What information do we gather?

To be able to provide you with the best service possible, we will need to gather certain personal information from you when you contact or interact with us. We will also use this information for security, identification and verification purposes.

We will only ever collect information that helps us provide our services to you. We will keep your information for as long as is needed and only for the following purposes:

• legitimate business activities • statutory or legal obligations • auditing and regulatory purposes

When you make an enquiry with us about any of the services we offer, we’ll ask you to provide some contact information. This may include some or all of the following:

• full name • previous names • current home address • previous residential addresses • date of birth • landline and mobile phone number • email address

If you give personal information about someone else (such as a joint applicant), you must have their permission to do so.

If there is a change to any of your personal information and you notify us, we will update your records in our systems. Where we have introduced you to another organisation, we are unable to update your details with them and you will need to contact them personally to notify them of these changes.

• full name • previous names • current home address • previous residential addresses • date of birth • landline and mobile phone number • email address

If you give personal information about someone else (such as a joint applicant), you must have their permission to do so.

Once we have gathered information from you and you subsequently make contact with us, we will use specific pieces of your information to help us identify you and verify that we are dealing with the right person.

Where we offer other products such as insurance, we will need to collect and process information that is “sensitive”. This type of information includes details about your health and any criminal convictions you have. Before we gather this type of information we will explain to you why it is required and will always store this information securely.

Throughout your relationship with us, we will hold your personal information securely in our systems. This will include any information provided by you or others (for example, if you’re making a joint application) in various ways, including (but not limited to):

• in applications, emails and letters, during telephone calls and conversations in our offices, when registering for services, in customer surveys, when you participate in competitions and promotions, when using our website, and during fact find reviews and interviews. • from analysis (including the creation of profiles used to uniquely identify you when you use our online, mobile and telephony services) which are used to help us combat fraud and other illegal activity; and • information we receive from or through other organisations (for example, credit reference agencies, mortgage lenders, insurance companies, comparison websites, social networks, and fraud prevention agencies) whether in the course of providing products and services to you or otherwise, and from information we gather from your use of and interaction with our internet and the devices you use to access them

If there is a change to any of your personal information and you notify us, we will update your records in our systems. Where we have introduced you to another organisation, we are unable to update your details with them and you will need to contact them personally to notify them of these changes.

If someone gives information about you – or you give us details about someone else – we may add it to the personal information we already hold about you or them. This will only be used in the ways we describe in this privacy notice.

When arranging a mortgage or insurance for you, we will need to ask you for your direct debit details to pass onto the lender or insurance provider so it can collect payments. Where we charge a fee for arranging a mortgage, or the mortgage we are arranging carries a cost – for example, a valuation fee – we will need to ask you for payment information such as your debit card or credit card details.

Using our website

If you use our website, we will not collect information about the devices you’re using – or ask third parties to do this for us. We do not use cookies on our website.

Please remember, that whilst we have security measures in place to protect your personal information, the internet is not 100% secure. We cannot therefore guarantee the security of any information you send us online. We are also not responsible for any loss or damage you or others may suffer as a result of losing the confidentiality of your information.

How do we use your personal information?

We use your personal information in various ways.

We will use it to confirm that you are who you say you are when you contact us. We will use it to verify your name and address by checking your details against our databases and to check against information held by credit reference agencies and the electoral roll. We will also use the personal information we gather from you to formulate our advice and recommendations for the services we offer and to submit applications to lenders and product providers.

Before we submit any transaction to a lender or product provider, the law requires us to have verified your identity. This makes it harder for criminals to use financial systems, or to use false names and addresses to steal the identities of innocent people. Checking everyone’s identity is an important way of fighting money laundering and other criminal activities. We will therefore also ask you to provide us with documents that confirm your identity.

The law requires us to comply with a number of regulations. Where necessary, we use your personal data to allow us to fulfil our legal and regulatory requirements.

We will only share personal information with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards. We use third parties to help us run our business. To fulfil our contractual obligations, we may share your personal data with these third parties:

• Mortgage lenders • Insurance providers (e.g. Life & Critical Illness insurance) • General insurance providers (e.g. Home insurance) • Conveyancers (our personally recommended conveyancers where you agree to proceed with a quote) • Surveys

Your personal data may be transferred to these authorised parties:

Third party organisations that provide IT services and applications, administrative functions and support.

We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

Third party organisations that otherwise assist us in providing goods, services or information.

We use third parties acting on our behalf such as contractors, suppliers and/or agents (including, without limitation, customer care teams and processing centres) for the purposes of administration, income, credit and risk assessment, statistical research, marketing, product suitability and product sourcing in respect of products or services you have requested.

Auditors and other professional advisers.

