We will not collect any personally identifiable information about you unless it is in response to you using our website or actively applying for one of our online products or services. We value your privacy and the security of your personally identifiable information is extremely important to us. The lawful basis by which we are collecting information from you is “the performance of a contract”.
For the purpose of the General Data Protection Regulation (GDPR) 2018, the registered data controller is Hey Habito Ltd, whose registered office is at Throgmorton UK Ltd, 4th Floor Reading Bridge House, George Street, Reading, Berkshire RG1 8LS. Our trading address is The Loom, 14 Gower’s Walk, London, E1 8PY.
Our Information Commissioner's Office (ICO) registration number is ZA153186.
When you create an account and complete the ‘fact find’ form on our website, we collect the following information from you:
In addition to the above, we collect information from you through your communications with us – for example:
If you're doing a company buy-to-let mortgage, we'll also collect this information about everyone you have a financial link with, for example, other directors of your company.
We may also collect personal information from you over the telephone for mortgage or life insurance purposes. We may record telephone calls for training and monitoring purposes.
The information we collect about you will be mainly used for the purpose of applying for a mortgage or any other product or service we offer. There are also other ways in which we will use your information – these are detailed below.
We will use your information to:
We will hold your personal data on our systems as follows:
We may share your information with the following entities:
We will ensure your data remains within the EEA and as a result is captured under the General Data Protection Regulation. If for any reason we use third parties that are domiciled outside of the EEA any such data storage will undergo further enhanced controls and checks, dependent on the country of storage. We will inform you of any such instance where this may occur.
Under the General Data Protection Regulation 2018, you have various rights in relation to your information. Detailed below are your rights and a description of each one.
You have the right to:
If you have changed your mind about receiving marketing from us, you can opt out at any time by clicking the unsubscribe button or the link at the bottom of any of our marketing emails. Alternatively you can email us at firstname.lastname@example.org.
We pride ourselves on treating your data with the utmost care and security. Our systems meet or exceed industry standards and we are constantly monitoring these to provide improvements where available.
We will never store passwords in plain text, nor will we allow anyone to access your data unless they have a justifiable reason to do so. All of our employees are background checked before they are granted access to your data.
Your lender may use credit reference and fraud prevention agencies to help them make decisions. A short guide to what the lender does and how the lender, credit reference and fraud prevention agencies will use your information is detailed below. If you would like to read the full details of how your data may be used, please contact your lender.
A condensed guide to the use of your personally identifiable information by the lender and at credit reference and fraud prevention agencies
If you apply for a mortgage product through Habito, we will provide the information we hold about you to your lender. The lender will use this information to help make its decision about whether or not to lend to you. This will involve checking the following records about you and others:
When CRAs receive a search request from the lender they will place a search footprint on your credit file that may be seen by other lenders. They supply to lenders both public (including the electoral register) and shared credit and fraud prevention information. Having multiple search footprints on your credit file may affect your ability to borrow in the future.
The lender will make checks such as assessing your application for credit and verifying the applicants’ identities to prevent and detect crime and money laundering. The lender may also make periodic searches at CRAs and FPAs to manage your account with them.
If you are making a joint application or tell us or the lender that you have a spouse or financial associate, the lender will link your records together, so you must be sure that you have your partner’s agreement to disclose their information. CRAs also link your records together and these links will remain on your and their files until such time as you or your partner successfully files for a disassociation with the CRAs to break that link.
Information on applications will be sent to CRAs and will be recorded by them. Where you borrow from the lender, the lender will give details of your accounts and how you manage it/them to CRAs. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs and FPAs to perform similar checks and to trace your whereabouts and recover debts that you owe.
Records remain on file for 6 years after they are closed, whether settled by you or defaulted.
If you give false or inaccurate information and the lender suspects or identifies fraud, the lender will record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention.
If you have borrowed from the lender and do not make payments that you owe them, the lender will trace your whereabouts and recover debts.
The lender and other organisations may access and use the information recorded by fraud prevention agencies based in other countries.
Your mortgage application may be assessed by the lender by the means of automated decision making and if it is declined we will endeavour to request from the lender the actual reason why the application has been declined. Once we know this reason we will contact you as soon as we are able to convey this to you.
If you have a complaint about how we handle your data please write to our complaints team:
Please include your name and address, a contact telephone number, the email address you signed up with, your application number (if applicable), and details of why you are unhappy. If we do not have enough information to investigate your complaint we will contact you to ask for further information.
We will investigate your complaint promptly and will respond to you as soon as we can detailing our findings of your complaint.
If we have been unable to resolve your information rights concern, you can raise the matter with Information Commissioner's Office (“ICO”). They will use the information you have provided, including our response to your concerns, to decide if your concern provides an opportunity to improve information rights practice.
You can contact the ICO by either:
If you wish, you can contact the CRAs directly. The information they each hold about you may not be the same so it is worth contacting them all. You should check with them if a fee is payable for this information.