Privacy Notice – Intermediaries

June 2023


We take our obligations under data protection law very seriously and we’re committed to keeping your personal data secure.

Data Protection law, including the Data Protection Act 2018 and UK General Data Protection Regulation (GDPR), imposes obligations on us as a “data controller” when we collect, hold, amend, share or otherwise use or erase/destroy (collectively referred to as “processing”) your personal data. It also gives you, as the “data subject”, rights over your personal data.

One such obligation is to process your personal data fairly, lawfully and in a transparent manner. This privacy notice is designed to help you understand what personal data we hold, why it is required, and how it is used. It also sets out some of your legal rights.


OSB GROUP PLC is the London Stock Exchange listed entity and parent company for a specialist lending and retail savings group of companies (OSB Group) including OneSavings Bank plc and Charter Court Financial Services Limited, which are authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority.

In this privacy notice, the terms “we”, “our”, and “us” are used to refer to the relevant subsidiary/trading name and “data controller” for your personal data or, where applicable, to the OSB Group. Subsidiaries and our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006, may change from time to time and references to the OSB Group include successors in title and any other person who is for the time being entitled at law to the benefit of the mortgage or loan product. Subsidiaries and trading names in the OSB Group include:

  • 5D Finance Limited
  • Broadlands Finance Limited
  • Charter Court Financial Services Group PLC
  • Charter Court Financial Services Limited
  • Charter Mortgages Limited
  • Exact Mortgage Experts Limited
  • Guernsey Home Loans Limited
  • Heritable Development Finance Limited
  • Interbay Asset Finance Limited
  • Interbay Funding Limited
  • Interbay ML Limited
  • Jersey Home Loans Limited
  • Kent Reliance
  • Kent Reliance Property Loans
  • OneSavings Bank PLC
  • Precise Mortgages
  • Prestige Finance Limited
  • Reliance Property Loans Limited
  • Rochester Mortgages Limited

We respect your right to privacy. If you have any questions or concerns about how we use your information, our Data Protection team will be happy to assist you. Please write to:

Group Data Protection Officer


OSB House, Quayside, Chatham Maritime, ME4 4QZ

Alternatively, you can email us at: [email protected]

Please read the following carefully to understand our practices regarding your personal data and how it is processed.


This privacy notice explains how we will use the personal data of employees and representatives of mortgage intermediaries and mortgage intermediaries which are sole traders operating in their own name and not, for example, through a limited company. Each such person is referred to as “you” and “your” in this privacy notice. Mortgage intermediaries include:

  • firms providing mortgage advice or information on loans and mortgages to our borrowers or potential borrowers (Mortgage Advisers)
  • firms operating as a mortgage club of which a Mortgage Adviser is a member (Mortgage Club)
  • firms with a network of appointed representatives (Networks)
  • firms providing services to Mortgage Advisers, Networks and Mortgage Clubs which includes distributing our products or submitting applications to us on their behalf (Packagers)
  • firms which package secured second charge mortgage loan applications on our behalf (Master Brokers).


Those words in brackets have the meanings above in this privacy notice and:

“Mortgage Business” means the business of and activities involved in you introducing borrowers to us in relation to our products and related matters including the submission of applications to us, requests for decisions in principle, requests for variations to existing loans and informal enquiries you make as to potential borrowers’ eligibility for a loan or a mortgage.

“Connected Firms” means firms connected with you, the firm which employs you or you represent, it’s or your Network or Mortgage Club and any Packager it or you use.


We will receive personal data about you from a variety of sources including from:

  • you;
  • your employees/employer and representatives;
  • Connected Firms;
  • from borrowers and potential borrowers from us;
  • your representatives or advisers,
  • fraud prevention agencies;
  • solicitors and persons working on our behalf;
  • market researchers;
  • law enforcement agencies, and
  • other companies within the OSB Group. 

We will also generate personal data about you during the course of receiving Mortgage Business and managing our relationship with you and Connected Firms. We may also obtain data about you that is publicly available such as from the Electoral Register, the Internet and Companies House.


