At Mint we take privacy seriously and we are committed to protecting it.
This policy explains when and why we collect personal information about individuals, how this information is used, the conditions under which it may be disclosed to others and how it is kept secure. The policy also explains when and how we disclose information to others about an applicant for a loan or a borrower, whether they are an individual or a corporate entity.
If our customer is a corporate entity, we may collect personal information about a director or a beneficial owner of the corporate entity or about any person who is to provide us with a guarantee or other security, or who does provide us with a guarantee or other security. Each reference in this policy to “you” is a reference to the individual whose personal information we collect, whether directly from you as the individual, or from our customer (if not you), or from a broker or solicitor, or from third parties such as employers, other lenders or credit reference agencies.
Information we collect about you
We collect information about you at various stages during our relationship with you or the corporate customer of which you are a director or beneficial owner, including when you or our corporate customer make an application to us, when we enter into an agreement with you/our corporate customer, during the course of providing our services to you/our corporate customer and on other occasions when you contact us or when we ask for information.
Personal information you give to us: The personal information that we collect about you is as follows:
• date of birth
• residential address and address history
• contact details such as email address and telephone numbers
• financial information, including bank statements, account details, and details of your assets
• employment details
• information contained in identification documents, including passport, driving licence and household bills
• Information you give to any surveyor or other person acting for us
• information provided by you when filling in a form on our website
• details contained in a loan application
• details contained in a guarantor information sheet
• details of any account you have with us
• your marketing preferences
Personal information we receive from other sources: We may obtain certain personal information about you from other sources, as follows:
• information we receive following enquiries we make with your current and previous lenders, employers, estate agents, landlords, accountants, bankers and the UK Finance Mortgage Lenders Possession Register;
• information we receive following enquiries we make with credit reference and fraud prevention agencies – please see ‘Use by credit reference and fraud prevention agencies’ below for further information; and
• publicly available information obtained from the Internet and other sources such as The Insolvency Service, HM Land Registry, HM Revenue and Customs, Companies House, The Gazette, the electoral register and other public sources.
If you fail to provide us with any mandatory information that we request from you in the course of considering an application for a loan, we will not be able to proceed with the checks and risk assessment necessary to enter into a loan facility agreement; we will not be able to consider the application further or to propose an offer.
Use of your information
We rely upon the following lawful bases under data protection laws (shown in bold) for the uses which we may make of your information:
• On the basis that it is necessary for the purposes of legitimate interests pursued by us or a third party, we will use your information for the following purposes:
– to assess a loan application and any lending risks;
– to obtain and analyse information from credit reference agencies;
– to verify your identity and to detect and prevent fraud and money laundering, in order to protect our business;
– to establish, exercise and defend our legal rights;
– to manage and audit our business operations including statistical analysis and accounting;
– to enhance and personalise your customer experience by analysing patterns and customer behaviours, including contacting you to ask you about your experiences (we may engage a market research company to contact you on our behalf);
– to carry out statistical analysis to help with decisions about credit and account management;
– to recover debt, repossess property, and trace your whereabouts;
– to monitor communications between us to prevent and detect crime, to protect the security of our communications, systems and procedures, and for quality control and training purposes; and
– to take steps to protect your information against loss, damage, theft or unauthorised access.
Person(s) who may provide us with funds for a loan to you or a borrower of which you are a director, beneficial owner, proposed guarantor or provider of other security will receive certain information about you (see ‘Use by third parties’ below) and will rely upon their legitimate interest in carrying out their own assessment of any lending risks in order to protect their business.
Any person who is to provide security for a loan agreement (and their legal advisers) will receive all of the information we have obtained about you, where you are the proposed borrower, for our legitimate interest of ensuring that that person obtains independent legal advice as well as for that person’s legitimate interest in obtaining separate independent legal advice as to the meaning, effect and consequences of providing the proposed security.
