Gatehouse Capital Privacy Notice
Gatehouse Capital respects your privacy and protects personal data. This privacy notice explains how we collect and use personal data and your privacy rights.
1. Important information and who we are
Gatehouse Capital (SK1) Limited is the controller for the personal data we collect. The company is registered in the UK. This notice applies to the website and any contact you have with us.
Contact details
Gatehouse Capital (SK1) Limited
Registered Office: The Helicon, One South Place, London EC2M 2RB
Trading Address: Unit 127, 4 Redheughs Rigg, Edinburgh, EH12 9DQ
Email: contact@gatehousecapital.co.uk
Phone: 01313920700
ICO registration number: ZC019359
You should read this notice with any other fair processing information we provide at the time we collect data.
Third party links
The website may link to other websites. Those websites have their own privacy notices. We do not control those websites.
2. The types of personal data we collect
We will only collect information in line with relevant law and regulations. We may collect it from a range of sources and it may relate to any of our product or services you apply for, currently hold, or have held in the past. We may also collect information about you when you interact with us, e.g. visit our website or call us or ask about any of our product and services.
We do not ask for “special categories of personal information” (which is information relating to your health, genetic or biometric data, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership) or criminal convictions. We may obtain information on criminal convictions when we check third party sources for your information. You may also choose to provide us with health data if you wish us to interact with you in a particular way.
Where you provide personal information to us about other individuals (for example, directors of your company, shareholders, your employees, family members to be named on your account or on your product) we will also be data controller of their personal information. You should refer them to this notice before supplying us with their data on their behalf.
Some of the information will come directly from you e.g. when you provide ID to open an account. It can also come from your broker or finance intermediary, or other Gatehouse group companies if for example they refer you to us for another Gatehouse product.
We collect the following categories of data:
| Type of personal information | Description |
| Financial | Your financial position, history and status |
| Contact | Your name, address, email address, landline and mobile numbers |
| Socio- Demographic | This includes details about your profession, nationality |
| Transactional | Payments into your account, transaction records, your credit, your payment history |
| Contractual | Details about the product and services we provide you |
| Usage data | Data we get about where you are. This may come from where you connect a computer to the internet, we also use cookies to collect data, to deliver content specific to your interests, and for other purposes. |
| Communications | Information that you give us by filling forms, or by communicating with us, whether face to face, by phone, email, or otherwise. |
| Open Data and Public Records | Details from publicly available sources such as Electoral Register, and information about you that is openly available on internet |
| Documentary Data | This could include documents like your Photo ID, Passport information, National Insurance number, National ID card, Driver’s license |
| Special categories of data | Details about your criminal convictions or related information. This will include information relating to offences or alleged offences if they are found in a third party search. |
| Marketing and sales information | Details of services you receive and your preferences |
| Risk rating information | Information from Credit Risk agencies for Credit risk rating, underwriting information |
| Investigation data | Information that we need to support our regulatory obligations, e.g. due diligence checks, sanctions and anti-money laundering checks, external intelligence report, information about transaction details, detection of any suspicious and unusual activity and information about parties connected to you or these activities. |
| Security details | Login credentials for online banking |
We also collect aggregated data to improve our website and services. We cannot identify you from aggregated data.
If you do not provide required data, we cannot assess a Finance enquiry or application.
3. How we collect personal data
Information that you provide to us, e.g.
- personal details: e.g. name, date and place of birth;
- contact details: e.g. address, email address, mobile and landline numbers
- information relating to your identity: e.g. passport, National id, National insurance number
- user login data: e.g. login credentials for online banking
- information that you give us by filling out forms or by communicating with us, whether face- to-face, by phone, email, or otherwise;
- lifestyle information: e.g. income, credit commitments, living costs and expenditures for finance affordability assessment
Information we collect or generate about you, e.g.
