Shine Mortgages is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

Personal data is any information relating to an identified or identifiable living person. Shine Mortgages processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.

When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this statement.

What information do we gather?

To be able to provide you with the best service possible, we will need to gather certain personal information from you when you contact or interact with us. We will also use this information for security, identification and verification purposes.

We will only ever collect information that helps us provide our services to you. We will keep your information for as long as is needed and only for the following purposes:

  • legitimate business activities
  • statutory or legal obligations
  • auditing and regulatory purposes

When you make an enquiry with us about any of the services we offer, we’ll ask you to provide some contact information. This may include some or all of the following:

  • full name
  • previous names
  • current home address
  • previous residential addresses
  • date of birth
  • landline and mobile phone number
  • email address

If you give personal information about someone else (such as a joint applicant), then you must have their permission to do so.

Once we have gathered information from you and you subsequently make contact with us, we will use specific pieces of your information to help us identify you and verify that we are dealing with the right person.

Throughout your relationship with us, we will hold your personal information securely in our systems. This will include any information provided by you or others (for example, if you’re making a joint application in various ways, including (but not limited to):

  • In applications, emails and letters, during telephone calls and conversations in our offices, when registering for services, in customer surveys, when you participate in competitions and promotions, when using our website, and during fact find reviews and interviews.
  • From analysis (including the creation of profiles used to uniquely identify you when you use our online, mobile and telephony services) which are used to help us combat fraud and other illegal activity; and
  • Information we receive from or through other organisations (for example, credit reference agencies, mortgage lenders, insurance companies, comparison websites, social networks, and fraud prevention agencies) whether in the course of providing services to you or otherwise, and from information we gather from your use of and interaction with our internet and the devices you use to access them

If there is a change to any of your personal information and you notify us, we will update your records in our systems. Where we have introduced you to another organisation, we are unable to update your details with them and you will need to contact them personally to notify them of these changes.

If someone gives information about you – or you give us details about someone else – we may add it to the personal information we already hold about you or them. This will only be used in the ways we describe in this privacy notice.

When arranging a mortgage for you, we will need to ask you for your direct debit details to pass onto the lender so it can collect payments. Where we charge a fee for arranging a mortgage, or the mortgage we are arranging carries a cost - for example, a valuation fee – we will need to ask you for payment information such as your debit card or credit card details.

Third parties

Sometimes we may pass your information on to third parties who provide services to us. When we do this, it is on the understanding that they care for your information as carefully as we do, keep it confidential and use it only for the agreed purposes above.

Using our website

If you use our website, we will collect information about the devices you’re using – or ask third parties to do this for us. As this involves using technologies such as cookies, please read our Cookies policy.

Shine Mortgages is the sole owner of the information collected via our website ( and also any information you provide in relation to an enquiry when you speak to or communicate with one of our advisers or staff. We may use your data together with that of other users and this may be aggregated to build statistical and analytical tables. At no time will your data be individually identifiable in such tables.

When you visit our website, we collect certain data automatically. This may include (but isn’t limited to) the following:

  • How you connect to the internet (including your IP address)
  • How you use our site, for example your screen resolution and browser data stored on your device (such as cookies – see our Cookies policy for more on this)
  • Information about the device software you use, such as your internet browser
  • Location data such as the city or region of the IP address you used when accessing our online services.

Please remember, that whilst we have security measures in place to protect your personal information, the internet is not 100% secure. We cannot therefore guarantee the security of any information you send us online. We are also not responsible for any loss or damage you or others may suffer as a result of losing the confidentiality of your information.

Recording phone calls

To help us train our staff to provide a quality service, check that we have done what you asked us to do correctly and resolve any queries or issues, we record and monitor our phone calls with you. We also monitor phone calls for regulatory purposes and to help detect and prevent fraud and other crimes.

How do we use your personal information?

We use your personal information in various ways.

We will use it to confirm that you are who you say you are when you contact us. We will use it to verify your name and address by checking your details against our databases and to check against information held by credit reference agencies and the electoral roll. We will also use the personal information we gather from you to formulate our advice and recommendations for the services we offer and to submit applications to lenders and product providers.

