Echo Finance Limited and its Appointed Representatives (“EF”, “we”, “us”, or “our”) is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Personal data is any information relating to an identified or identifiable living person. EF processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this statement.
WHAT INFORMATION DO WE GATHER?
To be able to provide you with the best service possible, we will need to gather certain personal information from you when you contact or interact with us. We will also use this information for security, identification and verification purposes.
We will only ever collect information that helps us provide our services to you. We will keep your information for as long as is needed and only for the following purposes:
When you make an enquiry with us about any of the services we offer, we’ll ask you to provide some contact information. This may include some or all of the following:
If you give personal information about someone else (such as a joint applicant), you must have their permission to do so.
Once we have gathered information from you and you subsequently make contact with us, we will use specific pieces of your information to help us identify you and verify that we are dealing with the right person.
Where we offer other products such as insurance, we will need to collect and process information that is “sensitive”. This type of information includes details about your health and any criminal convictions you have. Before we gather this type of information we will explain to you why it is required and will always store this information securely.
Throughout your relationship with us, we will hold your personal information securely in our systems. This will include any information provided by you or others (for example, if you’re making a joint application) in various ways, including (but not limited to):
If there is a change to any of your personal information and you notify us, we will update your records in our systems. Where we have introduced you to another organisation, we are unable to update your details with them and you will need to contact them personally to notify them of these changes.
If someone gives information about you – or you give us details about someone else – we may add it to the personal information we already hold about you or them. This will only be used in the ways we describe in this privacy notice.
When arranging a mortgage or insurance for you, we will need to ask you for your direct debit details to pass onto the lender or insurance provider so it can collect payments. Where we charge a fee for arranging a mortgage, or the mortgage we are arranging carries a cost – for example, a valuation fee – we will need to ask you for payment information such as your debit card or credit card details.
Sometimes we may pass your information on to third parties who provide services to us. When we do this, it is on the understanding that they care for your information as carefully as we do, keep it confidential and use it only for the agreed purposes above.
Using our website
If you use our website, we will collect information about the devices you’re using – or ask third parties to do this for us. As this involves using technologies such as cookies, please read our Cookies policy.
EF is the sole owner of the information collected via our website (www.echofinance.co.uk) and also any information you provide in relation to an enquiry when you speak to or communicate with one of our advisors or staff. We may use your data together with that of other users and this may be aggregated to build statistical and analytical tables. At no time will your data be individually identifiable in such tables.
When you visit our website, we collect certain data automatically. This may include (but isn’t limited to) the following:
Please remember, that whilst we have security measures in place to protect your personal information, the internet is not 100% secure. We cannot therefore guarantee the security of any information you send us online. We are also not responsible for any loss or damage you or others may suffer as a result of losing the confidentiality of your information.
Recording phone calls
To help us train our staff to provide a quality service, check that we have done what you asked us to do correctly and resolve any queries or issues, we record and monitor our phone calls with you. We also monitor phone calls for regulatory purposes and to help detect and prevent fraud and other crimes.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use your personal information in various ways.
We will use it to confirm that you are who you say you are when you contact us. We will use it to verify your name and address by checking your details against our databases and to check against information held by credit reference agencies and the electoral roll. We will also use the personal information we gather from you to formulate our advice and recommendations for the services we offer and to submit applications to lenders and product providers.
Before we submit any transaction to a lender or product provider, the law requires us to have verified your identity. This makes it harder for criminals to use financial systems, or to use false names and addresses to steal the identities of innocent people. Checking everyone’s identity is an important way of fighting money laundering and other criminal activities. We will therefore also ask you to provide us with documents that confirm your identity.
The law requires us to comply with a number of regulations. Where necessary, we use your personal data to allow us to fulfil our legal and regulatory requirements.
We will only share personal information with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards. We use third parties to help us run our business. To fulfil our contractual obligations, we may share your personal data with these third parties:
Your personal data may be transferred to these authorised parties:
Third party organisations that provide IT services and applications, administrative functions and support.
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.
Third party organisations that otherwise assist us in providing goods, services or information.
We use third parties acting on our behalf such as contractors, suppliers and/or agents (including, without limitation, customer care teams and processing centres) for the purposes of administration, income, credit and risk assessment, statistical research, marketing, product suitability and product sourcing in respect of products or services you have requested.
Auditors and other professional advisors.
We engage auditors and professional advisors to perform specific work that helps us meet our legal, regulatory and statutory responsibilities. Any auditors or professional advisors that we use will have contractual arrangements and security mechanisms in place to protect data and to comply with our data protection, confidentiality and security standards
Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation.
