14 April 2025

1. Who we are
   You are being given this notice as your information is being shared with Gable Mortgages LTD (company number 14649239) and Gable Mortgages (a trading style of Gemini Consultants Limited, a company; (i) registered in England and Wales with company number 02088382, and (ii) authorised and regulated by the Financial Conduct Authority (FCA registration number 311479). Gable Mortgages is the lender and Gable Mortgages LTD is providing administrative support and, through its software platform, assisting with the progression of your mortgage application through to completion.

Gable Mortgages LTD and Gable Mortgages are both a “Data Controller” of any personal data you provide or is collected from you under the applicable privacy notice.

The Gable Mortgages privacy notice is available here setting out how Gable Mortgages will use the data you are sharing.

Details of Gable Mortgages LTD and how we will use your data are set out below.

If you have questions regarding the way your data is being used, please see the contact details below or the contact details at the end of the Gable Mortgages LTD privacy notice for information about who to email for help and assistance.

Gable Mortgages LTD is a company registered in England and Wales with company number 14649239. In this notice, any reference to ‘we’, ‘us’, or ‘our’ are references to Gable Mortgages LTD.

‘Personal information’ meaning any information about a living individual who can be identified from that information, either by itself or when it is combined with other information.

We respect our customers’ rights to privacy and to the protection of their personal information. This notice provides information regarding how we use your information, who we share it with, the circumstances under which we share it and what steps we take to protect it. If you have any questions about this privacy notice or how we use your information, you can get in touch by email or by writing us at:

Data Champion      : Okan Gezgen – Gable Mortgages LTD
Address                     : 69 High Street, London, England, N14 6LD
E-mail                        : [email protected]

Your communication will be considered by our dedicated team. If the issue cannot be resolved at this initial stage, we will escalate it to our Data Protection Officer.

Our Data Protection Officer role has been outsourced to:

DPO                            : Evalian Limited
Address                     : West Lodge, Leylands Business Park, Colden Common, Hampshire SO21 1TH.
E-mail                        : [email protected]

2. What personal data do we collect?
   We only collect and process the information that we need. So, if you don’t give us the information we request, we won’t be able to offer you our products and services.

• Personal Identification Data: This includes your name, previous addresses, home address, date of birth, nationality and residence permit details. We may also ask you for copies of documents like your passport or driving licence or ask you to provide us with another visual image to verify your identity.
• Contact Data: This includes your mobile number and email address.
• Financial Data: This includes information about your accounts and transactions. For example, details of your savings and wealth, proof of your income, outgoings, credit and borrowing history, card payment details and bank details. We will also collect information about others you are financially linked to.
• Family, Lifestyle and Social Data: This includes marital status, next of kin and dependants. We use this to understand your circumstances and needs and to assess the suitability of products and services you have or apply for with us.
• Employment Data: This includes your employment details including your position, employer address, time at the employment and income from your employment.
• Property Data: Property details and occupancy status, for example, current and previous properties you have lived at, other properties you own, whether you are an owner, tenant or living with parents. Details of the property you would like to purchase including address, price and all other features of it.
• Technical Data: We will record information about how you access and use our website. Details include your IP address, your location and the device and software you’re using.
• Marketing and Communications Data: This includes your preferences in receiving marketing and communications from us and our third parties.
• Aggregate Data: We collect and process aggregate data. By this we mean, we group together information about our customers in a way that doesn’t identify people specifically, cannot be used for re-identification and is anonymous. We use this aggregate data for a number of business reasons – like market analysis and research, demographic profiling, marketing and advertising and to comply with regulations. If we do connect any aggregate data with information that does identify you, we’ll always treat it as personal data and will use it only in accordance with data protection laws.

 

3. How do we collect your personal data?
   We may collect information directly from you or from others. We collect it when you call us, email us, write to us, complete our online forms, use our website or customer portal or interact with us on social media.

We also collect personal data from other sources such as:

Third party sources
By this we mean fraud prevention agencies, credit reference agencies, other lenders, the Government and their agencies (e.g. HM Revenue & Customs, Financial Conduct Authority, Companies House).

Publicly available sources
This includes the electoral roll, telephone directory and other internet sources.

