Effective from: 09/05/18

This Privacy Statement explains what personal information we collect and how we use it.

  1. About MortgageShop.com and how you can contact us

    This document includes important information about how we use your personal data. If you want to talk to us more about it, you can get in touch using the details below.

    Learn more

    MortgageShop.com is a Company limited by shares. Our registered address is Applications Department, Metropolitan House, Darkes Lane, Potters Bar, Hertfordshire, EN6 1AG. You can find out more about us on our website at www.MortgageShop.com

    To help ensure we meet all our obligations we have appointed a Data Protection Officer. If you have any questions or concerns about how your personal information is being used you can contact the DPO

    on 0871 362 0871
    or by email to support@mortgageshop.com
    or by writing to The Data Protection Officer
    MortgageShop.com, Applications Department
    Metropolitan House
    Darkes Lane
    Potters Bar
    EN6 1AG

    You can also obtain information and advice from the Information Commissioner who is the independent regulator appointed by Parliament to oversee compliance with data protection and information rights: www.ico.org.uk

    MortgageShop.com is registered with the Information Commissioner.

  2. What information we collect and how we use it

    We want to give all our customers the best standard of service we can and are serious about protecting your personal information. Please read on to find out what information we’ll need from you, how we use your personal information to make our products and services as effective as possible and how we look after it, including our Cookies policy.

    Learn more

    Information we collect directly

    Mortgage Customers

    Our core business is acting as a mortgage broker. This involves searching against the lenders we deal with to find the mortgage that best suits your circumstances. We do this when you call us by asking you about your identity and contact details; your product preferences; your property and tenancy history and types and number of occupants and their relationship to you; your lifestyle; nationality and residence status; employment, income and expenditure and other financial circumstances. How you answer these questions will determine what other questions we ask you because different lenders serve different parts of the market and have different eligibility criteria. We will always explain the process to you and answer any questions you may have about why certain types of information may be needed.

    When you apply for a mortgage through us we will collect your direct debit details to pass on to your lender. If the products you select involve a cost, such as a valuation fee, we will ask for your payment information.

    Mortgage lenders are data controllers in their own right and have their own privacy notices. However, because lenders may automatically profile your information against their lending criteria and against Credit Reference Agencies as soon as your information is forwarded to them and this may affect your credit score, we will always bring this to your attention as part of the process so that you are forewarned.

    Insurance Customers

    We routinely offer our mortgage customers life insurance and potentially building and contents insurance. Where customers express an interest in life insurance we will also collect information about health as this is necessary so that the insurers we deal with can determine cover and premiums.

    Vulnerable Customers

    Apart from the information customers provide to us directly we may also record information about potential vulnerabilities where we think this is appropriate to meet the obligations placed on us by the Financial Conduct Authority (FCA) with regard to vulnerable customers. You can find out more about our obligations to potentially vulnerable customers here:


    Updating Your Details

    If you are a pre-existing customer we may use the information we have on you to pre-fill forms when you apply for a new product, but we will always check with you that these details are accurate and up to date, by giving you access to this date before going ahead.

    However, if you’ve opened an account or policy with another organisation that we introduced you to, you will need to contact them separately to update your information.

    Telephone calls

    We record calls in and out against customer cases so that we can be sure that we have captured the information you have given us accurately. This helps us to prevent fraud and resolve any disputes.

    Marketing and Market Research

    We may use your information to contact you about other products that match your profile and may be of interest to you. Where we seek consent to do this we make sure we are clear about what methods we can use to contact you. We make sure that you are able to opt out of marketing communications at any time in a way that is convenient to you, including the method you used to contact us. Where we use online advertising platforms the data you supply to us will be matched by them to any profile they have of you.

    We may contact you to conduct market research. We occasionally run promotions, competitions and prize draws but if we ask you for your contact details we will ensure these are not used for marketing unless you are happy to consent to that separately.

    Money Laundering and preventing and detecting unlawful acts

    We are required by law to submit a Suspicious Activity Report to the National Crime Agency whenever we detect a risk of money laundering or fraudulent activity. The law also permits us to report suspected crime to the appropriate authorities.

    We are also required to disclose personal data where required to do so by law or by the order of a court.

    We have discretion to disclose personal data where this is necessary for protecting the public against dishonesty.

    Cookies on our website, and tracking emails, re-marketing and analytics

    When you register on our website we will ask you to input logon and password data to ensure the integrity of your user account. We collect information that helps us to detect if someone is trying to access your account. We also collect data on how you use our website so that we better understand your interests and can match products to your needs.

    We use personal data for analytical purposes to understand trends and how the business works but the reports we produce do not identify individuals.

