Privacy Policy

 

Charles Cameron & Associates Ltd is committed to protecting the privacy and security of your personal information.  We ask that you take a few minutes to read this privacy notice as it provides you with important information on:

  • Your rights and obligations
  • How we collect and use your personal information
  • Who we may share your personal information with
  • How we keep it secure

This privacy notice will give you information on how Charles Cameron & Associates Ltd collects and processes your personal data when you contact us or use our services.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide so that you are fully aware of how and why we are using your personal information.

  1. About Charles Cameron & Associates and how you can contact us

Charles Cameron & Associates Ltd is one of London’s leading mortgage brokers, and is experienced in providing financial education and delivering independent mortgage advice to clients across the UK. We are a Company limited by shares, and our registered address is Blackfriars Foundry, 154-156 Blackfriars Road, London, SE1 8EN.  You can find out more about us on our website at www.ccameron.co.uk.

Charles Cameron & Associates Ltd is responsible for the processing of your personal information when you use one of our services, which means that we are a ‘Data Controller’ under the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

To help ensure that we meet our obligations about your personal information, we have appointed a data privacy manager.  If you have any questions or concerns about how your personal information is being used, please contact the data privacy manager by using the details below.

  • Name and title of data privacy manager: Anne Harris, Head of Compliance
  • Email address: anne.harris@ccameron.co.uk

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to the privacy notice and keeping your personal information up to date

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

We will review this privacy policy regularly to make sure that it still meets all of our obligations, and is clear and transparent.  If and when we do make any changes a new version will be posted on our website, and if appropriate we will also notify you in writing.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their arrangements for using your personal information.  When you leave our website, we encourage you to read the privacy notice of every website you visit.

  1. The information we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified.

Our core business is providing mortgage advice and acting as a mortgage broker.  We also routinely offer our customers the opportunity to receive advice on life assurance in relation to their mortgages, and offer financial information and support to help our clients make informed decisions.

There is a range of personal data about you which we may collect and use so that we can provide our services to you, which we have grouped together as follows:

  • Information about who you are, including first name, current and previous last names, username or similar identifier, gender and date of birth.
  • Information to enable us to contact you, including home address, email address and telephone numbers.
  • Financial information, including bank account and payment card details and statements, debts such as loans and credit cards, income and expenditure and employer and pensions benefits.
  • Information that is called ‘Special Category Data’, specifically about your health and medical history, but only where this is strictly necessary, for example in relation to advice on life assurance.
  • Details about payments connected to any products and services you have purchased from us.
  • Technical Data, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
  • Information about how you use our services, including purchases or orders made by you, feedback and survey responses and how you use our website, products and services.
  • Details of our correspondence with us and your preferences in receiving marketing and communications from us and our third parties.

If you don’t provide us with the information we need

There will be personal information which we need to collect from you – this may be because of legal or regulatory requirements, or because this is needed by a mortgage lender or insurer.  If you are not able to provide that information when requested, we may not be able to continue to provide our services. We will notify you if this is the case at the time.

  1. How we collect your personal information

We collect the personal information we need in two ways:

  • Through direct contact with yourself. You may give us your identity, contact and financial data by filling in forms, entering data into our client portal, or by other means of corresponding with us, such as in face-to-face or videoconference meetings, by post, phone or email.

Through automated technologies.  As you use our website, we may automatically collect technical data about your equipment, browsing actions and patterns.  We collect this personal data by using cookies, server logs and other similar technologies.  If you would like further information on how we use cookies, we have put our cookie policy on our website.

  1. How we use your personal information

We will only ever collect and use information about you when it is needed to enable us to provide our services to you, and when the law allows us to do so.  Most commonly, we will use your personal data in the following circumstances:

  • Where the information is necessary to enable us to perform the services which we have agreed with you.
  • Where the information is needed for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation, for example:
  • To validate your identity and address details in order to meet the legal requirements around the prevention of money laundering.
  • To record any potential vulnerabilities where we think this is appropriate to meet the obligations placed upon us by the Financial Conduct Authority (FCA) with regard to the fair treatment of customers. Further details of our obligations to potentially vulnerable customers may be found on the FCA website (www.fac.org.uk)

What are the legal grounds for handling personal information?

We must have a legal basis for processing your personal information.  There are six standard grounds or conditions for handing personal data, plus an additional condition for handling Special Category Data (i.e., information about health, genetic or biometric data):

Condition Description / Examples
Legitimate interest

In most cases you will provide personal information to us because you want to use our services, and in most businesses, this means that there is a contractual condition for processing information.  However, as we are an intermediary between you and mortgage lenders or insurance providers, we cannot use this condition.

We therefore rely on the ‘legitimate interests’ ground for processing your information, which permits us to use your information where our interests are not outweighed by your privacy rights or interests, as long as we only use your information in ways you would reasonably expect, such as, where we need information to provide you with additional services.

Consent

In order to use your personal information on this basis your consent to do so must be freely given, specific and unambiguous.  We use this condition, for example:

·    For direct marketing, where we let you know about products,  services and offers from us.

