As a controller, JLMMS Mortgage Services Limited (“JLMMS”, “we”, “us”, “our”) comply with all applicable data protection and privacy legislation in force from time to time including the UK General Data Protection Regulation, the EU General Data Protection Regulation (where applicable) (together the “GDPR”) and the Data Protection Act 2018. (“DPA18”). This privacy notice details how we process your personal data.
Under the UK GDPR we are required to notify the Information Commissioner’s Office (“ICO”) about our use of personal data. You can view our current data notification on the ICO website.
We place great importance on ensuring the quality, confidentiality, integrity and availability of the data we hold and in meeting our data protection obligations when processing personal data. JLM is committed to protecting the security of your personal data. We use a variety of technical and organisational measures to help protect your personal data from unauthorised access, use or disclosure.
We collect personal data about a range of people:
- Visitors to our websites
- People who contact us (enquirers)
- Clients (including clients of the businesses operating under us)
- Contractors and suppliers we use
If you have applied to work with us please refer to our job applicant privacy notice
What personal information we process
We process personal information to act as an intermediary for financial transactions; typically to advise and apply for property finance such as mortgages or similar for clients. The same applies to advising and arranging insurance policies.
To understand how any personal information other than that provided to us through this website is processed you will need to refer to any personal communications you receive from us, check any privacy documents provided when entering into a contract with us or contact us to ask about your personal circumstances.
When you contact us, we ask for some personal information. You are under no obligation to provide this information to us. Providing that information, enables us to give you the right information or services that you ask for, or notify you of further information required to facilitate that service.
If we would like to use your information for any other purpose than those stated above, we will contact you.
As a minimum, we will hold your name and phone number for the purposes specified above. If you do not become a client of ours, your information will be erased in line with our retention policy.
Visitors to Our Website
The Virtual Adviser
We use your details to produce a mortgage illustration and confirm where the illustration should be sent. Mortgage products are sourced through a variety of sources, including Twenty7Tec. Upon receipt of your illustration, you will be able to choose if you want to be contacted by one of our advisers. Our advisers will discuss your eligibility for the illustrated mortgage product and confirm how you would like to proceed. We will not contact you without your prior consent.
Our Clients Views
We want to receive your views on the service you received from us and any improvements you think are necessary. We use Trustpilot® as a data processor to collect feedback from our customers on our behalf and to support our marketing activities. If this is something you agree to help us with, we will share your name and email address with Trustpilot® in order to generate a review invite and confirm you are a verified customer of JLMMS.
Regulatory Functions and Reporting
As a regulated firm we required to retain and provide information to the FCA regularly. We must also collect and store regulatory data from our authorised firms, called Appointed Representatives. Most of the information is provided to us under the Financial Services and Markets Act 2000.
Purposes & bases for using your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal information in the following purposes and lawful bases:
|Purpose||Lawful Basis for Processing|
|Carrying out due diligence on our clients and performing risk assessments. This includes carrying out standard due diligence checks in relation to financial affordability for the mortgage and insurance products we recommend to you.||Necessary to comply with legal obligations to which we are subject.
Our legitimate business interest to assess the risk associated with providing you with our services.
When processing sensitive personal data, we do so with your explicit consent.
|Legal and regulatory compliance and compliance with law enforcement requests. This includes biometric facial recognition to confirm your identity, other checks and monitoring transactions for the purpose of preventing and detecting crime and to comply with laws relating to money laundering, and fraud. Also, sharing information on suspected financial crimes, fraud and threats with law enforcement and regulatory bodies.||Necessary to comply with legal obligations to which we are subject.
When processing sensitive personal data, we do so with your explicit consent.
|Providing our mortgage and insurance advisory and administration services to you, covering any services we provide to you as a private client.||Necessary for the performance of the contract agreement to which you are a party.|
|Maintaining a record of and monitoring clients that consider themselves to be or are considered to be vulnerable.||Necessary to comply with FCA guidance on the fair treatment of vulnerable customers. When processing sensitive personal data, we do so with your explicit consent which can be withdrawn at any time.|
|Managing and developing our relationship with you. This includes providing account management, contacting you for feedback and inviting you to participate in customer satisfaction surveys.||Our legitimate business interest to develop our relationship, collect your feedback, assess your level of client satisfaction and to improve our services.|
|Sending you marketing about our services, our news and events. This includes sending you our news emails, information about our services, related information which may be of interest to you and to invite you to our events.||Our legitimate business interest to send you marketing and promotional materials from time to time.
Where we have obtained your consent to send marketing, we rely on such consent as the legal basis.
