Legal

Privacy Policy

Navrisk is operated by SME Analytics & Technologies Limited (registered in England & Wales, company no. 12592114), a subsidiary of SME Services & Holdings Limited (t/a SME Capital). The group privacy policy set out below applies to your use of the Navrisk website and services.

Welcome to our privacy policy (the "Privacy Policy")

Whether you are a borrower, lender, person connected with the borrower or lender, persons connected with a borrower's loan, or just visiting our Website (each a "User", and together the "Users") we think it is important that you understand:

  • How and when we collect your Personal Data;
  • What Personal Data we collect;
  • Why we use your Personal Data; and
  • Your rights and choices.

This Privacy Policy (together with our terms of use, terms and conditions, and any other documents referred to therein) sets out the basis on which any Personal Data we collect from you, or that you provide to us, will be processed by us. Please read this Privacy Policy carefully. By using or accessing our Website and/or Platform, contacting us by telephone, by emailing us or otherwise providing information to us (for example through our social media or our originators), you confirm that you have read this Privacy Policy, and you understand and agree to be bound by the practices described herein.

If, and to the extent, you provide Personal Data relating to any third party to us, you confirm that they have appointed you to act on their behalf, you have obtained their consent to pass their Personal Data to us, or have otherwise determined that another ground applies under the Data Protection Legislation for you to pass their Personal Data to us, and for us to process that Personal Data in the manner and for the purposes described in this Privacy Policy.

Our Website, Platform and this Privacy Policy may provide links to other resources (which we believe to be useful) and other websites. These links will lead you to websites operated by third parties that operate under their own privacy policies. Should you follow one of these links you will be leaving our Website for a site over which we have no control, and we are not responsible for such a site.

Definitions used in this Privacy Policy

Data Controller means an individual, company or other organisation who determines the purposes for which and the manner in which any Personal Data are, or are to be processed. We act as the Data Controller when processing Personal Data relating to our Users.

Data Processor means, in relation to Personal Data, any person (other than an employee of the Data Controller) or organisation which processes data on behalf of a Data Controller.

Data Protection Legislation means the General Data Protection Regulation 2016, the Data Protection Act 2018 and any other legislation that applies to our processing of Personal Data about you.

Data Subject means a person who is the subject of Personal Data.

EEA means European Economic Area.

Personal Data means data which relate to a living individual who can be identified from:

  1. such data; or
  2. such data and other information which is in or is likely to come into the possession of the Data Controller, and includes any expression of opinion about the individual and any indication of the intentions of the Data Controller or any other person in respect of the individual.

Platform means the private site for our Users that appears at app.smecapital.com.

Services means the services we provide to Users via the Platform.

Website means our public websites, including www.smecapital.com and www.navrisk.io.

"we", "us", "our" means SME Services & Holdings Limited and its subsidiary undertakings (including SME Analytics & Technologies Limited t/a Navrisk and SME Capital) and where applicable, our officers, consultants, agents and employees.

For ease of reading these words "we", "us", "our", "you" and "your" are not shown in capitals.

1. What type of data we collect and process

We collect and process:

  1. Contact Details: e.g. your name, address, job title, telephone number and email address;
  2. Financial Information: e.g. asset and liability statement;
  3. Personal Data that identifies you from your visit to our Website including:
    1. your internet protocol ("IP") address used to connect your computer to the internet, login information, browser type and version, time zone setting, browser plug in-types and versions, geolocation information about where you might be operating systems and versions, each device's unique identifying code (MAC address), operating system, platform and electronic signatures;
    2. all of the information you choose to submit to us including any information provided by you to us when making an application or registering your interest for our Services via our Platform along with the information you send to us in hard copy, emails and text messages (including WhatsApp messages), or interacting with us on social media platforms (such as LinkedIn, Facebook or Twitter); and
    3. information you provide when you opt-in to marketing messages.
  4. Data on how you use our Platform and/or Website:
    1. your URL clickstream (the path you take through our site), products and services viewed, pages response time, download errors, how long you stay on our pages, what you do on those pages (such as scrolling, clicks and mouse-overs), number and nature of edits made to certain sections and information and methods used to browse away from the page;
    2. information otherwise obtained in conjunction with your use of the Platform, including any information that you post to your profile, a company's profile, any alerts that you set, questions and answers that you view, widgets used and any preferences listed in your dashboard; and
    3. information about you received from other sources. We work closely with third parties (including, for example, business partners, sub-contractors in technical and delivery services, analytics providers and search information providers) and may receive information about you from these sources.
  5. Other data:
    1. information that you send to us as part of our "know your client" compliance checks;
    2. all of the information provided to us by third parties such as information provided by your employer or organisations who enable us to carry out identity checks and/or other fraud prevention services;
    3. data from your contracts, such as for example your contract templates, smart fields, data integrated into contracts from third party providers, counterparty names and e-mail address, comments, activity on contracts and signatures; and
    4. information you give us when you report a problem with our Website and/or Platform.