    The Cookies Section of the Privacy Notice explains what cookies we use and how you can turn off and control any advertising cookies (subject to your browser functionality).

    We use email tracking technology to capture information such as (but not limited to) the time and date our emails are opened, the type of device used and any links within the email clicked on. We may share this information with the organisations listed in Section 5 (for example, mortgage lenders) for the same purposes, but stipulate that they may not use your details for direct marketing unless they have your consent or an existing relationship with you and you have not previously opted out.

    Social Media

    As a business we monitor what the public are saying about us on social media such as Facebook and Twitter, so that we can build these comments into improving our products and the ways we interact with customers.

    Training and Testing

    We do not use customer data for generalised training or system testing separate from case management, and always use dummy data sets for these purposes.

    Information that we collect indirectly

    When any of our customers apply for a product, the law requires us to check their identity. This makes it harder for criminals to use financial systems, or to use false names and addresses to steal the identities of innocent people. Checking everyone’s identity is an important way of fighting money laundering and other criminal activities.

    To confirm that you are who you say you are, we’ll try to verify your name and address by checking your details against databases held by credit reference agencies and the electoral roll. If we can’t verify your name and address in this way, we may ask you to provide us with other documents to confirm these details. This does not affect you credit history or status.

    If you are a joint mortgage applicant we will record any information you give us about any other persons who are joined to the application.


    We use the information we have about you to provide all the aspects of our service you would expect such as contacting you to prompt you with reminders about renewals and to help resolve any complaints or investigations.

    We may also disclose information where permitted by law in connection with the resolution and pursuit of legal rights and disputes or complaints.

    Automated Decision Making

    We do not make fully automated decisions. Our service is to provide the information to lenders and insures so they can make a decision about the product you have selected.


    If you give us a good review we may contact you to ask you if you would like to publicise your review.

  3. What are the legal grounds for handling personal information?

    We understand that personal information is just that – personal. So when we process your personal data, we make sure we satisfy the conditions prescribed by data protection laws to do so. This section covers what those conditions are.

    Learn more

    The law says we must have a legal basis for processing personal data. There are six standard data processing grounds or conditions for processing personal data Where we process what is called ‘special category data’ (information about health, genetic or biometric data etc) we must additionally have a special category condition or ground for processing your personal data.

    We rely on the following conditions for the activities indicated.

    Legitimate Interests

    In most cases, you’ll provide the information covered in section 2 because you want to use our services. Ordinarily for a business this would mean that the condition for processing is contractual However, this condition only applies where a legal contract exists between the parties concerned. Because we act as an intermediary this condition is not available. We therefore rely on what is called the ‘legitimate interests’ ground for processing. The law provides we can use your information under this condition where our interest in using it is not outweighed by your privacy rights or interests. This means that we can use your personal data only in ways you would reasonably expect and which have a minimal impact on your privacy, or where there is a compelling justification for the processing.

    We rely on this condition for the uses we identify in section 2, except where we indicate below that another condition is more relevant.

    In the case of mortgage and insurance applicants the legitimate interest condition applies because you have requested the service in question and can withdraw at any time. We also rely on this condition to process any details joint mortgage applicants give us about the other applicants. When we write to the first applicant we provide a link to this Privacy Notice and draw to their attention what they need to say to joint applicants. Applicants should be aware that lenders will not proceed with any mortgage without the written consent of any occupant of the current property who is aged over 17.

    Increasingly we base our marketing and market research on consent but where we rely on legitimate interests we think this is fair because we only contact existing customers or people who have contacted us directly and each communication provides an easy to use opt out. We think it is fair to use social media in the way we describe in section 2 because this is publicly available information and we do not use the data to profile or make decisions about individuals. Our interest is in what is said about us not who is saying it.


    In order to use your personal data on this basis your consent must be freely given, specific, informed and unambiguous. We rely on this condition for the following purposes:

    • Where we need information to provide you with additional services or features
    • Direct Marketing – To let you know about products, services and offers from MortgageShop.com. (We also market to customers who have enquired to use our services under the legitimate interests condition) or
    • Market research – Where we invite you to participate in market research (more on this below). Any feedback you provide is used only with your consent.
    • Administering prize draws, competitions, surveys and other promotional activities.

    Explicit Consent

    We need what is called explicit consent where we rely on consent to process what is called sensitive or special category personal data.

