Why should you read this document?
During the course of dealing with us, we will ask you to provide us with detailed personal information relating to your existing circumstances, your financial situation and, in some cases, your health and family health history (Your Personal Data). This document is important as it allows us to explain to you what we will need to do with Your Personal Data, and the various rights you have in relation to Your Personal Data.
Who we are
Brightstar Financial, Bright Star or Brightstar are all trading styles of Bright Star Financial Limited (company number 07462342) registered at: The HUB, Unit 7 Lake Meadows Business Park, Woodbrook Crescent, Billericay, Essex, CM12 0EQ. United Kingdom. All registered in England and Wales. Bright Star Financial Limited is authorised and regulated by the Financial Conduct Authority. Our Financial Services Register number is 712700. You can check this on the Financial Services Register by visiting the FCA’s website www.fca.org.uk/register or by contacting the FCA on 0800 111 6768.
The Data Protection Officer for Bright Star Financial Limited is William Lloyd. We are registered with the Information Commissioners Office (Z2494664).
We regularly review our policy in respect of your personal data, and this version was last reviewed in March 2022.
What do we mean by “Your Personal Data”?
Your Personal Data means any information that describes or relates to your personal circumstances. Your Personal Data may identify you directly, for example your name, address, date of birth, national insurance number. Your Personal Data may also identify you indirectly, for example, your employment situation, your physical and mental health history, or any other information that could be associated with your cultural or social identity.
In the context of providing you with assistance in relation to your Mortgage, Loan, Finance and Protection requirements Your Personal Data may include:
Title, name, date of birth, gender, nationality, civil/marital status, contact details, addresses and documents that are necessary to verify your identity.
Employment and remuneration information, (including salary/bonus schemes/overtime/sick pay/other benefits), employment history.
Bank account details, tax information, loans and credit commitments, personal credit history, sources of income and expenditure, family circumstances and details of dependents.
Health status and history, details of treatment and prognosis, medical reports (further details are provided below specifically with regard to the processing we may undertake in relation to this type of information).
Any pre-existing mortgage and finance products and the terms and conditions relating to these.
The basis upon which our firm will deal with Your Personal Data
When we speak with you about your mortgage requirements, we do so on the basis that both parties are entering a contract for the supply of services. In order to perform that contract, and to arrange the product(s) you require, we have the right to use Your Personal Data for the purposes detailed below.
Alternatively, either in the course of initial discussions with you or when the contract between us has come to an end for whatever reason, we have the right to use Your Personal Data provided it is in our legitimate business interest to do so and your rights are not affected. For example, we may need to respond to requests from mortgage lenders, insurance providers and our Compliance Provision relating to the advice we have given to you, or to make contact with you to seek feedback on the service you received.
On occasion, we will use Your Personal Data for contractual responsibilities we may owe our regulator, The Financial Conduct Authority, or for wider compliance with any legal or regulatory obligation to which we might be subject. In such circumstances, we would be processing Your Personal Data in order to meet a legal, compliance or other regulatory obligation to which we are subject.
How do we collect Your Personal Data?
We will collect and record Your Personal Data from a variety of sources, but mainly directly from you. You will usually provide information during the course of our initial meetings or conversations with you to establish your circumstances, needs and preferences in relation to mortgages, finance, or insurance. You will provide information to us verbally, electronically and in writing, including email. You may also provide your information to us directly on to our systems or apps or secure portal.
We may also obtain some information from third parties, for example, credit checks, information from your employer, and searches of information in the public domain such as the voter’s roll. If we use technology solutions to assist in the collection of Your Personal Data for example software that is able to verify your credit status. We will only do this if we have consent from you for us or our nominated processor to access your information in this manner. With regards to electronic ID checks, we would not require your consent but will inform you of how such software operates and the purpose for which it is used.
What happens to Your Personal Data when it is disclosed to us?
In the course of handling Your Personal Data, we will:
Record and store Your Personal Data in our paper files, mobile devices and on our computer systems (websites, email, hard drives, case management systems and cloud facilities). This information can only be accessed by employees and consultants within our firm and only when it is necessary to provide our service to you and to perform any administration tasks associated with or incidental to that service. Submit Your Personal Data to Mortgage Lenders both in paper form and on-line via a secure portal. The provision of this information to a third party is essential in allowing us to progress any enquiry or application made on your behalf and to deal with any additional questions or administrative issues that lenders and providers may raise.
