Privacy Policy

1. Identity and Contact Details of the Data Controller

Senvia Limited is the data controller responsible for your personal data.

• Organisation Name: Senvia Limited
• Registered Address: 78 Cannon Street, London, England, EC4N 6HL
• Contact Email: info@senvia.co.uk
• Company Registration Number: 17119692
• ICO Registration Number: ZC124583

2. Data Protection Officer (DPO)

Senvia Limited has appointed a Data Protection Lead who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this policy, please contact our DPO:

• Name: Matthias Rasmussen
• Email: dpo@senvia.co.uk
• Address: Cannon Place, 78 Cannon Street, London, EC4N 6HL

3. Credit Reference and Affordability Checks

To help us assess applications, prevent fraud, and meet our legal and regulatory obligations, we may obtain information about you from credit reference agencies (CRAs).

We obtain this information via Creditsafe, which uses its data partner TransUnion to supply consumer credit and identity data.

• Creditsafe Business Solutions Limited is authorised and regulated by the Financial Conduct Authority (FCA Firm Reference Number: 742313)
• TransUnion International UK Limited is authorised and regulated by the Financial Conduct Authority (FCA Firm Reference Number: 805757)

The information we receive may include data relating to your identity, credit commitments, payment history, and public record information. This data is used solely for legitimate business purposes, including creditworthiness assessment, identity verification, and fraud prevention, in accordance with applicable data protection laws.

Further information about how Creditsafe and TransUnion process your personal data can be found in their respective privacy notices:

• Creditsafe Transparency Notice: Transparency Notice | Customers & Suppliers
• TransUnion CRAIN: https://www.transunion.co.uk/legal/privacy-centre/pc-credit-reference
• TransUnion Bureau Privacy Notice: https://www.transunion.co.uk/legal/privacy-centre/pc-bureau

4. Source of Personal Data

We may collect personal data about you from:

• You directly.
• Employers/clients when you apply for a role or are considered for an opportunity.
• Referees (where relevant and permitted).
• Publicly available sources (for example professional networking sites, business websites, and public records).
• Credit reference agencies (CRAs) where required for consumer credit, identity, or affordability checks.
• Third party service providers used to support recruitment, screening, and compliance processes.

5. Legitimate Interests Pursued

Our legitimate interests include operating our business, fulfilling contractual obligations, ensuring system and data security, preventing fraud, supporting audit and compliance activities, and protecting TransUnion data. These interests are balanced against the rights and freedoms of individuals, with appropriate safeguards in place.

6. International Data Transfers & Safeguards

We may transfer personal data to recipients or service providers located outside the UK and/or European Economic Area (EEA). Where such transfers take place, we ensure appropriate safeguards are in place to protect personal data in accordance with applicable data protection laws. These safeguards may include the use of approved standard contractual clauses, international data transfer agreements, or transfers to countries that have been recognised as providing an adequate level of data protection.

7. Data Retention Period

We keep personal data only for as long as necessary for its purpose and to meet legal or regulatory obligations. Data used for credit reference or affordability checks is retained only for as long as required and then securely deleted.

8. Your Rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

• Right of access: You have the right to request a copy of the personal data we hold about you and information about how it is used.
• Right to rectification: You have the right to request that inaccurate or incomplete personal data is corrected.
• Right to erasure: You have the right to request that we delete your personal data where there is no lawful reason for us to continue processing it.
• Right to restrict processing: You have the right to request that we limit how we use your personal data in certain circumstances.
• Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine readable format, and to request that we transfer it to another organisation where technically feasible.
• Right to object: You have the right to object to the processing of your personal data where we rely on legitimate interests or where data is used for direct marketing.
• Right to complain to the ICO / supervisory authority: You have the right to complain to the UK Information Commissioner’s Office (ICO) or another relevant data protection authority if you are dissatisfied with how we manage your personal data.

9. Provision of Personal Data

The provision of certain personal data is primarily contractual and, in some circumstances, required to meet legal and regulatory obligations.

Personal data is required to:

• Enter into and perform contracts with customers, suppliers, or business partners.
• Process orders, manage accounts, and deliver goods and services.
• Verify identity and prevent fraud; and
• Comply with applicable legal, regulatory, accounting, and tax obligations.

If you choose not to provide the personal data, we request:

• We may be unable to enter into a contract with you.
• We may be unable to fulfil orders, supply goods, or provide services.
• We may be unable to conduct necessary verification, compliance, or fraud prevention checks; and
• As a result, our services may be delayed, restricted, or declined.

Where personal data is requested for optional purposes, such as marketing communications, providing this data is not mandatory, and you may withdraw your consent at any time without affecting your ability to receive goods or services from us.

10. Automated Decision-Making and Profiling

In some circumstances, we may conduct automated decision making or profiling using personal data. This involves the use of automated systems to evaluate certain information about an individual, such as risk factors, affordability indicators, or fraud signals, based on predefined rules or algorithms.

Where automated decision making is used, it may result in decisions such as the approval, restriction, or rejection of an application or service.

Individuals have the right to request human intervention, to express their point of view, and to challenge decisions made solely by automated means. Further information about automated decision making and how to exercise these rights can be obtained by contacting us using the details provided in this Privacy Policy.