Acorn.finance - Get funded logo.
Acorn.finance - Get funded logo.

Acorn.finance & Acorn.mortgage Data protection policy

Last Updated: 07 November 2025
FCA Registration: #660207 | NACFB Member

INTRODUCTION

At Acorn Finance, we understand that applying for business finance, commercial mortgages, property loans or residential mortgages requires sharing sensitive financial information. Your privacy and data security are our top priorities.

As a UK-based finance broker regulated by the Financial Conduct Authority (FCA) and member of the National Association of Commercial Finance Brokers (NACFB), we handle your personal and financial data with the highest standards of security and compliance. This privacy policy explains how we collect, use, store, and protect your information when you work with us to secure financing for your business.

Whether you’re applying for asset finance, bridging loans, or commercial mortgages, this policy outlines your rights under GDPR and UK data protection law, and demonstrates our commitment to transparency in every stage of your finance application.

Quick Navigation - Jump to Section

Table of Contents

What Information We Collect When You Apply for Finance

When you request a quote for business loans,  commercial mortgages, or other finance products through Acorn Finance, we collect information necessary to assess your application and connect you with appropriate lenders.

Personal Information

  • Full name and contact details (address, phone, email)
  • Date of birth and identification documents
  • Employment status and income details
  • Business information (if applying for commercial finance)

Financial Information

  • Bank statements and financial records
  • Credit history and credit score data
  • Details of existing loans, mortgages, or credit agreements
  • Business accounts and trading history (for business finance applications)

Technical & Website Data

  • IP address and browser information
  • Cookie data (see our Cookie Policy)
  • Pages visited and forms completed on our website

How We Use Your Information for Finance Applications

Acorn Finance processes your personal and financial data for specific, legitimate purposes related to providing finance brokerage services.

Primary Uses of Your Data

1. Processing Your Finance Application
We use your information to assess your eligibility for business loans, mortgages, asset finance, and other lending products. This includes analysing your financial situation and matching you with suitable lenders.

2. Credit Reference Checks
Lenders we introduce your application to may conduct credit checks with major credit reference agencies (Experian, Equifax, TransUnion) to evaluate your creditworthiness and ensure responsible lending. These checks may appear on your credit file.

3. Fraud Prevention & Security
Your data is checked against fraud prevention databases to protect both you and our lending partners from fraudulent applications and identity theft.

4. Regulatory Compliance
As an FCA-regulated broker, we must maintain accurate records of all finance applications and advice provided. This ensures we meet our regulatory obligations under FCA rules.

5. Improving Our Services
We use anonymised data and feedback to enhance our finance brokerage services and better serve clients seeking commercial and business funding.

Legal Basis for Processing

Under GDPR, we process your data based on:

  • Contract: Processing is necessary to provide you with finance quotes and arrange lending (our primary legal basis)
  • Consent: You provide explicit consent when submitting application forms
  • Legitimate Interest: Fraud prevention and service improvement
  • Legal Obligation: Compliance with FCA record-keeping requirements

Credit Checks & Sharing Data with Lenders

Understanding how your financial information is shared is crucial when applying for business finance or mortgages.

How We Handle Credit Information

Acorn Finance does not typically conduct credit searches directly. Instead, we work with you to gather the financial information needed to assess your commercial finance requirements and match you with appropriate lenders.

What we ask you to provide:

  • Recent credit reports (you can obtain free reports from Experian, Equifax, or TransUnion)
  • Details of existing credit commitments
  • Information about your credit history, including any CCJs or defaults
  • Business financial statements and trading history
  • Bank statements showing cash flow

By bringing this information to us, you maintain control over when and how credit searches are conducted.

