Discovery Mortgage Services Ltd.

Last updated: 1st February 2024


As a Controller, Discovery Mortgage Services Ltd (“Discovery Mortgage Services/we/us/our”), comply with all applicable data protection and privacy legislation in force from time to time in the UK including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018. This Privacy Notice details how we process your Personal Data.


Under the UK GDPR, we are required to notify the UK Information Commissioner’s Office (“ICO”) about our use of Personal Data. Discovery Mortgage Services Ltd is registered as a Controller in the UK with the Information Commissioner’s Office (“ICO”), registration number ZA510409.

We place great importance on ensuring the quality, confidentiality, integrity and availability of the data we hold and in meeting our data protection obligations when processing Personal Data. We are committed to protecting the security of your Personal Data, using a variety of technical and organisational measures to help protect your Personal Data from unauthorised access, use or disclosure.

We collect Personal Data about a range of people:

  • Visitors to our website
  • People who contact us (enquirers)
  • Clients (including clients of the businesses operating under us)
  • Contractors and suppliers

If you are applying, or have applied to work with us, please refer to our job applicant privacy notice.

What personal information we process

We process personal information to act as an intermediary for financial transactions; typically to advise and apply for property finance such as mortgages or similar for clients. The same applies to advising and arranging insurance policies.

To understand how any personal information other than that provided to us through this website is processed, you will need to refer to any personal communications you receive from us, check any privacy documents provided when entering into a contract with us, or contact us to ask about your personal circumstances.




When you contact us, we ask for some personal information. You are under no obligation to provide this information to us. Providing that information enables us to give you the right information or services that you ask for or notify you of further information required to facilitate that service.

If we would like to use your information for any other purpose than those stated above, we will contact you.

As a minimum, we will hold your name and phone number for the purposes specified above. If you do not become a client of ours, your information will be erased in line with our retention policy.

Visitors to Our Website

We use Google Analytics on our website to provide statistics to help us give visitors the best experience when using our site. IP addresses are collected to see how users interact with our site. Our website uses cookies, which is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns.

We use cookies to help identify and track visitors and their website access preferences. Website visitors can control which types of cookies are placed on their device by adjusting the cookie settings in the browser, by clicking the ‘site information’ icon and selecting ‘cookies and site data’.

Our Clients Views

We want to receive your views on the service you received from us and any improvements you think are necessary. We use Trustpilot® as a Processor to collect feedback from our customers on our behalf and to support our marketing activities. If this is something you agree to help us with, we will share your name and email address with Trustpilot® in order to generate a review invitation and confirm you are a verified customer of Discovery Mortgage Services.

Regulatory Functions and Reporting

As a regulated firm we are required to retain and provide information to the FCA regularly. We must also share regulatory data with our principal firm, JLM Mortgage Network. Most of the information is provided to them under the Financial Services and Markets Act 2000.

Purposes & bases for using your Personal Data

We will only use your Personal Data when the law allows. Most commonly, we will use your personal information for the following purposes and on the following lawful bases:



Lawful Basis for Processing

Carrying out due diligence on our clients and performing risk assessments. This includes carrying out standard due diligence checks in relation to financial affordability for the mortgage and insurance products we recommend to you.

Necessary to comply with legal obligations to which we are subject.

Our legitimate business interest to assess the risk associated with providing you with our services.

When processing sensitive Personal Data, we do so with your explicit consent.

Legal and regulatory compliance and compliance with law enforcement requests. This includes biometric facial recognition to confirm your identity, other checks and monitoring transactions for the purpose of preventing and detecting crime and to comply with laws relating to money laundering, and fraud. Also, sharing information on suspected financial crimes, fraud and threats with law enforcement and regulatory bodies.

Necessary to comply with legal obligations to which we are subject.

When processing sensitive Personal Data, we do so with your explicit consent.

Providing our mortgage and insurance advisory and administration services, covering any services we provide to you as a private client.

Necessary for the performance of the contract agreement to which you are a party.

Maintaining a record of and monitoring clients that consider themselves to be or are considered to be vulnerable.

Necessary to comply with FCA guidance on the fair treatment of vulnerable customers. When processing sensitive Personal Data, we do so with your explicit consent which can be withdrawn at any time.

Managing and developing our relationship with you. This includes providing account management, contacting you for feedback and inviting you to participate in customer satisfaction surveys.

Our legitimate business interest to develop our relationship, collect your feedback, assess your level of client satisfaction and to improve our services.

Sending you marketing about our services, our news and events. This includes sending you our news emails, information about our services, related information which may be of interest to you and to invite you to our events.

Our legitimate business interest to send you marketing and promotional materials from time to time.

Where we have obtained your consent to send marketing, we rely on that consent as the legal basis.