We engage auditors and professional advisers to perform specific work that helps us meet our legal, regulatory and statutory responsibilities. Any auditors or professional advisers that we use will have contractual arrangements and security mechanisms in place to protect data and to comply with our data protection, confidentiality and security standards.

Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation.

We perform anti-fraud, credit and security checks using your details and receive information about you from other sources (such as credit reference agencies) which will be added to the personal information which we already hold about you.

We may use your information for fraud investigation, detection and prevention measures and in order /’to provide suitable security for your account and your information that we hold (such as to enable us to prevent others logging in to your account without your permission from unknown devices). We may also use your information for the investigation, detection and prevention of crime (other than fraud).

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as the police, regulatory bodies or legal advisers in connection with any alleged criminal offence, unlawful activity or suspected breach of the Terms of Use and or the breach of other terms and conditions or otherwise where required by law or where we suspect harm or potential harm to others. We will co-operate with any law enforcement authorities or court order requesting or directing us to disclose the identity or location of or any other information about anyone breaching any relevant terms and conditions or otherwise for the prevention or detection of crime or the apprehension or prosecution of offenders. We shall not be obliged to give you any further notice of this.

Marketing

If we have your consent, we will use your information to identify other products and services we offer that we believe you might want to know about. However, we usually only contact you with information that we think may of benefit to you.

Resolving complaints and disputes

If we are informed that you may be dissatisfied with the service or advice we have provided you, we will use the information we have about you to help us resolve things for you.

Opting out

If you do not wish to receive information from us as explained above, you can update your preferences by contacting us as below:

In writing: Geeta Patel Lemon Tree Financial Ltd 34 Littleton Road Harrow Middlesex HA1 3SU

Email: geeta@lemontreefinancial.com Call: 0208 723 7517

To ensure you have the best possible experience when you contact us, we’ll use your information to ensure our team has the knowledge and expertise to meet your needs.

Uses of your personal information not described in this Privacy Policy

If we ever have to use your personal information for any purposes that we haven’t described in this policy, you’ll hear from us. We’ll let you know exactly what we’ll use it for before we go any further and, where appropriate, obtain your consent.

Please note this policy does not cover companies, services or applications that we do not own or control, or people that we do not employ or manage, including (without limitation) third party websites or applications (e.g. from “social media” platforms such as Facebook or Twitter). Also, it does not cover certain pages and services provided which are hosted, managed and operated by other parties. These services, applications and third parties may have their own privacy policies and/or terms and conditions of use, which we recommend you read before using any such services. These third parties and services are wholly independent of us and are solely responsible for all aspects of their relationship with you and any use you may make of such services.

What is the legal basis for handling personal information?

Data protection laws require that, to process your personal data, we must meet at least one prescribed basis for it. We rely on the following basis for the activities we carry out.

Contract

We rely upon this basis because you will provide us with your personal data as you want to use our services. This means that our use of your information is governed by contract terms. It is your choice to give us this information, however if you choose not to provide it, we may not be able to offer some or all of the services you require.

Under this basis we process your data in the following scenarios:

• understanding your circumstances and requirements • assessing risks • formulating our advice and recommendations to you • updating, consolidating, and improving the accuracy of our records • enabling you to access our website and use our services • letting you know about significant changes to our products, terms or privacy policy • confirming your identity and verifying the information you provide • providing and improving customer support • sending you service communications • responding to your enquiries and complaints • providing you with products and services and keeping you up to date with important changes and developments to their features and how they work

Consent

Where we collect other information from you – or when third parties do so for us – we always ask for your consent first. If you don’t want to give consent, or you remove your consent at a later point, we may not be able to provide some or all of the services you require.

Legitimate Interests

In the United Kingdom, organisations can use personal information where the benefits of doing so are not outweighed by the interests or fundamental rights or freedoms of individuals. The law calls this the “Legitimate Interests” basis for processing.

We rely on this basis for processing personal data for the following benefits:

• Helping to prevent and detect crime such as fraud and money laundering – Fraud and money laundering cost the British economy billions of pounds every year. This cost ultimately reaches the public in the form of higher prices. We can help stop this from happening by using your personal data to avoid fraud and identity theft. • Complying with legal and regulatory requirements – We must comply with various legal and regulatory requirements. We are regulated by the Financial Conduct Authority and sometimes we may be required to provide information to it as part of our regulatory responsibilities. • Ongoing service – When the product or service that we have recommended to you expires or is due for renewal, we will contact you beforehand to notify you of this so we can start to explore the current options available to you. • Training our staff – To offer you the best possible standards of service, we use the information we collect to train our staff so they can assist you better. • Marketing services – Like any commercial organisation, we run a business and – where necessary process information that helps us do this. We have various safeguards in place to make sure that the individuals whose personal information we handle are not disadvantaged by the way we use their personal data. These include making sure people can access the information they need to understand how their personal data will be used by us. We also try to make sure people are aware of the rights they have to obtain the information we hold and to have their information corrected or restricted – and how to complain if they’re unhappy. • Reporting and analytical purposes – We process this personal information to help us analyse the service we are providing and identify ways to improve. • Maintaining our records and other administrative purposes – We always strive to provide the most accurate information to our customers and clients. • Resolving complaints and disputes – If you have a reason to make a complaint, we will use your information to look into things for you. • Improving data accuracy and completeness – When you register for our services you may give us additional information about yourself. We’ll use this to improve the accuracy and completeness of our data. • Email tracking – This helps us to improve our communications to our customers.

