top of page

Privacy Policy 

Privacy Information Notice 

General Data Protection Regulation

Privacy notice 

This privacy notice is issued on behalf of GSM Finance Limited which processes your data. As such, any references to “GSM”, “GSM Finance”, “we”, “us” or “our” in this privacy notice are references to the relevant company (you are dealing with) GSM Finance Limited which is responsible for processing your data. We will let you know which entity will be the controller for your data when you purchase a product or service with us.
Who we are

The GSM website is brought to you by GSM Finance Limited, a company incorporated and registered in England and Wales with company number 03459806 and registered office at 2nd Floor, Omega Building, Smugglers Way, LONDON, SW18 1AZ .

You may be dealing with any of the companies listed above.

Purpose of this privacy notice

We take your privacy very seriously. As such, we ask that you read this privacy notice carefully as it contains important information about:

  • what personal data we may collect from you;

  • how we will use, store and protect your personal data;

  • with whom we may share personal data; and

  • your rights under relevant data protection laws.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Third party links

The GSM website and app may contain links to and from other applications, plug-ins and websites of other networks, advertisers, and affiliates. If you follow a link to any of these websites, please note that they (and any services that may be accessible through them) have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these apps, websites or services. Please check these policies before you submit any personal data to these websites or use such services.

Lawful basis for processing

Under data protection laws, we must have a legal basis in order to process your personal data. The legal bases on which we may process your data are:

  • Consent: where you have consented for us to process your personal data for one or more specific reasons. For example, to send promotional materials about our services and products.

  • Performance of a contract: in order to perform and manage a contract we may have with you.

  • Legal obligation: where processing of the data is required by law.

  • Public interest: where processing is necessary for the performance of a task carried out in the public interest.

  • Legitimate interest: in order to carry on the purposes of GSM’s business of providing finance and in particular:

    • To make a decision regarding your suitability to enter into an agreement with you;

    • Enforcing a contract you have entered with us in accordance with its terms and conditions;

    • Recovery of any outstanding payment or equipment due to us under an agreement with you;

    • For analysis to improve our services even if you have decided not to proceed with entering into an agreement with us, or where we have declined your application;

    • To contact you about products and services we consider may be of interest to you, unless you opt-out of such communications; and

    • To keep our records up to date.

What data we may collect from you

We may collect and process the following personal data about you and your representatives:

  • Identity data: first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

  • Contact data: billing address, delivery address, email address and telephone numbers.

  • Financial data: bank account and payment card details.

  • Transaction data: details about payments to and from you and other details of products and services you have purchased from us.

  • Technical data: internet protocol (IP) address, your login data to GSM's website/systems (where applicable), browser type and version, time zone setting and location, browser plug-in types and versions, operating system and other related technology on the device used you use to access this website.

  • Profile data: your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

  • Usage data: information about how you use our website, products and services.

  • Marketing and communications data: your preferences in receiving marketing from us and our third parties and your communication preferences.

How we collect information from you

We collect your personal data in a number of ways:

  • Directly: contact, financial and identity data directly provided by you when you fill in online forms or correspond with us in any way, for example when:

    • applying for services;

    • submitting a query;

    • requesting or consenting to marketing materials being sent to you; or

    • providing us with feedback.

  • Automatically: as you browse the GSM website or appcertain information relating to your browsing patterns and technical data about the equipment you are using to access the website is automatically collected using cookies, server logs and other similar technologies. Please see our cookie policy for further information.

  • From third parties/public sources:

  • Technical data may be obtained from the following parties:

    • Analytics providers such as Google based outside the EU;

    • Search information providers such as Microsoft based inside OR outside the EU.;

  • Contact, financial and transaction data may be obtained from providers of technical, payment, credit referencing, and delivery services such as Experian and Equifax based inside the EU;

  • Identity and contact data from publicly availably sources such as Companies House and the Electoral Register based inside the EU; and

  • Any other public databases.

How we use your personal data

We may use your personal data for the following purposes: Credit and Identity Verification: In order to process your application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). Where you take banking services from us we may also make periodic searches at CRAs to manage your account with us. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information. We will use this information to:

  • Assess your creditworthiness and whether you can afford to take the product;

  • Verify the accuracy of the data you have provided to us;

  • Prevent criminal activity, fraud and money laundering;

  • Manage your account(s);

  • Trace and recover debts; and

  • Ensure any offers provided to you are appropriate to your circumstances.