·    For market research, if we invite you participate.

·    For the administration of any offers, promotions or surveys.

Explicit consent We need to gain your explicit consent where we need to be able to process Special Category Data, in particular health data in connection with life assurance policies.
Complying with a legal obligation Where we are or may be legally obliged to comply with a legal requirement, for example money laundering notifications and reports.
Public Interest

Where there is a public interest in the processing and reporting of personal information, for example:

·         Processing health data in connection with vulnerable clients.

·         Reporting fraud or suspicions of crimes to the relevant authorities.

·         Reporting suspicions of financial crime, terrorist financing or money laundering.

Substantial public interest

Where there is substantial and genuine public interest in the processing and reporting of personal information, for example:

·         Processing health data in connection with vulnerable clients, or in connection with concerns about the health of relatives of an insured person.

·         Reporting fraud or other suspected crimes to the relevant authorities.

·         Reporting suspicions of financial crime, terrorist financing or money laundering.

·         Protecting the public against dishonesty.

Contract Where we process personal data in connection with contract we hold with staff, suppliers and contractors.

 

What we will use your personal information for

In the following table we have described all of the ways we plan to use your personal information, and what legal bases we rely on to do so.  Please note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your information.  Where appropriate, we have also identified what our legitimate interests are.

Generally, we do not rely on consent as a legal basis for processing your personal data, but where we do, you have the right to withdraw consent at any time by contacting us.

Purpose / Activity Type of information Lawful basis for processing, including basis of legitimate interest
To initially engage with you to discuss your potential requirements

·     Identity

·     Contact

·       Consent
To register you as a new customer

·     Identity

·     Contact

·       Performance of a contract with you
To process and deliver your application for a mortgage or protection product

·     Identity

·     Contact

·     Financial

·     Special Category

·     Transactions

·     Marketing and communications

·       Performance of a contract with you

·       To comply with a legal obligation

 

To manage our customer relationship with you, which will include:

·   Create and maintain access to our client portal

·   Notifying you about changes to our terms or privacy policy

·   Customer reviews / surveys

·   Re-engagement when existing products near expiry

·   Review of protection needs

·     Identity

·     Contact

·     Profile and usage

·     Marketing and communications

·       Performance of a contract with you

·       To comply with a legal obligation

·       Necessary for our legitimate interest (to keep our records up to date, to re-engage with you to review your existing mortgage / protection needs, and to maintain and improve customer service standards)

To respond to legitimate case enquiries and to input to the management of complaints

·     Identity

·     Contact

·     Transaction

·     Profile and usage

·     Marketing and communications

·       To comply with a legal obligation

·       Necessary for our legitimate interest (to ensure that complaints can be responded to accurately)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

·     Identity

·     Contact

·     Technical

·       To comply with a legal obligation

·       Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

·     Identity

·     Contact

·     Profile and usage

·     Marketing and communications

·     Technical

·       To comply with a legal obligation

·       Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

·     Identity

·     Contact

·     Financial

·     Special Category

·     Technical

·     Profile and usage

·       Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

 

Marketing and promotional offers

We may use some elements of your personal information to use our knowledge and experience to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

You will receive marketing communications from us if you have engaged with us to provide you with a service, or if you provided us with your details when you entered or registered for a promotion and, in each case, you have not opted out of receiving such marketing.

Opting out

We strive to provide you with choices regarding our use of your personal data uses, particularly around marketing and advertising.

We will record whether someone wants to opt in or opt out in our customer relationship and marketing systems, and this can be updated at any time.  All communications of this nature will include the option to unsubscribe.  You can ask us or third parties to stop sending you marketing messages at any time.

Where you opt out of receiving these communications, this will not apply to personal information provided to us to enable us to perform the activities described in the table above.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason, and that reason is compatible with the original purpose.  If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we consider that we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.  Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

  1. Who we may share your personal information with

So that we can provide the services we have agreed with you, there are some third parties who we may need to share your personal information with, and we have provided a summary list of these below.

We require all of our third parties to respect the security of your personal information and to treat it in accordance with the law.  We do not allow our third-party service providers to use your personal information for their own purposes and only authorise them to process it for specified purposes and in accordance with our instructions.

Each of these third parties will have their own privacy notices which you can find on their websites.  If you would like any help finding these privacy notices, please let us know and we will provide the links.

  • Mortgage lenders, for the purpose of sourcing and arranging your mortgage.
  • Life Insurers, for setting up and providing your life protection insurance.
  • Lead suppliers, if you were introduced to us by a third party other than through the employee benefits arrangements of one of our corporate partners.
  • Lexis Nexis for identity and address checking.
  • Conveyancers who you contract with once you wish to proceed with a quote.
  • External contractors or service providers who we may engage in order to undertake the purposes and activities listed in the table in Section 4.
  • Bluecoat Software, who provide the FinPlan system we use to administer and manage our customer processes, and who store your personal information for us.
  • Optimal Solutions, who provide our internal IT systems and support.

