Privacy Policy

Privacy Statement

Mortgage Taylors Limited takes your privacy seriously and takes every reasonable precaution to safeguard the personal information you supply to it.

Effective from: 25/05/18

We take your privacy seriously. This Privacy Statement explains what personal information we collect and how we use it.

We know there are probably other things you’d rather be doing. But we recommend you read this through carefully – and get in touch with us if you have any questions about it.


About Mortgage Taylors Ltd (MTL) and how you can contact us


This document includes important information about how we use your personal data. If you want to talk to us more about it, you can get in touch using the details below.

Learn more

Mortgage Taylors Ltd (MTL) is a Company limited by shares. Our trading address is 260 Chepstow road, Newport, NP19 8NL (please send all correspondence here).

Our registered address is Singleton Court business centre, Wonastow road, Monmouth, NP25 5JA. You can find out more about us on our website at

To help ensure we meet all our obligations we have appointed a Data Protection Officer (DPO). If you have any questions or concerns about how your personal information is being used you can contact the DPO

on 01291 623000
or by email to
or by writing to The Data Protection Officer
Mortgage Taylors Ltd260 Chepstow RoadNewport,NP19 8NL

You can also obtain information and advice from the Information Commissioner who is the independent regulator appointed by Parliament to oversee compliance with data protection and information rights: http//

Mortgage Taylors Ltd is registered with the Information Commissioner (registration number Z9696960).


What information we collect and how we use it

We want to give all our customers the best standard of service we can and are serious about protecting your personal information. Please read on to find out what information we’ll need from you, how we use your personal information to make our products and services as effective as possible and how we look after it, including our Cookies policy.

Learn more

Information we collect directly

Mortgage Customers

Our core business is acting as a mortgage broker. This involves searching against the lenders we deal with to find the mortgage that best suits your circumstances. We do this when you call us by asking you about your identity and contact details; your product preferences; your property and tenancy history and types and number of occupants and their relationship to you; your lifestyle; nationality and residence status; employment, income and expenditure and other financial circumstances. How you answer these questions will determine what other questions we ask you because different lenders serve different parts of the market and have different eligibility criteria. We will always explain the process to you and answer any questions you may have about why certain types of information may be needed.

When you apply for a mortgage through us we will collect your direct debit details to pass on to your lender. If the products you select involve a cost, such as a valuation fee, we will ask for your payment information.

Mortgage lenders are data controllers in their own right and have their own privacy notices. However, because lenders may automatically profile your information against their lending criteria and against Credit Reference Agencies as soon as your information is forwarded to them and this may affect your credit score, we will always bring this to your attention as part of the process so that you are forewarned. We will also make you aware in advance when lenders are likely to debit any funds from your accounts.

Insurance Customers

We routinely offer our mortgage customers life insurance and building and contents insurance. Where customers express an interest in life insurance we will also collect information about health as this is necessary so that the insurers we deal with can determine cover and premiums.

Vulnerable Customers

Apart from the information customers provide to us directly we may also record information about potential vulnerabilities where we think this is appropriate to meet the obligations placed on us by the Financial Conduct Authority (FCA) with regard to vulnerable customers. You can find out more about our obligations to potentially vulnerable customers here:

Updating Your Details

If you are a pre-existing customer we may use the information we have on you to pre-fill forms when you apply for a new product, but we will always check that these details are accurate and up to date.

However, if you’ve opened an account or policy with another organisation that we introduced you to, you will need to contact them separately to update your information.

Telephone calls

We sometimes record calls in and out against customer cases so that we can be sure that we have captured the information you have given us accurately. This helps us to prevent fraud and resolve any disputes. This is generally done for Non face to Face applications

Marketing and Market Research

We may use your information to contact you about other products that match your profile and may be of interest to you. Where we seek consent to do this we make sure we are clear about what methods we can use to contact you. We make sure that you are able to opt out of marketing communications at any time in a way that is convenient to you, including the method you used to contact us. Where we use online advertising platforms the data you supply to us will be matched by them to any profile they have of you.

We may contact you to conduct market research. We occasionally run promotions, competitions and prize draws but if we ask you for your contact details we will ensure these are not used for marketing unless you are happy to consent to that separately.

