Privacy policy

Last updated: 2020-08-13

Acre strongly believes in personal control of data. Our business and technology is designed around ensuring security and individual control over how your data is used in the home buying and insurance journeys. We believe that you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. We want to empower you to make the right decisions about the information that you share with us. This policy explains what information we collect, how we use it, and your rights with respect to your personal data. In summary Acre will:

  • Always keep your personal data safe and private
  • Never sell your personal data
  • Allow you to control which companies can access your personal data
  • Subject to law and regulation, allow you to correct and delete your personal data
  • Allow you to manage and review your marketing choices at any time

If you have questions or concerns about your personal data, you can contact our Data Protection Officer by email at dpo@acresoftware.com.

Who are Acre?

Acre and its group companies provide services and solutions to Financial Advisors and Financial Service Providers to help them serve end customers who are buying a home, or insurance to protect themselves and their assets.  

Acre will typically act as a joint data controller with your Financial Advisor(s) and/or Financial Service provider(s).  The basis and manner in which they will process your personal data will be set out in a separate Data Privacy notice, available from them or accessible through your Acre Client Portal (https://portal.myac.re).

In some cases, Acre acts only as a data processor for your Financial Advisor and/or Financial Service Provider, in these cases your legal rights will lie solely with your Financial Advisor.  If you contact Acre and we are acting only as a data processor, we will advise you how to pass on your query to the organisation responsible for your data.

The personal data we collect and use

In the course of your use of the Acre Client Portal, or through your relationship with your Financial Advisor and/or Financial Service provider, and in the course of providing you with access to Acre systems, and in providing systems to your Financial Advisor and/or Financial Service provider we may collect the following personal information, either from you directly or from third parties.

  • your name, address and date of birth
  • contact information, including phone numbers and e-mail.
  • employment and income information
  • identity documents
  • financial information, including bank account details, outgoings, assets, property ownership, financial products and other credit commitments
  • financial associations, e.g. joint account holders, common property owners and residents
  • health information
  • data about criminal convictions or offences
  • details of any vulnerability
  • details of your dependents and/or beneficiaries under a policy
  • technical information about any device used to access our systems

The third parties from whom we collect may data include:

  • Credit Reference agencies and other financial and fraud prevention databases
  • Your Financial Advisor and/or Financial Service Provider
  • Your Bank or providers of other financial services
  • Publicly available information sources for fraud management
  • Your current insurer(s)

You data may be converted into anonymised and/or aggregated data which cannot be used to identify you for the purpose of analysis, research and reporting.  

Data obtained from Credit Reference Agencies

Acre may collect data from Credit Reference Agencies for one of two purposes:

  • Validating your identity in accordance with anti-money laundering obligations
  • Providing you and your Financial Advisor with information about your credit history so they can identify the correct products for your needs and situation.

In order to validate your identity and/or residential address, Financial Advisors or Acre may carry out what is known as an Enquiry Search. This is not visible to lenders and does not impact your credit score.

When your Financial Advisor or Acre obtains quotations for certain financial service products on your behalf, the lender or product provider may carry out an Enquiry Search as part of the quotation process.  This is not visible to lenders and does not impact your credit score.  

Separately, as part of the application for financial services, lenders or other product providers may carry out what is known as Application (or “hard”) Search.  A small number of Mortgage Lenders may also carry out an Application Search for a decision-in-principle, however the majority will only carry out an Enquiry Search. These searches will be governed by the Financial Services Provider offering the products for which you are applying.

Audit searches

Audit searches are left whenever you check your own Credit Report and can only seen by yourself, Credit Reference Agencies and those you explicitly choose to share this information with (e.g. your Financial Advisor). Lenders and other product providers will not be aware of this search and it will not impact your credit score or ability to obtain credit.

Enquiry searches

Enquiry searches (also known as quotation or soft searches) are commonly carried out to verify your personal details, including name, date of birth and address history. This type of search won’t show your financial details, and instead only contains public information, such as your electoral roll details and any court judgements.

Like Audit searches, lenders and other product providers will not be aware of this search and it will not impact your credit score or ability to obtain credit.

When your Financial Advisor or Acre obtains quotations for certain financial service products on your behalf, the lender or product provider may carry out an enquiry search as part of the quotation process.  

Application Searches

Application searches, also known as hard searches, are carried out when a lender needs to check your credit report in order to make an informed lending decision.  

This type of search is visible to any lender, and where you accumulate an unusually high number credit searches over a short period of time this may impact your credit score and your ability to obtain credit.

