Privacy & Cookie Policy

This website is owned by Sigma Lending Ltd (“Sigma Lending”). Last updated 26/07/2023.


Sigma Lending is committed to data protection best practices and complies with UK and local data protection law.

“We”, “our” or “us” means Sigma Lending Ltd, registered with the Companies House under the registration number 14826072. For the purposes of UK data protection law and country of operation law, we are a data controller in respect of the personal data we receive from you, or otherwise collect about you, and we are responsible for ensuring that we use your personal data in compliance with applicable data protection laws.

You can contact our data protection officer at The Privacy Policy contains information about the nature, purpose and scope of our use of your personal data with regard to the website (“Website”) and its subdomains, and your respective rights.

In this Policy:

Consent: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they by a clear affirmative action signify agreement to the processing of their personal data;

Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;

Data Protection Officer: means the contact person for questions or complaints regarding our handling of personal information;

Disclosing: means providing information to persons outside of our organisation;

Lawful processing: the reason that allows us to legally process personal data and includes freely given consent for a specific purpose; the performance of a contract, compliance with a legal obligation, protecting vital interests, public interest, legitimate interests pursued by the controller;

Legitimate interest: the interest of a controller to process personal data, including scenarios in which personal data may be disclosed or provided by a third party, and may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overridden, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller;

Personal data: means any information relating to an identified or identifiable individual (”data subject”); an identifiable individual  is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to that individual;

Special category data: personal data which the UK GDPR defines as more sensitive, and therefore needs more protection. For example, information about an individual’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation;

Use: means our use of information.

What personal information do we collect how and when?

Who do we collect personal information on?

The personal information we may collect and hold includes (but is not limited to) personal information about the following individuals:

  • Current, past and prospective employees,
  • Partners, service providers and suppliers
  • Current and potential customers,
  • Users of our websites,
  • Other stakeholders.

Sigma Lending mainly collects company information needed for analysis. The collection of personal data will be limited to the minimum required information.

How do we collect personal information?

We collect personal data if you use the Website, apply for a loan, use the customer or intermediary portal, or voluntarily transfer them to us by contacting us, for example via form, phone, or email. We will only collect your personal data with your consent or as permissible under applicable data protection law. Data transmitted through the Website, customer or intermediary portal, or any forms will be stored on servers located in the UK, EU, or other countries that are deemed to provide adequate protection. We use the data you provide to us to process your inquiries. Unless specifically stated, we store personal data only as long as necessary to fulfil the purposes pursued.

We may also collect personal information about you from a third party, including, but not limited to, banks and non-bank financial institutions, credit agencies, governmental agencies, marketing agencies. If so, we will take reasonable steps to ensure that you are made aware of this Policy. We may also use third parties to analyse traffic at our website, which may involve the use of cookies.

We will not collect special category data about you without your consent unless an exemption in the data protection law applies. These exceptions include cases when collection is required or authorised by law or is necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.

If you do not provide us with the personal information we request, we may not be able to provide you with our products or services, meet your needs appropriately, or we may have to provide our services on terms that are less favourable to you.

What kinds of personal information do we collect and hold?

We may collect and hold a range of information about you that is reasonably necessary for, or directly related to, one or more of our functions or activities, including:

  • Contact– and identification information: non-public, personal information you knowingly choose to disclose, which is collected on an individual basis via internet, fax, phone, or mail;
  • Website-use information collected on an aggregate basis as you and other users of our website. If you choose to correspond through email, we may retain the content of your email messages together with your email address and all responses sent through our website;
  • Device information – e.g., IP address, language settings, browser settings, time zone settings, operating system and platform and screen resolution;
  • Details about your activity on selected online webpages;
  • Screen recording – record user behaviour in core pages .

We may anonymise and aggregate any of the personal information we collect about you (so that it does not directly identify you).

Why do we collect personal information?

We collect and lawfully process personal information about you so that we may:

  • provide you with our products and services;
  • review and meet your ongoing needs;
  • provide you with information we believe may be relevant or of interest to you;
  • let you know about other products or services we offer, send you information about special offers or invite you to events;
  • consider any concerns or complaints you may have;
  • comply with relevant laws, regulations and other legal obligations; and
  • help us improve the products and services offered to our customers and enhance our overall business.

We may use and disclose your personal information for any of these purposes. We may also use and disclose your personal information for secondary purposes which are related to the primary purposes set out above, or in other circumstances authorised by the data protection law.

Special category data will be used and disclosed only for the purpose for which it was provided (or a directly related secondary purpose), unless you agree otherwise or an exemption in the data protection law applies.

Who do we disclose personal information to?

