Privacy Notice


As a Data Controller, Discovery Mortgage Services comply with Data Protection laws in the United Kingdom and the EU General Data Protection Regulation (GDPR). This Privacy Policy details how we process your personal data.

Under the GDPR we are required to notify the Information Commissioner’s Office (ICO) about our use of personal data. You can see our current data notification on the ICO website.

We collect personal data about a range of people:

  • Visitors to our websites
  • People who contact us (enquirers)
  • Clients (including clients of the businesses operating under us)
  • Complainants
  • Job applicants and our current and former employees or contractors


Why and How We Process Information


We process personal information to act as an intermediary for financial transactions; typically to advise and apply for property finance such as mortgages or similar for clients. The same applies to advising and arranging insurance policies. We will ask for your consent to do this but as these are contracts with financial institutions our lawful basis for processing data is technically referred to as contract.

To understand how any personal information other than that provided to us through this website is processed you will need to refer to any personal communications you receive from us, check any privacy documents provided when entering into a contract with us or contact us to ask about your personal circumstances.

We also maintain our own accounts and records and retain employee or contractor information to manage our staff / contractors.


Enquirers


When you contact us, we ask for some personal information. You are under no obligation to provide this information to us. Providing that information, enables us to give you the right information or services that you ask for or notify you of further information required to facilitate that service.

If we would like to use your information for any other purpose than those stated above, we will contact you to ask for your consent.

As a minimum, we will hold your name and phone number for the purposes specified above. If you do not become a client of ours, your information will be erased after a period of time in line with our retention policy.


Visitors to Our Website


We use google analytics on our websites to provide statistics to help us give users the best experience when visiting our sites. IP addresses are collected to see how users interact with our site. Our website uses cookies, which is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. We use cookies to help identify and track visitors and their website access preferences. Website visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our website.


Emails


Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with our office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law. We cannot take responsibility for ensuring the safe passage of emails sent to us.


Job applicants, current and former employees or contractors


When individuals apply to work with us we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing you beforehand unless the non-disclosure is required by law.

Personal information about unsuccessful candidates will be held for six-weeks after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical data about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with us, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment.

Once their employment with us has ended, we will retain the file in accordance with the requirements of our retention schedule.


Regulatory Functions and Reporting


As a regulated firm we must provide information to the FCA regularly or in particular situations. We must collect and store regulatory data from our authorised firms. Most of the information has to be provided to us under the Financial Services and Markets Act 2000. Some of this information will be personal data about our employees/advisers or their clients.


Information Processed


We process information relevant to the above purposes. This may include:

  • Personal details; including information about your identity and contact details
  • Family details; such as information on cohabitees, partners, children etc.
  • Employment and education details
  • Financial details; including income, expenditure, assets, debts and credit history
  • ‘Special Category’ data; specifically, medical and lifestyle information for insurance policies
  • Transaction data from services provided by us
  • Technical data; IP address, browser type, device type or other ‘browsing’ data


Who the Information May Be Shared With


We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the General Data Protection Regulation (GDPR). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Discovery Mortgage Services will only collect the information needed so that it can provide you with marketing and consulting services, this agency does not sell or broker your data.


Where Necessary or Legally Required We Share Information With


  • Associates and representatives of the person whose personal data we are processing
  • Financial organisations
  • The Financial Conduct Authority (FCA)
  • The Financial Ombudsmen Service (FOS)
  • Law enforcement and prosecuting authorities
  • Credit reference agencies
  • Debt collection and tracing agencies
  • Other companies in the same group
  • Our service providers
  • Courts and tribunals
  • Undertaking research
  • Consulting and advisory services
  • Our professional advisers
  • Staff welfare organisations
  • Current, past or prospective employers
  • HMRC
  • Pension and payroll administrators


Further Disclosure


We may, on occasion, pass your personal information to third parties exclusively to process work on our behalf; for example, a data destruction provider. We always require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR.


Retention Policy


To ensure we are able to meet our legal, regulatory and customer obligations, we will retain client information for the following periods:

  • Any enquirer who are only have limited interaction with, 90 days
  • Any enquirer we interact with, but do not credit search via a lender’s system, 1 year
  • Where we credit search you via a lender’s system, submit an application which does not complete, or where you make a complaint, 7 years
  • For any finance or insurance application which completes, we will hold records for 7 years after the end of the contract
  • Any survey information gathered from enquirers or clients, 18 months

We also hold employee and contractor information, whether prospective or actual, for:

  • Candidates unsuccessful at application have their information deleted immediately
  • Candidates unsuccessful at interview, 6 weeks
  • Employees/contractors after position ends, 7 years (but not payroll or accounts information)
  • Employees/contractors after employment ends (remaining payroll and accounts information), 21 years


Data Location


We use services and/or suppliers who operate within the EEA and while their parent company may be US based, we require all to fully comply with GDPR or similar to ensure a continuously high level of data protection.


Your Rights as a Data Subject


At any point whilst Discovery Mortgage Services is in possession of or processing your personal data, all data subjects have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records
  • Right to restriction of processing – where certain conditions apply you have a right to restrict the processing
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation
  • Right to object – you have the right to object to certain types of processing such as direct marketing
  • Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling

In the event we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.

At your request we will confirm what information we hold about you and how it is processed.


Access to Personal Information

You have the right to access your personal information (subject to certain exemptions). If you wish to find out what information we hold that relates to you, you must make your request in writing to;

The Data Protection Officer, Discovery Mortgage Services Ltd, 1 Giles Road, Wendover, Bucks, HP22 5HE


How to Contact Us


This privacy notice does not provide exhaustive detail of all aspects of the collection and use of personal information. However, we are happy to provide any additional information or explanation needed. If you have any questions or complaints please contact the Data Protection Officer at:

The Data Protection Officer, Discovery Mortgage Services Ltd, 1 Giles Road, Wendover, Bucks, HP22 5HE

Telephone 01296 769333 or email hello@discoverymortgages.co.uk


What if I Am Still Not Satisfied?


If you are not satisfied with how Discovery Mortgages has responded to your enquiry, you have the right to complain to the Information Commissioner’s Office (ICO), who is the regulator for data protection in the United Kingdom.