Privacy policy

Last updated: 2 February 2022


This privacy policy explains how we collect, use, and protect your personal data. That includes data you give us when you visit our website, sign up for a Homevest account, or use one of our products or services. This also includes data we collect from you or from other sources when we provide our services. We’ll also explain your privacy rights, and how the law protects you.

When we use the words ‘we’, ‘us’, ‘our’, or ‘Homevest’ in this policy, we’re talking about Homevest Ltd. And when we say ‘you’ or ‘your’ we’re talking about our customers.

Who we are & contact details

Homevest is the data controller. That means we’re responsible for your personal data under this privacy policy.

If you want to talk to us about your data, we’re here to help. Email us at [email protected] If you have a complaint about anything to do with your data, use those same contact details to get in touch. We’ll investigate and get back to you as soon as we can.

We’re registered with the Information Commissioner’s Office (ICO) with registration number ZB293555. The ICO is an independent organisation that protects people’s data and privacy rights. If you have a complaint, we’d love the chance to help you first, but you can also complain to the ICO at any time.

When we link to other websites

www.homevest.io might link to other places, like other websites or applications. We can’t control those other places and we’re not responsible for their privacy policies. So be aware they may collect and process data about you in a different way than we do. Read their privacy policies if you’d like more information about how they do that.

What data we collect

We collect, use, store and transfer personal data. Personal data is any information that can identify you. It doesn’t include information where you can’t be identified (anonymous data).

We might collect, use, store and transfer different types of your personal data for the reasons you can see below. ‘Transfer’ means sending your information somewhere else.

Types of personal data we collect, with examples of what each type includes:

  • Identity data. First name, maiden name, last name, marital status, title, data of birth, gender, citizenship and employment history.
  • Contact details. Address history, email address and telephone number.
  • Financial data. bank account details, card payment details, salary and other income information, savings, credit history, financial commitments and other expenses.
  • Special category data. Physical and mental health conditions, racial or ethnic origin, and biometric data.
  • Criminal offence data. Information about criminal offences and convictions.
  • Transaction data. Details about payments from you and other details related to the products and services you’ve bought from us.
  • Technical data. IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform.
  • Profile data. Your username and password, feedback and survey responses.
  • Usage data. Information about how you use our website, products and services.
  • Marketing and communications data. Your choices about marketing from us and our business partners, and how you prefer us to contact you.
  • Other data. Any other information that could be used to identify you, that we need to help you get a mortgage or buy a home.
  • If you’re making a joint application, we’ll also collect some of this information about the person you’re applying with, like your spouse. Make sure you have their agreement before you give us their data.

How we collect your data

Here’s how we might collect personal data on our website, over live chat, on the phone, or from other companies and places.

You give us data

You might give us data (for example about your identity) when you do any of these things:

  • create a Homevest account on our website
  • contact us by email, phone or on live chat
  • research your mortgage options through us
  • use or apply for any product or service you have found on our website
  • subscribe to our newsletter, join a wait list, or tell us you want to get marketing from us
  • enter one of our competitions or promotions
  • give us feedback or take part in a survey

We automatically collect data

Our website automatically collects technical data – things like the equipment you’re using, as well as a record of what pages you’re visiting. We use cookies for this.

We get data from another source

Sometimes we get personal data from somewhere outside Homevest, like:

  • Analytics providers (both inside and outside the UK), which are services that help us understand how people use the website, like Google Analytics and Hotjar. We collect this whenever you use our website.
  • Facebook and Google, and any social media or email account you use to log into Homevest. We do this every time you log in.
  • Credit reference agencies, like Experian, which are the companies who hold your credit history and credit report.
  • Public sources like Companies House and the Electoral Register. We check these as part of your mortgage application, to verify what you’ve told us.

How we use your data

We use your data for one or more of the reasons we’ve listed below. We will only use your personal data when the law allows us to.

Companies can’t use your data without having a legal reason for using it. This reason is called a “legal basis”. Here are the legal bases we rely on, and what they mean:

  • Consent. You’ve told us it’s OK to use your data for a specific reason.
  • Contract. You’ve agreed to a contract with us, and we need to use your data to carry out that contract. We might also use your data if you’ve asked us to do something before we can carry out a service.
  • Legal obligation. We have to process your data because the law or regulations require us to. For example, we need to get proof of your identity to meet our anti-money laundering responsibilities.
  • Legitimate interest. We or one of our partners might use your data because we or they might have a legitimate interest to do that. Sometimes that interest is to do with benefitting Homevest or our partners, and sometimes it’s to benefit wider society.

Automated decision making

Automated decision-making is when companies use computers to make decisions without humans being involved. For example, a bank might use it to approve an online loan.

We currently don’t do this at Homevest. But we wanted to make you aware of it, because some of the companies involved in your mortgage or home-buying process might. It will be in their privacy policies if they do.

You can ask any lender who uses automated decision-making to give you the actual reason behind their decision (or we can ask your lender for you).

Who we share your data with

We might share your information with other companies. But we make sure they treat it as well as we do, and in line with the law. These other companies can’t just use your information for any reason – it has to be for a specific purpose and in the way we tell them to.