Who do we share your personal information with?

Because of the nature of our role as a mortgage broker, we share the personal information you give us with people who need to handle it so that we can provide our services to you.

Here are the organisations that we may share your personal information with:

• Suppliers – We use a number of service providers to support our business. They may have access to our systems and data so that they can provide services to us and/or to you on our behalf. • Resellers, distributors and agents – We sometimes use organisations to help provide our products and services to you. They’ll have access to your data so that they can do this. • Public bodies, law enforcement and regulators – The police, other law enforcement agencies, regulators, as well as public bodies such as local and central authorities can sometimes request personal information. This may be for reasons including: - detecting and preventing crime - apprehending or prosecuting offenders - assessing or collecting tax - investigating complaints - assessing how well a particular industry sector is working • Lenders and Insurers – In some circumstances, we share credit report information and personal information (such as your name and address) with lenders and insurers. This is for purposes that may include: - verifying that you’re eligible for the product you’re applying for - supporting you to complete your application to the lender (which may include filling the application form in on their website) - contacting you about credit and financial products and complying with any contractual, legal and/or regulatory obligations.

Potential recipients

To fulfil our contractual obligations, we’ll also share your personal data with the following third parties:

• Mortgage lenders • Insurance providers (e.g. Life & Critical Illness insurance) • General insurance providers (e.g. Home insurance) • Conveyancers (our personally recommended conveyancers where you agree to proceed with a quote) • Surveys

To help you benefit from the services of our specialist partners we may also share your personal data with the following organisations, but only with your consent:

• ULS Technology for Convenyancing

If you no longer wish us to share your data with any of these organisations, you may withdraw your consent at any time.

We’ll also share your personal data with the following data processors where necessary to fulfil our services and regulatory obligations:

• Direct Life to provide life insurance quotations • Twenty7Tec and Trigold to provide mortgage illustrations • Total Shred to destroy our confidential waste on site • Intelligent Office who provide our CRM solution and Client portal • Sanctions Search for identity checking

If you were introduced to us by a 3rd party, we may update them about how your enquiry with us is progressing.

Where do we send your personal information?

Lemon Tree Financial Ltd is based exclusively in the UK. Our main databases are in the UK. This means any personal information we access from or transfer to these locations is protected by European data protection standards.

Your rights

Under Data Protection regulations individuals have a number of rights. These are as follows:

Right to be informed

Individuals have the right to be informed about the collection and use of their personal data.

We do this in our Privacy Policy.

Right of access

Individuals have the right to access their personal data and supplementary information. Individuals have the right to obtain:

• confirmation that their data is being processed • access to their personal data • other supplementary information

We will not charge for initial requests to provide information, but may charge a fee if requests for further copies of the same information are made. We will provide the requested information to you within a month of receiving your request, unless the request is complex or numerous in which case we may extend this period by up to a further two months.

Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to provide the information requested or refuse to respond. In these instances, we will inform you and explain our reason.

Before we proceed with any request, we will take steps to verify the identity of the person making the request.

Right to erasure (known as the “Right to be forgotten”)

Individuals have the right to have their personal data erased if:

• the personal data is no longer necessary for the purpose which it was originally collected • we rely upon consent as our lawful basis for holding the data and you withdraws that consent • we rely upon legitimate interests as our basis for processing and you objects to the processing of your data and there is no overriding legitimate interest to continue this processing • we are processing your personal data for direct marketing purposes and you object to that processing • we have processed your personal data unlawfully • we have to do it to comply with a legal obligation

The right to erasure does not apply where processing is necessary for one of the following reasons:

• to exercise the right of freedom of expression and information • to comply with a legal obligation • for the performance of a task carried out in the public interest or in the exercise of official authority • for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing • for the establishment, exercise or defence of legal claims

As an example, we are regulated by the FCA and are required to retain records that demonstrate the advice we provide to our customers. These records contain personal information and data that enables us to formulate our advice. We will not remove or delete any personal information or data until such time as our regulatory obligation has been fulfilled in respect of each transaction or piece of advice.

Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to remove the information or refuse to deal with the request. In these instances, we will inform you and explain our reason.

Right to restrict processing

Individuals have the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data in the following circumstances:

• you contest the accuracy of your personal data and we are verifying its accuracy • the data has been unlawfully processed and you oppose erasure, requesting restrictions instead • we no longer need the personal data but you need us to keep it in order to establish, exercise or defend a legal claim • you have objected to us processing your data and we are considering whether our legitimate grounds override your request

If you choose to exercise this right, we may not be able to proceed with a transaction or provide you with our advice. This may mean that we are unable to submit or progress an application with a lender or product provider. In these instances we will notify you of the impact your request.

Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to restrict the information or refuse to deal with the request. In these instances, we will inform you and explain our reason.

Right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. The right to data portability only applies:

• to personal data you have provided to us • where the processing is based on your consent or for the performance of a contract • where processing is carried out by automated means

When responding to such a request, we would provide the personal data in a structured, commonly used and machine readable form, typically a .CSV file. We will provide this to you within one month of receiving your request. If your request is complex or requires more time, we may extend this period by up to a further two months. We will contact you and inform you why it will take longer.

Right to object

Individuals have the right to object to:

• processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling) • direct marketing (including profiling) • processing for purposes of scientific/historical research and statistics.

If you exercise your right to object, we will stop processing your personal data unless:

• there are compelling legitimate grounds for us to continue to process, which override your interests, rights and freedoms • the processing is for the establishment, exercise or defence of legal claims

You can exercise your right to object at the first point of contact with us or at any other time by contacting us a detailed below. If exercising your right to object affects or prevent us from being able to provide you with one or any of the services we offer we will inform you.

Automated decision making including profiling

Sometimes it is necessary for us to approach a lender to obtain an initial decision for a mortgage (often referred to as a Decision in Principle – DIP). To obtain a DIP we may process your personal information through a lender’s automated decision making system which will provide an initial lending decision based on logic/algorithms programmed in to it. We will always gain your consent before completing a DIP. Whilst we don’t set or determine the logic/algorithms used in the automated decision system, we can put you in touch with the respective lender should you require it.

To exercise any of your rights detailed above you can contact us as detailed below:

In writing: Mitul Patel Lemon Tree Financial Ltd 34 Littleton Road Harrow Middlesex HA1 3SU

Email: mpatel@lemontreefinancial.com Call: 0208 723 7517

We take the privacy of your personal information very seriously. If you ever feel you need to complain about how we’ve handled your personal information and data you can contact us as follows:

In writing: Geeta Patel Lemon Tree Financial Ltd 34 Littleton Road Harrow Middlesex HA1 3SU

Email: geeta@lemontreefinancial.com Call: 0208 723 7517

If your complaint is about the administration, or terms and conditions of a product sold by us but provided by a lender/insurer, you may need to contact them about it. If needed, we’ll forward details of your complaint to the insurer concerned, as well as giving you their contact details.

To help make sure you always speak to the right person about your complaint, if it looks like another company will be better able to handle your case, we’ll let you know how to contact them.

If you’re still unhappy with any aspect of how we handle your personal information, you also have the right to contact the Information Commissioner’s Office (ICO). The ICO is the UK’s independent body set up to uphold information rights. You can contact it as follows:

Via its website: https://ico.org.uk

In writing: Information Commissioner’s Office Wycliffe House Water Lane Wilmslow SK9 5AF

Call: 0303 123 1113

How do we keep your personal information secure?

At Lemon Tree Financial Ltd, we understand how important it is to keep your personal information secure. We use a variety of technologies and procedures to protect your private data from being accessed, used or disclosed in any way it shouldn’t be. The security arrangements we’ve put in place include physical, organisational, and technological measures and controls. Together, they help to protect the personal information we hold from risks including:

• loss • theft • unauthorised access, collection, use, disclosure, copying, modification, disposal and destruction

We regularly review our policies and procedures to make sure they remain relevant.

As explained in “How do we use your personal information”, we use third parties to help us run our business. To fulfil our contractual obligations, we may share your personal data with these third parties. We require every third party that we share information with to maintain adequate security safeguards and comply with all the required laws and standards for protecting personal information.

How long do we keep your personal information for?

We’ll keep your personal information securely stored for as long as we need it to provide you with the services you want from us. We also keep it to comply with our legal and regulatory obligations, as also to help us to resolve any issues or disputes that may arise.

Depending on what information we hold and what products or services you are signed up to, we may need to retain certain details for longer than others. In every case, we regularly reassess whether we need to hold your personal information and securely dispose of any information that we no longer need.