1.2. Methods of Collection

In the normal course of our business, we collect information relevant to the provision of mortgage and insurance intermediary advice from the following sources:

Direct Sources

• Yourself

• Next of kin

• Spouse, partner, or family member

Professional Sources

• Business associates

• Employers

Trusted Third-Party Sources

• Government, land, or police registers

• Credit and default agencies

• Financial institutions (including banks, building societies, loan agencies, and credit card companies)

• Insurance companies

• Law firms

• Medical professionals

Consent-Based Disclosure

We may also receive information where you have provided consent for third parties to disclose information about you to us.

Information is typically collected through:

• Standard application forms

• Our website and online services

• Email communications

• Telephone conversations

We may also collect personal information via our affiliates or suppliers.

Information You Provide Directly

You may choose to submit information to us directly through:

• Marketing or other communications

• Social media platforms

• Signing up for a product or service

• Participation in an offer, programme, or promotion

• An actual or potential business or employment relationship with us

You may also agree to third parties sharing information they have collected about you with us.

Automated Data Collection

We, our service providers, and partners may collect certain information automatically using technologies such as cookies and web beacons when you:

• Interact with our advertisements

• Use our mobile applications

• Visit our websites or other digital assets

This information may include:

• IP address

• Browser type

• Operating system

• Referring URLs

• Actions taken or interactions with our digital platforms

We may use third-party web analytics services to analyse how visitors use our websites and mobile applications. These analytics providers use cookies and similar technologies to collect usage data.

Your ability to limit or manage this data collection is explained in the “Your Rights and Choices” section of this Privacy Notice.

---

1.3. Purposes of Collection

We collect, use, and retain your information for the following purposes:

• Carrying out electronic checks, including identity verification using third-party data

• Meeting our regulatory obligations, including assessing the suitability of advice

• Liaising with lenders and providers to deliver products and services

• Providing information about mortgage and insurance products and related services that may be of interest

• Processing payments and transactions, including accounting, authorisation, billing, reconciliation, complaints, enquiries, credit checks, and dispute resolution

• Preventing fraud, money laundering, tax evasion, and other financial crime

• Managing risk exposure and ensuring the integrity, compliance, and security of our business processes

• Operating, monitoring, evaluating, and improving our products, services, websites, mobile applications, and digital platforms

• Developing new products and services

• Managing communications, measuring effectiveness, and optimising advertising

• Ensuring functionality of our websites, mobile applications, and digital assets

• Enforcing legal rights and complying with applicable laws, regulations, and regulatory requests

• Preventing harm

• Preventing financial or reputational loss

• Investigating suspected or actual fraudulent or illegal activities

• Complying with industry standards and Glass Ocean Finance Ltd policies

---

1.4. Lawful Basis of Processing

Glass Ocean Finance Ltd processes your personal information under the following lawful bases:

Performance of a Contract

Where you enter into a contract with us, we process your information as necessary to perform and manage that contract.

Legitimate Interests

We process certain information where it is necessary for our legitimate business interests, including:

• Fraud prevention and risk assessment

• Due diligence and regulatory compliance

• Network and information security

• Managing communication preferences and opt-outs

• Profiling and direct marketing (where permitted)

• Monitoring and web analytics

• Cloud storage and IT infrastructure

• Business acquisitions and transitions

• Updating and maintaining accurate customer records

• Delivering core products and services provided by the data controller

Public Interest

Some personal information is processed where it is necessary in the public interest, including compliance with legal and regulatory obligations.

Consent

Where processing is based on consent, we will seek your clear and unambiguous consent before processing your personal data. You may withdraw your consent at any time.

---

1.5. Information We Share

We do not sell your personal information. We only share personal information as described in this Privacy Notice or where you have provided consent at the time your data is collected.

We may share your information with the following parties:

Financial and Insurance Providers

• Vetted affiliates

• Financial institutions

• Insurance companies

• Mortgage companies

These parties assist in providing services such as mortgages, insurance cover, and related financial products.

Research and Analysis

• Vetted affiliates for the purpose of conducting consumer research

Service Providers

We use formally contracted service providers to perform services on our behalf, including:

• Hosting data centres

• IT infrastructure and applications (development and support)

• Cloud services, including:

  • Software as a Service (SaaS)

  • Platform as a Service (PaaS)

  • Infrastructure as a Service (IaaS)

• Helpdesk and call centre services

All service providers are contractually required to:

• Safeguard the privacy and security of personal information

• Use or disclose information only as necessary to perform services on our behalf or to meet legal obligations

Professional and Regulatory Bodies

• Law firms

• Auditors

• Our Network Principal, Mortgage Intelligence Ltd

• Credit reference agencies

• Land Registry Office

• HM Revenue & Customs (HMRC)

• Financial Conduct Authority (FCA)

• Other relevant regulatory authorities

Legal and Safety Reasons

We may also share information where legally required to prevent harm, prevent financial or reputational loss, or investigate suspected or actual fraudulent or illegal activities.

Third-Party Website Features

Some website features may be provided by third parties not affiliated with us, such as:

• Social networking tools

• Geo-location services

These third parties operate under their own privacy policies. We recommend reviewing their privacy policies before using these features.

