This privacy notice was last updated on 9 January 2020.
About this notice
Who we are
Which? Mortgage Advisers, Which? Insurance Advisers and Which? Money Compare are trading names of Which? Financial Services Limited, part of the Which? group. To find out more about the Which? group see the ‘About Us’ section of our general terms. You can also find out more about the activities of Which? Mortgage Advisers, Which? Insurance Advisers and Which? Money Compare. If you are a member of Which? or using any of our other websites or products and services, please also check our general privacy notice.
Where we are processing your information in relation to Which? Mortgage Advisers, Which? Insurance Advisers and Which? Money Compare products and services, for the purposes of data protection legislation, Which? Financial Services Limited (Company No 07239342) is a controller of your personal information. Our registered address is 2 Marylebone Road, London, NW1 4DF. Our trading address is First Floor, One Castlepark, Tower Hill, Bristol, BS2 0J.
Which? Financial Services Limited is referred to in this privacy notice as "we", "us" or "our".
What this notice applies to: This notice applies to personal information we collect about you when you interact with us (for example when you use our websites or contact us), or that we collect from third parties, as described in this privacy notice. It sets out:
i. what information we collect, and from whom;
ii. how we use that information;
iii. who we share your information with;
iv. how your information is protected;
v. your rights in relation to the information we hold about you; and
vi. how long we keep your information.
What this notice does not apply to: This notice does not apply to any services provided by the Consumers’ Association or Which? Limited, where a different privacy notice applies. For further details please see Which?’s privacy notice.
Changes to this privacy notice: We keep our privacy notice under regular review, and we encourage you to periodically review this page for the latest information on our privacy practices. Any material changes will be notified to you by updating them on our website together with any such other methods as may be appropriate.
1. What information does Which? Financial Services collect?
Information you provide to us voluntarily:
You may give us your personal information when you:
• use our products and services;
• use our websites or online calculators;
• complete automated enquiries around specific product needs;
• correspond with or contact us;
• request a call back either through our websites or through affiliates’ websites;
• enter into any of our competitions, promotions or surveys;
• contact one of our helplines;
• interact with us on social media platforms;
• sign up to one of our newsletters or other communications;
• agree to be referred to us; or
• otherwise interact with us or provide information to a third party to be referred to us.
Where we request information from you we will collect the information set out in the relevant forms or pages, or as explained to you over the telephone. You may choose to provide additional information to us when you contact us or otherwise interact with us, or provide information to a third party to be referred to us. We record calls for monitoring and training purposes and store customer feedback and information on our customer information databases.
Information we collect automatically:
We, or the companies which work on our behalf, collect certain related data of visitors to our websites automatically, including what pages you have viewed, for how long and your website journey.
Information is also collected about how you arrived at our websites in the first place, including what links or adverts of ours you have viewed or clicked on to reach us, or any search terms you have used. Where you see an advert outside of our website we, or an ad agency working on our behalf, will place a cookie on your browser so that, when you access our website, we recognise that you have seen an advert of ours elsewhere. Information collected automatically using cookies or other tracking technologies includes your IP address, and if you have logged in, your log-in details.
For further information see our separate Cookies and Tracking Technologies Notice.
Information we collect from third party sources:
On occasions, we acquire information from another company, for example to supplement the data that Which? Financial Services holds. Where this happens we will take appropriate steps to assure ourselves that your information was collected legally.
For example, we use Google Analytics and New Relic to collect information about how visitors to our website use the site, including collecting information on how long customers spend visiting our content items, how often they return to visit our websites and what demographic categories they fall into.
Information which is available publicly
Your personal information may be available to us from external publicly available sources: for example, geo-demographic information and information from public registers such as listed directorships, information from the electoral roll and press reports. In addition, depending on your privacy settings for social media services, we may access information from those accounts or services.
2. What types of information does Which? Financial Services process?
We collect, store and use the following types of information:
• your name and contact details (including your postal address, telephone number, email address(es), membership number, and social media identity);
• identification information (such as your date of birth, your National Insurance number, passport, driving licence, proof of address and three year address history and/or birth certificate);
• financial information (such as bank details or credit/debit card details, salary details and payslips, retirement information, credit commitments and debts, mortgage details, financial expenditure, utility bills, council tax bills, bank and credit card statements, credit reports, and tax calculations and tax credit correspondence);
• employment information;
• health and lifestyle information;
• details about your possessions;
• details about the products and services we provide to you;
• details about how you use our products and services;
• information you or dependants provide on other individuals (for example joint applicants for a product or service);
• information provided when you use our products or services, including where you are seeking guidance or advice;
• correspondence you have had with us;
• information about your computer / mobile device and the telephone number you call us with, and your visits to and use of our websites, including for example your IP address;
• details about you that are stored in documents in different formats, or copies of them; and
• any other information shared with us as described in section 1 above.
