Last updated: 2020-08-13
Acre strongly believes in personal control of data. Our business and technology is designed around ensuring security and individual control over how your data is used in the home buying and insurance journeys. We believe that you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. We want to empower you to make the right decisions about the information that you share with us. This policy explains what information we collect, how we use it, and your rights with respect to your personal data. In summary Acre will:
If you have questions or concerns about your personal data, you can contact our Data Protection Officer by email at dpo@acresoftware.com.
Acre and its group companies provide services and solutions to Financial Advisors and Financial Service Providers to help them serve end customers who are buying a home, or insurance to protect themselves and their assets.
Acre will typically act as a joint data controller with your Financial Advisor(s) and/or Financial Service provider(s). The basis and manner in which they will process your personal data will be set out in a separate Data Privacy notice, available from them or accessible through your Acre Client Portal (https:///xxxx).
In some cases, Acre acts only as a data processor for your Financial Advisor and/or Financial Service Provider, in these cases your legal rights will lie solely with your Financial Advisor. If you contact Acre and we are acting only as a data processor, we will advise you how to pass on your query to the organisation responsible for your data.
In the course of your use of the Acre Client Portal, or through your relationship with your Financial Advisor and/or Financial Service provider, and in the course of providing you with access to Acre systems, and in providing systems to your Financial Advisor and/or Financial Service provider we may collect the following personal information, either from you directly or from third parties.
The third parties from whom we collect may data include:
You data may be converted into anonymised and/or aggregated data which cannot be used to identify you for the purpose of analysis, research and reporting.
Acre may collect data from Credit Reference Agencies for one of two purposes:
In order to validate your identity and/or residential address, Financial Advisors or Acre may carry out what is known as an Enquiry Search. This is not visible to lenders and does not impact your credit score.
When your Financial Advisor or Acre obtains quotations for certain financial service products on your behalf, the lender or product provider may carry out an Enquiry Search as part of the quotation process. This is not visible to lenders and does not impact your credit score.
Separately, as part of the application for financial services, lenders or other product providers may carry out what is known as Application (or “hard”) Search. A small number of Mortgage Lenders may also carry out an Application Search for a decision-in-principle, however the majority will only carry out an Enquiry Search. These searches will be governed by the Financial Services Provider offering the products for which you are applying.
Audit searches are left whenever you check your own Credit Report and can only seen by yourself, Credit Reference Agencies and those you explicitly choose to share this information with (e.g. your Financial Advisor). Lenders and other product providers will not be aware of this search and it will not impact your credit score or ability to obtain credit.
Enquiry searches (also known as quotation or soft searches) are commonly carried out to verify your personal details, including name, date of birth and address history. This type of search won’t show your financial details, and instead only contains public information, such as your electoral roll details and any court judgements.
Like Audit searches, lenders and other product providers will not be aware of this search and it will not impact your credit score or ability to obtain credit.
When your Financial Advisor or Acre obtains quotations for certain financial service products on your behalf, the lender or product provider may carry out an enquiry search as part of the quotation process.
Application searches, also known as hard searches, are carried out when a lender needs to check your credit report in order to make an informed lending decision.
This type of search is visible to any lender, and where you accumulate an unusually high number credit searches over a short period of time this may impact your credit score and your ability to obtain credit.
These searches are visible to lenders for up to two years.
In extreme cases, a large number of applications may also trigger a fraud warning on your credit report, as it may be an indicator of a stolen identity.
Certain data, referred to legally as ‘Special Categories of Data’ and consider more sensitive. This includes data concerning your health, racial or ethnic origin, genetic data and sexual orientation. Data relating to criminal convictions or offences is also subject to additional levels of protection.
In the course of the use of our services by you or by your Financial Adviser and/or Financial Service Provider, we may process:
Our Website uses Google Analytics to help analyse how users use the site. The tool uses specific cookies that collect information about your use of the Website (including IP address), which is then transmitted to Google. This information is then used to evaluate visitors' us of the Website and to compile statistical reports on website activity for us.
We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any of your Personal Information. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any of your Personal Information from any source.
Acre exists to streamline the financial processes associated with buying a home or insurance. Where you already have a relationship with Acre or a Financial Advisor utilising Acre and wish to use the services of another organisation using Acre, we will give you the option of sharing your existing data, as well as any new data processed by Acre with the new organisation in order to reduce the need for you and your Financial Advisor
This will always be done with your consent. If at any time you have questions, you can contact dpo@acresoftware.com.
Rationale / Reason for Processing
Lawful basis
Third-party recipients
Enable your advisor to provide you with their services
Performance of a contract
Your financial advisor
Enable you or your advisor to identify relevant products for your requirements and obtain quotes with respect to those products
Performance of a contract Legitimate interest Consent
iPipeline Limited, an aggregate of insurance quotes Insurance Providers
We will not share your personal data with third parties where we are relying on the legitimate interest basis.
Verify your identity and undertake anti-money laundering checks
Compliance with a legal obligation
Equifax, a credit reference agency and identity verification service provider
To apply for products on your behalf
Performance of a Contract Consent
Mortgage Lenders Insurance Providers iPipeline Limited, an aggregate of insurance quotes
To obtain your credit history to inform you and your financial advisor, so you / they can identify appropriate financial products
Consent
Your financial advisor
Your financial advisor
Consent
Equifax, a credit reference agency and identity verification service provider
To refer you to third-party advisers or service providers
Your financial advisor
The relevant third-party adviser or service provider
Provide status updates to third-parties who may have referred you to a Financial Advisor
Performance of a Contract Consent (as given to the third-party when they referred you)
Our external solicitors
To retain records in accordance with regulatory obligations
Compliance with a legal obligation.
to detect, prevent and investigate fraudulent applications for products, to undertake investigations into allegations of misconduct and/or criminal offences and to notify the relevant authorities of any suspicious activity following an investigation undertaken by us into allegations of misconduct and/or criminal offences
Compliance with a legal obligation. Legitimate Interest (We have a legitimate interest in protecting ourselves, other parties and the financial services industry more widely in detecting, preventing and investigating financial crime and/or misconduct.)