Other companies that we work with
This could include a surveyor conducting a valuation of your property or a conveyancer or solicitor.

Brokers
If you apply for a mortgage through a broker, we will receive your personal data indirectly from them. If a broker is assisting you with your application for a mortgage, they should provide you with a copy of their own privacy notice explaining how they will process your personal data. If your broker does not provide you with a privacy notice, you should ask to see it. When the broker processes your personal data on our behalf, our privacy notice will apply. Depending on the information you are providing, your broker may also ask for your consent to pass your personal data to us.  If you withdraw your consent for any of our activities, such as direct marketing, you should also inform the broker as you will need to withdraw your consent from them separately to stop receiving their direct marketing.

Marketing / analytical service providers
These are services that help us understand how people use our website and companies that do market research or behaviour analysis.

Others who know you
This could be a joint applicant, other people you’re linked to financially, your employer or accountant.

4. Why do we need your personal data and what do we use it for?
   UK data protection law says that companies can’t use your personal data without having a legal reason for using it. This reason is called a “lawful basis”. Here are the lawful bases we rely on, and what they mean:

• Contract performance – We need your information to provide you with our product and service.
• Legal obligation – The law requires us to process your information. For example, we need proof of your identity to meet our fraud prevention and anti-money laundering responsibilities.
• Legitimate interest – The law allows us to use your information if it is in the legitimate interest of our business. We will always check that on balance, the benefits to us or our partners are not outweighed by your interests, rights or freedoms. An example of a legitimate interest we have for processing your personal data might be to try to improve our products and services.
• Consent – By consent we mean that you’ve explicitly confirmed that you are happy for us to use your personal data for a specific reason. For example, if you tell us you’re happy to receive marketing from us. Whenever ‘consent’ is the only reason for us using the information, you have the right to change your mind and change or withdraw your consent at any time. Please note that in some cases this might mean that we cannot provide the service you have requested where we need to use information on the basis of your consent. You have the right to withdraw consent to marketing at any time by contacting us.
• Vital interests – If we need to process your personal data if we think it is necessary to protect someone’s life.

Purposes for which we will use your personal data
We have set out below, in a table format, a more detailed description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity	Type of personal data we use	Lawful basis for processing including legitimate interest
To deliver and improve our products and services and to support our operations	a) Personal Identification Data b) Contact Data c) Financial Data d) Family, Lifestyle and Social Data e) Employment Data f) Property Data g) Technical Data	(a) Performance of a contract with you (b) Necessary for our legitimate interests
To use data analytics to improve our website, products and services, marketing, customer relationships and experiences	a) Technical Data	(a) Necessary for our legitimate interests
To comply with any law or regulation or prevent financial crime and the funding of terrorism.	a) Personal Identification Data b) Contact Data c) Financial Data d) Family, Lifestyle and Social Data e) Employment Data f) Property Data g) Technical Data	(a) Legal obligations (b) Necessary for our legitimate interests (c) Performance of a contract with you
To enable you to receive our mailing and marketing services. This includes: New products we’re launching or other products we offer that you may find interesting. Other products from our partners that you may find interesting – we’ll only do this if you provide your consent. And we only want to send you things you might like. So we might use your profile or technical information to help us with this.	a) Personal Identification Data b) Contact Data c) Marketing and Communications Data d) Technical Data	(a) Necessary for our legitimate interests. (b) You have given us consent.

 

Fair Processing Notice

1. Before we provide services, goods or financing to you, we undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
2. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and money laundering, and to verify your identity.
3. Details of the personal information that will be processed include, for example: name, address, date of birth, contact details, financial information, employment details, device identifiers including IP address and vehicle details.
4. We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
5. We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
6. Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
7. As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision making: if you want to know more please contact us using the details in this Privacy Notice.
8. If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
9. A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
10. Fraud prevention agencies may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then the fraud prevention agencies will ensure your data continues to be protected by ensuring appropriate safeguards are in place.
11. Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data, request that your personal data is erased or corrected, and request access to your personal data.
12. For more information or to exercise your data protection rights, please contact us using the contact details above.
13. You also have a right to complain to the Information Commissioner’s Office, which regulates the processing of personal data.

 

Marketing – Opting Out
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.