Money Laundering and preventing and detecting unlawful acts

We are required by law to submit a Suspicious Activity Report to the National Crime Agency whenever we detect a risk of money laundering or fraudulent activity. The law also permits us to report suspected crime to the appropriate authorities.

We are also required to disclose personal data where required to do so by law or by the order of a court.

We have discretion to disclose personal data where this is necessary for protecting the public against dishonesty.

Cookies on our website, and tracking emails, re-marketing and analytics

When you register on our website we will ask you to input logon and password data to ensure the integrity of your user account. We collect information that helps us to detect if someone is trying to access your account. We also collect data on how you use our website so that we better understand your interests and can match products to your needs.

We use personal data for analytical purposes to understand trends and how the business works but the reports we produce do not identify individuals.

The Cookies Section of the Privacy Notice explains what cookies we use and how you can turn off and control any advertising cookies (subject to your browser functionality).

We use email tracking technology to capture information such as (but not limited to) the time and date our emails are opened, the type of device used and any links within the email clicked on. We may share this information with the organisations listed in Section 5 (for example, mortgage lenders) for the same purposes, but stipulate that they may not use your details for direct marketing unless they have your consent or an existing relationship with you and you have not previously opted out.

Social Media

As a business we monitor what the public are saying about us on social media such as Facebook and Twitter, so that we can build these comments into improving our products and the ways we interact with customers.

Training and Testing

We do not use customer data for generalised training or system testing separate from case management, and always use dummy data sets for these purposes.

Information that we collect indirectly

When any of our customers apply for a product, the law requires us to check their identity. This makes it harder for criminals to use financial systems, or to use false names and addresses to steal the identities of innocent people. Checking everyone’s identity is an important way of fighting money laundering and other criminal activities.

To confirm that you are who you say you are, we’ll try to verify your name and address by checking your details against databases held by credit reference agencies and the electoral roll. If we can’t verify your name and address in this way, we may ask you to provide us with other documents to confirm these details. This does not affect you credit history or status.

If you are a joint mortgage applicant we will record any information you give us about any other persons who are joined to the application.


We use the information we have about you to provide all the aspects of our service you would expect such as contacting you to prompt you with reminders about renewals and to help resolve any complaints or investigations.

We may also disclose information where permitted by law in connection with the resolution and pursuit of legal rights and disputes or complaints.

Automated Decision Making

We do not make fully automated decisions. Our service is to provide the information to lenders and insures so they can make a decision about the product you have selected.


If you give us a good review we may contact you to ask you if you would like to publicise your review.


What are the legal grounds for handling personal information?

We understand that personal information is just that – personal. So when we process your personal data, we make sure we satisfy the conditions prescribed by data protection laws to do so. This section covers what those conditions are.

Learn more

The law says we must have a legal basis for processing personal data. There are six standard data processing grounds or conditions for processing personal data Where we process what is called ‘special category data’ (information about health, genetic or biometric data etc) we must additionally have a special category condition or ground for processing your personal data.

We rely on the following conditions for the activities indicated.

Legitimate Interests

In most cases, you’ll provide the information covered because you want to use our services. Ordinarily for a business this would mean that the condition for processing is contractual However, this condition only applies where a legal contract exists between the parties concerned. Because we act as an intermediary this condition is not available. We therefore rely on what is called the ‘legitimate interests’ ground for processing. The law provides we can use your information under this condition where our interest in using it is not outweighed by your privacy rights or interests. This means that we can use your personal data only in ways you would reasonably expect and which have a minimal impact on your privacy, or where there is a compelling justification for the processing.

We rely on this condition for the uses we identify, except where we indicate below that another condition is more relevant.

In the case of mortgage and insurance applicants the legitimate interest condition applies because you have requested the service in question and can withdraw at any time. We also rely on this condition to process any details joint mortgage applicants give us about the other applicants. When we write to the first applicant we provide a link to this Privacy Notice and draw to their attention what they need to say to joint applicants. Applicants should be aware that lenders will not proceed with any mortgage without the written consent of any occupant of the current property who is aged over 17.