These searches are visible to lenders for up to two years.

In extreme cases, a large number of applications may also trigger a fraud warning on your credit report, as it may be an indicator of a stolen identity.

Highly Sensitive Data we collect and use

Certain data, referred to legally as ‘Special Categories of Data’ and consider more sensitive. This includes data concerning your health, racial or ethnic origin, genetic data and sexual orientation. Data relating to criminal convictions or offences is also subject to additional levels of protection.  

In the course of the use of our services by you or by your Financial Adviser and/or Financial Service Provider, we may process:

  • Health information, provided by you to either us, your financial adviser and/or your financial service provider as part of any advice or application for life, health, income protection or related insurances products.  We do this for the purpose of advising on, arranging or administering an insurance contract.
  • Criminal conviction or offence information provided to either us, your financial adviser and/or your financial service provider  

Google Analytics

Our Website uses Google Analytics to help analyse how users use the site. The tool uses specific cookies that collect information about your use of the Website (including IP address), which is then transmitted to Google. This information is then used to evaluate visitors' us of the Website and to compile statistical reports on website activity for us.

We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any of your Personal Information. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any of your Personal Information from any source.

Sharing your personal data with a Financial Advisor or Financial Services Provider

Acre exists to streamline the financial processes associated with buying a home or insurance.  Where you already have a relationship with Acre or a Financial Advisor utilising Acre and wish to use the services of another organisation using Acre, we will give you the option of sharing your existing data, as well as any new data processed by Acre with the new organisation in order to reduce the need for you and your Financial Advisor  

This will always be done with your consent. If at any time you have questions, you can contact dpo@acresoftware.com.

Rationale / Reason for Processing

Lawful basis

Third-party recipients

Enable your advisor to provide you with their services

Performance of a contract

Your financial advisor

Enable you or your advisor to identify relevant products for your requirements and obtain quotes with respect to those products

Performance of a contract Legitimate interest Consent

iPipeline Limited, an aggregate of insurance quotes Insurance Providers

We will not share your personal data with third parties where we are relying on the legitimate interest basis.

Verify your identity and undertake anti-money laundering checks

Compliance with a legal obligation

Equifax, a credit reference agency and identity verification service provider
Onfido, an identity verification service provider

To apply for products on your behalf

Performance of a Contract Consent

Mortgage Lenders
Insurance Providers
iPipeline Limited, an aggregate of insurance quotes
Mortgage Engine, a service provider of electronic DIP and mortgage application services.

To obtain your credit history to inform you and your financial advisor, so you / they can identify appropriate financial products

Consent

Equifax, a credit reference agency and identity verification service provider

To share your details with your Financial Advisor so they can identify appropriate financial products.

Consent

Equifax, a credit reference agency and identity verification service providerYour financial advisor

To refer you to third-party advisers or service providers

Your financial advisor

The relevant third-party adviser or service provider

Provide status updates to third-parties who may have referred you to a Financial Advisor

Performance of a Contract Consent (as given to the third-party when they referred you)

Our external solicitors

To retain records in accordance with regulatory obligations

Compliance with a legal obligation.

to detect, prevent and investigate fraudulent applications for products, to undertake investigations into allegations of misconduct and/or criminal offences and to notify the relevant authorities of any suspicious activity following an investigation undertaken by us into allegations of misconduct and/or criminal offences

Compliance with a legal obligation. Legitimate Interest (We have a legitimate interest in protecting ourselves, other parties and the financial services industry more widely in detecting, preventing and investigating financial crime and/or misconduct.)

The Financial Conduct Authority
Lenders & Product Providers
Financial Advisors  National Crime Agency  
Police  
HMRC

to evidence satisfaction of any request made by you in accordance with your rights under data protection regulation

Compliance with a legal obligation

ICO

to identify any commission or fee payments due to an adviser as a result of the service they have provided to you

Performance of a Contract

Your financial advisor

To analyse the performance of our systems and our services

Legitimate Interest

How we make automated decisions

We use an automated decision making system to make automated decisions based on personal information we have about you. This helps us to make sure our decisions are quick and fair, based on what we know.

Identity verification. We use an automated decision making system to verify the details you provide against those held by third party providers. If you do not pass the check using the automated system, if you do no pass the automated system, we or your Financial Advisor will need to take additional steps to verify your identity or order to comply with anti-money laundering regulations. This may require additional documentation from yourself.