When Credit Searches Happen

Credit searches are typically performed by lenders, not by Acorn Finance:

  • During Initial Assessment: Lenders may conduct “soft searches” when reviewing your application that don’t affect your credit score
  • For Formal Applications: When you proceed with a specific lender, they will conduct “hard searches” which are visible to other lenders and may temporarily impact your score
  • Your Control: You’ll always know before a hard search is conducted and can choose whether to proceed

Sharing with Banks & Lenders

To secure the best business loan rates or mortgage deals for you, we share your application with relevant lenders and financial institutions. This includes:

  • High street banks and challenger banks
  • Specialist commercial lenders
  • Bridging loan providers
  • Asset finance companies
  • Insurance providers (if you apply for loan protection)

We only share information with lenders who:

  • Are FCA regulated or authorised (where applicable)
  • Have legitimate need for the information
  • Maintain equivalent data protection standards

You have the right to ask which specific lenders received your information – contact us at [email protected]

Your Data Protection Rights Under GDPR

As a UK-based client of Acorn Finance, you have comprehensive rights over your personal and financial data.

Right to Access (Subject Access Request)

You can request a complete copy of all personal data we hold about you, including:

  • Application forms and quotes provided
  • Credit check results and lender communications
  • Notes from calls or meetings
  • Copies of documents you submitted

How to request: Email [email protected] with “Subject Access Request” in the subject line. We’ll respond within one month, free of charge.

Right to Rectification

If any information we hold is inaccurate or incomplete (such as outdated business details or incorrect financial figures), you can request corrections. This is particularly important for business finance applications where accurate financial data is crucial.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your data in certain circumstances. However, we must retain financial records for 6 years after our work with you is complete, as required by FCA record-keeping rules. After this period, data is anonymised for statistical purposes only.

Right to Restrict Processing

You can ask us to pause processing your data while we verify its accuracy or assess whether we have legitimate grounds to continue processing.

Right to Data Portability

You can request your data in a machine-readable format (such as CSV) to transfer to another finance broker or service provider.

Right to Object

You can object to:

  • Direct marketing communications (we’ll stop immediately)
  • Processing based on legitimate interests
  • Automated decision-making (though we don’t currently use this for finance applications)

 

Right to Withdraw Consent

You can withdraw consent for data processing at any time. Note: This doesn’t affect the lawfulness of processing before withdrawal, and we may still need to retain records for regulatory compliance.

How We Keep Your Financial Information Secure

Protecting your sensitive financial data is paramount when handling business loan applications and mortgage documents.

Digital Security Measures

  • Encryption: All data transmitted to our website uses SSL/TLS encryption (256-bit)
  • Secure Servers: Data stored on UK-based servers with enterprise-grade security
  • Access Controls: Multi-factor authentication for all staff accessing client data
  • Regular Backups: Encrypted daily backups tested weekly for integrity
  • Firewall Protection: Advanced firewall and intrusion detection systems
  • Secure File Transfer: Encrypted portals for document uploads (never plain email)

Physical Security

  • Paper documents stored in locked cabinets
  • Restricted access to offices containing client files
  • Secure shredding of all paper documents when no longer needed
  • Clean desk policy – no client data left visible when unattended

Staff Training & Policies

  • All employees undergo GDPR and data protection training
  • Confidentiality agreements signed by all staff members
  • Regular security audits and compliance reviews
  • Immediate action on any suspected data breaches

Third-Party Security

We only work with lenders, credit agencies, and service providers who maintain equivalent security standards and are:

  • GDPR compliant
  • FCA regulated (where applicable)

Data Retention - How Long We Keep Your Information

Active Applications & Live Agreements

While your finance application is being processed or while you have an active agreement arranged through us, we retain all relevant data for ongoing service and support.

Completed Applications - 6 Year Retention

After your finance is completed or your application is closed, we keep records for 6 years from the date of completion. This retention period is mandated by:

  • Financial Conduct Authority (FCA) record-keeping rules
  • UK tax regulations
  • Potential legal claims (statute of limitations)

Data retained includes:

  • Application forms and supporting documents
  • Quotes and lender communications
  • Advice given and recommendations made
  • Identity verification documents

After 6 Years - Anonymisation

After the 6-year period, personal identifiers are removed and data is retained only for:

  • Statistical analysis (anonymised)
  • Regulatory reporting (anonymised)
  • Business planning (aggregated data only)

Unsuccessful or Withdrawn Applications

If you withdraw your application or it’s unsuccessful, the 6-year retention period begins from the date of withdrawal/decline.