Before we submit any transaction to a lender or product provider, the law requires us to have verified your identity. This makes it harder for criminals to use financial systems, or to use false names and addresses to steal the identities of innocent people. Checking everyone’s identity is an important way of fighting money laundering and other criminal activities. We will therefore also ask you to provide us with documents that confirm your identity.

The law requires us to comply with a number of regulations. Where necessary, we use your personal data to allow us to fulfil our legal and regulatory requirements.

We will only share personal information with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards. We use third parties to help us run our business. To fulfil our contractual obligations, we may share your personal data with these third parties:

  • Mortgage lenders
  • Estate agents (if you were introduced to us by one of our estate agent partners)
  • Lead suppliers (if you were introduced to us by a third party)
  • Equifax (for identity checking)
  • Conveyancers (our personally recommended conveyancers where you agree to proceed with a quote)
  • Concierge (our personally recommended move-in service where you agree to proceed with a quote)

Your personal data may be transferred to these authorised parties:

Third party organisations that provide IT services and applications, administrative functions and support

We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

Third party organisations that otherwise assist us in providing goods, services or information.

We use third parties acting on our behalf such as contractors, suppliers and/or agents (including, without limitation, customer care teams and processing centres) for the purposes of administration, income, credit and risk assessment, statistical research, marketing, product suitability and product sourcing in respect of products or services you have requested.

Auditors and other professional advisers

We engage auditors and professional advisers to perform specific work that helps us meet our legal, regulatory and statutory responsibilities. Any auditors or professional advisers that we use will have contractual arrangements and security mechanisms in place to protect data and to comply with our data protection, confidentiality and security standards

Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation

We perform anti-fraud, credit and security checks using your details and receive information about you from other sources (such as credit reference agencies) which will be added to the personal information which we already hold about you.

We may use your information for fraud investigation, detection and prevention measures and in order /’to provide suitable security for your account and your information that we hold (such as to enable us to prevent others logging in to your account without your permission from unknown devices). We may also use your information for the investigation, detection and prevention of crime (other than fraud).

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as the police, regulatory bodies or legal advisers in connection with any alleged criminal offence, unlawful activity or suspected breach of the Terms of Use and or the breach of other terms and conditions or otherwise where required by law or where we suspect harm or potential harm to others. We will co-operate with any law enforcement authorities or court order requesting or directing us to disclose the identity or location of or any other information about anyone breaching any relevant terms and conditions or otherwise for the prevention or detection of crime or the apprehension or prosecution of offenders. We shall not be obliged to give you any further notice of this.


If we have your consent, we will use your information to identify other products and services we offer that we believe you might want to know about. Sometimes we may contact you to take part in market research. If you take part, we’ll use any feedback you give us to improve the way we communicate with you and the service we offer.

By knowing more about who our customers are we are able to improve the services we offer. We will use your data for reporting and analytical purposes. We will also collect data on how you use our website, so we can better understand your interests and improve its performance and our overall service.

Sometimes we may use performance tracking technology within our emails to capture information including (but not limited to) the time and date you open our emails and the type of device you used to open them. This allows us to know whether our emails are opened, and what links our customers click on within them. We use this information to improve the emails we send to you and the services we provide.

We may share any of the information we gather with other organisations (for example, mortgage lenders) to help them improve their own interactions with you. We won’t pass your data to any third parties for marketing purposes unless you have an existing relationship with them and you have given your consent for them to contact you in this way.

See our Cookies policy for more information about how we collect data about your online activity.

We use social media and are keen to understand our customers and what people are saying about us. We may use the information we gather to research public comments made on social networking sites such as Twitter and Facebook.

Resolving complaints and disputes

If we are informed that you may be dissatisfied with the service or advice we have provided you, we will use the information we have about you to help us resolve things for you.

Opting out

If you do not wish to receive information from us as explained above, you can update your preferences by contacting us as below:

In writing:

Marketing Department
Shine Mortgages,
78 Hyde Rd,
M12 6BH, UK


To ensure you have the best possible experience when you contact us, we’ll use your information to ensure our team has the knowledge and expertise to meet your needs.

Uses of your personal information not described in this Privacy Policy

If we ever have to use your personal information for any purposes that we haven’t described in this policy, you’ll hear from us. We’ll let you know exactly what we’ll use it for before we go any further and, where appropriate, obtain your consent.