3. How does Which? Financial Services use my information, and on what legal basis?
The following sections describe in more detail how Which? Financial Services, or one of the companies who work on our behalf, may use your information, and in particular the legal grounds on which we rely in doing so.
What we use your personal information for
We use the information collected for a number of purposes, including:
• to engage with you and understand and discuss your requirements;
• to provide you with advice or guidance about our products and services;
• to provide you with advice or guidance about third party products and services;
• to deliver our products and services;
• to process, submit and manage your application for a financial or insurance services product;
• to verify your identity
;• to make and manage payments;
• to manage our relationship and communicate with you;
• to respond to complaints and seek to resolve them;
• to enhance your online experience;• to develop and carry out marketing activities;
• to develop and manage our products and services and test new products and services;
• to better understand our customers and consumers in general;
• to study how our customers use products and services from us and other organisations;
• to research consumer views and experiences for research and editorial purposes, including through requests for help and surveys;
• to verify your membership;
• to understand your website journey, including what pages you have viewed and for how long;
• to serve you adverts on other websites about things which you’ve shown an interest in on our own website, or relating to campaigns you have interacted with;
• to communicate with regulators, legislators and corporate stakeholders;
• to conduct and commission research into consumer opinions;
• to administer and keep safe and secure our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to train our staff and measure the quality of the service we give you; and
• to obey laws and regulations that apply to us.
The legal grounds we rely on to process your information
The legal grounds on which we rely are:
• to fulfil our contractual obligations (for example in order to provide the products or services requested and to contact you if a problem arises with them);
• to pursue our legitimate interests (for example to facilitate your use of our websites, including obtaining products or services via our websites, or for marketing);
• your consent; and / or
• to fulfil a legal duty.
When we rely on our legitimate interests, these are as follows:
• keeping our records up to date;
• charging for products and services;
• developing products and services;
• marketing our products and services;
• administering our websites and keeping them safe and secure;
• ensuring that content is presented in the most effective manner for you and your devices;
• facilitating your use of our websites, including obtaining products or services via our websites;
• measuring the use of our websites and improving their content and accessibility;
• measuring and understanding the effectiveness of advertising, and delivering relevant advertising to you;
• tailoring content and our communications so that they are most relevant to you;
• ensuring that complaints can be dealt with appropriately;
• complying with legal and / or regulatory requirements;
• identifying consumer trends;
• understanding products, services and the consumer experience; and
• informing and generating content (for our editorial outputs and other channels).
Where we process personal information which is particularly sensitive (“special category data”), such as health data, we process that personal data on the basis that you have provided explicit consent for us to do so, or on the basis that such processing is necessary in the establishment, exercise or defence of legal claims:
• we process personal data relating to health in order to process, submit and manage your application(s) for insurance products;
• we process personal data relating to health in order to establish, exercise or defend our legal rights, for example when in order to defend ourselves against any legal claims or pursue any legal claims ourselves; and
• we process personal data relating to health where we have a legal or regulatory obligation to use such personal information, for example, when regulators such as the Financial Conduct Authority (FCA) and the Information Commissioner's Office (ICO) wish us to maintain certain records of any dealings with you.
4. Who does Which? Financial Services share my information with?
We, or one of the companies who work on our behalf, share your personal information with the following third parties:
• Data processors
To help us fulfil contracts and to pursue our legitimate interests, we share your personal information with third parties who provide services to Which? Financial Services Limited or who act on our behalf, for instance other parts of the Which? group, vendors, IT and other suppliers, research agencies, payment processors, financial institutions, shipping companies or postal authorities that are involved in fulfilling your request. We do not authorise these companies to use or disclose your personal information except for the purpose of providing the service we request of them. Which? group companies are all based in the UK, but some third party data processors will be based outside of the European Economic Area (EEA).
• Group companies
We share your information between companies in our group for the following purposes:
• providing you with the products and services you obtain from us;
• responding to requests to exercise your rights;
• responding to complaints and seeking to resolve them;
• keeping our records up to date;
• charging for products and services;
• developing products and services; and
• informing and generating content (for our editorial outputs and other channels).