We perform anti-fraud, credit and security checks using your details and receive information about you from other sources (such as credit reference agencies) which will be added to the personal information which we already hold about you.
We may use your information for fraud investigation, detection and prevention measures and in order /’to provide suitable security for your account and your information that we hold (such as to enable us to prevent others logging in to your account without your permission from unknown devices). We may also use your information for the investigation, detection and prevention of crime (other than fraud).
If we have your consent, we will use your information to identify other products and services we offer that we believe you might want to know about. Sometimes we may contact you to take part in market research. If you take part, we’ll use any feedback you give us to improve the way we communicate with you and the service we offer. From time to time we may run prize draws, competitions, promotions and surveys. If you take part in these promotional activities, we’ll use the personal data you provide for these activities.
By knowing more about who our customers are we are able to improve the services we offer. We will use your data for reporting and analytical purposes. We will also collect data on how you use our website, so we can better understand your interests and improve its performance and our overall service.
Sometimes we may use performance tracking technology within our emails to capture information including (but not limited to) the time and date you open our emails and the type of device you used to open them. This allows us to know whether our emails are opened, and what links our customers click on within them. We use this information to improve the emails we send to you and the services we provide.
We may share any of the information we gather with other organisations (for example, mortgage lenders) to help them improve their own interactions with you. We won’t pass your data to any third parties for marketing purposes unless you have an existing relationship with them and you have given your consent for them to contact you in this way.
See our Cookies policy for more information about how we collect data about your online activity.
We use social media and are keen to understand our customers and what people are saying about us. We may use the information we gather to research public comments made on social networking sites such as Twitter and Facebook.
Resolving complaints and disputes
If we are informed that you may be dissatisfied with the service or advice we have provided you, we will use the information we have about you to help us resolve things for you.
If you do not wish to receive information from us as explained above, you can update your preferences by contacting us as below:
The 1812 Building
Call: 08000 934914
To ensure you have the best possible experience when you contact us, we’ll use your information to ensure our team has the knowledge and expertise to meet your needs.
If we ever have to use your personal information for any purposes that we haven’t described in this policy, you’ll hear from us. We’ll let you know exactly what we’ll use it for before we go any further and, where appropriate, obtain your consent.
Please note this policy does not cover companies, services or applications that we do not own or control, or people that we do not employ or manage, including (without limitation) third party websites or applications (e.g. from “social media” platforms such as Facebook or Twitter) which we may link to or offer via our services. Also, it does not cover certain pages and services provided which are hosted, managed and operated by other parties. These services, applications and third parties may have their own privacy policies and/or terms and conditions of use, which we recommend you read before using any such services. These third parties and services are wholly independent of us and are solely responsible for all aspects of their relationship with you and any use you may make of such services.
WHAT IS THE LEGAL BASIS FOR HANDLING PERSONAL INFORMATION?
Data protection laws require that, to process your personal data, we must meet at least one prescribed basis for it. We rely on the following basis for the activities we carry out.
We rely upon this basis because you will provide us with your personal data as you want to use our services. This means that our use of your information is governed by contract terms. It is your choice to give us this information, however if you choose not to provide it, we may not be able to offer some or all of the services you require.
Under this basis we process your data in the following scenarios:
Where we collect other information from you – or when third parties do so for us – we always ask for your consent first. For example, before you use our website you’ll be asked to consent to us using cookies to collect data about the device you’re using. If you don’t want to give consent, or you remove your consent at a later point, we may not be able to provide some or all of the services you require.
We also seek your consent in the following scenarios:
In the United Kingdom, organisations can use personal information where the benefits of doing so are not outweighed by the interests or fundamental rights or freedoms of individuals. The law calls this the “Legitimate Interests” basis for processing.
We rely on this basis for processing personal data for the following benefits:
WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
Because of the nature of our role as a mortgage broker, we share the personal information you give us with people who need to handle it so that we can provide our services to you.
Here are the organisations that we may share your personal information with:
To fulfil our contractual obligations, we’ll also share your personal data with the following third parties:
To help you benefit from the services of our specialist partners we may also share your personal data with the following organisations, but only with your consent:
If you no longer wish us to share your data with any of these organisations, you may withdraw your consent at any time.
We’ll also share your personal data with the following data processors where necessary to fulfil our services and regulatory obligations:
If you were introduced to us by a 3rd party, we may update them about how your enquiry with us is progressing.
WHERE DO WE SEND YOUR PERSONAL INFORMATION?
EF is based exclusively in the UK. Our main databases are in the UK and Northern Europe. This means any personal information we access from or transfer to these locations is protected by European data protection standards.
