Privacy Policy

Charles Cameron & Associates Ltd is committed to protecting the privacy and security of your personal information.  We ask that you take a few minutes to read this privacy notice as it provides you with important information on:

• Your rights and obligations
• How we collect and use your personal information
• Who we may share your personal information with
• How we keep it secure

This privacy notice will give you information on how Charles Cameron & Associates Ltd collects and processes your personal data when you contact us or use our services.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide so that you are fully aware of how and why we are using your personal information.

1. About Charles Cameron & Associates and how you can contact us

Charles Cameron & Associates Ltd is one of London’s leading mortgage brokers, and is experienced in providing financial education and delivering independent mortgage advice to clients across the UK. We are a Company limited by shares, and our registered address is Blackfriars Foundry, 154-156 Blackfriars Road, London, SE1 8EN.  You can find out more about us on our website at www.ccameron.co.uk.

Charles Cameron & Associates Ltd is responsible for the processing of your personal information when you use one of our services, which means that we are a ‘Data Controller’ under the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

To help ensure that we meet our obligations about your personal information, we have appointed a data privacy manager.  If you have any questions or concerns about how your personal information is being used, please contact the data privacy manager by using the details below.

• Name and title of data privacy manager: Anne Harris, Head of Compliance
• Email address: anne.harris@ccameron.co.uk

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to the privacy notice and keeping your personal information up to date

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

We will review this privacy policy regularly to make sure that it still meets all of our obligations, and is clear and transparent.  If and when we do make any changes a new version will be posted on our website, and if appropriate we will also notify you in writing.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their arrangements for using your personal information.  When you leave our website, we encourage you to read the privacy notice of every website you visit.

2. The information we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified.

Our core business is providing mortgage advice and acting as a mortgage broker.  We also routinely offer our customers the opportunity to receive advice on life assurance in relation to their mortgages, and offer financial information and support to help our clients make informed decisions.

There is a range of personal data about you which we may collect and use so that we can provide our services to you, which we have grouped together as follows:

• Information about who you are, including first name, current and previous last names, username or similar identifier, gender and date of birth.
• Information to enable us to contact you, including home address, email address and telephone numbers.
• Financial information, including bank account and payment card details and statements, debts such as loans and credit cards, income and expenditure and employer and pensions benefits.
• Information that is called ‘Special Category Data’, specifically about your health and medical history, but only where this is strictly necessary, for example in relation to advice on life assurance.
• Details about payments connected to any products and services you have purchased from us.
• Technical Data, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
• Information about how you use our services, including purchases or orders made by you, feedback and survey responses and how you use our website, products and services.
• Details of our correspondence with us and your preferences in receiving marketing and communications from us and our third parties.

If you don’t provide us with the information we need

There will be personal information which we need to collect from you – this may be because of legal or regulatory requirements, or because this is needed by a mortgage lender or insurer.  If you are not able to provide that information when requested, we may not be able to continue to provide our services. We will notify you if this is the case at the time.

3. How we collect your personal information

We collect the personal information we need in two ways:

• Through direct contact with yourself. You may give us your identity, contact and financial data by filling in forms, entering data into our client portal, or by other means of corresponding with us, such as in face-to-face or videoconference meetings, by post, phone or email.

Through automated technologies.  As you use our website, we may automatically collect technical data about your equipment, browsing actions and patterns.  We collect this personal data by using cookies, server logs and other similar technologies.  If you would like further information on how we use cookies, we have put our cookie policy on our website.

4. How we use your personal information

We will only ever collect and use information about you when it is needed to enable us to provide our services to you, and when the law allows us to do so.  Most commonly, we will use your personal data in the following circumstances:

• Where the information is necessary to enable us to perform the services which we have agreed with you.
• Where the information is needed for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation, for example:
• To validate your identity and address details in order to meet the legal requirements around the prevention of money laundering.
• To record any potential vulnerabilities where we think this is appropriate to meet the obligations placed upon us by the Financial Conduct Authority (FCA) with regard to the fair treatment of customers. Further details of our obligations to potentially vulnerable customers may be found on the FCA website (www.fac.org.uk)

What are the legal grounds for handling personal information?

We must have a legal basis for processing your personal information.  There are six standard grounds or conditions for handing personal data, plus an additional condition for handling Special Category Data (i.e., information about health, genetic or biometric data):

What we will use your personal information for

In the following table we have described all of the ways we plan to use your personal information, and what legal bases we rely on to do so.  Please note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your information.  Where appropriate, we have also identified what our legitimate interests are.

