About Berkley Vittoria IFS Ltd and how you can contact us This document includes important information about how we use your personal data. If you want to talk to us more about it, you can get in touch using the details below.
Our registered address is The Stirrups, Claypit Lane, Lichfield, Staffordshire. WS14 0AQ. You can find out more about us on our website at berkleyvittoria.com.
To help ensure we meet all our obligations we have appointed a Data Protection Officer (Simon Stephens). If you have any questions or concerns about how your personal information is being used you can contact the DPO
by email to email@example.com
or by writing to
The Data Protection Officer Berkley Vittoria IFS Ltd The Stirrups Claypit Lane Lichfield. Staffordshire. WS14 0AQ
You can also obtain information and advice from the Information Commissioner who is the independent regulator appointed by Parliament to oversee compliance with data protection and information rights: http//www.ico.org.uk
Berkley Vittoria IFS Ltd is registered with the Financial Conduct Authority (registration number 150186). What information we collect and how we use it We want to give all our customers the best standard of service we can and are serious about protecting your personal information. Please read on to find out what information we’ll need from you, how we use your personal information to make our products and services as effective as possible and how we look after it, including our Cookies policy.
Information we collect directly
Our core business is acting as a mortgage broker. This involves searching against the lenders we deal with to find the mortgage that best suits your circumstances. We do this when you call us by asking you about your identity and contact details; your product preferences; your property and tenancy history and types and number of occupants and their relationship to you; your lifestyle; nationality and residence status; employment, income and expenditure and other financial circumstances. How you answer these questions will determine what other questions we ask you because different lenders serve different parts of the market and have different eligibility criteria. We will always explain the process to you and answer any questions you may have about why certain types of information may be needed.
When you apply for a mortgage through us we will collect your direct debit details to pass on to your lender. If the products you select involve a cost, such as a valuation fee, we will ask for your payment information.
Mortgage lenders are data controllers in their own right and have their own privacy notices. However, because lenders may automatically profile your information against their lending criteria and against Credit Reference Agencies as soon as your information is forwarded to them and this may affect your credit score, we will always bring this to your attention as part of the process so that you are forewarned. We will also make you aware in advance when lenders are likely to debit any funds from your accounts.
We routinely offer our mortgage customers life insurance and building and contents insurance. Where customers express an interest in life insurance we will also collect information about health as this is necessary so that the insurers we deal with can determine cover and premiums.
Apart from the information customers provide to us directly we may also record information about potential vulnerabilities where we think this is appropriate to meet the obligations placed on us by the Financial Conduct Authority (FCA) with regard to vulnerable customers. You can find out more about our obligations to potentially vulnerable customers here:
Updating Your Details
If you are a pre-existing customer we may use the information we have on you to pre-fill forms when you apply for a new product, but we will always check that these details are accurate and up to date.
However, if you’ve opened an account or policy with another organisation that we introduced you to, you will need to contact them separately to update your information.
We may record calls in and out against customer cases so that we can be sure that we have captured the information you have given us accurately. This helps us to prevent fraud and resolve any disputes.
Marketing and Market Research
We may use your information to contact you about other products that match your profile and may be of interest to you. Where we seek consent to do this we make sure we are clear about what methods we can use to contact you. We make sure that you are able to opt out of marketing communications at any time in a way that is convenient to you, including the method you used to contact us. Where we use online advertising platforms the data you supply to us will be matched by them to any profile they have of you.
Money Laundering and preventing and detecting unlawful acts
We are required by law to submit a Suspicious Activity Report to the National Crime Agency whenever we detect a risk of money laundering or fraudulent activity. The law also permits us to report suspected crime to the appropriate authorities.
We are also required to disclose personal data where required to do so by law or by the order of a court.
We have discretion to disclose personal data where this is necessary for protecting the public against dishonesty.
Cookies on our website, and tracking emails, re-marketing and analytics
When you register on our website we collect data on how you use our website so that we better understand your interests and can match products to your needs.
We use personal data for analytical purposes to understand trends and how the business works but the reports we produce do not identify individuals.
The Cookies Section of the Privacy Notice explains what cookies we use and how you can turn off and control any advertising cookies (subject to your browser functionality).
We use email tracking technology to capture information such as (but not limited to) the time and date our emails are opened, the type of device used and any links within the email clicked on. We may share this information with other organisations (for example, mortgage lenders) for the same purposes, but stipulate that they may not use your details for direct marketing unless they have your consent or an existing relationship with you and you have not previously opted out.
As a business we monitor what the public are saying about us on social media such as Facebook and Twitter, so that we can build these comments into improving our products and the ways we interact with customers.
Training and Testing
We do not use customer data for generalised training or system testing separate from case management, and always use dummy data sets for these purposes.
Information that we collect indirectly
When any of our customers apply for a product, the law requires us to check their identity. This makes it harder for criminals to use financial systems, or to use false names and addresses to steal the identities of innocent people. Checking everyone’s identity is an important way of fighting money laundering and other criminal activities.
To confirm that you are who you say you are, we’ll verify your name and address by requesting original identification (passports or driving licences) and proof of address (recent utility bill, bank statement or latest council tax bill). This does not affect you credit history or status.
