Privacy Policy
Masterplan Financial Services. Our address is 223 New Lane Hill, Tilehurst, Reading, RG30 4JU.
To help ensure we meet all our obligations we have appointed a Data Protection Officer. If you have any questions or concerns about how your personal information is being used you can contact the Data Protection Officer
On 0118 9451600
or by email to stephen.tait:@masterplanfs.co.uk
or by writing to The Data Protection Officer
Masterplan Financial Services
223 New Lane Hill
Tilehurst
Reading
RG30 4JU
You can also obtain information and advice from the Information Commissioner who is the independent regulator appointed by Parliament to oversee compliance with data protection and information rights: http//www.ico.org.uk
2.What information we collect and how we use it
We want to give all our customers the best standard of service we can and are serious about protecting your personal information. Please read on to find out what information we’ll need from you, how we use your personal information to make our products and services as effective as possible and how we look after it.
Mortgage Customers
Our core business is acting as a mortgage broker. This involves searching against the lenders we deal with to find the mortgage that best suits your circumstances. We do this when you call us by asking you about your identity and contact details; your product preferences; your property and tenancy history and types and number of occupants and their relationship to you; your lifestyle; nationality and residence status; employment, income and expenditure and other financial circumstances. How you answer these questions will determine what other questions we ask you because different lenders serve different parts of the market and have different eligibility criteria. We will always explain the process to you and answer any questions you may have about why certain types of information may be needed.
When you apply for a mortgage through us we will collect your direct debit details to pass on to your lender. If the products you select involve a cost, such as a valuation fee, we will ask for your payment information.
Mortgage lenders are data controllers in their own right and have their own privacy notices. However, because lenders may automatically profile your information against their lending criteria and against Credit Reference Agencies as soon as your information is forwarded to them and this may affect your credit score, we will always bring this to your attention as part of the process so that you are forewarned. We will also make you aware in advance when lenders are likely to debit any funds from your accounts.
Insurance Customers
Where customers express an interest in life insurance we will also collect information about health as this is necessary so that the insurers we deal with can determine cover and premiums.
Vulnerable Customers
Apart from the information customers provide to us directly we may also record information about potential vulnerabilities where we think this is appropriate to meet the obligations placed on us by the Financial Conduct Authority (FCA) with regard to vulnerable customers.
Updating Your Details
If you are an existing customer we may use the information we have on you to pre-complete forms when you apply for a new product, but we will always check that these details are accurate and up to date.
However, if you’ve opened an account or policy with another organisation that we introduced you to, you will need to contact them separately to update your information.
Telephone calls
We record information about calls we make or receive against customer cases on a secure customer record management system (Mortgage Brain -The Key) so that we can be sure that we have captured the information you have given us accurately.
Marketing and Market Research
We may use your information to contact you about a new mortgage product or other products that match your profile and may be of interest to you. Where we seek consent to do this we make sure we are clear about what methods we can use to contact you. We make sure that you are able to opt out of marketing communications at any time in a way that is convenient to you, including the method you used to contact us.
Money Laundering and preventing and detecting unlawful acts
We are required by law to submit a Suspicious Activity Report to the National Crime Agency whenever we detect a risk of money laundering or fraudulent activity. The law also permits us to report suspected crime to the appropriate authorities.
We are also required to disclose personal data where required to do so by law or by the order of a court.
We have discretion to disclose personal data where this is necessary for protecting the public against dishonesty.
3.What are the legal grounds for handling personal information?
We understand that personal information is just that – personal.
So, when we process your personal data, we make sure we satisfy the conditions prescribed by data protection laws to do so. This section covers what those conditions are.
The law says we must have a legal basis for processing personal data. There are six standard data processing grounds or conditions for processing personal data
Where we process what is called ‘special category data’ (information about health, genetic or biometric data etc) we must additionally have a special category condition or ground for processing your personal data.
We rely on the following conditions for the activities indicated.
