Privacy Policy

Last updated 02/07/2024


This privacy policy explains how we collect, use, protect your personal data, and who we share it with. “Personal data” includes data you give us when you visit our website, sign up for an account with Openfi Ltd, or buy one of our services and/or products. This privacy policy also sets out your privacy rights, and how the law protects you.

Who we are

Purpose of this Privacy Policy

This Privacy Policy lets you know how we collect and process your personal data when you interact with

Contact Us

We are OPENFI LTD, 9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN (we use "Openfi Ltd" "Openfi", "we", "us" or "our" in this Privacy Policy ). We’re the data controller, which means we’re responsible for your personal data under this privacy policy.

You can get in touch with us if you have any questions about this Privacy Policy, including any requests to exercise your legal rights, at

  • OPENFI LTD, 9th Floor 107 Cheapside, London, United Kingdom, EC2V 6DN

  • Email at

Keeping information up-to-date

This Privacy Policy was last updated in February 2024. We might make changes to this privacy policy at any time. We’ll let you know if we do.

What information do we collect

Personal data is any information which can (or could be used to) identify you. It doesn't include data which is not possible to relate to a specific person (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which are grouped as follows:

Identity Data includes first name, maiden name, last name, marital status, title, date of birth, gender, address and employment history, and citizenship.

Contact Data includes any address history, email address and telephone numbers.

Financial Data includes bank account details, card payment details, salary and other income information, savings, credit history, financial commitments and other expenses.

Special Category/Sensitive Data which includes physical and mental health conditions, racial/ethnic origin, criminal offences and convictions, and biometric data. Special category data is collected, where relevant, for the purposes of preventing fraud, arranging a mortgage and/or protection policy for you.

Transaction Data includes details about payments from you and other details related to the products and services you’ve bought from us

Technical Data includes IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Profile Data includes your username and password, as well as any feedback and survey responses.

Job Application Data includes personal data submitted throughout the recruitment process i.e. name, email address etc.

Employment Data includes any personal information you provide to Openfi as part of the recruitment process or throughout your employment at Openfi should you be a permanent employee, contractor, or 3rd party provider

Usage Data includes information about how you use our website,  our products and services.

Marketing and Communications Data includes your preferences in receiving marketing from us, and our business partners and your communication preferences.

Other Data

This includes any other information that could be used to identify you, that we need to help you get a mortgage or buy a home.

Aggregated Data

We may also collect and process aggregated data. Aggregated Data includes data derived from your personal data, but is not considered personal data in law as this data does not directly or indirectly reveal your identity. That’s information about our customers that we combine together so that it doesn’t identify people specifically any more. We use this for all sorts of business reasons – marketing and advertising, market research, or to comply with regulation.

Historic data (for returning customers)

If you are a returning Openfi customer, we may use the information we already have on you to pre-fill forms when you apply for a new product or a service. If we do this, we'll always check that your information is accurate and up to date.

If you’re making a joint application or applying for a company buy-to-let mortgage, we’ll also collect some of this information about the person you’re applying with, or other people you might have a direct financial link with (such as a spouse for joint application or directors or employees of your company for buy-to-let mortgages). Please make sure you have their consent before you give us their data.

How we collect your data

We collect data using different methods, including the below:

You may give us your Identity through direct interactions

You may give us your identity, your Contact and Financial Data by filling in forms or by corresponding with us by post, SMS, phone, email or otherwise. This includes personal data you provide when you:

  • Create a new account on our website

  • Sign up for our products or services

  • Speak to any Openfi team member on the phone

  • Speak to an adviser;

  • Subscribe to our newsletter or request marketing to be sent to you

  • Participate in a survey or give us feedback

  • submit a job application with Openfi

  • commence work with Openfi, be it as an employee, contractor or a 3rd party service provider

From a joint application

If you are included on an application but are not the main applicant, Openfi receives information about you which has been provided in the application. You will receive a notification from us when the main applicant submits the online form and at key milestones in your application.


As you interact with our website, we may collect technical data – such as information on what equipment you’re using, your browsing actions and patterns. We use cookies for this, and for further information please check our Cookie Policy.

Apply for a job with us

If you apply for a job with Openfi, we will collect all the data submitted in the application form to process your job application successfully. The data we will collect will include information shared in a CV, cover letter, job application questions and/or notes made by the hiring manager during the interview process. 

We also might use third parties to complete the necessary background checks, passing required information to them in accordance with our regulatory requirements. We might also contact your previous employers in order to obtain references, when appropriate.

