Your privacy is important to Burrow. We respect your privacy and are committed to protecting your data. This privacy will inform you as to how we look after your personal data when you use our services and tell you about your privacy rights and how the law protects you.

About Burrow

Burrow provides mortgage management software. We use your information to show you mortgage options that are relevant to you. We also provide tools through which you may interact with brokers. Your information will be shared directly with all partner brokers who will maintain their own record of your data. You may manage the data you have entered in your Burrow account and your marketing preferences within the Burrow service. Where data is provided with a third party, you will need to contact them separately to update your information and preferences.

A ’partner broker’ is the mortgage broker on behalf of whom we provide our services.

Burrow is a trading name of DPR Consulting Limited (registration number 03178610), whose registered office is at 6th Floor Commodity Quay, St Katharine Docks, London, United Kingdom, E1W 1AZ.

DPR Consulting Limited is registered with the Information Commissioner under reference number (ZA054153) and respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you use our website and tell you about your privacy rights and how the law protects you.

Contact Points

To help ensure all of our legal and regulatory obligations, we have appointed a Data Protection Officer. If you have any questions or concerns about how your personal information is being used, you can contact us at:

  • EMAIL: compliance@letsburrow.com
  • PHONE: 020 7050 2000
  • ADDRESS: 6th Floor, Commodity Quay, St Katharine Docks, London E1W 1AZ
  • You can find out more information about your rights from the UK’s Information Commissioner’s Office. The ICO is the UK’s independent body for the explicit purpose of protecting information rights. You can find out more here.

Purpose of this privacy policy

This privacy policy aims to give you information on how Burrow collects and processes your personal data, including any data you may provide when you purchase a service.

Burrow is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

Personal Data

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

What information will Burrow collect from you?

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

“Identity Data”

  • Includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Any other personally identifiable information necessary for the completion of a mortgage application.

“Financial Data”

  • Financial Data includes bank account and payment card details, salary, savings, and financial status and spending commitments, employment status.
  • Position Data: description of current position, job title, corporate status, management category, job code, grade or level, job function(s) and sub function(s), company name and code (legal employer entity), branch/unit/department, location, employment status and type, full-time/part-time, dates of hire/re-hire and termination date(s).
  • Company structure & information if relevant for your application.
  • If you’re self-employed, we will also ask you for information regarding your accountant.
  • Transaction Data including details about payments to and from you and other details of products and services you have purchased from us.

“Technical and Usage Data”

  • Technical Data includes your internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Profile Data includes your username and password (including any secret questions and answers), profile photo, region, firm association history (for example firms you claim to have worked with, confirmation status from those firms, start and end dates, job titles, contact and correspondence details), purchases or orders made by you, your interests, preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
  • System and Application Access Data: information required accessing systems and applications such as System ID, LAN ID, email account, instant messaging account, employee ID, system passwords, employee role and electronic content produced by individuals using Broker ID systems.
  • Customer Service Interactions: responses to voluntary surveys and recordings of telephone calls with customer service and other representatives.

“Information that we collect indirectly”

  • When any of our customers apply for a product, the law requires the lender to check their identity. This makes it harder for criminals to use financial systems, or to use false names and addresses to steal the identities of innocent people. Checking everyone's identity is an important way of fighting money laundering and other criminal activities.
  • To confirm that you are who you say you are, we will try to verify your name and address by checking your details against databases held by credit reference agencies and the electoral roll. Alternatively, we may ask you to provide us with other documents to confirm these details or use technologies such as biometric ID verification to complete the checks. This does not affect your credit history or status.
  • If you are a joint mortgage applicant, we will record any information you give us about any other persons who are joined to the application.

How will we use your information?

  • Our core business is providing mortgage management software on behalf of mortgage brokers. This involves searching a lender’s products to find the mortgage that best matches applicant profiles. We will complete this activity by using the information that you provide to us. Our software supports the application process. To do so we pass documentation and other data provided by you to the broker. Where applicable, we use your information to provide personalised reminders for mortgage renewal.
  • Burrow will also use your information to manage your account and any application that you have consented for us to make as well as comply with any regulatory obligations that we are required to complete.
  • If you are a pre-existing customer, we may use information that we have previously collected to pre-fill forms when you apply for a new product. Please check that these details are accurate and up to date.
  • We work with partner services such as Experian to enable us to pre-populate our on-line data collection forms with information about you that is publicly available from accessible sources.
  • If you have taken out either a mortgage or an insurance product through our partner broker, we will contact you when your product is coming to an end to ensure that you are protected and can access the best rates on a new deal. If you do not want us to do this, you can ask your broker to disable renewal alerts to you.
  • We may contact you to conduct market research. We occasionally run promotions, competitions and prize draws but if we ask you for your contact details, we will ensure these are not used for marketing unless you are happy to consent to that separately.

