Privacy Policy


Noya Wealth Consulting Ltd (we/us) is registered with the Information Commissioners Office (ICO) for data protection purposes under reference ZA509248.

We are committed to ensuring that your privacy is protected, you can be assured that it will only be used in accordance with this privacy notice. Where you are arranging a product such as an insurance policy on behalf of any other party you must have received their consent to provide their personal data to us and you must show this notice to them. This privacy notice should be read in conjunction with our Financial Services Disclosure.

For the purposes of this notice references to ‘personal data’ or ‘data’ may include both personal data, such as your name, address, date of birth, financial details, employment information, insurance claims history and special categories of data such as information about any unspent criminal convictions or your medical history.

How do we obtain your personal data?

We may obtain your personal data from a variety of sources, usually directly from you, however a third party you have asked to act on your behalf such as a spouse/partner may sometimes provide information where permitted on your behalf. We may also receive data from other sources such as professional advisers (accountants/solicitors) or mortgage or finance lenders or insurers, however, in these cases you will normally be required to give your prior consent to the data being released. We may also receive data from marketing firms where you have given your consent to them passing this to us. Information about you may also be obtained from other relevant sources such as credit reference agencies including Experian, Equifax or Call Credit and in some cases, we may receive data from crime prevention and anti-fraud agencies either directly or through the product providers.

What will we use your personal data for?

We will use your data for advising on and/or arranging home finance products including residential, commercial and buy to let and secured lending such as second charge mortgages and bridging loans (all referred to hereafter as ‘mortgage/s’ for simplicity) and/or insurance products. This may involve providing quotes/illustrations, managing and administering your mortgage or insurance policies, assisting you with any claims, responding to product enquiries, handling complaints or managing outstanding balances.

We may ask you to participate in surveys or feedback that assists us in developing and improving the service we offer. We may use your personal data to keep you informed about other products and services that we have available. Where we have your consent to do so, we may share your data with other carefully selected financial services companies to allow them to contact you about products and services that may be of interest to you. You can withdraw such consent at any time by contacting us using the information in the contact details section or using the ‘unsubscribe’ option in any marketing sent to you.

In order to prevent and detect fraud and other crimes, and to aid in the prosecution of offenders, we may use your personal data to –

  • verify your identity using various credit reference agencies,
  • establish your financial or insurance claim history,
  • confirm that you or anyone applying for products through us does not appear on the HM Treasury Financial Sanctions List,
  • prevent fraud and money laundering

Your personal data may also be used to allow us to fulfil our legal or regulatory responsibilities. This may involve sharing your personal data with authorities such as the Financial Conduct Authority (FCA), HM Revenue and Customs (HMRC), The Information Commissioner’s Office (ICO), police and governmental agencies if requested and required to do so.

If you are unable or unwilling to allow us to use your data in line with this privacy notice, we will be unable to enter into a contractual relationship with you.

Who will we share your personal data with?

We take the security of your personal data very seriously and have a ‘data protection by design’ philosophy for the protection of your privacy. In order to provide our range of products and services to you it is necessary to share your personal data with third parties. We always ensure that the required safeguards are in place before sharing your data outside of our firm. On occasion, it may be necessary to transfer or store all or some of your data outside of the EU, for example if we utilise ‘cloud’ storage systems. We will only do so where we have contractual security that the data will be afforded the same protections as within the EU and the country in which the processor is domiciled affords you these levels of data protection.

The following outlines who we may share your data with and the circumstances in which we would do this:

  • We will pass your personal data to the lender/insurer(s) who underwrites your mortgage/policy and/or their appointed agent(s). Insurers may also share your personal data with any reinsurer(s) they use. Lenders or insurers will be data controllers in addition to us. If you have an insurance claim your personal data may be passed to claims management companies in order to assist with the administration and handling of the claim on your or an insurer’s behalf. Your data may also be passed to various anti-fraud databases for the detection and prevention of insurance fraud. The data you provided will be held on our internal systems and those of our software provider(s) until they are removed in line with our retention policy – as noted below.
  • In order to prevent financial crime and to verify your identity, we and/or the lender/insurer may share your data with various credit reference agencies such as Equifax, Call Credit or Experian.
  • If you were introduced to us via a third party, we may be obliged to inform them that you have purchased a product through us in order to fulfil our contractual obligations to them.
  • Where you have applied for a mortgage or other form of credit the lender will pass your data to various third parties including credit reference agencies, anti-fraud agencies and in some cases HMRC. If you fail to maintain your mortgage repayments as they fall due then they may also inform the credit reference agencies who will record this on your credit file.
  • We may be requested by government or regulatory authorities, such as the police, FCA or HMRC, to provide your personal data to them. If we are under a legal obligation to do so, we may share your data with these government agencies for the purposes of crime and fraud prevention and the apprehension and prosecution of offenders.
  • We will pass your personal data to hospital, specialist, nurse, pharmacist or any other medical practitioners who will provide you the needed medical service. They will be data controllers in addition to us.
  • We may share your personal data with internal or external auditors or professional advisors such as solicitors.
  • We may also share your personal data with anyone named on the insurance policy/mortgage or anyone whom you have authorised to discuss the products on your behalf.
  • If false or inaccurate information is provided or fraud is identified, we may also pass your details to fraud prevention agencies. These and other organisations may access and use this information to prevent fraud and money laundering – for example, when checking details on mortgage applications, insurance proposals and claims for all types of insurance. Other organisations both inside and outside of the UK may also access the information recorded by these fraud prevention agencies for the prevention of crime or other lawful reason. You can contact the lender/insurer directly to find out which fraud prevention agencies they use.
  • We may share your personal data with the Financial Ombudsman Service, if you have referred a complaint to them about the provision, or a failure to provide our services to you.
  • We may share your personal data with debt collection agencies (DCAs) or debt tracing services for the purpose of managing debts and recovering outstanding monies owing if you fail to pay outstanding fees or charges. We may also share your personal data with credit reference agencies in order to assist us in the recovery of outstanding balances or pass your details to the County Courts with a view to recovering any outstanding debt by obtaining a County Court judgement (CCJ) against you. In addition, we may sell the outstanding balance to a debt purchasing company who will then pursue you for repayment.
  • If you have provided your explicit consent, we may also share your personal data with carefully selected third party companies within the financial services sector for the purposes of marketing. You can ask us to remove your consent for this at any time by contacting us – see the ‘Contact us’ section below.
  • We may use carefully selected third party companies to store your data in the cloud or to provide an email platform to allow us to contact you efficiently. In this case we will share your personal data with them to allow us to do this, however in doing so your data will be contractually protected to the same level as it would be with us.
  • In the event that we undergo re-organisation or are sold to a third party any personal data we hold about you may be transferred to the new entity or third party.
  • We may disclose your personal data to a credit or debit card issuer to validate your card details and obtain payment where it is necessary to deliver the products and services bought by you.
  • If the product provider fails we may pass your data to the Financial Services Compensation Scheme to assist them in providing you with any support and assistance that they may be able to offer.

What legal basis do we use for processing your personal data?

We can only process your personal data if we have a legal basis for doing so. It is your right as the subject of this data to be informed what the legal basis is for each type of processing that we undertake.

Contractual performance or activities prior to entering into a contract

We will process your data using this basis for the purposes of providing a mortgage/ insurance quotation, advising and arranging your mortgage/insurance products(s), assisting in the administration your insurance policy(ies), assisting with any claims, responding to complaints and mortgage/policy enquiries, providing medical concierge service. Some personal data types that we need to process are classed as special categories of data as noted above, for example medical conditions, or criminal records data – information relating to unspent criminal or motoring convictions. These categories of data will be processed in accordance with the law on the legal basis that it is necessary for the performance of a contract with you AND such processing is necessary for reasons of substantial public interest.

Legitimate interests

We may also use your personal data for marketing purposes i.e. offering related products to you where we have a legitimate interest in doing so. We will normally seek your consent to marketing as an additional legal basis, but if we do not hold this we may still send you marketing material using legitimate interest alone. You have the right to request that we do not contact you for marketing purposes at any time by contacting us – see the ‘Contact Us’ section below. If you withdraw consent then your interests will override ours and we will be unable to use this legal basis to further process your data, however we may be able to rely on another lawful basis such as contractual performance.

We may use your personal data for the purposes of debt recovery using this basis.


We will only use this as a secondary lawful basis for marketing purposes, as noted above.

How long will we retain your personal data?

If you decide to take a mortgage or policy with us, we will retain your personal data for seven years from when the product is due to end. Most of the agreements that we hold with insurers or lenders require data to be retained for this long.

If your insurance is an employer’s liability policy, we will retain the details of this policy for at least 60 years. This is ensure that the details are available to you should an employee lodge a claim against you far into the future, such as may be the case for an industrial disease where symptoms may not present themselves for many decades.

In any other situations we will retain your personal data for no more than three years from when the requested service is completed or stopped.

What rights do you have in relation to your personal data?

Under data protection legislation you have certain rights in relation to the data we hold about you. We have processes in place that ensure your rights are upheld and that any requests you make in relation to these rights are responded to within the timescales required by law.

The right to be informed

You have the right as a data subject to be informed in a clear and precise manner about the data we hold about you. Within this privacy notice we detail the nature of this data we hold, the reasons we hold it, how this data is used, who we will share this data with, how long we will retain your data and the rights you have in relation to your data. If you require any further information, you can get in touch using the details in the ‘Contact Us’ section.

