Privacy Policy
Business & House Loan (“we“, “us“, “our“) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our services, or interact with us in connection with any loan or financial product.
This policy applies to all personal data we process as a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully. By using our website or services you confirm you have read and understood it.
If you have any questions about this policy or how we handle your data, please contact our Data Protection Officer at contact@businessandhouseloan.com or write to us at the address in Section 14.
The data controller responsible for your personal information is:
Business & House Loan Ltd
1 Canada Square, Canary Wharf, London, E14 5AB
Company Registration: 12345678 (England & Wales)
FCA Reference Number: 123456
ICO Registration: ZA123456
Email: contact@businessandhouseloan.com
Phone: +52 55 4687 6938
We are authorised and regulated by the Financial Conduct Authority (FCA) and registered with the Information Commissioner’s Office (ICO) for data protection purposes. You can verify our FCA registration at register.fca.org.uk.
We collect personal data from you when you use our website, contact us, or apply for a loan product. The categories of data we collect include:
| Category | Examples | Source |
|---|---|---|
| Identity Data | Full name, date of birth, nationality, title, gender | You directly |
| Contact Data | Email address, phone number, home address, postcode | You directly |
| Financial Data | Bank details, income, employment status, credit history, outstanding debts, assets | You directly / credit reference agencies |
| Application Data | Loan amount, property details, deposit, purpose of loan, mortgage details | You directly |
| Technical Data | IP address, browser type, device type, operating system, time zone, cookies | Automatic collection |
| Usage Data | Pages visited, links clicked, time on site, referral source | Automatic collection |
| Communications Data | Emails, phone call recordings (where applicable), chat transcripts | You directly / our systems |
| Credit Data | Credit score, payment history, CCJs, defaults, bankruptcies | Credit reference agencies (Experian, Equifax, TransUnion) |
| Special Category Data | Health information (only where required to process certain products, with your explicit consent) | You directly |
Soft vs Hard Credit Searches: When you make an initial enquiry, we perform only a soft credit search which is invisible to other lenders and does not affect your credit score. A hard credit search — which appears on your credit file — only takes place when you formally apply to a lender, and only with your explicit consent.
We use your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Processing your loan application and providing mortgage or finance advice | Contract performance; Legal obligation |
| Conducting credit and identity checks | Contract performance; Legitimate interests |
| Complying with FCA regulatory requirements and anti-money laundering obligations | Legal obligation |
| Communicating with you about your application and account | Contract performance |
| Sending you information about products or services you may be interested in | Consent; Legitimate interests |
| Improving our website and services through analytics | Legitimate interests |
| Detecting and preventing fraud and financial crime | Legal obligation; Legitimate interests |
| Recording telephone calls for training and quality purposes | Legitimate interests; Legal obligation |
| Managing and resolving complaints | Legal obligation; Legitimate interests |
Under UK GDPR, we must have a lawful basis to process your personal data. The legal bases we rely on are:
- Contract Performance: Processing is necessary to perform a contract with you (e.g., processing your loan application) or to take steps at your request before entering into a contract.
- Legal Obligation: Processing is necessary to comply with a legal obligation (e.g., FCA regulations, anti-money laundering requirements, tax obligations).
- Legitimate Interests: Processing is necessary for our legitimate interests — such as fraud prevention, improving our services, and direct marketing — provided these are not overridden by your interests or rights.
- Consent: Where we rely on your consent (e.g., for marketing communications or special category data), you have the right to withdraw consent at any time by contacting us or clicking “Unsubscribe” on any marketing email.
For special category data (such as health information), we rely on your explicit consent or, where applicable, on processing being necessary for reasons of substantial public interest under UK law.
We may share your personal data with the following categories of third parties:
- Lenders and financial institutions — to submit your application and obtain credit decisions on your behalf. We will always tell you which lender we intend to approach before submitting.
- Credit reference agencies (Experian, Equifax, TransUnion) — to perform credit and identity checks.
- Fraud prevention agencies — to detect and prevent financial crime and money laundering.
- HM Revenue & Customs, regulators and authorities — where required by law or to comply with our FCA regulatory obligations.
- IT service providers and cloud platforms — who host, maintain and support our systems under strict data processing agreements.
- Professional advisers — including solicitors, auditors and insurers where necessary.
We never sell your personal data. Your information is never sold, rented or traded to third-party marketers. Any third party that processes your data on our behalf is required to enter into a Data Processing Agreement and is bound by UK GDPR obligations.