We may also share your information with other members of our group if you have indicated to us that you would like to hear about their Which? products and services.
All members of our group are based in the UK and comply with similarly high standards in the treatment of your information and will use it only for the purposes set out in in this privacy notice.
A full list of companies/brands within our company group is available here.
• Social media companies, search engines and advertising platforms
Personal information about our existing customers may be used to further our legitimate interests, in particular to better understand our target audience on social media sites, search engines and advertising platforms (such as Google, Facebook, YouTube and Amazon) and to promote our services on those platforms to prospective new members of a similar profile. The personal information about our existing customers is psuedonymised when uploaded to these platforms to match against potential new members.
The information that we provide to these platforms for such purposes does not directly identify you and is used solely to establish whether you are also a customer of the social media site and, if so, to identify users of the social media site that have a similar profile to you and for serving advertisements.
The information we provide to the social media platform is destroyed once the matching exercise is complete. If you do not wish your personal data to be used in this way, please contact email@example.com.
A social networking widget may be found in many of our pages. This widget gives you the tool to bookmark our websites, blog, share, tweet and email our content to a friend. Your interaction with this tool, or being on the same webpage while being logged into these services, will result in further cookies from these social media companies being placed on your system. Our Cookie and Tracking Technologies Notice provides further information about this.
• Third parties involved in corporate transactions
Which? Financial Services may share your information with third parties involved in any reorganisation, restructuring, merger or sale, or other transferring of assets, provided that the receiving party agrees to respect such personal information in a manner that is consistent with this Privacy Notice.
• Other third parties
These third parties may be companies with which we have a relationship in relation to products and services provided to you, companies through which you have contacted Which? Financial Services, or companies you ask us to contact on your behalf (such as lenders and insurance product providers, solicitors, conveyancers and/or estate agents).
Other circumstances in which we will disclose your information
We will disclose your information to local and foreign regulators (such as the Financial Conduct Authority), governments, law enforcement authorities, advisors, courts, tribunals and arbitrators when we have a legal obligation to do so or when we believe our compliance with the request to be fair, reasonable and lawful, for example to detect, prevent or investigate security breaches, fraud or other crimes.
We will also disclose your information to establish, exercise or defend legal claims, for example: (i) to enforce our Terms and Conditions; (ii) to ensure the safety and security of our users, consumers and third parties; and (iii) to protect our rights and property and the rights and property of our website visitors, consumers and third parties.
Location of third parties
Some potential recipients of your information might be located outside the European Economic Area (“EEA”), in jurisdictions which do not have the same data protection laws as those in the EEA. If we do transfer your information outside the EEA we will take appropriate steps to protect that information, which include:
• transferring to third parties in jurisdictions that the European Commission has determined offer adequate protection for your information (and information relating to adequacy decisions made by the European Commission are available here); and
• entering into an agreement with the recipient, which includes clauses that the European Commission has determined offers adequate protection for your information (a template copy of which is available here).For more information, please contact us using the details outlined in section 10 (How may I contact Which? Financial Services about its privacy notice?) below.
5. What are my data protection rights?
You have the following rights in relation to your personal data:
• Access: The right to request access to and a copy of your personal information (which can be done by emailing firstname.lastname@example.org;
• Restriction: You can ask us to pause processing your information in certain circumstances (e.g. you are disputing its accuracy);
• Rectification: You can have any inaccuracies in your personal information corrected;
• Deletion: You can ask us to delete all your personal information in certain circumstances (e.g. if the information is no longer necessary for the purposes for which it was collected);
• Objection: You can object to us processing your personal information in certain circumstances;
• Objection to marketing: Please see section 7 (Marketing and advertising) below, for information about how to opt-out of direct marketing communications;
• Portability: You can ask us to transfer your information electronically to you or another organization in certain circumstances;
• Withdrawal of consent: Where we rely on your consent to process your information, you can withdraw consent at any time, although this will not affect our uses of your personal information prior to the withdrawal of your consent; and
• To lodge a complaint with the Information Commissioner’s Office (“ICO”) or other relevant supervisory authority: You can complain to the ICO (www.ico.org.uk/global/contact-us/email) or other relevant supervisory authority about any aspect of our handling of your information.
More information about the right to complain can be found at https://ico.org.uk/for-the-public/. If you have any questions about these rights, or you would like to exercise them, please contact us using the details at section 10 (How may I contact Which? Financial Services about its privacy notice) below.
Please be aware that you are under no obligation to provide us with your personal information. However, failure to do so may, in some circumstances, prevent us from being able to provide you with products and services, or otherwise interact with you.