2. How we collect your Personal Data

We collect Personal Data via:

  1. information given to us by you;
  2. information we collect about you; and
  3. information received from other sources.

3. Why we collect your Personal Data

  1. Information given to us by you — we will use this information to:
    1. carry out our obligations arising from any contracts entered into between Users and us;
    2. provide you with information about products and Services that you request from us;
    3. provide you with information about other Services we offer that are similar to those that we already provide to you or that you have enquired about;
    4. provide you with information about Services we feel may interest you. If you are an existing User, we may contact you by telephone and/or electronic means with information about Services similar to those which were the subject of a previous agreement or negotiation between us. If you are a new User, we will contact you by telephone or electronic means only if you have consented to this;
    5. notify you about changes to our Services;
    6. use for data analysis (not used for marketing), testing, research, statistical and survey purposes;
    7. ensure that the content from our Website and/or Platform is presented in the most effective manner for you and your computer; and
    8. complete regulatory checks, including "KYC" checks.
  2. Information we collect about you — we will use this information to:
    1. administer our Website and/or Platform for internal operations, including but not limited to troubleshooting;
    2. use for data analysis (not used for marketing), testing, research, statistical and survey purposes;
    3. improve our Website and/or Platform to ensure that the content is presented in the most effective manner for you and your computer;
    4. keep our Website and Platform safe and secure;
    5. make suggestions and recommendations to you and other Users of our Website and/or Platform and about the Services that may interest you or them; and
    6. complete regulatory checks, including "KYC" checks.
  3. Information received from other sources:
    1. we may combine this information with information you provide to us and information we collect about you;
    2. we may use this information and the combined information for the purposes set out above (depending on the types of information we receive);
    3. we may process your Personal Data from business cards where the information captures in a personal networking capacity as part of our business operations;
    4. we may use this information to complete regulatory checks, including "KYC" checks; and
    5. we may use this information for data analysis (not used for marketing), testing, research, statistical and survey purposes.

4. How we use your Personal Data

The purposes for which we may process your Personal Data include:

  1. providing our Services and performing the contract we are about to enter into or have entered into with you;
  2. fulfilling our credit, legal or regulatory obligations;
  3. pursuing a legitimate interest as long as your interests and fundamental rights do not override those interests.

Please notice that we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You may withdraw consent to marketing at any time by contacting us.

5. Who we disclose your Personal Data to

In order to run our business and provide you with many of our products and services, we may share the information we collect with:

  1. the prospective seller or buyer if we sell or buy any business or assets;
  2. regulatory authorities to comply with our legal and regulatory obligations;
  3. our employees, agents, officers, consultants and business units that have relationships with our customers and Users for the purpose of provision of the Services;
  4. third-party service providers where this is necessary for the purpose of continuing to provide the Services to you;
  5. our insurers and insurance brokers where required in order for us to be able to obtain insurance against risks we face in running our business. They may retain this information for the purpose of ongoing risk assessment and insurance broking and underwriting services;
  6. credit reference agencies, banks and finance companies which provide anti-fraud and identity information to us. Where we do so for anti-fraud purposes, the recipient organisation may hold your information on file for the purposes of their fraud-prevention services in the future;
  7. lenders for credit check purposes and other loan related checks;
  8. our professional advisors for example our lawyers and technology consultants when they need it to provide advice to us;
  9. the Police, local authorities, His Majesty's Revenue and Customs (HMRC), the Courts and any other central or local government bodies where they request it and we may lawfully disclose it, for example for the prevention and detection of crime; and
  10. any new business partners we may have over time, for example a joint venture, reorganisation, business merger or sale affecting us.

When we share your Personal Data with third parties, your Personal Data is shared only when strictly necessary and according to the safeguards and good practices in this Privacy Policy and in accordance with the Data Protection Legislation.

6. Your privacy choices and rights

You have the right to:

  1. ask us not to process your Personal Data for marketing purposes. Please contact us at the address indicated below or use the unsubscribe option in any marketing material we send to you;
  2. request a copy of the Personal Data we hold about you and to have inaccuracies corrected;
  3. request that we delete Personal Data we hold about you (this right is only available to you in certain circumstances);
  4. restrict the ways in which we process Personal Data about you (this right is only available to you in certain circumstances);
  5. ask that we provide you Personal Data in a structured, commonly used and machine-readable format so that you can transfer it to another organisation;
  6. object to our processing of your Personal Data (this right is only available to you in certain circumstances);
  7. ask that we cease any automated decision making we carry out about you.

You can find more information about the rights available to you from the Information Commissioner's Office (ICO). You can call the ICO on 0303 123 1113 or get in touch via other means, as set out on the ICO website.

