and served by MBOT Ltd trading as GLOW and governs the privacy of its users who choose to use it.
Under the GDPR we are required to notify the Information Commissioner’s Office (ICO) about our use of personal data. You can see our current data notification on the ICO website
(link is external).
The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore, the way this website processes, stores and protects user data and information will also be detailed within this policy.
Why and How We Process Information
We process personal information to act as an intermediary for financial transactions; typically to advise and apply for property finance such as mortgages or similar for clients. The same applies to advising and arranging insurance policies. We will ask for your consent to do this but as these are contracts with financial institutions our lawful basis for processing data is technically referred to as contract.
To understand how any personal information other than that provided to us through this website is processed you will need to refer to any personal communications you receive from us, check any privacy documents provided when entering into a contract with us or contact us to ask about your personal circumstances. We also maintain our own accounts and records and retain employee or contractor information to manage our staff / contractors.
When you contact us or request a mortgage quote, we ask for some personal information. You are under no obligation to provide this information to us. Providing that information, enables us to give you the right information or services that you ask for or notify you of further information required to facilitate that service.
If we would like to use your information for any other purpose than those stated above, we will contact you to ask for your consent.
As a minimum, we will hold your full name, email address and phone number for the purposes specified above. If you do not become a client of ours, your information will be erased after a period of time in line with our retention policy.
Visitors to Our Website
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies with all UK & EU regulations and requirements for user privacy. IP addresses are collected to see how users interact with our site.
. Users are also advised that if they wish to deny the use and saving of essential cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies.
If you delete cookies via your web browser you will not be able to use all of the features we offer, this website will not display properly and many of our online services will not be accessible. You will not be able to store your preferences and previously saved conversation history will not be available by default on your computer or device.
What information is Recorded on our website?
- Usage patterns
- Tech specs
- Personal Information (except sensitive information - see below)
- Mouse movements
- Typing (except sensitive information - see below)
- Device type
- Operating system
- Viewfinder size
- Script errors
- IP addresses
- Pages visited
- URL parameters
- Session duration
- Display name
- Email address
- Phone number
First and foremost, we record your movements and actions on our website in order to provide live chat support and assistance with your mortgage application if you get stuck. This helps us to advise on corrective actions when we replay your recorded session. We also record and monitor your movements across our website to identify bugs. Bugs and errors are often particular to a specific web browser or device type. This information helps developers build and ship fixes faster for each operating system and device. We do not record extremely sensitive information such as (but not limited to): passwords, payment information and national insurance numbers. These are excluded by default from being recorded. We do not record this sensitive data under any circumstances.
Contact & Communication & How we use your Email (Subscriptions / Newsletter)
We have integrated a secure live chat facility, where all communication between your computer and Glow is encrypted using industry-standard HTTPS/SSL whilst you are navigating our website using our live chat service. We'll store your personal information so that we can pick up your requirements if we talk later.
Every effort has been made to ensure a safe and secure live chat but we advise users that responding to our live chat by email that they do so at their own risk. Direct email responses to our secure live chat messages that are emailed to you when you are offline are not secure. We recommend that you use the link provided in the email to continue with your secure conversation on our website rather than replying directly to the email.
We may send you emails to follow up with you if you provide us with your email address. This website also operates an email subscription program, used to inform subscribers about products and services supplied by this website.
Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity. This information is used to refine future email campaigns and supply the user with more relevant content based on their activity.
In order to verify your email address, we use third-party email validation services from an ISO27001:2013 compliant UK registered Company (as determined by the British Assessment Bureau). We will use this third party to carry out Syntax, DNS A, DNS MX and MailBox verification on any email address that you provide.
- All data in transit is encrypted using HTTPS.
- All data at rest (e.g. stored for caching and reporting purposes) is secured using AES-265 bit encryption.
In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to unsubscribe at any time through an automated system. This process is detailed in the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to unsubscribe will be detailed instead. We have developed our tech to automatically unsubscribe your email address if you reply to any email sent from us with the word 'unsubscribe' written in the subject or body of your email.
Although this website only looks to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites)
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should, therefore, note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Adverts and Sponsored Links
This website may contain sponsored links and adverts. These will typically be served by our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are subject to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default, some social media platforms shorten lengthy URL web addresses.