If you no longer wish us to share your personal information with any of these organisations, you may withdraw your consent at any time.  Please be aware however that the withdrawal of consent may cause us to be unable to deliver our services to you.

We may also be required to share your personal information with law enforcement or regulatory entities in order to fulfil our statutory, legal or regulatory obligations, and dependent on the particular circumstances we may or may not be permitted to inform you of this.

  1. How do we keep your personal information secure

The security and safety of your personal information is of primary importance to us, and we take this responsibility very seriously.

We have put in place a wide range of modern security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.  In addition, we limit access to your personal data to those employees and third parties who have a defined and applicable business need to be able to see and use your information.  They will only process your personal data on our instructions and they are subject to a contractual duty of confidentiality.

We have put in place procedures to deal with any suspected or actual personal data breach, and will notify you and any applicable regulator of a breach where we are required to do so.

  1. Your information rights

You have a number of legal rights to protect your personal information under data protection legislation.

Not all of these rights will apply in all circumstances, and we will be happy to explain this to you on request.  All of these rights can usually be exercised free of any charge to you, and in most cases, we must respond within one month; if we need longer to respond we will explain this to you.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

INFORMATION You have the right to be informed in a transparent and easily accessible way about how we will use your personal information.  We will explain why we need your information, and we will make sure this privacy notice is up to date, available at all times and is clear and understandable.
ACCESS

You can make what is called a data subject access request for a copy of the information we hold about you.

In most circumstances we must respond to your request within one month, however if you have made a number of requests or your request is complex, we may need extra time to consider your request and they can take up to an extra two months to respond.  If this is the case, we will explain this to you within one month.

In most circumstances, we will give you a copy of your personal information free of charge.  However, we are permitted to charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or to refuse to comply with your request.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

PORTABILITY In some circumstances you have the right to have the information you have given us sent on electronically to another person or business.
CORRECTION

You have the right to have incorrect information corrected and incomplete information completed.

If the information you have given to us and that we need to provide our services has changed, please tell us about this as soon as possible.

OBJECTION

You will normally have the right to object to how we intend to use your personal information.  Please be aware however that if you do object to how we intend to use your data we be unable to deliver our services to you.

You have an absolute right to object to us using your personal information for direct marketing, and you let us know this at any time.

RESTRICTION If you have objected or complained about how we have used your personal information or its accuracy, you can ask for your information to be restricted, not used or remain undeleted until your complaint has been resolved.
ERASURE You have the right, in some circumstances, to have all or some of the information we hold about you to be deleted.  This is known as the right to be forgotten.
AUTOMATED DECISION MAKING

This right only applies where a decision with some legal or similar effect has been made by automated means without any human intervention.  In such cases you can ask the data controller to review such decisions.

Charles Cameron & Associates Ltd does not make automated decisions about any of its clients.

CONSENT If we are processing your personal information on the basis of your consent (as explained in Section 4) you have the right to withdraw your consent at any time.
COMPLAINTS

You have the right to complain to the Information Commissioner if you consider that any aspect of our use of your personal information infringes the law.  Information on how to complains is available on the Information Commissioner’s Office website (www.ico.org.uk).

However, we want to put matters right wherever we can, and as quickly as we can, so we hope that you will contact us in the first instance.  Our contact details are included in Section 1.

If your complaint is about the terms, conditions or administration of a product sold by us but provided by a third-party lender or insurer, you may need to contact them directly about this.  We can give you their contact details, and if you wish we can forward details of your complaint to them for you.

 

  1. How long do we keep your personal information for

We will only keep your personal information for as long we need to in order to provide the services which we agreed with you, and to ensure that we can meet any legal, regulatory and customer obligations.

We will keep client information for the following periods:

  • If you take out a mortgage or an insurance product as a result of the advice we have provided to you, we must retain a full record of our interactions. This is so that we can meet our regulatory obligations to show that we gave suitable advice and so that we can answer any questions you may have or any complaints which you may make.  In practice, this means that we will keep your records for the for the term of the product, plus an additional 6 years.
  • If you act on our advice and make an application to a lender or insurer, but then ultimately become a customer of theirs, we will keep a record of your interactions with us for 6 years. This is so that we can comply with the requirements of UK Money Laundering regulations.
  • Even if we provide you with advice but then do not make an application to a lender or insurer, then we must still hold your records for 5 years in order to meet our regulatory obligations regarding evidencing the suitability of our advice.
  • Where we engage with you in mortgage or insurance discussions, but do not advise or arrange anything for you at that time, we will retain the information for 5 years so that we can easily recommence our discussions at a later date should you so wish.
  • If you register an interest with us and provide us with your name and contact details, but we are subsequently unable to make contact, we will only retain your information for 6 weeks after our final attempt to contact you.

For the purposes of data deletion, after the above periods your records will be either permanently deleted, including on any systems backups, or if this is not technically possible due to system constraints, we will ensure that your information is put permanently out of reach through anonymisation or pseudonymisation.

 

Want to learn more about how we can help you?

Meet With Us