- your financial information, products and services you hold with us, channels you use and your ways of interacting with us, your ability to get and manage your credit, your payment history, transaction records, and information concerning complaints and disputes;
- information we use to identify and authenticate you e.g. login credentials;
- marketing and sales information: e.g. details of services you receive, your preferences;
- cookies to deliver content specific to your interests, and for other purposes, your IP address, the pages you visit within our site.
- risk rating information: e.g. underwriting information, credit risk;
- investigations data: e.g. due diligence checks, sanctions and anti-money laundering checks;
- records of correspondence between us, e.g. emails;
- information that we need to support our regulatory obligations, e.g. information about transaction details, detection of any suspicious activity.
Information we collect from other sources, e.g.:
- companies or individuals that introduce you to us for your financing requirements;
- from Credit Reference Agencies such as Equifax in the event you are an applicant of one of our residential financing products;
- public information sources such as Electoral register or Companies House.
Use of CAPTCHA
Our website utilizes CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to enhance security and prevent automated abuse or misuse of our online services. CAPTCHA helps verify that users accessing our website are human and not bots, thereby protecting the integrity of our systems and ensuring a safer online experience for our users.
What data is collected?
When you interact with our CAPTCHA system, certain technical information may be collected automatically, such as your IP address, browser type, device information, and cookies. This data is collected solely for the purpose of CAPTCHA verification and is not used for any other purposes.
How is this data used?
The data collected through CAPTCHA is used solely for the purpose of preventing spam, abuse, and unauthorized access to our website. It helps us distinguish between legitimate human users and automated bots, thus enhancing the security of our online platform.
Third-party disclosure
We may share CAPTCHA data with third-party service providers who assist us in implementing and managing our CAPTCHA system. However, we do not sell, trade, or otherwise transfer this data to outside parties for marketing or other purposes.
Your consent
By using our website and interacting with the CAPTCHA system, you consent to the collection and processing of your data for the purposes outlined above.
Your rights
You have the right to access, update, or delete the data collected through CAPTCHA. If you have any questions or concerns regarding the use of CAPTCHA or the data collected, please contact us at privacy@gatehousebank.com.
4. How we use your personal data
What will we use your personal information for?
We may use your personal information for a number of different purposes. In each case, we must have a “legal ground” to do so. We will rely on the following “legal grounds”, when we process your “personal information”:
- We need to use your personal information to enter into or perform the product that we hold with you. For example, we need to use your personal information to set you up on our systems and communicate with you.
- We have a legal or regulatory obligation to process such personal information. For example, our regulators require us to make certain checks and hold certain records of our dealings with you. These include verifying your identity and the source of your funds.
- We need to use your personal information for a justifiable purpose (e.g. to keep a record of the decisions we make when different types of applications are made, to keep business records, to carry out strategic business analysis, review our business planning and to develop and improve our products and services). When using your personal information for these purposes, we will always consider your rights and interests and ensure that your right to privacy is taken into consideration and that we have justifiable reasons for using the personal information in that way.
When the information that we process is classed as “special categories of personal information”, we must have an additional “legal ground”. We will rely on the following legal grounds when we process your “special categories of personal information”:
- We need to use such special categories of personal information to comply with our regulatory requirements to investigate whether you have committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper conduct.
- We need to use such special categories of personal information to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you.
- You have provided your consent to our use of your special categories of personal information. This may be because you have a specific health condition and wish us to know about it in our dealings with you.
Further detail on these legal grounds are provided below.
