Privacy Policy | Apex Mortgage & Protection
Legal

Privacy Policy

How we collect, use, store and share your personal data — in line with the UK GDPR and the Data Protection Act 2018.

Last updated: May 2026 UK GDPR compliant

1 Introduction

At Apex Mortgage & Protection UK Ltd (“Apex”, “we”, “our”, “us”), we are committed to protecting your personal data and handling it with transparency, integrity and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains how and why we collect, use, store and share your personal data, as well as your rights in relation to that data. It applies to data we collect through our website (apexmp.co.uk), through enquiries you make with us, and during the course of providing you with mortgage and protection advice.

2 Data Controller

Apex Mortgage & Protection UK Ltd is the Data Controller for the personal information you provide. We may process your data directly or through our network partner, Sesame Ltd, where applicable.

Our registered details are:

  • Company: Apex Mortgage & Protection UK Ltd
  • Registered office: Unity Business Centre, 26 Roundhay Road, Leeds, West Yorkshire, LS7 1AB
  • Companies House number: 10881760
  • Email: [email protected]
  • Phone: 03332 200 270

3 What data we collect and why

To provide appropriate mortgage, protection and financial advice, we may collect the following types of personal data:

  • Identity data — e.g. name, date of birth
  • Contact data — e.g. phone number, email address, postal address
  • Financial and employment data — e.g. income, expenditure, employment status
  • Transaction data — details of products and services arranged for you
  • Technical data — IP address, browser type, time zone setting, location data (when you use our website)
  • Details of your enquiry or request

We use your data for the following purposes:

  • To contact you and respond to your enquiry or request
  • To provide financial services including mortgage, loan and protection advice
  • To liaise with third parties such as lenders, insurers, credit reference agencies or compliance bodies
  • To comply with regulatory obligations (e.g. FCA oversight, fraud prevention, anti-money laundering checks)
  • To improve our services and the performance of our website

Our lawful basis for processing your data is our legitimate interest in running our business, fulfilling contractual obligations and complying with legal requirements. For some purposes, such as marketing or processing health-related data, we will only process your data with your explicit consent.

4 Who your data will be shared with

Your data may be shared with the following third parties:

  • Mortgage lenders, insurers and related financial service providers
  • Credit reference agencies, your employer or accountant (for verification purposes)
  • Our CRM and software providers (e.g. to manage your file securely)
  • Sesame Ltd and the Financial Conduct Authority (FCA) for compliance monitoring
  • Professional advisers such as solicitors, accountants and auditors
  • HM Revenue & Customs, regulators and other authorities where required by law

All third parties are contractually bound to handle your data securely and only for the specified purpose. We do not sell your personal data to third parties under any circumstances.

5 Communication preferences

If you provide us with an email address or phone number, you consent to being contacted by us using those details in connection with your enquiry or the services we provide. While we take appropriate steps to secure email and SMS communications, you acknowledge the inherent risks of these methods.

You can update your communication preferences or ask us to use a different method of contact at any time by emailing [email protected].

6 Sensitive personal data (special category data)

To support certain insurance applications — such as life insurance, critical illness cover or income protection — we may need to process health-related information. This data will only be collected with your explicit consent and will be handled with strict confidentiality.

You may also have the option to provide such data directly to the insurer, rather than via us. We will explain this option to you at the relevant point in the application process.

7 Data storage and location

Your data is processed and stored by staff in the UK. Some data may be held in secure UK-based cloud systems. Access to your data is restricted to authorised personnel and protected by appropriate technical and organisational measures.

Where we use third-party providers that may transfer data outside the UK, we ensure appropriate safeguards are in place — such as the UK International Data Transfer Agreement or equivalent — to protect your information in line with UK GDPR requirements.

8 Data retention

We will retain your personal data for a minimum of six (6) years after the end of our business relationship, or longer if legally required. The relationship is considered concluded when all related mortgage or insurance products have ended.

Where data is no longer required, we will securely delete or anonymise it.

9 Marketing and staying in touch

We’d like to keep in touch about relevant financial products or services that may be of interest to you. We’ll only do so:

  • With your express consent
  • For up to five (5) years, unless renewed

You can change or withdraw your marketing preferences at any time by emailing [email protected], or by clicking the unsubscribe link in any marketing email we send you.

10 Your rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Request correction of inaccurate or incomplete data
  • Request erasure of your data under certain conditions
  • Object to or restrict processing of your data
  • Request data portability in a structured, electronic format
  • Withdraw consent for special category data or marketing at any time
  • Lodge a complaint with the Information Commissioner’s Office (see below)

To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request.

11 Cookies and website tracking

Our website uses cookies and similar technologies to help the site function properly, analyse traffic and improve your experience. Cookies are small text files placed on your device when you visit a website.

The cookies we use fall into the following categories:

  • Strictly necessary cookies — required for the website to function (e.g. form submissions, chat widget)
  • Performance & analytics cookies — help us understand how visitors use our site so we can improve it
  • Marketing cookies — used to measure the effectiveness of our advertising

You can manage your cookie preferences at any time through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. Please note that some parts of our website may not function properly if you disable cookies.

12 How to complain

If you’re concerned about how your personal data is handled, please contact us in the first instance at [email protected] or 03332 200 270.

If you remain unsatisfied, you can refer your complaint to our network Sesame:

Write to: The Customer Relations Department, Sesame Limited, Fourth Floor, Jackson House, Sibson Road, Sale, M33 7RR.

Email: [email protected]

Telephone: 0345 0456 800 (Mon–Fri 9.00am to 5.00pm)

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time:

13 Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, services or applicable law. The “last updated” date at the top of this page indicates when this policy was last revised. We encourage you to review this page periodically.

By providing your data, you confirm you have read and understood this Privacy Policy and how your information may be used.

Questions about your data?

Get in touch

03332 200 270 or [email protected]