You can contact us to discuss your information at any point in time using the details provided below:

SME Analytics & Technologies Limited, 5th Floor, 101 Wigmore Street, London W1U 1QU. Email hello@navrisk.io.

We may have to ask you to provide evidence of your identity, or provide more information, before we can respond to your request.

We reserve the right not to comply with any requests we receive from Users where we may lawfully do so, or where there is a legitimate business interest to not do so.

7. For how long we store your Personal Data

We will retain your Personal Data for 7 years from the date our agreement with you terminates or expires or we cease providing services to you (whichever happens later). We retain your information for this period to ensure we are able to meet our legal obligations, in case any issues arise following the end of provision of our services or in case you have any queries about the services we provided to you. Your information will be kept securely at all times. Following the end of the 7 year period, Personal Data we hold about you will be permanently and irretrievably deleted or destroyed.

8. What data we do not collect

We do not knowingly collect any Personal Data from any person under 16 years of age.

9. Transfer of Personal Data outside of the EEA

We do not transfer any of your Personal Data outside of the EEA.

10. How we use Cookies

A cookie is a small file of letters and numbers that web servers can store on your browser or the hard drive of your computer when you visit a website (unless you adjust your browser settings to refuse cookies). Cookies enable users to navigate around websites, record which areas of the website have been visited and for how long and (where appropriate) enable us to tailor the content to fit the needs of Users who have accessed the Website and/or Platform.

Cookies contain information that is transferred to your computer's hard drive. Our site uses cookies to distinguish you from other Users. This helps us to improve (i) our Website and/or Platform; and (ii) your user experience when you browse our Website and/or Platform. For more information about cookies, please read our Cookie Policy.

11. Social media, blogs, reviews, and similar services

Any social media posts or comments you make to us (e.g. on our own LinkedIn, Facebook or Twitter page) will be shared under the terms of the relevant social media platform on which they are made and could be made public by that platform. These platforms are controlled by other organisations and so we are not responsible for this sharing. You should review the terms and conditions and privacy policies of the social media platforms you use to ensure you understand how they will use your information, what information relating to you they will place in the public domain and how you can stop them from doing so if you are unhappy about it.

Any blog, review or other posts or comments you make about us, our products and our Services on any of our blog, review or user community services will be shared with all other members of that service and the public at large.

You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.

12. Security of communications

Passwords and log-in details

  1. Where we have given you a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. Please do not share this password with anyone else.
  2. If you ever receive a communication from us that you are concerned may be from a third-party impersonating one of our staff, please contact us immediately.
  3. We will never ask for your client number or password.

Security measures

  1. We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, offices and stores as much as possible.
  2. In particular, our Information Security policy set is aligned to ISO27001 which is an internationally recognised security standard.
  3. We also use secure means to communicate with you where appropriate, such as "https" and other security and encryption protocols.
  4. The transmission of information via the internet may not be completely secure. Although we do our best to protect your Personal Data, unfortunately, no data transmission is guaranteed to be 100% secure. We cannot guarantee the security of your data transmitted to our Website and/or Platform. You are responsible to keep secret and safe your username and password. Once we have received your information, we will use strict procedures and security features to reasonably prevent unauthorised access.

If you believe your privacy rights have been breached, please contact us at hello@navrisk.io or SME Analytics & Technologies Limited, 5th Floor, 101 Wigmore Street, London W1U 1QU.

13. Monitoring

For quality control, training, security and regulatory purposes, we may monitor and/or record your communications with us. These communications will be retained in line with our retention policy set out at section 7 above.

14. Updates to this Privacy Policy

We review our use of your information regularly. In doing so, we may change what we collect, how we keep it and what we will do with it. As a result, we will need to change this Privacy Policy from time to time. Any changes we may make to this Privacy Policy in the future will be posted on our Website.

15. About us

Navrisk is operated by SME Analytics & Technologies Limited (registered in England and Wales with company number 12592114; ICO registration ZA76039), registered office 5th Floor, 101 Wigmore Street, London W1U 1QU.

SME Analytics & Technologies Limited is a subsidiary of SME Services & Holdings Limited (registered in England and Wales with company number 12579992; ICO registration ZA757166), trading as SME Capital, with the same registered address. SME Services & Holdings Limited is owned by iO Finance Partners UK Limited.

16. Contact us

If you have questions, comments, requests or want any further information about our use of your information, our Website and/or Platform or this Privacy Policy, please contact us at hello@navrisk.io or SME Analytics & Technologies Limited, 5th Floor, 101 Wigmore Street, London W1U 1QU.

If we fail to address your concerns in a manner satisfactorily to you, you also have the right to contact or complain to the Information Commissioner's Office, either by calling their helpline or as directed on their website at www.ico.org.uk.

Last revision date: April 2026