Broker Data Protection and privacy
Who are we?
Money Factors Ltd is a financial services company dealing with enquiries from brokers and the general public. Money Factors Ltd is committed to protecting the privacy and confidentiality of all individuals and takes its responsibilities regarding the security of data very seriously. We abide by the rules of the General Data Protection Regulation (GDPR) upheld by the Information Commissioner Officer (ICO) and are authorised and regulated by the Financial Conduct Authority (FCA) to advise and arrange Mortgages, Life assurance and General Insurance products. This includes processing any personal data lawfully, fairly and in a transparent manner.
The data controller of your personal information is Money Factors Ltd a limited liability company registered at Squire House C/O Nokes & Co, 81-87 High Street, Billericay, Essex, CM12 9AS with company number 07146338.
Our contact details are;
Money Factors Ltd
PO Box 1381
Tel: 0800 112 3375
Our Data Protection Officer is the Data Protection Controller.
Why do we need your data?
We will hold and process your data in order to provide the services anticipated in our introducer /intermediary agreement including informing you about products or services and obtaining a loan, mortgage and insurance products from our panel of providers for you and your clients and recording your involvement in the process for the purpose of compliance and paying you commissions.
You the Client Direct What information do we collect about you and why?
We may ask you to provide personal information by filling in hard copy forms and documents or by corresponding with us by phone, e-mail, letter or otherwise or during the course of our meetings with you.
As a Brokerage and as part of our service we will only collect information from you so that we can advise and arrange Mortgages, Life assurance and General Insurance products that maybe suitable for you. In the financial services industry we call this factfinding which provides us with all the information that we need from you in order to provide you a with suitable product that meets your circumstances and requirements.
What right do we have to process your data?
Money Factors Ltd is regulated by the Financial Conduct Authority (FCA-www.fca.org.uk), which means we are accountable for the products and services we provide. We are obligated to maintain detailed records of transactions with customers which include personal details of who introduced the customer to us. We also maintain records of approved introducers / brokers to provide them with information about products / services and update them on the progress of individual applications. We process your data on the basis of “processing is necessary to fulfil our contractual obligations to you” as set out in our introducer / intermediary agreement.
You the Client Direct
When obtaining information from you we will do this by phone, email or post and will confirm the accuracy of the data collated. It is important that all the data we hold on you is accurate so that we can advise and arrange Mortgages, Life assurance and General Insurance products suitable to you.
The types of information we will collect from you includes; contact details, occupation, income and expenditure, credit details, mortgage requirements, insurance requirements, existing policies, solicitors/accountants details, bank details. In addition, we may collect sensitive personal data such as medical conditions or criminal offence data where required to do so to arrange a policy on your behalf.
Where you provide your personal data on our website it will be taken as a positive action that you would like us to contact you for the purpose as set out on our website.
What do we do with your data?
All of the personal data we hold about you will be processed by our staff based in the United Kingdom. ‘Personal Data’ is data that identifies you as an individual.
Your information may be stored on files and systems within our office and a cloud-based system whose servers are located within the EEA. We take all reasonable steps to maintain the security of your data.
International Data Transfers
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). Specifically, our servers are located in Europe.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with our own standards, this Notice and applicable law. These include:
Transfers of client personal data outside of the EEA (being EU countries plus Norway, Iceland and Leichtenstein) are protected in accordance with EU law – for each transfer, this should be one of:
- a) the signature of Standard Contractual Clauses adopted by the European Commission;
- b) Binding Corporate Rules;
- c) a Privacy Shield certification for a recipient in the USA; or
- d) the recipient is located in a country which has received an adequacy decision from the European Commission (currently, this includes Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay but you should check for any changes to this list here - https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.)
Money Factors Ltd acts in a broking / packaging capacity and will use you data to manage the products, services and overall relationship. In order to help you achieve the finance clients require, we may need to share your data with one or a number of our lenders and other third parties at the appropriate time. We take the security and privacy of your data seriously and take great care over how we process your data to ensure it is done securely and safely at all times.
We will use the information you provide to us to research the market on your behalf to find a suitable policy that meets your circumstances and needs. Once we have carried out research we will provide you with a personalised quotation/illustration detailing the product information. Whilst you consider the quotation/illustration we will remain in touch to answer any questions you may have.