Here’s a list of the people and companies we might share your data with:

  • Mortgage lenders. We share your data with a lender to make a mortgage application on your behalf. Mortgage lenders are also data controllers, and will look after your data according to their own privacy policy. It’s worth reading your lender’s privacy policy to see how they use your data.
  • Brokers.When you use Homevest, we might share your information with brokers in our panel on your request.
  • Solicitors, conveyancers, surveyors, valuers, panel managers (companies that lenders use to outsource legal work for them) and mortgage clubs (companies that connect brokers and lenders together). Basically, any other third parties we might work with to help you get a mortgage and buy your home.
  • Other service providers that support Homevest. For example, IT providers and legal and accounting firms.
  • Anyone who funds, buys all or part of Homevest, anyone Homevest buys or merges with, or anyone we have discussions with about these. We’ll do what we reasonably can to make sure they only use your personal data as set out in this privacy policy.
  • Fraud prevention agencies. We’ll use these to check your identity when you apply for a mortgage, and on an ongoing basis, for example if you remortgage with us. If you give us inaccurate, false or fraudulent information, we’ll tell a fraud prevention agency (you can ask us to tell you which ones). Those agencies then share that data with other organisations, like law enforcement, to prevent and detect fraud or other crimes. They can hold your personal data for up to 6 years.
  • Credit reference agencies (CRAs). Lenders will get data about you from these agencies to help them decide whether to give you a mortgage. This is known as a credit check. If you apply for a mortgage with Homevest, we’ll carry out a credit check on you on behalf of your chosen lender. Checks show up on your file for others to see, and having lots might affect your ability to borrow in the future. The main three CRAs are Transunion, Equifax and Experian – hit their names to read about how they use your data. If you want to check the data they hold about you, you can get in touch with them any time.
  • Regulators, governmental or dispute resolution bodies, law enforcement agencies or other authorities like those. We share data when we have to, and when it’s in connection to their duties – for example, preventing crime.

Transferring your data to another country

We work with partners in the UK, in the European Economic Area (EEA), and in countries outside the EEA as well.

If we transfer your data to anyone outside the EEA, we’ll take extra steps to protect it.

We’ll make sure the country has adequate levels of personal data protection.

Or, we’ll put robust contracts in place with whoever we’re transferring data to. These contracts offer the same level of protection as the UK and the EEA. For example, we rely on a contract called the Standard Contractual Clause transfer mechanism to transfer data to the US.

Storing your data & how long we keep it for

How we keep your data safe

Only a limited and authorised number of people can ever access your information, on a business need to know basis only.

We want to make sure your information isn’t accidentally lost, used, accessed, changed or shared in an unauthorised way. We’ve put robust security systems in place to make sure of that.

If we ever think that something’s gone wrong, we have procedures in place to deal with it. If something does go wrong, we’ll tell you – and sometimes the regulator – where we’re legally required to.

How long we keep your data

We’ll only keep your data for as long as we need it to do the thing we collected it for. Or where laws and regulations tell us we need to keep it for a specific amount of time.

Here’s a more detailed breakdown:

  • If you submit a mortgage application through us and your application is unsuccessful, we’ll keep your data for 6 years.
  • If you get a mortgage through us, we’ll keep your data for the term of the mortgage and for 6 years after that. This helps us talk to you about your mortgage in the future, and get you on the best deal when it’s time to remortgage.
  • If you open an account with us, and don’t do either of the two things above, we’ll keep your data for 6 years. This is so that we can help you get ready for your mortgage, and actually apply for it when you’re ready.

Sometimes we anonymise your personal data (so it can’t identify you anymore) for research or statistics. We keep that data for as long as we need it.

You can talk to us about how long we keep your data, or ask us to delete your data, by talking to us on live chat or emailing [email protected] But sometimes, laws or regulations tell us we have to wait a certain amount of time before we’re allowed to delete your data. If we have to wait, or if we can’t delete your data, we’ll let you know the reasons why.

Your legal rights

You have rights under the UK GDPR when it comes to your personal data. You have the right to:

  • Be informed about how we collect and use your data. That’s one of the big reasons we have a clear and simple privacy policy.
  • Have access to your data. You have the right to ask us for copies of your personal data. To do that just email us at [email protected] and we’ll provide those to you for free. We might not always be able to give you all the information you’ve asked for – for example, if it includes someone else’s personal data.
  • Withdraw your consent. If you’ve given us consent to use your data for a specific reason, you can withdraw this at any time.
  • Delete your data. To ask us to delete your information, just get in touch. We’ll respond to your request within one month. Sometimes we might have to keep your data, if laws or regulations tell us to. If we can’t delete your data, we’ll give you these reasons why when we respond to your request.
  • Have personally identifiable information changed. You can ask us to correct your data if it’s not accurate, or add more data to complete it. We’ll let you know when we’ve done that.
  • Limit the way we process your data. You can ask us to do this, for example, if you want us to correct the data we hold about you, or you object to how we’ve processed it. There may be situations where we can’t, or where we refuse to – we’ll let you know if that’s the case.
  • Object to us processing your data. You can ask us to stop processing your data. In some circumstances we’ll always do this – for example, if the reason we’re using your data is for direct marketing. But there might be situations where we’re not able to, or where we refuse to. We’ll let you know if that’s the case.
  • Change your mind about direct marketing. If you’ve ever chosen to get direct marketing from us, you can opt out at any time. Just click the unsubscribe link in any message you get, or let us know at [email protected] Just give us a few days to update our records, and then you’ll be opted out.
  • Get a copy of your data in a way that lets you move it from us to somewhere else.
  • Challenge any decision made by automated decision-making, and ask for a human to review it.