Please note this policy does not cover companies, services or applications that we do not own or control, or people that we do not employ or manage, including (without limitation) third party websites or applications (e.g. from “social media” platforms such as Facebook or Twitter) which we may link to or offer via our services. Also, it does not cover certain pages and services provided which are hosted, managed and operated by other parties. These services, applications and third parties may have their own privacy policies and/or terms and conditions of use, which we recommend you read before using any such services. These third parties and services are wholly independent of us and are solely responsible for all aspects of their relationship with you and any use you may make of such services.

What is the legal basis for handling personal information?

Data protection laws require that, to process your personal data, we must meet at least one prescribed basis for it. We rely on the following basis for the activities we carry out.


We rely upon this basis because you will provide us with your personal data as you want to use our services. This means that our use of your information is governed by contract terms. It is your choice to give us this information, however if you choose not to provide it, we may not be able to offer some or all of the services you require.

Under this basis we process your data in the following scenarios:

  • understanding your circumstances and requirements
  • assessing risks
  • formulating our advice and recommendations to you
  • updating, consolidating, and improving the accuracy of our records
  • enabling you to access our website and use our services
  • letting you know about significant changes to our products, terms or privacy policy
  • confirming your identity and verifying the information you provide
  • providing and improving customer support
  • sending you service communications
  • responding to your enquiries and complaints
  • providing you with products and services and keeping you up to date with important changes and developments to their features and how they work
  • managing offers, competitions and promotions


Where we collect other information from you - or when third parties do so for us - we always ask for your consent first. For example, before you use our website you’ll be asked to consent to us using cookies to collect data about the device you’re using. If you don’t want to give consent, or you remove your consent at a later point, we may not be able to provide some or all of the services you require.

We also seek your consent in the following scenarios:

  • Marketing – To help you explore all your options, from time to time we’d like to let you know about products, services and offers that may be of interest to you
  • Market research – We invite you to participate in market research (more on this below). Any feedback you provide is used with your consent.

 Legitimate Interests

In the United Kingdom, organisations can use personal information where the interests or fundamental rights or freedoms of individuals do not outweigh the benefits of doing so. The law calls this the “Legitimate Interests” basis for processing.

We rely on this basis for processing personal data for the following benefits:

  • Helping to prevent and detect crime such as fraud and money laundering – Fraud and money laundering cost the British economy billions of pounds every year. This cost ultimately reaches the public in the form of higher prices. We can help stop this from happening by using your personal data to avoid fraud and identity theft.
  • Complying with legal and regulatory requirements - We must comply with various legal and regulatory requirements. Sometimes we may be required to provide information to it as part of our regulatory responsibilities.
  • Ongoing service – When the product or service that we have recommended to you expires or is due for renewal, we will contact you beforehand to notify you of this so we can start to explore the current options available to you.
  • Training our staff – To offer you the best possible standards of service, we use the information we collect to train our staff so they can assist you better.
  • Marketing services – Like any commercial organisation, we run a business and – where necessary process information that helps us do this. We have various safeguards in place to make sure that the individuals whose personal information we handle are not disadvantaged by the way we use their personal data. These include making sure people can access the information they need to understand how their personal data will be used by us. We also try to make sure people are aware of the rights they have to obtain the information we hold and to have their information corrected or restricted – and how to complain if they’re unhappy.
  • Reporting and analytical purposes – We process this personal information to help us analyse the service we are providing and identify ways to improve.
  • Tracking activity – We like to know how people use our website or get in touch with us so we can identify ways to improve our services.
  • Maintaining our records and other administrative purposes – We always strive to provide the most accurate information to our customers and clients.
  • Resolving complaints and disputes – If you have a reason to make a complaint, we will use your information to look into things for you.
  • Improving data accuracy and completeness – When you register for our services you may give us additional information about yourself. We’ll use this to improve the accuracy and completeness of our data.
  • Email tracking – This helps us to improve our communications to our customers.
  • Invitations to take part in market research – To make the service we offer even better, we may ask you to participate in market research. It’s entirely up to you whether you chose to do so.

Who do we share your personal information with?