Automated Decision Making
This section explains what automated decision-making is, and the circumstances when it may take place.

We may automatically process your personal data, without human intervention, to evaluate certain personal aspects about you (known as profiling).

In particular, we may analyse or predict (among other things) your economic situation, personal preferences, interests or behaviour. This could mean that automated decisions are made about you using your personal information.

We might also us an automated underwriting engine. The automated underwriting engine will use information including personal information that you provide as well as other information about you held by us, the mortgage lender and other parties that form part of mortgage processing. Where the mortgage lender is carrying out any automated decision making it will do so on the basis that is necessary in order for the mortgage lender to enter into the mortgage contract with you. You have the right to contest that decision, express your point of view and ask for a human review. Where we carry out any automated decision making for your mortgage product, we’ll ask for your consent during the application process to allow us to do so. You may withdraw your consent at any time.

Rights in relation to some automated decision-making about you, including profiling (as relevant) if this has a legal or other significant effect on you as an individual. This right allows individuals, in certain circumstances, to access certain safeguards against the risk that a potentially damaging decision is taken without human intervention.

5. Who do we share your personal data with?
   When using your information, we might share it with third parties. If we do, we make sure they undertake to keep it confidential, safe and secure just like we do. These third parties can’t just use your information for any reason – it has to be for a specific purpose and in the way we tell them to. We have written contracts in place with such third parties to make sure of this.

Here’s more details about the third parties we might share your data with:

Our partners & service providers
We work with a number of third-party service providers to help run our business and provide you with our services and products. These include anyone we might work with to provide our services and products. Such as, solicitors, conveyancers, surveyors, valuers and panel managers.

We will also share your personal data with brokers acting on your behalf, to progress your application for a product through them. Unless you tell us not to, we may also share details with your broker in the future. We do this to enable them to contact you to do a periodic customer review.

It also includes third parties like our IT and system providers, cloud hosting companies, payment service providers, security partners, legal and accounting firms, insurance companies, financial auditors, property valuation firms and advertising and market research companies.

Approving credit
We use a system to decide whether to lend money to you apply for credit. This is called credit scoring. It uses past data to assess how you’re likely to act while paying back any money you borrow. This includes data about accounts you may have had before. Credit scoring will take account of information you provide on your application, information provided by credit reference agencies and information already held on our system. If you submit an application and it is declined through this process, you can contact us within 14 days to have the decision reviewed.

Credit Reference Agencies (CRAs)
We carry out credit checks when you apply for credit. We may use Credit Reference Agencies to help us with this. Your loan application will be registered on your credit report under the name Gemini Consultants Limited. We are presently working with Experian and Perfect Data Solutions Limited (trading as Lending Metrics). We will undertake a search with at least one of the agencies when you apply for credit thereby reviewing your credit records as well as anyone financially associated with you. The agency will keep a record of this search and place a “footprint” on your file, whether or not your application proceeds. Once you take a loan product with us, we will report regularly to the CRAs on your payment history.

We will share your personal information with CRAs, and they will give us information about you.

The data we exchange can include:

• Name, address and date of birth.
• Credit application.
• Details of any shared credit.
• Financial situation and history.
• Public information, from sources such as the electoral register and Companies House.

We’ll use this data to:

• Assess whether you are able to afford to make repayments.
• Make sure what you’ve told us is true and correct.
• Help detect and prevent financial crime.
• Manage accounts with us.
• Trace and recover debts.
• Make sure that we tell you about relevant offers.
• Inform you about new services and changes.

We will go on sharing your personal information with CRAs for as long as you are a customer. This will include details of your repayments and whether you repay in full and on time. The CRAs may give this information to other organisations that want to check credit status. We will also tell the CRAs when you settle your accounts with us.

If you are making a joint application or there is an indication that you have a spouse or financial associate, we will link your records together, so you should make sure you discuss this with them, and share with them this information, before lodging the application. CRAs will also link your records together and these links will remain on your and their files until you or your partner successfully files for a disassociation with the CRAs to break that link.

When we ask CRAs about you, they will note it on your credit file. This is called a credit search. Other lenders may see this, and we may see credit searches from other lenders.

