Moat Mortgages

Privacy Notice

Hazelwood Financial Services (trading as Moat Mortgages)

Office: 12 Hamlet Hill, Roydon, Harlow, Essex, CM19 5LA, United Kingdom
FCA Firm Reference Number: 303934

Last updated: 27 February 2026

1. Who We Are

Hazelwood Financial Services (“we”, “us”, “our”) is authorised and regulated by the Financial Conduct Authority (FCA).

For the purposes of UK data protection law, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, Hazelwood Financial Services is the data controller of your personal data.

If you have any questions about this Privacy Notice or how we use your data, please contact us:

Email: dave.hunt@moatmortgages.co.uk
Telephone: 01279 792 756
Address: 12 Hamlet Hill, Roydon, Harlow, Essex, CM19 5LA

2. The Personal Data We Collect

We may collect, use, store and transfer the following categories of personal data:

Identity Data
Name, title, date of birth, marital status, gender, national insurance number, and identification documents.

Contact Data
Home address, email address and telephone numbers.

Financial Data
Bank statements, income and expenditure details, credit commitments, savings, assets, employment details, pension information and other affordability information.

Special Category Data
In limited circumstances, we may process health or medical information where required for insurance or protection product applications.

Transaction Data
Details about payments, products and services you receive from us.

Technical Data
IP address, browser type and version, time zone settings, operating system and other technology used to access our website.

Profile and Usage Data
Information about how you use our website, products and services, and any feedback you provide.

Marketing and Communications Data
Your communication preferences and marketing choices.

3. How We Collect Your Data

We collect personal data through:

Direct interactions (meetings, phone calls, email, online forms or written correspondence).
Automated technologies when you use our website or enquiry tools.
Third parties and publicly available sources, including:
- Estate agents or property developers (with your consent or where relevant to your application).
- Mortgage sourcing platforms or introducers.
- Credit reference agencies.
- Fraud prevention agencies.

4. Lawful Basis for Processing

We process your personal data using the following lawful bases:

Contract
Processing necessary to provide mortgage and protection advice, source products and submit applications.

Legal Obligation
Processing required to comply with legal and regulatory duties, including FCA rules, Anti-Money Laundering regulations, fraud prevention and record keeping obligations.

Legitimate Interests
Processing necessary for the operation of our business, including maintaining client records, improving services, managing risk and communicating with you about relevant products.

Consent
Where required, such as certain marketing communications or where special category data processing relies on your explicit consent.

You may withdraw consent at any time where consent is the legal basis.

5. Special Category Data

Where we process health or medical information, this is only where necessary for arranging insurance or protection products.

Processing is carried out under Article 9 UK GDPR and Schedule 1 of the Data Protection Act 2018 where necessary for insurance purposes and with appropriate safeguards.

6. How We Use Your Data

We use your personal data to:

Provide mortgage and protection advice.
Assess affordability and suitability.
Source and submit applications to lenders and insurers.
Verify identity and prevent fraud.
Meet FCA regulatory and legal obligations.
Maintain records for compliance and audit purposes.
Communicate with you regarding your applications and services.
Improve our services and systems.
Send marketing communications where permitted.

We will not sell your personal data or share it with third parties for their own marketing purposes.

7. Who We Share Your Data With

We may share your personal data with:

Lenders and protection providers – to obtain quotes, decisions in principle and submit applications.
Credit reference and fraud prevention agencies – for identity checks and credit assessments.
IT and software providers – supporting our mortgage sourcing, CRM and compliance systems.
Professional advisers – including legal, compliance or accounting advisers.
Estate agents or property developers – where relevant to your application.
Regulators and authorities – including the Financial Conduct Authority, HMRC, law enforcement and other bodies where required by law.
Business successors – if our business is sold, transferred or merged.

All third parties are required to keep your information secure and only use it for authorised purposes.

8. International Transfers

We primarily store and process data within the UK.

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as UK adequacy regulations or approved contractual clauses.

9. Data Security

We have implemented appropriate technical and organisational measures to protect personal data from accidental loss, misuse, unauthorised access, alteration or disclosure.

Access to personal data is limited to individuals who have a legitimate business need and who are subject to confidentiality obligations.

We maintain procedures to manage suspected data breaches and will notify you and the Information Commissioner’s Office (ICO) where legally required.

10. Data Retention

We retain personal data only for as long as necessary for legal, regulatory and business purposes.

Purpose

Retention Period

Successful mortgage or protection applications

Policy or mortgage term plus 6 years (or up to 30 years where required for historical records)

Withdrawn, incomplete or unsuccessful applications

2 years from last activity

Affordability assessments (not progressing to full application)

2 years

Enquiry data not resulting in an application

Up to 12 months

Regulatory or complaint-related records

As required by FCA or legal obligations

11. Marketing

We may contact you about products or services that may be relevant to you where permitted by law.

You can opt out at any time by:

Clicking the unsubscribe link in emails, or
Contacting us directly.

12. Your Rights

Under UK GDPR, you have the right to:

Access your personal data.
Correct inaccurate data.
Request erasure of data (where applicable).
Restrict processing.
Object to processing, including direct marketing.
Data portability.
Withdraw consent where applicable.

We will respond to requests within one month unless the request is complex.

13. Complaints

If you have concerns about how we use your data, please contact us first so we can try to resolve the issue.

You also have the right to complain to:

Information Commissioner’s Office (ICO)
www.ico.org.uk

If your complaint relates to financial services provided, you may also have the right to complain to the Financial Ombudsman Service.

14. Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for their privacy practices and encourage you to review their privacy notices.

15. Changes to This Privacy Notice

We keep this Privacy Notice under regular review and will update it when necessary. The latest version will always be available on our website.

The right advice for free

Your home may be repossessed if you do not keep up repayments on your mortgage.

Moat Mortgages is a trading name of Hazelwood Financial Services, which is authorised and regulated by the Financial Conduct Authority (FCA). Our FCA Register number is 303934. Registered Address: 12 Hamlet Hill, Roydon, Essex, CM19 5LA

Complaints Procedure & Your Rights