Privacy Notice

v1.1 April 2026

HGS Capital Ltd (“HGS Capital”, “we”, “us”, “our”) is committed to protecting your personal data and handling it responsibly. This Privacy Notice explains how we collect, use, store and share personal data in connection with our business activities as a commercial finance broker arranging business-purpose property finance.

HGS Capital Ltd is registered in England & Wales under company number 16781975 and is the data controller for the purposes of this Privacy Notice.

1. Who We Are

HGS Capital Ltd

32 Lambrook Terrace

Fulham

London

SW6 6TG

Email: privacy@hgscapital.co.uk

Website: www.hgscapital.co.uk

Telephone: +44 7885 609988

HGS Capital is registered with the Information Commissioner’s Office under registration number ZC015898.

2. Scope

This Privacy Notice applies to personal data we collect in the course of:

  • responding to enquiries

  • assessing finance requirements

  • sourcing and arranging finance

  • carrying out AML / KYC and compliance checks

  • dealing with introducers, lenders, solicitors, valuers and other professional parties

  • maintaining our records and complying with legal and regulatory obligations

This notice applies to borrowers, guarantors, directors, shareholders, beneficial owners, introducers, professional contacts and other individuals whose personal data is provided to us.

3. How We Collect Personal Data

We collect personal data in the following ways:

  • directly from individuals, including where you contact us, complete forms, or provide information during the course of an enquiry or transaction

  • from third parties, including introducers, lenders, solicitors, valuers and other professional advisers involved in a transaction

  • from publicly available sources, including Companies House and other relevant databases

  • from identity verification, AML and fraud prevention providers

Where personal data is provided to us by a third party, we expect that they have the appropriate authority to share that data.

4. Personal Data

The personal data we collect, whether obtained directly or from third parties, may include:

Identity and contact information

  • name

  • date of birth

  • residential address

  • email address

  • telephone number

Professional and business information

  • employment details

  • company directorships

  • shareholdings and beneficial ownership information

Financial and transaction information

  • financial background

  • source of funds and source of wealth

  • credit history disclosures

  • details of the property and finance requirement

Verification and compliance information

  • identification documents

  • proof of address

  • AML / KYC checks

  • sanctions and PEP screening results

We may also receive information from third parties including:

  • introducers

  • lenders and funders

  • solicitors

  • valuers and professional advisers

  • Companies House

  • identity verification providers

  • publicly available sources.

5. How We Use Personal Data

We use personal data for the following purposes:

  • to assess your enquiry and determine whether we may be able to assist

  • to source indicative terms or agreements in principle

  • to package, present and progress finance applications

  • to verify identity and carry out AML, KYC, sanctions and related checks

  • to assess transaction structure, borrower profile and lender suitability

  • to communicate with you and relevant third parties involved in the transaction

  • to maintain internal records and an audit trail

  • to manage our business operations and professional relationships

  • to comply with legal, regulatory and professional obligations

  • to establish, exercise or defend legal claims where necessary

6. Data Processing

We process personal data on one or more of the following lawful bases:

Contract — where processing is necessary to take steps at your request or to perform our agreement with you

Legal obligation — where processing is required to comply with AML, fraud prevention, record-keeping or other legal obligations

Legitimate interests — where processing is necessary for our legitimate interests in assessing, arranging and managing finance transactions and operating our business, provided those interests are not overridden by your rights

Consent — where consent is required by law, including for certain marketing communications

7. Special Category Data & Criminal Offence Data

In some cases, we may process limited information relating to politically exposed person status, sanctions exposure, adverse media, criminal convictions or ongoing investigations where this is relevant to AML, fraud prevention or lender due diligence requirements.

We only process this information where permitted by law and where it is necessary for compliance, fraud prevention, substantial public interest, or the establishment, exercise or defence of legal claims.

8. Sharing Personal Data

We may share personal data where reasonably necessary with:

  • prospective and actual lenders, funders and their agents

  • solicitors, valuers, surveyors, quantity surveyors, title insurers and other professional advisers

  • AML/KYC, sanctions, fraud prevention, identity verification and credit reference providers

  • introducers and referrers, where relevant to the transaction

  • accountants, auditors, insurers and compliance advisers

  • regulators, law enforcement agencies, courts or other authorities where required by law

  • technology and document storage providers who support our business operations

We only share personal data where it is necessary for the relevant purpose and on a need-to-know basis.

9. International Transfers

We primarily store and process personal data within the UK and EEA. If it becomes necessary to transfer personal data outside the UK or EEA, we will ensure that appropriate safeguards are in place in accordance with applicable data protection law.

10. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures include access controls, secure cloud storage, password protection, encryption where appropriate and restricted access to confidential files.

11. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including to satisfy legal, regulatory, accounting, AML and record-keeping obligations.

In most cases, transaction and client records are retained for six years following completion of the transaction or closure of the matter, unless a longer period is required by law or justified by the circumstances. This aligns with your engagement letter and AML policy.

12. Your Rights

Subject to applicable law, you may have the right to:

  • request access to your personal data

  • request correction of inaccurate or incomplete personal data

  • request erasure of your personal data

  • request restriction of processing

  • object to processing based on legitimate interests

  • request transfer of your personal data to you or another provider

  • withdraw consent where processing is based on consent

These rights are not absolute and may be limited where we are required to retain or process data for legal, regulatory or legitimate business reasons.

To exercise any of these rights, please contact us using the details below.

13. Marketing

We may occasionally send marketing or business updates where you have consented, where you have an existing professional relationship with us, or where otherwise permitted by law. You can opt out of marketing communications at any time.

14. Cookies & Website Data

If you use our website, we may collect limited technical information such as IP address, browser type, device information and website usage data through cookies or analytics tools. Any such use will be limited to website operation, security and performance monitoring.

A separate cookie notice may be provided on the website where required.

15. Contact Us

If you have any questions about this Privacy Notice or how we process personal data, please contact: privacy@hgscapital.co.uk

16. Complaints

If you are unhappy with how we handle your personal data, please contact us first so that we have the opportunity to address your concerns.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: www.ico.org.uk

Telephone: 0303 123 1113

17. Changes to this Notice

We may update this Privacy Notice from time to time to reflect changes in our business, legal requirements or data processing practices. The latest version will be made available on request and, where appropriate, published on our website.