top of page


Customer Data Protection (GDPR) Privacy Notice:

This privacy statement explains what personal data our firm collects from you through our business relationship and how we will use that data and how you may amend the data we hold. The processing of your data is necessary as you are asking the firm to take specific steps, (in your interests), by entering into a contract with us to source a mortgage, finance and/or an insurance product for you. Without the data being provided we cannot carry out 

the high level of service we wish to provide. We have a legitimate interest in the collection of your data which is necessary to enable us to complete any contractual arrangements and personalise your experience with us as described above and below. 

How we collect data: - 

Your information may be passed onto us from a third party with your knowledge or permission, who may ask our firm to contact you by either telephone, text message, letter, email, social media, fax, or by you making enquiries to our website. 

The reasons we collect data from you is so that we can source a more relevant and suitable mortgage, loan, finance and/or insurance product(s) for you, or make introductions to other firms where we do not have access to certain products ourselves. 

Our firm can collect data via its website by the use of “cookies” which are small text files that can be read by the web server in the domain that puts the cookie on your computer’s hard drive. We may use cookies to store your preferences and settings which help you when accessing our website. You have the option to accept, block or delete cookies when accessing our website to personalise your experience with us. 

Lawful basis of processing: 

From time to time we may pay for the contact details of people who might be interested in hearing from us in future. These may come from retailers or from companies who conduct telephone or online surveys or social media engagement, to promote and gather interest for organisations. Before we purchase contact information, we always check the wording used when your information was originally collected, to ascertain how we process your data. You may who have actively expressed interest in receiving information from us, which means we would contact you under consent or you have shared information which could mean we have a legitimate interest to contact you.

Where data is shared outside of the EEA we will take the necessary and appropriate technical and organisational measures to protect our customer's data

What data do we collect? 

To enable us to source the most effective product(s) for you, we need to collect data about you, your family, including your children (the data being limited and for information purposes only). They will not form part of any contract with us. Your occupations, income and expenditure, financial commitments including credit facilities and bank details you hold as well as any mortgages and insurances that you may hold. We may ask for details of your health, medical history and ethnic origin if discussing various insurances with you. You must provide us with accurate information. We will also need to know of any third-party relationships you hold with any industry connections such as your Bank, Lenders, Insurers, Solicitors, Conveyancers, Will Writers, Surveyors, Estate Agents/ Management Agents and Accountants, so we may liaise with them on related issues to improve the service we provide to you. This information is stored within our Data Base.

How do we use your data? 

Our firm aims to source the most suitable product(s) for you from many product providers available to us which necessitate our firm to pass on the data we have collected about you to various controlled affiliated third parties, using third-party software to compare and research various products for you. 

We may also obtain some information from third parties, for example, credit checks, information from your employer, and searches of information in the public domain such as the voter's roll. We may use technology solutions to assist in the collection of Your Personal Data for example software that can verify your credit status. We will only do this if we have consent from you for us or our nominated processor to access your information in this manner.


When completing electronic ID checks we would not require your consent but will inform you of how such software operates and the purpose for which it is used. 

We are required by law and our regulators to “know and verify our customers” which requires us to check the identification and addresses of our customers to protect the industry against fraud, which benefits everyone. We will use the data provided to us to make checks using legitimate third-party software to verify your identity and your address. We can also ask third-party compliance firms to assess our performance to ensure we carry out our duties to adhere to regulatory requirements, which helps you to have confidence that the firm is providing the best possible overall service to you. These are regulatory requirements we must abide by. 

We will record and store your data in our paper files, mobile devices and on our computer systems (websites, email, hard drives, and cloud facilities). This information can only be accessed by employees and consultants within our Firm and only when it is necessary to provide our service to you and to perform any administration tasks associated with or incidental to that service. 

We will submit your data to product providers where you have agreed to progress your enquiry to an application both in paper form and online via a secure portal. The provision of this information to a third party is essential in allowing us to progress any enquiry or application made on your behalf and to deal with any additional questions or administrative issues that lenders and providers may raise. 

On occasions and with your permission, we may introduce your details to other firms so that they may make a recommendation to you. You will be aware of this introduction before such an introduction is made. In the course of your dealings with us, we may be required to pass 

on your data to other third-party firms within our industry, such as Banks, Solicitors, Conveyancers, Will Writers, Surveyors, Accountants and other Financial Advisers to assist you with your connected financial products or products not available to us.