Because of the nature of our role as a mortgage broker, we share the personal information you give us with people who need to handle it so that we can provide our services to you.

Here are the organisations that we may share your personal information with:

  • Suppliers – We use a number of service providers to support our business. They may have access to our systems and data so that they can provide services to us and/or to you on our behalf.
  • Resellers, distributors and agents – We sometimes use organisations to help provide our products and services to you. They’ll have access to your data so that they can do this.
  • Public bodies, law enforcement and regulators – The police, other law enforcement agencies, regulators, as well as public bodies such as local and central authorities can sometimes request personal information. This may be for reasons including:
    • detecting and preventing crime
    • apprehending or prosecuting offenders
    • assessing or collecting tax
    • investigating complaints
    • assessing how well a particular industry sector is working
  • Lenders and Insurers – In some circumstances, we share credit report information and personal information (such as your name and address) with lenders and insurers. This is for purposes that may include:
    • Verifying that you’re eligible for the product you’re applying for
    • Supporting you to complete your application to the lender (which may include filling the application form in on their website)
    • Contacting you about credit and financial products and complying with any contractual, legal and/or regulatory obligations.

We’ll also share your personal data with the following data processors where necessary to fulfil our services and regulatory obligations:

  • iPipeline to provide life insurance quotations
  • MBL to provide mortgage illustrations
  • Legal and General Mortgage Club for mortgage illustrations
  • Mailchimp to communicate with our customers
  • Restore to destroy our confidential waste
  • Restore to store our archived files
  • LiquidVoice who provide our call recording software
  • QuestMap who provide our call recording software
  • LiquidLight to provide our web services
  • MoneyPenny to provide our answering service
  • IDE who provide our IT platform
  • Criterion who provide our IT platform
  • Intelligent Office who provide our CRM solution and Client portal
  • FLG360 who provide our CRM solution
  • Equifax for identify checking

If a 3rd party introduced you to us, we may update them about how your enquiry with us is progressing.

Where do we send your personal information?

Shine Mortgages is based exclusively in the UK. Our main databases are in the UK. This means any personal information we access from or transfer to these locations is protected by European data protection standards.

Your rights

Under Data Protection regulations individuals have a number of rights. These are as follows:

Right to be informed

Individuals have the right to be informed about the collection and use of their personal data.

We do this in our Privacy Policy.

Right of access

Individuals have the right to access their personal data and supplementary information. Individuals have the right to obtain:

  • Confirmation that their data is being processed
  • Access to their personal data
  • Other supplementary information

We will not charge for initial requests to provide information, but may charge a fee if requests for further copies of the same information are made. We will provide the requested information to you within a month of receiving your request, unless the request is complex or numerous in which case we may extend this period by up to a further two months.

Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to provide the information requested or refuse to respond. In these instances, we will inform you and explain our reason.

Before we proceed with any request, we will take steps to verify the identity of the person making the request.

Right to rectification

Individuals have the right to request that inaccurate personal data is rectified, or completed if it is incomplete. If you make such a request, we will takes steps to verify whether the data is accurate. Where we accept that the information is inaccurate, we will take steps to rectify it. If we believe that the information is accurate and does not require rectification we will notify you and explain our reason.

Where a request is manifestly unfounded or excessive, particularly if it is repetitive we may charge a fee to rectify the information or refuse to deal with the request. In these instances, we will inform you and explain our reason.

Right to erasure (known as the “Right to be forgotten”)

Individuals have the right to have their personal data erased if:

  • the personal data is no longer necessary for the purpose which it was originally collected
  • we rely upon consent as our lawful basis for holding the data and you withdraws that consent
  • we rely upon legitimate interests as our basis for processing and you objects to the processing of your data and there is no overriding legitimate interest to continue this processing
  • we are processing your personal data for direct marketing purposes and you object to that processing
  • we have processed your personal data unlawfully
  • we have to do it to comply with a legal obligation

The right to erasure does not apply where processing is necessary for one of the following reasons:

  • to exercise the right of freedom of expression and information
  • to comply with a legal obligation
  • for the performance of a task carried out in the public interest or in the exercise of official authority
  • for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing
  • for the establishment, exercise or defence of legal claims

Right to restrict processing

Individuals have the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data in the following circumstances:

  • you contest the accuracy of your personal data and we are verifying its accuracy
  • the data has been unlawfully processed and you oppose erasure, requesting restrictions instead
  • we no longer need the personal data but you need us to keep it in order to establish, exercise or defend a legal claim
  • you have objected to us processing your data and we are considering whether our legitimate grounds override your request

If you choose to exercise this right, we may not be able to proceed with a transaction or provide you with our advice. This may mean that we are unable to submit or progress an application with a lender or product provider. In these instances, we will notify you of the impact your request.