| Processing activity | Our reason | Legal Ground |
| To deliver our products and services: | Administer your accounts, or process your transactions | We will do this in order to perform our contract with you |
| Operations support | We will use your information to enable the provision and function of our services in line with regulation, laws and customer rights and interests, e.g. complaints management and exit management. | The lawful reasons for processing these are legitimate interest, legal obligation and in order to perform our contract with you. |
| To prevent and detect crime including, e.g. fraud, terrorist financing and money laundering | This will include monitoring, Mitigation and risk management, carrying out Customer due diligence, name screening, transaction screening – payments from are who they say they are, and aren’t subject to any sanctions, and customer risk identification. We may share your information with relevant agencies, law enforcement and other third parties where the law allows us to for the purpose of preventing or detecting crime. For further information on our use of fraud agencies please see below. |
We do this to comply with our legal and regulatory obligations. To the extent it includes Special categories of personal data to comply with our regulatory requirements to investigate whether you have committed an unlawful act or been involved in dishonesty, malpractice or other seriously improper conduct. |
| Risk management | We will use your information to measure, detect and prevent the likelihood of financial, reputational, legal, compliance or customer risk. This includes credit risk, operational risk. For further information on our use of credit reference agencies see below. | We will do this because we have a legitimate interest in ensuring that we carry out a proper risk assessment prior to providing finance. |
| Marketing (please see further information on our marketing activities below) | If you are a Gatehouse Capital customer and did not opt out at the time your data was collected to receiving marketing from us, you may receive marketing messages from us. You can change your mind on how you receive marketing messages or choose to stop receiving them at any time. To make that change, contact our DPO using the details provided in the section “Contacting us”. | The lawful basis for this is our legitimate interest. |
| Tracking or recording activities | We may record and keep track of our conversations you have with us including phone calls and emails. We may use these recordings for Quality assurance, training or Audit. We may also capture additional information about these interactions, e.g. telephone numbers that you call us from. We may use closed circuit television on our sites and these may collect images or videos of you. | We would do this on the basis that it’s in our legitimate interest. Where the information contains special categories of personal data to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you. |
| Protecting our legal rights | We may need to use your information to protect our legal rights, e.g. in the case of defending or the protection of legal rights and interests (e.g. arrears management, enforcing or protecting our security or defending rights of intellectual property); court action; managing complaints or disputes. This may be in connection with action taken against you or other persons, e.g. joint borrowers. | We would do this on the basis that it’s in our legitimate interest. Where the information contains special categories of personal data to establish, exercise or defend legal rights. This might happen when we are faced with legal proceedings or want to bring legal proceedings ourselves or when we are investigating a legal claim that a third party brings against you. |
5. Sharing your personal data
We share personal data with the following third parties when necessary:
- Internal teams.
- Professional advisers including lawyers, surveyors, valuers, and accountants.
- Credit reference and fraud prevention agencies.
- Technology providers supporting CRM, document storage, analytics, and communication tools. HMRC or regulators if legally required.
- Potential buyers if we sell or restructure the business.
- Fraud and AML agencies may share data with other organisations and law enforcement. If you pose a fraud or money laundering risk, lending may be refused.
We require third parties to protect data and to process it only on our instructions.
6. International transfers
We do not transfer data outside the UK unless needed for a borrower based overseas or a partner service located outside the UK. In those cases, we use safeguards that align with UK data protection law.
7. Data security
We use access controls, encryption, network security, and staff training to protect data against loss or unlawful access. Only staff who need data for their role receive access.
8. Data retention
We keep personal data only as long as needed for the reasons collected. This includes up to six years after a financeend to meet legal and tax obligations. We can retain data longer if we expect litigation or a complaint. We may anonymise data for research or reporting. Anonymised data no longer identifies you.
9. Your legal rights
You have a number of rights in relation to the information that we hold about you which we set out below. These rights might not apply in every circumstance. You can exercise your rights by contacting us at any time using the details set out in section 10. We will not usually charge you in relation to a request.
Please note that although we take your rights seriously, there may be some circumstances where we cannot comply with your request such as where complying with it would mean that we couldn’t comply with our own legal or regulatory requirements. In these instances we will let you know why we cannot comply with your request.
In some circumstances, complying with your request may result in your product being cancelled. For example, if you request erasure of your personal information, we would not have the information required to administer your product. We will inform you of this at the time you make a request.
The right to access your personal information
You are entitled to a copy of the personal information we hold about you and certain details of how we use it.
We will usually provide your personal information to you in writing unless you request otherwise. Where your request has been made electronically (e.g. by email), a copy of your personal information will be provided to you by electronic means where possible.