Generally, we do not rely on consent as a legal basis for processing your personal data, but where we do, you have the right to withdraw consent at any time by contacting us.

Marketing and promotional offers

We may use some elements of your personal information to use our knowledge and experience to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

You will receive marketing communications from us if you have engaged with us to provide you with a service, or if you provided us with your details when you entered or registered for a promotion and, in each case, you have not opted out of receiving such marketing.

Opting out

We strive to provide you with choices regarding our use of your personal data uses, particularly around marketing and advertising.

We will record whether someone wants to opt in or opt out in our customer relationship and marketing systems, and this can be updated at any time.  All communications of this nature will include the option to unsubscribe.  You can ask us or third parties to stop sending you marketing messages at any time.

Where you opt out of receiving these communications, this will not apply to personal information provided to us to enable us to perform the activities described in the table above.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose.  If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we consider that we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.  Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. Who we may share your personal information with

So that we can provide the services we have agreed with you, there are some third parties who we may need to share your personal information with, and we have provided a summary list of these below.

We require all of our third parties to respect the security of your personal information and to treat it in accordance with the law.  We do not allow our third-party service providers to use your personal information for their own purposes and only authorise them to process it for specified purposes and in accordance with our instructions.

Each of these third parties will have their own privacy notices which you can find on their websites.  If you would like any help finding these privacy notices, please let us know and we will provide the links.

• Mortgage lenders, for the purpose of sourcing and arranging your mortgage.
• Life Insurers, for setting up and providing your life protection insurance.
• Lead suppliers, if you were introduced to us by a third party other than through the employee benefits arrangements of one of our corporate partners.
• Lexis Nexis for identity and address checking.
• Conveyancers who you contract with once you wish to proceed with a quote.
• External contractors or service providers who we may engage in order to undertake the purposes and activities listed in the table in Section 4.
• Bluecoat Software, who provide the FinPlan system we use to administer and manage our customer processes, and who store your personal information for us.
• Optimal Solutions, who provide our internal IT systems and support.

If you no longer wish us to share your personal information with any of these organisations, you may withdraw your consent at any time.  Please be aware however that the withdrawal of consent may cause us to be unable to deliver our services to you.

We may also be required to share your personal information with law enforcement or regulatory entities in order to fulfil our statutory, legal or regulatory obligations, and dependent on the particular circumstances we may or may not be permitted to inform you of this.

6. How do we keep your personal information secure

The security and safety of your personal information is of primary importance to us, and we take this responsibility very seriously.

We have put in place a wide range of modern security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  In addition, we limit access to your personal data to those employees and third parties who have a defined and applicable business need to be able to see and use your information.  They will only process your personal data on our instructions and they are subject to a contractual duty of confidentiality.

We have put in place procedures to deal with any suspected or actual personal data breach, and will notify you and any applicable regulator of a breach where we are required to do so.

7. Your information rights

You have a number of legal rights to protect your personal information under data protection legislation.

Not all of these rights will apply in all circumstances, and we will be happy to explain this to you on request.  All of these rights can usually be exercised free of any charge to you, and in most cases, we must respond within one month; if we need longer to respond we will explain this to you.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

7. How long do we keep your personal information for

We will only keep your personal information for as long we need to in order to provide the services which we agreed with you, and to ensure that we can meet any legal, regulatory and customer obligations.

We will keep client information for the following periods:

• If you take out a mortgage or an insurance product as a result of the advice we have provided to you, we must retain a full record of our interactions. This is so that we can meet our regulatory obligations to show that we gave suitable advice and so that we can answer any questions you may have or any complaints which you may make.  In practice, this means that we will keep your records for the for the term of the product, plus an additional 6 years.
• If you act on our advice and make an application to a lender or insurer, but then ultimately become a customer of theirs, we will keep a record of your interactions with us for 6 years. This is so that we can comply with the requirements of UK Money Laundering regulations.
• Even if we provide you with advice but then do not make an application to a lender or insurer, then we must still hold your records for 5 years in order to meet our regulatory obligations regarding evidencing the suitability of our advice.
• Where we engage with you in mortgage or insurance discussions, but do not advise or arrange anything for you at that time, we will retain the information for 5 years so that we can easily recommence our discussions at a later date should you so wish.
• If you register an interest with us and provide us with your name and contact details, but we are subsequently unable to make contact, we will only retain your information for 6 weeks after our final attempt to contact you.

For the purposes of data deletion, after the above periods your records will be either permanently deleted, including on any systems backups, or if this is not technically possible due to system constraints, we will ensure that your information is put permanently out of reach through anonymisation or pseudonymisation.