We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs. When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders. If you are making a joint application or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link. The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at or

Detecting fraud and financial crime:

Where you have applied for a product or service either directly through us or an intermediary, we would need to carry out necessary fraud prevention and money laundering checks to satisfy ourselves that we can enter into an agreement with you.

  • We may at any time search your record with a fraud prevention agency. If at any time you give us or procure the giving of false or inaccurate information and we suspect fraud we will record this. The fraud prevention agency will use information recorded for statistical analysis about fraud, money laundering and to verify your identity and will also share it with other organisations who will use it to prevent fraud and to help make decisions on finance proposals requested by you, members of your household or any other businesses associated with you.

  • We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

  • We process your personal data on the basis that it is necessary in the legitimate interest or in exercising official authority for us to prevent fraud and money laundering, and to verify identity, in order to protect ourselves and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.

  • We may carry out checks to detect and prevent fraud, money laundering or financial crime activities. Any suspicious activities may be recorded and notified in accordance with our legal obligations.

  • Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.


Consequences of processing:

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.


Data transfers:

Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

Provide a service:
  • To provide the requested services to you;

  • To carry out our obligations under our agreement with you;

  • To enforce our rights under our agreement with you;

  • To provide customer service, including to respond to your enquiries and fulfill any of your requests for information;

  • To send you important information regarding our services and/or other technical notices, updates, security alerts, and support and administrative messages;

  • To personalise your experience on the Simply website.

Ancillary purposes:
  • In accordance with our legitimate interests (in circumstances where your interests and fundamental rights do not override our interests);

  • As we believe to be necessary or appropriate:

    • In order to comply with a legal obligation. This applies where the processing is necessary for us to comply with the law;

    • To enforce or apply this privacy notice; and

    • To protect our legitimate rights, privacy, property or safety, and/or those of a third party where your rights do not override those interests.


It is important to us that we only provide you with tailored offers and promotions for services which you may want or need. You will therefore only receive such offers from us if you have consented to, and have not at any point opted out from, receiving marketing communications from us or we have a legitimate interest, where we have a commercial or business reason to use your information. Please note that you can opt out from receiving marketing communications. Opting out from receiving marketing communications from us is easy and you may do so at any time by contacting us at We will process your request to be opted-out of marketing within 30 days of receipt. We will ensure that we obtain your consent before we share your personal data with any company outside of the GSM Finance for marketing purposes. Where you opt out of receiving these marketing communications, we may still process your personal data for other required purposes, as specified in section 5 above.

Retention of your data

We will not retain your personal data for longer than is necessary for the purposes for which the personal data is processed. This means that your data will only be retained for as long as it is still required to provide you with services or is necessary for legal reasons. When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. Using these criteria, we regularly review the personal data which we hold and the purposes for which it is held and processed. When we determine that personal data can no longer be retained (or where you request us to delete your data in accordance with your right to do so (please see section 11 below for more information)), we ensure that this data is securely deleted or destroyed. However, please note that, in some circumstances we may decide to retain your personal data for research or statistical purposes and, in such circumstances, we will anonymise your data before retaining it.

Accuracy of your data

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Security of your data

In order to protect your personal data, the GSM Finance Ltd has appropriate organisational and technical security measures. These measures include restricting access to your personal data to certain employees, ensuring our internal IT systems are suitably secure, and implementing procedures to deal with any suspected data breach. In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required, will notify you and any applicable authority of such a breach.

Sharing of your data
  • To members of our group

  • To third parties

There may be circumstances in which we may also need to share your personal data with certain third parties. The third parties to which we may transfer your personal data include:

  • Organisations which help us provide you with the product and service you have with us, e.g. electronic data storage services.