Unless expressly specified with regard to specific information that we collect from you, we may disclose personal information to:

  • a related entity;
  • an agent, professional advisor or service provider we engage to carry out our functions and activities (such as, but not limited to, lawyers, accountants, IT contractors, software and data providers, marketing companies);
  • organisations involved in the transfer or sale of our assets or business;
  • financial institutions involved in managing our payments, such as banks or payment processors;
  • regulatory bodies, government agencies, law enforcement bodies and courts;
  • anyone whom you authorise us to disclose it to; and
  • if we disclose your personal information to service providers that perform business activities for us, they may only use your personal information for the specific purpose for which we supply it. We ensure that all contractual arrangements with third parties adequately address privacy issues and make third parties aware of this Policy.

Management of personal information

We recognise the importance of securing personal information. We will take steps to ensure your personal information is protected from misuse, interference or loss, and unauthorised access, modification or disclosure.

Your personal information is generally stored in our computer database. In relation to information that is held on our computer database, we apply the following guidelines:

  • all of our infrastructures meet the core security and compliance requirements, such as data locality, protection, and confidentiality;
  • our workflows are hosted in a network specifically designed for, and configured to, withstand attacks;
  • all data transfers are processed within the same network, which is highly secured;
  • passwords are required to access the system and passwords are routinely checked;
  • data ownership is clearly defined;
  • we change employees’ access capabilities when they are assigned to a new position;
  • employees have restricted access to certain sections of the system;
  • unauthorized employees are barred from updating and editing personal information;
  • all computers which contain personal information are secured both physically and electronically;
  • data is encrypted during transmission over the network; and
  • we do not work with physical paper trails, thus print reporting of data containing personal information is limited to the very minimal.

Rights of the data subject

Right of Access

You have the right to access and receive a copy of you personal data, and other supplementary information.

Right to Rectification

You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Right to Deletion

You have the right to demand the deletion of your personal data if the requirements under Article 17 of the UK GDPR are met. This right does not apply if the processing is necessary to exercise the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

Right to Restriction of Processing

You have the right to demand the restriction of the processing of your personal data in certain circumstances, including if data that has been unlawfully processed but you oppose deletion and request restriction instead, , if you need your data to establish exercise, or defend a legal claim, or if we no longer require these data for their purpose..

Right to Object

You have the right to object to the processing of your personal information in certain circumstances, including the right to opt out of any direct marketing.

Right to data portability

You have the right to ask that we transfer any automatically processed personal information you gave us to you or another organisation if it has been lawfully processed based on your consent or to fulfil obligations under a contract.

You are not required to pay any charge for exercising your rights.

How do we keep personal information accurate and up-to-date?

We are committed to ensuring that the personal information we collect, hold, use and disclose is relevant, accurate, complete and up-to-date.

We encourage you to contact us if any personal information we hold about you needs to be updated. If we correct information that has previously been disclosed to another entity, we will notify the other entity of the correction within a reasonable period. Where we have reason to believe that information is inaccurate, we will take reasonable steps to correct the information within 30 days, unless you agree otherwise. We will not charge you for correcting your personal information.

What about cookies and other tracking technologies?

General Use of Cookies

In order to provide this Website and to improve its performance, we use cookies. Cookies are text files that are stored on your device. Cookies remain on your device for a certain and defined period of time and allow us to recognize your browser on the next visit (persistent cookies). You can set your browser to inform you about the cookie setting and disable cookies individually, or to disable cookies for specific cases or in general. Some cookies are necessary for the functions of the Website. If the usage of these cookies is not enabled on your device or in your browser, the functionality of our Website may be restricted.

List of third-party cookies


Updates to this policy

This Policy will be reviewed from time to time to take account of new laws and technology, and changes to our operations and the business environment.

Our responsibilities

It is the responsibility of management to inform employees and other relevant third parties about this Policy. Management must ensure that employees and other relevant third parties are advised of any changes to this Policy. All new employees are to be provided with timely and appropriate access to this Policy, and all employees are provided with training in relation to appropriate handling of personal information. Employees or other relevant third parties that do not comply with this Policy may be subject to disciplinary action.

Unsolicited personal information

We may receive unsolicited personal information about you. We destroy or de-identify all unsolicited personal information we receive, unless it is relevant to our purposes for collecting personal information. We may retain additional information we receive about you if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other personal information.

Making a complaint

If you have any questions about this Policy or wish to make a complaint about how we have handled your personal information, you can lodge a complaint with us by contacting with the reference “Complaint regarding…” in the title of your message. We will respond to your complaint as soon as possible.

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Our website uses cookies, mainly from 3rd party services. Define your Privacy Preferences and/or agree to our use of cookies.