TMS Finance Limited collects and processes certain types of information about individuals. These individuals may include customers, suppliers, business contacts, employees, and others with whom the organisation has—or may establish—a professional relationship. This policy explains how such personal data must be collected, managed, and stored to meet TMS Finance Limited’s data protection standards and comply with legal requirements.
This policy ensures that TMS Finance Limited:
Complies with data protection law and adheres to best practices.
Safeguards the rights of individuals whose data is held.
Is transparent about how it stores and processes personal data, in accordance with individuals’ rights.
Protects itself from the risks of data breaches.
The General Data Protection Regulation (GDPR) outlines how organisations, including TMS Finance Limited, must collect, handle, and store personal information. These rules apply to data stored in any format. In particular, the GDPR requires that personal information be:
Processed lawfully, fairly, and transparently in relation to individuals.
Collected for specified, explicit, and legitimate purposes, and not further processed in ways incompatible with those purposes. (Further processing for archiving, research, or statistical purposes may be exempt if not incompatible with the original intent.)
Adequate, relevant, and limited to what is necessary for the purposes for which it is processed.
Accurate and, where necessary, kept up to date. Inaccurate personal data must be erased or corrected promptly.
Retained only as long as necessary to fulfil the purposes for which the personal data is processed.
Processed in a manner ensuring appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using suitable technical or organisational measures.
TMS Finance Limited is required to maintain and update detailed internal records of its processing activities, covering:
The organisation’s name and details.
Relevant details of any data controllers, the organisation’s representative, and the Data Protection Officer.
The purposes of data processing.
Descriptions of the categories of individuals and personal data.
Categories of recipients of personal data.
Details of any data transfers to third parties or outside the UK (or EEA), including safety mechanisms.
Retention schedules.
Technical and organisational security measures.
TMS Finance Limited keeps records of these activities and updates them as necessary. Personal data is retained for 6 years, in accordance with Financial Conduct Authority (FCA) record-keeping rules. Beyond this period, personal data is stripped of identifying details and used only for statistical purposes.
Under GDPR, TMS Finance Limited must have a valid lawful basis to process personal data. In most scenarios, the processing must be “necessary.” The six lawful bases set out in Article 6 of the GDPR are:
Consent – The individual has given clear permission to process their personal data for a specific purpose.
Contract – Processing is necessary for a contract with the individual or to take steps at their request prior to entering a contract.
Legal Obligation – Processing is necessary for compliance with the law.
Vital Interests – Processing is necessary to protect someone’s life.
Public Task – Processing is necessary for a task in the public interest or for official functions with a clear legal basis.
Legitimate Interests – Processing is necessary for the legitimate interests of TMS Finance Limited or a third party, unless overridden by the individual’s data protection rights.
TMS Finance Limited typically relies on the “Contract” basis (e.g., processing data to provide a finance quote or facilitate a loan). Where special categories of data (e.g., race, religion, health, biometric data) or criminal conviction data may be processed, TMS Finance Limited identifies both a lawful basis under Article 6 and an additional condition for such specific data under Article 9 or 10 of the GDPR, respectively.
TMS Finance Limited acts as both a data Controller and a data Processor. All staff are responsible for continuously upholding the highest data protection standards and best practices. A designated Data Protection Officer (DPO), is accountable for ensuring GDPR compliance throughout the organisation.
TMS Finance Limited is obliged to implement technical and organisational measures demonstrating that data protection principles are embedded into its processing activities. Whenever TMS Finance Limited introduces new technologies or significantly changes data-processing operations, a Data Protection Impact Assessment (DPIA) is conducted. This assessment covers:
A description of the planned processing and its purposes, including any legitimate interests pursued by the controller.
An evaluation of the necessity and proportionality of the processing in relation to its purpose.
An assessment of the potential risks to individuals.
Measures in place to mitigate these risks and demonstrate compliance.
Under GDPR, individuals have enhanced rights, which TMS Finance Limited respects and supports:
Right to Be Informed
Right of Access
Right to Rectification
Right to Erasure
Right to Restrict Processing
Right to Data Portability
Right to Object
Rights in Relation to Automated Decision-Making and Profiling
TMS Finance Limited provides a Privacy Notice whenever personal data is collected, ensuring transparency about how data is processed. The Privacy Notice is concise, clear, and easily accessible, detailing:
The identity of the Data Controller.
The lawful basis for processing.
Whether any third parties have legitimate interests.
Categories of personal data.
Categories of recipients (e.g., banks, credit unions).
Data retention periods.
The individual’s rights, including the right to withdraw consent.
How to complain if they believe data has been mishandled.
