Privacy Notice (UK GDPR) & Fair Processing Statement

BACKGROUND:

Market Financial Solutions (MFS) understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, www.mfsuk.com (“Our Site”) and will only collect and use personal data in ways that are described here, and in a manner that is consistent with Our obligations and your rights under the law.

Please read this Privacy Notice carefully and ensure that you understand it. Your acceptance of Our Privacy Notice is deemed to occur upon your first use of Our SiteIf you do not accept and agree with this Privacy Notice, you must stop using Our Site immediately.

1. Definitions and Interpretation

In this Policy the following terms shall have the following meanings:

“Account” means an account required to access and/or use certain areas and features of Our Site;
“Cookie” means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in Section 20, below;
“Cookie Law” means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;
“DPO” means Data Protection Officer, the main contact at MFS for enquiries, concerns, access, deletion or amendment requests relating to your data
“personal data” means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the Data Protection Act 2018, the UK’s implementation of EU Regulation 2016/679 – the General Data Protection Regulation (“UK GDPR”); and
“We/Us/Our” means Market Financial Solutions all entities trading under the MFS name:

Market Financial Solutions Limited registered in England under company number 05994359.

2. Information About Us

Our Site is owned and operated by Market Financial Solutions.
We are not affiliated with, associated with, or endorsed by Massachusetts Financial Services.

3. DPO Contact Details

Our Data Protection Officer (DPO) can be contacted by email at privacy@mfsuk.com, or by post at 46 Hertford Street, Mayfair, London W1J 7DP.

4. What Does This Notice Cover?

This Privacy Notice applies only to your use of Our Site. Our Site may contain links to other websites. Please note that We have no control over how your data is collected, stored, or used by other websites and We advise you to check the privacy policies of any such websites before providing any data to them.

5. Your Rights

As a data subject, you have the following rights under the UK GDPR, which this Notice and Our use of personal data have been designed to uphold. Some of the rights may not be available to you or may be restricted in certain circumstances:

  • The right to be informed about Our collection and use of personal data;
  • The right of access to the personal data We hold about you (see Section 19);
  • The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact us using the details in Section 3);
  • The right to be forgotten – i.e. the right to ask us to delete any personal data We hold about you (We only hold your personal data for a limited time, as explained in Section 7 but if you would like us to delete it sooner, please contact us using the details in section 3);
  • The right to restrict (i.e. prevent) the processing of your personal data;
  • The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
  • The right to object to us using your personal data for particular purposes; and
  • Rights with respect to automated decision making and profiling.

If you have any concerns or queries about Our use of your personal data, please contact Us using the details provided in section 3 and We will do Our best to address them for you. You also have the right to refer your concerns to the UK’s supervisory authority, the Information Commissioner’s Office.

For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.

6. What Data Do We Collect?

Depending upon your use of Our Site, we may collect some or all of the following personal and non-personal data (please also see section 20 on Our use of Cookies and similar technologies and Our Cookie Policy):

  • name;
  • date of birth;
  • gender;
  • business/company name;
  • job title;
  • contact information such as email addresses and telephone numbers;
  • demographic information such as post code, preferences and interests;
  • financial information such as credit / debit card numbers;
  • IP address;
  • web browser type and version;
  • operating system;
  • a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to.

7. How Do We Use Your Data?

All personal data is processed and stored securely, for no longer than is necessary considering the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the UK GDPR at all times. For more details on security see section 8, below.

We will hold and process your data for the performance of a contract and our legitimate interests to:

  • Determine whether or not to offer a loan;
  • Manage any loan advanced through to redemption;
  • Manage any relationship with intermediaries including a record of introductions, payments made and other relevant information appropriate to managing the relationship;
  • Manage the relationship with funders or anyone applying to become a funder and to maintain appropriate records relevant to that relationship;
  • To manage business relationships with our professional advisers, contractors and third-party providers;
  • Share information where necessary with funders, our professional advisers, contractors and third-party providers and anyone who may wish to acquire all or any part of our business;
  • Share information with other companies in the same group and associated companies;
  • Carry out checks with fraud prevention and credit agencies and tracing agencies if required;
  • Undertake analysis, produce models, statistics, reports and forecasts;
  • Investigate and respond to complaints, disputes and where necessary to bring or defend legal claims.

We will hold and process your data for legal purposes in order to:

  • Meet our legal obligations;
  • Help identify you and meet our anti-money laundering obligations;
  • Supply information to any government body, regulatory authority, law enforcement agency as required and to credit and fraud prevention agencies.

For full details of the Company’s approach to data retention, including retention periods for specific personal data types held by the Company, please contact the DPO using the details in section 3.

We will hold and process your data by consent for marketing purposes to keep you informed of news and offers on Our products and/or services. We will not, however, send you any unsolicited marketing email.

8. How and Where Do We Store Your Data?

Your data will only be stored in the UK.

Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure data collected through Our Site.

Steps We take to secure and protect your data include:

  • SSL Encryption when using any of ours webform.
  • Recipient of your data using Microsoft Office 365 Business.
  • All electronic copies of personal data are stored securely using passwords and data encryption.

