With all suppliers who Mortgage Ladder Ltd contracts with we use contract and model clauses to ensure that data protection is maintained to standards specified by GDPR. Appropriate safeguards have been put in place to ensure individuals’ personal data that is processed by these organisations is protected and their rights and freedoms are maintained.
The following safeguards have been implemented:
- A processor contract that complies with Article 28 GDPR has been agreed, including the addition of EU model clauses.
- Appropriate security measures to demonstrate compliance with Article 32 GDPR which are equivalent to Mortgage Ladder Ltd information security standards and policies.
- Records of Processing Activities (“RPAs”) have been implemented to document the processing activity and nature of the relationship.
- Controls within all partners, to protect data are reviewed by Mortgage Ladder Ltd and are subject to an annual ongoing audit where the Partner relationship extends beyond a year.
Much of the data that we process or control falls under the definition of personal data and therefore the GDPR/Data Protection Act 2018 (DPA) is fundamental to everything we do. As such, Mortgage Ladder Ltd’s Data Protection Policy is integral to our business activities and all our policies and procedures relating to the processing of personal data are built around compliance with the DPA and GDPR.
This Policy is owned by Mortgage Ladder Ltd’s Chief Operating Officer and is available to all Mortgage Ladder Ltd employees, via the corporate intranet. All staff are required to undertake Data Protection Training immediately after joining the company and must take refreshers on an annual basis.
Mortgage Ladder Ltd ensure that all products and services that involve the use of personal data are reviewed by an Internal Compliance Team or External Compliance Consultant prior to development. Compliance will conduct a Data Protection Impact Assessment where necessary and depending on the type and size of the development project a Compliance representative may also take an active role within the project team as the product or service is developed. The Compliance team engages directly with the ICO and where appropriate we will liaise with them to resolve any questions around compliance with the DPA/GDPR. The Data Protection Act principles are fundamental to Compliance reviews of personal data use.
As a Data Controller, Mortgage Ladder Ltd will ensure it meets its obligations in:
- Fair and lawful processing
- Purpose limitation
- Data minimisation
We maintain a Record Retention Policy which details our approach in line with GDPR and the DPA. This requires that the Mortgage Ladder Ltd business carefully considers the need for each data type that we are acting as Controller of to be retained at all; and where it is retained to provide a justification for this and a reasonable timescale.
All users can also request to delete their data anytime in line with GDPR by sending a delete request to firstname.lastname@example.org. There may be legal or regulatory obligations which require us to retain some data e.g. so that we can address complaints or requests for information from regulatory bodies.
We currently do not transfer any data outside the EEA. Should it become necessary to transfer personal data to a third-party, outside the EEA, we will ensure that we have a legitimate basis for doing this and that the data is handled securely.
By visiting mortgageladder.com and using our apps and services you are accepting and consenting to the practices described in this Privacy Notice. The data controller of your information is Mortgage Ladder of Kemp House, 152 – 160 City Road, London, England, EC1V 2NX.
Our data controller registration number is ZA769128. You can check our registration on the Data Protection Public Register by visiting
References to our website below include references to our apps.
- The information we collect
- How we use the information
- Who we may share your data with
- What is the legal basis for us using this information?
- Direct marketing and how you can change your preference
- How we protect your information
- How long we keep your information for
- Links to and from third party websites
- Automated Decision Making
- Your rights
- Contact us
- Your right to lodge a complaint with the ICO
- What are cookies?
- More about the cookies we use
- Turning cookies off
- Contact us
- Further reading
THE INFORMATION WE COLLECT
We collect and process information that:
- you give to us when you register with us, such as your name and contact details
- we obtain from Credit Reference Agencies on your behalf
- we obtain from open Banking data on your behalf
- we collect about you based on your use of our website or from your mobile device if you are using our app
- we receive from other sources, such as third parties who give us information about you
- is collected from cookies.
The information you give us may include:
- Email address
- Date of birth
- Phone number
- Monthly expenditure
- Residential details
- Employment details
- Address history
- Bank details
- Property value
- Monthly rental income
- Mortgage details
- Identity details, including drivers’ licence or passport information
- Energy and gas tariff details
- Lifestyle information
- Technical information when you log in to our site or app, including your Internet protocol (IP) address, your login information, browser type and version, time zone setting, operating system and platform
- Information about your visit, including the products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and other web traffic activity
HOW WE USE THE INFORMATION
- We use information we hold about you to provide our services to you and improve those services, administer your account and communicate with you and to use information on an anonymous basis for research, profiling and analytical purposes.
- Undertake analysis and profiling of your information in order to identify and inform you of the right products that we consider are likely to interest you or be suited to your personal circumstances or to enhance our services.
- To ensure that content from our website is presented in the most effective manner for you and your device.
- To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- To improve the services, we offer you such as understanding the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you
- As part of our efforts to keep our website safe and secure and to prevent fraud
- For training and quality purposes and for the purposes of investigating any complaint you may make, or as evidence in any dispute between you and us.