Right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. The right to data portability only applies:

  • to personal data you have provided to us
  • where the processing is based on your consent or for the performance of a contract
  • where processing is carried out by automated means

When responding to such a request, we would provide the personal data in a structured, commonly used and machine readable form, typically a .CSV file. We will provide this to you within one month of receiving your request. If your request is complex or requires more time, we may extend this period by up to a further two months. We will contact you and inform you why it will take longer.

Right to object

Individuals have the right to object to:

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)
  • direct marketing (including profiling)
  • Processing for purposes of scientific/historical research and statistics.

If you exercise your right to object, we will stop processing your personal data unless:

  • there are compelling legitimate grounds for us to continue to process, which override your interests, rights and freedoms
  • the processing is for the establishment, exercise or defence of legal claims

You can exercise your right to object at the first point of contact with us. If exercising your right to object affects or prevent us from being able to provide you with one or any of the services we offer we will inform you.

Automated decision making including profiling

Sometimes it is necessary for us to approach a lender to obtain an initial decision for a mortgage (often referred to as a Decision in Principle – DIP). To obtain a DIP we may process your personal information through a lender’s automated decision making system which will provide an initial lending decision based on logic/algorithms programmed in to it. We will always gain your consent before completing a DIP. Whilst we don’t set or determine the logic/algorithms used in the automated decision system, we can put you in touch with the respective lender should you require it.

To exercise any of your rights detailed above you can contact us as detailed below:

In writing:

Data Protection Officer
Shine Mortgages
78 Hyde Rd,
M12 6BH, UK


We take the privacy of your personal information very seriously. If you ever feel you need to complain about how we’ve handled your personal information and data you can contact us as follows:

In writing:

Complaints Department
Shine Mortgages
78 Hyde Rd,
M12 6BH, UK


If your complaint is about the administration, or terms and conditions of a product sold by us but provided by a lender, you may need to contact them about it. If needed, we’ll forward details of your complaint to the lender concerned, as well as giving you their contact details.

To help make sure you always speak to the right person about your complaint, if it looks like another company will be better able to handle your case, we’ll let you know how to contact them.

If you're still unhappy with any aspect of how we handle your personal information, you also have the right to contact the Information Commissioner’s Office (ICO). The ICO is the UK's independent body set up to uphold information rights. You can contact it as follows:

Via its website:

In writing:

Information Commissioner's Office
Wycliffe House
Water Lane

Call: 0303 123 1113

How do we keep your personal information secure?

At Shine mortgages, we understand how important it is to keep your personal information secure. We use a variety of technologies and procedures to protect your private data from being accessed, used or disclosed in any way it shouldn’t be. The security arrangements we’ve put in place include physical, organisational, and technological measures and controls. Together, they help to protect the personal information we hold from risks including:

  • loss
  • theft
  • unauthorised access, collection, use, disclosure, copying, modification, disposal and destruction

We regularly review our policies and procedures to make sure they remain relevant.

As explained in “How do we use your personal information”, we use third parties to help us run our business. To fulfil our contractual obligations, we may share your personal data with these third parties. We require every third party that we share information with to maintain adequate security safeguards and comply with all the required laws and standards for protecting personal information.

How long do we keep your personal information for?

We’ll keep your personal information securely stored for as long as we need it to provide you with the services you want from us. We also keep it to comply with our legal and regulatory obligations, as also to help us to resolve any issues or disputes that may arise.

Depending on what information we hold and what products or services you are signed up to, we may need to retain certain details for longer than others. In every case, we regularly reassess whether we need to hold your personal information and securely dispose of any information that we no longer need.