If you are a joint mortgage applicant we will record any information you give us about any other persons who are joined to the application.
We use the information we have about you to provide all the aspects of our service you would expect such as contacting you to prompt you with reminders about renewals and to help resolve any complaints or investigations.
We may also disclose information where permitted by law in connection with the resolution and pursuit of legal rights and disputes or complaints.
Automated Decision Making
We do not make fully automated decisions. Our service is to provide the information to lenders and insurers, so they can make a decision about the product you have selected.
If you give us a good review we may publicise your review.
What are the legal grounds for handling personal information? We understand that personal information is just that – personal. So when we process your personal data, we make sure we satisfy the conditions prescribed by data protection laws to do so. This section covers what those conditions are.
The law says we must have a legal basis for processing personal data. There are six standard data processing grounds or conditions for processing personal data. Where we process what is called ‘special category data’ (information about health, genetic or biometric data etc) we must additionally have a special category condition or ground for processing your personal data.
We rely on the following conditions for the activities indicated.
In most cases, you’ll provide the information covered in the sections above because you want to use our services. Ordinarily for a business this would mean that the condition for processing is contractual However, this condition only applies where a legal contract exists between the parties concerned. Because we act as an intermediary this condition is not available. We therefore rely on what is called the ‘legitimate interests’ ground for processing. The law provides we can use your information under this condition where our interest in using it is not outweighed by your privacy rights or interests. This means that we can use your personal data only in ways you would reasonably expect and which have a minimal impact on your privacy, or where there is a compelling justification for the processing.
We rely on this condition for the uses we identify in the sections above, except where we indicate below that another condition is more relevant.
In the case of mortgage and insurance applicants the legitimate interest condition applies because you have requested the service in question and can withdraw at any time. We also rely on this condition to process any details joint mortgage applicants give us about the other applicants.
In order to use your personal data on this basis your consent must be freely given, specific, informed and unambiguous. We rely on this condition for the following purposes:
• Where we need information to provide you with additional services or features
• Market research – Where we invite you to participate in market research (more on this below). Any feedback you provide is used only with your consent.
We need what is called explicit consent where we rely on consent to process what is called sensitive or special category personal data.
• Health data in connection with life policies
Complying with a legal obligation
• Money Laundering reports
Public Interests & Substantial Public Interest Tasks
• Processing health data in connection with vulnerable customers
• Reporting fraud and other suspected crimes to the appropriate authorities.
• Suspicion of terrorist financing or money laundering
• Protecting the public against dishonesty
• Insurance and data concerning the health of relatives of an insured person
• Processing personal data in connection with contracts that we hold with contractors, suppliers and staff.
Who we share your personal information with To provide our services to you, we’ll sometimes need to share your personal information with relevant organisations – such as lenders, insurers and fraud prevention agencies.
To fulfil our contractual obligations, we’ll also share your personal data with the following third parties:
• Mortgage lenders
• Life insurers
• Source Insurance for building and contents insurance
• Estate agents
• Lead suppliers (if you were introduced to us by a third party)
• Our personally recommended conveyancers where you wish to proceed with a quote.
• Experian/Equifax Credit Referencing Agencies
If you no longer wish us to share your data with any of these organisations, you may withdraw your consent at any time.
The above sets of organisations are each data controllers in their own right and will have their own Privacy Notices that will tell you about how your personal data will be used by them.
We’ll also share your personal data with the following data processors where necessary to fulfil our services and regulatory obligations:
• IRESS to provide life insurance quotations
• Mortgage Brain and TriGold to provide mortgage illustrations
• Wix.com to provide our web services
Sharing information with these organisations allows us to better understand your needs.
We may disclose information to either the Financial Service Ombudsman or the Financial Conduct Authority where they request this to resolve complaints, or our auditors in connection with their duties. Where in the world do we send information? As a UK based company, all the personal information we process is protected by European data protection standards. And, if we ever have to send data overseas, we take care that it’s covered by the same high standards.
As a UK based company, all the personal information we process is protected by European data protection standards.
The only personal data that is transferred outside the EEA is that processed through Wix.com which is located in the United States. Wix.com participates and has certified its compliance with the EU-US Privacy Shield. Your Information Rights It’s really important that you understand your legal rights in relation to your personal information – as well as how you can contact us if you have any questions or concerns. This section covers just that.
The following is a list of the rights you have under Data Protection legislation. Not all these rights apply in all circumstances but we will be happy to explain this to you at the time you ask. Independent advice about your rights can be obtained from the Information Commissioner.
All these rights can usually be exercised free of charge and generally speaking we must respond within one month. If we need longer to respond we will explain why this is necessary within the one month period and tell you more about any rules that affect how you can exercise your rights.
You have the right to be informed in a concise, transparent, intelligible and easily accessible way about how we use your personal information. We will explain why we need information (in particular any uses that are not obvious) at the time we collect information from you and make sure that all our data collection forms and letters point you to this Privacy Notice.
You can make what is called a subject access request for a copy of the information we hold about you.
