What is GDPR?

The European General Data Protection Regulation (GDPR) came in to effect in May 2018 and is designed to protect the privacy of individuals in the European Union (EU). The regulation gives individuals control over their how their personal data is processed, including how it’s collected, stored and used. It affects every company in the works that processes personal data of those individuals in the EU. The regulation contains similarities with the previous, UK Data Protection Act 1998 (DPA).

What are your new rights under GDPR?

GDPR has created some new rights for individuals and strengthens some of the rights that previously existed under the DPA. These rights include;

1. The right to be informed

2. The right of access

3. The right to rectification

4. The right to erasure

5. The right to restrict processing

6. The right to data portability

7. The right to object 8. Rights in relation to automated decision making and profiling.

What data do we collect?

​To make a suitable mortgage and/or protection recommendation it is essential for us to obtain the following information;

Identity data: full names, date of birth, gender and marital status

Contact data: 3 years full address history, contact numbers and email addresses

Financial data: mortgage statements, bank statements, savings, credit card and loan balances, payslip deductions and an overview of income and expenditure

Medical data: health and wellbeing history, doctor’s surgery contact details and employers sick pay benefits

System data: IP addresses, browser type, time zone settings and other technology on the device used to enquire with Winstree Financial Services

Other data: feedback to survey responses

How do we collect your data?

Winstree Financial Services is committed to receiving data from creditable and lawful sources for example;

Face to face/email / telephone interviews with one of our experienced mortgage and protection consultants. contains an online enquiry form which will gather initial data such as identity, contact and financial forms of data

Third parties such as estate agents, who you may be used for the purchase of a property, new home builders who may refer our services to you or enquiries you have made via mortgage sourcing websites or social media.

How will we protect your data?

Winstree Financial Services have designed their practices to ensure we meet the obligations of implementing data protection into our processing activities. These practices include password-protected information storage documents such as the ‘About You’ information hub. This document is then kept on a market-leading, password-protected, encrypted cloud-based storage facility.

Will it be necessary to share your data?

Yes, by nature of the service we provide, upon instruction will use the information provided to;

Source a mortgage: Twenty Seven Tech to research your recommendations.

Submit a mortgage application: to apply for recommended mortgage product and process the application from start to finish on your behalf.

Submit a protection application: to apply for recommended protection product and process the application from start to finish on your behalf.

Licensed credit agencies: as part of the initial/full mortgage application, the information provided to the lender will be used to perform a credit check. This will determine whether you meet specific lending criteria.

Online storage suppliers: including our trusted cloud-based storage platform to protect and store your information lawfully.

Legal firms: who have been instructed, by you, to process the legal aspects of the transaction.

Financial Conduct Authority: In order to comply with our legal obligations, it may be necessary to verify your identity and comply with anti-money laundering legislation. We may also need to co-operate with law enforcement; legal proceedings or regulatory authorities.

Pensions Advice – We can refer you to a 3rd party that will be able to offer you pension advice, upon your request. For this, we will require your consent in order for the pension advisor to be able to contact you

Compliance Purposes – in order for us to be sure that you have received the most appropriate level of advice our Compliance Team may have access to your personal information. This is purely for Compliance Purposes We ensure that all companies mentioned are fully compliant with the latest GDPR and DPA legislation and apply suitable security measures. Winstree Financial Services will never sell your data.

Do we require details of persons under the age of 16?

A small number of mortgage lenders will require names and dates of birth of children under the age of 16 who live in the property. This can be to access the plausibility if using certain benefits such as child benefit in affordability.

How long will we retain your data?

Of course, you have the right to erasure at any time, but we follow the following time scales of data retention;

Data we receive by initial contact will be stored and protected for two years, and then erased.

Data which is collected during a full fact find, in addition to the initial contact, will be stored and protected for 2 years, and then erased.

Data which has been received during the above two stages and used to complete a full mortgage or protection application will then be stored and protected for 50 years, and then erased. Each time Winstree Financial Services transacts with a client, the data retention timescales will be reset.

Each time Winstree Financial Services transacts with a client, the data retention timescales will be reset.

Are we registered with the Information Commissioner’s Office (ICO)?

Yes, we are registered with the Information Commissioner’s Office. For more information regarding the ICO or to comment or complain about our practices please visit or call 0303 123 113

Changes to this Privacy Statement

Winstree Financial Services consider this document to be under review on a permanent basis and will update it when necessary. This policy was last updated on 20/09/2019