Last updated 29/05/2024


OpenFi Ltd is registered with the Information Commissioner's Office (ICO). The ICO is an independent authority set up to protect the public’s data rights. Part of the OpenFi Ltd service is paid advertising for the generation of new business leads. This is done in total compliance with the GDPR. 

  • The OpenFi ICO registration number is ZB628015. 

  • The Data Protection Officer (DPO) is Samuel Oliver and can be contacted via

  • The company details are OpenFi Ltd, 107 Cheapside, London, United Kingdom, EC2V 6DN. Company number 14908132

Data Collection

Initial Collection: When potential customers respond to OpenFi’s ads, OpenFi collects personal data (e.g., names, contact details, and potentially financial information).

Legal Basis for Processing: Under GDPR, OpenFi has a lawful basis for processing personal data. In this context, the most relevant bases are consent (the individual has agreed to the processing of their personal data for one or more specific purposes) and legitimate interests (processing is necessary for the purposes of the legitimate interests pursued by OpenFi or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject).

Data Use and Sharing

Purpose Specification: The data is only used for the purposes specified at the point of collection, such as generating and referring mortgage leads.

Data Sharing with Brokers: When referring leads to a broker, OpenFi is sharing personal data with a third party under a data processing agreement that outlines each party's responsibilities under GDPR.

Transparency and Disclosure: Individuals are informed about how their data will be used and shared. This is stated in the OpenFi privacy policy.

Data Subjects' Rights

Rights of Individuals: Under GDPR, individuals have rights over their data, including the right to access, rectify, erase, and object to processing. OpenFi’s processes allow individuals to exercise these rights.

Consent Management: OpenFi provides a clear mechanism for individuals to consent to their data being used and shared, and an equally clear mechanism for withdrawing consent. This is done by enabling individuals to opt in and opt out for OpenFi’s services.

Data Security and Breach Notification

Security Measures: Appropriate technical and organisational measures are taken to ensure the security of personal data.

Breach Notification: In case of a data breach, GDPR mandates prompt notification to the relevant supervisory authority and, in certain cases, to the affected individuals.

Record Keeping and Compliance Documentation

Documentation: OpenFi maintains records of data processing activities, including what data is collected, for what purpose, and how it is processed and shared. This is crucial for demonstrating compliance with GDPR if required.