You will be aware of such introductions. We aim to simply share your data for the purpose of

progressing your enquiry.


We do not provide permission for any third party with whom we deal to send you marketing or promotional messages. 

Our firm aims to build up a long-term relationship with you to ensure you receive the best possible service from us, which is likely to necessitate us communicating with you at varying times by either telephone, text message, letter, email, social media, or fax. 

We will contact you to review the products previously organised for you when that product reaches maturity, or some external influence affects the advice previously given where an alternative product may benefit you.


We will inform you of any developments about those products and/or policies of which we might become aware. 

We will discuss organising the optional updated advice service with you. We normally review the products we have helped organise every two to five years. You have the option at any time to accept such an invitation or not. 

Records held by us: - 

Our firm has an industry requirement under regulation by the Financial Conduct Authority and the Information Commissioner to make available the data we hold about you to them if we are called upon to do so. We are also required by them to hold records containing your data for at least six years after the mortgage or insurance term reaches maturity. In the event of a complaint, we may be required to provide your details to the Financial Ombudsman Service, our Professional Indemnity Insurers and the Financial Services Compensation Scheme. 

Your individual data protection rights: -


You have the “right to be informed”, by way of this “privacy notice”, of our obligations to provide transparency as to how we use your personal data. You have a “right of access” to obtain confirmation that your data is being processed and have a right to access your data. You also have a right to have data collected “rectified” if inaccurate or incomplete. If we have passed inaccurate information to other third parties, we will notify them of this anomaly and request they correct it. 

You have the right to have your data “ported” to other organisations within the UK and European Union. 

You have the right to “object” to the processing of your data. You also have the right to request we stop using your data for marketing purposes. You also have the right to “restrict or block” the processing of your data under certain circumstances such as when you contest the accuracy of the data. We can store the data, but not process it. 

The rules require our firm to provide safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention where automated decision-making facilities are used by our firm.

We do take automated decisions within our firm. All the above rights are free of charge to a customer except in instances where requests are manifestly unfounded or excessive. All requests will be completed within a maximum of 30 days. 

Security and breach notifications: - 

The Data Protection rules require all organisations to report certain types of data protection breaches to the relevant supervisory authority and in some cases to the individuals affected. 

We have procedures in place to detect, report and investigate a personal data breach. Certain types of data breaches must be made to the Information Commissioners Organisation (ICO), and in some cases, to you the individual within 72 hours of its discovery. We are required to notify the ICO of a breach where it is likely to result in a risk to the rights and freedoms of you the individual, for instance, it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. Where a breach is likely to result in a high risk to your rights and freedoms, we will notify you. 

We keep your data secure by operating secure passwords on various computer programmes and backing up data to ensure it is secure. We will take reasonable steps to safeguard Your Personal Data against it being accessed unlawfully or maliciously by a third party.


We also expect you to take reasonable steps to safeguard your privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us. You can safely send documents to us using a “Client Portal”. Ask your adviser for details. 

If you have any questions or comments about this document or wish to make contact to exercise any of your rights set out within it please contact:


The Data Controller Charles Frank Finance Ltd 89 Cardiff Road Taffswell Cardiff CF15 7PL 029 2167 0060 You also have a right to contact the Information Commissioners Office if required whose contact details are as follows: -


Web: The website has various contact points.


Telephone Helpline: 0303 123 1113 or by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. 

Data transfer out of the European Union: - Personal data may only be transferred outside of the EU in compliance with the conditions for transfer set out in Chapter V of the GDPR. The recipient firm of the data must have adequate safeguards and controls in place before the data is transferred to them.


Your Rights

The General Data Protection Regulation provides several rights for individuals about the processing of your data: The GDPR provides the following rights for individuals:

The right to be informed

The right of access

The right to rectification

The right to erasure

The right to restrict processing

The right to data portability

The right to object

Rights about automated decision making and profiling.

The right to complain to a supervisory authority


We hope this document is useful to you and will help you understand how we handle your data and explain the uses to which it is put. The information we receive helps us to source the most suitable deals for you and enables us to provide a better service to you. If you have any queries in relation to this document, please contact the Data Controller, whose details are above.

Privacy Policy: About
bottom of page