top of page

Last updated 17.02.2023

This Privacy Policy explains who we are, how we use and share personal information that CapSol Finance Limited (“CapSol”) with its registered office at Parkshot House, 5 Kew Road, Richmond, Greater London, TW9 2PR (company registration number is 13813535) collects about you, and how you can exercise your privacy rights. We recommend that you read this Privacy Policy in full to ensure you are fully informed. 

If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Policy.


1.1. CapSol is a specialist mortgage lender that offer buy-to-let loans to its clients and collect and use certain Personal Data relating to that commercial activity. CapSol is responsible for ensuring that it uses that Personal Data in compliance with data protection laws applicable in the United Kingdom.


1.2. At CapSol we respect the privacy of our clients, and we are committed to keeping all your Personal Data secure. This Privacy Policy governs the handling of Personal Data by CapSol in the course of carrying on commercial activities.


1.3. We use the following definitions in this Privacy Policy:

  • “CapSol”, “we or “us” means CapSol Finance Limited and other companies in the CapSol Group.

  • “CapSol Group” means us, our subsidiaries, our holding companies and any subsidiaries of those holding companies within the United Kingdom.

  • “Personal Data” means any data which relates to a living individual who can be identified from that data or from that data and other information, which is in the possession of, or is likely to come into the possession of, CapSol (or its representatives or service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of CapSol or any other person in respect of an individual.



 2.1.  This Privacy Policy concerns the following categories of information that we collect about you when providing the following products and services:

  • Information we receive through our website (CapSol Website);

  • Information we receive through our online marketplace products (CapSol Products);

  • Information we receive through our support, online security solutions or cloud-based services (CapSol Services)


2.2. Please note that if you are an applicant, borrower or intermediary this privacy policy is relevant to you.



3.1. Many of the services offered by CapSol require us to obtain Personal Data about you in order to perform the services we have been engaged to provide. In relation to each of the services described at paragraph 2.1 above, we will collect and process the following Personal Data about you:


3.1.1. Information that you provide to CapSol.

This includes information about you that you provide to us. The nature of the services you are requesting will determine the kind of Personal Data we might ask for, though such information may include (by way of a non-exhaustive list):

  • We may ask you to provide personal information voluntarily: for example, we may ask you to provide your contact details in order to register an account with us, to apply for a loan, and/or to submit enquiries to us.  The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

  • Our application form which you submit in order to apply for a loan asks for the following types of information to allow us to perform relevant Know-Your-Customer and Anti-Money Laundering checks and to assess your suitability for a loan:

    • Personal details (including name, date of birth, marital status, nationality and residence rights);

    • Contact details (including email address, phone number(s) and residential address(es) for the past 3 years);

    • Family information (including details of dependants);

    • Financial information (including credit card commitments, personal mortgage commitments and income details); and

    • Employment details (including job title and name of employer or details of any self-employment).

  • When you visit our Website, we may collect certain information automatically from your device.  In some countries, including countries in the European Economic Area, this information may be considered personal information under applicable data protection laws.

  • Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information.  We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked. 

  • Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them.  We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.

  • Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies and similar tracking technology” [link] below.


3.1.2. Any information that you choose to share on CapSol internet forums which may be considered Personal Data. (Please note that CapSol does not collate information included on CapSol internet forums together with Personal Data from your account or profile);


3.1.3. Information that we obtain from third party sources:

  • From time to time, we may receive personal information about you from third party sources (including mortgage brokers, credit reference and fraud prevention agencies, the Home Office, HM Revenue & Customs, any past/present employer, accountant, lender or bank, other applicants and any referees or guarantors provided), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us. 

  • The types of information we collect from third parties include contact details where you have been referred by a mortgage broker, KYC details and any money laundering or suspected fraud details, immigration status, validation of information supplied under the HMRC Verification Scheme, and we use the information we receive from these third parties to assess your application and suitability for a loan, undertake KYC checks, prevent fraud and money-laundering and to maintain and improve the accuracy of the records we hold about you.

  • In general, we will use the personal information we collect from you only for the purposes described in this Privacy Policy or for purposes that we explain to you at the time we collect your personal information.  However, we may also use your personal information for other purposes that are not incompatible with the purposes we have disclosed to you (such as statistical purposes) if and where this is permitted by applicable data protection laws.


