Last updated: 20th February 2026
1. Introduction
This Privacy Policy explains how Bloombar Capital ("Bloombar Capital", "we", "us", "our") collects, uses, stores, shares and protects personal data when you visit our website bloombarcapital.com (the "Site"), enquire about our services, become a client, or otherwise interact with us.
We are committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For the purposes of this legislation, Bloombar Capital is the data controller of the personal data we collect about you.
2. Contact details
Our contact details for any privacy-related matters are:
Bloombar Capital
130 City Road, London, EC1V 2NW, United Kingdom
Email: info@bloombarcapital.com
Phone: +44 203 355 7540
[If applicable, our Data Protection Officer can be contacted at compliance@bloombarcapital.com]
We are registered with the Information Commissioner's Office (ICO).
3. Personal data we collect
We may collect and process the following categories of personal data:
Identity and contact information
Name, date of birth, nationality, address, email address, telephone number, photographs of identity documents (e.g. passport, driving licence), proof of address.
Financial information
Income, source of funds, source of wealth, bank account details, tax residency, credit history, asset holdings (including property addresses, cryptocurrency wallet identifiers, holdings of precious metals or other security), valuations, and information about your existing investments and liabilities.
Loan and transaction information
Details of any loan or investment enquiry, application, agreement, drawdowns, repayments, security arrangements, custody arrangements, and correspondence relating to your account.
Verification and compliance information
Data collected for anti-money laundering (AML), counter-terrorist financing, sanctions screening, know-your-customer (KYC), source-of-funds and source-of-wealth checks, politically exposed person (PEP) checks, and fraud prevention.
Technical and usage data
IP address, browser type and version, device identifiers, operating system, referring website, pages visited, time spent on pages, and other diagnostic data collected automatically when you visit the Site.
Marketing and communications data
Your preferences in receiving marketing from us, your communication preferences, and records of your interactions with us.
Sensitive (special category) data
We do not generally collect special category personal data. Where we do (for example, if relevant to a vulnerability assessment), we will rely on an appropriate lawful basis and condition under UK GDPR and will tell you why we need it.
4. How we collect personal data
We collect personal data:
- Directly from you, when you submit a contact or consultation form, apply for a loan or investment, correspond with us, or otherwise interact with our team;
- Automatically, when you use the Site, through cookies and similar technologies (see Section 9);
- From third parties, including identity verification providers, credit reference agencies, fraud prevention agencies, sanctions and PEP screening providers, valuers, custodians, solicitors, accountants, introducers, your bank, publicly available sources (such as Companies House, the Land Registry, and the FCA register), and blockchain analytics providers (in connection with cryptocurrency-secured lending).
5. Why we use your personal data and our lawful basis
We use your personal data only where we have a lawful basis to do so under UK GDPR. The lawful bases we rely on are:
| Purpose | Lawful basis |
|---|---|
| Responding to your enquiry and providing information about our services | Legitimate interests (responding to requests we receive); preparatory steps to a contract |
| Assessing applications for lending or investment | Performance of, or steps prior to entering into, a contract with you; legitimate interests (assessing risk) |
| Performing AML, KYC, sanctions, PEP and fraud-prevention checks | Compliance with legal obligations (Money Laundering Regulations 2017, Proceeds of Crime Act 2002, FCA rules); legitimate interests (preventing financial crime) |
| Administering loan facilities, investments, security arrangements, custody and repayments | Performance of a contract with you |
| Managing our relationship with you, including correspondence and complaints | Performance of a contract; legitimate interests (managing our business) |
| Meeting our regulatory reporting and record-keeping obligations | Compliance with legal obligations |
| Operating, securing, and improving the Site | Legitimate interests (running and protecting our business) |
| Sending marketing communications about our services | Consent (where required), or legitimate interests (marketing to existing clients about similar services) |
| Defending or pursuing legal claims | Legitimate interests; establishment, exercise or defence of legal claims |
Where we rely on legitimate interests, we have considered the impact on you and balanced those interests against your rights. You have the right to object to this processing (see Section 11).
