« PNC Business Credit UK

Business Credit UK - Privacy Notice for Customers, Business Contacts, Service Providers & Website Visitors

Effective Date of this version: 1 January 2021









PNC Financial Services UK Ltd ("we", "our", "us") are committed to protecting the personal data of individuals associated with the companies with which we do business. As an asset-based lender to the private equity community, mid-market companies and other businesses, our core activities involve only limited personal data processing. This notice (“Notice”) sets out how and why we collect, use and disclose the personal data that we receive from or in relation to our current and prospective customers.

This Notice may be amended from time to time. We will post changes to this Notice on our website and any changes will take effect 30 calendar days after posting. We recognise our continuing transparency responsibilities and will take reasonable steps to bring to the attention of our customers any material changes to this Notice when they are posted.


PNC Financial Services UK Ltd is the data controller. We are registered in the United Kingdom with company number 07341483, and our registered office address is PNC Business Credit, PNC House, 34 -36 Perrymount Road, Haywards Heath, RH16 3DN.

Questions, comments and requests regarding this Notice may be emailed to privacyBCUK@pnc.com or sent by post to the above mentioned address.


This section covers the different sources and categories of personal data that we collect and otherwise process, why we do so, and the lawful bases for our processing.


We share personal data relating to our customers and other business contacts among affiliates, and also with trusted third party vendors and business partners. The purposes for these transfers are set out below. We do not sell your personal data to third parties.

A - Our Affiliates

We may disclose your personal data to any member of the PNC Financial Services Group, Inc. family of companies for the following business purposes:

a) to facilitate the credit decision-making process;

b) to carry out global AML/KYC processes; or

c) to store personal data on our central systems.

In so doing, our affiliates may be data controllers and/or data processors of the personal data that we share with them. As data controllers and/or data processors, these affiliates will process your data in line with intra-group data transfer agreements that we have entered into with the relevant members of PNC Financial Services Group, Inc. in line with the requirements of the UK Data Protection Act 2018 and UK General Data Protection Regulation (“UK GDPR”).

B - Our Service Providers

We may disclose information about you to organisations that provide a service to us or are acting as our agents, on the understanding that they will keep the information confidential and will comply with contractual safeguards in line with the UK GDPR requirements.

For example, we may share your information with the following types of service providers:

a) technical support providers who assist with our website and IT infrastructure;

b) third party software providers, who may include ‘software as a service’ solution providers, where the provider hosts the relevant personal data on our behalf;

c) professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;

d) money laundering and compliance search providers;

e) providers that help us store, collate and organise information effectively and securely, both electronically and in hard copy format, and for marketing purposes;

f) providers that help us generate and collate reviews in relation to our services; and/or

g) providers that help us analyse or evaluate our data collection process or customer service fulfilment.

C - Government and Regulatory Authorities

We may disclose information about you if we have a duty to do so or if required by a UK governmental, banking, taxation or other regulatory authority or similar body, or by the rules of any relevant stock exchange or pursuant to any applicable UK law or regulation or if the law allows us to do so. Otherwise, we will keep information about you confidential.

D - Credit Reference and Fraud Prevention Agencies

In some cases, we may need to share your personal data with authorised credit reference and fraud prevention agencies in order to obtain information from them that is necessary to make credit assessments and to prevent and detect fraud, money laundering and other crimes.

When considering a loan application from a customer or making lending decisions, we may request background checks on associated individuals to be carried out by credit reference agencies, which may keep a record of the search in line with their own obligations and responsibilities.

In regard to background and credit checks on individuals associated with our customers, we reserve the right to carry out further checks from any of these sources from time to time for fraud prevention and credit control purposes.

Should an unaffiliated third party request a bank or credit reference from us, or any other request for a reference that concerns you, we will not provide such a reference without your written permission.

E - Other

We may also disclose your personal data:

a) as permitted by law in order to investigate, prevent or take action regarding illegal activities, suspected fraud, violation of our intellectual property rights, situations involving potential threats to the physical safety of any person, violation of the terms of our agreements, or as required by law;

b) in the context of mergers and acquisitions, we may transfer your personal data to potential purchasers and their advisors, subject to appropriate confidentiality obligations, in the event the we decide to dispose of all or parts of our business; and

c) with our advertising and promotional agencies and consultants and those organisations selected by us to carry out marketing campaigns on our behalf, subject to appropriate contractual safeguards.


In general, when transferring your personal data outside the UK, we will only do so if one of the following safeguards is in place:

a) the transfer is to a third country covered by UK adequacy regulations;

b) the transfer is covered by a contractual agreement, which covers the UK GDPR requirements relating to transfers to countries outside the UK; or

c) the transfer is to an organisation which has Binding Corporate Rules approved by the UK government.

We may occasionally rely on derogations; our basis for these transfers would be one or more of the following:

d) the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject’s request; or

e) the transfer is necessary for the establishment, exercise or defence of legal claims.

You may request a copy of the relevant documentation from us using the contact details provided in section 2 above.


We retain personal data only for as long as necessary for the purposes for which the data was collected, except where necessary to meet our legal obligations (for example, in relation to AML requirements) or in order to establish, exercise or defend potential legal claims.


If you are an individual covered by this Notice, you have the following rights in relation to your personal data under the UK GDPR:

a) to obtain information on how we handle your personal data and access documents which contain your personal data;

b) to request us to correct or update your personal data if it is inaccurate or out of date;

c) to object to the processing of your personal data where we have indicated in Section 3 above that our legitimate interest is the lawful basis for processing your data, or where decisions about you are based solely on automated processing, including profiling;

d) to erase personal data about you that is held by us:

i. which is no longer necessary in relation to the purposes for which is was collected,

ii. to the processing of which you object, or

iii. which may have been unlawfully processed by us;

e) to restrict processing by us, i.e. to restrict processing to storage only:

i. where you oppose to deletion of your personal data and prefer restriction of processing instead, or

ii. where you object to the processing by us on the basis of our legitimate interests;

f) to transmit personal data that you submitted to us back to you or to another organisation in machine- readable format under certain circumstances; and

g) to withdraw your consent at any time, in the limited circumstances in which we may rely on your consent to process your personal data.

These rights are not absolute and are subject to various conditions under:

  • applicable data protection and privacy legislation; and
  • the laws and regulations to which we are subject.

For general questions regarding this Notice or if you at any time decide that you would like to exercise any of these rights, please contact us using the contact details provided in section 2 above.

If you are unhappy with how we have dealt with your request or concern, you have the right to file a complaint with the Information Commissioner’s Office, the UK supervisory authority. For more details, please visit the ICO’s website: https://ico.org.uk/concerns/handling/.


Important Legal Disclosures & Information

The PNC Financial Services Group, Inc. UK Tax Strategy

The Modern Day Slavery Act Transparency Statement

Neither PNC Financial Services UK Ltd. nor PNC Bank Canada Branch provides legal, tax or accounting advice.

Read a summary of privacy rights for California residents which outlines the types of information we collect, and how and why we use that information.

©2021 The PNC Financial Services Group, Inc. All Rights Reserved.