“Who we will share your data with”

  • Burrow will also share your data with suppliers such as Customer Relationship Management systems providers that may be used by our partner brokers, and providers of data and verification services such as identity checking.
  • Suppliers who process your data on our behalf, for example development testing. We have written contracts in place with our suppliers which require them to process your data only in accordance with our instructions.
  • Burrow or our partner brokers may use your information to contact you about your enquiry. We may provide reminders and notifications regarding the progress of your mortgage journey.
  • To help us target audiences more accurately online we share information with organisations such as Experian, who provide third party data services, and publishers such as Facebook. Where we do so we make sure that those third-party organisations cannot use our customers personal data to enrich their own data. Any online advertising platforms we use will enable you to control direct marketing via their privacy settings. We also profile the information we collect from clients to help us improve the customer journey.
  • Mortgage brokers are data controllers in their own right and have their own privacy notices as applicable. We encourage you to obtain a copy and read their privacy policy.
  • If you have opened an account or policy with another organisation that we introduced you to, you will need to contact them separately to update your information.
  • Brokers may automatically profile your information against lending criteria and against Credit Reference Agencies as soon as your information is forwarded to them. Please be aware that this may affect your credit score. We will always bring this to your attention as part of the process if this is completed within the Burrow journey. If it occurs during your consultation with the lender directly, then Burrow is unable to provide any warnings.
  • If we have already gained your consent to do so, we will share your personal data with selected partners who may be able to offer you a mortgage and other related financial and non-financial products and service providers such as insurance, conveyancing and estate agents.
  • If you no longer wish to share your data with any of these organisations you can withdraw your consent at any time by updating your preferences, or contacting us here: compliance@letsburrow.com

“International Transfers”

  • As a UK based company, all the personal information we process is protected by the data protection laws of the UK and the GDPR.
  • We will not store any of your personal information outside of the European Economic Area (EEA).
  • Some of our Suppliers may process your Personal Data outside of the EEA. Where this happens, we ensure that any transfers comply with applicable data protection laws and that your data will be protected to the highest possible standard.

“Money Laundering and preventing and detecting unlawful acts”

  • Burrow is required by law to submit a Suspicious Activity Report to the National Crime Agency whenever an act of money laundering or fraud is detected. The law also permits us to report suspected crime to the appropriate authorities.
  • We are also required to disclose personal data where required to do so by law or by the order of a court.
  • We have discretion to disclose personal data where this is in the public interest.

How we will store your personal information

  • All information we process is encrypted in transit so that your personal and financial information is secure. For example, where you share information with us online or we forward this to other organisations online we use HTTPS. Where you create an online account with us you will need to supply a username and password. To protect your account, we will encourage you to use a strong password and have implemented two factor authentications.
  • We have put in place appropriate security measures to prevent your personal data from being accidently lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
  • We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long will Burrow store your information?

  • Burrow will store your information for up to two years from your last login or interaction with the service. At the end of those two years, you will receive a series of email alerts asking whether you would like to retain your account. If you do not respond affirmatively, your account and all the data input and uploaded within will be deleted permanently.

Cookies

  • Cookies are small text files that gather information about a user’s use of the website. This enables us to recognise you as an existing customer when you return and helps you get the best out of your visit to our site. We will only use cookies that process your personal data if you have knowingly and willingly provided your consent for us to do so.
  • Some cookies are set by our third-party service providers. We set out below how and why we/our third-party providers use cookies.
  • For more information on cookies, please visit: http://www.allaboutcookies.org

Persistent cookies

These are used to provide aggregated statistics on visitors to our site and their browsing behaviours.

  • Fullstory: set by Fullstory to provide product analytics
  • Google analytics (ga, gid): Google Analytics mainly uses first-party cookies to report on visitor (aka. user) interactions on Google Analytics customers’ websites. Users may disable cookies or delete any individual cookie.
  • Mixpanel: Used for analysing the usage of Burrow’s site.

Session cookies

These are used to enable certain functions of the service and make accessing the site more convenient as it remembers your previous visit and personalises and stores your preferences.

What legal grounds will we rely on when we handle your personal data?

Under the GDPR, all firms must have a legal basis for processing personal data. There are six primary ways that this processing can be deemed to be lawful:

  • Consent
  • Contract
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interests

Burrow does not process any ‘special category’ personal data as defined here. We rely on the following conditions for our activities:

Consent

Burrow will act as an intermediary for the majority of its business, and in doing so does not create a direct contract with those using its service.

We will instead always ask for your consent to use the information that you provide us with. This is particularly true for:

  • Where we need information to provide you with additional services or features
  • Marketing: To let you know about products, services and offers, or where we think that you may
  • directly benefit from your details being shared for a purpose relevant to your application

Legitimate Interests

Burrow may also rely on the ‘legitimate interest’ base. Under the GDPR, firms are allowed to use data in a way that the individual might reasonably expect, where this has a minimal privacy impact or where there is a compelling justification for doing so. If Burrow has not already gained your explicit consent for a data processing activity, but these conditions have been met, then we may do so if we believe that you would benefit from the action.

Complying with a legal obligation or Public Interest Task

Where required, Burrow will report fraud and other suspected crimes to the appropriate authorities, which includes suspicion of terrorist financing or money laundering.

Your information rights

All individuals are protected by a number of rights, as described under the GDPR. Not all will apply in all circumstances.

“Data Controllers and Processors”

Burrow and our partner brokers are Data Controllers in their own right. Data collected from you can exist within the Burrow service as well as the partner lenders. In order to exercise your information rights, you would have to treat the two services as independent and contact them separately.

Where you need to contact the partner broker to exercise these rights, you may do so using the relevant broker’s email address.

You have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us to continuing to process it.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something which makes you want to object to our processing. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have a legitimate ground to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data. This is not an absolute right and only applies in certain circumstances

“Complaints”

If you have a compliant, please contact Burrow via compliance@letsburrow.com

Please include your name and address, a contact telephone number, the email address you signed up with, and details of why you are unhappy. If we do not have enough information to investigate your complaint we may contact you to ask for further information.

We will investigate your complaint promptly and will respond to you as soon as we can.

You also have the right to lodge a complaint about any aspect of how we are handling your data with the UK Information Commissioner’s Office, contactable at www.ico.org.uk