Privacy Policy

This privacy policy applies to (Buildacy/us/we/our) and its related mobile applications. It tells you (the customer) what to expect when we collect personally identifiable information about you.

We will not collect any personally identifiable information about you unless it is in response to you using our website or actively applying for one of our products or services. We value your privacy and the security of your personally identifiable information is extremely important to us. The lawful basis by which we are collecting information from you is “the performance of a contract”.

This privacy policy is regularly reviewed to make sure that we continue to serve your privacy interests. We reserve the right to update this privacy policy as we deem necessary. Any changes will be posted on our site and if you have an account with us we will email you directly if we deem it necessary.

For the purpose of the General Data Protection Regulation (GDPR) 2018, the registered data controller is Buildacy Ltd, whose trading address is Level 39, One Canada Square, Canary Wharf, London, E14 5AB.

Our Information Commissioner’s Office (ICO) registration number is Z2201683.

What information we collect

When we create your account and complete the ‘fact find’, we collect the following information from you:

  • Name, address and contact details;
  • Employment details;
  • Financial information such as banking details, salary, savings, and financial commitments; and
  • Any other personally identifiable information necessary for the completion of a mortgage application.

In addition to the above, we collect information from you through your communications with us – for example:

  • Identification and address verification;
  • Payslips and contracts of employment;
  • Self assessment tax returns and tax year overviews;
  • Bank statements;
  • Your credit report.

We may also collect information about your computer, including your browser type, your operating system, your device type and your IP address. We collect this information for site optimisation and product and service improvements. For more information on this please refer to our cookie policy.
We may also collect personal information from you over the telephone for mortgage or life insurance purposes. We may record telephone calls for training and monitoring purposes.

How we will use your information
The information we collect about you will be mainly used for the purpose of applying for a mortgage or any other product or service we offer. There are also other ways in which we will use your information – these are detailed below. We will use your information to:
  • Operate and manage any Buildacy account you hold with us and any mortgage application(s) you consent to us making on your behalf;
  • Manage any life insurance application(s) you are making;
  • Carry out market research, profiling and business and statistical analysis including the formation of a view on you as an individual in order to service you and others better;
  • Test our systems and develop our products (or any other similar purpose);
  • Comply with any regulatory obligation we are obliged to; and
  • If you have consented, we will contact you by any medium you have agreed to or provided us with details of, in relation to our goods and services.
We may share your information with the following entities:
  • Any Buildacy group company;
  • Any regulatory/governmental body, ombudsmen or law enforcement agency who has jurisdiction;
  • Any electronic identification firm we use for identification and address verification purposes only;
  • A mortgage lender; to allow us to make a mortgage application on your behalf;
  • Any third parties that participate in the entire mortgage journey (e.g. solicitors, valuers, conveyancers and mortgage clubs);
  • Suppliers who process your data on our behalf; we will have written contracts in place with such entities which require them to process your data only in accordance with our instructions; and
  • Any person or legal entity to whom we sell or transfer (or initiate discussions with to sell or transfer) our business or any part of it or any of our rights or obligations under any agreement we may have with you. If the transfer goes ahead, you agree that the purchaser can use your data in the same way as us.
  • Life Insurers with whom we complete Life Insurance applications on your behalf.

We will ensure your data remains within the EEA and as a result is captured under the General Data Protection Regulation. If for any reason we use third parties that are domiciled outside of the EEA any such data storage will undergo further enhanced controls and checks, dependent on the country of storage.

Your rights under the General Data Protection Regulation (GDPR) 2018

Under the General Data Protection Regulation 2018, you have various rights in relation to your information. Detailed below are your rights and a description of each one.

You have the right to:

  • Be informed – this means you have the right to be informed about the collection and use of your personally identifiable data – this is detailed above in more detail.
  • Have access to your information – you have the right to access your personally identifiable data and supplementary information. This will be provided free of charge. However, when a request is manifestly unfounded, excessive or repetitive we reserve the right to charge a fee. We may also charge a reasonable fee to comply with requests for further copies of the same information. You can request access to your information by emailing us at
  • Have personally identifiable information rectified – you have a right to have inaccurate personal data rectified, or completed if it is incomplete. We will inform you when any inaccurate information is corrected.
  • Erase your personally identifiable information – the right to erasure is also known as ‘the right to be forgotten’. You can make a request for erasure of information verbally or in writing. We will respond to your request within one month. The right is not absolute and only applies in certain circumstances. For example it does not apply when we have statutory or regulatory obligations to keep your data.
  • Restrict processing of personally identifiable data – you have the right to request the restriction or suppression of your personal data. This is not an absolute right and only applies in certain circumstances. When processing is restricted, we are permitted to store the data, but not use it. Port your personally identifiable data – this right allows you to obtain and reuse your personally identifiable data for your own purposes across different services. It allows you to move, copy or transfer personally identifiable data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
  • Object to the processing of your data – you have a right to object to the processing of your data for purposes of scientific or historical research and statistics, as well as for the purposes of direct marketing (including profiling).
  • Challenge any decision made by automated decision making – we will inform you when we are performing automated decisioning and when we do we will give you information about the processing activity. We will introduce simple ways for you to request human intervention or challenge a decision made by automated decision making.
Marketing communications
If you have changed your mind about receiving marketing from us, you can opt out at any time by emailing us at
Information security
We pride ourselves on treating your data with the utmost care and security. Our systems meet or exceed industry standards and we are constantly monitoring these to provide improvements where available. We will never store passwords in plain text, nor will we allow anyone to access your data unless they have a justifiable reason to do so. All of our employees are background checked before they are granted access to your data.
Credit decisions, the prevention of fraud and money laundering
Your lender may use credit reference and fraud prevention agencies to help them make decisions. If you would like to read the full details of how your data may be used, please contact your lender. If you apply for a product through Buildacy, we will provide the information we hold about you to your lender. The lender will use this information to help make its decision about whether or not to lend to you. This will involve checking the following records about you and others:
  • Its own records;
  • Those at credit reference agencies (CRAs); and
  • Those at fraud prevention agencies (FPAs).
The lender will make checks such as assessing your application for credit and verifying the applicants’ identities to prevent and detect crime and money laundering. The lender may also make periodic searches at CRAs and FPAs to manage your account with them. If you give false or inaccurate information and the lender suspects or identifies fraud, the lender will record this and may also pass this information to FPAs and other organisations involved in crime and fraud prevention.
Automated credit decisions
Your mortgage application may be assessed by the lender by the means of automated decision making and if it is declined we will endeavour to request from the lender the actual reason why the application has been declined. Once we know this reason we will contact you as soon as we are able to convey this to you.
If you have a complaint about how we handle your data please write to our Operations Manager, David Airey:
  • By email at
  • By letter, addressed to:
  • Buildacy Operations Manager, Level 39, One Canada Square, Canary Wharf, London, E14 5AB; or
  • By telephone on 0203 9977 978.
Please include your name and address, a contact telephone number, an email address, your application number (if applicable), and details of why you are unhappy. If we do not have enough information to investigate your complaint we will contact you to ask for further information. We will investigate your complaint promptly and will respond to you as soon as we can detailing our findings of your complaint. If we have been unable to resolve your information rights concern, you can raise the matter with Information Commissioner’s Office (“ICO”). They will use the information you have provided, including our response to your concerns, to decide if your concern provides an opportunity to improve information rights practice. You can contact the ICO by either:
  • Calling their helpline on 0303 123 1113, or;
  • Using their live chat system.
How to find out more
Your lender will have their own separate privacy policy, for more information on how they handle your personal information please refer to them directly.