Responsible Lending Limited is an authorised mortgage lender and is regulated by the Financial Conduct Authority under reference number FRN763158. Our principal place of business is Princess Street, Plymouth. All customer correspondence should be directed to PO Box 277, Sheffield, S98 1RP as set out in the Contact Us section of this document.
Our business is to provide Lifetime Mortgages to customers like yourself and as part of this process we are required to process your data in a number of different ways and share it with a number of different parties to enable us to enter into this contract with you. As part of this privacy notice, we will explain to you in detail, who we will share your data with, what your rights are in relation to this processing activity and information such as how long we will retain your data for.
We are required to provide you with the information in the privacy notice in order to comply with our legal obligations. Please read it carefully – we take the privacy of your personal data very seriously.
This privacy notice contains information about:
The meaning of words which are shown in bold text are explained in the Glossary. Throughout this notice any reference to “we” or “us” refers to Responsible Lending. Please note that we may change this privacy notice from time to time
The latest version of our privacy notice can be found on our website (www.responsiblelending.co.uk) or can be requested from us using the contact details contained in the part of this privacy notice headed Contact Details. We will notify you if the purposes for which we process your personal data change.
The categories of personal data we process include the following:
We primarily obtain personal data about you from your independent financial advisor, however we may also obtain information from you directly from time to time, as well as information provided to us through our pre-mortgage checks conducted with, for example, credit reference agencies.
The purposes for which we process your personal data are described in the following section of this privacy notice (Why do we process personal data?).
We are the data controller and need to collect information about you so that we can understand your circumstances, requirements and for certain other specified purposes as set out below.
We may obtain a variety of information about you that may include (but is not limited to) information relating to your financial circumstances (for example, your income, outgoings and existing investments), gender, dependents and marital status. We may also ask you about sensitive data such as your physical and mental health. Collecting this information not only enables us to offer you a Responsible Lending Lifetime Mortgage but also to service the loan once it has completed.
We are allowed to process your personal data on certain legal grounds;
Article 6 (1) (b) gives us a lawful basis for processing where:
“processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
This will include the processing required for us to fulfil our legal and regulatory obligations relating to your application, for instance conducting Anti-Money Laundering and Fraud & Identity checks
Where this lawful basis does not apply, for instance where we collect your data for marketing purposes, we will explicitly request your consent to do so, and you may withdraw this consent at any time, see the section headed Your rights to find out how.
We take the security of information, infrastructure and applications very seriously. Our commitment to Information Security is demonstrated through the implementation of policies, controls and procedures, which are externally certified and audited to international information security standards.
We ensure all suppliers who process your data on our behalf are also certified to suitable information security standards including, but not limited to ISO27001:2013.
We have contractual arrangements in place with all of our service providers who process personal data which are compliant with data protection laws. We regularly check that our service providers are complying with their contractual commitments. This includes assessing and reporting on our service providers’ information security controls to check their compliance using questionnaires and/or on-site audits.
We will keep your personal data for a period of seven years from the date of redemption of the mortgage, where we deviate from this, we will advise you accordingly.
We share personal data with a variety of other companies in order to operate our business and make an offer of a Lifetime Mortgage to you. Where required by law or law enforcement authorities, we will share personal data with them to comply with law.
The companies we share personal data with are processors. This means that we determine the purposes for which the personal data we pass to them is processed and they should not process that personal data other than in accordance with our written instructions. We only share the personal data that these companies need to provide their services to us.
We share your data with the companies who fund your Lifetime Mortgage in order that they can manage and monitor the loans they have made to us.
We may share your data with your mortgage broker / independent financial adviser as part of the application process to ensure the Lifetime Mortgage we are offering is the correct one for you.
We share your data with these firms to assess your suitability for a Lifetime Mortgage and aspects of our decision making are based on the responses we receive.
We share your data with our surveyors in order to assess the suitability of your property for the purposes of a Lifetime Mortgage.
We share your data with our conveyancing partners in order that the release of the mortgage funds to yourselves is operated smoothly and the required charges are applied to your property at the appropriate registration services.
The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights, can be found in section titled Fraud Prevention Agencies – Further Information.
Other companies who process personal data on our behalf include those who provide day-to-day operational business services such as correspondence management, document scanning and copying companies, document destruction companies and printers as well as our IT service providers.
If false or inaccurate information is provided and fraud is detected, you could be refused certain services, finance or employment.
We and other organisations may access and use from other countries the information recorded by fraud prevention agencies. Please see below for further information regarding our fraud prevention agencies.
Cifas is the UK’s leading fraud prevention service, managing the largest database of fraud risk in the country – the National Fraud Database (the Cifas ‘database’). We are a not-for-profit membership organisation and serve those companies and organisations who are our members by facilitating the sharing of fraud risk data to reduce their exposure to fraud and financial crime. A full list of our members can be found on our website www.cifas.org.uk. We also offer individuals protection against identity fraud.
