Privacy Policy

 

1. Who we are

We are FIRST UNION MORTGAGES LIMITED and we can be contacted using the following details:

Alban House, Garnell Business Park
Brownfields, Welwyn Garden City
Hertfordshire, AL7 1AY

Telephone: 01707897124
Email: enquiries@firstunionmortgages.co.uk

FCA registration number: 300591
ICO registration number: Z4910707.

Our Data Protection Officer is: Meir Plancey

 

2. Our legal grounds for handling your personal data

The UK’s data protection laws allow us to use your personal data provided we have a lawful basis to do so. This includes sharing it in certain circumstances, as described below.

We consider we have the following reasons (legal bases) to use your personal data:

  • Performance of contract with you: we need to use your personal data to be able to successfully legally contract with you.
  • Compliance with our legal obligations: we need to use your personal data so as to comply with certain legislation such as financial crime legislation.
  • Legitimate interests: these are our business and commercial reasons for using your data, which we have balanced against your interests. We have certain legitimate interests in using your data which are not outweighed by your interests, fundamental rights or freedoms. These legitimate interests are to help prevent and detect financial crime, fraud and money laundering, to promote responsible lending, and to assist our compliance with the legal and regulatory requirements placed upon us.
  • Your consent: we may also use your data when you consent to it. You can withdraw this consent at any time, in which case we will cease to use it, unless we have a right and a need to continue processing it for one of the other reasons set out above.

More information on how we use your personal data and for what purposes is set out below.

 

3. What personal data is collected about you and how we collect it

We may collect data about you from the following sources:

Data provided by you:

  • When you apply for products and services and throughout the course of our dealings: for example, your name, national insurance number, postal address, your email address, your IP address, telephone numbers, date of birth, bank account details, home ownership details, reason for borrowing, your assets and liabilities, details of your proof of identity documentation and proof of address documentation etc.
  • When you talk to us: for example on the phone, or in person including call recordings and voice messages. We may monitor or record calls with you to check we have carried out your instructions, to resolve queries or disputes, to improve the quality of our service or for regulatory or fraud prevention purposes
  • In writing: for example letters, emails, texts and other electronic communications etc.
  • Online: for example when you use our website.
  • In financial reviews, for renewals and in any surveys etc

Data we collect when you use our services:

  • Usage and profile data: for example, the profile you create to use our website and how you use it. We gather this data from the devices you use, using cookies, google analytics and other software.

Data provided by third parties:

Data from persons that introduce you to us: for example brokers, financial advisers, agents or other third parties.

  • Data from credit reference agencies, most likely either to be Equifax or Experian
  • Data from fraud prevention agencies
  • Data from the Criminal Records Bureau
  • Publicly available information: for example, from the land registry, companies house, insolvency service, the electoral register, other information available online or in the media, including social media
  • Data from your representatives where relevant: for example your legal and financial advisers such as lawyers and accountants*
  • Data from your employers and medical data where relevant*
  • Sanction checks and PEP (politically exposed person) checks from our outsourced providers, Equifax, Veriphy.

*In certain circumstances we may ask you to provide us with medical information if we determine that this is a requirement for us to either proceed to enter into the agreement with you or once we have entered into the agreement with you determine that the same is necessary for whatever reason. Full details as to the reason for our request and how we will use this information will be given to you at the time should we request such information from you. You will be asked to consent to the provision of this information.

*We may also require a statement signed by an independent qualified accountant as to your financial worth which may include information such as your gross and net worth, your assets and liabilities and information as to your available collateral or security. You will be asked to consent to the provision of this information.

 

4. Why personal data is collected by us

We collect personal data from you for many reasons including:

From time to time we may contact you to ask for your consent to use your personal data for other purposes. Your personal data may also be used for other purposes where required or permitted by law.

When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested. We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.