    • Health data in connection with life policies

    Complying with a legal obligation

    • Money Laundering reports

    Public Interests & Substantial Public Interest Tasks

    • Processing health data in connection with vulnerable customers
    • Reporting fraud and other suspected crimes to the appropriate authorities.
    • Suspicion of terrorist financing or money laundering
    • Protecting the public against dishonesty
    • Insurance and data concerning the health of relatives of an insured person


    • Processing personal data in connection with contracts that we hold with contractors, suppliers.
  4. Who we share your personal information with

    To provide our services to you, we’ll sometimes need to share your personal information with relevant organisations – such as lenders, insurers and fraud prevention agencies.

    Learn more

    To fulfil our contractual obligations, we’ll also share your personal data with the following third parties:

    • Mortgage lenders
    • Life insurers
    • Lead suppliers (if you were introduced to us by a third party)
    • Either Experian, Equifax, or Call Credit
    • Our personally recommended conveyancers where you wish to proceed with a quote.

    To help you benefit from the services of our expert partners, we’ll potentially also share your personal data with organisations:

    • Overseas finance - this is likely to be for referalls
    • Foreign currency enquiries
    • Accident, sickness and unemployment insurance
    • Building surveys
    • Equity release products.
    • Commercial mortgage enquiries

    All the above sets of organisation are each data controllers in their own right and will have their own Privacy Notices that will tell you about how your personal data will be used by them.

    We’ll also share your personal data with the following data processors where necessary to fulfil our services and regulatory obligations:

      • Online Advertising Platforms such as Facebook and Google (please see the part in Section 2 on Marketing and Market Research.

    We may disclose information to either the Financial Service Ombudsman, the Financial Conduct Authority, or other regulators where they request this to resolve complaints, or our auditors in connection with their duties.

  5. Where in the world do we send information?

    Learn more

    As a UK based company, all the personal information we process is protected by European data protection standards. And, if we ever have to send data overseas, we take care that it’s covered by the same high standards.

  6. Your Information Rights

    It’s really important that you understand your legal rights in relation to your personal information – as well as how you can contact us if you have any questions or concerns. This section covers just that.

    Learn more

    The following is a list of the rights you have under Data Protection legislation. Not all these rights apply in all circumstances but we will be happy to explain this to you at the time you ask. Independent advice about your rights can be obtained from the Information Commissioner (see Section 1.)

    All these rights can usually be exercised free of charge and generally speaking we must respond within one month. If we need longer to respond we will explain why this is necessary within the one month period and tell you more about any rules that affect how you can exercise your rights.

    INFORMED You have the right to be informed in a concise, transparent, intelligible and easily accessible way about how we use your personal information. We will explain why we need information (in particular any uses that are not obvious) at the time we collect information from you and make sure that all our data collection forms and letters point you to this Privacy Notice.

    You can make what is called a subject access request for a copy of the information we hold about you.

    We must also tell you why we have the information, what types of information we collect; who we share it with and whether, in particular, any of those recipients are outside the European Economic Area; how long we will keep your information for; where the information came from,if we didn’t collect it from you directly; the details of any automatic decision taking and about your rights of complaint to the Information Commissioner.

    PORTABILITY You have the right in some circumstances to have the data you have provided to us sent to you or provided to another person or business in an electronic machine readable format. Where this applies we will download the information and send it as a CSV or PDF file.
    CORRECTION You have the right to have inaccurate information corrected and incomplete information completed. If the information we need to deliver our services to you changes please tell us about this as soon as possible.

    You will normally have the right to object to how we intend to use your information based on your individual circumstances.

    You have an absolute right to object to us using your personal information for the purpose of direct marketing at any time.

    RESTRICTION If you have objected or complained about how we have used your information or its accuracy you may not want it to be deleted until your complaint has been resolved. In certain circumstances you can ask for your data to be restricted or not used until these issues are resolved.
    ERASURE You have a right to have some or all of the information we hold about you erased in some circumstances. This is known as the right to be forgotten.

    This right only applies where a decision which has a legal or similar effect is DECISION MAKING taken about a person by automated means without any human intervention.

    Where such decisions are made individuals have a right to ask for the decision to be reviewed and the data controller must make sure appropriate safeguards are in place. However, MortgageShop.com does not make automated decisions about any of its clients.

    CONSENT If we are processing you personal information on the basis of your consent you have the right to withdraw that consent at any time.
    COMPLAINT You have a right of complaint to the Information Commissioner (the Supervisory Authority) if you consider any aspect of MortgageShop.com's use of your personal information infringes the law. Section 1 provides the contact details.

    However, MortgageShop.com will want to put matters right wherever we can and we would hope that you will contact us in the first instance. You can exercise your data protection rights or complain about how we are processing your personal information by contacting the Data Protection Officer as set out in Section 1.