The Cifas database allows our members to share details of fraudulent applications for products, goods or services. Members also exchange information about false insurance claims and accounts, policies or facilities which are being misused as a result of fraudulent conduct. Details of the personal information that will be shared include, for example: name, address, date of birth, contact details, financial information, employment details, document details, vehicle details, and device identifiers including IP address. This information can be held for up to six years in the Cifas database. In addition, information is exchanged about those at heightened risk of identity fraud and those who have already been victims in order to protect them from further fraud. Cifas is not a credit reference agency, so our information is not used to assess an individual’s creditworthiness. Cifas and our members have a legitimate interest in preventing fraud, money laundering and verifying an individual’s identity and the information shared is used just for those purposes. Please see our website to find out more about our legal basis for processing your personal data.
Before providing services, goods or finance or when employing a new staff member, Cifas members can undertake checks against the database. If a Cifas record is returned as a result of these checks a member must not simply reject an application or close a facility and they are required to carry out further investigation to confirm that the personal data provided on the application is correct. If fraudulent conduct has been identified in an application, the member may decide to not proceed with the application or may decide to review an existing facility or employment. There may be occasions when a Cifas record is present and the personal details have been confirmed but the application may not be approved for other reasons, such as failure to meet a creditworthiness check. Most Cifas members also use one or more fraud prevention agencies other than Cifas. You can ask the organisation to explain why it has declined your application or closed your facility and the organisation should provide you with an explanation, including details of any credit reference agencies or fraud prevention services it has used to make a decision.
If a Cifas member identifies that you have been a victim of identity fraud, your details will be recorded in the National Fraud Database in order to help protect you from further identity crime. Members of Cifas will then see that you are at risk and take extra steps to protect you, helping to prevent fraudsters from using your details to apply for products and services in your name. This may mean that when you apply for financial products and services the process may take slightly longer than usual, as extra checks will be made on applications made in your name. Members of Cifas may also get in touch with you to make further checks before processing your application. Where the risk of fraud is very low, some members may accept the application and contact you following acceptance to double check that the application is from you. This will minimise delay while continuing to protect you from fraud.
Some Cifas members process applications and manage existing customer accounts outside of the European Economic Area. This may involve the transfer of information from the Cifas database but will only happen where personal data can still be protected to the standard required in the European Economic Area. This protection will be either through imposing contractual obligations or by subscribing to “international frameworks” intended to enable secure data sharing. Please see our website for more information.
Under data protection legislation you are entitled to request a copy of information held about you by Cifas. This is known as a Data Subject Access Request and is free of charge. If you wish to request a copy of any data held about you on the Cifas database, the quickest way is to visit the Cifas website where you can apply online: https://www.cifas.org.uk/contactus/subject-access-request
Alternatively, you can make your request in writing to the following address:
6th Floor, Lynton House
7-12 Tavistock Square
The Cifas Data Protection Officer can also be contacted at this address.
To help us locate information we may hold about you, we will need your full name, date of birth, address history for the last six years as well as contact details such as your home telephone, mobile number and email addresses. We also require two proofs of your identity: a photocopy of a valid passport or driving licence and an original bank statement or utility bill (which lists your name and address and must be dated within the last three months). This must be an original document as photocopies and printed copies will not be accepted. Original documents will be returned to you. If you do not have these proofs, please contact us to discuss alternative options.
If you consider that the information we hold is incorrect you can challenge the record. In the first instance you will need to contact the member who recorded the information to Cifas and outline your reasons why you dispute the information recorded.
Once the Cifas member has considered your concerns and reviewed the case, they will issue a ‘Final Response Letter’, and if necessary, amend or delete any data held.
If, following the review by the Cifas member, you are still unhappy with the record you can ask Cifas to conduct an independent review of your complaint. Please include the ‘Final Response Letter’ with your request. You also have a right to complain to the Information Commissioner’s Office.
You may object to us processing your personal data where we rely on your consent as our legal basis for processing.
If you object to us processing your personal data for this purpose, you can withdraw your consent to this at any time in writing by contacting us at the details held in the Contact Details section of this privacy notice.
You can require us to correct any mistakes (including adding missing information) in any of your personal data which we hold.
You may request that we restrict the processing of your personal data in any of the following circumstances:
If our processing is restricted in any of the circumstances described above, we will inform you in advance if that restriction is to be lifted.
You can ask us to confirm whether we are processing personal data relating to you. If we do, you may ask us to provide the following:
You can ask us to delete your personal data in any of the following circumstances:
You have the right to ask a controller to review manually any automated decisions the controller makes about you.
In specified circumstances, an individual can ask a controller to provide them with an electronic copy of personal data that the controller holds, or to have such a copy transmitted directly to another controller.
Any queries regarding your mortgage should in the first instance be directed to us.
You may want to contact us to:
To contact us you can email us at firstname.lastname@example.org or write to:
PO BOX 277,
If you have a problem or concern relating to the matters set out in this privacy notice that you would like us to look into, please contact us in the first instance using the details set out above.
We hope that we will be able to address the problem or concern to your satisfaction. However, if you remain unsatisfied you will have the right to make a complaint to the Information Commissioner’s Office.
The process for making a complaint to the Information Commissioner’s Office can be found on its website: www.ico.org.uk