We must also tell you why we have the information, what types of information we collect; who we share it with and whether, in particular, any of those recipients are outside the European Economic Area; how long we will keep your information for; where the information came from, if we didn’t collect it from you directly; the details of any automatic decision taking and about your rights of complaint to the Information Commissioner.
You have the right in some circumstances to have the data you have provided to us sent to you or provided to another person or business in an electronic machine readable format. Where this applies we will download the information and send it as a PDF file.
You have the right to have inaccurate information corrected and incomplete information completed. If the information we need to deliver our services to you changes please tell us about this as soon as possible.
You will normally have the right to object to how we intend to use your information based on your individual circumstances.
You have an absolute right to object to us using your personal information for the purpose of direct marketing at any time.
If you have objected or complained about how we have used your information or its accuracy you may not want it to be deleted until your complaint has been resolved. In certain circumstances you can ask for your data to be restricted or not used until these issues are resolved.
You have a right to have some or all of the information we hold about you erased in some circumstances. This is known as the right to be forgotten.
This right only applies where a decision which has a legal or similar effect is DECISION MAKING taken about a person by automated means without any human intervention.
Where such decisions are made, individuals have a right to ask for the decision to be reviewed and the data controller must make sure appropriate safeguards are in place. However, Berkley Vittoria IFS Ltd does not make automated decisions about any of its clients.
If we are processing your personal information on the basis of your consent you have the right to withdraw that consent at any time.
You have a right of complaint to the Information Commissioner (the Supervisory Authority) if you consider any aspect of Berkley Vittoria’s use of your personal information infringes the law. Section 1 provides the contact details.
However, Berkley Vittoria IFS Ltd will want to put matters right wherever we can and we would hope that you will contact us in the first instance. You can exercise your data protection rights or complain about how we are processing your personal information by contacting the Data Protection Officer as set out in Section 1.
If your complaint is about the administration, or terms and conditions of a product sold by us but provided by a lender/insurer, you may need to contact them about it. If needed, we’ll forward details of your complaint to the insurer concerned, as well as giving you their contact details.
To help make sure you always speak to the right person about your complaint, if it looks like another company will be better able to handle your case, we’ll let you know how to contact them. We’ll also send details of your complaint to them, to get them up to speed.
How we keep your personal information secure We’re committed to keeping your personal information safe and sound. In this section, you’ll read about the security measures we take to protect our customers’ data.
At Berkley Vittoria IFS Ltd, we understand how important it is to keep your personal information secure. We use a variety of technologies and procedures to protect your personal information from accidental or unlawful breaches of security. These include physical, organisational, and technological measures.
All information we process is encrypted in transit so that your personal and financial information is secure. For example, where you share information with us online or we forward this to other organisations online we use HTTPS.
As covered above, we have to share your information with third parties to carry out some of our services, including lenders and insurers amongst others. We require every third party that we share information with to apply appropriate security safeguards and comply with all the required laws and standards for protecting personal information. How long do we keep your personal information for? We only keep your personal information for as long as we need to. This section explains how long the different types of records will be kept.
To ensure that we are able to meet our legal, regulatory and customer obligations, Berkley Vittoria IFS Ltd will retain client information for the following time periods:
• If you become a client of a lender/insurer as a result of the advice we provide to you, we will keep a full record of your interactions with us for your lifetime plus a reasonable period to enable us to meet our regulatory obligations to evidence we gave suitable advice and to enable us to answer any complaints that may arise as a result of our advice. In practice this means that we will keep your records for no longer than 100 years after you last transact with us
• If, as a result of our advice, you make an application to a lender/insurer but do not ultimately become a client of that institution, we will keep a full record of your interactions with us for 6-years to meet our obligations under UK Money Laundering regulations.
• If we provide you with advice on a financial product, but you do not engage our services to make an application to a lender/insurer, we will keep a full record of your interactions with us for 3-years, to enable us to meet our regulatory record keeping obligations regarding evidencing suitability of our advice.
• If we collect personal information from you, but are unable to provide you with suitable advice, then we will keep a full record of your interactions with us for 1-year to facilitate an easier interaction between us if you re-engage our services within this period.
• If you request we contact you in relation to our service by providing us with your name and a contact method (e.g. phone, email) through an enquiry form we will use our best endeavours to contact you as soon as possible. If we are unable to make contact with you, we will retain this information for a period of 4 years from the time we de-activate your lead in our database, to ensure we can fulfil our contractual obligations.
Below is a table of information which lists all cookies used on our website.
Google Analytics _utma A Google Analytics cookie, which keeps track of the number of times, a visitor has been to the site, when their first visit was, and when their last visit occurred. Google Analytics _utmb A Google Analytics cookie, which creates a timestamp of the exact moment when a visitor enters a site. Google Analytics _utmc A Google Analytics cookie, which creates a timestamp of the exact moment when a visitor leaves the site. Google Analytics _utmv Used for reporting in Google Analytics classifying the visitor. Google Analytics _utmz A Google Analytics cookie which tracks where the visitor came from, what search engine was used, what link was clicked on, what keywords used, and where in the world the site was accessed from.