Business Transfers

We reserve the right to transfer personal information in the event of a sale, merger, or transfer (in whole or in part) of our business or assets. Reasonable steps will be taken to ensure the acquiring party protects and uses your information in a manner consistent with this Privacy Notice.

You may exercise your rights by contacting the acquiring entity regarding how your information is processed.

---

1.6. How Long Do We Keep Information For?

We will keep information for a reasonable amount of time in order to perform the purposes listed above.

We only keep your information for as long as necessary. We generally keep personal information for 7 years after last contact with you. However, we reserve the right to keep information for longer if we feel that this is in the legitimate interests of Glass Ocean Finance Ltd.

---

1.7. International Data Transfers

We and/or associated third parties may transfer the personal information collected about you to recipients in countries other than the country in which the information was originally collected. Those countries may not have the same data protection laws as the country in which you initially provided the information.

When we transfer your information to other countries, we will protect that information as described in this Privacy Notice or as otherwise disclosed to you at the time the data is collected (for example, via a programme-specific privacy notice).

---

1.8. Profiling

For the purposes of business conduct, enhancement, identification of fraud, money laundering, and other potential unauthorised activities, we may engage in profiling activities via direct use or anonymisation of sensitive personal information.

---

1.9. Direct Profiling

Direct profiling is carried out for fair and lawful purposes to support legal and regulatory reporting obligations, including (but not limited to):

• Background checks for customers

• Financial viability analysis and reporting

• Business partner and customer portfolio position, performance, and risk positions

• Anti-money laundering

• Tax reporting

• Credit defaulting and exposure

---

1.10. Indirect Profiling

Indirect profiling (via anonymisation of personal information) may be used to prepare aggregated data reports, including (but not limited to):

• Compilations, analyses, predictive models, rules, and aggregated reports to support insights into service usage, spending, fraud, and other patterns

• Compiling and communicating promotional and marketing information about products and services that may be of interest to you

• Conducting market research

• Facilitating internal business operations, including fulfilling legal requirements

---

1.11. Your Rights and Choices

Your rights regarding the personal information we hold about you enable you to exercise choices about what personal information we collect, how we use it, and how we communicate with you.

---

1.12. Access and Correction

You may have the right to:

• Obtain confirmation that we hold personal information about you

• Request access to and receive information about the personal information we maintain about you

• Receive copies of the personal information we maintain about you

The right to access personal information may be limited in some circumstances by local law requirements.

---

1.13. Requests to Update, Correct, Object, or Delete

1.13.1 Update and Correct Inaccuracies

If you believe the information we hold about you is incorrect, you can contact us and explain what you believe is inaccurate.

If we refuse to correct your personal information, we will provide written notice explaining our reasons (unless it would be unreasonable to do so) and provide details of complaint mechanisms available to you.

1.13.2 Object to Processing

If you wish to object to any processing of your information, you can contact us and outline what processing you object to.

1.13.3 Request Deletion, Blocking, or Anonymisation

If you would like us to delete, block, or anonymise information we hold about you, you can contact us and specify what information you would like deleted, blocked, or anonymised.

To update your preferences, request removal from mailing lists, or request access/update/correction/deletion, please contact us as detailed in the “How to Contact Us” section below.

---

1.14. Opting Out of Processing

You can opt out of automated collection of personal information (such as via cookies) by using the Cookie Consent tool displayed on our website. Your browser may also offer options to manage cookies.

Please note: without cookies, you may not be able to use all website features and/or online services.

Some service providers and partners may collect information about your online activities over time and across third-party websites to customise and target adverts.

You can tell us not to send you marketing communications at any time by:

• Emailing info@glass-ocean.co.uk

• Using the “unsubscribe” link in marketing emails

• Contacting Glass Ocean Finance Ltd as indicated below

---

1.15. Withdrawal of Consent

If we obtain your information by consent, you have the right to withdraw that consent at any time.

If we process your information under legitimate interests, you can object at any time on legitimate grounds.

Glass Ocean Finance Ltd will apply your preferences going forward. Please note that doing so may mean you cannot take advantage of certain Glass Ocean Finance Ltd and affiliate products, services, and promotions.

The right to remove consent may be limited in some circumstances by local law requirements and you will be informed appropriately.

---

1.16. How to Contact Us / Complaints and Feedback

If you:

• Believe we fall short of your expectations in processing your personal information

• Wish to make a complaint about a breach of your personal information or privacy laws

• Have a concern about our privacy practices

• Would like access to or updates of information or preferences you have provided

Please email us at: info@glass-ocean.co.uk

Or write to us at:
55 North Cross Road
East Dulwich
London
SE22 9ET

To assist us in responding, please provide full details of the issue. We aim to review and respond to complaints within a reasonable timeframe.

If we cannot lawfully complete your request, we will explain this to the extent we are legally able.

---

1.17. How We Protect Personal Information

The security of your personal information is very important to us. We maintain administrative, technical, and physical safeguards designed to protect the personal information you provide or we collect against accidental, unlawful, or unauthorised destruction, loss, alteration, access, disclosure, or use.

We use SSL encryption on our website when transferring certain personal information.

We store personal information only for as long as necessary to fulfil the purpose for which it was collected, unless otherwise required or permitted by law. We take steps to destroy or permanently de-identify personal information where required by law or where it is no longer needed.

---

1.18. Review and Updates

This Privacy Notice may be updated from time to time. You should review it regularly.