The Financial Conduct Authority
Lenders & Product Providers
Financial Advisors National Crime Agency
Police
HMRC
to evidence satisfaction of any request made by you in accordance with your rights under data protection regulation
Compliance with a legal obligation
ICO
to identify any commission or fee payments due to an adviser as a result of the service they have provided to you
Performance of a Contract
Your financial advisor
To analyse the performance of our systems and our services
Legitimate Interest
We use an automated decision making system to make automated decisions based on personal information we have about you. This helps us to make sure our decisions are quick and fair, based on what we know.
Identity verification. We use an automated decision making system to verify the details you provide against those held by third party providers. If you do not pass the check using the automated system, if you do no pass the automated system, we or your Financial Advisor will need to take additional steps to verify your identity or order to comply with anti-money laundering regulations. This may require additional documentation from yourself.
Tailored communications. We want to make sure emails that your financial advisor, financial service provider and ourselves send are relevant to you, and so we will use your personal information to choose content you may be more interested in receiving.
Tailored products and services. We may use your information to predict the probability that you may be accepted for a product, or to determine the best order or manner in which to display products to you. Lenders or other product providers may also use personal information we pass to them to make automated decisions. Any such automated decision making will be detailed in the Lender’s Privacy Policy.
You have the right not to be subject to a decision based solely on automated processing, including profiling. We understand that not everyone is comfortable with decisions being left entirely up to machines. If you have any questions about automated decision making by Acre, please contact us via dpo@acresoftware.com
We will only use your information for marketing communications where you have given explicit consent.
You can adjust your preferences, or tell us you don't want to hear from us, at any time. Just use the privacy settings in the Acre Client Portal or click on the unsubscribe links on any marketing message we send you.
We won't pass your details on to any organisations outside the Acre group of companies for their marketing purposes except with your explicit consent. You can find out more in the Sharing your personal data with a Financial Advisor or Financial Services Provider section.
We will keep your personal data for differing period of times based upon it’s nature, the products and services you have taken out and the status of your relationship with ourselves and your financial advisor.
Type of Record
Retention Period
Results of anti-money laundering, identification and verification checks, including assessment of your sanction check information
For as long as we are required/permitted to retain this data based upon legal and regulatory requirements, current 5 years.
Advice and/or product file containing a record of any service provided by your financial advisor or financial service provider.
The lifetime of the related financial service product, plus an additional period where we, your Financial Advisor, or Financial Service Provider reasonable consider there a risk of a claim or compliant related to the product or associated advice.
Your personal details, financial circumstance and financial service
For so long as you have an active relationship with us, a financial advisor or financial service provider utilising the Acre platform or as otherwise required in support of the retention of another type of record.
Health Information
Six months where no related product has been taken out, otherwise the lifetime of the product, plus an additional period where we, your Financial Advisor, or Financial Service Provider reasonable consider there a risk of a claim or compliant related to the product or associated advice.
Records of satisfaction of any request made by you in accordance with your rights under data protection regulation
3 years from the date the request was satisfied.
Records of any commission or fee payments in relationship to services provided to you by either a financial advisor or financial service provider.
7 years or as otherwise required in support of the retention of another type of record.
Fraud or financial crime records
For as long as we reasonable it to be permitted and/or required based upon our legal and regulatory obligation or in the establishment, defense or exercise of a legal claim.
Your data will be stored at all times within the EEA while being processed by Acre. Certain service providers, particular Luther Systems and Amazon Web Services are legally incorporated and have staff based outside the EEA. We use standard contractual clauses to ensure these organisations meet EEA data regulations.
Some of the third-parties we pass information to on your behalf, such as Financial Advisors, Lenders or other Product providers may transfer data outside of the EEA. You should consult their privacy policy for further information.
You have legal rights under data protection legislation with respect to your data.
You have the right to request access to or rectification of your personal data. You also have the right to request the erasure of your data, to object to automated decision making, to understand how your information is kept secure, to restrict its processing and the right to request we transfer your data to another controller.
You can rectify some of your personal data through the use of the Acre Client Portal (https://portal.myac.re) This does not impact your right to exercise your rights in the manner set out below.
Where we are processing your data based upon consent, you have the right to withdraw that consent at any time.
If you have any questions about this policy, the use of your personal information or want to exercise any of your rights, please contact our Data Protection Officer at dpo@acresoftware.com or write to Data Protection Officer, Acre, Samuel House, 6 St Alban’s Street, St James, London SW1Y 4SQ
Acre has appropriate security measures in place to prevent your personal data from being accidently lost, accessed or stolen. We limit access to you information to those with a genuine business need to access it.
We also have procedures in place to deal with any suspect breach. We will notify you and the appropriate regulatory of any security breach that has resulted in the unauthorised access of your data, or where we are otherwise required by law to do so.
If you are not happy with the way we are handling your information, you have a right to lodge a complaint with the Information Commissioners Office (www.ico.org.uk). We want you to be happy with our usage of your data, and ask that you please contact us to allow us to attempt to resolve any issues or concerns before contacting the ICO.