You can tell us to stop sending you marketing information at any time by objecting or withdrawing your consent. You can do so by contacting us at email@example.com or by using the unsubscribe link in any marketing email you receive from us.
|Internal management, administrative and organisational purposes. This includes maintaining internal records and carrying out other business administration tasks.||Our legitimate business interest to process your personal data to manage and improve our business processes.|
|Statistics and other data analysis. This includes creating forecasts and business plans, improving our services and developing new services.||Our legitimate business interest to process your personal data to develop and improve our business through aggregated and anonymised reporting and analysis.|
|Sharing data with entities in our group. This includes sharing client records and results of due diligence with our Appointed Representative entities.||Our legitimate business interest to identify and develop shared clients across our network of advisers and to utilise existing due diligence and risk assessment information when providing our clients with services.|
|Sharing data with third parties, including those who process personal data on our behalf.||Our legitimate business interest to share your data with trusted third parties who provide us with services relevant to our provision of services to you, including professional advisers, screening service providers and IT service providers.|
Sharing your information
We sometimes need to share the personal information with other organisations. Where this is necessary, we are required to comply with all aspects of the UK GDPR.
What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons. Where a joint application is made, we are not able to restrict data sharing between applicants.
JLM Mortgage Services will only collect the information needed so that it can provide you with marketing and consulting services. We do not sell or broker your personal data.
Where Necessary or Legally Required We Share Information With:
- Associates and representatives of the person whose personal data we are processing, including but not limited to; estate agents (if you were introduced to us by one of our agent partners), solicitors, accountants and other professionals.
- Financial organisations
- The Financial Conduct Authority (FCA)
- The Financial Ombudsmen Service (FOS)
- Law enforcement and prosecuting authorities
- Credit reference agencies
- Debt collection and tracing agencies
- Other companies within the same group
- Our service providers
- Courts and tribunals
- Undertaking research
- Consulting and advisory services
- Our professional advisers
We may, on occasion, pass your personal information to third parties exclusively to process work on our behalf; for example, a data destruction provider. We always require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and UK GDPR.
How we protect your data
JLMMS takes the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused, or disclosed, and is not accessed except by our employees in the performance of their duties. Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of the data.
How long we retain personal data
To ensure we meet our legal, regulatory and customer obligations, we will retain client information for the following periods.
- An introductory enquiry from a person who we only have limited interaction with is retained for 90 days.
- Any survey information gathered from enquirers or clients is retained for 18 months.
- Any mortgage enquiry, mortgage application and mortgage completion is retained in perpetuity.
- Any life or critical illness insurance product enquiry, insurance product application and insurance policy completion is retained in perpetuity.
It is unlikely that we will ever share your personal data outside the UK or European Economic Area. (the EU member states plus Norway, Iceland and Liechtenstein) (“EEA”). If, however, it becomes necessary for the purposes of providing our services to you, we will only share it with organisations in countries benefiting from a European Commission (“EC”) adequacy decision, approved by the UK ICO, or on the basis of EC Standard Contractual Clauses, approved by the UK ICO, which when reinforced with additional supplementary measures, contractually oblige the recipient to process and protect your personal data to the standard expected within the UK and EEA.
At any point whilst JLMMS is in possession of, or processing your personal data, all data subjects have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing of your personal data
- Right of portability – you have the right to have the data we hold about you transferred to another organisation
- Right to object – you have the right to object to certain types of processing such as direct marketing
- Right to object to automated processing, including profiling – you have the right not to be subject to the legal effects of automated processing or profiling
You have the right to access your personal information (subject to certain exemptions). If you wish to find out what information we hold that relates to you, please contact us; details below.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
In the event we refuse your request under rights of access, we will provide you with a reason why, which you have the right to legally challenge.
Automated decision making
We do not make client or supplier decisions based solely on automated decision making.
This privacy notice does not provide exhaustive detail of all aspects of the collection and use of personal information. However, we are happy to provide any additional information or explanation needed. If you have any questions or complaints please contact us at:
Data Protection Manager,
JLM Mortgage Services Ltd,
Telephone 01462 455 655 or email firstname.lastname@example.org
We have also appointed an independent Data Protection Officer at data protection consultants, Evalian Limited who can be contacted by email at email@example.com.
What if I am still not satisfied?
If you are not satisfied with how JLMMS has responded to your enquiry, you have the right to complain to the Information Commissioner’s Office (ICO), who is the regulator for data protection in the United Kingdom: https://ico.org.uk/for-the-public/
Changes to this privacy notice
We update this notice from time to time in response to changes in applicable laws and regulations, to our processing practices and to the products and services we offer. When changes are made, we will update our notice on https://jlmmortgages.co.uk/privacy-notice/. Please review this notice periodically to check for updates.