    If your complaint is about the administration, or terms and conditions of a product sold by us but provided by a lender/insurer, you may need to contact them about it. If needed, we’ll forward details of your complaint to the insurer concerned, as well as giving you their contact details.

    To help make sure you always speak to the right person about your complaint, if it looks like another company will be better able to handle your case, we’ll let you know how to contact them. We’ll also send details of your complaint to them, to get them up to speed.

  7. How we keep your personal information secure

    We’re committed to keeping your personal information safe and sound. In this section, you’ll read about the security measures we take to protect our customers’ data.

    Learn more

    At MortgageShop.com, we understand how important it is to keep your personal information secure. We use a variety of technologies and procedures to protect your personal information from accidental or unlawful breaches of security. These include physical, organisational, and technological measures.

    All information we process is encrypted in transit so that your personal and financial information is secure. For example, where you share information with us online or we forward this to other organisations online we use HTTPS. Where you create an online account with us you will need to supply a username and password. To protect your account we will encourage you to use a strong password and have implemented two factor authentications.

    As covered in section 4, we have to share your information with third parties to carry out some of our services, including lenders and insurers amongst others. We require every third party that we share information with to apply appropriate security safeguards and comply with all the required laws and standards for protecting personal information.

  8. How long do we keep your personal information for

    We only keep your personal information for as long as we need to. This section explains how long the different types of records will be kept.

    Learn more

    To ensure that we are able to meet our legal, regulatory and customer obligations, MortgageShop.com will retain client information for the following time periods:

    • If you become a client of a lender/insurer as a result of the advice we provide to you, we will keep a full record of your interactions with us for your lifetime plus a reasonable period to enable us to meet our regulatory obligations to evidence we gave suitable advice and to enable us to answer any complaints that may arise as a result of our advice. In practice this means that we will keep your records for no longer than 100 years after you last transact with us
    • If, as a result of our advice, you make an application to a lender/insurer but do not ultimately become a client of that institution, we will keep a full record of your interactions with us for 100-years after you last contacted us to meet our obligations under UK Money Laundering regulations and to assist in potential litigous queries.
    • If we provide you with advice on a financial product, but you do not engage our services to make an application to a lender/insurer, we will keep a full record of your interactions with us for 100-years after your last contact, to enable us to meet our regulatory record keeping obligations regarding evidencing suitability of our advice.
    • If we collect personal information from you, but are unable to provide you with suitable advice, then we will keep a full record of your interactions with us for 1-year to facilitate an easier interaction between us if you re-engage our services within this period.
    • If you request we contact you in relation to our service by providing us with your name and a contact method (e.g. phone, email) through an enquiry form (either on our own, or a 3rd party website) we will use our best endeavours to contact you as soon as possible. We will retain these details for 100 years after your last contact to cover us from future claims.
  9. Use of Cookies

    We use cookies to give you the best experience when using our website. This section covers what cookies are, what they do – and what they don’t do.

    Learn more

    A cookie is a very small text file that a website saves to your computer's hard disk. Its purpose is to store any information that you give about yourself, or to save your preferences.

    So when you log into the MortgageShop.com website, your unique ID number, and the time you signed in, is stored in an encrypted cookie on your hard disk. This then allows you to move from page to page on our website without constantly having to log in again. We use session cookies to store data on our server that are individual to you. When you log out, these session cookies will be deleted from your computer.

    At a basic level, cookies will:

    • allow our website to work properly, and help keep it secure
    • help us understand how people use the website
    • make the site easier to use by remembering information that you've entered
    • Improve your experience by showing you information that's relevant to you.

    Cookies at a glance

    The cookies we use let our websites store certain types of information, and not others.

    Our websites will: Our websites will not:

    remember information you've entered to save you entering it again

    store your results when using our tools and calculators

    allow you to share pages with social networks

    make sure your logged in session is secure

    remember your username

    store your password, to keep your account secure

    The types of cookies we use

    There’s lots of different cookies with different purposes. The ones we use fall into four categories:

    Necessary cookies

    These cookies let you move around our websites and use all the features. Without them, you wouldn't be able to do things like use online banking, or use forms to apply for products. These cookies also help keep your banking session secure.

    Performance cookies

    These simply help us improve the way our website works. They tell us how people use each page, which ones are viewed most often, or whether any errors occurred.

    Customisation cookies

    These cookies store your personal settings (such as font sizes and volume level), or remember basic information that you've entered – so that next time you visit our website, it's all there for you. For example, if you enter a value to complete one of our calculators, we’ll enter this value in other tools and calculators throughout the site.