Under Data Protection regulations individuals have a number of rights. These are as follows:
Right to be informed
Individuals have the right to be informed about the collection and use of their personal data.
Right of access
Individuals have the right to access their personal data and supplementary information. Individuals have the right to obtain:
We will not charge for initial requests to provide information but may charge a fee if requests for further copies of the same information are made. We will provide the requested information to you within a month of receiving your request, unless the request is complex or numerous in which case we may extend this period by up to a further two months.
Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to provide the information requested or refuse to respond. In these instances, we will inform you and explain our reason.
Before we proceed with any request, we will take steps to verify the identity of the person making the request.
Right to rectification
Individuals have the right to request that inaccurate personal data is rectified or completed if it is incomplete. If you make such a request, we will take steps to verify whether the data is accurate. Where we accept that the information is inaccurate, we will take steps to rectify it. If we believe that the information is accurate and does not require rectification we will notify you and explain our reason.
Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to rectify the information or refuse to deal with the request. In these instances, we will inform you and explain our reason.
Right to erasure (known as the “Right to be forgotten”)
Individuals have the right to have their personal data erased if:
The right to erasure does not apply where processing is necessary for one of the following reasons:
As an example, we are regulated by the FCA and are required to retain records that demonstrate the advice we provide to our customers. These records contain personal information and data that enables us to formulate our advice. We will not remove or delete any personal information or data until such time as our regulatory obligation has been fulfilled in respect of each transaction or piece of advice.
Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to remove the information or refuse to deal with the request. In these instances, we will inform you and explain our reason.
Right to restrict processing
Individuals have the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data in the following circumstances:
If you choose to exercise this right, we may not be able to proceed with a transaction or provide you with our advice. This may mean that we are unable to submit or progress an application with a lender or product provider. In these instances, we will notify you of the impact your request.
Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to restrict the information or refuse to deal with the request. In these instances, we will inform you and explain our reason.
Right to data portability
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. The right to data portability only applies:
When responding to such a request, we would provide the personal data in a structured, commonly used and machine readable form, typically a .CSV file. We will provide this to you within one month of receiving your request. If your request is complex or requires more time, we may extend this period by up to a further two months. We will contact you and inform you why it will take longer.
Right to object
Individuals have the right to object to:
If you exercise your right to object, we will stop processing your personal data unless:
You can exercise your right to object at the first point of contact with us or at any other time by contacting us a detailed below. If exercising your right to object affects or prevent us from being able to provide you with one or any of the services we offer we will inform you.
Automated decision making including profiling
Sometimes it is necessary for us to approach a lender to obtain an initial decision for a mortgage (often referred to as a Decision in Principle – DIP). To obtain a DIP we may process your personal information through a lender’s automated decision making system which will provide an initial lending decision based on logic/algorithms programmed in to it. We will always gain your consent before completing a DIP. Whilst we don’t set or determine the logic/algorithms used in the automated decision system, we can put you in touch with the respective lender should you require it.
To exercise any of your rights detailed above you can contact us as detailed below:
Data Protection Officer
The 1812 Building
Call: 08000 934914
We take the privacy of your personal information very seriously. If you ever feel you need to complain about how we’ve handled your personal information and data, you can contact us as follows:
The 1812 Building
Call: 08000 934914
If your complaint is about the administration, or terms and conditions of a product sold by us but provided by a lender/insurer, you may need to contact them about it. If needed, we’ll forward details of your complaint to the insurer concerned, as well as giving you their contact details.
To help make sure you always speak to the right person about your complaint, if it looks like another company will be better able to handle your case, we will let you know how to contact them.
If you are still unhappy with any aspect of how we handle your personal information, you also have the right to contact the Information Commissioner’s Office (ICO). The ICO is the UK's independent body set up to uphold information rights. You can contact it as follows:
Via its website: https://ico.org.uk
Information Commissioner's Office
Call: 0303 123 1113
HOW DO WE KEEP YOUR PERSONAL INFORMATION SECURE?
At EF, we understand how important it is to keep your personal information secure. We use a variety of technologies and procedures to protect your private data from being accessed, used or disclosed in any way it shouldn’t be. The security arrangements we’ve put in place include physical, organisational, and technological measures and controls. Together, they help to protect the personal information we hold from risks including:
We regularly review our policies and procedures to make sure they remain relevant.
As explained in “How do we use your personal information”, we use third parties to help us run our business. To fulfil our contractual obligations, we may share your personal data with these third parties. We require every third party that we share information with to maintain adequate security safeguards and comply with all the required laws and standards for protecting personal information.
HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION FOR?