We primarily process and store your data within the United Kingdom and the European Economic Area (EEA). In certain circumstances, data may be transferred to service providers located outside the UK/EEA.
Where such transfers occur, we ensure appropriate safeguards are in place, including:
- Transfers to countries with an adequacy decision from the UK government;
- Use of the UK International Data Transfer Agreement (IDTA) or equivalent standard contractual clauses;
- Binding corporate rules approved by the ICO.
You may request a copy of the relevant safeguards by contacting our Data Protection Officer.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, regulatory, accounting or reporting obligations.
| Data Type | Retention Period | Reason |
|---|---|---|
| Loan application data (successful) | 7 years after loan repayment | FCA regulatory requirement |
| Loan application data (unsuccessful) | 3 years from application | Legal defence; FCA rules |
| Call recordings | 5 years | FCA COBS rules |
| Marketing preferences | Until consent withdrawn + 1 year | Consent management |
| Website usage / analytics | 26 months | Legitimate interests |
| Anti-money laundering records | 5 years from end of relationship | Money Laundering Regulations 2017 |
| Complaint records | 3 years from resolution | FCA DISP rules |
After the applicable retention period, your data is securely deleted or anonymised in accordance with our data destruction policy.
Under UK GDPR, you have the following rights in relation to your personal data. You can exercise any of these rights free of charge by contacting us at contact@businessandhouseloan.com. We will respond within one calendar month.
Exercising your rights: To submit a Subject Access Request or exercise any of your rights, email contact@businessandhouseloan.com with “Data Rights Request” in the subject line. We may need to verify your identity before processing your request.
Our website uses cookies and similar tracking technologies to enhance your experience and analyse how our site is used. Cookies are small text files stored on your device when you visit a website.
| Cookie Type | Purpose | Duration | Consent Required |
|---|---|---|---|
| Strictly Necessary | Essential for the website to function — session management, security, form submissions | Session | No |
| Performance / Analytics | Google Analytics — anonymised traffic data, page views, user journeys | 26 months | Yes |
| Functional | Remembering your calculator preferences and form entries | 12 months | Yes |
| Marketing / Targeting | Retargeting adverts on third-party platforms (Google Ads, Meta) | 90 days | Yes |
You can manage your cookie preferences at any time by clicking “Cookie Settings” in the footer of our website, or by adjusting your browser settings. Note that disabling certain cookies may affect the functionality of our website. Read our full Cookie Policy.
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against accidental loss, unauthorised access, disclosure, alteration or destruction. These measures include:
- 256-bit SSL/TLS encryption for all data transmitted to and from our website;
- Encryption at rest for all personal data stored on our servers;
- Role-based access controls — staff only access data relevant to their role;
- Multi-factor authentication for all internal systems;
- Regular penetration testing and vulnerability assessments;
- Staff training on data protection and information security;
- Incident response procedures in line with ICO reporting requirements.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay, in accordance with our legal obligations.
Our services are not directed at children under the age of 18. We do not knowingly collect personal data from anyone under the age of 18. If you are a parent or guardian and believe we may have collected data from a minor, please contact us immediately at contact@businessandhouseloan.com and we will take steps to delete such information promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. When we make material changes, we will:
- Update the “Last Updated” date at the top of this policy;
- Post a prominent notice on our website;
- Where required by law, notify you directly by email.
We encourage you to review this policy periodically. Your continued use of our services after any changes constitutes your acceptance of the updated policy. Previous versions of this policy are available on request.
Version history: v4.2 (March 2026) — Updated cookie table and international transfer provisions. v4.1 (September 2025) — Added automated decision-making section. v4.0 (January 2025) — Full review and rewrite for UK GDPR alignment.
If you have any questions, concerns or requests relating to this Privacy Policy or how we process your personal data, please contact our Data Protection Officer (DPO):
Data Protection Officer
Business & House Loan Ltd
1 Canada Square, Canary Wharf, London, E14 5AB
Email: contact@businessandhouseloan.com
Info: info@businessandhouseloan.com
Phone: +52 55 4687 6938
Response time: Within 30 calendar days
If you are not satisfied with how we handle your personal data or respond to your rights request, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office (ICO):
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk
Online complaints: ico.org.uk/make-a-complaint
We would always appreciate the opportunity to resolve any concerns directly before you contact the ICO — please contact us first and we will do our best to address your complaint promptly.