• On the basis that it is necessary to comply with a legal obligation, we will use your personal information to verify your identity for the purposes of meeting our anti-money laundering and other legal and regulatory responsibilities whether you are the applicant for a loan or the beneficial owner or a director of a corporate applicant for a loan or a proposed guarantor or provider of other security. This may also include processing special categories of data about you, for example for our compliance with our legal obligations relating to vulnerable people.
• Where you have given your consent to specific processing of your information, for example for direct marketing communications (by us and/or any third parties referred to in the relevant consent request), you can withdraw your consent at any time by following the unsubscribe instructions in the relevant communication or by contacting us, using the “Contacting us” details below.
If we or a fraud prevention agency determine that you pose a fraud or money laundering risk, we may not lend to you, we will inform a fraud prevention agency of the risk, and the fraud prevention agency will keep a record of the risk, which may result in others refusing to provide services, finance or employment to you.
Use by credit reference and fraud prevention agencies
Where you are applying for a loan (or a corporate entity of which you are a director or beneficial owner is applying for a loan) or you are to provide a guarantee or other security for a loan, we will undertake credit and identity checks on you with one or more credit reference agencies (“CRAs”). We may carry out further periodic searches for the purpose of managing the account under the proposed loan facility agreement.
To do this, we will supply your personal information to CRAs and they will give us information about you and about any person with whom the CRAs have recorded you as being financially linked. The information the CRAs give us will include information about your financial situation and financial history. CRAs will supply us with public information (including information from the electoral register) and also with shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
• assess your creditworthiness;
• verify the accuracy of the information you have provided to us;
• prevent and detect criminal activity, fraud and money laundering;
• manage your account(s);
• trace and recover debts; and
• ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs at any time when you have a relationship with us as an individual borrower. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file that may be seen by other lenders and other businesses or organisations.
If you are making a joint application, or tell us that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share this information with them, before making the application. CRAs will also link your records together and these links will remain on your and their files, so that any future search of your records or their records will take into account the records of the financially linked person(s), until such time as you or your joint applicant, spouse or other financial associate successfully files for a disassociation with the CRAs to break the link.
The identities of the CRAs, their role as fraud prevention agencies, the information they hold, the ways in which they use and share personal information, information retention periods and your data protection rights with the CRAs are explained in more detail on the CRAs’ websites at TransUnion https://www.transunion.co.uk/crain; Equifax https://www.equifax.co.uk/crain.html; and Experian http://www.experian.co.uk/crain/index.html.
Before we enter into a loan agreement with you or a corporate entity of which you are a director, or where you are to provide a guarantee or other security, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process your information. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to enter into the loan agreement or to make any loan or further loan. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. Further details of how your information may be used by Mint and fraud prevention agencies, along with your data protection rights, can be found at www.nhunter.co.uk/privacypolicy/. If you have any questions about this, please contact us.
Please telephone us on 0844 415 6500 if you would like details of the credit reference and fraud prevention agencies from whom we obtain and to whom we pass information about you. You have a legal right to these details.
Use by third parties
We disclose your information to the following third parties:
• Your broker, for the purposes of administering your application.
• Person(s) who may provide us with funds for the proposed loan facility. They receive personal information that is necessary for them to assess the lending risks. We will provide them with the information on your application form/guarantor information form and the results of the checks that we carry out. They will also receive further information during the course of our relationship with you where this is necessary to obtain funding for the loan(s).
• Any person who is to provide security for the proposed loan(s) (and their legal advisers) so that they can obtain separate independent legal advice.
• Where you are located outside of the UK, we will appoint a solicitor in your local jurisdiction to provide us with advice in relation to your circumstances according to the laws of the relevant jurisdiction.
• Credit reference agencies and fraud prevention agencies. Please see ‘Use by credit reference and fraud prevention agencies’ above for further information about these agencies and what they do.
• Third party suppliers engaged by us to undertake certain services, including debt collecting agencies to recover monies owed to us. These third parties will be separate controllers of your information and will be responsible for protecting your information and processing it in line with data protection laws.