We may process a wide variety of data about you, where necessary, for the purposes set out in the “How we use your personal data” section, including data about:

You as an individual
  • Name, title and address (including previous names and addresses)
  • Other contact details including email addresses, telephone numbers and website
  • Your family, background and interests
  • Date and place of birth
Information identifying you
  • Passwords
  • Memorable information
Connected Firms
  • Firms connected with you, the firm which employs you or you represent, their or your Network or Mortgage Club and any Packager they or you use
  • Your and Connected Firms’ regulator, regulatory reference numbers and the permissions held
Payment details Bank account details (account name, number and sort code) for the payment of fees due
the Mortgage Business you have submitted to us
  • The Mortgage Business you have submitted, the outcome of those submissions and subsequent performance of loans made
  • Our contact with you
Your preferences Whether you wish to receive marketing from us
Your technology Device identifiers including IP address
Your profile and relationship with us
  • Payments we have made to you and Connected Firms and other costs we have incurred in providing gifts and hospitality, products, events and services to you and Connected Firms
  • Events you have attended or which we have invited you to
  • The type and volume of Mortgage Business you submit or are likely to submit, the performance of that business
  • Your use of our online and other systems and processes


Some personal data for example data about your health, racial or ethnic origin is subject to additional rights and are described as special category data. We will not normally ask for or record any special category data.

We will only do this if you have confirmed you consent to us doing so, or where we are legally permitted or required to process this information without seeking your consent. You are not contractually required to provide this information, and it will not impact on the functioning of any relationship between us. Where we have obtained your consent to us processing special category data you are entitled to withdraw your consent to our processing of this information at any time and you should contact us to do that.


We use information held about you in the following ways:

Process the Mortgage Business that you submit to us or are submitted to us on your behalf and to administer any loans we subsequently make

This will include to:

  • fulfil your instructions and provide documents and information you request
  • contact you and to liaise with you to progress the Mortgage Business you have submitted
  • contact you during the course of administering any loan we make
  • check the information that has been provided to us
Manage and build our relationship with you and Connected Firms

This will include to:

  • Register you and Connected Firms with us, undertake due diligence on you and Connected Firms;
  • Check that you or Connected Firms have the required permissions and authorisations;
  • Identify you;
  • Enable you to access and use our online applications and other products, services, processes and procedures;
  • Make payment of fees due to you or Connected Firms or to receive payment of sums due to us;
  • Provide you with information about our products and services and respond to enquiries you make;
  • Collect and recover any money owing to us;
  • Provide you and Connected Firms with management information about Mortgage Business, the outcome of the Mortgage Business submitted and subsequent performance of loans made;
  • Create records, produce correspondence and other documents and provide information to you and others;
  • Correct inaccurate data held by us and third parties;
  • Update, consolidate and improve the accuracy of our records;
  • Monitor and analyse the performance of Mortgage Business submitted to us;
  • Invite you to and run events that we think that will be of interest to you.
Identify and prevent financial crime

This will include to:

  • detect, prevent, investigate and/or report suspected money laundering, fraud, bribery, corruption and other crime.
Comply with our legal, contractual and regulatory obligations, codes of practice and to run our business
  • Share data about you and Mortgage Business with:
    • Our regulators;
    • Our investors or potential investors, funders and their advisers;
    • Any prospective purchaser of us or any part of our business, seller to us or party seeking to merge with us or any person who does or wishes to fund or otherwise be involved in any such transaction and their representatives; or
    • Fraud prevention agencies who in turn will provide data to us, (further information on this is provided below).
  • Provide data, reports and returns to our regulators, HMRC, tax authorities, other statutory bodies, our trade bodies or when required by a court order or other legal or contractual obligation;
  • Manage, monitor, analyse, develop, forecast and report on the performance of our businesses, suppliers and other third parties including accounting and auditing;
  • Manage how we lend and use our resources;
  • Manage risk for us and our borrowers;
  • Seek advice from our advisers.
Develop and improve our products and services

This will include to:

  • Test products and services;
  • Obtain your feedback on the products and services we provide;
  • Undertake market research;
  • Ensure that we meet high standards of customer service, including monitoring calls and training staff.
Undertake analysis, produce models, statistics, reports and forecasts

This will include to:

  • Understand how you deal with us and to identify what products, services and events may be of interest to you;
  • Forecast future Mortgage Business with you and Connected Firms;
  • To analyse and model the likely future performance of Mortgage Business you submit and any loans we make.
To investigate and respond to complaints, disputes and where necessary to bring or defend legal claims

This will include to:

  • identify and document facts and evidence;
  • investigate and respond to complaints, disputes, regulatory investigations and/or to bring or defend legal claims;
  • allow us to ensure that we offer the highest standard of customer service, by identifying if we have provided any inadequate service and the causes of such failings, and to determine how to avoid any repeat of that situation and improving our services.


