Skip to main content
CalionCalion

Privacy Policy

Last updated: 1 June 2026

Calion Group Ltd (“Calion”, “we”, “us”) operates a merchant cash advance platform serving businesses in the United Kingdom and Ireland. This notice explains what personal data we collect, why, and your rights under the UK GDPR and the EU GDPR.

1. Who we are

Data controller: Calion Group Ltd, registered in England & Wales. ICO registration: [to be inserted]. Contact: info@calion.ie.

2. Data we collect

  • Account data: name, email, role, password hash.
  • Business data: company number, trading name, address, directors, beneficial owners.
  • Financial data: revenue, bank transaction data (via Open Banking), credit signals.
  • KYC/AML data: ID documents, sanctions and PEP screening results.
  • Usage data: log-in events, audit trail of in-app actions, IP address, user-agent.

3. Legal bases

Contract (to provide the service), legal obligation (AML, FCA-aligned record keeping), legitimate interest (fraud prevention, service improvement), and consent (marketing communications).

4. How long we retain data

Application and underwriting records: 6 years from the end of the relationship, in line with UK financial-services record-keeping expectations. Marketing data: until consent is withdrawn.

5. Sub-processors

We use a small set of vetted sub-processors (hosting, database, email, AI). See our Sub-processors page for the current list.

6. International transfers

Personal data is stored in the EEA / UK. Where any sub-processor processes data outside the UK or EEA, we rely on adequacy decisions or the UK International Data Transfer Addendum to the EU Standard Contractual Clauses.

7. Your rights

Under UK and EU GDPR you have rights of access, rectification, erasure, restriction, portability, and objection. To exercise any right contact privacy@calion.ie. You may also complain to the UK ICO (ico.org.uk) or the Irish DPC (dataprotection.ie).

8. Contact

Data protection enquiries: privacy@calion.ie.