The privacy of our website visitors is very important to us, and we are committed to safeguarding it.
Mortgage Engine Limited Privacy Notice
Last updated 8th March 2021
Your Privacy is very important to us which is why we are providing you with this notice which explains how we will use your personally identifiable data. (PII). This includes the purposes for which we process your personal data, who we share it with and your rights in relation to your data. We will also give you additional information about our company and who to contact should you require further information.
We will never pass your personal data to third parties for marketing purposes. If you have any queries regarding the processing of your processing data, you can contact us via the following methods
The Data Protection Officer
Mortgage Engine Limited
2-3 Triton Square
We are Mortgage Engine Limited and operate the Mortgage Engine platform which enables price comparison websites (PCW) and mortgage brokers to connect with lenders to offer customers multiple decisions in principle.
We are registered with the Information Commissioners Office under number ICO no ZA488877.
We are the processor of the information that you have provided to your broker or PCW. Your broker or PCW will pass your information to us via an Application Programming Interface (API) which is a piece of software which enables the broker and lender systems to share information via the Mortgage Engine platform. This means that you will have given consent for your broker or PCW to process your data and they will have directed you to their privacy notice.
Information we collect
Based on lenders requirements/policy the data you have provided we may extract and process the following:
· Name, residential status, address history and contact details;
· Employment details and borrowing requirements
· Financial information such as income, savings, and financial commitments; and
· Any other personally identifiable information necessary to provide a mortgage decision in principle for you.
How your information will be used:
The information we collect is to help us determine what your circumstances are and what requirements you have for your mortgage. Where applications are for joint applicants, please ensure that the other applicant has given their express consent to their personal data being processed as set out in this Privacy Notice.
We will only use your personal data when the laws permit us to do so. Most commonly:
· Not passing all the information provided to the lender if it is not required by their criteria
· Stopping the request being sent to the lender based on certain criteria
· There may be occasions in which Mortgage Engine will need to amend the format of the data you have provided to meet the lenders requirements. For example, you may have provided an annual figure for your salary, however the lender requires a monthly format.
· We will also use, collect and share Aggregated data, such as statistical and demographic data to carry out market research, profiling and business analysis.
We may share your information:
In order to provide you with a choice of mortgage products and provide you with the service you have requested, we may need to share your personal data with some or all of the following parties:
· The mortgage lenders integrated with Mortgage Engine to obtain a Mortgage Decision in Principle
· Any regulatory/governmental body, ombudsman or law enforcement agency who has jurisdiction;
· Suppliers who process your data on our behalf; we will have written contracts in place with such entities which require them to process your data only in accordance with our instructions;
All third parties that we share your details with are required to respect the security of your personal data and treat it in accordance with the law. We do not permit our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for the specified purposes in respect of the service being provided by Mortgage Engine, and in accordance with our instructions.
As a UK based company, all the personal information we process remains within the EEA and is protected under the General Data Protection Regulation. If for any reason we use third parties that are domiciled outside of the EEA any such data storage will undergo further enhanced controls and checks, dependent on the country of storage. We will inform you of any such instance where this may occur.
Your rights under the General Data Protection Regulation (GDPR) 2018
We will work with your data controller (broker/digital aggregator provider) to respond to you request within the specified period communicated to you by them after they have received your request.
With regards to exercising your rights as listed below, please contact your data controller (your broker or digital aggregator) in the first instance.
1. The right to be informed: this means you have the right to be informed about the collection and use of your personally identifiable data – as stated in this Privacy Notice.
2. Accessing your personal information: you have the right to access your Personally Identifiable Information (PII) and supplementary information through a ‘subject access request’, which obliges us to provide a copy of your personal data please email your data controller (broker/digital aggregator provider) We may not provide certain personal information if it identifies other individuals.
3. Correcting your personal data: You have the right to have inaccurate or incomplete personal data rectified if you discover information, we hold about you is incorrect. If you find incorrect information, please contact your broker/digital aggregator provider in the first instance as we receive your data from them
4. Erasing your personal information: (also known as ‘the right to be forgotten’): you can make a request for erasure of information verbally or in writing. This can be requested where the data held is no longer necessary, was unlawfully processed, no longer meets the lawful grounds for which it was collected or instances where you wish to withdraw consent. The right does not apply when we have a statutory or regulatory obligation to retain your data.
5. Restricting processing: you can request that we limit the use of your personal data through restriction or suppression. This can be used as an alternative to requesting the erasure of data and can be used where you may contest the accuracy of your data or when you no longer need the information. When processing is restricted, we are permitted to store the data but not use it.
6. Transferring your data in a structured file to another service provider: you are permitted to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personally identifiable data easily from one IT environment to another in a safe and secure manner, without hindrance to usability. This right only applies to personal data that you have provided to us way of a contract or consent and we may not supply data where it identifies another individual.
7. Objecting to our use of your personal information: you have a right to object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority.
8. Rights related to automated decision-making including profiling: We will inform you when we are performing automated decisioning, or profiling which uses personal data about you to make calculated assumptions. When we do, we will give you information about the processing activity and we will provide simple ways for you to request human intervention or challenge a decision made by automated decision making. We do not currently perform automated decision making.
We understand how important it is to keep your personal data secure and pride and we will treat your data with the utmost care and security. We have put in place appropriate security measures to prevent your data becoming accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also constantly monitor these to ensure we can make improvements where available. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. We will never store passwords in plain text, nor will we allow anyone to access your data unless they have a justifiable and legal reason to do so. All our staff are background checked before they can have access to your data.
Credit decisions, the prevention of fraud and money laundering
The lender you choose for your mortgage may use credit reference and fraud prevention agencies to help them make decisions. If you would like to read the full details of how your data may be used, please contact your lender.
When you respond to the questions during the decision in principle process the information you provide will be shared with your chosen lender. The lender will use this information to help make its decision about whether to lend to you. This will involve checking the following records about you and others:
The lenders own records;
Those at Credit Reference Agencies (CRAs); and
Those at fraud prevention agencies (FPAs).
We’ll only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
If you don’t transact with us, depending on the stage of your application, we may delete your information sooner in accordance with our data retention policy.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Transfer of data to Countries outside the UK/EU
Our operations are based in the UK and the personal information that we collect from you is mainly processed, stored, and used within the UK.
Occasionally, we also work with service providers from other parts of the world to offer you the best service we can provide. This means that the data we collect sometimes needs to be transferred, stored, and used by companies operating outside the UK/EEA who work for us or one of our service providers. We have taken steps to ensure there is an appropriate level of security for the processing carried out in these countries, such that data is protected in the same way as if it were being used within the EEA.
This includes using one of the following safeguards such as UK and European Commission-approved standard contractual clauses in contracts for the transfer of personal information to third countries.
How to complain
Should you have a complaint about how we handle and manage your data please write to us in the first instance using the details at the top of this notice.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO ‘s address is:
Information Commissioner’s Office
Helpline number: 0303 123 1113