  • Our agents and advisors who help run your account with us, collect what you owe, provide a tracing, repossession, or collection service (if required);

  • Credit Reference Agencies;

  • Fraud prevention agencies;

  • HM Revenue and Customs;

  • Regulators and other authorities;

  • Your guarantors;

  • Claim handlers;

  • Any party linked with you or your business;

  • Insurers;

  • If you use direct debits, we will share your data with the Direct Debit Scheme;

  • Other lenders who may hold a charge over your property and assets;

  • Companies who we have entered into funding arrangements with, who may need to assess your credit position, asset value and carry out their own verification checks;

  • Companies that we introduce you to for the purpose of providing finance, who may need to process your information in a similar way as we would when providing finance to you. Detailed information on how such funders process your information can be found by clicking on their individual privacy notices here;

  • Companies that we introduce to you and you are happy for us to pass on your details;

  • Where you have been introduced to us by an introducer, a dealer or broker, we may inform them about the outcome of your application and whether we have agreed to provide you with the product or service for which you have applied. We may also disclose information about you and your relationship with us throughout the term of that relationship;

  • We may also share your personal data:

  • If an agreement between you and us is assigned to a third party;

  • If  GSM  is acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; and

  • A prospective seller or buyer, in the event that we sell or buy any business or assets;

Data transfer safeguards

The security of your data is important to us and we will, therefore, only transfer your data to such third parties if:

  • We have a legal basis on which to share your data with specific third parties;

  • The third party needs to access the personal data for a legitimate purpose;

  • Where appropriate, the third party has agreed to comply with GSM’s instructions, required data security standards, policies, and procedures and put adequate security measures in place;

  • The transfer complies with any applicable cross border transfer restrictions and suitable safeguards have been put in place; and

  • Where necessary, a fully executed written contract that contains suitable obligations and protections has been entered into between the parties.

As mentioned above, we will only transfer your data where suitable safeguards have been put in place. These safeguards are intended to ensure a similar degree of protection is afforded to your data wherever it may be transferred and include:

  • Only transferring your personal data to countries which have been deemed to provide an adequate level of protection for personal data by the European Commission;

  • Where your data will be transferred outside of the EEA, entering into specific contractual terms which have been approved by the European Commission and which give personal data the same protection as within the EEA; or

Your rights

You have certain rights in relation to the personal data we process and hold about you. These include:

  • Right to rectification: you have the right to require us to correct any inaccuracies in your data.

  • Right to erasure: you have the right to require us to delete your data, subject to certain legal requirements.

  • Right to restriction of processing: you have the right to require us to restrict the way in which we process your personal data. You may wish to restrict processing if, for example:

    • You contest the accuracy of the data and wish to have it corrected;

    • You object to processing but we are required to retain the data for reasons of public interest; or

    • If you would prefer restriction to erasure.

  • Right to data portability: you have the right to obtain from us easily and securely the personal data we hold on you for any purpose you see fit.

  • Right to object to processing: you have the right to require us to stop processing your personal data should you wish the data to be retained but no longer processed.

  • Right of access: you have the right to request access to personal data that we may process about you.

  • Right to withdraw consent: you have the right at any time to withdraw consent allowing us to process your personal data. Please note if you withdraw your consent we may not be able to provide certain products or services to you, if we were relying on your consent to provide them. There may be legal or other official reasons why we need to keep your use your data. But please tell us if you think we should not be using it.

If you would like to exercise any of the above rights, please:

  • Put your request in writing;

  • Include proof of your identity (such as a copy of your driving licence or passport) and address (such as a recent utility or credit card bill); and

  • Specify the right you wish to exercise.

Response time

We will respond to requests made by you within one month.


We will not charge a fee for you to exercise any of the rights listed above.

Amendments to this privacy notice

No changes to this privacy notice are valid or have any effect unless agreed by us in writing. We reserve the right to vary this privacy notice from time to time. Our updated terms will be displayed on the GSM website. It is your responsibility to check this privacy notice from time to time to verify such variations.

Questions in relation to this privacy notice

You should also be aware that you have the right to raise any concerns in relation to how we process your personal data to the Information Commissioner’s Office (ICO). We have appointed a data protection lead (DPL) who is responsible for dealing with any such concerns, in addition to overseeing questions in relation to this privacy notice and handling requests in relation the exercise of your legal rights. If you have any concerns, questions, or requests, please contact the DPL using the details set out below.

Our full details are:

Full name of legal entity: GSM Finance Limited
Email address:
Postal address: 2nd Floor, Omega Building, Smugglers Way, LONDON, SW18 1AZ
Telephone number: 02088749994


bottom of page