We’ll keep your personal information securely stored for as long as we need it to provide you with the services you want from us. We also keep it to comply with our legal and regulatory obligations, as also to help us to resolve any issues or disputes that may arise.
Depending on what information we hold and what products or services you are signed up to, we may need to retain certain details for longer than others. In every case, we regularly reassess whether we need to hold your personal information and securely dispose of any information that we no longer need.
Cookies are very small text files that a website saves to your computer's hard disk. The purpose of a cookie is to store any information that you give about yourself, or to save your preferences.
At a basic level, cookies will:
The cookies we use let our website store certain types of information, and not others.
Our website will:
Our website will not
- make sure your logged in session is secure
- store your password, to keep your account secure
- remember information you've entered to save you entering it again
- store your results when using our tools and calculators
- allow you to share pages with social networks
- remember your search settings
- tailor content to your needs
- allow you to comment on our blog
The types of cookies we use
There are lots of different cookies with different purposes. The ones we use fall into the following categories:
By using our website, you're consenting to us using cookies in the ways described above. But if you change your mind, you can alter your cookie settings at any time through your browser settings.
Changing your cookie settings
We recommend that you don't change your cookie settings, as blocking some or all of them may affect how well our website performs for you. But if you do decide to change them, you can do this through your browser. Each browser works in a different way, so a good place to start is by searching ‘cookie settings’ in your browser’s help section.
To find out how to delete cookies, please refer to the ‘how to delete cookies’ section below.
Necessary cookies are only placed on your hard disk by our websites, and not by any third parties.
Our necessary cookies will:
Our necessary cookies won't:
Session & Typo3 Content Management Cookie
We use session cookies to record an individual users preferences that the user has specified, so that each time the user returns their preferences remain. Commonly this would be language settings, shopping carts, anything where you have indicated a preference. Where forms are used on the site, we hold the information in a session cookie so that we can improve the user experience on the site. Should a user, for example, forget to fill in parts of a form when submitting a form, we can auto-fill the values for those fields that have been filled in, thereby reducing the amount of fields a user needs to amend. This information is stored only in your browser and is destroyed once your browser is closed.
AdInsight (ADI) is a phone call analytics tool, used by companies to understand the customer interaction between the website and calling the company. Three cookies are used by AdInsight to help demonstrate this journey so the business can improve their customer experience. The adiV cookie contains an identifier which is used by AdInsight to track a visitor over time. This allows AdInsight to show multiple visits made by a customer over time from the same browser. This cookie is set to expire 1 year after the visitor leaves the website.
To make you aware, it’s a condition of using our websites to accept these cookies. If you block them, we can’t guarantee or predict how our website will perform.
Examples of the information collected include:
Our performance cookies allow us to:
Our performance cookies won't:
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site for you. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
The __cfduid cookie is set by the CloudFlare service to identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personally identifiable information.
Cookies from ResponseTap allow us to collect information about how visitors use our website and how they contacted us. We use the information to compile reports and to help us improve the site for you.
Third party cookies
Content or applications provided by our following key suppliers are covered by their own policies:
Please note, Echo Finance is not responsible for the content of external websites.
Some of our targeting cookies are placed on your hard disk by our websites, and others are placed by third parties, including advertisers. For example, we use call tracks to find out where on our site calls were made from.
Our targeting cookies allow us to:
Our targeting cookies won't:
If you prefer, you can choose to just turn off advertising cookies by blocking specific companies. You’ll still see adverts on the internet, but they might not be tailored to your likely interests or preferences.
You can set your advertising preferences here. This link will open in a new window, so you can keep reading this document.
You may notice that sometimes after visiting a site you see increased numbers of adverts from the site you visited. This is because advertisers, including ourselves pay for these adverts. The technology to do this is made possible by cookies and as such we may place a so called “remarketing cookie” during your visit.
We use these adverts to offer special offers etc. to encourage you to come back to our site. Don't worry we are unable to proactively reach out to you as the whole process is entirely anonymised. You can opt out of these cookies at any time.
Social media cookies
These types of cookies mean that you can easily “Like” or share our content on sites such as Facebook and Twitter, also sharing buttons on our website.
HOW TO DELETE COOKIES
To remove or prevent cookies being stored on your computer in the future, please refer to your internet browsers instructions. For more information on how to delete cookies click here.
We regularly test new designs or site features on our site. We do this by showing slightly different versions of our website to different people and anonymously monitoring how our site visitors respond to these different versions. Ultimately this helps us to offer you a better website.
CHANGES TO THIS PRIVACY STATEMENT
We recognise that transparency is an ongoing responsibility and will therefore keep this privacy statement under regular review. This privacy statement was last updated on 24th May 2018.