Last updated: [2025]
Summary
We collect information you give us (e.g. applications, enquiries), information from partners (e.g. brokers, credit reference agencies), and technical data (e.g. cookies, IP addresses).
We use it to deliver services, meet legal obligations, prevent fraud, and improve our business.
We share data only with trusted third parties (lawyers, valuers, IT providers, regulators, credit agencies).
We keep data only as long as necessary (see Retention Table below).
We use encryption, secure servers, and strict access controls.
You have strong rights: access, correction, deletion, restriction, portability, and objection.
We never sell your data.
You can opt out of marketing anytime.
LendFirst Limited (“LendFirst”, “we”, “us”, “our”) is a UK company providing non-regulated bridging finance and related services. We are the Data Controller of your personal data.
Company number: [ 16553425 ]
Registered office: [ Group First House, Mead Way, Padiham, BB12 7NG ]
Email: [ privacy@lendfirst.co.uk ]
This Policy applies to:
Visitors to our website.
Anyone making enquiries with us (directly or via a broker).
Our business partners, suppliers, and introducers.
Users of our services (Borrowers, Investors, Brokers). Separate notices will supplement this Policy.
We may collect:
Identification data – name, DOB, ID documents, nationality.
Contact details – address, phone, email.
Business & financial data – employment, company info, bank details, assets, liabilities.
Compliance & due diligence – AML/KYC results, credit scores, sanctions checks.
Technical data – cookies, device identifiers, IP addresses, browser data.
Communications – emails, calls, enquiry forms, complaints.
Mandatory data: certain information (e.g. ID, address, financial details) must be provided by law or to progress an application. If you refuse, we may not be able to proceed.
Optional data: e.g. marketing preferences, non-essential feedback.
We use personal data to:
Deliver services and manage applications.
Verify identity, prevent fraud, and meet legal duties.
Communicate about applications, enquiries, and services.
Manage relationships with brokers, suppliers, and partners.
Analyse and improve our website and services.
Send lawful marketing (see Section 11).
Defend legal claims, enforce agreements, and manage risk.
When assessing applications, we may use automated systems (e.g. credit checks, fraud screening).
A human reviews decisions before final outcomes.
You may request a review of any decision made partly by automation.
We rely on the following legal bases:
Contract – to process applications and agreements.
Legal obligation – AML, tax, regulatory duties.
Legitimate interests – running our business, fraud prevention, risk management, marketing to existing contacts.
Consent – for certain types of marketing or optional services.
We may share personal data with:
Professional advisers (lawyers, auditors, accountants).
Credit reference & fraud prevention agencies.
Service providers (IT, hosting, payment, comms).
Brokers, introducers, and business partners.
Valuers, surveyors, and other property professionals.
Regulators, HMRC, courts, or law enforcement.
Buyers or investors in the event of a sale or restructuring.
We never sell your data.
If data leaves the UK/EEA, we safeguard it via:
Adequacy decisions (approved countries).
Standard Contractual Clauses (SCCs).
Other UK GDPR-approved measures.
| Data Type | Retention period |
| Enquiries/marketing contacts | Until opt-out or 2 years after last contact |
| Successful loan applications | 6 years after loan completion |
| Unsuccessful loan applications | 12 months after decision |
| AML/KYC & due diligence | 5 years after relationship ends |
| Contracts, agreements | 6 years after expiry |
| Complaints | 6 years after resolution |
We apply strict security, including:
Encrypted data storage and secure servers.
Role-based access and staff training.
Regular penetration testing & monitoring.
We may send you marketing about products or services if:
You gave us consent, or
You are an existing contact and we use the “soft opt-in” rule under PECR.
You can opt out anytime via unsubscribe links or privacy@lendfirst.co.uk.
We use cookies to improve site functionality, monitor traffic, and enhance security. See our Cookie Policy for details.
Under UK GDPR, you have the right to:
Access your data.
Correct inaccurate information.
Request erasure (in certain cases).
Restrict or object to processing.
Port your data to another provider.
Withdraw consent (where processing is based on consent).
Object to marketing at any time.
To exercise rights: [ privacy@lendfirst.co.uk ]
If unhappy, contact us first: [ privacy@lendfirst.co.uk ]
You can also contact the Information Commissioner’s Office (ICO):
Website: https://ico.org.uk
Helpline: 0303 123 1113
We may update this Policy. The latest version will always appear on our website with the date updated.
Data Protection Officer
LendFirst Limited
Group First House
Mead Way
Padiham
BB12 7NG
Email: privacy@lendfirst.co.uk