Credit Reference Agency Information Notice (CRAIN)
The CRAIN outlines the methods of using and exchanging personal data by the three primary credit reference agencies in the UK. You can find out more about the CRAs on their websites, in the CRAIN. This includes details about:

• Who they are
• Their role as fraud prevention agencies
• The data they hold and how they use it
• How they share personal information
• How long they can keep your data

The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:

• Experian: https://www.experian.co.uk/
• TransUnion: https://www.transunion.co.uk/
• Equifax: www.equifax.co.uk/crain
• Perfect Data Solutions Limited: www.lendingmetrics.com

You can contact Lending Metrics at Lancaster Court, 1650 Parkway, Fareham, PO15 7AH in writing to request the information that they hold about you (please note, a small statutory fee may be payable).

Fraud prevention agencies (FPAs)
We will share the personal data we collect from you or others with fraud prevention agencies. They will use it to verify your identity and prevent fraud and money-laundering.

If unlawful activity such as fraud or money laundering is identified, this will be recorded, and we may pass these details to fraud prevention agencies.

If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these FPAs, and your data protection rights, can be found via CIFAS.

If you are deemed to pose a fraud or money laundering risk, FPAs may hold your personal information for up to six years.

Government agencies & regulatory bodies
We will use your information to comply with the law and to protect ourselves, our customers and others. Where required, we will share information to respond to a court order or other lawful request from a public authority. This includes Government and regulatory bodies such as HMRC, the Financial Conduct Authority, the Financial Ombudsman Service and the Information Commissioner’s Office.

Anyone who funds us, buys us or merges with us
We may have to share personal data with any person or legal entity who we sell or transfer (or anyone we have discussions with about this) all or part of our business to. This also includes transferring any of our rights or obligations under any agreement we have with you.

6. Do we transfer your personal data outside of the UK?
   We are based in the UK but some of our service providers are located elsewhere. This means we may transfer your personal data outside the UK. If your personal data is being processed in Europe or other parts of the European Economic Area (“EEA”) then it is protected in the same way as it is in the UK. If we transfer your personal data outside of the EEA we’ll take all reasonable steps necessary to make sure it is protected to UK standards. The measures and safeguards we have in place include conducting strict security checks and having appropriate legal contracts in place. Please contact us if you would like more information about the specific safeguards applied to the transfer of your personal data.

7. How do we keep your personal data safe?
   While no transfer of data (including over the internet or any website) can be guaranteed to be secure, we do everything we can to protect your personal data. Firstly, we make sure all our staff receive data protection training and support and that access to your personal data is on a strictly need to know basis.

We’ve put robust security systems and processes in place to protect your personal data. We use layered security controls, like firewalls, to make sure that your personal data isn’t accidentally lost, used, accessed, changed or shared in an unauthorised way. For example, we always encrypt your personal data in line with industry best practice. We do this both when we store and whenever we transfer your personal data.

8. How long do we keep your personal data for?
   We’ll only keep your personal data for as long as we need it to do the things we collected it for (see section 4) or where laws and regulations tell us we need to keep it for a specific amount of time.

If you do choose to receive marketing from us, we will keep your personal data for our potential products and will automatically delete your personal data after a period of 24 months if you do not engage with us, unless you tell us otherwise. Don’t forget you can change your mind and withdraw your consent to marketing at any time.

You have the right to ask us to delete your personal data but sometimes laws or regulations tell us we have to wait a certain amount of time before we can. If we have to wait, or if we can’t delete your personal data, we’ll let you know why. See Section 9 for more information about your legal rights.

9. What are your legal rights?
   When it comes to your personal data, you have various rights. However, some of these rights only apply in certain circumstances or to certain information. We’ve explained more about each of your rights under the individual headings below.

If you want to talk to us about your rights, or make a request just get in touch by emailing or writing us at

Data Champion        : OKAN GEZGEN
Address                     : 69 High Street, London, England, N14 6LD
E-mail                        : [email protected]

Your communication will be considered by our dedicated team. If the issue cannot be resolved at this initial stage, we will escalate it to our Data Protection Officer.