• Third parties acting on our behalf, such as back-up and server hosting providers, IT software and maintenance providers and their agents, and third parties that provide customer support services, claims handling services, income verification services, affordability checks, communication fulfilment services and market research agencies.
• Law enforcement agencies in order to detect, investigate and prevent crime (we or any fraud prevention agency may pass your information to law enforcement agencies).
• Courts in the United Kingdom or abroad as necessary to comply with a legal requirement, for the administration of justice, to protect vital interests and to protect the security or integrity of our business operations.
• Any third party who is restructuring, selling or acquiring some or all of our business or assets or otherwise in the event of a merger, re-organisation or similar event.
• Any third party to whom we propose to, or do, assign or transfer our rights or obligations under a loan agreement with you or a corporate entity which you own or of which you are a director or for which you have provided a guarantee or other security. If we assign or transfer our rights or obligations, you will be notified and the assignee or transferee will become the data controller of your information.
• Our professional advisors, including surveyors, asset managers, solicitors, accountants, auditors, and regulators as necessary.
Where we store your information/ transfers to third parties
We store your information on servers located in the United Kingdom.
The third parties listed under ‘Use by third parties’ may be located outside of the UK or they may transfer your information outside of the UK to countries which may not have the same standards of data protection and privacy laws as in the UK. Whenever we or fraud protection agencies transfer your information outside the UK, we or they will impose contractual obligations on the recipients of your information in order to ensure that your personal information is protected to the standard required under UK data protection laws unless the transfer is to a country, territory, sector or international organisation which is specified in UK regulations as having an adequate level of protection of personal information for the purposes of such a transfer.
Retention of your information
If we decline the loan application or if we accept the application but you do not/the applicant does not proceed with the facility, we keep your information for 12 months or as long as necessary to deal with any queries you may have and/or to comply with our legal obligations. If the application is accepted and the loan facility agreement proceeds, we hold your information for 6 years from the date at which the agreement ends or as long as necessary thereafter to deal with any queries you or the borrower (if not you) may have or to comply with our legal obligations.
Credit reference agencies will retain the loan account information we give to them for 6 years after the loan account is closed (please see ‘Use by credit reference and fraud prevention agencies’ for more information about the information that we give to them).
Fraud prevention agencies can hold your information for different periods of time, and if you are considered to pose a risk of fraud or money laundering, your information can be held for up to 6 years.
We may hold your information for longer or shorter periods than those described above where:
• the law requires us to hold your personal information for a longer period, or delete it sooner; or
• you exercise your right to have the information erased (where that right applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law.
Our Commitment and Obligations to you
We take the collection, usage and security of your personal data seriously. We can only use your personal data under law if we have a good reason for doing so. The law provides examples of those reasons. These include:
• To perform or fulfil an agreement we have with you; or
• If we have a legal duty; or
• If it is within our legitimate business interest; or
• If there is a public interest reason for doing so; or
• If you have given your consent.
A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.
You have a number of rights in relation to your personal information under data protection laws. When you contact us with a request to exercise these rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. We will respond to your request(s)without delay and in any event within one month unless it is necessary to delay our response by up to two further months by reason of the complexity or number of your requests.
If you would like to exercise any of your rights, please contact us using the details below under ‘Contacting us’.
You have the rights:
• To access your personal information. You have the right to be provided with a copy of the information that we hold about you upon request. We may not provide you with a copy of your personal information if and to the extent that providing you with a copy would adversely affect the rights and freedoms of other individuals.
• To correct and update your personal information. You have the right to have inaccurate information about you rectified upon request, and, insofar as it is relevant to the purpose for which we process the information, to have incomplete information completed. The accuracy of your information is important to us. If you change any of your details, or you discover that any of the other information we hold about you is inaccurate or out of date, please let us know. We encourage you to keep us up to date with changes in your information to keep it safe and to keep your credit file up to date and consistent as it could affect assessments of your applications by other lenders and other businesses or organisations.