The right to rectification
We always take care to ensure that the information we hold about you is accurate and where necessary up to date. If you believe that there are any inaccuracies, discrepancies or gaps in the information we hold about you, you can contact us and ask us to update or amend it.
The right to restriction of processing
In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.
The right to withdraw your consent
Where we rely on your consent in order to process your personal information, you have the right to withdraw such consent to further use of your personal information.
Please note that for some purposes, we need your consent in order to provide your product. If you withdraw your consent, we may need to cancel your product. We will advise you of this at the point you seek to withdraw your consent.
The right to erasure
This is sometimes known as the ‘right to be forgotten’. It entitles you, in certain circumstances, to request deletion of your personal information. For example, where we no longer need your personal information for the original purpose we collected it for or where you have exercised your right to withdrawn consent.
Whilst we will assess every request, there are other factors that will need to be taken into consideration. For example we may be unable to erase your information as you have requested because we have a regulatory obligation to keep it.
The right to object to direct marketing
You have control over the extent to which we market to you and you have the right to request that we stop sending you marketing messages at any time. You can do this either by clicking on the “unsubscribe” button in any email that we send to you or by contacting us using the details set out in section “Contacting us”.
Please note that even if you exercise this right because you do not want to receive marketing messages, we may still send you service related communications where necessary.
The right to data portability
In certain circumstances, you can request that we transfer personal information that you have provided to us to a third party.
Rights relating to automated decision-making
We carry out some limited automated decision making to assess whether you meet the criteria for some of our products.
Where an automated decision produces a legal or other similarly significant effect concerning you (for example, where your policy or claim is rejected), you have the right to ask us to reconsider a decision taken by automated means or to take a new decision on a different basis (e.g. by introducing some form of human involvement).
The right to make a complaint with the Regulator
You have a right to complain to the Information Commissioner’s Office (ICO) or any other local Data Protection Regulator if you believe that we have breached data protection laws when using your personal information.
You can visit the ICO’s website at https://ico.org.uk/ for more information or call 0303 123 1113. Please note that lodging a complaint will not affect any other legal rights or remedies that you have.
You can exercise your rights by contacting us using the details set out in the ‘Contacting us’ section below.
Our use of Credit Reference Agencies
If you are applying for our Residential finance, in considering your application we will search your personal and where applicable, business record at one or more Credit Reference Agencies.
They will add details of our search to your records and your application will be seen by other organisations that make searches. Information held about you by the Credit Reference Agencies may already be linked to records relating to one or more of your partners. If you are a director, we will seek confirmation from Credit Reference Agencies that the residential address that you provide corresponds to the address listed on the restricted register of directors’ home addresses at Companies House. Information on the performance of any will be recorded against each director to the finance with Credit Reference Agencies
We will also add to your personal and where applicable, business record with one or more of the Credit Reference Agencies details of your agreement with us, the payment you make under it, any default or failure to keep to its terms and any change of address you fail to tell us about where a payment is overdue. These records will be shared with other organisations and used by us and them to trace debtors, recover debt, and to manage your accounts.
By making a joint application, you confirm that you are entitled to: disclose information about your joint applicant (note that for the purpose of limited company applications director/ guarantors are considered applicants) and anyone referred to by you; and authorise us to search, link or record information at Credit Reference Agencies about you and anyone referred to by you. If you provide personal data about another person to us, you should provide them with this information concerning the processing of their personal data.
For further information on how Credit Reference Agencies use your personal data, please see https://www.equifax.co.uk/crain.html
10. Complaints & Contacting Us.
You can contact us on the below details:
Gatehouse Capital (SK1) Limited
Registered Office: The Helicon, One South Place, London EC2M 2RB
Trading Address: Unit 127, 4 Redheughs Rigg, Edinburgh, EH12 9DQ
Email: contact@gatehousecapital.co.uk
Phone: 01313920700
Data Protection Officer:
Mark Dyason
Mark.dyason@gatehousecapital.co.uk
01313920700