Legitimate Interests
In most cases, you’ll provide the information covered in section 2 because you want to use our services. Ordinarily for a business this would mean that the condition for processing is contractual. However, this condition only applies where a legal contract exists between the parties concerned. Because we act as an intermediary this condition is not available. We therefore rely on what is called the ‘legitimate interests’ ground for processing. The law provides we can use your information under this condition where our interest in using it is not outweighed by your privacy rights or interests. This means that we can use your personal data only in ways you would reasonably expect and which have a minimal impact on your privacy, or where there is a compelling justification for the processing.
We rely on this condition for the uses we identify in section 2, except where we indicate below that another condition is more relevant.
In the case of mortgage and insurance applicants the legitimate interest condition applies because you have requested the service in question and can withdraw at any time. We also rely on this condition to process any details joint mortgage applicants give us about the other applicants. When we write to the first applicant we provide a Privacy Notice and draw to their attention what they need to say to joint applicants. Applicants should be aware that lenders will not proceed with any mortgage without the written consent of any occupant of the current property who is aged over 17.
Consent
In order to use your personal data on this basis your consent must be freely given, specific, informed and unambiguous. We rely on this condition for the following purposes:
• Where we need information to provide you with additional services or features
Explicit Consent
We need what is called explicit consent where we rely on consent to process what is called sensitive or special category personal data.
• Health data in connection with life policies
Complying with a legal obligation
• Money Laundering reports
• Reporting fraud and other suspected crimes to the appropriate authorities.
• Suspicion of terrorist financing or money laundering
• Protecting the public against dishonesty
• Insurance and data concerning the health of relatives of an insured person
Contract
• Processing personal data in connection with contracts that we hold with contractors, suppliers
Who we share your personal information with
To provide our services to you, we’ll sometimes need to share your personal information with relevant organisations – such as lenders, insurers and fraud prevention agencies.
To fulfil our contractual obligations, we’ll also share your personal data with the following third parties:
• Mortgage Lenders
• Product Providers
To help you benefit from the services of our expert partners, we’ll also share your personal data with the following organisations – but only with your consent:
• Product Providers for secured loans, Equity Release or commercial enquiries
If you no longer wish us to share your data with any of these organisations, you may withdraw your consent at any time.
All the organisations above are each data controllers in their own right and will have their own Privacy Notices that will tell you about how your personal data will be used by them.
We’ll also share your personal data with the following data processors where necessary to fulfil our services and regulatory obligations:
• Iress and The Exchange to provide life insurance quotations
• Trigold prospector to provide mortgage illustrations
• Mortgage Brain The Key Customer Relationship Management System
We may disclose information to either the Financial Service Ombudsman or the Financial Conduct Authority where they request this to resolve complaints, or our auditors in connection with their duties.
4. Where in the world do we send information?
As a UK based company, all the personal information we process is protected by European data protection standards. And, if we ever have to send data overseas, we take care that it’s covered by the same high standards.
As a UK based company, all the personal information we process is protected by European data protection standards.
5. Your Information Rights
It’s really important that you understand your legal rights in relation to your personal information – as well as how you can contact us if you have any questions or concerns. This section covers just that.
The following is a list of the rights you have under Data Protection legislation. Not all these rights apply in all circumstances but we will be happy to explain this to you at the time you ask. Independent advice about your rights can be obtained from the Information Commissioner (see above.)
All these rights can usually be exercised free of charge and generally speaking we must respond within one month. If we need longer to respond we will explain why this is necessary within the one-month period and tell you more about any rules that affect how you can exercise your rights.
INFORMED You have the right to be informed in a concise, transparent, intelligible and easily accessible way about how we use your personal information. We will explain why we need information (in particular any uses that are not obvious) at the time we collect information from you and make sure that all our data collection forms and letters point you to this Privacy Notice.
ACCESS You can make what is called a subject access request for a copy of the information we hold about you.
We must also tell you why we have the information, what types of information we collect; who we share it with and whether, in particular, any of those recipients are outside the European Economic Area; how long we will keep your information for; where the information came from, if we didn’t collect it from you directly; the details of any automatic decision taking and about your rights of complaint to the Information Commissioner.