In order to process your application we may supply your personal information to credit reference agencies (CRAs) in which case they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace debts and prevent criminal activity. When CRAs receive a search from us they may place a search footprint on your credit file that may be seen by other lenders and used to assess applications for finance from you and members of your household. The CRA may also share your personal information with other organisations. We may also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will also be linked to the data of your spouse, any joint applicants or other financial associates. We can provide you with the identities of the CRAs and the ways in which they use and share personal information upon your request. More information about CRAs and how they use your personal data is available at www.experian.co.uk/crainwww.equifax.co.uk/crain and www.callcredit.co.uk/crain.

From time to time we may provide your information to our partners, third parties, and customer service agencies for research and analysis purposes so that we can monitor and improve the services (or as the case may be) we provide. We may contact you by post, e-mail or telephone (or as required) to ask you for your feedback and comments on our services (or as the case may be).

From time to time we may contact you about goods or services that may be of interest to you.

 

5. When personal data is shared

Your personal data may be used by our partners, product providers, brokers, agents, sub-contractors, insurers, lawyers and by any of our or their subsidiary or associated companies before, during and after your agreement with us.

We may also use organisations to perform tasks on our behalf including information technology service providers and payment service providers, who we will then be sharing your personal data with and who may also process and retain your data both before, during and after your agreement with us.

Any of these third parties may contact you by post, e-mail or telephone (or as required) to ask you for your feedback and comments on our or their services (or as the case may be) to give you information about their products and services and/or for marketing purposes. They may also use your personal data to communicate with you on any matter relating to the management and conduct of your account or agreement with us.

We may also share your personal data with CRAs, fraud prevention agencies, law enforcement agencies, regulators and other authorities, the UK Financial Services Compensation Scheme, any agent that you have given us authority to communicate with and persons you ask us to share your data with, companies that we introduce you to, market researchers and customer service agencies for the purposes set out above. These agencies and firms may also share your personal data with others.

If, in the future, we sell, transfer or merge all or part of our business or assets, including the acquisition of other businesses, we may share your data with other parties. We will only do this if they agree to keep it safe and private and to only use it in the same ways as set out in this notice.

If you would like further information please contact us on the details given for us in this notice.

 

6. When personal data is transferred outside the European Economic Area (EEA)

Whenever fraud prevention agencies transfer your personal data outside of the EEA, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

 

7. Consequences

If we, a product provider, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we/they may refuse to provide the services and financing you have requested or  may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you.

If you fail to provide us with data we require, this may delay or prevent us from entering into a contract with you and or complying with our obligations. Depending on the importance of the data, it may mean that we are entitled to terminate an agreement with you.

If you have any questions about the above, please contact us on the details in section 1 above.

 

8. What choices and rights you have

Your personal data is protected by legal rights, which include your right to:

  • object to our controlling and processing your personal data;
  • object to our sharing of your personal data with others or with certain organisations;
  • request that your personal data is erased or corrected or that its processing be restricted;
  • request access to your personal data and for it to be given to you in a portable format;
  • request that we transfer your personal data to another lender;
  • request that we confirm what personal data we currently control and/or process in relation to you.

For more information or to exercise your data protection rights, please contact us using the contact details for us given above.

There may be legal or regulatory reasons why we need to keep or use your data, but please tell us if you think we should not be processing your data.

If you are unhappy about how your personal data has been used by us please contact us and we will send to you our Complaints Policy. You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data. You can contact them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, on 0303 123 1113 or by email to casework@ico.org.uk. See also https://ico.org.uk/global/contact-us.

 

9. How long personal data is kept

We will retain your personal data for a period of 6 years. We may retain your personal data beyond this date for the purposes mentioned above (legal & regulatory purposes)and will in any case at all times retain your personal data for the minimum period required by law. We may also retain your data to deal with any disputes, to maintain records and to show we have dealt with you fairly.

We may also retain your data for research and statistical purposes in which case we will ensure it is kept private and used only for these purposes.

 

10. Cookies

To find out how we use cookies, please see our website.

Brief overview of how our cookies operate.

 

11. Direct marketing

We can only use your personal information to send you marketing information if we have your consent or a legitimate interest. A legitimate interest will usually be a commercial or legal reason which cannot be used unfairly against you.