6. Sharing your personal data
We do not sell your personal data. We may share it with the following categories of recipients, where necessary and lawful:
- Service providers and processors acting on our behalf: identity verification and KYC providers, sanctions/PEP screening services, fraud prevention agencies, valuers, blockchain analytics providers, cloud hosting and IT providers, CRM and email providers, professional advisers (solicitors, accountants, auditors);
- Custodians and security agents holding cryptocurrency, precious metals or other security on our or your behalf;
- Banks and payment service providers facilitating transactions and drawdowns;
- Investors and counterparties participating in a loan or transaction, where this is necessary to its execution;
- Regulators and law enforcement, including the FCA, HMRC, the National Crime Agency, the ICO, the Police, and overseas equivalents, where we are legally required or permitted to do so;
- Credit reference and fraud prevention agencies;
- Prospective purchasers or successors of our business, in the event of a sale, merger or restructuring (with appropriate confidentiality protections).
All processors are required to handle your data securely, only on our instructions, and in compliance with UK GDPR.
7. International transfers
We aim to keep your personal data within the UK or the European Economic Area (EEA). Where personal data is transferred outside the UK or EEA (for example, if a service provider hosts data overseas), we ensure appropriate safeguards are in place, such as:
- transfers to countries the UK Government has determined to provide an adequate level of protection;
- transfers under the UK International Data Transfer Agreement, the EU Standard Contractual Clauses with the UK Addendum, or other lawful transfer mechanism; and/or
- supplementary measures where required.
You may request a copy of the safeguards in place by contacting us using the details in Section 2.
8. How long we keep your personal data
We retain personal data only for as long as necessary for the purposes for which it was collected, including for the purpose of meeting any legal, accounting, regulatory, or reporting requirements.
Typical retention periods are:
- Enquiries that do not progress to onboarding: up to 12 months;
- Client records, loan files, security and transaction documentation: at least 6 years from the end of the client relationship or transaction (and longer where required by law or in case of legal claims);
- AML and KYC records: at least 5 years from the end of the business relationship, as required by the Money Laundering Regulations 2017;
- Marketing records: until you opt out, after which a suppression record will be retained to ensure we do not contact you again;
- Website analytics and technical logs: typically up to 24 months.
After the relevant retention period expires, personal data is securely deleted or anonymised.
9. Cookies and similar technologies
Our Site uses cookies and similar technologies to function correctly, to remember your preferences, to analyse usage, and to support marketing. Cookies fall into the following categories:
- Strictly necessary cookies – required for the Site to operate;
- Functional cookies – remember choices you make to enhance your experience;
- Analytical cookies – help us understand how the Site is used;
- Advertising/marketing cookies – used to deliver relevant marketing.
You can manage your cookie preferences through the cookie banner displayed when you first visit the Site, and at any time through the cookie settings link in the footer. Most browsers also allow you to block or delete cookies, but doing so may affect Site functionality.
For more information about cookies and how to manage them, see https://ico.org.uk/your-data-matters/online/cookies/.
10. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or disclosure. These include access controls, encryption in transit, secure hosting, staff training, and supplier due diligence. However, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.
If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the ICO and, where required, you, in accordance with our legal obligations.
11. Your rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access – to obtain a copy of the personal data we hold about you;
- Right to rectification – to ask us to correct inaccurate or incomplete data;
- Right to erasure – to ask us to delete your data in certain circumstances;
- Right to restrict processing – to ask us to limit how we use your data in certain circumstances;
- Right to data portability – to receive your data in a structured, machine-readable format and to have it transferred to another controller, where applicable;
- Right to object – to object to processing based on legitimate interests, including direct marketing;
- Rights in relation to automated decision-making – we do not currently make decisions about you based solely on automated processing that produce legal or similarly significant effects. If this changes, we will inform you and provide appropriate safeguards;
- Right to withdraw consent – where we rely on consent, you can withdraw it at any time (this does not affect the lawfulness of processing carried out beforehand).
To exercise any of these rights, please contact us using the details in Section 2. We will respond within one month, although complex requests may take longer (in which case we will let you know).
Please note that some rights are not absolute, and we may need to retain certain information to comply with legal obligations (for example, AML record-keeping).
12. Complaints
If you are unhappy with how we have handled your personal data, please contact us first using the details in Section 2 so we have an opportunity to put matters right.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: https://ico.org.uk
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. The "Last updated" date at the top of this page indicates the latest revision. Material changes will be communicated through the Site or, where appropriate, directly to you. Please review this Policy periodically.
Contact us
Bloombar Capital
130 City Road, London, EC1V 2NW, United Kingdom
Email: info@bloombarcapital.com
Phone: +44 203 355 7540