What we will never do. Rest assured, we will never sell your information to third parties.
WHO WE MAY SHARE YOUR DATA WITH
We may share your data with other members of our group and with third parties, such as our service providers, Fraud Prevention Agencies and other vetted Partners.
We may need to disclose your data to others to ensure the smooth provision to you of the products, services and information you request. These third parties act on our instructions and are processors of your information.
The Product providers may include business partners who offer you mortgages, loans, credit cards, car finance, insurance, pensions, investments and other related products. The use may include to
- pre-fill an application form with the product provider
- assess your probability of being accepted for a product
The product provider will not have permission to use this data for any other purpose including marketing.
When you click to search for credit offers on our website or our apps, these service providers may record a ‘soft credit search’ on your credit file, but this record will be invisible to other lenders, so by itself it will not affect their lending decision and it will not affect your credit score. You can opt out of this if you want to in your Dashboard, however, if you do opt out of this, we will not be able to show you ads that are specifically targeted to you and will only be able to show you generic ads, which may not be suited to your personal circumstances.
If we sell or buy any business or assets, we may need disclose your personal data to the prospective seller or buyer of such business or assets (or the buyer or seller’s advisers)
If we or part or all of our assets are acquired by a third party, the personal data held by us about our customers may be one of the transferred assets
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and other agreements; or to protect the rights, property, or safety of Mortgage Ladder Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We will share your personal information with fraud prevention agencies. If false or inaccurate information is provided and fraud is identified, details of this fraud will be passed to these agencies. Law enforcement agencies may access and use this information. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
WHAT IS THE LEGAL BASIS FOR US USING THIS INFORMATION?
Our lawful bases may include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you (such as delivering our core services to you) and our own legitimate interests.
Performance of a contract. We cannot provide our services to you without collecting the information you give us because we need certain information from you to be able to seek your banking and credit report and to show suitable financial offers to you and to provide our other services to you.
Consent. We will always seek your consent to process certain types of information where we are legally required to do so. You have the right to withdraw or decline your consent at any time.
Legitimate interests. We may process your personal data for the purposes of our legitimate interests or for the legitimate interests of our product providers or other suppliers provided that such processing does not outweigh your rights and freedoms. As an example, we may process your personal data to:
- display tailored product offers to you
- comply with laws that apply to us
- provide you with our service, including for the purpose of quality control and analysis
- protect you and us from fraud or other threats
- conduct analysis, segmentation and profiling of your data in order to provide you with direct marketing communications
- improve our service and manage our customer relationships
- Where we rely on legitimate interests, you have the right to object at any time.
DIRECT MARKETING AND HOW YOU CAN CHANGE YOUR PREFERENCE
We offer you the opportunity to receive marketing information from us. You can opt out easily of receiving marketing from us at any time.
We will normally send direct marketing by email if we have your email address, but may choose to contact you via other methods, such as push notifications to your devices.
You may receive the following types of communications from us:
- Product recommendations – we’ll get in touch with personalised, timely product recommendations that can help you improve your financial situation. We will only ever send these if you explicitly consent to receiving them and you can unsubscribe whenever you like.
- Content communications – we’ll send you content such as tips, research, features and news, coaching programmes on how to keep on top of your money and other related content. You can unsubscribe from these at any time and we will never spam your inbox.
HOW WE PROTECT YOUR INFORMATION
We take the security of your data very seriously and use strict procedures to protect it.
All information you provide to us is stored on our secure servers.
We do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to our website; any transmission carries a risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, loss or damage.
Where possible, we try to only process your information within the UK and European Economic Area (EEA). If we or our service providers transfer personal data outside of the UK or EEA, we always require that appropriate safeguards are in place to protect the information when it is processed.
HOW LONG WE KEEP YOUR INFORMATION FOR
While your account remains active, we keep your information for no longer than is necessary depending on the purpose for which we are using it.
How long we keep your information will depend on the purpose for which we use it. While you are a customer of ours, we will only retain your information for as long as is necessary for those purposes.
After termination of your account, we may continue to use anonymised data (which does not identify individual users) which is aggregated with anonymised data of other users. We use this aggregated anonymised data for data analysis, profiling and research purposes, for example to gain insights about our users. We may also keep your email address to ensure that you no longer receive any communications from us as well as your name, date of birth and latest address for fraud prevention purposes and for the exercise or defence of a legal claim.
LINKS TO AND FROM THIRD PARTY WEBSITES
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
You can exercise specific rights with regards to the data that we hold about you.
We will provide you with the necessary tools and contact details to be able to exercise your statutory rights regarding the information that we hold about you. You will be able to:
- Correct your data: you will usually be able to amend any information that we hold about you that is inaccurate or incomplete through the settings in your account.
- Request access to your data: you can ask for access to the personal data that we hold about you so that you can check that we are using your information in accordance with data protection law
- Erase your data: you can ask us to fully or partially delete your personal data where there is no compelling reason for us to keep using it, although we may not be able to continue to provide our services. We may keep your email address to make sure the restriction is respected in future. We also have the right to continue using your information if such usage is necessary for compliance with our legal obligations.
