Privacy policy

Privacy policy

As a Data Controller, we comply with Data Protection laws in the United Kingdom and the EU General Data Protection Regulation (GDPR). This Privacy Policy details how we process your personal data.

Under the GDPR we are required to notify the Information Commissioner’s Office (ICO) about our use of personal data.

We collect personal data about a range of people: • Visitors to our websites • People who contact us (enquirers) • Clients (including clients of the businesses operating under us) • Complainants • Job applicants and our current and former employees or contractors.

Why and How We Process Information

We process personal information to act as an intermediary for financial transactions; typically to advise and apply for property finance such as mortgages or similar for clients. The same applies to advising and arranging insurance policies. We will ask for your consent to do this but as these are contracts with financial institutions our lawful basis for processing data is technically referred to as contract.

To understand how any personal information other than that provided to us through this website is processed you will need to refer to any personal communications you receive from us, check any privacy documents provided when entering into a contract with us or contact us to ask about your personal circumstances.

We also maintain our own accounts and records and retain employee or contractor information to manage our staff / contractors.


When you contact us, we ask for some personal information. You are under no obligation to provide this information to us. Providing that information, enables us to give you the right information or services that you ask for or notify you of further information required to facilitate that service.

If we would like to use your information for any other purpose than those stated above, we will contact you to ask for your consent.

As a minimum, we will hold your name and phone number for the purposes specified above. If you do not become a client of ours, your information will be erased after a period of time in line with our retention policy.

We will only collect information necessary for these purposes and we are committed to protecting that information. Where a joint application is made, we are not able to restrict data sharing between applicants.

Visitors to Our Website

We use google analytics on our websites to provide statistics to help us give users the best experience when visiting our sites. IP addresses are collected to see how users interact with our site. Our website uses cookies, which is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. We use cookies to help identify and track visitors and their website access preferences. Website visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our website.

Virtual Adviser

Virtual Adviser uses cookies to store submitted information whilst using this particular service. Information is retained for 24 hours before being deleted and will not be used in any other way other than optimising your user experience if you return to the site within that timeframe. Data is stored for a longer period upon registration to the Virtual Adviser service in order to provide you with further information about our services.


Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with our office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law. We cannot take responsibility for ensuring the safe passage of emails sent to us.

Our client views

We want your views on the service and any improvements you think are necessary. If this is something you agree to help us with, we will send you a link to an independent agency who collect our survey results.

Job applicants, current and former employees or contractors

When individuals apply to work with us we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing you beforehand unless the non-disclosure is required by law.

Personal information about unsuccessful candidates will be held for six-weeks after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain de-personalised statistical data about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with us, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment.

Once their employment with us has ended, we will retain the file in accordance with the requirements of our retention schedule.

Regulatory Functions and Reporting

As a regulated firm we must provide information to the FCA regularly or in particular situations. We must collect and store regulatory data from our authorised firms. Most of the information has to be provided to us under the Financial Services and Markets Act 2000. Some of this information will be personal data about our employees/advisers or their clients.

Information Processed

We process information relevant to the above purposes. This may include: • Personal details; including information about your identity and contact details • Family details; such as information on cohabitees, partners, children etc. • Employment and education details • Financial details; including income, expenditure, assets, debts and credit history • ‘Special Category’ data; specifically, medical and lifestyle information for insurance policies • Transaction data from services provided by us • Technical data; IP address, browser type, device type or other ‘browsing’ data.

Who the Information May Be Shared With

We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the General Data Protection Regulation (GDPR). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

We will only collect the information needed so that it can provide you with marketing and consulting services, this agency does not sell or broker your data.

Where Necessary or Legally Required We Share Information With

  • Associates and representatives of the person whose personal data we are processing
  • Financial organisations
  • The Financial Conduct Authority (FCA)
  • The Financial Ombudsmen Service (FOS)
  • Law enforcement and prosecuting authorities
  • Credit reference agencies
  • Debt collection and tracing agencies
  • Other companies in the same group
  • Our service providers
  • Courts and tribunals
  • Undertaking research
  • Consulting and advisory services
  • Our professional advisers
  • Staff welfare organisations
  • Current, past or prospective employers
  • HMRC
  • Pension and payroll administrators

Further Disclosure

We may, on occasion, pass your personal information to third parties exclusively to process work on our behalf; for example, a data destruction provider. We always require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR.

Retention Policy

We will process personal data during the duration of any contract and will continue to store only the personal data needed for five years after the contract has expired to meet any legal obligations. After five years any personal data not needed will be deleted.

Data Location

We use services and/or suppliers who operate within the EEA and while their parent company may be US based, we require all to fully comply with GDPR or similar to ensure a continuously high level of data protection.

Your Rights as a Data Subject

At any point whilst we are in possession of or processing your personal data, all data subjects have the following rights:

The right to access – you have the right to request a copy of the information that we hold about you.

The right to rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.

The right to erasure – in certain circumstances you can ask for the data we hold about you to be erased from our records..

The right to restrict processing – where certain conditions apply you have a right to restrict the processing.

The right to object to processing – you have the right to object to certain types of processing such as direct marketing.

The right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.

The right to data portability – you have the right to have the data we hold about you transferred to another organisation.

In the event we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge. At your request we will confirm what information we hold about you and how it is processed.

Access to Personal Information

You have the right to access your personal information (subject to certain exemptions). If you wish to find out what information we hold that relates to you, you must make your request in writing to;
The Data Protection Officer, JLM Mortgage Services Ltd, 21a Churchyard, Hitchin Hertfordshire SG5 1HP.

How to contact us

This privacy notice does not provide exhaustive detail of all aspects of the collection and use of personal information. However, we are happy to provide any additional information or explanation needed. If you have any questions or complaints please contact the Data Protection Officer at:

The Data Protection Officer, JLM Mortgage Services Ltd, 21a Churchyard, Hitchin Hertfordshire SG5 1HP

Email us at:

Call us: 01462 455 655.

What if I Am Still Not Satisfied?

If you are not satisfied with how we have responded to your enquiry, you have the right to complain to the Information Commissioner’s Office (ICO), who is the regulator for data protection in the United Kingdom.

Here is a link to our ICO registration details.