Protecting and respecting your privacy
Lesley, Stephen & Co. Limited, The Media Centre, 7 Northumberland Street, Huddersfield, West Yorkshire HD1 1RL (“we and “us””) are committed to keeping your personal data safe and private and processing it in accordance with the Data Protection Act 2018 which is the UK’s implementation of the General Data Protection Regulation (GDPR).
This policy sets out most of your rights under the new laws and documents the basis on which any personal data we collect from you, or that you provide to us, or we obtain from other sources, will be processed by us in connection with your application for a mortgage and/or the administration of your mortgage contract. Please read the following carefully to understand how we and any authorised data processors will process it.
We have in place a number of measures to ensure that any personal data we obtain from you and/or other sources is processed and maintained in accordance with the Data Protection Act 2018 and the GDPR.
For the purpose of the Data Protection Act 2018 and the GDPR, the sole data controller is Lesley, Stephen & Co. Limited. We have a Data Protection Officer (DPO) in place who oversees compliance with law and regulation.
Personal data we may collect from you and/or other sources
We will collect personal and financial data relating to you when you provide us with data and information over the telephone, by email or letter, when you send us documents, when you send us a paper application form or forms electronically or from any third parties (including your Broker), when you apply for a mortgage from us, when we access information held by credit reference agencies, banks and other relevant sources about you, and when we administer mortgage contracts.
The personal data will include your name, address, date of birth, bank details, employment details, income and outgoings and all of the other information that we ask you to provide on our mortgage application form, plus any other information that we obtain form other sources such as credit reference agencies, banks and other relevant sources.
In the absence of such personal data, we would not be able to review your mortgage application, enter into nor administer your mortgage contract.
Uses made of the personal data
Our “Intended Purposes” for the processing of personal data are to allow us to review mortgage applications, enter into and administer mortgage contracts.
Our “Lawful Basis” for the processing of the personal data is “Contract” which means that the processing is necessary for a contract we have with you (the individual), or because you (the individual) have asked us to take specific steps before entering into a contract.
We may use your personal data in the following ways:
- To verify your identity and credit standing with credit reference agencies and to enable us to consider and process your application for a mortgage. We may also make periodic searches at credit reference agencies to help manage your account with us.
- To assess your credit worthiness and whether you can afford to take the mortgage product and confirm your employment and bank details.
- To prevent criminal activity, fraud and money laundering.
- To collect unpaid loans and debt that may be owed by you to us.
- To contact you in connection with your enquiry or enquiries.
- To help us administer and service your account with us, including providing monthly updates to a credit reference agency.
- To carry out our obligations arising from any contracts entered into between you and us.
- To develop and manage products and services to meet your needs and to provide you with information.
- Any other legitimate reason including compliance with legal obligations.
Disclosure of your personal data
We may disclose your personal data to the following:
- Our insurers, auditors, solicitors, professional advisors, sub-contractors or any person providing services to us or who are involved in the mortgage application, who have agreed to treat your personal data as confidential.
- Any funders or any proposed or actual third party involved in any matter relating to the administration of your mortgage with us who has agreed to keep the details confidential.
- Any person where such disclosure is necessary to enable us to ensure that your obligations under any agreement or mortgage with us is being complied with and to ensure that any security given in connection with any mortgage is not at risk.
We may also disclose your personal data to third parties from time to time for the following reasons:
- In the event that there is (or is to be) any change in ownership of our business or assets, we may disclose your personal data to the prospective or new owners so that they may continue to operate our business effectively and continue to provide services to our customers. This may include new shareholders or any organisation that may take an assignment or transfer of any agreements we have entered into with our customers
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation (including with any government agencies or regulators) or to exchange information with other third parties for the purposes of fraud protection, money laundering, financial crime and credit risk reduction.
We will not use, nor pass your personal data to other organisations, for marketing purposes.
We as the data Controller utilise the services of a small number of data Processors who operate under contract on our behalf to assist with the processing of personal data. The Processors are committed to processing the personal data in a manner that ensures its security. This includes protecting against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisation measures.
The main data Processors used by us are:-
Callcredit Information Systems Limited (credit reference agency)
Audacia Consulting Limited (mortgage systems software developers and managers)
Spitfire Marketing (web developers)
Metro Bank PLC (our bankers)
Worldpay (secure card payments)
FCC (collection of monthly repayments by direct debit)
Pure Law LLP and Wilson McKendrick Solicitors Limited (lawyers for the registration of legal charges)
Land Registry (for information relating to your residential property)
Credit reference agencies
In order to process your mortgage application, we will perform credit and identity checks on you with one or more credit reference agencies (“CRAs”). We may also make periodic searches at CRAs to manage your account with us.