Use Your Personal Data for the purposes of responding to any queries you may have in relation to any mortgage you may take out, or to inform you of any developments in relation to those products and/or polices of which we might become aware.
Sharing Your Personal Data
From time to time Your Personal Data will be shared with:
Mortgage lenders
Third parties who we believe will be able to assist us with your enquiry or application, or who are able to support your needs as identified. These third parties will include but may not be limited to, our compliance advisers, product specialists, estate agents,
providers of legal services such as estate planners, conveyancing, surveyors, and valuers (in each case where we believe this to be required due to your particular circumstances).
In each case, Your Personal Data will only be shared for the purposes set out in this Customer Privacy Notice, i.e., to progress your mortgage enquiry and to provide you with our professional services.
Please note that this sharing of Your Personal Data does not entitle such third parties to send you marketing or promotional messages: it is shared to ensure we can adequately fulfil our responsibilities to you, and as otherwise set out in this Customer Privacy Notice.
We do not envisage that the performance by us of our service will involve Your Personal Data being transferred outside of the European Economic Area.
Fraud Prevention
GENERAL
1. Before we provide services, goods, or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
2. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
3. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
4. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
5. We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
6. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
AUTOMATED DECISIONS
THE CONSEQUENCES OF PROCESSING
7. As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more, please contact us using the details above.
CONSEQUENCES OF PROCESSING
8. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
9. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing, or employment to you. If you have any questions about this, please contact us on the details below.
DATA TRANSFER
10. Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
YOUR RIGHTS
11. Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
12. For more information or to exercise your data protection rights, please contact us using the contact details below.
13. You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data (see details below).
Security and retention of Your Personal Data
Your privacy is important to us, and we will keep Your Personal Data secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard Your Personal Data against it being accessed unlawfully or maliciously by a third party.
We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.
Your Personal Data will be retained by us either electronically or in paper format for a minimum of six years, or in instances whereby we have legal right to such information we will retain records indefinitely.
The Use of Your Data with Regards to Trustpilot
We have teamed up with the independent review company Trustpilot to collect independent customer reviews. Through Trustpilot, we will contact you via your email address provided, to ask you to please share with us your experience of Bright Star Financial Limited. The only information that Trustpilot get is your name and email address to enable them to contact you on our behalf. This information is not sufficient to directly identify you as an individual.
We provide Trustpilot with these details under the following conditions:
Trustpilot will only use the customer details to send one review request and one reminder. You are under no obligation to respond to these requests.
Any personal customer details will not be used for any other purpose and cannot be given to any 3rd party organisations or businesses without your prior permission unless legally required to do so.
Your rights in relation to Your Personal Data
You have the right to request a copy of the personal information that we hold about you, its origin, and any recipients of it as well as the purpose of any data processing carried out.
Right to access: the right to request copies of your personal information from us.
Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete.
Right to erase: the right to request that we delete or remove your personal information from our systems.
Right to restrict our use of your information: the right to ‘block’ us from using your personal information or limit the way in which we can use it.
Right to object: the right to object to our use of your personal information
Right to data portability: the right to request that we move, copy, or transfer your personal information.
If you have any questions or would like to exercise your right under this Privacy Policy, please contact Steve Burch via the following methods;
Email – customerservice@brightstarfinancial.co.uk
Phone – 01277 500900
Address – Brightstar Financial, Unit 7, Lake Meadows Business Park, Woodbrook Crescent, Billericay, Essex, CM12 0EQ
We will aim to respond to all requests within 30 days except in instances where the request may be complex. We shall let you know within the 30-day period if we will need more time but no longer than 90 days.
If you have any concerns or complaints as to how we have handled Your Personal Data you may lodge a complaint with the UK’s data protection regulator, the ICO, who can be contacted through their website at https://ico.org.uk/global/contact-us/ by phone 0303 123 113 or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
We keep our privacy notice under regular review. This privacy notice was last updated on 25th April 2022.