- Download your data or send it to another controller: you can obtain a copy of the data you provided us in a machine-readable format. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
- Object to the use of your data: you can ask that we no longer use your personal data where that use is based on a legitimate interest
- Restrict the use of your data: You have the right to ‘block’ or suppress further use of your information in certain circumstances (for example, where you think the information we are using about you is inaccurate, whilst we verify its accuracy). When usage is restricted, we can still store your information, but may not use it further.
- Right to withdraw consent: If you have given your consent for us to use your information, you have the right to withdraw your consent at any time. This can be done by contacting our Data Protection Officer.
- For the exercise of any of your rights, you can also contact us at email@example.com
Mortgage Ladder Ltd Cookies Policy
If you wish to use our website, but would like us not to set cookies in your browser, you can disable or remove the cookies (See section on “Turning off cookies” for more details). Please note that disabling or removing the cookies we or our third party service providers set may impact the functionality and security of our website and our ability to provide our services to you.
We reserve the right to make changes to our Cookies Policy. Any changes we may make to our Cookies Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Cookies Policy. Your continued use of our website is taken as your agreement to any such changes.
WHAT ARE COOKIES?
Cookies may be either “persistent” cookies or “session” cookies, depending on how long they are used.
Persistent cookies remain on your device after you have closed your browser, and allow a website to remember your actions and preferences. They are activated each time you visit the website where the cookie was generated. They are stored by the browser and remain valid until their set expiry date (unless deleted by the user before the expiry date).
Session cookies only last for the duration of your visit and are deleted when you close your browser. They facilitate tasks such as allowing a website to identify that a user of a particular device is navigating from page to page, supporting website security or basic functionality.
WHAT COOKIES DO WE USE?
Mortgage Ladder Ltd uses the following cookies;
Cookielawinfo | Session cookies
Used to record consent for usage of cookies when you access the website.
Sendinblue | Persistent and Session cookies
- add and update users for CRM purposes based on actions taken on web app (e.g. sign-up).
- send tailored content to users.
- track performance analytics data of email / email campaigns.
- protect your data from unauthorized access.
- store consent for google cookies.
- distinguish between bots and humans on contact form page.
- authenticate securely via “Sign in with Google”.
- identify a particular “session” or “sign in” and to ensure that this is stored only on the computer that you performed that sign-in from.
- store your preferences and information when viewing pages with Google hosted content.
- store information about how you use the sites and any advertising that you may have seen before visiting our website or using our web app.
- set an ID to ensure you don’t see the same advert often.
- store ID for when you see advertisements on our Tailored Offers section.
- allow website to load faster with Twitter content.
- allow you to share content from the website / web app to Twitter profile.
cdn.syndication.twimg.com | Session cookie
Used to save language preferences.
- distinguish users on the Google Analytics platform anonymously.
- track user visits and behaviours anonymously to help improve experience.
- limit the number of requests that have to be made to doubleclick.net.
- create heatmaps of interactions with pages on our website and web app which show scrolling and clicking behaviours, allowing us to identify areas of interests for users.
- monitor users’ sessions on the website and web app, allowing us to provide improved experience, user support, and diagnose/repair bugs.
- creating and receiving Hotjar feedback surveys on our website and web app.
- authentication via ‘Sign in with Facebook’ on web app.
- targeting purposes and to deliver a series of advertisement products such as real time bidding from third party advertisers.
- measuring how effective an ad is by registering user actions after clicking the ad and presenting targeted ads.
- testing whether browser accepts cookies.
- determine whether website advertisement has been properly displayed.
- presenting with relevant advertising and limits how often you see them.
Used for re-engagement purposes based on online behaviours across sites.
TURNING OFF COOKIES
You can disable cookies at any time either by using our cookie management tool or by deleting them via your browser’s settings. Please note that by doing so, parts of our website and web app may no longer function as expected.
For more information on how to delete cookies from your browser(s), you may want to click on one of the links below;
- For Chrome: https://support.google.com/chrome/answer/95647?hl=en&hlrm=en
- For Edge: https://support.microsoft.com/en-us/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd
- For Safari: https://support.apple.com/en-ph/guide/safari/sfri11471/mac
- For Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- For Opera: https://blogs.opera.com/news/2015/08/how-to-manage-cookies-in-opera/
If you would like to know more about cookies, you can find out more at the links below.
Useful information about cookies can be found at:
The BBC Web Wise guide to cookies:
Information on the ICO cookie guide can be found on the ICO website:
A guide to behavioural advertising and online privacy has been produced by the Internet Advertising Bureau which can be found at:
YOUR RIGHT TO LODGE A COMPLAINT WITH THE ICO
If you believe our processing of your information does not comply with the data protection law, we suggest you contact our Data Protection Officer. However, you can make a complaint to the Information Commissioner’s Office (ICO) at any time.
Please visit the ICO website for further information – https://ico.org.uk/for-the-public/raising-concerns