This privacy notice was last updated on 2 June 2021.
**Please note that Which? Financial Services is no longer operating its Which? Mortgage Advisers or Which? Insurance Advisers businesses.**
About this notice
Who we are
Which? Money Compare is, and Which? Mortgage Advisers and Which? Insurance Advisers were, trading names of Which? Financial Services Limited, part of the Which? Group. To find out more about the Which? Group see the ‘About Us’ section of our general terms. If you are a member of Which? or using any of our other websites or products and services, please also check our general privacy notice.
For the purposes of data protection legislation, Which? Financial Services Limited (Company No 07239342) is a controller of your personal information where it is processed in relation to Which? Mortgage Advisers, Which? Insurance Advisers and Which? Money Compare products and services. Our registered address is 2 Marylebone Road, London, NW1 4DF.
Which? Financial Services Limited is referred to in this privacy notice as "we", "us" or "our".
What this notice applies to: This notice applies to personal information we collect (or collected) about you when you interact (or interacted) with us, for example when you use our Which? Money Compare tools, or contacted us about Which? Mortgage Advisers or Which? Insurance Advisers services, or that we collect from third parties, as described in this privacy notice. It sets out:
i. what information we collect or collected, and from whom;
ii. how we use that information;
iii. who we share your information with;
iv. how your information is protected;
v. your rights in relation to the information we hold about you; and
vi. how long we keep your information.
What this notice does not apply to: This notice does not apply to any services provided by the Consumers’ Association or Which? Limited, where a different privacy notice applies. For further details please see Which?’s privacy notice.
Changes to this privacy notice: We keep our privacy notice under regular review, and we encourage you to periodically review this page for the latest information on our privacy practices. Any material changes will be notified to you by updating them on our website together with any such other methods as may be appropriate.
1. What information does Which? Financial Services collect?
Information you provided to us voluntarily in relation to Which? Mortgage Advisers and Which? Insurance Advisers:
You may have given us your personal information when you:
• used our products and services;
• used our websites or online calculators;
• completed automated enquiries around specific product needs;
• corresponded with or contacted us;
• requested a call back either through our websites or through affiliates’ websites;
• entered into any of our competitions, promotions or surveys;
• contacted one of our helplines;
• interacted with us on social media platforms;
• signed up to one of our newsletters or other communications;
• agreed to be referred to us; or
• otherwise interacted with us or provided information to a third party to be referred to us.
Information we collect automatically:
We, or the companies which work on our behalf, collect certain related data of visitors to our websites automatically, including what pages you have viewed, for how long and your website journey.
Information is also collected about how you arrived at our websites in the first place, including what links or adverts of ours you have viewed or clicked on to reach us, or any search terms you have used. Where you see an advert outside of our website we, or an ad agency working on our behalf, will place a cookie on your browser so that, when you access our website, we recognise that you have seen an advert of ours elsewhere. Information collected automatically using cookies or other tracking technologies includes your IP address, and if you have logged in, your log-in details.
For further information see our separate Cookies Notice.
Information we collect from third party sources:
We may use Google Analytics and New Relic to collect information about how visitors to our website use the site, including collecting information on how long customers spend visiting our content items, how often they return to visit our websites and what demographic categories they fall into.
2. What types of information does Which? Financial Services process?
We collected, store and use the following types of information:
• your name and contact details (including your postal address, telephone number, email address(es), membership number, and social media identity);
• identification information (such as your date of birth, your National Insurance number, passport, driving licence, proof of address and three year address history and/or birth certificate);
• financial information (such as bank details or credit/debit card details, salary details and payslips, retirement information, credit commitments and debts, mortgage details, financial expenditure, utility bills, council tax bills, bank and credit card statements, credit reports, and tax calculations and tax credit correspondence);
• employment information;
• health and lifestyle information;
• details about your possessions;
• details about the products and services we provided to you;
• details about how you use our products and services;
• information you or dependants provided on other individuals (for example joint applicants for a product or service);
• information provided when you used our products or services, including where you are seeking guidance or advice;
• correspondence you have had with us;
• details about you that are stored in documents in different formats, or copies of them; and
• any other information shared with us as described in section 1 above.
3. How does Which? Financial Services use my information, and on what legal basis?
The following sections describe in more detail how Which? Financial Services, or one of the companies who work on our behalf, may use your information, and in particular the legal grounds on which we rely in doing so.
What we use your personal information for
We use the information collected for a number of purposes, including:
• to manage our relationship and communicate with you;
• to respond to complaints and seek to resolve them;
• to enhance your online experience;
• to develop and manage our products and services and test new products and services;
• to better understand our customers and consumers in general;
• to study how our customers use products and services from us and other organisations;
• to understand your website journey, including what pages you have viewed and for how long;
• to serve you adverts on other websites about things which you’ve shown an interest in on our own website, or relating to campaigns you have interacted with;
• to communicate with regulators, legislators, insurers and corporate stakeholders;
• to administer and keep safe and secure our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes; and
• to obey laws and regulations that apply to us.
