Privacy Policy

The following document outlines the terms of use of the Flender website. Before using any of the Flender services, you are required to read, understand, and agree to these terms.


This is the Privacy Policy of NKK Finance Limited t/a Flender having its registered office at 16 Essex Enterprise Centre, 1-2 Davy Road, Gorse Lane Industrial Estate, Clacton-on-Sea, England, CO15 4XD

NKK Finance Limited t/a Flender is represented in Ireland by Flender Ireland Limited with its registered head office at Riverside One, Sir John Rogerson's Quay, Dublin 2, Ireland.

NKK Finance Limited t/a Flender and Flender Ireland Limited have a pre-existing data controller and data processor contractual relationship in place with NKK Finance Limited t/a Flender being the data controller and Flender Ireland Limited being the data processor. As part of this processing agreement, both companies have agreed to use and be bound by the same internal Data Protection Policy and both companies are hereby referred to as ‘Flender’ unless the context states otherwise.

Furthermore, both companies have contractually agreed to submit to the jurisdiction of the Irish Courts and the Irish Data Protection Commission on all matters relating to data protection. As such, the appropriate supervisory authority under the General Data Protection Regulations (GDPR) is the Irish Data Protection Commission (

Flender endeavours to comply with the General Data Protection Regulation, Data Protection Acts, ePrivacy Regulation and data protection best practices. This policy informs individuals how Flender processes personal data in accordance with the principles of data protection identified in data protection legislation.

Flender will process any personal information provided to us by individuals, whether it be provided through our website (, in person, by any form, correspondence, telephone, email or by any other means, or otherwise held by us in relation to you in the manner set out in this policy.

By submitting your information to us and or by using our website you confirm your consent to the use of your personal information as set out by this Privacy Policy. If you do not agree with the terms of this Privacy Policy please do not use our website or provide us with any personal information.

Information collected by us

The information about you that we may process (e.g. use and store) includes information:

  • Necessary in order to facilitate, process, deliver, or any related billing or collection of monies relating to an agreed business transaction or any transaction associated with the use of any service provided by and or available on the Flender website (
  • Necessary to set up and administer a Flender account which allows access to a ‘members only’ section of the website.
  • You provide to us by voluntarily filling out any forms on the website or by way of emailing us.
  • Necessary to discharge or comply with a statutory duty of care or standard of care, e.g. anti-money laundering legislation requires the processing of proof of identification (passport, drivers licence, etc.) and proof of address (utility bill, bank statement, etc.).
  • Necessary for the reporting of any suspected fraud, money laundering and or any criminal offences.
  • Necessary to ensure provide an external credit check with the consent of the data subject involved, in order to determine creditworthiness and or the suitability for the provision of services or any peer-to-peer lending facilities, if applicable,
  • Necessary to provide ‘reasonable accommodation’ to you if requested in accordance with the Equality Acts.
  • Details of any business, commercial or website membership transactions you carry out with us, whether through email, the website, telephone, or by any other means.
  • Details of your visits to our website including traffic data, location data, weblogs and other communication data in accordance with our Cookie Policy  that may identify personal information (e.g. cookies) and non-personal information (e.g. information of an anonymised or technical nature).

How we use your personal information

We may use your personal information for the purposes of:

  1. Processing any enquiry requested by you;
  2. Providing any support or administrative services requested by you;
  3. Entering into and or completing any sales, client services and or any peer-to-peer services requested by you;
  4. Setting up, operating and managing any account or line of credit, if applicable;
  5. Setting up, operating and managing any marketing and or advertising services that may be personalised or addressed specifically to you subject to your explicit consent (please see Marketing & Advertising below);
  6. Complying with our legal duties and responsibilities;
  7. To authenticate the identity of individuals contacting us by telephone, electronic means or otherwise;
  8. Engaging in a credit check of a data subject with the consent of the data subject to determine the suitability for the provision of services or any peer-to-peer lending facilities, if applicable,
  9. Debt collection and the collection of outstanding monies;
  10. Providing, monitoring, reviewing and supporting our online presence via our website and social media (please see our Cookie Policy
  11. Monitoring any billing or credit transactions for the purpose of preventing fraud;
  12. Provision of security to, and ensuring the health and safety of, employees, company officials and visitors to company premises.
  13. To authenticate the identity of individuals contacting us by telephone, electronic means or otherwise;
  14. For internal training, quality assurance and or auditing purposes;
  15. To understand and assess the interests, wants, and changing needs of clients, to improve our website, our current range of services, and or for the development of new products and services

We do not engage in profiling nor do we engage in any automated decision-making processes.

Marketing & Advertising

With your explicit consent, Flender may use your data for the provision of direct marketing or advertising purposes, including but not limited to:

  1. Marketing newsletters (updates of services, company announcements, etc.),
  2. Providing you with information about ourselves as a commercial entity,
  3. Providing you with information about our current or future range of products adn or services.
  4. Carrying out any research or survey that may assist us in our commercial activities.

