We understand how important your privacy is to you and ensure any personal data you provide us with is treated with respect, is properly protected and handled in accordance with UK data protection rules and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR).
This website is owned and operated by Mindflow Marketing Limited, a company registered in England and Wales (company number 09829835) with its registered office at Manchester Business Park, 3000 Aviator Way, Manchester, M22 5TG. Mindflow Marketing Limited is authorised and registered by the Financial Conduct Authority and is entered on the Financial Conduct Authority Register (registration number 770925). Mindflow Marketing Limited is also licenced by the Information Commissioners Office, (registration number ZA232696).
Mindflow Marketing Limited is authorised and registered by the Financial Conduct Authority and is entered on the Financial Conduct Authority Register (registration number 770925). Mindflow Marketing Limited is also licenced by the Information Commissioners Office, (registration number ZA232696).
Mindflow Marketing Limited is an appointed representative under Maintain Marketing Limited (company number 09829835) with its registered office at Bayside Business Centre, Sovereign Business Park, Willis Way, Poole, Dorset, BH15 3TB. Maintain Marketing Limited is authorised and registered by the Financial Conduct Authority and is entered on the Financial Conduct Authority Register (registration number 727520). Maintain Marketing Limited is licenced by the Information Commissioner's Office (registration number ZA202297).
Contained within this statement and set out below are details of the type of personal data we may hold about you, our customer, how we obtain and process any personal data we may have and, most importantly, how we protect your privacy. This policy relates only to the personal data submitted or collected via this website.
If you have any queries or concerns regarding how we use your personal data or any questions regarding any of the information provided in this statement, please contact our Data Protection Officer at firstname.lastname@example.org
For all other queries you can contact us at email@example.com or write to us at Manchester Business Park, 3000 Aviator Way, Manchester, M22 5TG.
You are visiting our website to apply for a personal loan. In order to match you with the best lender or credit broker we have asked you to provide us with personal information. You need to know where your personal information is being sent, who is using it and why. You also need to be sure your personal information is kept safe and used only for the purposes you have agreed to.
Under the GDPR we are required to process the personal data you provide us with in a responsible manner. In accordance with the six principles below it must be:
We provide a credit brokering service. By completing our secure online application form we pass your details to our lenders' systems so they can make an informed decision whether to lend to you or not. If we are not able to find you a lender, we may pass your details to another credit broker or provide an alternative solution to help you understand and improve your financial position.
The information we ask you to provide via the application form on this website is the minimum required for us to provide you with the service and for our lenders to provide you with a loan decision.
The personal data we usually ask you to provide is:
Other ways we collect your personal data include:
The main reason we collect your personal data is to provide you with a credit brokering service and help you gain access to short term personal loan offers.
We also use information about you to:
We are a credit broker and in order to provide our service we share your information with our panel of lenders and credit brokers to assist you in finding a suitable financial services product.
When you complete all loan application details on our website we process this data on the basis that we have a legitimate interest in processing this data.
The legitimate interests basis is defined by Article 6(1)(f) of the GDPR as being where â€˜processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interestsâ€™.
We use the personal data you input via the online loan application form to match your details with our panel of lenders and credit brokers.
We, and our panel of lenders and credit brokers, will keep you informed as to the progress of your loan application via telephone, email or SMS unless specified otherwise.
In addition, we may also send you information regarding similar products or services using the contact information that you supplied to us as part of your application. This forms an essential part of our service which you can opt out of at any time by clicking the link https://optme.co or by emailing us at firstname.lastname@example.org
The basis on which we are able to send you this information is called â€˜soft opt-inâ€™. As an existing customer who has provided us with your details in order to use our credit broking services, we are able to contact you about similar products or services.
Customers are able to opt out of these messages when we first collect their details via our online application form or by using the unsubscribe function in any message we send.
We share your personal data with those companies who require it so we can provide the credit broking service you have signed up for.
A list of the categories of recipients who might receive your personal data are listed below:
1. Lenders and credit brokers on our panel
By completing our secure online loan application form you have accessed our credit broking service and permitted us to use your details to search the market for a loan that meets your individual criteria.
If we cannot find a suitable lender on our panel then we may pass your personal data onto another credit broker who may have a lender that meets your eligibility criteria on their panel.
Please be aware that our lenders with whom we share your information may use it for their legitimate business interests to match applications, carry out fraud checks, carry out research such as analysis of market trends and customer demographics and to customise and develop the product/service which they may offer to you or other individuals in the future. Most lenders might use this for up to twelve months.
2. Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FRAs)
By using our service you are also agreeing that our lenders and brokers can use Credit Reference Agencies (CRAs) and Fraud Prevention Agencies (FRAs) to assess your credit. More information regarding these agencies is given below.