The legal grounds we rely on to process your information
The legal grounds on which we rely are:
• to fulfil our contractual obligations;
• to pursue our legitimate interests;
• your consent; and / or
• to fulfil a legal duty.
When we rely on our legitimate interests, these are as follows:
• keeping our records up to date;
• developing products and services;
• marketing our products and services;
• administering our websites and keeping them safe and secure;
• ensuring that content is presented in the most effective manner for you and your devices;
• facilitating your use of our websites, including obtaining products or services via our websites;
• measuring the use of our websites and improving their content and accessibility;
• measuring and understanding the effectiveness of advertising, and delivering relevant advertising to you;
• ensuring that complaints can be dealt with appropriately;
• complying with legal and / or regulatory requirements;
Where we process personal information which is particularly sensitive (“special category data”), such as health data, we process that personal data on the basis that you have provided explicit consent for us to do so, or on the basis that such processing is necessary in the establishment, exercise or defence of legal claims:
• we process personal data relating to health in order to establish, exercise or defend our legal rights, for example when in order to defend ourselves against any legal claims or pursue any legal claims ourselves; and
• we process personal data relating to health where we have a legal or regulatory obligation to use such personal information, for example, when regulators such as the Financial Conduct Authority (FCA) and the Information Commissioner's Office (ICO) wish us to maintain certain records of any dealings with you.
4. Who does Which? Financial Services share my information with?
We, or one of the companies who work on our behalf, share your personal information with the following third parties:
• Data processors
To help us fulfil contracts and to pursue our legitimate interests, we share your personal information with third parties who provide services to Which? Financial Services Limited or who act on our behalf, for instance other parts of the Which? group, vendors, IT and other suppliers . We do not authorise these companies to use or disclose your personal information except for the purpose of providing the service we request of them. Which? group companies are all based in the United Kingdom ("UK"), but some third party data processors will be based outside of the UK.
• Group companies
We share your information between companies in our group for the following purposes:
• providing you with the products and services you obtain from us;
• responding to requests to exercise your rights;
• responding to complaints and enquiries and seeking to resolve them;
• keeping our records up to date; and
• developing products and services.
We may also share your information with other members of our group if you have indicated to us that you would like to hear about their Which? products and services.
All members of our group are based in the UK and comply with similarly high standards in the treatment of your information and will use it only for the purposes set out in this privacy notice.
A full list of companies/brands within our company group is available here.
• Third parties involved in corporate transactions
Which? Financial Services may share your information with third parties involved in any reorganisation, restructuring, merger or sale, or other transferring of assets, provided that the receiving party agrees to respect such personal information in a manner that is consistent with this Privacy Notice.
• Other third parties
These third parties may be companies with which we have a relationship in relation to products and services provided to you.
Other circumstances in which we will disclose your information
We will disclose your information to local and foreign regulators (such as the Financial Conduct Authority), governments, law enforcement authorities, advisers, insurers, courts, tribunals and arbitrators when we have a legal obligation to do so or when we believe our compliance with the request to be fair, reasonable and lawful, for example to detect, prevent or investigate security breaches, fraud or other crimes.
We will also disclose your information to establish, exercise or defend legal claims, for example: (i) to enforce our Terms and Conditions; (ii) to ensure the safety and security of our users, consumers and third parties; and (iii) to protect our rights and property and the rights and property of our website visitors, consumers and third parties.
Location of third parties
Some potential recipients of your information might be located outside of the UK and the European Economic Area (“EEA”), in jurisdictions which do not have the same data protection laws as those in the UK. If we do transfer your information outside of the UK we will take appropriate steps to protect that information, which include:
• transferring to third parties in jurisdictions that the UK (or the European Commission had, at 31 December 2020), determined offer adequate protection for your information (and information relating to adequacy decisions made by the European Commission as at 31 December is available here); and
• entering into an agreement with the recipient, which includes clauses that the UK Information Commissioner’s Office has determined offer adequate protection for your information (a template copy of which is available here).For more information, please contact us using the details outlined in section 10 (How may I contact Which? Financial Services about its privacy notice?) below.
5. What are my data protection rights?
You have the following rights in relation to your personal data:
• Access: The right to request access to and a copy of your personal information (which can be done by emailing firstname.lastname@example.org;
• Restriction: You can ask us to pause processing your information in certain circumstances (e.g. you are disputing its accuracy);
• Rectification: You can have any inaccuracies in your personal information corrected;
• Deletion: You can ask us to delete all your personal information in certain circumstances (e.g. if the information is no longer necessary for the purposes for which it was collected);
• Objection: You can object to us processing your personal information in certain circumstances;
• Objection to marketing: Please see section 7 (Marketing and advertising) below, for information about how to opt-out of direct marketing communications;
• Portability: You can ask us to transfer your information electronically to you or another organisation in certain circumstances;
• Withdrawal of consent: Where we rely on your consent to process your information, you can withdraw consent at any time, although this will not affect our uses of your personal information prior to the withdrawal of your consent; and
• To lodge a complaint with the Information Commissioner’s Office (“ICO”) or other relevant supervisory authority: You can complain to the ICO or other relevant supervisory authority about any aspect of our handling of your information.