Increasingly we base our marketing and market research on consent but where we rely on legitimate interests we think this is fair because we only contact existing customers or people who have contacted us directly and each communication provides an easy to use opt out. We think it is fair to use social media in the way we describe in section 2 because this is publicly available information and we do not use the data to profile or make decisions about individuals. Our interest is in what is said about us not who is saying it.


In order to use your personal data on this basis your consent must be freely given, specific, informed and unambiguous. We rely on this condition for the following purposes:

Where we need information to provide you with additional services or features

Direct Marketing – To let you know about products, services and offers from MTL. (We also market to customers who have enquired to use our services under the legitimate interests condition) or

Market research – Where we invite you to participate in market research (more on this below). Any feedback you provide is used only with your consent.

Administering prize draws, competitions, surveys and other promotional activities.

Explicit Consent

We need what is called explicit consent where we rely on consent to process what is called sensitive or special category personal data.

Health data in connection with life policies

Complying with a legal obligation

Money Laundering reports

Public Interests & Substantial Public Interest Tasks

Processing health data in connection with vulnerable customers

Reporting fraud and other suspected crimes to the appropriate authorities.

Suspicion of terrorist financing or money laundering

Protecting the public against dishonesty

Insurance and data concerning the health of relatives of an insured person


Processing personal data in connection with contracts that we hold with contractors, suppliers and staff.*

*We have a separate Privacy Notice for processing employee’s personal data


Who we share your personal information with

To provide our services to you, we’ll sometimes need to share your personal information with relevant organisations – such as lenders, insurers and fraud prevention agencies.

Learn more

To fulfil our contractual obligations, we’ll also share your personal data with the following third parties:

  • Mortgage lenders
  • Life insurers
  • Ceta for building and contents insurance and accident sickness unemployment cover.
  • Estate agents (if you were introduced to us by one of our estate agent partners)
  • Lead suppliers (if you were introduced to us by a third party)
  • our personally recommended conveyancers where you wish to proceed with a quote.
  • Experian / Equifax to audit our data accuracy (where needed)

To help you benefit from the services of our expert partners, we’ll also share your personal data with the following organisations – but only with your consent:

Cymin financial services Ltd – Pension and investment advice.

If you no longer wish us to share your data with any of these organisations, you may withdraw your consent at any time.

Both the above sets of organisation are each data controllers in their own right and will have their own Privacy Notices that will tell you about how your personal data will be used by them.

We’ll also share your personal data with the following data processors where necessary to fulfil our services and regulatory obligations:

  • Izone – for our back office system
  • Assureweb – for our insurance quotations
  • Ceta – For insurance quotations
  • IRESS – for sourcing software
  • Teamworks – Our website portal

Sharing information with these organisations allows us to better understand your needs.

  • Online Advertising Platforms such as Facebook and Google.

We may disclose information to either the Financial Service Ombudsman or the Financial Conduct Authority where they request this to resolve complaints, or our auditors in connection with their duties.


Where in the world do we send information?

As a UK based company, all the personal information we process is protected by European data protection standards. And, if we ever have to send data overseas, we take care that it’s covered by the same high standards.

Learn more

As a UK based company, all the personal information we process is protected by European data protection standards.

The only personal data that is transferred outside the EEA is that processed through Survey Monkey Europe UC who have agreed standard contractual terms to protect transfers to Survey Monkey Inc which is located in the United States. Survey Monkey Inc participates and has certified its compliance with the EU-US Privacy Shield.


Your Information Rights

It’s really important that you understand your legal rights in relation to your personal information – as well as how you can contact us if you have any questions or concerns. This section covers just that.

Learn more

The following is a list of the rights you have under Data Protection legislation. Not all these rights apply in all circumstances but we will be happy to explain this to you at the time you ask. Independent advice about your rights can be obtained from the Information Commissioner (see Section 1.)

All these rights can usually be exercised free of charge and generally speaking we must respond within one month. If we need longer to respond we will explain why this is necessary within the one month period and tell you more about any rules that affect how you can exercise your rights.