You can tell us to stop sending you marketing information at any time by objecting or withdrawing your consent. You can do so by contacting us at or by using the unsubscribe link in any marketing email you receive from us.

Internal management, administrative and organisational purposes. This includes maintaining internal records and carrying out other business administration tasks.

Our legitimate business interest to process your Personal Data to manage and improve our business processes.

Statistics and other data analysis. This includes creating forecasts and business plans, improving our services and developing new services.

Our legitimate business interest to process your Personal Data to develop and improve our business through aggregated and anonymised reporting and analysis.

Sharing data with entities in our group. This includes sharing client records and results of due diligence with our Appointed Representative entities.

Our legitimate business interest to identify and develop shared clients across our network of advisers and to utilise existing due diligence and risk assessment information when providing our clients with services.

Sharing data with other third parties, including third parties who process Personal Data on our behalf.

Our legitimate business interest to share your data with trusted third parties who provide us with services relevant to our provision of services to you, including professional advisers, screening service providers and IT service providers.

Sharing your information

We sometimes need to share the personal information with other organisations. Where this is necessary, we are required to comply with all aspects of the UK GDPR.

What follows is a description of the types of organisations with which we may need to share your Personal Data for one or more reasons. Where a joint application is made, we are not able to restrict data sharing between applicants.

We will only collect the information needed so that we can provide you with marketing and consulting services. We do not sell or broker your Personal Data.

Where Necessary or Legally Required We Share Information With:

  • Associates and representatives of the person whose Personal Data we are processing, including but not limited to estate agents (if you were introduced to us by one of our agent partners), solicitors, accountants and other professionals;
  • Financial organisations;
  • The Financial Conduct Authority (FCA);
  • The Financial Ombudsmen Service (FOS);
  • Law enforcement and prosecuting authorities;
  • Credit reference agencies;
  • Debt collection and tracing agencies;
  • Other companies in the same group;
  • Our service providers;
  • Courts and tribunals;
  • Undertaking research;
  • Consulting and advisory services;
  • Our professional advisers; and
  • HMRC.

Further Disclosure

We may, on occasion, pass your personal information to third parties exclusively to process work on our behalf; for example, a data destruction provider. We always require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and the UK GDPR.

How we protect your data

We take the security of your data seriously. We have internal policies and controls in place to ensure your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by our employees in the performance of their duties. Where we engage third parties to process Personal Data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of the data. 

How long we retain Personal Data

To ensure we meet our legal, regulatory and customer obligations, we will retain client information for the following periods:

  • an introductory enquiry from a person who we only have limited interaction with is retained for 90 days;
  • any survey information gathered from enquirers or clients is retained for 18 months;
  • any mortgage enquiry, mortgage application and mortgage completion is retained in perpetuity; and
  • any life or critical illness insurance product enquiry, insurance product application and insurance policy completion is retained in perpetuity.

International transfers

It is unlikely that we will ever share your Personal Data outside the UK or European Economic Area (the EU member states plus Norway, Iceland and Liechtenstein) (“EEA”). If, however, it becomes necessary for the purposes of providing our services to you, we will only share it with organisations in countries benefiting from a UK adequacy regulation or on the basis of the UK International Data Transfer Agreement which contractually obliges the recipient to process and protect your Personal Data to the standard expected within the UK.

Your rights

At any point whilst we are processing your Personal Data, all Data Subjects have the following rights:

  • Right of access – subject to certain exceptions, you have the right to request a copy of the information we hold about you;
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete;
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records;
  • Right to restriction of processing – where certain conditions apply you have a right to restrict the processing;
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation;
  • Right to object – you have the right to object to certain types of processing such as direct marketing; and
  • Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.

If you wish to exercise any of these rights, please contact

You will not have to pay a fee to exercise any of your rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

In the event we refuse your rights request, we will provide you with a reason why, which you have the right to legally challenge.

Automated decision making

We do not make client or supplier decisions based solely on automated decision making.

Contact us

This privacy notice does not provide exhaustive detail of all aspects of the collection and use of personal information. However, we are happy to provide any additional information or explanation if needed. If you have any questions or complaints regarding our processing of your Persona Data, please contact us at:

Discovery Mortgage Services Ltd,

1 Giles Road,



HP22 5HE


Telephone 01296 769 333 or you can email   

We have also appointed an independent Data Protection Officer, Evalian Limited, who can be contacted by email at

What if I am still not satisfied?

If you are not satisfied with how we have responded to your enquiry, you have the right to complain to the UK supervisory authority, the Information Commissioner’s Office (ICO).

Changes to this privacy notice

We may update this notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to the products and services we offer. When changes are made, we will update the date at the top of this notice. Please review this notice periodically to check for updates.