Tailored communications. We want to make sure emails that your financial advisor, financial service provider and ourselves send are relevant to you, and so we will use your personal information to choose content you may be more interested in receiving.

Tailored products and services. We may use your information to predict the probability that you may be accepted for a product, or to determine the best order or manner in which to display products to you. Lenders or other product providers may also use personal information we pass to them to make automated decisions. Any such automated decision making will be detailed in the Lender’s Privacy Policy.  

You have the right not to be subject to a decision based solely on automated processing, including profiling. We understand that not everyone is comfortable with decisions being left entirely up to machines. If you have any questions about automated decision making by Acre, please contact us via dpo@acresoftware.com

How we use your information for marketing

We will only use your information for marketing communications where you have given explicit consent.

You can adjust your preferences, or tell us you don't want to hear from us, at any time. Just use the privacy settings in the Acre Client Portal or click on the unsubscribe links on any marketing message we send you.

We won't pass your details on to any organisations outside the Acre group of companies for their marketing purposes except with your explicit consent. You can find out more in the Sharing your personal data with a Financial Advisor or Financial Services Provider section.

How long we will keep your personal data

We will keep your personal data for differing period of times based upon it’s nature, the products and services you have taken out and the status of your relationship with ourselves and your financial advisor.

Type of Record

Retention Period

Results of anti-money laundering, identification and verification checks, including assessment of your sanction check information

For as long as we are required/permitted to retain this data based upon legal and regulatory requirements, current 5 years.

Advice and/or product file containing a record of any service provided by your financial advisor or financial service provider.

The lifetime of the related financial service product, plus an additional period where we,  your Financial Advisor, or Financial Service Provider reasonable consider there a risk of a claim or compliant related to the product or associated advice.

Your personal details, financial circumstance and financial service

For so long as you have an active relationship with us, a financial advisor or financial service provider utilising the Acre platform or as otherwise required in support of the retention of another type of record.

Health Information

Six months where no related product has been taken out, otherwise the lifetime of the product, plus an additional period where we, your Financial Advisor, or Financial Service Provider reasonable consider there a risk of a claim or compliant related to the product or associated advice.

Records of satisfaction of any request made by you in accordance with your rights under data protection regulation

3 years from the date the request was satisfied.

Records of any commission or fee payments in relationship to services provided to you by either a financial advisor or financial service provider.

7 years or as otherwise required in support of the retention of another type of record.

Fraud or financial crime records

For as long as we reasonable it to be permitted and/or required based upon our legal and regulatory obligation or in the establishment, defense or exercise of a legal claim.

Will we transfer your data outside the EEA?

Your data will be stored at all times within the EEA while being processed by Acre.  Certain service providers, particular Luther Systems and Amazon Web Services are legally incorporated and have staff based outside the EEA.   We use standard contractual clauses to ensure these organisations meet EEA data regulations.

Some of the third-parties we pass information to on your behalf, such as Financial Advisors, Lenders or other Product providers may transfer data outside of the EEA.  You should consult their privacy policy for further information.

What rights do you have with respect to your data?

You have legal rights under data protection legislation with respect to your data.

You have the right to request access to or rectification of your personal data. You also have the right to request the erasure of your data, to object to automated decision making, to understand how your information is kept secure,  to restrict its processing and the right to request we transfer your data to another controller.    

You can rectify some of your personal data through the use of the Acre Client Portal (https://portal.myac.re) This does not impact your right to exercise your rights in the manner set out below.

Where we are processing your data based upon consent, you have the right to withdraw that consent at any time.  

If you have any questions about this policy, the use of your personal information or want to exercise any of your rights, please contact our Data Protection Officer at dpo@acresoftware.com or write to Data Protection Officer, Acre, Samuel House, 6 St Alban’s Street, St James, London SW1Y 4SQ

How we keep your data secure

Acre has appropriate security measures in place to prevent your personal data from being accidently lost, accessed or stolen. We limit access to you information to those with a genuine business need to access it.  

We also have procedures in place to deal with any suspect breach.  We will notify you and the appropriate regulatory of any security breach that has resulted in the unauthorised access of your data, or where we are otherwise required by law to do so.

Who to contact if you are not happy with our handling of your data

If you are not happy with the way we are handling your information, you have a right to lodge a complaint with the Information Commissioners Office (www.ico.org.uk). We want you to be happy with our usage of your data, and ask that you please contact us to allow us to attempt to resolve any issues or concerns before contacting the ICO.