Synergy Commercial Finance Limited is an independent commercial finance broker. We are committed to protecting your personal data and ensuring transparency in how we use it.
Data Controller: Synergy Commercial Finance Limited
Address: Greenbank Court, Challenge Way, Greenbank Business Park, Blackburn BB1 5QB
AFS Compliance Ltd acts as the principal firm under the Financial Conduct Authority (FCA) Appointed Representative (AR) regime. We are responsible for overseeing compliance through a network of Appointed Representatives (ARs) who operate under our regulatory permissions.
We provide access to our bespoke compliance platform, BIPS, which is used to process finance applications, enforce compliance workflows, and manage deal flow securely. BIPS logs user activity, automates regulatory checks, and ensures consistent adherence to legal and financial standards.
As Principal, we are the data controller for activities related to regulatory oversight, AML, monitoring, and platform performance. In some cases, we act as joint controllers or processors in coordination with ARs and lenders. Joint controller roles are governed by the Data Use and Access Act 2025 (DUAA), which sets out mandatory joint-controller responsibilities, record-keeping, and liability sharing.
Email: gdpr@afsuk.com
Our Data Protection Officer (DPO) can be contacted at the above email for any questions about this notice or your rights.
We may collect and process the following categories of personal data:
| Type | Category |
| Identity & Contact Data | Name, date of birth, address, phone numbers, email address, ID documentation (passport, driving license) |
| Financial & Credit Data | Income, expenditure, credit history, employment details, Bank details, financial commitments, and credit reports |
| Transactional Data | Details about the finance products or services you’ve engaged with |
| Usage Data | IP address, browser type, interaction with our website or services |
| Special Category Data | Health information (e.g., if disclosed as part of accessibility or vulnerability declarations) Only collected with explicit consent |
BIPS, our compliance platform, automatically logs deal-related activity, time-stamps key compliance events, and tracks access to sensitive data. These logs are used for regulatory supervision and internal auditing.
We collect data:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
| Purpose | Legal Basis | Explanation |
| To assess and arrange finance products | Contractual necessity (Art. 6(1)(b)) | To take steps at your request prior to entering a finance agreement |
| To carry out credit and fraud checks | Legitimate Interests (Art. 6(1)(f))
Contractual necessity (Art. 6(1)(b)) |
These checks are required by financial crime laws and to assess your suitability for finance.
To take steps at your request prior to entering a finance agreement. |
| To communicate with you about your application or finance options | Contractual necessity (Art. 6(1)(b)) & Legitimate Interests (Art. 6(1)(f)) | To ensure clear service delivery and client care |
| To refer your application to lenders or franchisee brokers | Legitimate Interests (Art. 6(1)(f)) & Contractual necessity (Art. 6(1)(b)) | To fulfil your finance enquiry effectively |
| To meet legal and regulatory obligations | Legal obligation (Art. 6(1)(c)) | To comply with UK financial and data protection laws |
| To monitor service quality and handle complaints | Legitimate interests (Art. 6(1)(f)) | To improve service and resolve disputes |
| Marketing communications | Consent (Art. 6(1)(a)) | We will only send marketing communications with your explicit opt-in |
| Processing special category data (e.g., health) | Explicit Consent (Art. 9(2)(a)) | Only processed if freely given by you for specific support needs |
| To monitor compliance via the BIPS platform | Legal obligation (Art. 6(1)(c)) & Legitimate interests (Art. 6(1)(f)) | To ensure ARs meet FCA regulatory standards and prevent misuse of the platform or financial crime exposure |
Credit Checks:
To facilitate the performance of the contract with you, Synergy Commercial Finance Limited may need to conduct credit checks, either on our behalf or directly through a lender.
By continuing your application for credit, you acknowledge and consent that credit checks may be carried out, which could impact your credit file.
By continuing your application for credit, you are processed under Legitimate Interests and/or Legal Obligation, and in line with DUAA this does not rely on consent. Credit checks may impact your credit file.
Where we rely on Legitimate Interests, we have completed a Legitimate Interests Assessment (LIA). A summary of these assessments is available upon request.
We may share your data with the following third parties, where appropriate:
All sharing with lenders, ARs and product providers is governed by the DUAA, which sets out controller responsibilities and safeguards. Under DUAA joint controller provisions, we and relevant lenders/ARs must ensure you are told which party to contact for exercising your data rights, who is primarily responsible for complaints, and how liability is apportioned.
Some lenders may use automated decision-making (e.g., credit scoring) to assess your eligibility. You will be informed directly if this occurs and can request human intervention or express your point of view.
We may use limited profiling to help match you with finance providers that best suit your circumstances or business needs. This involves evaluating financial information and preferences to support product suitability decisions.
We do not make decisions solely based on automated profiling that produce legal or similarly significant effects. Profiling activities are carried out under Legitimate Interests in compliance with the DUAA. You have the right to object and request human review.
Your data is primarily stored in the UK. If it must be transferred outside the UK/EEA, we ensure:
We take the protection of your personal data seriously. We use a combination of technical and organisational measures to safeguard it. These include:
We retain personal data for up to 6 years after your case is closed, in line with FCA requirements and to support legal claims or audits. Specific retention periods may vary depending on the data type:
In some cases, we may retain data longer if legally required (e.g., under HMRC rules).
Retention periods are reviewed for DUAA compliance, particularly in relation to credit check data.
You have the following rights under the UK GDPR:
To exercise any of these rights, contact: gdpr@afsuk.com
If you’re unsatisfied with our response, you can complain to the Information Commissioner’s Office (ICO): www.ico.org.uk | Tel: 0303 123 1113
For questions related to your specific finance application, please contact your broker directly. For questions about how your data is processed on the BIPS platform or about AFS Compliance’s role, contact gdpr@afsuk.com.
We use cookies and similar tracking tools to:
We use cookies and tracking tools in compliance with the UK Privacy and Electronic Communications Regulations (PECR) and UK GDPR. Where required, we request your consent before placing non-essential cookies.
You can manage cookie preferences through our Cookie Policy or browser settings.