Sometimes we may use your personal data to make an automated decision (applicable in certain circumstances only). These help to ensure that our decisions are quick, fair and efficient based on the personal data we have about you. The type of automated decisions we make are about how we manage our relationship with you and Connected Firms. For example, which products and services we offer which we think may be of interest to you or Connected Firms.

These automated decisions may also take into account details of any products you already have procured for your clients with members of OSB Group.

You may ask us not to make automated decisions about you by contacting our Data Protection Officer, or ask us to review any automated decision that we have made taking account of any additional information you wish to provide to us.


We may record and/or monitor telephone calls with you for the following purposes:

  • For security, quality and/or training purposes;
  • To confirm that we have complied with your instructions;
  • To resolve or investigate any queries;
  • To comply with our legal obligations, or
  • To prevent fraud or other criminal activities.


We may contact you about products or services offered by post, electronic mail, telephone, SMS text messaging and any other online or interactive media if, when we collected your personal data, you consented to receive marketing communications or in certain circumstances have not opted out of marketing communications.

You can ask us to stop or start sending you marketing messages at any time by contacting us. You can also unsubscribe from electronic marketing communications by using the ‘unsubscribe’ function.


Data protection laws require that we meet certain conditions before we are allowed to use your data in the manner described in this privacy notice. We rely on the following legal grounds in order to process your data:

We have obtained your consent

  • We may process certain information where you have provided your consent for us to do so. For example, you may provide us with your explicit consent to process certain special category data such as health data (for example, to inform us about hearing difficulties) where this assists in managing our relationship with you.
  • Where we rely upon your consent in order to process your personal data you may withdraw this consent at any time.
  • We may also provide you with certain marketing information including third party services or products where you have provided your consent for us to do so.

Processing of your data is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are outweighed by your interests, fundamental rights and freedoms

  • Personal data is processed where it is necessary for our legitimate interests including to help us manage our business and to analyse, assess and improve the viability and popularity of our products. It is also processed to enable us to respond to queries, complaints and for the establishment and defence of legal rights.

Processing of your data is necessary for compliance with a legal obligation which we are subject to

  • We are required to process certain personal data in order to comply with our legal and regulatory obligations including UK anti-money laundering regulations, for the purposes of ongoing fraud detection and reporting and to ensure the fair treatment of vulnerable customers.


We may share your personal information with any member of OSB Group, which means any subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We will only disclose your information to:

  • business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
  • our affiliates and selected third parties, where you have consented to receiving marketing from us/third parties;
  • third party suppliers, service providers and/or legal advisers to the extent they assist us with our legal/regulatory obligations;
  • selected third parties so that they can contact you with details of the services that they provide, where you have expressly opted-in/consented to the disclosure of your personal data for these purposes;
  • analytics and search engine providers that assist us in the improvement and optimisation of our site and other selected third parties;
  • any investor, potential investor, funder, purchaser in or of our business or any part of our business and their advisers;
  • our regulators, law enforcement bodies, credit reference agencies, fraud prevention agencies, the courts or any other authorised bodies, to the extent that we are legally required to.

We may disclose your personal information to third parties:

  • if you require us to;
  • in the event that we consider selling or buying any business or assets, in which case we may disclose your personal data to any prospective sellers or buyers of such business or assets; 
  • if we, or substantially all of our assets, are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
  • in the event of any insolvency situation (e.g. the administration or liquidation) of OSB GROUP PLC or any of its group entities;
  • in order to enforce or apply our website or service terms;
  • to protect the rights, property, or safety of us, our staff, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of staff and customer safety, crime prevention, fraud protection and credit risk reduction; and
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.


Information which you provide to us is stored on our secure servers located in the UK. However, data that we collect from you may be also transferred to, or processed in, a destination outside the UK. In particular, we have operations centres in India which access and process data and we engage some third parties that may store or process personal data outside of the UK. Your personal data may also be processed by staff operating outside the UK who work for us or for one of our suppliers. This includes staff engaged in the processing of your payment details and the provision of support services.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice. In particular, when personal data is processed outside of the UK, we will make sure appropriate safeguards are in place, in accordance with legal requirements, to protect the data.