To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail at www.callcredit.co.uk/crain. CRAIN is also accessible from each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document: Callcredit; Equifax; Experian.
Retention of your personal data
The length of time we retain your personal data will depend on the purpose for which the information was provided.
In general, however:
- We will keep the personal data that is necessary to enable us to enter into and administer your mortgage contract for at least six years from the final payment on your mortgage (in the event that the personal data is required for subsequent enquiries or complaints from yourself, regulators, and/or other legitimate bodies, and to demonstrate that we have treated you fairly)
- We will keep other information about you if it is necessary for us to do so to comply with the law.
We are committed to processing the personal data in a manner that ensures its security.
Where we collect personal data from you or other sources such as credit reference agencies we will protect it against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisation measures.
Paper-based personal data is held in locked cabinets in our secure office premises. Electronic personal data is held on secure, user-name and password protected servers.
When you telephone us we may record and retain your call for training and monitoring purposes.
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Please refer to the ICO website www.ico.org.uk for further information on this.
The right to be informed
Data Protection Officer:– Mr HJ Cummine email@example.com
Categories of personal data:– we collect personal information such as your name, address and date of birth; financial information such as loan and bank account details. We also collect information relating to your residential property from the Land Registry
Data retention periods:– these are described in this document but in the main for at least 6 years from the date of final payment on your mortgage
Complaints procedure:– this is described in detail in the mortgage documentation that we will provide to you if and when we make a mortgage offer and on our website https://www.lesleystephen.co.uk/downloads/Complaints-Procedure.pdf . This includes the right to lodge a complaint with a supervisory authority
The right of Access
Individuals have the right to access their personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing.
Under the Data Protection Act 2018 and the GDPR, individuals will have the right to obtain:
- confirmation that their data is being processed;.
- access to their personal data; and
- other supplementary information
As and when requested we will provide a copy of the information free of charge. However, we can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
We may also charge a reasonable fee to comply with requests for further copies of the same information. This does not mean that we can charge for all subsequent access requests.
The fee must be and will be based on the administrative cost of providing the information.
Information will be provided without delay and at the latest within one month of receipt.
We will be able to extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, we must and will inform you within one month of the receipt of the request and explain why the extension is necessary.
Please contact Lesley, Stephen & Co. Limited at the address provided at the beginning of this section,
or at firstname.lastname@example.org ,if you wish to seek such information.
The right to rectification
If you do we will take reasonable steps to check its accuracy and correct it where appropriate.
The right to erasure
The right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
We do not think this is applicable with regard to our mortgage contracts nor our IT infrastructure.
The right to object
Individuals have the right to object to the processing of data under certain defined circumstances, such as direct marketing.
Rights in relation to automated decision making and profiling
We do not use automated decision making nor profiling technology.
The information on our website (www.lesleystephen.co.uk) is for the use of existing borrowers, professional mortgage intermediaries and credit brokers, not the general public.
A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things, eg remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website (source: the ICO website
https://ico.org.uk/for-the-public/online/cookies/). The aim is to provide you with a good experience when you use the website and help us improve it.
You may come across information about cookies on websites and be given choices about how some cookies are used. This might include, for example, being asked to agree to a cookie being used for a particular service, such as remembering your preferences on a site. For more information see the following 3rd party website: http://www.allaboutcookies.org/
The cookies used by our website include:-
- _ga to help count how many people visit the website by tracking if you have visited before (performance)
- _gat used to manage the rate at which page view requests are made (performance)
- _gid to help count how many people visit the website by tracking if you have visited before
- PHPSESSID a unique identifier for a session, to record a session/visit to the website
You can normally use your web browser to delete all cookies; block all cookies; allow all cookies; block third-party cookies; clear all cookies when you close the browser; open a ‘private browsing’ / ‘incognito’ session, which allows you to browse the internet without storing local data; and install add-ons and plug-ins to extend browser functionality.
Please be aware that restricting cookies may impact the functionality of the websites you visit.
For further information please visit the ICO website https://ico.org.uk/for-the-public/online/cookies/
We may use third party services such as Google Analytics, a popular analytics product/service offered by Google that tracks and reports website traffic. We may use this type of information to help improve the service we provide to our website visitors.
or more information on the cookie set by Google analytics, including information on how to opt out, please go to https://www.google.com/analytics
Consent and Reporting your cookie concerns
Information can been obtained from the ICO website https://ico.org.uk/media/for-organisations/documents/1545/cookies_guidance.pdf
Personal data breaches
We have a process in place to identify personal data breaches which includes evaluation of risks to individuals and a process to inform affected individuals when it is likely to result in a high risk to their rights and freedoms.