If you would like this notice in larger print or another format, please contact us using the details at the end of this notice.
This privacy notice is published by Advanta Solutions Ltd and applies to the following companies:
Some of these companies also use trading styles. Where a trading style is used, this notice applies to the legal entity operating that trading style. For example:
Usually, the company responsible for your personal data will be the company that provides services to you, holds your relationship with us, or otherwise decides how and why your personal data is used. In some cases, more than one of the companies listed above may use your personal data for shared administration, compliance, risk management, complaints handling, legal or regulatory obligations, information technology support and other operational purposes.
We collect the personal data we need to provide mortgage advice, general insurance services, financial planning services and related support. This may include:
Where relevant to the service you need, we may also collect sensitive personal data (known in data protection law as special category data), for example information about your health. In limited cases, we may also use information about criminal convictions or offences where this is relevant to insurance, anti-money laundering checks, fraud prevention, legal claims or other lawful purposes.
We collect personal data directly from you when you contact us, complete forms, meet with us, use our websites, correspond with us by phone, email or post, or ask us to provide services to you.
We may also receive information from third parties where appropriate, including lenders, insurers, product providers, platforms, introducers, employers, professional advisers, identity verification providers, fraud prevention agencies and publicly available sources. We may also use electronic identity verification and anti-money laundering checks where needed to meet our legal and regulatory obligations.
We use personal data to:
If you do not provide information we reasonably need, we may not be able to advise you, arrange products or services for you, manage your account, or meet our legal and regulatory obligations.
We will only use your personal data where the law allows us to do so. The main lawful bases we rely on are:
Our legitimate interests may include internal administration, group-wide compliance oversight, risk management, information security, staff training, service quality monitoring, complaint handling, legal claims management, fraud prevention, keeping appropriate business records, and making necessary disclosures to service partners and providers involved in delivering or supporting the services you have asked us to provide.
If we need to use sensitive personal data, such as health information, we will only do so where the law allows it. This means there must be a lawful basis for using the data and, because it is sensitive, an extra legal condition must also apply. Depending on the circumstances, that may include your explicit consent or another condition allowed by law.
If we use information about criminal convictions or offences, we will only do so where UK law permits it and with appropriate safeguards.
If you give us information about another person, such as a spouse, partner, dependant, attorney, trustee or beneficiary, you should make sure they know you have given us their information and direct them to this notice where appropriate.
Your personal data may be shared between the companies listed in this notice where this is reasonably necessary for service delivery, administration, file management, compliance oversight, complaints handling, anti-money laundering and financial crime controls, risk management, legal and regulatory obligations, audit, professional advice, finance, information technology support, cyber security and business continuity.
We may also share your information with third parties where this is reasonably necessary to provide services to you, to arrange or administer products or policies for you, or to run our business properly. These third parties may include lenders, insurers, reinsurers, product providers, platforms, scheme administrators, surveyors, valuers, conveyancers, solicitors, accountants, auditors, compliance advisers, professional indemnity insurers, information technology and software providers, document management providers, identity verification providers, fraud prevention agencies, payment service providers, regulators, law enforcement bodies and other professional or operational service partners.
Where a third party is acting on our behalf, or where we need to share your personal data to provide a service you have asked us to arrange or administer, we will not usually need to ask for separate consent each time, provided the sharing is lawful, proportionate and covered by this notice.
If we want to introduce or refer you to an organisation outside the companies covered by this notice for a separate product or service, and the disclosure is not strictly necessary to carry out a service you have already asked us to arrange, we will tell you who that organisation is and we will ask for your consent before sharing your personal data with them.
If any sensitive personal data is involved, we will only share that information where the law allows it and, where required, we will obtain your explicit consent before sharing that information.
Sharing your personal data with service partners, product providers or other third parties for service delivery does not give them permission to market to you just because they have received your information for that purpose. Any marketing use of your information must be separately lawful.
We may record and/or transcribe telephone calls, video meetings and other communications, and we may use artificial intelligence (AI) tools to help with note-taking, transcription, quality checks, file review, fraud and risk monitoring, information security, training and operational efficiency.
Where we use these tools, they are there to support our people and processes. We do not normally make decisions about you using fully automated means where there is no human involvement and the decision has a legal or similarly significant effect on you. If that changes, we will tell you and explain what it means for you.
We do not routinely expect your personal data to be transferred outside the UK. If that becomes necessary, we will only do so where appropriate safeguards are in place and we will provide further information where required.
We keep personal data for as long as necessary to provide services, manage our relationship with you, meet legal and regulatory record-keeping requirements, support complaint handling, defend legal claims, prevent fraud and financial crime, meet insurer expectations, and protect our legitimate business interests.
How long we keep information may vary depending on the type of service, the product involved, the nature of the record, legal and regulatory requirements, limitation periods, complaint and legal risk, and insurer or business requirements.
You have rights over your personal data. In the right circumstances, you can ask us for access to your personal data, ask us to correct inaccurate information, ask us to erase information, ask us to restrict or stop certain processing, object to certain processing, and ask us to provide a portable copy of certain information.
Where we rely on consent, you can withdraw that consent at any time. This will not affect any use of your personal data that took place lawfully before you withdrew consent.
You also have the right to complain to the Information Commissioner if you are unhappy with how we have handled your personal data.
We may contact you about products or services offered by the companies listed in this notice where this is permitted by law and relevant to your relationship with us. For marketing by email, text or similar electronic messages to individuals, the Privacy and Electronic Communications Regulations 2003 generally require prior consent unless a limited exception applies. You can opt out of marketing at any time.
Our websites may use cookies and similar technologies. Where required by law, we will give clear information about what those cookies do and ask for consent for non-essential cookies and similar technologies. Under the Privacy and Electronic Communications Regulations 2003, consent is generally needed before storing or accessing information on a user’s device, unless a limited exemption applies.
Each website should also have its own cookie notice or cookie settings tool.
Please take care when sending us personal or financial information and use secure methods where possible.
If you have any questions about this privacy notice, about how your personal data is used, or if you want to exercise any of your data protection rights, please contact our Compliance Team:
You can also write to the relevant company’s registered office shown in the appendix to this notice. If you think your personal data has been lost, disclosed to the wrong person or used improperly, please tell us as soon as possible.
We keep this privacy notice under regular review and may update it from time to time. The current version will be available on the relevant website.