    Targeting cookies

    These cookies help make sure the adverts you see on your screen are relevant and useful to you.


    By using our website, you're consenting to us using cookies in the ways described above. But if you change your mind, you can alter your cookie settings at any time through your browser settings.

    Changing your cookie settings

    We recommend that you don't change your cookie settings, as blocking some or all of them may affect how well our website performs for you.

    But if you do decide to change them, you can do this through your browser. Each browser works in a different way, so a good place to start is by searching ‘cookie settings’ in your browser’s help section.

    Advertising cookies

    If you prefer, you can choose to just turn off advertising cookies by blocking specific companies. You’ll still see adverts on the internet but they might not be tailored to your likely interests or preferences.

    You can set your advertising preferences here. This link will open in a new window, so you can keep reading this document.

    Third party cookies

    Please note, MortgageShop.com is not responsible for the content of external websites.

    Necessary cookies

    Necessary cookies are only placed on your hard disk by our websites, and not by any third parties.

    Our necessary cookies will:

    enable our web applications to work

    help keep your browsing and account sessions secure

    Our necessary cookies won't:

    store information on how you use our website

    send any information to third parties

    Cookie purpose Used on Cookie examples
    To help keep your session secure www.MortgageShop.com



    To help keep your session secure www.tms007.co.uk/clients/login.php






    To help keep your session secure www.MortgageShop.com






    To help keep your session secure www.MortgageShop.com/mortgage-enquiry SessionId
    To route the requests of the application appropriately www.MortgageShop.com/mortgage-enquiry ARRAffinity

    To make you aware, it’s a condition of using our websites to accept these cookies. If you block them, we can’t guarantee or predict how our websites will perform when you use them. Blocking them also means you won’t be able to use secure parts of the websites such as the Internet Bank.

    Performance cookies

    Performance cookies are placed on your hard disk by our websites or by third parties who provide specialist information to us.

    For instance, when people access our websites or apps we use our own technology, and technology supplied to us by partner companies, to collect and analyse information about how our websites are being used. We need to use cookies or similar technologies to do this.

    Examples of the information collected include:

    what content people view, their browsing actions and how they interact with our websites

    the time and date that people use our websites or apps

    inputs made and values submitted to our tools and calculators, where this is relevant to our analysis

    what leads people to our websites

    what technology people use to access our website or apps

    the general geographical location that people access our websites from (e.g. city/town)

    identifiers such as visitor number or IP Address that may allow the information collected to be linked to an individual

    Our performance cookies allow us to:

    understand how our websites are used so we can make them better for our customers

    measure the performance of our websites

    test different versions of our websites

    understand what technologies we should design our website or apps to work with

    track trends to help us plan for the future

    link website and apps activity to other channels that people use to contact us (such as phoning), to find ways to improve our service

    Our performance cookies won't:

    store personal information on your device beyond your current visit to our website

    Cookie purpose Used on Cookie examples
    To store analytical data to help us improve our site. All MortgageShop.com websites












    Customisation cookies

    The majority of our customisation cookies are placed on your hard disk by our websites. Some will be placed by third parties who provide specialist information to us.

    Our customisation cookies will:

    store preferences that you choose, such as font size or volume level

    make it easier for you to use the websites by remembering information that you've entered or choices that you've made so you don't have to enter everything again

    Our customisation cookies won't:

    store any secure information about you

    Cookie purpose Used on Cookie examples
    To hold information that you've entered, to save you entering it again MortgageShop.com Repono
    Customising our site based on the source of the introduction MortgageShop.com






    Targeting cookies

    Some of our targeting cookies are placed on your hard disk by our websites, and others are placed by third parties, including advertisers. For example, we use call tracks to find out where on our site calls were made from.

    Our targeting cookies allow us to:

    track referrals to our websites from third party companies

    understand your activity on our website or by phone to provide you with content that is more relevant to you, which will help you on your online journey

    Our targeting cookies won't:

    store or share any secure information about you

    Cookie purpose Used on Cookie examples
    To help our sites provide relevant content for you All MortgageShop.com websites IDE
    To help our sites track calls made from them All MortgageShop.com websites



    To help us provide on-line chat support www.mortgageShop.com





  10. Changes to this Privacy Notice

    So that you’re always in the know about what happens with your personal information, it’s a good idea to check this Privacy Policy for updates from time to time.

    Learn more

    We will continuously refine this Privacy Notice to make sure we are complying with our obligations to be transparent about how we use your personal information and that it is as concise, transparent, intelligible and as easily accessible as it can be. However, if we make any changes to how we process your personal information in ways that you would not reasonably expect, we will contact you and bring these changes to your attention.