Marketing Data

If you’ve only subscribed to our newsletter or downloaded guides about business finance options or property finance without applying, we keep your contact details until you unsubscribe or for 3 years of inactivity, whichever is sooner.

Cookies & Website Tracking

Our website (acorn.finance) uses cookies to improve your experience and analyze how visitors use our finance services information.

Essential Cookies (Always Active)

These cookies are necessary for the website to function:

  • Session cookies (login state)
  • Security cookies (CSRF protection)
  • Load balancing cookies

Analytics Cookies (Opt-in)

With your consent, we use:

  • Google Analytics: Track page views, session duration, and popular content
  • Hotjar: Understand how users interact with our finance application forms
  • Anonymized IP addresses and no personal data collection

Marketing Cookies (Opt-in)

  • Google Ads: Track ad campaign effectiveness
  • Facebook Pixel: Retargeting for users who visited our website.
  • LinkedIn Insight: B2B marketing for commercial finance services

Managing Cookie Preferences

You can manage cookie settings through:

  • Our cookie consent banner (appears on first visit)
  • Your browser settings (block all third-party cookies)
  • Cookie Preference Center 

Note: Blocking essential cookies may prevent you from submitting finance application forms.

Contact Us & Data Protection Queries

General Privacy Questions

Email: – click here – 
Phone: 0748 080 1662
Post: Acorn Finance, 4th Floor, Silverstream House, 45 Fitzroy Street, London, W1T 6EB

Response time: We aim to respond to all privacy queries within 5 business days.

Data Protection Officer

While Acorn Finance is not required to appoint a formal DPO, our business owner Paul Thompson is responsible for GDPR compliance and handles all data protection matters.

Subject Access Requests

To request a copy of your data, email with:

  • “Subject Access Request” in the subject line
  • Your full name and contact details
  • Details of the information you’re requesting
  • Proof of identity (copy of passport/driving license)

Processing time: Within 1 month (may extend to 2 months for complex requests – we’ll notify you)

Making a Complaint About Data Handling

If you believe we’ve mishandled your personal or financial information, please contact us first so we can resolve the issue.

Step 1: Contact Acorn Finance

Raise your complaint by:

  • Email: – Acorn.finance
  • Phone: 0748 080 1662
  • Post: Acorn Finance, 4th Floor, Silverstream House, 45 Fitzroy Street, London, W1T 6EB

We’ll acknowledge within 5 business days and provide a full response within 8 weeks.

Step 2: Financial Ombudsman Service (FOS)

If your complaint relates to regulated mortgage advice or consumer finance and you’re not satisfied with our response:

Financial Ombudsman Service
Phone: 0800 023 4567
Website: www.financial-ombudsman.org.uk
Time limit: Within 6 months of our final response

Step 3: Information Commissioner's Office (ICO)

For complaints specifically about data protection:

ICO Helpline: 0303 123 1113
Website: www.ico.org.uk
Report online: ico.org.uk/make-a-complaint

The ICO is the UK’s independent data protection regulator and can investigate concerns about how organizations handle personal data.

NACFB (For Commercial Finance Complaints)

For complaints about non-regulated business finance or non-regulated property finance (including buy-to-let mortgages)

National Association of Commercial Finance Brokers
Website: www.nacfb.org
Email: [email protected] 

Frequently Asked Questions About Your Data

Will checking quotes affect my credit score?

Initial quote requests typically use “soft searches” that don’t affect your credit score. When you proceed to a full application for business finance or mortgages, lenders perform “hard searches” which are visible to other lenders and may temporarily impact your score.

Who do you share my information with?

We share your application data with:

  • Credit reference agencies (Experian, Equifax, TransUnion)
  • Banks and lenders on our panel who offer suitable finance products
  • Fraud prevention agencies
  • Insurance providers (if you apply for loan protection)

We never sell your data to third-party marketers.

How long do you keep my financial records?

We keep all records for 6 years after your application is completed or closed, as required by FCA regulations. After this period, data is anonymized for statistical purposes only.

Can I see which lenders you sent my application to?

Yes. You can request a complete list of lenders who received your information by emailing us or calling 0748 080 1662

What if I want to withdraw my application?