The right of access

In order to check the legitimacy of the personal data we hold on you, its accuracy and the lawfulness of the processing we undertake, you have the right to request a copy of data we hold about you. You can request this information free of charge using the details below in the ‘Contact Us’ section. We will normally provide the personal data we hold about you within 30 days of you making this request.

The right to rectification

You have the right to ensure that all data we hold on you is both accurate and complete. If you are concerned that the data we hold about you is inaccurate or incomplete when considering the purposes for which your data is being used, you can ask us to rectify this. To do so, you should contact us using the details below.

The right to erasure (the right to be forgotten)

You have the right to request that all of the data we hold on you be erased from our systems. We may only be able to comply with this request in specific circumstances. This request would also apply to any third party whom we had shared your data with, and we would notify them accordingly if your request was valid. We will not be able to erase your data in all circumstances. For example, we would not be able to erase data that is being processed for the purposes of administering a live or lapsed insurance policy unless policy has been lapsed for seven years or more. This is because we have a legal obligation to retain this data for the defence of legal claims should a third party make an insurance claim against you. If you require any further information, or you wish to exercise your right of erasure, you should contact us using the details below.  

The right to restrict processing

You have the right to restrict our processing of your data in the following circumstances:

  • If you contest the accuracy of the information we hold until such time that we are able to verify the accuracy of this data or correct any errors.
  • You believe that the processing of this data is unlawful.
  • We no longer need the data for any purpose other than for the defence of any future insurance claims made against your policy.
  • You are awaiting a decision following an objection you have raised regarding an automated decision-making process.

If you wish to exercise your right to restrict processing, you should contact us using the details below.  

The right to data portability

Where we are processing data under the basis of contractual performance you have the right to request that we provide your data in a machine-readable format that you can then share with other businesses or in any other way you see fit. You have the right to request that we transfer your data to third parties directly for them to use as you see fit. We are able to provide your data either as an .XML file or a .CSV file. You are able to utilise your data in this way by contacting us using the details below.

The right to object

You have the right to object to your data being used for direct marketing purposes or profiling of your data for the purpose of direct marketing. We do not undertake profiling activity and if we hold your consent for marketing this right would not be available (however, you may withdraw your consent). If you have any concerns surrounding this, please contact us using the details below.

The right to object to automated decision making and profiling

You have the right to object to any automated decision making where there is no human intervention involved where this results in a legal implication to you. This right would not apply to underwriting decisions or to applications for credit made on our website or internal system as this automated decision making is required for entering into a contract with us. Currently, we do not use automated decision making for any other functions, but if you have concerns regarding this, please contact us using the details below.

The right to complain

You have the right to complain about the use of your personal data – in the first instance please get in touch using the details in the ‘Contact Us’ section. Our complaint handling procedure is available upon request or can be accessed from our website(s).

You are also entitled to complain to the Information Commissioner by writing to –

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

You can access their website at

What responsibilities do you have?

We will always endeavour to ensure that your personal data is accurate and up to date. If you notice that any information on your mortgage/policy documentation is incorrect or if any of your personal data changes, for example you change your contact details, occupation or your bank please let us know and we will inform you if it will be necessary to pass this information on to the lender/insurer.


We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure we have put in place a range of physical, electronic, contractual and control procedures to safeguard and secure the data we process.

Use of our website

By entering your details on any of our website(s), you agree that we may contact you to discuss a mortgage, finance or insurance product, or other service we provide, regardless of whether you choose to proceed with it.

Use of cookies on our website and Universal Analytics

A cookie consists of information sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser. We use session cookies on our website(s). We will use the session cookies to keep track of you whilst you navigate the website(s).

We use Google Analytics to analyse the use of our websites. Google Analytics is a web analytics tool that helps website owners understand how visitors use with their website; this is also the only cookie we use on our sites. Google Analytics uses first-party cookies to track visitor interactions. User data gathered in Google Analytics can be analysed to help us to improve our sites.

Google Analytics generates statistical and other information about website use, which are stored on users’ computers. Google will store this information and Google’s privacy policy is available at: For more information on opting out of being tracked by Google Analytics across all the websites you use, visit this Google page.

For our reporting needs as well as system administration we may gather data about your computer which can include your IP address, operating system and browser type. This is statistical data about our users’ browsing actions and patterns.

Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. Please refer to your browser’s settings for details of how to do this. Blocking cookies may, however, have a negative impact upon the usability of many websites, including ours.

Links to other websites

We may provide links to third party websites as part of our service to you. We accept no responsibility for any statements, information, content and products associated with these third party websites. We accept no liability for these third parties for any viruses or anything else that could be infectious or destructive.

Changes to this policy

We may change this policy from time to time; however we are not obliged to give notice of the changes, so you should check our website or contact us to ensure you are referring to the latest version.