At some interactions with Flender you may be asked to consent to your data being used for marketing purposes. In such cases, consent will require a positive action on your part. For example, if you were to sign up to membership of our website (in order to engage with or find out more information about a project) you would be given two options regarding data protection; one being agreement with this Privacy Policy and the other being that you can tick a box to consent to your personal data being used for marketing and advertising purposes.

Flender is committed to privacy by design and privacy by default. As such, you will never have to ‘opt-out’ of our marketing or advertising processes; you will only ever have the option of ‘opting in’ if you’d like to be included.

We do not engage in ‘pre-ticked’ boxes on consent forms nor do we ever assume you would consent to your data being processed.

You are free to withdraw consent for any marketing and or advertising related matters at any time you want without having to provide any reason as we respect your right of privacy.

Social media

Flender engages in social media but we do not refer to clients or any organisation without their explicit consent. Due to the nature of various social media platforms, we are unable to continuously monitor our social media accounts and, as such, we cannot be held liable for any third party public posts.

In the highly unlikely situation where an unauthorised third party has publicly posted personal data to any of our social media accounts without of the consent of the data subject then we will remove and delete such content as soon as possible.

Who do we share your personal data with?

Flender shares your personal data internally. As stated above, ‘Flender’ is the collective term for NKK Finance Limited t/a Flender of 16 Essex Enterprise Centre, 1-2 Davy Road, Gorse Lane Industrial Estate, Clacton-on-Sea, England, CO15 4XD and Flender Ireland Limited of Alexander House, Sweepstakes, Ballsbridge, Dublin 4, who have a pre-existing data controller and data processor contractual relationship in place with NKK Finance Limited t/a Flender being the data controller and Flender Ireland Limited being the data processor.
Flender will also share your personal with selected third-party service providers, other third-parties as well as any relevant authorities in the case of any mandatory disclosures under law.

Third-party services providers. In order to carry out your requests, fulfil contractual relations, respond to your enquiries or make various features or services or products available to you in connection with the use of our website, or any non-tangible service or product, we may share your personal data with third-party service providers who require it to enable them fulfil their function but they are not allowed process data beyond the scope for which it was given, subject to this privacy policy, and subject to any contractual terms and conditions in place, or any data processing agreement in place, that limits their use of said data for stated purposes.

Flender third-party service providers may include auditors, accountants, lawyers who may assist Flender in complying with any corporate governance, risk assessment, financial regulatory or legal compliance matters. In order to provide functionally support to this website, any party that hosts or operates Flender’s websites, process payments, analyse data, provide customer services, or any peer-to-peer lender engaged with by a user, may require access to personal data to identify, fix or prevent service outage but these parties can only process personal data in accordance with this privacy policy and as permitted by legislation.

Flender engages the services of a third-party credit rating agency which, by necessity, requires the processing of financial data, to establish the appropriate level of risk, and by extension the appropriate level of interest rate, charges, etc. of any person or entity seeking to avail of Flender’s services. Flender also engages a third-party debt collector in order to collect outstanding debts which, by necessity, requires the processing of personal data in order to collect debts and or initiate legal proceedings.

Other third-parties. Only with your explicit consent, your personal data may be used by us or shared with our marketing partners, advertisers, marketing and or advertising network, social media networks and analytics companies and or any third-parties in connection with marketing, promotional, data enrichment and other offers, including but not limited to, company products and or services that may be of interest.

Legal transfers.We may transfer and disclose your personal data to third parties to:

  • Comply with a legal obligation.
  • For the purposes of reporting and or preventing criminal activity or suspected criminal activity.
  • Detect and or protect against fraud, or any technical or security vulnerabilities.
  • Respond to an emergency and or to protect the health, safely and wellbeing of a person in danger.
  • Protect the rights, property, safety or security of employees, company officials, any agent and or servant of Flender, visitors to the Flender website, clients, consumers or users of peer-to-peer services on the Flender website.
  • Comply with any investigation by or request from the Data Protection Commission.

Business Transfers. Your personal data will be used and or shared within the Flender group, in accordance with and subject to this Privacy Policy, for business and operational purposes. As business develops Flender may purchase or sell assets, subsidiaries, business units or ongoing businesses. If another entity acquires Flender, or a part of Flender, our businesses or a part or all of our assets, or assets relating to the Flender brand or Flender website ( your personal data may be disclosed to such entity as one of the transferred assets.

International data transfers

All personal data processed by Flender is kept within the EU, specifically all data is stored and processed within Ireland and the United Kingdom. As we transfer data cross-border from one EU member State to another (Ireland and UK) we have nominated the Irish Data Protection Commission as the lead supervisory authority in accordance with the Data Protection Commission’s ‘One Stop Shop’ (OSS) on the basis that our main establishment for data protection purposes is within the Republic of Ireland. As such, our Local Supervisory Authority for OSS is the Irish Data Protection Commission.