Individuals can request corrections to inaccurate or incomplete personal data. If TMS Finance Limited has shared this data with third parties, we will inform them of these corrections where possible. TMS Finance Limited aims to address these requests within one month (extendable by two months for complex cases).
Individuals have the right to request deletion of personal data in specific circumstances, such as where the data is no longer needed for the original purpose, consent is withdrawn, or the processing is unlawful. TMS Finance Limited may refuse erasure requests if the data is needed for legal obligations, public interest tasks, or the exercise or defense of legal claims. If personal data has been shared with third parties, we will notify them of the erasure where feasible.
Processing of personal data will be restricted if:
The individual disputes its accuracy.
The individual has objected and TMS Finance Limited is assessing whether its legitimate interests override those of the individual.
Processing is unlawful but the individual requests restriction instead of erasure.
TMS Finance Limited no longer needs the data, but the individual requires it to establish or defend a legal claim.
If personal data has been shared with third parties, they will be informed of any restriction, except in cases where this proves impossible or disproportionate.
Where data is processed by automated means under consent or contract, individuals can request their data in a commonly used, machine-readable format (e.g., CSV). TMS Finance Limited will supply this free of charge and may transfer it directly to another organisation if technically feasible.
Individuals can object to processing based on their particular situation, unless TMS Finance Limited demonstrates compelling legitimate grounds or the processing is necessary for legal claims. If the objection is to direct marketing, TMS Finance Limited will cease processing immediately.
If TMS Finance Limited ever engages in automated decision-making or profiling that produces legal effects or similarly significant impacts, it will ensure compliance with all relevant GDPR requirements. Currently, TMS Finance Limited does not carry out automated decision-making involving profiling.
Individuals may request:
Confirmation that their data is being processed.
Access to their personal data.
Other supplementary details (e.g., how data is collected, shared, and retained).
TMS Finance Limited typically provides this information free of charge, though a “reasonable fee” may apply if requests are repetitive or manifestly unfounded. Once the requester’s identity is verified, we aim to respond within one month, extendable by two months for complex or multiple requests.
Data subjects who feel their personal data has been processed improperly by TMS Finance Limited can use the company’s internal complaints procedure. If still unsatisfied, they may escalate their concerns to the Information Commissioner’s Office (ICO).
10. Data Security and Storage
TMS Finance Limited takes robust measures to safeguard personal data against unauthorized access, accidental deletion, and malicious hacking attempts.
Paper Records
Store in locked cabinets or drawers when not in use.
Ensure no sensitive printouts are left unattended.
Shred or securely dispose of any physical documents no longer required.
Electronic Records
Use strong passwords or encryption for all data.
Keep removable media (CDs, USB drives) secure when not in use.
Store data only on designated servers or approved cloud services.
Back up data frequently and test these backups regularly.
Protect servers and computers with reputable security software and firewalls.
Never save personal data directly onto personal devices.
Avoid sending unencrypted personal data via email.
Only transfer personal data outside of the UK or EEA with adequate safeguards in place.
At TMS Finance Limited, the point where personal data is accessed poses the highest risk of theft or loss, so employees must:
Lock computer screens when leaving them unattended.
Send confidential information through secure channels.
Refrain from storing personal data on personal devices.
+44 (0)345 257 0161
Business finance specialist helping SMEs, property developers, and investors access tailored business loans and flexible funding options to support growth and development.
info@uktms.com
Phone: +44 (0) 345 257 0161
TMS Finance, 28 Granby Road, Stockport, Greater Manchester, England, United Kingdom, SK2 6ET
info@uktms.com
Phone: +44 (0) 345 257 0161
TMS Finance, 28 Granby Road, Stockport, Greater Manchester, England, United Kingdom, SK2 6ET
Book an appointment with a member of our team at your convenience through our online calendar today.
TMS Finance is a trading style of TMS Finance Limited (FRN: 1027582) who are Credit Brokers and are Appointed Representatives of White Rose Finance Group Ltd (FRN: 630772) Authorised and Regulated by the Financial Conduct Authority.
TMS Finance Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take all reasonable steps to ensure that the personal data you provide is collected, processed, and stored securely and lawfully.. We only share your data with trusted third parties — such as lenders, brokers, and packagers — where it is necessary to fulfil your request and always in line with your best interests. We do not sell or distribute your data to unrelated third parties
PLEASE MAKE BORROWING DECISIONS CAREFULLY, PROPERTY OR OTHER ASSETS OFFERED AS SECURITY MAY BE AT RISK IF YOU CANNOT KEEP UP WITH REPAYMENTS.