Our Data Protection Officer role has been outsourced to:

DPO                            : Evalian Limited
Address                     : West Lodge, Leylands Business Park, Colden Common, Hampshire SO21 1TH.
E-mail                        : [email protected]

You are not required to pay any fee for exercising your rights (subject to certain exceptions) and we will always aim to respond to your request within one month.

The right to be informed
You have the right to know what information we hold about you, why we have it, how we use and share it and how long we keep it for. This is one of the main reasons we have this privacy notice. To simply explain how we collect and use your personal data.

The right to object
We’ve explained in Section 2 and 4 about what data we collect from you and our reasons. In certain circumstances, you can ask us to stop processing your personal data. For example, if the reason we’re using your personal data is for marketing purposes. There are situations where we’re not able to stop processing your personal data and we will always tell you why we can’t.

You can opt out of receiving marketing communications from us at any time by clicking the unsubscribe link in any email you’ve received from us or by emailing us at [email protected].

The right of access
You have the right to ask us to confirm whether we are processing your personal data and to receive a copy of the personal data we hold about you (along with certain other details). This is commonly known as a “subject access request.”

The right to correct any errors
If any of the personal data we hold about you is incorrect or out of date, you can ask us to correct it. You also have the right to ask us to complete information you think is incomplete.

The right to deletion
You can ask us to delete your personal data (also known as “the right to be forgotten”) if:

• We no longer need it for the original reason we collected it for.
• We only hold and use your personal data because you gave us your consent, which you have now withdrawn.
• You object to us processing your personal data, and we no longer have a legitimate interest to continue processing it.
• You change your mind about receiving direct marketing from us.
• We have collected or been using your information unlawfully.
• We have a legal obligation to erase your information.

Sometimes, we might not be able to delete your personal data. This is because there are certain laws and regulations that tell us how long we have to keep some information for. If we can’t delete it, we will tell you the reasons why when we respond to your request.

The right to restrict processing
In some situations, you have the right to ask us to limit the way we use your information. You can ask us to do this if:

• You have asked us to correct the personal data we hold about you and you don’t want us to process it until we’ve sorted it out.
• We have been using your information unlawfully, but you don’t want us to delete it.
• We no longer need your information, but you want us to keep it in order to create, exercise or defend legal claims.
• You have objected to how we use your information, and we are still dealing with this.

The right to data portability
You have the right, in certain circumstances, to ask that we transfer any information you gave us from one organisation to another or give it to you.

The right to challenge any automated decision
Sometimes we use computers to make decisions without humans being involved. You have the right to challenge an automated decision and can ask us to get someone to review these decisions if they have had a serious impact on you or your legal rights.

10. How will we keep you up to date?
    We last updated this privacy notice on 14 April 2025. We’ll update this notice any time we make changes affecting how we use your information. We’ll let you know about any significant changes to this privacy notice, usually by email or text message. And we’ll highlight the changes we make so that you can clearly see them. If you need to see an older version, you can also find these linked at the bottom of this page.

11. Third party links and services
    This privacy notice does not apply to your interaction with any other third parties and applies solely to personal data processed by us through your use of our website, your receipt of our services and/or in connection with our business operations. When you use a link to go from our website or you request a service from another third party service provider, this privacy notice shall not apply to the processing of your personal data carried out by the relevant third party service provider. Your browsing and interactions on any other websites, or your dealings with any third party service provider, is subject to that website’s or third party service provider’s own rules and policies.

12. What if you need to complain?
    If you’re unhappy about how we’re using your information, please get in touch. We’ll investigate and get back to you as soon as we can. You can make a complaint by:

Emailing or writing to us at:

Data Champion      : OKAN GEZGEN
Address                     : 69 High Street, London, England, N14 6LD
E-mail                        : [email protected]

Your communication will be considered by our dedicated team. If the issue cannot be resolved at this initial stage, we will escalate it to our Data Protection Officer.

Our Data Protection Officer role has been outsourced to:

DPO                            : Evalian Limited
Address                     : West Lodge, Leylands Business Park, Colden Common, Hampshire SO21 1TH.
E-mail                        : [email protected]

We would really like the chance to help you first, but you do have the right to complain at any time to the Information Commissioner’s Office (“ICO”). The ICO is the UK data protection regulator. For more information and their contact details please visit: ico.org.uk/make-a-complaint.