3.1.4. Information that we collect or generate about you. This includes (by way of non-exhaustive list):

  • a file with your contact history to be used for enquiry purposes so that we may ensure that you are satisfied with the services which we have provided to you;

  • a file with your contact history to be used for marketing purposes where we send direct marketing communications to ensure that you are aware of products and special offers that may be of interest to you;

  • through our cloud security services, traffic and security reports that include information on the internet usage of the organisation’s computer users (e.g. what websites were visited by each user, any documents downloaded, security incidents, prevention measures taken by the gateway, etc.);

  • screen recordings of activity on our websites to assist in customer support, help us to identify any issues and understand how users interact with the websites;  and

  • activity data relating to the use of protected documents, such as altering a document’s permissions and information regarding the individual that performed the activity.


3.1.5. Information we obtain from other sources.


3.2. Cookies.

When you visit CapSol Websites, cookies are used to collect technical information about the services that you use, and how you use them. For more information on the cookies used by CapSol please see our Cookie Notice


3.3. Anonymised data

In addition to the categories of Personal Data described above, CapSol will also process further anonymized information and data that is not processed by reference to a specific individual.




4.1. Your Personal Data may be stored and processed by us in the following ways and for the following purposes:

4.1.1. for ongoing review and improvement of the information provided on CapSol Websites to ensure they are user friendly and to prevent any potential disruptions or cyber attacks;

4.1.2. to allow you to use and access the functionality provided to support CapSol Products;

4.1.3. to enable you to submit your application for CapSol Products, where applicable;

4.1.4.     to set up customers to use CapSol Products;

4.1.5.     to set up users to use the investor portal and/or the broker portal;

4.1.6.     to conduct analysis required to detect malicious data and understand how this may affect your IT system;

4.1.7.     for statistical monitoring and analysis of current attacks on devices and systems and for the on-going adaptation of the solutions provided to secure devices and systems against current attacks;

4.1.8.     to understand feedback on CapSol Products and to help provide more information on the use of those products and services quickly and easily;

4.1.9.     to communicate with you in order to provide you with services or information about CapSol and CapSol Products;

4.1.10. to send you select direct marketing communications to ensure that you are aware of new products and special offers that may be of interest to you;

4.1.11. for in-depth threat analysis;

4.1.12. to understand your needs and interests;

4.1.13. for the management and administration of our business;

4.1.14. in order to comply with and in order to assess compliance with applicable laws, rules and regulations, and internal policies and procedures; or

4.1.15. for the administration and maintenance of databases storing Personal Data.


4.2.  However we use Personal Data we make sure that the usage complies with law and the law allows us and requires us to use Personal Data for a variety of reasons. These include:

4.2.1. we need to do so in order to perform its contractual obligations with its customers;

4.2.2. we have obtained your consent;

4.2.3. we have legal and regulatory obligations that we have to discharge;

4.2.4. we may need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings;

4.2.5. the use of your Personal Data as described is necessary for our legitimate business interests, such as:

  • allowing us to effectively and efficiently manage and administer the operation of our business;

  • maintaining compliance with internal policies and procedures;

  • monitoring the use of our copyrighted materials;

  • enabling quick and easy access to information on CapSol Products;

  • offering optimal, up-to-date security solutions for mobile devices and IT systems; and

  • obtaining further knowledge of current threats to network security in order to update our security solutions and provide these to the market. 


4.3. We will take steps to ensure that the Personal Data is accessed only by employees of CapSol that have a need to do so for the purposes described in this Privacy Policy.





5.1. We may share your Personal Data within the CapSol group of companies for the purposes described above.


5.2.  We may also share your Personal Data outside of the CapSol Group for the following purposes:


5.2.1. with our business partners. For example, this could include our partners from whom you or your company or your organisation purchased the CapSol product(s). Personal Data will only be transferred to a business partner who is contractually obliged to comply with appropriate data protection obligations and the relevant privacy and confidentiality legislation;


5.2.2. with third party agents and contractors for the purposes of providing services to us (for example, CapSol’s accountants, professional advisors, IT and communications providers and debt collectors). These third parties will be subject to appropriate data protection obligations and they will only use your Personal Data as described in this Privacy Policy;


5.2.3. to the extent required by law, for example if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators), or to establish, exercise or defend its legal rights;


5.2.4. if we sell our business or assets, in which case we may need to disclose your Personal Data to the prospective buyer for due diligence purposes; and


5.2.5. if we are acquired by a third party, in which case the Personal Data held by us about you will be disclosed to the third party buyer.




