Trusted mortgage & protection advice across the UK
Legal

Privacy Notice

Our contact details

Last updated: June 2026.

The type of personal information we collect

We currently collect and process the following categories of personal data:

  • Personal identifiers, contacts and characteristics (for example, name and contact details).
  • Financial information (for the purpose of combating fraud and complying with anti-money laundering obligations).
  • Health and medical information (for the purpose of providing insurance advice).
  • Property information (for the purpose of mortgage underwriting).
  • Credit reference information (for the purpose of identity and address validation).

How we obtain the personal information and why we have it

Most of the personal information we process is provided directly by you for one of the following purposes:

  • Secured lending advice, assessment/qualification and underwriting.
  • Insurance advice, assessment/qualification and underwriting.

This information is processed primarily on a contractual basis to enable us to provide mortgage and protection advice services.

In order to validate your identity and/or residential address, we may carry out what is known as an Enquiry Search with a credit reference agency. This will leave what is often referred to as a “soft footprint” on your credit file. This is not visible to lenders and does not impact your credit score.

We also receive personal information indirectly from third parties in the following circumstances:

  • Lenders – to assist in providing advice, arranging lending products, and servicing our customers.
  • Insurers – to assist in providing advice, arranging insurance products, and servicing our customers.

We use this information in order to provide you with regulated mortgage and/or insurance advice.

Who we share your information with

We may share your information with:

  • Lenders (the specific lenders approached will be disclosed to you during the advice process).
  • Insurance companies (the specific insurers approached will be disclosed to you during the advice process).
  • The Financial Conduct Authority (for regulatory purposes).
  • The Information Commissioner’s Office, National Crime Agency, and other law enforcement bodies (where legally required).
  • Customer Relationship Management and Product Sourcing Systems used in the day-to-day processing of your data.
  • 3rd party administration and anti-money laundering systems and software, used to assist with processing your application and to support our obligation to prevent financial crime.

Sub-processors

We use Acre, a third-party provider of customer relationship management and product sourcing technology, as a data sub-processor. This means that Acre processes personal information on our behalf and under our strict instructions. Acre provides the secure electronic platform through which your data is stored, managed, and used to source mortgage and insurance products.

We have a data processing agreement in place with Acre that requires them to:

  • Only process your personal information in accordance with our written instructions.
  • Maintain appropriate technical and organisational security measures.
  • Support us in fulfilling your data subject rights.
  • Assist with audits and regulatory compliance.
  • Ensure that any of their own sub-processors are subject to equivalent obligations.

Lawful basis for processing

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on are:

  • Contractual obligation – where processing is necessary to provide you with advice and arrange products.
  • Legal obligation – where processing is required under regulatory or statutory duties (e.g., anti-money laundering).
  • Legitimate interest – where processing is required for the effective running of our business in a way that does not override your rights and freedoms.

Special category data

Where we process health or medical information, we do so in accordance with Article 9 of the UK GDPR. This will typically be:

  • With your explicit consent; or
  • Where processing is necessary for insurance purposes in line with applicable data protection laws.

Where we rely on your consent, you have the right to withdraw it at any time.

How we store your personal information

Your personal information is securely stored in electronic format using our sub-processor Acre’s customer relationship management system and product sourcing technology. Acre ensures encryption, restricted access, and industry-standard safeguards to protect your data.

We keep personal information only for as long as is necessary to fulfil our regulatory and legal responsibilities. This includes retaining information for the period during which you can bring a complaint or for as long as we are subject to anti-money laundering retention requirements. After this period, your information is permanently deleted.

International transfers

Where we use third-party providers, your data is primarily stored within the United Kingdom and the European Economic Area (EEA). Where it is necessary to transfer personal data outside of these areas, we ensure appropriate safeguards are in place. These may include adequacy regulations (such as the UK–US Data Bridge) or the use of standard contractual clauses approved under UK data protection law.

Artificial Intelligence (AI) processing

We may process your data using Artificial Intelligence (AI) systems to assist with the administration of your application and to support the detection of financial crime.

These systems are used only to support administrative and analytical tasks, and all outputs are subject to appropriate human oversight. No decisions are made solely by automated means.

All AI systems used meet appropriate security and data protection standards and operate within the lawful bases set out in this policy.

Your data protection rights

Under data protection law, you have certain rights, including:

  • Right of access – ask us for copies of your personal information.
  • Right to rectification – ask us to rectify information you think is inaccurate, or complete information you think is incomplete.
  • Right to erasure – ask us to erase your personal information in certain circumstances.
  • Right to restriction of processing – ask us to restrict the processing of your personal information in certain circumstances.
  • Right to object to processing – object to the processing of your personal information in certain circumstances.
  • Right to data portability – ask that we transfer your personal information to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

To exercise your rights, please contact us at enquiries@silveroakfinancial.co.uk.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at enquiries@silveroakfinancial.co.uk or by calling 01908 010370.

You can also complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: www.ico.org.uk