1. Purpose of this Notice

This notice describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

2. About us

Classic Mortgages and Protections Ltd (“CMP”), (“the Company”, “we”, “us”, “our” and “ours”) is an appointed representative of Beneficial Life (London) Ltd, which is authorised and regulated by the Financial Conduct Authority, FCA number 736655. Classic Mortgages and Protections Ltd is authorised and regulated by the Financial Conduct Authority, FCA number 918307. Company Registered in England and Wales, registration number 11747494.

The Company acts as an intermediary in advising and arranging mortgages. We also acts as an intermediary in arranging non-investment insurance policies. We are not Lenders or Insurance Policy providers.

For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.

We have appointed a data protection manager. Our data protection manager is our Data Protection Point of Contact and is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data. Should you wish to contact our Data Protection Point of Contact you can do so using the contact details provided on the website.

We may make changes to this notice from time to time and will notify you if any such changes are significant.

3. The kind of information we hold about you

Personal data or personal information. This means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We will collect, store, and use the following categories of personal information about you:
• Personal contact details such as name, title, addresses, telephone numbers and personal email addresses
• Date of birth
• Gender
• Personal circumstance such as marital status
• National Insurance number
• Bank account details, payroll records and tax status information
• Salary, pension and benefits information
• Financial circumstances & current insurance policies
• Financial dependants
• Copy of driving licence, passport, payslips, utility bills and bank statements
We may also collect, store and use the following “special categories” of more sensitive personal information like information about your health, including any medical condition, health and sickness records
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

4. How is your information collected?

Personal information will be gathered about you and your family as part of our advisers’ fact finding meeting and any other meetings/communications with you.
Where you are referred to us by an independent introducer, they will ask for your agreement to send this information to us to provide you with advice and guidance.
We will also collect data about you and your family from other people such as providers who you hold policies with.

5. How is your information used and on what lawful basis?

We will only use your personal information when the law allows us to do so. Most commonly, we will use your personal information in the following circumstances, where:
• we need to perform the contract we have entered into with you
• we need to comply with a legal obligation
• we have your consent
Primarily, we use your data and data about your family’s circumstances to provide financial advice to you and complete transactions on your behalf. We analyse and assess your data to maintain and develop our relationship with you and meet our contractual obligations to you as detailed in our CIDD agreement.

6. Who is your information shared with?

Other professional service providers:
Depending on the instructions we receive from you, we may pass your data to other professionals to enable us to provide advice most suited to your circumstances. We will always notify you if we are going to share your information in this way and these professionals would all be based within the UK.
Usually, this would be referrals to accountants, solicitors, tax advisers and sometimes to specialist advisers in the financial and insurance industry where you may benefit from the expertise of such third parties. We, and any third-party specialist advisers to whom we introduce you, will pass your data to the relevant organisations if you agree to purchase or amend policies and products.
The Financial Conduct Authority:
We may be required to share your data with our regulator, the Financial Conduct Authority, or the Financial Ombudsman and other third parties including our auditors or insurers.
ID authentication agencies:
We will make checks with third party agencies to authenticate and verify your identity such as OFSI. These checks will also be applied to sanction lists. Any personal data obtained for the purposes of meeting with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 will only be processed for the purposes of preventing money laundering or terrorist financing, unless the use of the data is permitted by or under another enactment other than those regulations, or otherwise where consent has been obtained from you.
Insurance / mortgage providers:
We also make checks with organisations with which you have policies of insurance and investments and with your mortgage provider. These checks are to help us with our legal obligations and to ensure that we provide you with advice that suits your circumstances. The scope and extent of the gathering of information from third parties depends on what type of service you are taking from us.
Purchasers / investors:
We may share your information with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets or who are stakeholders or investors in our business. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with data protection laws. We do not allow our third –party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. If you fail to provide personal information

If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (such as providing you with accurate financial advice), or we may be prevented from complying with our legal obligations (such as under the Money Laundering Regulations).

8. Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

9. Data security and storage

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instruction and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your information will not be transferred or stored outside of the European Economic Area.

10. Data retention

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

11. Your rights in relation to your personal information

Under certain circumstances, by law you have the right to:
• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party.

12. Contacting us
If you would like to access your data or ask for your information to be updated, restricted or deleted or raise a general query or concern about the use of your personal information, you should contact the Data Protection Officer at the address below who will deal with your request promptly.
In writing to: Data Protection Officer, Classic Mortgages and Protections Ltd, 33a Crook Log, Bexleyheath, Kent, England, DA6 8ED.
By telephone: 02035149060
If you continue to have any concerns around how we use your information, you can contact the Information Commissioners Office online: ico.org.uk/concerns/