If you are happy to proceed we will then use your data to complete an application form which will then be forwarded to the relevant Lender/Insurer. We will then liaise with them on your behalf until the policy has been arranged.
We will then contact you at renewal or when your policy is due to be reviewed so that we can continue to ensure that the policy you have in place remains suitable. Where your circumstances or personal information have changed we will update our records and notify the Lender/Insurer to do the same.
We will also use your data to assist with handling a complaint if you are not happy with the service you have received.
Some of the main uses of your data are included below:
Party which could share in your personal data
Reason for its involvement
One or more lenders from our panel
To record your details in their systems and on documents they produce for your clients
If you ask us inform your customer to contact you using information they didn’t previously have
Your company / network / club
To identify cases you have been involved in for commission and compliance tracking
A specialist broker
On rare occasions when Promise is unable to help it might look to use the services of a specialist broker. For example, one specialising in non-standard applications.
For example, an accountant or solicitor acting on your clients behalf.
Regulators and Ombudsmen
In the event of a complaint
Our telephone calls are recorded for training purposes. They are saved using “cloud technology”.
Cookies are small text files placed on your machine when browsing a web site in order to improve your browsing experience. They feed anonymous tracking data (such as preferences) to third parties like Google and remember certain details you enter for example saving passwords. You can turn off cookies on your computer at any time.
Third Party System Providers
We use technology provided by third parties to send emails, text messages, use the internet, make phone calls, offer online chat facilities, help source financial products or more effectively handle your enquiry.
Third Party Consultants / Regulators
We occasionally use the services of third parties to audit our business who in the course of this may see your data. Various regulatory bodies also have the right to audit our business in the same way.
As part of our service we like to keep our customers up to date with new products or offers that are available and maybe of interest. Therefore, we may contact you from time to time through email marketing, phone, text or other types of marketing material. If you wish to opt out of this at any point then please let us know.
In the interest to improve our services, telephone calls may be monitored and/or recorded for training purposes and to assist us handle a complaint. Where we record the call you will be informed of this.
The lawful basis on which we use this information
How we use your information (detailed above) we will do so using the lawful basis legitimate interests. We have decided upon this basis as it allows us to meet with the ICO and FCA rules and is the most suitable lawful basis for processing data with a view to arranging a policy.
Who will it be shared with?
As stated above, if you wish to proceed to take out a policy then we will pass your details on to the Lender/Insurer the policy will be arranged with. The information we pass on will be detailed within the application we complete on your behalf. We may also liaise with your Solicitor and/or Accountant where relevant to arrange a product on your behalf.
If you are interested in using a credit facility to pay for your insurance then we will provide [credit provider] with your details and arrange payment through them. Where we assist you with a claim on your policy then we will liaise with the Insurer and Loss Adjuster appointed to your case.
Where required we may forward your details onto regulatory authorities or fraud agencies where we have a legal obligation to do so to comply with our regulatory requirements or where fraud is suspected. We may do this under the lawful basis legal obligation.
Who might my personal information be shared with?
We may disclose your personal information to the following categories of recipients:
- to providers of financial services, insurance and mortgage products and services in respect of whom you request us to submit applications on your behalf and to receive updates from such providers in order for us to provide our services to you throughout the lifetime of our relationship with you;
- to our suppliers and partners in order for them to help us provide our services to you, this includes:
- our IT systems providers to assist us with providing you with an efficient, modern and professional service;
- our suppliers of audit and regulatory compliance support services who may review our records containing your personal information in order to audit and report to us on our compliance with applicable laws and regulatory requirements;
- our accountants, solicitors, insurer(s) and insurance broker(s) and any other provider of professional services to us;
- our affiliate providers who introduce your application to our company;
- to Credit Reference Agencies and Fraud Prevention Agencies to help us make the best possible assessment of your financial situation before we decide whether we can provide you with services. We are also required to provide information to such agencies so that they can update the information which they hold about you and which they may share with other organisations;
- to other financial institutions or regulatory bodies with whom information is shared for money laundering checks, credit risk reduction and other fraud and crime prevention purposes;
- to a prospective buyer (and its agents and advisers) in the event we intend to sell any part of our business or its assets or if substantially all of our assets are acquired by a third party, in which case your personal information could form part of one of the assets we sell, provided that we inform the buyer it must use your personal information only for the purposes described in this Notice. We will never rent or sell your personal information other than as part of a sale of our business.
