Privacy Policy

We are committed to protecting your privacy. This Privacy Notice applies between you, the User of the website and Hearthstone Advisory Limited.

Hearthstone Advisory Limited is the owner and provider of this Website, and this Privacy Notice sets out our privacy practices and explains how we collect, process, hold and store (collectively referred to as handle) personal data and with whom we share it with. 

The personal data we handle is only that which is required by us so that we may deliver the services you require. Except as provided in this Privacy Notice, we do not supply personal data to any company for marketing purposes.

We are registered as a data controller with the ICO, which is the UK’s independent body set up to uphold information rights. As a data controller, we determine the purpose for which, and the manner in which, personal data is processed, and we make sure we comply with UK data protection law when we process such data.

You may browse our website without telling us who you are or revealing any personal data about yourself. The information we collect from you is only that which is required by us so that we may deliver the site functionality, information you have requested or searched for and to provide you with our services.

Our Privacy Notice will be reviewed on a regular basis and may be updated from time to time. We will notify you via email when this happens and provide you with a copy of the most recent and up-to-date Privacy Notice.

What is Personal Data

When we refer to personal data, we mean any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

Under data protection legislation it is known as personal data. Some personal data will identify you directly – for example, by giving your name and email address. It may also be possible to identify you indirectly, from information in which your name is not given, for example by naming your job title and employer, or by using another form of identifier such as an online identifier.

What Personal Data Do We Collect

We may collect the various categories of personal data as outlined below:

  • Personal Details – Full name, Title, Gender, Date of Birth, Profession/Job Title.
  • Contact Details – Telephone number, mobile phone number, correspondence address, email address.
  • Financial Details – Bank details, Credit or Debit card details.
  • Technological Details (automatically collected) – IP address, web browser type and version, operating system, URLs.

When Do We Collect Personal Data?

Personal Data may be collected at various points throughout your interaction with us. Basic Personal and contact details may be collected upon your initial contact with us or upon submission of an email or website contact form, whilst more detailed Personal Data, including documentation and financial details, may be collected during the process of our service provision. This will usually be when we are collating the Personal Data required, to submit or manage, an application on your behalf.

How Do We Collect Personal Data

The following outlines the processes we employ to collect personal data:

  • Contacting Us – we may record, use and store any telephone, postal, e-mail or other electronic communications provided by you. This is to ensure that we can refer back to any instruction you may have given to us as well as to ensure that the information we provide you with is accurate.
  • General Statistics- we collect statistics relating to pages visited, paths through the website, search terms used to find us. This is done to improve the visitor experience, understand our customer’s needs and help us improve site design and layout.
  • Online Forms- we collect data that you have entered into our online/contact forms. We have appropriate measures in place to ensure that users’ personal details are not misused, accidentally destroyed, lost or altered within the server environment. No data transmission over the internet can be guaranteed to be totally secure, we cannot ensure, guarantee or warrant the security of any information which you send to us, and you do so at your own risk. (Our website may contain links to enable you to visit other websites. Once you have left our site, you should note that we do not have any control over the other linked website. We cannot be held responsible therefore for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy notice applicable to the website in question).
  • Third Parties – we may be provided with your personal data by any third parties who you have instructed to do so.
  • Publicly Available Sources – we may collect your personal data from any publicly available records such as internet searches.

Why Do We Collect Personal Data

The personal data we collect is used to:

  • Enable us to provide you with information about our products and services;
  • Enable us to provide you with our products and services;
  • Enable us to contact you regarding general product and service level matters;
  • Keep you informed of new features, products and services available from us;
  • Maintain internal records;
  • Ensure that we comply with the necessary laws and regulations; and
  • Ensure that our website is compatible with the browsers and operating systems used by most of our visitors.

It is important that the information we hold about you is accurate and current. Please keep us informed if any such information were to change during the period for which we hold it.

We may use your personal data for the above purposes if we deem it necessary to do so for our legitimate interests. If you are not satisfied with this, you have the right to object in certain circumstances, (see below).

For the delivery of direct marketing to you via email, we need your consent whether via an opt-in or soft-opt-in arrangement:

  • Soft-opt-in consent applies when you have previously engaged with us by enquiring about or receiving our products or services and we are marketing similar products or services. Under soft-opt-in consent we will take your consent as given unless you opt-out.
  • For other types of email marketing we will require your explicit consent, for example asking you to tick a box to confirm you are happy to receive these communications.

When you enter into a contract to receive our products or services, the legal basis for processing your personal data is the contract between us or the taking of steps at your request, to enter into such a contract.

Disclosing Personal Data to Third Parties

  • We will not sell, share or rent your name, email address, or any other personal data to any third party for marketing purposes;
  • We will disclose your Personal Data to the relevant Provider(s) from who we will be providing products or services to you.
  • We may also disclose personal data to third parties (this may include but is not limited to, our employees, agents, accountants, contractors and other professional advisors) who may require access to personal data in the course of them providing us with their services. We will at all stages ensure that these third parties have appropriate security measures in place when handling any personal data;
  • Your data may be shared with third-party payment providers who process payments made over the website if applicable;
  • We may at our discretion disclose personal data that is required by the police (or other organisations with a law enforcement role) for the prevention and detection of crime or the apprehension or prosecution of offenders;
  • We may disclose specific personal data where we are required to by law;
  • We may share aggregated demographic information with our partners, advertisers or other third parties. This will not contain information that can identify any individual person.