More information about the right to complain can be found at https://ico.org.uk/for-the-public/. If you have any questions about these rights, or you would like to exercise them, please contact us using the details at section 10 (How may I contact Which? Financial Services about its privacy notice) below.
Please be aware that you are under no obligation to provide us with your personal information. However, failure to do so may, in some circumstances, prevent us from being able to provide you with products and services, or otherwise interact with you.
When exercising your data protection rights we may ask you to verify your identity in order to help us respond efficiently to your request.
If you would like to exercise any of the above rights, please email or write to us using the details outlined in section 10 (How may I contact Which? Financial Services about its privacy notice?) below. All of these rights are free to exercise and we will do our best to respond to you as quickly as possible and in any event, within one month of receipt of your written request. We will inform you within one month of receipt of such request if we will need longer to respond, for example due to the complexity of the request.
We want to make sure that your personal information is accurate and up to date. Please always let us know if you think that it is not and needs updating. Details of how to get in touch are in the section How may I contact Which? Financial Services about its privacy notice? below.
6. How long is my information retained?
Whenever we collect or process your personal data, we will only keep information about you for as long as we need to fulfil the purposes for which we are processing your information. At the end of that retention period, your data will either be deleted or anonymised. Examples of our retention periods are:
- Where we need to keep your information for financial reporting obligations, we would normally keep it for ten years from the date of payment.
- Where we need to keep your information for dealing with legal claims or complaints, we would normally keep it for seven years from the end of that matter.
- Where we've given advice we keep personal information for up to up seven years after the end of the fixed rate period, up to a maximum of 12 years from completion date.
- Where no advice was given beyond an initial fact-find call we keep information for up to 12 months.
- For identity/"Know Your Customer" documents we are required by law to retain customer due diligence records for at least five years after the business relationship ends.
7. Marketing and advertising
We may use the information you provide to send you communications about Which? group products and services and/or campaign work. This might be by telephone or postal marketing in furtherance of our legitimate interests, or for marketing by email or SMS, with your consent.
You can change your marketing preferences at any time by clicking on the “unsubscribe” link in the footer of our emails, or by writing to us, emailing us or phoning us. All details can be found in section 10 (How may I contact Which? about its privacy notice?) below. You can also unsubscribe from receiving any further marketing communications.
We may analyse the information we collect about you to improve the targeting of communications. We use profiling and screening techniques to ensure that our communications to you are relevant and timely, and to provide an improved experience for you. When building a profile, we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences so we can contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. If you do not wish your data to be used in this way, please contact us at email@example.com or using the details in section 10 (How may I contact Which? Financial Services about its privacy notice? ) below.
We engage in the following forms of advertising on other websites which are part of the same advertising network or affiliate network as we are.
We carry out display and contextual advertising on other websites.
These are usually in the form of banner adverts of varying sizes and formats that appear on pages within these external sites that may run across the top of your computer screen, or can be a piece of text.
We also work with messaging platforms that on our behalf, and with your direct express consent, may deliver messages to your desktop or mobile browsers. These messages will be tailored to the pages and content you have shown interest in and you have the option when each message is delivered to opt-out of all future communications.
8. Links to other websites and social media
Where we provide links to other websites, we do so for information purposes unless otherwise indicated. The other websites are outside our control and are not covered by this privacy notice. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their privacy notice, which may differ from ours.
On some pages of our websites, third parties that provide content, applications or plug-ins through our Website may track your use of content, applications and plug-ins or customise content, applications and plug-ins for you. For example, when you share an article using a social media sharing button on our websites (e.g., Facebook, Twitter, or Google Plus), the social network that has created the button will record that you have done this. For more information on social media plug-ins on our website, see Our Cookies Notice.
9. Use of our Website by minors
If you are aged 13 or under, please get your parent's/guardian's permission before you provide information to us via our websites. Users without this consent are not allowed to provide us with information and, in the event that they do so, we will cease to process their information as soon as we find out.
10. How may I contact Which? Financial Services about its privacy notice?
You can contact us by post, telephone and email as follows:
firstname.lastname@example.org (for access requests under section 5 and all general queries)
email@example.com (to manage your marketing and analytics preferences)
Telephone number: 029 2267 0000
General Counsel, Which?, 2 Marylebone Road, London, NW1 4DF
To find out more about Which? group and who we are, please look at the 'About Us' section of our general terms.
11. Changes to this Privacy Notice
Which? may need to update this Privacy Notice from time to time. You can see when the Privacy Notice was last updated by checking the date at the top of the page. A summary of changes can be found in this section, along with the date they were made.
If we make any updates, such as materially changing how we use your personal data, we will alert you as required by applicable privacy laws.
09.01.20 - Section 6 - Clarification on how long your personal data is retained.
07.08.20 – Full review of privacy notice to reflect closure of the Which? Mortgage Advisers and Which? Insurance Advisers businesses.
02.06.21 - Section 4 - updated to reflect the changes following the UK’s departure from the EU in relation to international data transfers outside of the UK.