For further information concerning the ‘One Stop Shop’ procedure, please see the Data Protection Commission’s website (

Flender does not transfer personal data outside of the EEA or EU unless it is specifically requested by a data subject, or on foot of performance of a contract outside of the EEA or EU, on a case-by-case basis.

If we do transfer personal data to outside of the EEA, Flender will make sure that it is protected in the same way as if it was being used in the EEA. We’ll use one of the following safeguards:

  • Transfer to a non-EEA country whose privacy legislation ensures an adequate level of protection of personal data to the EEA one (in terms of GDPR requirements),
  • Put in place a contract with the foreign third-party that means they must protect personal data to the same standards as the EEA (to the same standards as GDPR),
  • Transfer personal data to organisations that are part of specific agreements on cross-border data transfers with the European Union (e.g. corporate rules, privacy shield, etc.), or,
  • Complying with any guidance and or practice directives issued by the Irish Data Protection Commission.

Information Storage

We will take reasonable steps to ensure that your information is kept secure and protected, including but not limited to electronic data being protected using appropriate software, relevant networks safety and security checks, and, any computers or devices that can access data are encrypted. We do store some personal data in physical forms and they are kept in an appropriately secure environment that includes;

  • Secure HTTP connection (HTTPS) which encrypts data between clients and servers.
  • User password encryption and saving password as encrypted string to avoid password reading from database.
  • Some of our pages (e.g. reset password page) has CAPTCHAs which prevents robots to try email existence on our site.
  • Default headers like X-Frame-Options, X-XSS-Protection etc. which protects users uploading remote content like iFrames, remote JavaScripts etc.
  • Database Backups (within the EU)
  • User input sanitization

All personal data processed by Flender is kept within the EU, specifically all data is stored and processed within Ireland and the United Kingdom.

Data Retention Policy

We have a general data retention policy that relates to the retention of relevant data for seven years. We identify this based on business/commercial needs, legal requirements and any consumer or client queries and or issues to which the Statute of Limitations may apply.

There are some legal exceptions to the seven year retention policy but each is on a case-by-case basis, e.g. investigation of accidents in the work place under Health & Safety legislation.

Personal data that is no longer required will be destroyed and or deleted in secure manner.

Requesting your data

Any person has the right to find out whether an organisation has any personal data about them, what they use the personal data for and ask for copies of personal information held by that organisation.

If you wish to make a data access request in order to get a copy of any personal data we may process, please write a letter stating that you wish to make a data access request and address it to:

  • Mark Hughes
  • Flender
  • 14 Clanwilliam Terrance
  • Grand Canal Dock
  • Dublin

Or email Mark Hughes at

In order to process your request we may request that you send us a copy of your identification (passport, drivers licence, etc.). The reason we may ask for personal identification is to ensure that you are the correct person making the request for your personal data.

Unfortunately, verbal data access requests cannot be entertained as we need to establish a data controller’s identity and retain a paper/auditing trail of any data access request to establish ongoing compliance with GDPR and the Data Protection Act 2018.

In response to any data access request, you have the right to refer the matter to the Data Protection Commission if you are unhappy with the outcome, however, we ask that you would notify us first of any issue so that we may help resolve it as quickly as possible.

The Data Protection Commission can also provide you with full information as to your rights as a data subject at

Rectifying mistakes

You have the right to rectify any incorrect or inaccurate personal data at no cost to you.

If you believe that we are incorrectly processing any of your personal data, please inform us by writing to the above person or email

Queries or complaints

If you have any queries or complaints regarding our Privacy Policy or any data protection matter, please let us know by writing to the above person or email us at

Flender has undertaken to submit to the jurisdiction of the Republic of Ireland and Data Protection Act 2018 and the Data Protection Commission.

Individuals have the right to refer any matter to the Data Protection Commission by contacting them at or by writing to:

  • Data Protection Commission
  • Canal House
  • Station Road
  • Portdarlington
  • Co. Laois

If you are, for whatever reason, considering contacting the Data Protection Commission about us we would ask that you inform us of your difficulty first so that we can try to resolve it to your satisfaction.

Changes to our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on our website.

Any changes will become effective upon posting the revised Privacy Policy on our website. If we make any material or substantial changes to this Privacy Policy we will use reasonable endeavours to inform you by email, notice on our website or any other agreed communications channels.

Privacy Policy last updated: June 2018

  • Secure

    Your data is protected and GDPR compliant

  • Safe

    Your data is safe and checking your eligibility for a Flender loan won't affect your credit score

  • Transparent

    Our rates and fees are clear

Flender in the media