Users are advised to take caution and good judgement before clicking any shortened URLs published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine URLs are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
Regulatory Functions and Reporting
As a regulated firm, we must provide information to the FCA regularly or in particular situations. We must collect and store regulatory data from our authorised firms. Most of the information has to be provided to us under the Financial Services and Markets Act 2000. Some of this information will be personal data about our employees/advisers or their clients.
We process information relevant to the above purposes. This may include:
- Personal details; including information about your identity and contact details
- Family details; such as information on cohabitees, partners, children etc.
- Employment and education details
- Financial details; including income, expenditure, assets, debts and credit history
- ‘Special Category’ data; specifically, medical and lifestyle information for insurance policies
- Transaction data from services provided by us
- Technical data; IP address, browser type, device type or other ‘browsing’ data
- Who the Information May Be Shared With
We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary we are required to comply with all aspects of the General Data Protection Regulation (GDPR). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
We will only collect the information needed so that it can provide you with marketing and consulting services, this agency does not sell or broker your data.
Where Necessary or Legally Required We Share Information With:
- Associates and representatives of the person whose personal data we are processing
- Financial organisations
- The Financial Conduct Authority (FCA)
- The Financial Ombudsmen Service (FOS)
- Law enforcement and prosecuting authorities
- Credit reference agencies
- Debt collection and tracing agencies
- Other companies in the same group
- Our service providers
- Courts and tribunals
- Undertaking research
- Consulting and advisory services
- Our professional advisers
- Staff welfare organisations
- Current, past or prospective employers
- Pension and payroll administrators
When you complete our online application, or mortgage eligibility assessment, you will be asked to give our third party open banking provider Credit Kudos one-time, read only access to your bank account to access your transactions and account information. Credit Kudos is authorised and regulated by the Financial Conduct Authority under registration numbers 770345 and 795791. Credit Kudos and Glow will not have ANY personal access to your online bank account dashboard. Credit Kudos will store your personal and financial information and their Privacy notice can be found here: https://www.creditkudos.com/legal/privacy
We may, on occasion, pass your personal information to third parties exclusively to process work on our behalf; for example, a data destruction provider. We always require these parties to agree to process this information based on our instructions and requirements consistent with this Privacy Notice and GDPR.
We will process personal data during the duration of any contract and will continue to store only the personal data needed for five years after the contract has expired to meet any legal obligations. After five years any personal data not needed will be deleted.
We use services and/or suppliers who operate within the EEA and while their parent company may be US based, we require all to fully comply with GDPR or similar to ensure a continuously high level of data protection.
Your Rights as a Data Subject
At any point whilst we are in possession of or processing your personal data, all data subjects have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing
- Right of portability – you have the right to have the data we hold about you transferred to another organisation
- Right to object – you have the right to object to certain types of processing such as direct marketing
- Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling
In the event we refuse your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge.
At your request we will confirm what information we hold about you and how it is processed.
Access to Personal Information
You have the right to access your personal information (subject to certain exemptions). If you wish to find out what information we hold that relates to you, you must make your request in writing to;
The Data Protection Officer, MBOT Ltd, 2 Choats Cottages, Halstead Road, Eight Ash Green, Colchester, CO6 3PT
How to Contact Us
This privacy notice does not provide exhaustive detail of all aspects of the collection and use of personal information. However, we are happy to provide any additional information or explanation needed. If you have any questions or complaints please contact the Data Protection Officer at:
The Data Protection Officer, MBOT Ltd, 2 Choats Cottages, Halstead Road, Eight Ash Green, Colchester, CO6 3PT
Telephone 0333 335 0023 or email firstname.lastname@example.org
What if I Am Still Not Satisfied?
If you are not satisfied with how we have responded to your enquiry, you have the right to complain to the Information Commissioner’s Office (ICO) (external link), who is the regulator for data protection in the United Kingdom.
Resources & Further Information
Glow is a registered trading style of MBOT LTD who are authorised and regulated by the Financial Conduct Authority in the UK, registration number 827692 in respect of mortgage and insurance mediation activities only. Further details may be found by visiting www.fca.org.uk
Date Last Updated: 16th March 2020.