• To withdraw your consent. Where we rely on your consent as the lawful basis for processing your personal information, as set out under ‘Use of your information’, you may withdraw your consent at any time. If you would like to opt out of direct marketing from us, please follow the unsubscribe instructions in the relevant marketing communication or contact us using the contact details below. If you withdraw your consent, our processing of your personal information in reliance upon your consent before the withdrawal of your consent will still have been lawful.
• To object to our use of your personal information. Where we rely on our legitimate interests or the legitimate interests of third parties as the lawful basis for processing your information, as set out under ‘Use of your information’, you may object to us processing your information on that basis on grounds relating to your particular situation. We must then stop processing your information in reliance on our legitimate interests/those of third parties unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or processing of the information is necessary for the establishment, exercise or defence of legal claims or to the extent that processing is necessary for compliance with a legal obligation. If you object to your information being processed for direct marketing purposes, either by using an unsubscribe tool or by contacting us using the details under ‘Contacting us’ below, we will stop processing your information for direct marketing purposes.
• To object to a decision based solely on automated processing. If we make a significant decision about you based solely on automated processing, we will notify you in writing as soon as reasonably practicable that the decision has been taken based solely on automated processing, and you will then have one month in which you may request that we reconsider the decision or take a new decision that is not based solely on automated processing. We will then, without delay and within one month or, where necessary, taking into account the complexity and number of your requests, within a longer period of up to three months in total, comply with your request and give you written notice of the steps taken to comply with your request and the outcome.
• To have your personal information erased. You have the right to have the information we hold about you erased, upon request and without undue delay where the information is no longer necessary in relation to the purposes for which it was collected or retained or where there is no lawful basis for its processing or where it has been processed unlawfully.
• To have processing of your personal information restricted. You have the right, upon request, to have our processing of your personal information restricted for a period enabling us to verify its accuracy where you contest its accuracy, or where processing would be unlawful but you request restriction rather than erasure, or where we no longer need the information but you require the information for the establishment, exercise or defence of legal claims, or where you have objected to processing based upon our legitimate interests/those of third parties pending verification of whether or not the legitimate interests override your interests. Where the processing of your information is restricted, we may only process the information by storing it or with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another person or for reasons of important public interest.
• To have your personal information transferred in a structured data file. Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with a contract we have with you, you may ask us to provide you or another data controller with a copy of that information in a structured data file. To the extent that such processing is carried out by automated means, we will provide the information to you or, where technically possible, to such other data controller electronically in a structured, commonly used and machine-readable format, such as a CSV file, provided that this will not adversely affect the rights and freedoms of others.
• To complain to the Information Commissioner’s Office (“ICO”). You have the right to complain to the ICO if you consider that we have infringed data protection laws in connection with your information. Please visit the ICO’s website for further details.
We may obtain information about your general internet usage by using cookie files stored on your computer or device (“cookies“). Cookies are text files containing small amounts of information which are downloaded to your computer or device when you visit a website. They help us to improve our site and to deliver a better and more personalised service.
Email: Paul Wertheim, Data Protection Officer, firstname.lastname@example.org with the subject heading ‘Data Protection’
Post: Paul Wertheim, Data Protection Officer, Mint Property Finance Limited, Peel House, 30 The Downs, Altrincham, Cheshire WA14 2PX
Phone: 0844 415 6500
Where you have been notified that the controller of your information is one of our associated companies, you should address any postal communication about your information to Paul Wertheim, as the Data Protection Officer of that associated company, at Peel House, 30 The Downs, Altrincham, Cheshire WA14 2PX.
List of associated companies:
• MBS Opco Limited (company number 12708722)
• MBS Lendco Limited (company number 12708736)
• MHS Finance Limited (company number 08502037)
• Mint Bridging Limited (company number 07567483)
• MB (Syndicates) Limited (Company No. 09668684)
• MHS Finance Limited (Company No. 08502037)