What type of data do we ask for?
We ask for “personal data”. In essence “personal data” means any information which can lead to a person being identified. Obvious examples being name, address, date of birth etc. In addition, if you told us you were off work for an extended period due to ill health we may note this on our system which could be considered sensitive information.
Depending upon the types of products and services you require, we may also need to collect information from and about you which the law considers to be sensitive, such as data about your physical or mental health, which we refer to as “special category personal data”. The special category personal data that we may ask you to provide, and the reasons why we ask you to provide it, are as follows:
Why we collect it
Certain products and services that you request may require this information. Specifically, in order for us to advise you on and to submit applications for health or life insurance products and services, we will need to collect information relating to your physical and mental health in order to obtain accurate quotes and to advise on the suitability of products (as insurance premiums and eligibility for products will in part depend on your physical and mental health). We will usually collect this information in the course of meetings with you, on specific questionnaires or in the process of completing an application form for such products and services.
Some providers may ask for this information in the course of your application for their products or services. We will never ask for this information for our own purposes.
Some providers may ask for this information in the course of your application for their products or services. We will never ask for this information for our own purposes.
We will only process the special category personal data listed above with your explicit consent. We ask for your consent to the processing of this data at the end of this Notice. You may choose not to provide us with this consent. However, please note that if you do not provide us with your consent to collect and process the information listed in the table above:
- we may not be able to advise you fully in respect of certain products and services which require this information (in particular those relating to health or life insurance).;
- your application may be rejected by the providers of products and services which require this information; or
- the quotes for such products and services may be higher than would be the case if this information were provided.
Your consent to us processing your special category personal data
As explained above, we can only process the special category personal data with your explicit consent. We ask for your explicit consent to the processing of this data below. You may choose not to provide us with this consent. However, please note that if you do not provide us with your explicit consent to process the special category personal data listed above, this may affect our ability to advise you on your options and it may limit the products and services which are available to you and may result in your application being rejected or result in higher quotes being provided to you in particular those relating to health or life insurance.
We may disclose your personal information to third parties where we are required to do so to comply with applicable laws and regulatory requirements including in circumstances where we are required to do so by a court Order, regulatory authority or any other third party with the lawful right to request and receive the personal information we hold about you (including law enforcement agencies and tax authorities).
We may also use your personal information where it is necessary for us to take legal advice in order to establish our legal rights, to bring a claim against you or any related parties or to defend a claim from you or any related parties.
Likely effects of you giving us your data.
We do not envisage any adverse effects resulting from you giving us your personal data. It would only be used for the purposes specified in this privacy notice and the introducer / intermediary agreement between us. Should you wish to reduce the scope of the services we offer or promote under this agreement you can do so via your preferences page when logged in to the loan portal.
In some circumstances, we may receive information about you from third parties. In particular, we will receive information about you from Credit Reference Agencies and Fraud Prevention Agencies. This may include details of the products and services you have applied for, those lenders, finance and credit organisations with whom you have (and have had) an agreement with, the amounts advanced, the amount and frequency of repayments and whether you have made your repayments on time and in full. This will help us make the best possible assessment of your financial situation before we decide whether we can provide you with our services and/or recommend any specific products and services. It is in our legitimate interests to process your personal information for this purpose. We may also ask you to provide Letters of Authority to allow us to receive information about you from providers.
How we store and retain your data?
We have taken the decision to retain all broker records on an indefinite basis to be able to retrieve any of our records at any time, to respond to customer or regulator enquiries and to deal with a new enquiry effectively at any time.
What we will do to ensure the security of personal information
We will not share any of the information you provide to third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us regardless of whether the information is in electronic or physical format. We use leading technologies and security measures to safeguard your information and keep strict security standards to prevent any unauthorised access to it.
How long will we retain your data?
We will only hold data for no longer than is necessary. Where we have arranged a policy on your behalf we will keep your file including your personal data and any call recording, on record for a minimum of six years, in line with our regulatory obligation with the FCA. Where we need to hold your file for longer than this then we will inform you of this.