 

12. Open banking

This section of our Privacy Policy relates to Open Banking and should be read in conjunction with the other clauses in our Privacy Policy. In the event of conflict with any other clauses, this clause shall prevail.

What is Open Banking?

Open Banking is the secure way of providing access to your bank or building society account to providers who are registered for this purpose.

Registered providers and participating banks and building societies are listed under the Open Banking Directory.

Open Banking was set up by the UK Government to encourage more competition and innovation in the financial services sector.

As a forward-thinking lender, we support the use of Open Banking as it allows us to process loan applications efficiently, securely and in our consumer’s best interests.

By permitting access to your bank or building society account information we are able to make a better lending decision as we shall be able to verify your income, outgoings and other matters in order to assess what loan terms would be suitable for you based upon what you can reasonably afford to repay.

Further information about Open Banking is available from www.openbanking.org.uk.

How will my personal data be shared and used for the purposes of Open Banking?

By proceeding with your loan application via our website you expressly consent to us sharing your personal, contact and loan application details (“the Shared Personal Data”) with our registered Open Banking partner, Perfect Data Solutions Limited (“PDS”) who are also a credit reference agency. During your loan application we shall safely and securely direct you to PDS’s secure portal (“the Portal”) for the purposes of granting PDS access to your bank or building society account information (“Transaction Information”). As soon as your Transaction Information is received it shall be reported back to us in the form of a completed search in order that we may continue to process your loan application (“the
Permitted Purpose”).

Further information about PDS including their registered provider and regulatory status is available from www.lendingmetrics.com.

Is Open Banking secure?

PDS are registered under the Open Banking Directory as an account information service provider and are also regulated by the Financial Conduct Authority as a payment services firm under number 802599.

Any data you submit via the Portal will be encrypted and its usage tracked as part of set Open Banking data security standards.

We are responsible for the secure transmission of any Shared Personal Data to PDS, for safely directing you to the Portal and for the safe receipt and usage of your Transaction Information.

You will not be required to share your banking password or log in details with either us or PDS. Once you have given your explicit consent to share your bank account information on the Portal you will be directed to your own bank or building society’s login page where you will enter in your own login details directly.

Save as set out above or elsewhere in this Privacy Policy, we are not responsible for your direct data transmissions with PDS or with your own bank or building society.

How will my Shared Personal Data and Transaction Information be used?

PDS shall, subject to their own terms and conditions and privacy policy, and, if your bank or building society is registered to provide access under the Open Banking Directory, obtain your Transaction Information and submit this back to us for the Permitted Purpose. By way of example, the Transaction Information that we shall receive is likely to include information relating to your income, outgoings and credit worthiness.

PDS shall be entitled to re-access your Transaction Information for up to 90 days from the date of your original search result in order to refresh the search results, obtain a snapshot of your data or gather additional data.

PDS shall hold the Shared Personal Data and the Transaction Information they receive and retain according to their own terms and conditions and privacy policy, available on the Portal, which you will be required to read and consent to once directed there via our website.

As PDS are also a credit reference agency they may also share and keep a record of your Shared Personal Data and Transaction Information.

Will you use my Transaction Information data for any other purpose?

The Transaction Information we receive about you will only be used for the Permitted Purpose. We do not sell or share Transaction Information with any third party.

Save as set out above the information contained in the rest of this Privacy Policy deals with how we collate, use, transfer, store, delete and other terms applicable to your personal data including Shared Personal Data and Transaction Information.

Do I have to provide you with my consent to proceed?

Where your bank or building society have already permitted access to your Transaction Information you shall need to contact them directly in order to withdraw your consent under their particular Open Banking terms and conditions.

Are any of my other rights under this Privacy Policy affected?

Your individual data protection and privacy rights including the right to access, correct, delete, object, restrict, withdraw consent, request transfer and/or make a complaint, continue to apply to relevant personal data we control or process and are dealt with elsewhere in this Privacy Policy.

Under Open Banking as your personal data is shared by your bank or building society and accessed by DS you may also be able to exercise your individual data protection and privacy rights against either of them pursuant to their own terms and conditions and privacy policies.

We're Recruiting