We treat privacy and confidentiality very seriously at Black Arrow Group (referred to in this notice as “we”, “us” or “our”). We comply with all aspects of the UK’s data protection legislative framework, which includes the European General Data Protection Regulation (GDPR) and the UK’s own legislation.  This notice covers Black Arrow Finance, Red Arrow Leasing, and all other Black Arrow Group companies.

​Scope of this notice

We respect the right of individuals to privacy. Our Privacy Notice explains:

Who we are

Our company is Black Arrow Group Limited. Our registered office is 3rd Floor Profile West, 950 Great West Road, Brentford, Middlesex, TW8 9ES and company registered number 00627159.

In the course of providing marketing services to our clients and running our businesses, we gather and use personal information about a number of different categories of people. We have developed this privacy notice in order to be as transparent as possible about the personal information we collect and use.

Individuals wishing to contact us about data protection issues may do so by writing to us at General Manager, Black Arrow Group Limited, 3rd Floor Profile West, 950 Great West Road, Brentford, Middlesex, TW8 9ES or by emailing us at privacy@blackarrowfinance.co.uk

Who does this privacy notice apply to

This privacy notice has been written for the benefit of the following categories of people (referred to in this notice as “you”):

  • our clients and people that represent them or who work for them;
  • people who make enquiries about our services;
  • people who receive our newsletters or invitations to our seminars and events and those who attend such events;
  • people who visit our websites or who follow us on our various social media channels;
  • business contacts of Black Arrow Group Limited;
  • suppliers that we use or that our clients use; and
  • our regulators, insurers, auditors, professional advisers and certification bodies.

This privacy notice does not apply to:

  • people who currently work for us, have worked for us or who are interested in working for us. We have written a separate privacy notice for this group.
  • any services which we provide to a client as a data processor. In such circumstances our collection and use of personal information is covered by our client’s privacy notice.

If you believe that we are processing your personal information, but you are not included in the above list please contact us to discuss this.

What kinds of personal information we may hold about you

The personal information that we collect includes:

  • basic information, such as your name (including name prefix or title), the company you work for, your title or position.
  • contact information, such as your postal address, email address and phone number(s).
  • where you are our client, we will collect information about your circumstances that have led to you wishing to use our services. We also keep records of your contact with us.
  • technical information collected when you visit our website or digital or in relation to materials and communications we send to you electronically, which includes information about the type of device you are using, your IP address and geographic location, your operating system and version, browser type, the content you view and the search terms you enter.
  • information you provide to us for the purposes of attending meetings and events we host, including access and dietary requirements.

What we do with personal data

We may use this personal data for the following purposes:

  • to send you relevant marketing communications about our services
  • to undertake research and analysis
  • for identity validation and fraud reduction
  • to communicate with you in relation to the provision of services by us
  • to enable us to communicate with you in relation to the provision of goods or services by you or the person that you work for
  • to enable you and any other relevant individuals to be invited to, and to attend, the event and to facilitate your attendance (for example, dietary or special access requirements).
  • If you are a public official, otherwise act in official capacity, work for a public body, are a journalist or otherwise involved in the media and we need to contact you in the course of public relations
  • to understand how people use our website so that we can make it more intuitive.

The lawful basis on which we rely are


Processing of your personal data is necessary for us to administer the pre-contract and contractual relationship between ourselves and our clients/suppliers in connection with the performance of a contract.

Legal obligation

This applies where we need to collect and use your personal information to comply with applicable laws and regulatory requirements.


We may (but usually do not) need your consent to use your personal information. You can withdraw your consent by contacting us (see below).

Legitimate interests

Black Arrow uses and shares personal data based on its legitimate commercial interests.

The data protection legislative framework recognises that it is in our legitimate business interests to collect and use personal information for marketing reasons. We do not need your consent to do this lawfully, but we are obliged to inform you that you have a right to object to this. The law also allows us to send marketing communications by electronic means to our existing clients and business contacts without needing consent. Again, you have the right to object to this activity if you wish.

How we obtain data about you

The personal data we have comes from various sources.

  • You give us your personal information directly, when you engage with us, including via our websites or digital media channels
  • We obtain additional information in the course of undertaking checks in order to comply with our statutory and regulatory obligations or where such checks are in our legitimate business interests
  • We obtain contact details and other information from our business contacts
  • We collect data from public information sources such as telephone directories, social media, the internet and news articles, and occasionally buy marketing lists of business contacts
  • We collect personal information while monitoring our technology tools and services, including our websites, email and social media communications.

Who we share your information with

A number of third parties may have access to your personal information or we may share or send it to them. This includes:

  • business partners, suppliers and sub-contractors for the performance of any contract we enter into with you;
  • analytics and search engine providers that assist us in the improvement and optimisation of our site.
  • We will disclose your personal information to third parties:
    • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
    • If Black Arrow or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
    • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our and other agreements; or to protect the rights, property, or safety of Black Arrow Group, our customers, or others.

Personal information used in Black Arrow’s data products and services may also be passed to and used by members of the Black Arrow group of companies. We may also pass data to other companies that process personal data on our behalf to help us conduct our business. When we do so, we ensure that appropriate contractual safeguards are put in place.


Our policy is to not hold personal information for longer than is necessary. We have established data retention timelines for all of the personal information that we hold based on why we need the information. The timelines take into account any statutory or regulatory obligations we have to keep the information, our legitimate business interests, best practice and our current technical capabilities. We have developed a Data Retention Policy that captures this information. We delete or destroy personal information securely in accordance with our Data Retention Policy.


Black Arrow takes security seriously and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us including the use of encryption and pseudonymisation. If you wish to discuss the security of your information please contact us.


We do not send personal data outside the European Economic Area (EEA) as a matter of course.

Transfers of personal data outside the EEA can arise where we are acting for business clients with interests outside the EEA that:

  • have operations or employees / contractors that based outside the EEA
  • buy goods or services from businesses or organisations that are based outside the EEA
  • are entering into transactions with business, organisations or individuals based outside the EEA

If we are required to transfer personal data outside of the EEA, we will ensure that we do so in a legally compliant manner and take steps to ensure the information is protected in the same way as if it was being used in the EEA.

Your rights

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by not opting in to be contacted for marketing purposes. You can also exercise the right at any time by contacting us at Black Arrow Group Ltd, 3rd Floor Profile West, 950 Great West Road, Brentford, Middlesex, TW8 9ES

Your right to complain

If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at:

Information Commissioner’s Office
Wycliffe House
Water Lane

Changes to this Privacy Notice

Black Arrow reserves the right to update and revise this Privacy Notice from time to time to take into account legislative and other developments. Any changes we may make to our Privacy Notice will be posted on this page and contain an “effective date” reflecting when the last changes occurred.


Effective Date: 01 March 2019