Intermediary Privacy Notice

1.1    We are Norton Home Loans, a specialist mortgage provider. We are the data controller of personal data we collect and use about you in connection with services related to mortgage and secured loan advice and credit broking activities.

1.2    We have appointed a data protection officer, or “DPO”, who you can contact if you have any questions or complaints. You can email our DPO at dpo@norton-finance.co.uk.

2.1 We collect the personal data we process directly from you. The personal data we collect includes:

• your name and, if applicable, business name;
• your business contact details, including address, email address and telephone number;
• your FCA registration number;
• identity information that we collect for anti-money laundering purposes;
• your website information;
• your bank details;
• where permitted by law, information relating to criminal convictions or offences and alleged offences for specific and limited activities and purposes, such as to perform checks to prevent and detect crime, to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and for international sanctions.

3.1 We use your personal data for the following purposes:

• to decide whether to enter into an intermediary relationship with you;
• to manage our contractual relationship with you;
• to deliver our products and services to your customers;
• to carry out fraud and anti-money laundering checks as part of our legal and regulatory obligations.
• to identify you when you contact us and to handle your communications, including complaints and enquiries;
• to contact you if we need to inform you of changes to the way we provide services;
• to provide you with the fees to which you are entitled; and
• to create internal reports for monitoring and oversight purposes.

3.2 If our contract is with you as a sole trader, we do all of this because it is necessary for us to fulfil our contract with you. If our contract is with your business as a limited company, we do this because it is necessary in our legitimate interests to satisfy our contractual obligations towards your business, exercise our contractual rights and manage our relationship.

3.3 If you provide us with other information about yourself, we may use this information to decide what communications we send you and what events we invite you to. It is not mandatory to provide this information and if you don’t want us to use it for these purposes, you can either choose not to provide the information, or let us know that you don’t want us to use it in this way by contacting us using the details above.

3.4 We also use your personal data:

• to detect, report and prevent money laundering and financial crime;
• to manage our business efficiently; and
• to send you marketing communications regarding our products and services.

We do this because it is necessary in our legitimate interests to protect, manage and promote our business. We may also have a legal obligation to use your personal data in certain ways, for example to report suspicions of money laundering.

4.1 We sometimes need to share your personal data with other organisations, so that we can continue to provide our services or for other legitimate reasons. The third parties with whom we share your personal data include:

• customers you introduce to us;
• email marketing services;
• survey providers;
• research and data analytics providers;
• regulators;
• law enforcement and governmental agencies;
• potential or actual purchasers of our business or assets;
• professional third parties, such as solicitors.
• Credit reference and fraud prevention agencies for the purposes of confirming your identity and to prevent and detect crime.
• To third party suppliers providing services to us.
• External auditors.

5.1 If we need personal data in connection with our contract with you or to comply with a legal requirement, and you do not provide it, this may delay or prevent us from meeting our obligations. It may mean that we cannot enter into, or continue, our relationship with you.

6.1 You have certain rights over your personal data, including rights to:

• ask us for a copy of your personal data;
• ask us to correct inaccurate personal data;
• ask us to erase personal data;
• ask us to restrict the use of your personal data;
• ask us to transfer certain personal data to another provider;
• object to our use of your personal data in certain circumstances;
• opt out of receiving any direct marketing; and
• withdraw consent, if we have asked you for consent to use your personal data.

6.2 You can ask to exercise these rights by contacting us at dpo@norton-finance.co.uk. There are some circumstances in which we do not need to comply with all or part of your request. If this is the case, we will explain this to you.

6.3 If you ask to exercise one of the rights above, we may ask you to verify your identity before we process your request. This is to avoid confidentiality breaches and make sure we do not disclose personal data to the wrong person.

7.1 We only keep your personal data for as long as necessary for the purposes for which it was collected and used. When it is no longer needed, we securely delete it or anonymise it.

7.2 The period for which we keep personal data varies depending on the nature and context of the relevant personal data. When we decide how long to keep personal data, we take into account:

• how long we need to keep it to fulfil the original purpose of collecting it;
• whether there could be any claims, complaints or litigation that require us to use that personal data;
• any relevant guidance from official bodies such as regulators;
• how sensitive the personal data is; and
• whether there are any relevant legal obligations that we need to comply with.

7.3 Generally speaking, we keep personal data for 6 years after your relationship ends with us. We may keep your information for longer than indicated if we cannot delete it for legal, regulatory, or technical reasons. We may also keep it for research or statistical purposes. If we do, we'll make sure that your privacy is protected and only use it for those purposes.

8.1 The personal data we collect is stored in the UK and European Economic Area (EEA). Some of the suppliers we use may transfer personal data to other countries which might not offer the same level of protection as UK data protection laws. Where this is the case, we make sure there are mechanisms in place to protect your personal data in the same way as it would be protected here.

8.2 These mechanisms could be:

• making sure the country your personal data is sent to is an “adequate” country, as designated by the UK government;
• if the transfer is between group companies, making sure there are binding corporate rules in place that cover the transfer; or
• making sure the transfer is subject to an international data transfer agreement.

9.1 We may update this privacy notice from time to time to keep it up-to-date.

9.2 The privacy notice was last updated on 2nd April 2024.

10.1 If you have any questions about this privacy notice or how we use personal data, or if you are not happy with how we have processed your personal data, you can contact our DPO using the following details:

Email: dpo@norton-finance.co.uk

Telephone number: 0808 231 5530

Post: Norton House, Mansfield Rd, Rotherham, S60 2DR

10.2 You also have the right to make a complaint to the Information Commissioner’s Office, which is the data protection regulator. You can find out on their website how to make a complaint: www.ico.org.uk.