In all cases these safeguards will include one of the following:

  • Sending the data to a country that’s been approved by the UK Government as having a suitably high standard of data protection law.
  • Putting in place a contract with the recipient containing terms approved by the UK authorities as providing a suitable level of protection.


We will retain information about you for the period necessary to fulfil the purposes for which the information was collected. After that, we will anonymise or delete it. The retention period may vary depending on the purposes for which the information was collected.

Where a specific legal or regulatory requirement applies to your information we will retain it for at least the period of time specified in such legal or regulatory requirement. In the absence of a specific legal or regulatory requirement, we will usually retain your information for up to seven years. The legal limitation period for bringing legal claims is six years where the claim arises from a simple contract.


You have a number of rights under data protection law in relation to the way we process your personal data. These are set out below:

Right Description
Right to be informed A right to be informed about how we collect and use your personal data.
Right of access A right to access personal data held by us about you
Right to rectification A right to require us to rectify any inaccurate personal data held by us about you.
Right to erasure A right to require us to erase personal data held by us about you. This right will only apply where (for example): we no longer need to use the personal data to achieve the purpose we collected it for; or where you withdraw your consent if we are using your personal data based solely on your consent; or where you object to the way we process your data (in line with the right to object below).
Right to restrict Processing In certain circumstances, a right to restrict our processing of personal data held by us about you. This right will only apply where (for example): you dispute the accuracy of the personal data held by us; or where you would have the right to require us to erase the personal data but would prefer that our processing is restricted instead; or where we no longer need to use the personal data to achieve the purpose we collected it for, but you still require the data for the purposes of dealing with legal claims.
Right to data portability In certain circumstances, a right to receive personal data, which you have provided to us, in a structured, commonly used and machine readable format. You also have the right to require us to transfer this personal data to another organisation, at your request.
Right to object A right to object to our processing of personal data held by us about you in certain circumstances (including where the processing is necessary for the purposes of the legitimate interests pursued by us or a third party). You also have the right to withdraw your consent, where we are relying on it to use your personal data; or ask us to ask us to stop processing your data for direct marketing purposes.
Rights related to automated decision making including profiling In certain circumstances, a right not to be subject to a decision based solely on automated processing (without any human involvement), including profiling.

You may contact us using the details on our website (or by contacting our Data Protection team directly – details above) to exercise any of these rights. We will acknowledge, and normally action, a request received from you within one month from the date we receive the request. However, as outlined above some rights are restricted and we may not always be able to action your request.

If you have any concerns regarding our processing of your personal data, or are not satisfied with our handling of any request by you in relation to your rights, we would encourage you to contact us. You also have the right to make a complaint to the Information Commissioner’s Office (ICO):

First Contact Team
Information Commissioner’s Office,
Wycliffe House,
Water Lane,

Please call 0303 123 1113 or visit for up to date information on contacting the ICO.


We use appropriate technical and organisational measures to protect the information we collect and process about you and our online services are provided using secure servers. We use Secure Sockets Layer (SSL) software to encrypt information, in order to protect your security.

We regularly review our systems and process to ensure our online services are provided using secure servers, however, no Internet transmission can ever be guaranteed 100% secure. We recommend that you install, use and maintain up-to-date anti-virus, firewall and anti-spyware software on your computer to better protect yourself.

You must ensure that you log out of your account at the end of an online session (where applicable) and never leave your computer unattended when logged in.


Cookies are small text files that web servers can store on your computer’s hard drive when you visit a website. They allow the server to recognise you when you revisit the website and to tailor your web browsing experience to your specific needs and interests. If you wish to restrict or block the cookies which are set by us, you can do this through your internet browser settings or the cookies preference management tool on the relevant website.

Further information about our use of cookies can be found on each website.


Our websites may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that they have their own privacy notice and we do not accept any responsibility or liability in relation to third party websites. Please check the relevant privacy notice before you submit any data to these websites.


We may update this privacy notice from time to time. Any changes we may make in the future will be posted on our websites and we recommend that you revisit the Privacy Policy page from time to time to stay informed about how we use your information.


Contact Us