Our Contact Details

Name: Bluestone Mortgages Ltd (BML). 

Address:  Bluestone Mortgages Limited, 40 Leadenhall Street, London, EC3A 2BJ

Phone Number: 0800 368 1834  

If you want to receive a copy of the information we hold or exercise any of your information rights as explained in this notice you can submit your request using this link

If you do not wish to use this form, or if you have any concerns or complaints about our use of your information, you can contact us using the details above. If we cannot resolve your enquiry to your satisfaction, you can contact the ICO at www.ico.org.uk or by telephoning 0303 123 1113 if you have a complaint that relates to the way we have handled your personal information.

You can contact our Group Data Protection Officer by email at dataprotectionoffice@shawbrook.co.uk or by writing to them at Shawbrook Bank Limited, Lutea House, Warley Hill Business Park, The Drive, Great Warley, Brentwood, Essex, CM13 3BE, if you have any questions about this privacy notice.

The Type of Personal Information we collect 

We currently collect and process the following information relating to you, from you in connection with your Application (for a mortgage) or Mortgage (loan agreement). We may also process information in relation to any guarantor of, or joint applicant for the loan. 

This personal information may include: 

• name, address, contact details, email address, telephone numbers; 
• date of birth, and if relevant, residency, citizenship, nationality, and any information about your health and any vulnerability;   

• financial details, including your income and expenditure, savings, borrowings and debts;  
• employment record; 
• marital status and details of your dependents; 
• your transactional history; 
• nature of occupier status (e.g. whether you are a tenant or owner occupier) and address history; and 

• information from credit reference agency (CRA) and fraud prevention agency (FPA); 

How we get the personal information and why we have it 

Most of the personal information we process is provided to us directly by you in connection with your Application (for a mortgage) or Mortgage (loan agreement) and its on-going administration. 

In the processing of your Application and the administration of your account, we may also collect personal information relating to you from other sources, including: 

• credit reference agency (CRA) and fraud prevention agency (FPA); 
• archives of publicly held information such as the Electoral Register and registers of court judgments; 
• your current and previous lenders, employers, landlords, accountant and, bankers; 
• the Land Registry 

• HM Revenue and Customs (HMRC); and 
• any intermediary or solicitor instructed by you in relation to the Application. 

We may also make a credit search with CRAs, which will record details of that search whether or not your Application is successful. Each search will be registered on your credit file(s) individually, and a number of searches within a short period may impact on your ability to obtain credit. We or other lenders may take this association into account in future applications for credit or financial services. The association will remain between you until one of you successfully applies for “disassociation,” the formal process of undoing a CRA association. Information held about you by CRAs may be linked to records relating to other persons. Your Application will be assessed with reference to any “associated” records of CRA searches of joint applicants for a mortgage. 

Recipients of Personal Information 

We may share this information for the processing of Applications and Mortgages with other organisations, including:  

• To other parts of the Shawbrook Group as appropriate;
• Fignum (part of the Bluestone Group) continues to provide data processing technology and hosting services for personal data;

• CRAs and FPAs – we may periodically submit information to these agencies throughout the term of your Mortgage. If you do not repay money owed to us on time and in full, we may inform CRAs who will record the outstanding debt, and this may impact on your ability to obtain credit; 
• any intermediary assisting you with your Application; 

• the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO), our regulators, in accordance with any relevant requests; 
• any company providing insurance or other products in connection with the Mortgage; 
• third parties which provide services to us in connection with the Mortgage; 
• your guarantors, and any adult occupiers of the property; 
• our guarantors, investors, or funders and any entity proposing to do so; 

• actual or proposed assignees of our rights against you; 
• any party with whom we or our agents have, or are considering entering into, a contractual agreement in relation to the mortgage; 
• any receiver, and any party who it may be necessary to inform in connection with any contemplated litigation against you; and or  
• professionals employed in relation to the mortgage documents, or as advisors to persons referred to above. 

 

Under the United Kingdom (UK) General Data Protection Regulation (GDPR), the lawful basis we rely on for the processing of this information are: 

• Contract.  That this is necessary for the performance of the Mortgage (contract) with you, including steps at your request prior to entering into the Mortgage during your Application; and or  
• Legal Obligation.  That this is necessary for compliance with a legal or regulatory obligation that applies to us. 

The legal bases on which we collect, process and transfer special categories of data relating to you in the manner described above are: 

• Consent.  That you have given your explicit consent to such processing of any health or sexual orientation information; any withdrawal of your consent, would compromise the Application or the Mortgage and may prevent the processing to satisfy BML’s regulatory obligations. 
• On occasion BML may require processing of special category information in the establishment, exercise, or defence of legal claims, even if Consent has been removed. 

Marketing

BML conducts no direct marketing to mortgage applicants or customers.  BML sends new and existing product updates to its network of mortgage brokers. This is assessed to be a reasonable expectation for business to business activities and is therefore conducted under BML’s legitimate interest. If you have any questions regarding marketing please contact us by using the details at the start of this notice.

Transfers Abroad 

In connection with the above we might transfer your personal information outside the UK and outside the European Economic Area (EEA), including to a jurisdiction which is not recognised by the UK or the European Commission (EC) as providing for an equivalent level of protection for personal information as is provided for in both the UK and European Union (EU). If your personal information is transferred internationally, we will ensure that appropriate measures are in place to comply with our obligations under applicable law governing such transfers.  These may include entering into a contract governing the transfer that contains ‘standard contractual clauses’ approved for this purpose by the ICO. If you would like to receive further details of the measures that we have taken in this regard, we can be contacted by using the details at the start of this notice.

Automated Decision Making 

As part of the processing of your personal information, decisions may be made by automated means, e.g. we may use credit scoring methods or other automated decision-making systems to assess your credit status. We may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with that of known fraudsters or money launderers; or is inconsistent with your previous submissions; or you appear to have deliberately hidden your true identity. 

How we store your personal information 

Your information is securely stored: 

We will not hold your data for longer than is necessary.  We will retain and hold your personal information, and all details and documents relating to your loan, for up to five years after: 

• the date on which either your loan is repaid, or  
• your Application does not proceed, or  
• the date of expiry of an Agreement with you, or  
• for such period of time thereafter as is necessary to comply with our legal and regulatory obligations. 

 

We will then dispose of your information

Your data protection rights 

Under data protection law, you have the following rights including: 

• Your right of access. You have the right to ask us for copies of your personal information. 
•  Your right to rectification. you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 
•  Your right to erasure.  you have the right to ask us to erase your personal information in certain circumstances. 
• Your right to restriction of processing. You have the right to ask us to restrict the processing your personal information in certain circumstances. 
• Your right to object to processing.  You have the right to object to the processing of your personal information in certain circumstances. 
• Your right to data portability.  You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. 
• Rights in relation to automated decision making and profiling.  You have the right to have any automated decision-making reviewed by a person. 

If you wish to make a request to exercise one or your rights you can submit your request here or by using the details at the start of this notice

A copy of the Experian Credit Reference Agency Information Notice (CRAIN) can be found here: http://www.experian.co.uk/crain/index.html 

A copy of the Cifas Fair Processing Notice (FPN) can be found here: https://www.cifas.org.uk/fpn  

Information last updated on the 25/02/2025