Customer Data Protection (GDPR) Privacy Notice
This privacy statement explains what personal data our firm collects from you through our business relationship, how we will use that data and how you may amend the data we hold. The processing of your data is necessary as you are asking the firm to take specific steps, (in your interests), by entering into a contract with us to collect some information about your present circumstances so that we may pass this information onto an adviser within the Mortgage Force Organisation.
Without the data being provided we cannot carry out the high level of service we wish to provide. We have a legitimate interest in the collection of your data which is necessary to enable us to complete any contractual arrangements to you and the requirements of the Mortgage Force Organisation. Who we aim to introduced you to.
How we collect data: –
Your information will collect from you is done so by you inputting data into our enquiry form on our website. We will only use this data if we have your authority to collect the data and pass this data to a third party.
When we collect the data, it is assessed. We will then either decide not to progress that enquiry, or we will pass that data to an adviser within the Mortgage Force Organisation with your authority.
We may communicate with you via:
Post; Email; Text; Telephone Call.
The reasons we collect data from you is so that we can reduce the time the chosen adviser spends with you so that they only need to collect additional information from you. We do not provide advice for mortgage or insurance protection ourselves, the adviser does this within the chosen broking firm to who we introduce you to.
What data do we collect?
To enable the eventual adviser to source the most effective product(s) for you, we need to collect data about you, your family, including your children (the data being limited and for information purposes only). They will not form part of any contract with us. Your occupations, income and expenditure, financial commitments including credit facilities and bank details you hold as well as any mortgages that you may hold. You have a duty to provide us with accurate information. We will also need to know of any third-party relationships you currently hold with any industry connections such as your Bank, Lenders, Insurers, Solicitors, Conveyancers, Will Writers, Surveyors, Estate Agents/Management Agents and Accountants, so that the eventual adviser may liaise with them on related issues to improve the service we all provide to you. This information is stored within our Data Base.
How do we use your data?
With your permission, we use the data to pass onto the advising firm and eventual adviser. The above email you have received with this notice details who that firm and the adviser is and who will contact you. We store your details on our database and transmit your details to that adviser or their representatives.
The third party who introduced you to us (if applicable) asks us to collate information in a statistic and generic format and does not contain personal information in relation to you.
We can also ask third party compliance firms to assess our performance to ensure we carry out our duties to adhere to any regulatory laws and requirements, which helps you to have the confidence that the firm is providing the best possible overall service to you. These are regulatory requirements we must abide by.
We will record and store your personal data in our Computer systems (websites, email, hard drives, and cloud facilities). This information can only be accessed by employees within our Firm and only when it is necessary to provide our service to you and to perform any administration tasks associated with or incidental to that service.
We will submit your personal data to advisers within certain firms where you have agreed to progress your enquiry to a third-party firm. We do not provide permission for any third party with whom we deal with to send you marketing or promotional messages. They will obtain your permission to do this should they chose to do so, and you have the right to accept or decline this invitation by them.
Our firm’s aim is to build up a long-term relationship with you to ensure you receive the best possible service from us, which is likely to necessitate us communicating with you at varying times by either telephone, text message, letter, or by email.
Records held by us: –
Our firm has an industry requirement under regulation by the Information Commissioner to make available the data we hold about you to them if we are called upon to do so. We are also required by them to hold records containing your data for at least six years after we have dealt with you. If we cannot progress your enquiry at the outset, you can ask us to remove your record.
Your individual data protection rights: –
You have the “right to be informed”, by way of this “privacy notice”, of our obligations to provide transparity as to how we use your personal data.
You have a “right of access” to obtain confirmation that your data is being processed and have a right to access your data. You also have a right to have data collected “rectified” if inaccurate or incomplete. If we have passed inaccurate information to other third parties, we will notify them of this anomaly and request they correct it.
You have the right to have your data “ported” to other organisations within the UK and European Union.
You have the right to “object” to the processing of your data. You also have the right to request we stop using your data for marketing purposes. You also have the right to “restrict or block” the processing of your data under certain circumstances such as when you contest the accuracy of the data. We can store the data, but not process it.
The rules require our firm to provide safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention where automated decision-making facilities are used by our firm. We do take automated decisions within our firm.
All the above rights are free of charge to a customer except in instances where requests that are manifestly unfounded or excessive. All requests will be completed within a maximum of 30 days.
Security and breach notifications: –
The Data Protection rules require all organisations to report certain types of data protection breaches to the relevant supervisory authority and in some cases to the individuals affected.
We have procedures in place to detect, report and investigate a personal data breach. Certain types of data breaches must be made to the Information Commissioners Organisation (ICO), and in some cases, to you the individual within 72 hours of its discovery. We are required to notify the ICO of a breach where it is likely to result in a risk to the rights and freedoms of you the individual for instance, it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you.
We keep your data secure by operating secure passwords on various computer programmes and back up data to ensure it is secure. We will take reasonable steps to safeguard Your Personal Data against it being accessed unlawfully or maliciously by a third party. We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.
If you have any questions or comments about this document, or wish to make contact in order to exercise any of your rights set out within it please contact:
Email: email@example.com – Subject Heading “The Data Controller”.
You also have a right to contact the Information Commissioners Office if required whose contact details are as follows: – Web: https://ico.org.uk/concerns/ The website has various contact points. Telephone Helpline: 0303 123 1113 or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Data transfer out of the European Union: –
Personal data may only be transferred outside of the EU in compliance with the conditions for transfer set out in Chapter V of the GDPR. The recipient firm of the data must have adequate safeguards and controls in place before the data is transferred to them.
We hope this document is useful to you and will help you understand how we handle your data and explain the uses to which it is put. The information we receive helps and assist us introduce your enquiry to the eventual adviser to save time in sourcing an appropriate product for you. They will check the data we supplied with you and ask for additional information when they deal with you.
If you have any queries in relation to this document, please contact the Data Controller, whose details are above.