3. Alternative Product Providers
If we are unable to match you with a suitable lender we may share your personal data with providers of credit and financial products. These include, but are not limited to, credit reporting and credit scoring providers and online digital savings vouchers or discount cards.
4. Regulatory bodies
We may need to disclose your personal data to regulatory bodies such as the Financial Conduct Authority, Information Commissioner's Office or any other applicable regulatory, government, compliance or law enforcement agency. This may be to investigate complaints, for tax purposes or for the prevention and detection of crime.
5. Service Providers
We may share your personal data with companies who assist us in providing our service to you such as telecommunication services (for email and SMS communication) and technology services for the operation and maintenance of our websites. Access to your personal data by these service providers is limited to the information reasonably required for them to perform their function. We take steps to help ensure that service providers keep your personal data confidential and comply with our privacy and security requirements.
We may also disclose your personal data if required or permitted to do so by law or in connection with legal proceedings or in connection with the sale or transfer of our business.
Where you have given your express consent to marketing, your personal data will be shared with our trusted third parties so they can inform you about products, services or offers by email and SMS which may be of interest.
Our trusted third parties include the following, but are not limited to:
To opt out of marketing received from any of our trusted third parties you will need to unsubscribe via the links provided in their communications with you.
The products, services and offers are:
Loan Comparison - Payday Loans/Short Term Credit - Loan Brokerage - Credit and Debit Cards - Credit Score Companies - Current Accounts - Guarantor Loans - Mobile Phones - Car Finance - Home Repairs - Debt Services - Utility Switching - Broadband - Online Retailers - Tax Rebate.
Our lenders may use both credit referencing agencies and fraud prevention agencies to help make relevant decisions on any application.
Credit Reference Agencies (CRAs)
Fraud Prevention Agencies (FPAs)
If you choose to contact a CRA, please bear in mind that the data held may not be the same so it may be useful to contact all CRAs. You are legally entitled to a free copy of your statutory credit report every 12 months directly from any of the 3 main credit agencies.
The three main Credit Reference Agencies, TransUnion, Equifax and Experian will use and share your data in line with the Credit Reference Agency Information Notice (CRAIN) for further information on how CRAs use your data please visit their websites as stated below:
Data sent to CRAs
Inaccurate information provided by you
We or our lenders may use and get access to data outside of the UK that has been recorded and reported by fraud prevention agencies.
The amount of time we retain your data for depends on the basis it was provided by you to us:
Your personal data may be held within the European Economic Area which comes under the GDPR. Where personal data is transferred or stored outside of the European Economic Union we check whether the EU Commission has issued an adequacy decision, which is a confirmation from them that the personal data will be afforded the same level of protection as if it was within the European Economic Union.
If there is not an adequacy decision in place, and to comply with GDPR requirements, we will ensure the transfer of personal data is protected by other means, including where explicit consent from the data subject has been received or through contractual obligations with relevant third parties regarding usage of the personal data.
Keeping your personal data secure and confidential is of tantamount importance to us. Due to this we have introduced rules, measures, specialist technology and implemented security policies to ensure that your data is protected.
We use Secure Sockets Layer (SSL) encryption to secure your personal data and only provide your personal data to the staff who have to access it for the function of carrying out their duties.
Whilst we make every attempt to protect your data there are still risks involved when inputting your data online and we need to make you aware of this.
We can further confirm that all parties we share your personal data with, such as our lenders, credit brokers and trusted third parties are bound by contract to maintain the security and integrity of your personal data.
Please be advised that, although Mindflow Marketing Ltd takes all reasonable precautions to protect your data, no data storage or data transmission security is guaranteed. Accordingly, Mindflow Marketing Ltd cannot, and does not, represent, warrant, or guarantee the complete security of any data storage or data transmission. You agree that your access to and use of this site and your use of Marketing Limited's services, which necessarily includes data storage and data transmission, is carried out at your own risk.
The GDPR provides the following rights for individuals:
Subject to certain circumstances, you are able to exercise all of the above rights. Where you elect to exercise any of your rights please be aware we not charge you a fee. However, if we receive excessive, repetitive or unfounded requests we are permitted to charge a reasonable fee.
You have the right to be informed about the collection and use of your personal data. To be completely transparent with how we use your personal data we provide you with the following privacy information:
You have the right to know who has access to your personal data, what it is being used for, where it's kept, and everything about your personal data as it passes through our data process.
A 'Subject Access Request' (SAR) can be made requesting us to supply you with all reasonable information or documentation that we hold relating to your personal data. You can make a subject access request verbally or in writing. If you make your request verbally, we recommend you follow it up in writing to provide a clear trail of correspondence.