You can withdraw your finance application at any time by contacting us. We’ll stop processing immediately, though we must retain records for regulatory compliance (6-year retention period applies from withdrawal date).

Do you transfer data outside the UK?

No. All your data is stored on secure servers within the United Kingdom. We do not transfer personal or financial data outside the UK or European Economic Area (EEA).

How do I unsubscribe from marketing emails?

Every marketing email contains an “unsubscribe” link at the bottom. Alternatively, email us with “Unsubscribe” in the subject line. We’ll remove you within 48 hours.

Can I get my data in a format to use with another broker?

Yes. You can request your data in CSV or JSON format under your “right to data portability.” Email us with your request.

What happens if there's a data breach?

In the unlikely event of a data breach affecting your information, we will:

  • Notify you within 72 hours
  • Report to the ICO (if required by severity)
  • Explain what data was affected and steps we’re taking
  • Provide guidance on protecting yourself (e.g., credit monitoring)

How do I update my contact details or business information?

Contact us by email or call 0748 080 1662 with updated information. Accurate details are especially important for business loan applications to ensure quotes are based on current data.

Specific Policies for Website Users

Commenting on Blog Posts

If you leave comments on our little acorns blog:

  • We collect your name, email, IP address, and browser data (for spam prevention)
  • Your comment and profile picture (via Gravatar) are publicly visible
  • Comments are retained indefinitely for content context
  • You can request comment deletion by contacting us

Media Uploads

Avoid uploading images with embedded location data (EXIF GPS) to public areas of our website. Visitors can extract this information from image files.

Embedded Content

Our articles may include embedded videos from YouTube or Vimeo. These platforms may:

  • Set cookies on your device
  • Track your viewing behavior
  • Collect data as per their own privacy policies

User Accounts & Login

If you register for our client portal:

  • Login cookies last 2 days (14 days if you select “Remember Me”)
  • You can view, edit, or delete your profile information anytime
  • We store your login history for security purposes
  • Website administrators can access your account information for support

Third-Party Services We Use

To provide our finance brokerage services, we work with trusted third parties who process data on our behalf:

Credit Reference Agencies

Technology Providers

  • Google Analytics & Google Workspace
  • Hubspot  (CRM)
  • Cloudflare (website security)

Fraud Prevention

  • Cifas (fraud prevention database)
  • National Hunter (credit application fraud detection)

 

All third parties are contractually obligated to:

  • Process data only on our instructions
  • Maintain equivalent security standards
  • Delete or return data when no longer needed

Updates to This Privacy Policy

We review this privacy policy annually and update it when:

  • Our data processing practices change
  • New regulations or FCA rules come into effect
  • We introduce new finance products or services
  • Technology or security measures are upgraded

Last reviewed: 07 November 2025
Next review: 07 November 2026

Significant changes will be communicated via:

  • Email to active clients
  • Prominent notice on our website
  • Update to “Last Updated” date at the top of this page

Key Regulatory Information

Company: Paul Thompson trading as Acorn Finance
Trading Address: 4th Floor, Silverstream House, 45 Fitzroy Street, London, W1T 6EB
Website: https://acorn.finance
FCA Registration: 660207

NACFB Member: 98/1004/C

Data Controller: Paul Thompson
Responsible for GDPR Compliance: Paul Thompson
Contact: Email | 0748 080 1662

Getting Started With Acorn Finance

Now that you understand how we protect your data, we’re ready to help you secure the right financing.

Explore our services:

Ready to apply?

Your data is safe with us. Your business deserves the best finance solutions.
Contact us now
Verify You're on the Right Site
  • Official Website: acorn.finance
  • Founded: 1997 by Paul Thompson & Tom Thompson
  • Location: London, Sheffield, York, Newcastle.
  • Awards: 7 UK Best Broker Awards
  • FCA Number: 660207
  • NACFB Number: 98/1004/C
Quick Links
More Info

Authorised and regulated by the Financial Conduct Authority

Full member of the National Association of Commercial Finance Brokers

Not all financial products we arrange are regulated by the Financial Conduct Authority. For more information discuss with your broker or contact us.

© 2025 Acorn.finance. All Rights Reserved.