Privacy Policy

This Privacy Policy lets you know how we collect and process your personal data and personally identifiable information through your use of this website and any related applications, including when you create an account, use our brokerage or any of our online products or services.

It's important that you read this Privacy Policy along with any other policies or notices we may issue when we are collecting or processing your personal data about you.

This version was created on 10 November 2018.

HOW TO CONTACT US

For the General Data Protection Regulation (GDPR) 2018, Get Fi Limited is the registered data controller responsible for your personal data and this website, whose registered office is at 60 St Martin's Lane, Covent Garden, London, WC2N 4JS, United Kingdom.

You can get in touch with us if you have any questions about this Privacy Policy, including any requests to exercise your legal rights, at:

Email address: help@getfi.co

Our FCA Principal Penvest Limited (company no. 05148071) is also a data controller as part of our services. Penvest's registered office is located at Insight House, 7a Alkmaar Way, Norwich International Business Park, Norwich, Norfolk NR6 6BF.

WHAT INFORMATION WE COLLECT

We may collect, use, store the following kinds of personal data, either via the online 'fact find' you complete on our website or via further communications with you, such as telephone calls or electronic messages:

  • Identity and Contact Details including but not limited to names, marital status, date of birth, address, emails telephone numbers. This may include identity and address verification documents.
  • Employment Details including payslips and employment contracts
  • Financial Information including bank account details and statements, your salary, savings, your outgoings, credit history, financial commitments, direct debit details and tax information such as your returns.
  • Health Data* such as whether you are a smoker or not. This information is classed as Special Category data and will only be used for the purpose of providing certain types of insurance product, only if you wish to provide it on the basis of purchasing that product or receiving a quote.
  • Technical Data including your (IP) address, login and profile data, browser type, time zone setting and location, operating system and platform and your device type. Please see out Cookie Policy for further information.
  • Usage Data includes information about how you use our website, products and services such as the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.

We do not actively collect any other Special Category personal data which includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership and genetic or biometric data. If any of this data is collected indirectly as a result of communications with you during the advice and application process, it is considered sensitive data and will not be used to inform any of our services, products or communications. However, by agreeing to this Privacy Policy during the sign-up process, you grant us the right to process Special Category data should it included in your application. If you do not, we cannot proceed with your application.

Under anti-money laundering regulations, we are required to complete customer identity verification. We will check and verify your name and address against data held by credit reference agencies databases and the electoral roll. If this verification fails, we may ask you to provide us with further personal identity and proof of address documents to confirm your details. This process of checking and verification does not affect you credit history.

If you are making a joint application, we'll record and process any data or information provided to us by you of any other persons who are joined to the application. We assume that be providing us with their information that you have collected their express consent to do so, in accordance with this Privacy Policy.

We may use your data and information to contact you to ask you if you would like to leave a review and make any of your reviews public, potentially as part of our marketing material, or to assist with any issues you may have come across while using our service or product.

We may also record information about potential vulnerabilities in order to meet our obligations to vulnerable customers, as set out by the Financial Conduct Authority (FCA). Find out more here.

Calls with our customer support staff and advisors may be recorded for training and monitoring purposes.

HOW WE COLLECT YOUR DATA

When you provide it to us by:

  • Post
  • SMS
  • Email
  • Telephone
  • Signing up for our services online
  • Opening an account with us
  • Subscribing to our marketing communications
  • Giving feedback
  • Interacting with our website. Please see our Cookie Policy for further details.
  • From third parties and public sources such as:
    • Google
    • Digital marketing agencies
    • Other search information providers
    • Companies House
    • Electoral Register
    • Software providers for identity verification and anti-money laundering checks

HOW WE USE YOUR PERSONAL DATA

We'll mainly use your personal data when applying for a mortgage, insurance product or other product or service that we offer, where we need to perform the contract we're about to enter into or have entered into with you. We use your data to do the following:

  • Register and manage your account
  • Source mortgages and make mortgage applications for you
  • Source insurance products and make applications for those products for you
  • Monitor your product applications
  • Communicate with you
  • Conduct market research and profiling to better market our products and services to you
  • Statistical analysis (data will be anonymised for this purpose)
  • Test, maintain and support our systems, troubleshooting and internal operations
  • Administer our business functions
  • Deliver relevant advertising and marketing communications to you and to measure the effectiveness of these advertisements and communications (if you have opted-in during the sign-up process online)
  • Make suggestions and recommendations to you about relevant products/services that may be of interest to you
  • Request feedback or ask you to participate in surveys regarding our products/services
  • Comply with our regulatory duties and obligations

The lawful basis for processing your data for the activities described above are as follows:

  • Consent
  • Performance of a contract with you
  • Necessary to comply with a legal obligation
  • Necessary for our legitimate interests
  • Develop products/services
  • Keep records up to date
  • Study how consumers engage with our website and products/services
  • Administer and run our business
  • IT and network security

Where we rely on consent as a legal basis for processing your personal data, you have the right to withdraw consent to marketing at any time by contacting us.