Before providing any information we must verify the identity of the person making the request using 'reasonable means'. We will ask you for your first name, surname, date of birth, address, a utility bill (or similar) and the method by which you received marketing communications.
Please email your SAR to our Data Protection Officer at email@example.com
Alternatively, you can post your request to Manchester Business Park, 3000 Aviator Way, Manchester, M22 5TG.
Responses will be provided electronically in a clear format unless requested otherwise. We have one month to comply with this request but if the request is complex can extend the period for a further two months. You would be notified of the time limit when making the request.
For more information on how you make a SAR please visit https://ico.org.uk/your-data-matters/your-right-to-get-copies-of-your-data/
The GDPR includes a right for individuals to have inaccurate personal data rectified or completed if it is incomplete.
It is important that the personal data you input on this website is accurate, complete and up to date.
We will assume the personal data you provide is correct and provide our services on this basis. If fraudulent information is given then we may be alerted to this by a Fraud Prevention Agency.
If you think you have mistakenly given us incorrect information, please contact us at firstname.lastname@example.org and we will update it as soon as possible.
Whilst we make every effort to ensure the personal data we hold about you is right, if you notice any errors in any communications received from us please send us an email detailing the changes to the email address above and we will ensure it is accurate.
We will rectify the information within a month of receiving your request and inform all relevant third parties of the amendment. If the request is complex we can extend the period for a further two months.
You have the right to erasure which is also known as a 'request to be forgotten'. This equates to asking for any personal data you have supplied to be removed from our systems where there is no reason to keep processing it.
This right can be exercised under the following circumstances:
We will suppress and remove all data held, upon request. Our marketing partners will immediately be informed of the request and will follow the same actions. We will however keep the communication of the 'request to be forgotten' for our records. Where we cannot remove all your personal data we will notify you.
Grounds on which we can legally refuse a request are:
You can ask us to stop or restrict processing your personal data. It is an alternative to requesting erasure of your data.
This is not an absolute right and will only apply in certain circumstances such as:
As a matter of good practice we will automatically restrict processing your personal data whilst we are considering its accuracy or the legitimate grounds for processing the personal data in question.
When we restrict your personal data, we are still permitted to store it but not use it. We will inform all relevant third parties to confirm this right is carried out.
You can make a request for restriction at any time and we have one month in which to respond to your request. This can be extended by two months where the request is complex or we receive a number of requests. We would advise you if an extension is necessary clearly stating our reasons why.
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. Before transferring your personal data we will carry out rigorous checks to verify your identity.
The right to data portability applies:
You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
You have the right to object to automated decision making, to express your point of view, ask for human intervention, and to be provided with an explanation of the decision with your option to challenge it. The right is not absolute and is not applicable for the entering into a consumer credit agreement.
We make a promise as a company, that we will inform you at the first sign of a data breach. We want to make sure we are being completely transparent with you regarding your data and the security of your data. We will contact you via email or phone, to inform you of any suspicious activity.
If you have any complaints about how we have used your personal data please contact our Data Protection Officer at email@example.com or write to: The Data Protection Officer, Mindflow Marketing Ltd, Manchester Business Park, 3000 Aviator Way, Manchester, M22 5TG
We do recommend that you bring any issues to our attention as soon as possible. The sooner we know about the issue the sooner we can help resolve it.
We will do our best to resolve your complaint but if you remain unsatisfied with any aspect relating to your personal information, you have the right to complain to the Information Commissioner's Office.
The ICO may be contacted at https://ico.org.uk/make-a-complaint/
By post at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Alternatively, you may have the right to refer your complaint to the Financial Ombudsman Service who can be contacted at www.financial-ombudsman.org.uk/consumer/complaints.htm
By post at Exchange Towner, London, E14 9SR
Telephone: 0800 023 4567 (0300 123 9123 from a mobile)
In relation to your complaint you can also request a review from the European Online Dispute Resolution platform: ec.europa.eu/consumers/odr/
This website may provide links to other websites which have privacy policies that differ from ours.
When you visit this website a small text file known as a 'cookie' is placed on your computer or other device which may provide some personal data details from you. Some cookies are required for the functioning of the website, others allow us to recognise you each time you visit and remember your preferences. Cookies are also used to improve user experience on the website, advertising, tracking and browsing habits.
Should we be required to process your special categories of personal data, then we will notify you and seek your explicit consent prior to us doing so. Special categories of personal data as defined under GDPR are:
We do not knowingly collect any personal data from children under the age of eighteen. Applicants on this website must be eighteen years of age or older to use our services.