Data Retention

Unless a longer retention period is required or permitted by law, we will only hold your personal data on our systems for the period necessary to fulfill the purposes outlined in this privacy notice or until you request that your personal data be deleted.

Even if we delete your personal data, it may remain on backup or archival media for legal, tax or regulatory purposes.

Viewing, Changing, or Removing Client Data

You have the following rights in relation to your personal data:

  • Right to access- the right to request (i) copies of the information we hold about you at any time, or (ii) that we modify, update or delete such information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is “manifestly unfounded or excessive.” Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.
  • Right to correct- the right to have your personal data rectified if it is inaccurate or incomplete.
  • Right to erase- the right to request that we delete or remove your personal data from our systems.
  • Right to restrict our use of your Data- the right to “block” us from using your personal data or limit the way in which we can use it.
  • Right to data portability- the right to request that we move, copy or transfer your personal data.
  • Right to object- the right to object to our use of your personal data including where we use it for our legitimate interests.

To make enquiries, exercise any of your rights set out above, or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), please contact us via the details below.

If you are not satisfied with the way a complaint you make in relation to your personal data is handled by us, you may be able to refer your complaint to the Information Commissioner’s Office (ICO).

The ICO’s contact details can be found on their website at https://ico.org.uk/ or you can write to them at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

How We Store Client Data

Your data will be stored securely in line with industry best practices at all times. The security measures in place are reviewed annually and include:

  • Requiring a username and password to access your personal data;
  • Your personal data being stored on secure servers; and
  • The encryption of payment details (where applicable).

Personal data which we collect from you may be stored and processed in and transferred to countries outside of the European Economic Area (EEA). For example, this could occur if our servers are in a country outside the EEA or one of our service providers is situated in a country outside the EEA. We may also share information with other group companies, some of which may be located outside the EEA.

We will only transfer personal data outside the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, e.g. by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission, or by signing up to the EU-US Privacy Shield Framework, in the event that the organisation in receipt of the Data is based in the United States of America.

To ensure that your personal data receives an adequate level of protection, we have put in place appropriate safeguards and procedures with the third parties we share your personal data with. This ensures your personal data is treated by those third parties in a way that is consistent with the Data Protection Laws.

If you suspect any data breach or misuse, loss or unauthorised access to your personal data, please let us know immediately via the contact details below.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Change of Business Ownership and Control

We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control. Personal data as well as any other form of data provided by you will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy notice, be permitted to use such data for the purposes for which it was originally supplied to us.

We may also disclose such data to a prospective purchaser of our business or any part of it.

In the above instances, we will take steps with the aim of ensuring your privacy is protected.

General

You may not transfer any of your rights under this privacy notice to any other person. We may transfer our rights under this privacy notice where we reasonably believe your rights will not be affected.

If any court or competent authority finds that any provision of this privacy notice (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy notice will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

This notice will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

Changes to this Privacy Notice

We reserve the right to change this privacy notice as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the Website and you are deemed to have accepted the terms of the privacy notice on your first use of the Website following the alterations or any changes will be notified to you and you are deemed to have accepted the terms of the privacy notice on your receipt.

For further information please contact us as below:

Contact

  • Name: Ajay Nayyar
  • Address: Europa House, Marsham Way, Gerrards Cross, England, SL9 8BQ
  • Telephone Number: 01753 463391
  • Email: enquiries@hearthstonemortgages.co.uk

Last updated 30 November 2021.

Speak to our
advisers today

Our friendly advisers are available Monday to Friday, for a no obligation consultation.

Book a 1-2-1 today
Ajay Nayyar
  • Hearthstone Mortgages
  • Europa House, Marsham Way, Gerrards Cross SL9 8BQ
  • 01753 463391
  • enquiries@hearthstonemortgages.co.uk

Follow us:

Facebook Instagram Linkedin Spotify Youtube

THINK CAREFULLY BEFORE SECURING DEBTS AGAINST YOUR HOME OR PROPERTY. Your home or property may be repossessed if you do not keep up repayments on your mortgage. Hearthstone Mortgages is a trading name of Hearthstone Advisory Limited, which is authorised and regulated by the Financial Conduct Authority (FRN: 945282). Hearthstone Advisory Limited is a company registered in England and Wales (Company Number 10563329) with its registered office at Europa House, Marsham Way, Gerrards Cross, Buckinghamshire, SL9 8BQ. View us on the FCA register. We are a credit broker, not a lender. We may receive commissions that will vary depending on the lender, product or other permissible factors. The nature of any commission model will be confirmed to you before you proceed.

Areas we serve:

© 2025 All rights reserved. Hearthstone Mortgages, a trading name of Hearthstone Advisory Limited.

Hearthstone logo

Talk to a Mortgage Expert Today.

Just pop in your details and one of our expert mortgage advisers will personally reach out to help you take the first step.

Fast answers. Friendly advice. Free consultation.