute its accuracy or if the processing is unlawful but you do not want it deleted.
   
   
6. Right to Data Portability: You can request a portable copy of your data in a structured format to transfer to another provider.
   
   
7. Right to Object: You can object to our processing of your data (e.g. for direct marketing or legitimate interests), and we must stop unless we have compelling grounds to continue.
   
   
8. Right to Withdraw Consent: If we rely on your consent for processing, you can withdraw that consent at any time (without affecting processing done before withdrawal).
   
   

To exercise any of these rights, please contact our Data Protection Officer at the details below. We will respond within one month as required by law. You also have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe we have breached data protection law.

Cookies and Similar Technologies

What Are Cookies?

Cookies are small text files stored on your device that help websites remember information about your visit. They allow the website to recognize your browser, remember preferences, and track usage patterns.

Cookie Categories Used

We use four types of cookies on our site:

• Strictly Necessary (Essential) Cookies: These are needed for core site functions (e.g. session management, security, load-balancing) and do not require consent.
  
  
• Performance (Analytics) Cookies: These collect aggregated data on how visitors use the site (pages visited, errors, navigation) to improve performance. These are non-essential and require consent.
  
  
• Functional (Preference) Cookies: These remember your preferences and settings (language, region, login status) to improve your experience. They are usually exempt from consent if strictly necessary, but we still inform you about them.
  
  
• Targeting (Advertising) Cookies: These track your browsing across sites to deliver relevant ads or limit the number of times you see an ad. Consent is always required for these under PECR/UK GDPR.
  
  

FBX Capital does not set third-party advertising cookies without consent; our site’s functionality cookies do not track you across other sites.

Managing Cookies and Consent

When you first visit our website, we display a cookie banner asking for your consent to set non-essential cookies. This is because UK law requires us to “tell people the cookies are there, explain what they do and why, and get the person’s consent”. You may then choose which categories of cookies to allow.

If you decline or later withdraw consent, we will not set performance or targeting cookies on your device. You can manage or delete cookies at any time by changing your browser settings (e.g. clearing cookies or setting your browser to block cookies). Note that disabling cookies may affect website functionality. You can also opt out of third-party advertising cookies via your device or by using tools such as the (UK) YourOnlineChoices website.

Consent must be an unambiguous positive action. We will never pre-tick boxes or use consent as a condition of using the site (except for strictly necessary cookies). We may update our cookie banner and policy over time; you can revisit this policy for the latest information.

Data Security

We take data security very seriously and implement appropriate technical and organisational measures to protect personal data from loss, misuse, unauthorized access or disclosure. These measures include:

• Encryption of data in transit (using HTTPS/TLS) and at rest where applicable.
  
  
• Access controls and authentication to restrict data access to authorized personnel only.
  
  
• Regular security assessments and updates to our systems.
  
  
• Secure disposal or anonymisation of data when no longer needed.
  
  

No system can be 100% secure, but we strive to use industry-standard security practices to safeguard your information.

Third-Party Links

Our website may contain links to other sites. This Privacy Policy does not apply to third-party sites, which have their own privacy practices. We encourage you to read their policies before providing personal data.

Changes to This Policy

We may update this Privacy & Cookie Policy from time to time (e.g. to reflect changes in law or our practices). Any changes will be posted on this page with an updated “last reviewed” date. Please check this page periodically.

Contact Information

If you have questions about this policy or our data practices, or to exercise your rights, please contact our Data Protection Officer:

FBX Capital Partners Ltd
Address: 10 Lower Thames St, London EC3R 6AF, United Kingdom (head office)
ICO Registration: ZB159930 (UK Data Protection registration)
Email: enquiries@fbxcapital.co.uk (or write to our registered address above).

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) (www.ico.org.uk), the UK supervisory authority for data protection.