9. Do We Share Your Data?

We may share your data with other companies in our trading group if we can identify any services that might be relevant to you, including which entity may offer you a loan.

We may sometimes contract with third parties to supply products and services to you on Our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising, and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.

We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.

In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal requirements, a court order, or a governmental authority.

10. Why do we collect your information and where do we get it from?

We need to collect information about you in order to assess, open and administer your mortgage account with us. The amount and type of information we collect will vary depending on the products you choose to apply for or hold.

We need a legal basis in order to process your data. This will be either that the processing is necessary for us to provide you with the loan product you are seeking; necessary to comply with our legal obligations; in our legitimate business interests in relation to such purposes or it is with your consent. Our legitimate business interest is a balance between our interest in conducting and managing our business, and the protection of your personal data.

Generally, we collect information directly from you to assess and approve your loan application. However, if you are introduced to us by a mortgage broker or intermediary, we will obtain some information about you indirectly from them when they introduce you to us. We also obtain information from third party sources such as Credit Reference Agencies, Fraud Prevention Agencies, and other organisations to assist in the prevention and detection of crime. If you make a joint application with your spouse, partner, or family member, we will also need to collect personal information about that person.

If you make an application on behalf of the joint applicant, you agree to show them this Privacy Notice and that you have all necessary consents to enable you to provide us with their information for the purposes described in this notice.

11. How we share your information with Credit Reference Agencies (‘CRAs’)

If you apply for a mortgage, we will supply your personal information to CRAs and they will provide us with information about your financial situation and history. The CRAs will keep a record of each search, even if your application is not successful, and this could affect your ability to get credit from other organisations within a short period of time.

For joint mortgage applications the CRAs will create a link between you and any other customer named on the mortgage. This will link your financial records, and each will be taken into account in all future applications by either or both of you.

We will continue to exchange information about you with CRAs whilst you have a mortgage account with us, including recording any outstanding debt if you do not repay in full and on time. CRAs will share your information with other organisations. We may also make periodic searches at CRAs to help manage your account with us.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, their data retention periods and your data protection rights with the CRAs are explained in the Credit Reference Agency Information Notice (CRAIN), www.transunion.co.uk/CRAIN.

12. How we share your information with Fraud Prevention Agencies (‘FPAs’)

We undertake checks about you with FPAs for the purposes of preventing fraud and money. The personal data you have provided, we have collected from you, or we have received from third parties may include you:

  • Name
  • Date of birth
  • Residential address and address history
  • Contact details such as email address and telephone numbers
  • Financial information
  • Employment details
  • Identifiers assigned to your computer or other internet connected device including your Internet Protocol (IP) address

When we and fraud prevention agencies process your personal data, we do so on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.

We, and fraud prevention agencies, may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.

Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years. 

13. Consequences of Processing

If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services and financing you have requested, or we may stop providing existing services to you. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing, or employment to you. If you have any questions about this, please contact us on the details above.

14. Data Transfer

Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.

15. Your Rights

Your personal data is protected by legal rights, as outlined in Section 5.

If you are unhappy about how your personal data has been used, would like further information, or to exercise your data protection rights, please contact the DPO using the details in Section 3.

You also have a right to complain to the Information Commissioner’s Office www.ico.org.uk, which regulates the processing of personal data.

MFS uses several different agencies for AML and Fraud checks. For more information about the agencies used, please contact the DPO using the details in Section 3.

16. What Happens If Our Business Changes Hands?

We may, from time to time, expand or reduce Our business and this may involve the sale and/or the transfer of control of all or part of Our business. Any personal data that you have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by Us.

In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you be given the choice to have your data deleted or withheld from the new owner or controller.

17. How Can You Control Your Data?

In addition to your rights under the UK GDPR, set out in section 5, when you submit personal data via Our Site, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails and at the point of providing your details).

You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

18. Your Right to Withhold Information

You may access certain areas of Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.

You may restrict Our use of Cookies. For more information, see Section 20 and Our Cookie Policy.

19. How Can You Access Your Data?

You have the right to ask for a copy of any of your personal data held by Us (where such data is held). There is usually no charge for this, and we will provide the data within 1 month, however we may require a further 2 months for more complex queries. We reserve the right to refuse to provide the data or charge the costs involved where requests are repetitive or vexatious. If you would like access to your personal data, please contact the DPO using the details in Section 3.

20. Our Use of Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The table below explains the cookies we use and why.
These cookies are used to collect information about how visitors use our website and WordPress blog. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited.
We also use analytics services provided by Google Analytics. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling Us to better understand how Our Site is used. This, in turn, enables Us to improve Our Site and the services offered through it. You do not have to allow Us to use these Cookies, however whilst Our use of them does not pose any risk to your privacy or your safe use of Our Site, it does enable Us to continually improve Our Site, making it a better and more useful experience for you.

Cookie Names:
Universal Analytics (Google), _ga, _gali, _gat_UA-XXXXXXX, _gid
Analytics 4 (Google), _ga, _gid, _ga_<container-id>, _gac_gb_<container-id>, G-XXXXXX

21. Changes to Our Privacy Policy

We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.

Menu