Privacy policy & complaints policy

Mayflower Mortgage & Finance Ltd (trading as Mayflower For Brokers)

This privacy notice explains how Mayflower Mortgage & Finance Ltd, trading as Mayflower For Brokers (“we”, “us”, “our”), collects and uses personal information when you use our website or when you engage with us as a broker, intermediary, introducer, or business representative.

Mayflower Mortgage & Finance Ltd is a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to protecting your privacy and handling your personal data transparently and securely.

 

Why should you read this document?

This document explains:

  • what personal data we may collect from you

  • how we use that data in a business-to-business (B2B) context

  • who we may share it with

  • how long we retain it

  • the rights you have under UK GDPR

This privacy notice applies where you are interacting with us in your capacity as:

  • a mortgage/finance broker

  • an employee, director, owner, or representative of a firm

  • a professional introducer

  • a compliance/contact within a business

 

Data Protection Officer

Our Data Protection Officer is:

Mike Pawley
We are registered with the Information Commissioner’s Office (ICO)
ICO Registration Number: ZA764498

 

 

 

 

 

 

 

What do we mean by “Personal Data”?

“Personal Data” means any information that relates to an identifiable individual.

In a business arrangement, this will usually include business contact and professional information such as:

  • name

  • job title / role

  • business contact details (email address, telephone number)

  • firm name and address

  • regulatory information (where applicable, e.g. FCA status)

  • communications and correspondence with us

In some cases, we may also receive or process client personal data that your firm shares with us so we can provide packaging/master broker services. Where we do, we will only use that information strictly for progressing the case and meeting regulatory obligations.

 

What personal data do we collect?

Depending on how you engage with us, we may collect:

1) Broker / Firm Information

  • company name and trading name

  • FCA number (if applicable)

  • firm address

  • business type and services offered

  • professional indemnity insurer details (if relevant to onboarding or due diligence)

2) Personal Data about Firm Representatives

  • name, role, and job title

  • business email address and telephone number

  • correspondence records (emails, calls, meeting notes)

  • onboarding and due diligence documentation (where required)

3) Case & Submission Information

Where you instruct us on a case or submit information through us, we may collect:

  • lender criteria requirements

  • case progress details and case notes

  • documents needed to package and place business

  • any supporting information required by lenders or providers

4) Client Data Provided by You

If you submit a case, you may provide client data such as:

  • identity information

  • financial information

  • credit-related information

  • employment and income details

  • medical information (only where required and relevant to the product/provider)

This is typically provided where you and/or your client are seeking finance products and a lender requires the information.

Lawful basis for processing

We process personal data under the following lawful bases:

A) Contract / Steps to Enter a Contract

Where you engage us to provide packaging/master broker services, we process personal data to:

  • respond to enquiries

  • onboard you as an intermediary

  • deliver services you request

B) Legitimate Interests

We may process personal data where it is necessary for legitimate business purposes, such as:

  • managing broker relationships

  • communicating with you about submissions

  • training, quality assurance and service improvement

  • maintaining business records and audit trails

  • preventing fraud and ensuring security

We ensure this does not override your rights and freedoms.

C) Legal / Regulatory Obligations

We may process personal data to comply with legal and regulatory obligations including:

  • FCA requirements

  • anti-money laundering obligations (where applicable)

  • record-keeping requirements

  • responding to lawful requests from regulators and authorities

D) Consent (where required)

We may rely on consent in limited circumstances (e.g. certain marketing preferences). You can withdraw consent at any time.

 

 

How do we collect personal data?

We may collect personal data:

  • directly from you (via phone, email, web forms, onboarding documents)

  • from your firm or colleagues

  • from publicly available sources (e.g. FCA register, Companies House)

  • from lenders, providers, and professional third parties involved in cases

 

What happens to personal data once we receive it?

We may:

  • record and store personal data in secure systems (email, CRM systems, secure cloud storage, portals)

  • use it to communicate with you and administer packaging/master broker services

  • submit information to lenders and providers via secure portals where required to place business

  • maintain audit trails relating to advice/support and transactions

Access to personal data is restricted to those within our firm who need it to perform their role.

 

Sharing personal data

We may share personal data with relevant third parties where necessary to support the services we provide, including:

  • mortgage lenders and finance providers

  • insurers and product providers

  • compliance advisers / compliance service providers

  • technology providers used to support our systems (e.g. CRM, secure portals, storage)

  • professional advisers (e.g. legal, accountants)

  • fraud prevention and identity verification agencies (where applicable)

Personal data will only be shared where necessary for:

  • progressing cases

  • fulfilling our services

  • meeting legal/regulatory duties

Important: Sharing personal data with third parties does not allow them to use it for their own marketing purposes unless you have separately agreed to that.

 

 

 

International transfers

We do not expect personal data to be transferred outside the UK.
If any transfer outside the UK is required (e.g. due to technology providers), we will ensure appropriate safeguards are in place, such as UK-approved International Data Transfer Agreements.

Security

We take appropriate technical and organisational measures to protect personal data from unauthorised access, misuse, loss, or disclosure.

We also encourage you to take reasonable precautions when sending information to us, including:

  • not sending sensitive personal data via unsecured email

  • using encryption and/or password-protected attachments

  • using secure portals where available

 

Retention of personal data

We retain personal data only for as long as necessary for the purposes for which it was collected, including:

  • business administration and relationship management

  • legal and regulatory record-keeping requirements

In most cases, records will be retained for a minimum of six years, but may be retained longer where required by regulation or legal obligations.

 

Your rights under UK GDPR

You have the right to:

  • request access to your personal data

  • request correction of inaccurate or incomplete data

  • request erasure of your data (where applicable)

  • request restriction of processing

  • object to processing

  • request data portability (where applicable)

To exercise any of your rights, please contact:

Email: Enquiries@mayflowermortgage.co.uk
Phone: 0333 577 6266

We aim to respond within one month, although complex requests may take longer. Where we require more time, we will notify you within the initial one-month period.