When exercising your data protection rights we may ask you to verify your identity in order to help us respond efficiently to your request.
If you would like to exercise any of the above rights, please email or write to us using the details outlined in section 10 (How may I contact Which? Financial Services about its privacy notice?) below. All of these rights are free to exercise and we will do our best to respond to you as quickly as possible and in any event, within one month of receipt of your written request. We will inform you within one month of receipt of such request if we will need longer to respond, for example due to the complexity of the request.
We want to make sure that your personal information is accurate and up to date. Please always let us know if you think that it is not and needs updating. Details of how to get in touch are in the section How may I contact Which? Financial Services about its privacy notice? below.
6. How long is my information retained?
Whenever we collect or process your personal data, we will only keep information about you for as long as we need to fulfil the purposes for which we are processing your information. At the end of that retention period, your data will either be deleted or anonymised. Examples of our retention periods are:
- Where we need to keep your information for financial reporting obligations, we would normally keep it for ten years from the date of payment.
- Where we need to keep your information for dealing with legal claims or complaints, we would normally keep it for seven years from the end of that matter.
- Where we've given advice we keep personal information for up to seven years after the end of the term of the recommended mortgage contract has ended.
- Where no advice was given beyond an initial fact-find call we keep information for up to 12 months.
- For identity/"Know Your Customer" documents we are required by law to retain customer due diligence records for at least five years after the business relationship ends.
7. Marketing and advertising
We may use the information you provide to send you communications about Which? group products and services and/or campaign work. This might be by telephone or postal marketing in furtherance of our legitimate interests, or for marketing by email or SMS, with your consent.
You can change your marketing preferences at any time by clicking on the “unsubscribe” link in the footer of our emails, or by writing to us, emailing us or phoning us. All details can be found in section 10 (How may I contact Which? about its privacy notice?) below. You can also unsubscribe from receiving any further marketing communications.
We may analyse the information we collect about you to improve the targeting of communications. We use profiling and screening techniques to ensure that our communications to you are relevant and timely, and to provide an improved experience for you. When building a profile, we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences so we can contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. If you do not wish your data to be used in this way, please contact us at email@example.com or using the details in section 10 (How may I contact Which? Financial Services about its privacy notice? ) below.
We engage in the following forms of advertising on other websites which are part of the same advertising network or affiliate network as we are.
We carry out display and contextual advertising on other websites.
These are usually in the form of banner adverts of varying sizes and formats that appear on pages within these external sites that may run across the top of your computer screen, or can be a piece of text.
We also work with messaging platforms that on our behalf, and with your direct express consent, may deliver messages to your desktop or mobile browsers. These messages will be tailored to the pages and content you have shown interest in and you have the option when each message is delivered to opt-out of all future communications.
8. Links to other websites and social media
Where we provide links to other websites, we do so for information purposes unless otherwise indicated. The other websites are outside our control and are not covered by this privacy notice. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their privacy notice, which may differ from ours.
On some pages of our websites, third parties that provide content, applications or plug-ins through our Website may track your use of content, applications and plug-ins or customise content, applications and plug-ins for you. For example, when you share an article using a social media sharing button on our websites (e.g., Facebook, Twitter, or Google Plus), the social network that has created the button will record that you have done this. For more information on social media plug-ins on our website, see Our Cookie and Tracking Technologies Notice.
9. Use of our Website by minors
If you are aged 13 or under, please get your parent's/guardian's permission before you provide information to us via our websites. Users without this consent are not allowed to provide us with information and, in the event that they do so, we will cease to process their information as soon as we find out.
10. How may I contact Which? Financial Services about its privacy notice?
You can contact us by post, telephone and email as follows:
firstname.lastname@example.org (for access requests under section 5 and all general queries)
email@example.com (to manage your marketing and analytics preferences)
Telephone number: 0117 981 7311
Head of Compliance, Which? Mortgage Advisers, First Floor, One Castlepark, Tower Hill, Bristol, BS2 0JA
To find out more about Which? group and who we are, please look at the 'About Us' section of our general terms.
11. Changes to this Privacy Notice
Which? may need to update this Privacy Notice from time to time. You can see when the Privacy Notice was last updated by checking the date at the top of the page. A summary of changes can be found in this section, along with the date they were made.
If we make any updates, such as materially changing how we use your personal data, we will alert you as required by applicable privacy laws.
09.01.20 - Section 6 - Clarification on how long your personal data is retained.