Privacy policy

Introduction

At Sterling Wealth & Mortgages  (“we,” “our,” or “us”), your privacy is of utmost importance to us. We are committed to protecting and respecting your personal data and ensuring that all data processing activities comply with the General Data Protection Regulation (GDPR) and the rules of the Financial Conduct Authority (FCA). This privacy policy outlines how we collect, use, store, and protect your personal data, as well as your rights in relation to that data.

By engaging with our services, you acknowledge and agree to the terms outlined in this privacy policy.

1. Data we collect

We collect personal data necessary for providing mortgage advisory services and processing mortgage applications. This data may include, but is not limited to:

  • Full name, residential address, date of birth, and contact information (phone number and email address)
  • Financial details such as income, savings, outgoings, liabilities, credit history, and credit score
  • Employment details (e.g., employer name, job title, salary, employment history)
  • Government-issued identification (e.g., passport, driving licence, or national insurance number)
  • Property-related details, such as valuation and ownership information
  • Marital status, dependents, and other family details if relevant to the application process
  • Banking details, including account numbers and transactional history
  • Other data required to comply with legal obligations, such as anti-money laundering regulations and Know Your Client (KYC) requirements

We collect personal data directly from you, and only the data necessary for the service we provide. We do not collect information from third parties unless it is essential for processing your mortgage application.

2. Purpose of data collection

We process your personal data for the following purposes:

  • Mortgage application processing: To assess your mortgage eligibility, identify suitable products, and liaise with lenders.
  • Legal and regulatory compliance: To comply with obligations imposed by the FCA, GDPR, anti-money laundering regulations, and fraud prevention requirements.
  • Creditworthiness assessments: To evaluate your financial standing and ensure appropriate advice is provided.
  • Fraud prevention and identity verification: To confirm your identity and safeguard your data against fraudulent activity. We may share your data with fraud prevention agencies as required.
  • Client communication and support: To maintain ongoing contact with you throughout the mortgage process and provide updates on your application.
  • Internal record-keeping: To comply with regulatory reporting requirements and for auditing purposes.
  • Dispute resolution: To address any complaints or regulatory investigations related to your data or services.

We will not use your personal data for purposes other than those stated above unless you provide explicit consent.

3. Data storage and retention

We take security seriously and store your personal data in secure environments. Our firm uses Microsoft OneDrive and SharePoint for data storage, ensuring that your data is encrypted and stored in compliance with data protection standards.

We retain personal data for a minimum of 6 years, as required by FCA regulations. This retention period ensures that we can meet our legal obligations, handle disputes, and provide accurate financial reporting. Once this retention period has expired, we will securely delete or anonymise your data unless a longer retention period is required by law.

4. Data sharing

We share your personal data only when necessary for the provision of our services. This includes sharing with:

  • Lenders and financial institutions: For the purpose of processing mortgage applications.
  • Fraud prevention and credit reference agencies: To comply with legal requirements related to fraud and creditworthiness checks.
  • Regulatory authorities: Including the FCA, for compliance with legal obligations.
  • Our parent firm (PWM): As we are an Appointed Representative of PWM, your data may be shared for regulatory oversight and auditing purposes.
  • Third-party service providers: For example, CWCS Managed Hosting, which provides hosting services for our website.
  • Legal authorities: If we are required by law to disclose your data in response to legal processes, such as court orders or regulatory investigations.

We do not sell or share your personal data with third parties for marketing purposes.

5. International data transfers

Due to our use of Microsoft OneDrive and SharePoint, some of your personal data may be transferred and stored outside of the UK or the European Economic Area (EEA). These transfers are subject to strict contractual safeguards (such as Standard Contractual Clauses or SCCs) to ensure your data is protected in accordance with GDPR requirements.

We take full responsibility for ensuring that your personal data remains secure during any international transfers.

6. Security measures

We implement comprehensive security measures to protect your personal data, including:

  • Encryption: We use encryption protocols to protect your data both in transit and at rest.
  • Access controls: Access to personal data is restricted to authorised personnel within SWM, and only on a need-to-know basis.
  • Data backups: We conduct regular backups of personal data to prevent data loss.
  • Security audits: We regularly review our security practices to ensure compliance with industry best practices and regulatory requirements.
  • Data breach protocols: In the event of a data breach, we have procedures in place to notify the relevant authorities and affected individuals, as required by law.

7. Client rights

You have a number of rights under GDPR regarding your personal data:

  • Right to access: You can request access to the personal data we hold about you.
  • Right to rectification: If your data is inaccurate or incomplete, you can request that we correct it.
  • Right to erasure: You have the right to request that we delete your personal data, although certain legal or regulatory requirements may limit this right (e.g., FCA obligations).
  • Right to restrict processing: You can request that we limit the processing of your personal data under certain conditions.
  • Right to data portability: You can request that your personal data be transferred to another provider in a structured, commonly used format.

Please note that some of these rights (e.g., the right to erasure) may be restricted by legal requirements to retain data. To exercise any of these rights, please contact us at Compliance@SterlingWealthAndMortgages.co.uk.

8. Cookies and website tracking

Our website does not use cookies or any form of tracking technology. We do not collect any personal data through your website browsing activity unless you choose to provide it through forms or other direct communication.

9. Communications

During onboarding, we collect your contact preferences. We communicate with you via email, phone, or WhatsApp based on the method you prefer. We do not send marketing communications, newsletters, or automated emails, and therefore clients cannot unsubscribe from necessary service communications.

10. Data protection officer

Our Data Protection Officer (DPO) is Craig Wyllie, who oversees compliance with GDPR and other data protection laws. If you have any concerns or questions regarding your personal data, you may contact him at Compliance@SterlingWealthAndMortgages.co.uk.

11. Compliance and legal obligations

We are fully committed to complying with the GDPR and FCA regulations. This includes:

  • Processing your personal data lawfully and transparently.
  • Ensuring your data is secure and retained only for as long as necessary.
  • Providing clear information about how your data is processed and your rights in relation to that data.

Contact us

If you have any questions, concerns, or requests regarding this privacy policy or the way we handle your personal data, please contact us at Compliance@SterlingWealthAndMortgages.co.uk.