INFORMED You have the right to be informed in a concise, transparent, intelligible and easily accessible way about how we use your personal information. We will explain why we need information (in particular any uses that are not obvious) at the time we collect information from you and make sure that all our data collection forms and letters point you to this Privacy Notice.
ACCESS You can make what is called a subject access request for a copy of the information we hold about you.

We must also tell you why we have the information, what types of information we collect; who we share it with and whether, in particular, any of those recipients are outside the European Economic Area; how long we will keep your information for; where the information came from, if we didn’t collect it from you directly; the details of any automatic decision taking and about your rights of complaint to the Information Commissioner.

PORTABILITY You have the right in some circumstances to have the data you have provided to us sent to you or provided to another person or business in an electronic machine readable format. Where this applies we will download the information and send it as a CSV file.
CORRECTION You have the right to have inaccurate information corrected and incomplete information completed. If the information we need to deliver our services to you changes please tell us about this as soon as possible.
OBJECT You will normally have the right to object to how we intend to use your information based on your individual circumstances.

You have an absolute right to object to us using your personal information for the purpose of direct marketing at any time.

RESTRICTION If you have objected or complained about how we have used your information or its accuracy you may not want it to be deleted until your complaint has been resolved. In certain circumstances you can ask for your data to be restricted or not used until these issues are resolved.
ERASURE You have a right to have some or all of the information we hold about you erased in some circumstances. This is known as the right to be forgotten.
AUTOMATED This right only applies where a decision which has a legal or similar effect is DECISION MAKING taken about a person by automated means without any human intervention.

Where such decisions are made individuals have a right to ask for the decision to be reviewed and the data controller must make sure appropriate safeguards are in place. However, MTL does not make automated decisions about any of its clients.

CONSENT If we are processing your personal information on the basis of your consent you have the right to withdraw that consent at any time.
COMPLAINT You have a right of complaint to the Information Commissioner (the Supervisory Authority) if you consider any aspect of MTL’s use of your personal information infringes the law. Section 1 provides the contact details.

However, MTL will want to put matters right wherever we can and we would hope that you will contact us in the first instance. You can exercise your data protection rights or complain about how we are processing your personal information by contacting the Data Protection Officer as set out.

If your complaint is about the administration, or terms and conditions of a product sold by us but provided by a lender/insurer, you may need to contact them about it. If needed, we’ll forward details of your complaint to the insurer concerned, as well as giving you their contact details.

To help make sure you always speak to the right person about your complaint, if it looks like another company will be better able to handle your case, we’ll let you know how to contact them. We’ll also send details of your complaint to them, to get them up to speed.


How we keep your personal information secure

We’re committed to keeping your personal information safe and sound. In this section, you’ll read about the security measures we take to protect our customers’ data.

Learn more

At MTL, we understand how important it is to keep your personal information secure. We use a variety of technologies and procedures to protect your personal information from accidental or unlawful breaches of security. These include physical, organizational, and technological measures.

All information we process is encrypted in transit so that your personal and financial information is secure. For example, where you share information with us online or we forward this to other organizations online we use HTTPS. Where you create an online account with us you will need to supply a username and password. To protect your account we will encourage you to use a strong password and have implemented two factor authentications.

We have to share your information with third parties to carry out some of our services, including lenders and insurers amongst others. We require every third party that we share information with to apply appropriate security safeguards and comply with all the required laws and standards for protecting personal information.


How long do we keep your personal information for?

We only keep your personal information for as long as we need to. This section explains how long the different types of records will be kept.

Learn more

To ensure that we are able to meet our legal, regulatory and customer obligations, MTL will retain client information for the following time periods:

  • If you become a client of a lender/insurer as a result of the advice we provide to you, we will keep a full record of your interactions with us for your lifetime plus a reasonable period to enable us to meet our regulatory obligations to evidence we gave suitable advice and to enable us to answer any complaints that may arise as a result of our advice. In practice this means that we will keep your records for no longer than 100 years after you last transact with us
  • If, as a result of our advice, you make an application to a lender/insurer but do not ultimately become a client of that institution, we will keep a full record of your interactions with us for 6-years to meet our obligations under UK Money Laundering regulations.
  • If we provide you with advice on a financial product, but you do not engage our services to make an application to a lender/insurer, we will keep a full record of your interactions with us for 3-years, to enable us to meet our regulatory record keeping obligations regarding evidencing suitability of our advice.
  • If we collect personal information from you, but are unable to provide you with suitable advice, then we will keep a full record of your interactions with us for 1-year to facilitate an easier interaction between us if you re-engage our services within this period.
  • If you request we contact you in relation to our service by providing us with your name and a contact method (e.g. phone, email) through an enquiry form (either on our own, or a 3rd party website) we will use our best endeavors to contact you as soon as possible. If we are unable to make contact with you, we will retain this information for a period of 90-days from the time we de-activate your lead in our database, to ensure we can fulfil our contractual obligations to our lead partners.


Use of Cookies

We use cookies to give you the best experience when using our website. This section covers what cookies are, what they do – and what they don’t do.

Learn more

A cookie is a very small text file that a website saves to your computer’s hard disk. Its purpose is to store any information that you give about yourself, or to save your preferences.

So when you log into the MTL website, your unique ID number, and the time you signed in, is stored in an encrypted cookie on your hard disk. This then allows you to move from page to page on our website without constantly having to log in again. We use session cookies to store data on our server that are individual to you. When you log out, these session cookies will be deleted from your computer.

At a basic level, cookies will:

  • allow our website to work properly, and help keep it secure
  • help us understand how people use the website
  • make the site easier to use by remembering information that you’ve entered
  • Improve your experience by showing you information that’s relevant to you.

Cookies at a glance

The cookies we use let our websites store certain types of information, and not others.

Our websites will: Our websites will not:
remember your username if you tell it you want it to

remember information you’ve entered to save you entering it again

store your results when using our tools and calculators

allow you to share pages with social networks

make sure your logged in session is secure

store your password, to keep your account secure

The types of cookies we use

There’s lots of different cookies with different purposes. The ones we use fall into four categories:

Necessary cookies

These cookies let you move around our websites and use all the features. Without them, you wouldn’t be able to do things like use online banking, or use forms to apply for products. These cookies also help keep your banking session secure.

Performance cookies

These simply help us improve the way our website works. They tell us how people use each page, which ones are viewed most often, or whether any errors occurred.

Customisation cookies

These cookies store your personal settings (such as font sizes and volume level), or remember basic information that you’ve entered – so that next time you visit our website, it’s all there for you. For example, if you enter a value to complete one of our calculators, we’ll enter this value in other tools and calculators throughout the site.

Targeting cookies

These cookies help make sure the adverts you see on your screen are relevant and useful to you.


By using our website, you’re consenting to us using cookies in the ways described above. But if you change your mind, you can alter your cookie settings at any time through your browser settings.


Changing your cookie settings

We recommend that you don’t change your cookie settings, as blocking some or all of them may affect how well our website performs for you.

But if you do decide to change them, you can do this through your browser. Each browser works in a different way, so a good place to start is by searching ‘cookie settings’ in your browser’s help section.

Advertising cookies

If you prefer, you can choose to just turn off advertising cookies by blocking specific companies. You’ll still see adverts on the internet but they might not be tailored to your likely interests or preferences.

You can set your advertising preferences here. This link will open in a new window, so you can keep reading this document.

Third party cookies

Content or applications provided by our following key suppliers are covered by their own policies:

  • Izone


Please note, MTL is not responsible for the content of external websites.

Necessary cookies

Necessary cookies are only placed on your hard disk by our websites, and not by any third parties.

Our necessary cookies will:

enable our web applications to work

help keep your browsing and account sessions secure

Our necessary cookies won’t:

store information on how you use our website

send any information to third parties


Changes to this Privacy Notice

So that you’re always in the know about what happens with your personal information, it’s a good idea to check this Privacy Policy for updates from time to time.

Learn more

We will continuously refine this Privacy Notice to make sure we are complying with our obligations to be transparent about how we use your personal information and that it is as concise, transparent, intelligible and as easily accessible as it can be. However, if we make any changes to how we process your personal information in ways that you would not reasonably expect, we will contact you and bring these changes to your attention.