Privacy policy

Last updated: May 2026

Apex Aspire Limited is committed to protecting your personal data and respecting your privacy. This policy explains how we collect, use, store, and protect information about you when you visit the Bedrock Commercial Finance website at bedrockfinance.co.uk, submit an indicative-terms enquiry, or contact us directly.

This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

The data controller for this website is:

Apex Aspire Limited (trading as Bedrock Commercial Finance)

71-75 Shelton Street, Covent Garden, London WC2H 9JQ

Company number: 16387803

Registered in England and Wales

ICO Registration: ZB898114

Email: privacy@bedrockfinance.co.uk

As data controller, Apex Aspire Limited determines the purposes and means of processing your personal data. For any questions about how we handle your data, contact us using the details above.

2. What personal data we collect

We only collect personal data that is necessary for the purposes set out below.

Indicative-terms enquiries

When you submit the indicative-terms form, we collect:

  • Your name and business name
  • Your email address and phone number
  • The finance type and sector you are enquiring about
  • Indicative deal amount and timeline
  • Business turnover band and years trading
  • Any marketing-communications preference you indicate
  • Technical attribution data (referrer, UTM parameters, session)

General enquiries

When you contact us by email or via our Contact page channels, we collect any information you choose to provide, typically your name, email address, business name, and the content of your message.

Technical data

When you visit our website, our hosting provider and analytics tools may automatically collect IP address (truncated where possible), browser type and version, device type, pages visited, time spent on pages, and referrer URL.

3. How we use your data

We use personal data for the following purposes:

  • To respond to your indicative-terms enquiry and source funding options from our network of lenders, private equity firms, and specialist funders
  • To progress a transaction you have asked us to support, including introductions to specific funders and follow-up communications
  • To respond to general enquiries and improve the service we provide
  • To send marketing communications where you have given explicit consent (you can withdraw consent at any time)
  • To analyse aggregate website usage and improve content and performance
  • To comply with our legal and regulatory obligations

4. Lawful bases for processing

We rely on the following lawful bases under UK GDPR:

  • Legitimate interests: for responding to enquiries, sourcing funding options, and improving our service. We have assessed that our interests in providing brokerage services do not override your rights.
  • Contract: where you engage us to source a specific funding facility, we process data to perform that contract.
  • Consent: for non-essential analytics cookies and marketing communications.
  • Legal obligation: to meet anti-money-laundering, tax, and other applicable obligations.

5. Sharing your data

We share personal data with:

  • Funders: banks, lenders, specialist funds, and private equity firms we approach on your behalf, where you have asked us to source funding for a specific deal.
  • Service providers: including Vercel (website hosting), Resend (transactional email), Neon (enquiry database), and Google Analytics (consent-gated analytics). Each acts as a data processor under our instruction.
  • Apex Aspire group: limited sharing within the Apex Aspire family of brands where relevant to your enquiry, on the same lawful basis and with the same retention rules as set out here.
  • Regulators and authorities: where we are legally required to disclose data, including for anti-money-laundering compliance.

We do not sell personal data. We do not share data with third parties for their own marketing purposes.

6. International transfers

Some of our service providers (notably Vercel and Resend) are based in the United States. Where personal data is transferred outside the UK, the transfer is protected by appropriate safeguards including the UK International Data Transfer Agreement or the EU Standard Contractual Clauses with the UK Addendum.

7. How long we keep your data

We keep personal data only for as long as necessary for the purposes set out above.

  • Indicative-terms enquiries: up to 36 months after last contact, to support follow-up funding conversations and recurring lender introductions.
  • Active brokerage engagements: for the duration of the engagement plus 7 years to meet record-keeping obligations.
  • Marketing-consent records: until consent is withdrawn, then for a short audit period to evidence the withdrawal.
  • Anonymised analytics: indefinitely (anonymised data is not personal data under UK GDPR).

8. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Request erasure of your data where there is no overriding lawful ground to keep it
  • Restrict or object to certain processing, including direct marketing
  • Request a copy of your data in a structured, machine-readable format (data portability)
  • Withdraw any consent you previously gave, at any time, without affecting prior processing

To exercise any of these rights, email privacy@bedrockfinance.co.uk. We will respond within one calendar month.

9. Cookies

We use a small set of cookies to operate the website and, with your consent, to analyse aggregate usage. See our cookie policy for the full list and how to manage your preferences.

10. Children

Bedrock provides commercial finance brokerage to UK limited companies. Our services are not directed at, and we do not knowingly collect data from, anyone under 18.

11. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by updating the "Last updated" date at the top of this page. Substantive changes affecting how we process existing data will be notified by email where you have given us your address.

12. Complaints

If you have a concern about how we handle your data, please contact us first at privacy@bedrockfinance.co.uk. You also have the right to lodge a complaint directly with the Information Commissioner's Office (ICO), the UK's data protection authority, at ico.org.uk.