PORTABILITY You have the right in some circumstances to have the data you have provided to us sent to you or provided to another person or business in an electronic machine-readable format.
CORRECTION You have the right to have inaccurate information corrected and incomplete information completed. If the information we need to deliver our services to you changes please tell us about this as soon as possible.
OBJECT You will normally have the right to object to how we intend to use your information based on your individual circumstances.
You have an absolute right to object to us using your personal information for the purpose of direct marketing at any time.
RESTRICTION If you have objected or complained about how we have used your information or its accuracy you may not want it to be deleted until your complaint has been resolved. In certain circumstances you can ask for your data to be restricted or not used until these issues are resolved.
ERASURE You have a right to have some or all of the information we hold about you erased in some circumstances. This is known as the right to be forgotten.
AUTOMATED Masterplan Financial Services does not make automated decisions about any of its clients.
CONSENT If we are processing your personal information on the basis of your consent you have the right to withdraw that consent at any time.
COMPLAINT You have a right of complaint to the Information Commissioner (the Supervisory Authority) if you consider any aspect of Masterplan Financial Services use of your personal information infringes the law.
However, Masterplan Financial Services will want to put matters right wherever we can and we would hope that you will contact us in the first instance. You can exercise your data protection rights or complain about how we are processing your personal information by contacting the Data Protection Officer.
If your complaint is about the administration, or terms and conditions of a product sold by us but provided by a lender/insurer, you may need to contact them about it. If needed, we’ll forward details of your complaint to the company concerned, as well as giving you their contact details.
To help make sure you always speak to the right person about your complaint, if it looks like another company will be better able to handle your case, we’ll let you know how to contact them. We’ll also send details of your complaint to them, to get them up to speed.
6. How we keep your personal information secure
We’re committed to keeping your personal information safe and sound. In this section, you’ll read about the security measures we take to protect our customers’ data.
At Masterplan Financial Services, we understand how important it is to keep your personal information secure. We use a variety of technologies and procedures to protect your personal information from accidental or unlawful breaches of security. These include physical, organisational, and technological measures.
As covered in section 4, we have to share your information with third parties to carry out some of our services, including lenders and insurers amongst others. We require every third party that we share information with to apply appropriate security safeguards and comply with all the required laws and standards for protecting personal information.
7. How long do we keep your personal information for?
• If you become a client of a lender / product provider as a result of the advice we provide to you, we will keep a full courecord of your interactions with us for the lifetime of the contract plus a reasonable period to enable us to meet our regulatory obligations to evidence we gave suitable advice and to enable us to answer any complaints that may arise as a result of our advice.
• If, as a result of our advice, you make an application to a lender / product provider but do not ultimately become a client of that institution, we will keep a full record of your interactions with us for 5 years to meet our obligations under UK Money Laundering regulations.
• If we provide you with advice on a financial product, but you do not engage our services to make an application to a lender/insurer, we will keep a full record of your interactions with us for 3 years, to enable us to meet our regulatory record keeping obligations regarding evidencing suitability of our advice.
• If we collect personal information from you, but are unable to provide you with suitable advice, then we will keep a full record of your interactions with us for 1-year to facilitate an easier interaction between us if you re-engage our services within this period.
• If you request we contact you in relation to our service by providing us with your name and a contact method (e.g. phone, email) through an enquiry form (either on our own, or a 3rd party website) we will use our best endeavours to contact you as soon as possible. If we are unable to make contact with you, we will retain this information for a period of 90-days from the time we de-activate your lead in our database.
8. Changes to this Privacy Policy
So that you’re always in the know about what happens with your personal information, it’s a good idea to check this Privacy Policy for updates from time to time.
We will update this Privacy Notice to make sure we are complying with our obligations and to be transparent about how we use your personal information and that it is as concise, clear, and in plain English and as easily accessible as it can be. However, if we make any changes to how we process your personal information in ways that you would not reasonably expect, we will contact you and bring these changes to your attention.