6.1. In order to process your application for a loan, we will perform credit and identity checks on you with one or more credit reference agencies (CRAs). We may also carry out further periodic searches at CRA’s to allow us to manage your account with us.


6.2. To do this, we will supply your Personal Data to CRAs. This will include your name, date of birth and residential address. It may also include additional information such as your salary, previous residential addresses and other information you provide as part of your credit application.


6.3. The CRAs will match this information to the records they hold about you, and provide in return, both public information (including the electoral register) and shared credit information in relation to your financial situation and financial history.


6.4. CRA’s will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.


6.5. We will use this information to:

  • Assess your creditworthiness and whether you can afford to take the product;

  • Verify the accuracy of the data you have provided to us;

  • Prevent criminal activity, e.g fraud and money laundering;

  • Manage your account(s);

  • Trace and recover any debts; and

  • Ensure any offers provided to you are appropriate to your circumstances.


6.6. We will continue to exchange information about you with CRA’s while you have a relationship with us. We will also inform the CRA’s about your settled accounts. If you borrow and do not repay in full or on time, CRA’s will record the outstanding debt. This information may be supplied to other organisations by CRA’s.


6.7. When CRA’s receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.


6.8. If you are making a joint application, or tell us that you have a spouse of a financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRA’s will also link your records together and these links will remain on your and their files until such time as your partner successfully files for a disassociation with the CRA’s to break the link.


6.9. The identities of the CRA’s, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRA’s are explained in more detail at




7.1. CapSol is a global business. Our customers and our operations are spread around the world. As a result we collect and transfer Personal Data on a global basis. That means that we may transfer your Personal Data to locations outside of your country.


7.2. Where we transfer your Personal Data to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of Europe, for example, this may be done in one of the following ways:


7.2.1. the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data (Israel is an approved country);


7.2.2. the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your Personal Data;


7.2.3. where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or


7.2.4. in other circumstances the law may permit us to otherwise transfer your Personal Data outside Europe.


7.3.       You can obtain more details of the protection given to your Personal Data when it is transferred outside Europe (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as described in paragraph 14 below.




8.1. We have extensive controls in place to maintain the security of our information and information systems. Client files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed or stored is limited to authorised employees.


8.2. As a condition of employment, CapSol employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive Personal Data is limited to those employees who need to it to perform their roles. Unauthorised use or disclosure of confidential client information by a CapSol employee is prohibited and may result in disciplinary measures.


8.3. When you contact a CapSol employee about your file, you may be asked for some Personal Data. This type of safeguard is designed to ensure that only you, or someone authorised by you, has access to your file.




9.1. How long we will hold your Personal Data for will vary and will be determined by the following criteria:

  • the purpose for which we are using it CapSol will need to keep the data for as long as is necessary for that purpose; and

  • legal obligations laws or regulation may set a minimum period for which we have to keep your Personal Data.




10.1. Before we provide financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.


10.2. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.


10.3. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, electronic device identifiers including IP address and vehicle details.


10.4. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.


10.5. We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.

10.6. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

10.7. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.

10.8. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.



11.1. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.

11.2.       A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.



12.1. Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.



13.1. In all the above cases in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you can exercise them free of charge. These rights include:

  • the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which we hold about you;

  • the right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation;

  • in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided directly to CapSol;

  • the right to request that we rectify your Personal Data if it is inaccurate or incomplete;

  • the right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data but we are legally entitled to retain it;

  • the right to object to, or request that we restrict, our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your Personal Data but we are legally entitled to refuse that request; and

  • the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.

13.2. You can exercise your rights by contacting us using the details listed in section 15 below.


CapSol’s registered office may be contacted using the following contact information:

Address: Parkshot house, 5 Kew Road, Richmond, Greater London, TW9 2PR

Email Address:


If you have any questions or concerns about CapSol’s handling of your Personal Data, or about this Policy, please contact our team using the following contact information:

Address: Parkshot house, 5 Kew Road, Richmond, Greater London, TW9 2PR

Email Address:

We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from our Privacy Officer, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, CapSol’s Privacy Officer will provide you with the contact information for that regulator.


You, or someone acting on your behalf, have the right to opt out of receiving some or all of the marketing communications we may send you at any time and can do so by (i) emailing us at or (ii) calling us on 0203 900 1188.


17.1 We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make.  We will obtain your consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

17.2 You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

Privacy Policy

bottom of page