All data associated with a completed mortgage application or other product application will be held by us for at least 6 years post-completion, to meet our legal and regulatory obligations. Any data associated with an incomplete application will be held as long as your Get Fi account remains open. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

We may share your information with the following entities

  • Lenders
  • Insurance or mortgage product providers
  • Third parties involved in the process of providing you with your mortgage including but not limited to solicitors, advisors, auditors, accountants, valuers, conveyancers, estate agents and mortgage clubs
  • Electronic identity verification, proof of address verification and anti-money laundering verification firms
  • Sourcing firms that provide information on lender or insurance products
  • Insurers
  • Any company that is part of the Fi group, as defined in section 1159 of the UK Companies Act 2006
  • Any regulatory, governmental body, ombudsmen or law enforcement agency that has jurisdiction
  • Our FCA Principal
  • Any person or legal entity to whom we sell or transfer (or initiate discussions with to sell or transfer) our business or any part of it or any of our rights or obligations under any agreement we may have with you. If the transfer goes ahead, you agree that the purchaser can use your data in the same way as us.
  • Lead suppliers
  • Suppliers or partners involved in marketing, communications or distribution campaigns
  • Cloud service providers
  • Support and analytics services

We will get your express opt-in consent before we share your personal data with any other company for the third party's marketing purposes.

When we share your details with third party lenders or product providers, such as insurers, those lenders or product providers will become the data controllers of any of your personal data so that they can process your applications. Each lender will have its own privacy policy and it is important that you read and understand their policies.

We will ensure your data remains within the EEA and therefore fall under purview of the General Data Protection Regulation. If for any reason we use third parties that are domiciled outside of the EEA any such data storage will undergo further enhanced controls and checks, dependent on the country of storage. We will inform you of any such instance where this may occur.

OPTING OUT

If you would like to stop receiving marketing messages from us, you can opt out at any time by clicking the unsubscribe button or the link at the bottom of any of our marketing emails, or by contacting us at any time.

Where you opt out of receiving these marketing messages, this won't apply to personal data provided to us as a result of a product transaction.

YOUR LEGAL RIGHTS

Under the General Data Protection Regulation 2018, your rights are as follows:

Request access:

you have the right to access your personally identifiable data and supplementary information. This will be provided free of charge. However, when a request is manifestly unfounded, excessive or repetitive we reserve the right to charge a fee. We may also charge a reasonable fee to comply with requests for further copies of the same information. You can request access to your information by emailing us at help@getfi.co

Be informed:

you have the right to be informed about the collection and use of your personally identifiable data

Request correction:

you have the right to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure:

This enables you to ask us to delete or remove personal data, known as 'the right to be forgotten', where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we're required to erase your personal data to comply with local law. It is important to note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your data:

you have the right to object to the processing of your personal data where we're relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we're processing your personal data for direct marketing or profiling purposes.

Request restriction or suppression of processing your data:

This enables you to ask us to suspend the processing of your personal data. This is not an absolute right and only applies in certain circumstances. Please note that even when processing is restricted, we are allowed to store your data.

Request the transfer of port of your personal data:

We'll provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Challenge automated decision making:

if we have performed automated decision making and you wish to have a human intervene or wish to challenge the automated decision.

Withdraw consent:

If you withdraw your consent, we may not be able to provide certain products or services to you. We'll advise you if this is the case at the time you withdraw your consent.

CREDIT DECISIONS AND FRAUD PREVENTION

When applying for a product via Get Fi, we will share your data with lenders in order to process your application. Your lender may use credit reference and fraud prevention agencies to help them make decisions. This will involve checking records at credit reference agencies (CRAs) and at fraud prevention agencies (FPAs).

When CRAs receive a search request from the lender they place a search footprint on your credit file that might be seen by other lenders. Having multiple search footprints on your credit file may affect your ability to borrow in the future. The lender will make checks such as assessing your application for credit and verifying the applicants' identities to prevent and detect crime and money laundering.

As noted above, if you are making a joint application the lender will link your records together, so you gain your partner's express consent to disclose their personal data and information. CRAs also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.

Information on applications will be sent to CRAs and will be recorded by them. Where you borrow from the lender, the lender will give details of your accounts and how you manage it/them to CRAs. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs and CRAs to perform similar checks and to trace your whereabouts and recover debts that you owe.

If you give false or inaccurate information and the lender suspects or identifies fraud, the lender will record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention.

If you have borrowed from the lender and do not make payments that you owe them, the lender will trace your whereabouts and recover debts.

The lender and other organisations may access and use the information recorded by fraud prevention agencies based in other countries.

DATA SECURITY

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

All data held on the platform is stored in the Microsoft Azure cloud. The underlying Azure cloud is certified by many international and governmental bodies, including PCI-DSS (payment card processing) and UK G-Cloud compliance.

Access to managing the services within the Azure infrastructure is protected by three levels of authentication: all users must use two-factor authentication and strong passwords, and all individual services have an access password. All users have individual access accounts, which are centrally controlled and permissioned. Access to management functions and code deployments are performed over HTTPS (through a browser) or SSH (through PowerShell).

Access to the data held within the services is further protected by a firewall which only permits white-listed IP address to connect. Databases, file storage and all backups are encrypted by default, and databases are encrypted at rest (transparent data encryption).

Databases are backed up continuously and held both on the infrastructure (hot backup) and offline (cold backup) on encrypted hard drives. Full data snapshots are taken and tested before any infrastructure or code deployment, so that changes can be rolled back immediately. The deployment process is fully automated, using the same authentication as access to underlying services.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

COMPLAINTS

If you have a complaint about the way your data has been handled, please contact Get Fi at:

Email address: help@getfi.co

Please include your name and address, a contact telephone number, the email address you signed up with and details of why your complaint. We will investigate your complaint promptly and will respond to you as soon as we can detailing our findings of your complaint.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK independent supervisory authority for data protection issues (www.ico.org.uk) at:

Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

0303 123 1113

Our Information Commissioner's Office (ICO) registration number is ZA474574

OK

We use cookies to optimise our site, and so that we and third parties can show you more relevant ads and optimise your experience on site. To accept cookies, continue browsing as normal. You can go to the cookie policy and privacy policy for more information.