Credit Reference Agency Data
We do not carry out credit searches as part of our Factfind process. We will seek your permission first to complete these when you sign our Terms of Business.
What are your rights?
Importantly you have significant rights as to how any business uses and handles your data. Below is a brief summary:
- The right to be informed – and this notice you are reading is doing just that!
- The right of access – you can always ask to see what data we hold about you
- The right to rectification – this is saying if you believe any data stored about you is incorrect, you can ask us to correct it, and we will
- The right to request erasure or the ‘the right to request to be forgotten’ – we may have a legal requirement to keep records – for example if a loan has completed (See ‘How we store and retain your data’ above)
- The right to restrict processing – you can ask us to ‘stop’ processing your data at any time, however you should be aware if you do, then we may be unable to proceed with an ongoing application
- The right to data portability – Where we store your data in a database, we can arrange for your data to be formatted into a simple electronic file and sent to you
- The right to object – similar to the right to restrict processing (above), you can ask us to ‘stop’ processing your data at any time, however you should be aware if you do, then we may be unable to proceed with any pending application
- Rights relating to automated decision making and profiling and how we use it Automated decision making We do not use your data for automated decision making
- Be informed about how we use, share and store your personal information;
- Request access to the personal data we hold on you (also known as a Subject Access Request (SAR)). Where a SAR is requested we will respond promptly and within one month from the date we receive the request;
- Request your personal data is amended if inaccurate or incomplete;
- Request your personal data is erased where there is no compelling reason for its continued processing and we don’t have a legitimate interest to retain it;
- Request that the processing of your data is restricted;
- The right to object to your personal data being processed;
- Rights in relation to automated decision making and profiling.
Automated decision making
We do not use your data for automated decision making
Where the processing of your data is based on your consent, you have the right to withdraw this consent at anytime by contacting us by phone or email. We do not use automated decision making or profiling systems.
Where we need your consent we will ask for this separately. We do not use pre-ticked boxes or make assumptions that you have given your consent. Your consent must be freely given by positively opting in or making a clear affirmative action that you are giving your consent. We will do our very best to ensure you know exactly what you are consenting to and remind you that you may withdraw your consent at anytime by contacting us by email or phone. Where consent is obtained a record of this will be made confirming what you have consented to, the time and date and how consent was obtained.
Customers: Our customers are important to us however we appreciate that on some occasions you may wish to look elsewhere. If you do, we would like to stay in touch and therefore will ask for your consent in order for us to do so.
Potential Customers: Where you have expressed an interest in a product but have then decided not to proceed we would like to keep in touch therefore will ask for your consent to do so in case a product may be of interest to you at a later date.
Non-Customers: We will only send you information about regulated products or services if we have obtained your consent to do so.
In addition, to help you with property related service, we have to comply with certain regulations. For example the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (referred to as the Regulations). The information provided will only be used by Money Factors Ltd in relation to complying with the Regulations and will not be shared with other parties unless we are required to do so under law.
If you decide to enter in to a business relationship with Money Factors Ltd we will require a minimum of two separate identification documents; one primary and one secondary document (even if it appears on both lists). The information may be required at various stages of the process depending on the service being provided.
Making a complaint
We always aim to offer the best possible service but there may be occasions when we fail to meet your expectations.
We hope that the service you receive from us is to the high standard you would expect. If at any point you are unhappy with the way we have used your data then please notify: Money Factors by either email, post or phone below. If you remain concerned about the way we collect or use your personal data you can raise your concern with the Information
Commissions Office (ICO) on 0303 123 1113. For further details you may visit the ICO website www.ico.org.uk
We will tend to disclose the complainants identity to whoever the complaint is about, however if you wish your identity to remain anonymous, we will try to respect that. We will keep your complaint on record for two years once closed or six years if it also relates to how we arranged a policy and falls under the FCA ruling.
What may other organisations do?
If we pass your data on to another organisation, for example a lender preparing a quote for your client they may record your details for compliance purposes within their systems and will issue you a “fair processing notice” if required. Promise bears no responsibility for the use of your data beyond our control.
Updates to this Notice
We may change or update this Notice in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. When we update our Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make.
I/We would like to confirm that we have read and understood the above and this was explained by our Mortgage Advisor.
Signed: .......................................................... / ..........................................................
Name(s): ........................................................... / .......................................................