Employment data

If you are employed by Openfi, we may request additional information from you throughout your employment in line with any changes to applicable laws and regulations.

In some cases, we may collect data about you from third parties, such as employment agencies etc.

We also get data from other sources

Sometimes we get personal data from somewhere outside Openfi, from third parties and public sources such as:

  • Technical Data from analytics providers and website experience recording services such as Google (based both inside or outside of the UK). We collect this whenever you interact with our website.

  • Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU. We check these as part of your application, to verify the data you’ve shared with us

  • Identity and Contact Data from anti-money laundering checks we might be required to undertake

  • Estate agents with whom you may be interacting (with your consent)

  • Enquiries you perform on third-party mortgage sourcing websites.

How we use your personal data

We'll use your personal data when the law allows us to. Most commonly, we'll use your personal data in one or more of the following circumstances: 

  • Where you have provided your consent

  • Where we need to perform the contract we're about to enter into or have entered into with you

  • Where we need to adhere to legal or regulatory obligations

  • Where it's necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Where we rely on consent as a legal basis for processing your personal data, you have the right to withdraw consent at any time by contacting us at You can also use that email address to contact us if you would like more details about the legal bases we use to process your data.

Who do we share your data with

We might share your information with other companies and third parties to provide you with our products and services. However, we make sure they treat your data in line with the law. Here is a list of third parties we might share your personal data with:

Mortgage brokers 

Basically, we might share your data with any other third parties we might work with to help you get a mortgage and buy your home. We do have data-sharing agreements in place with all the brokers we work with, to make sure they process the data with the same high standards that we do

Insurance brokers

We may share information with our insurance broker partners for them to carry out their services. Same as with mortgage brokers we might share your data with, we have written contracts in place with all of our partners to make sure they process your data according to legal regulations.

Other service providers that support Openfi

These may include different  IT providers, legal and accounting firms. Written contracts are in place with all of the providers your data might be shared with, so you can rest assured that your data is processed in line with the law.

Regulators, governmental or dispute resolution bodies, law enforcement agencies or other authorities

We share data with these bodies when we have to - e.g. for the purpose of preventing crime

Fraud prevention agencies

We’ll might use these to check your identity when you apply for a mortgage, and on an ongoing basis. In case of false or fraudulent information, we’ll tell a fraud prevention agency. Those agencies then share that data with other organisations, like law enforcement, to prevent and detect fraud or other crimes and can hold your personal data for up to 6 years.

Licensed Credit agencies

These companies may hold your credit history and credit report. Brokers and Lenders will get data about you from these agencies to help them decide whether to give you a mortgage. This is known as a credit check.

Brokers we work with will also share information with the CRAs about the financial details of your mortgage, and how you handle your mortgage. 

International transfers of your data

We work with different partners in the UK, EEA, as well as countries outside the EEA.

If and when we transfer your personal data outside of the UK, we take care that it's covered by the same data protection standards. We do that by ensuring we use specific contracts which give personal data the same protection it has in the UK and EEA

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Data security

When it comes to accessing your personal data, we make sure that only a limited number of people, on a business need basis only.

We have robust procedures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. Should we ever deal with any suspected personal data breach, we will notify you and any applicable regulator of a breach where we're legally required to do so.

Data retention

We will only keep your data as long as indeed in order to provide you with products and services you may have requested from Openfi. Alternatively, we might keep it for as long as laws or regulations require us to.

Here is a more detailed list of how long we might keep your personal data for:

  • If you submit a mortgage application through Openfi, and your application is unsuccessful, we’ll keep your data for up to 6 years.

  • If you get a mortgage through us, we’ll keep your data for the term of the mortgage and for 6 years after that. 

  • If you create an account with Openfi, and don’t do either of the two things above, we’ll keep your data for 6 years. 

  • If you bough any other insurance through us, we’ll keep your data for 6 years.

  • If you have been employed by or a contractor with Openfi, we will keep your data 6 years after the employment or contract terminates. This includes your successful job application

  • If you have submitted an unsuccessful job application with us, we will keep your data for up to a year

Sometimes we may also anonymise your personal data (in way that it makes it impossible to identify you through it) for research or statistical purposes. We keep that data for as long as we need it.

You can request more info on how long we keep your data, as well as to ask us to delete your data by emailing us on

When it comes to your personal data, you have certain rights under the UK GDPR. If you wish to exercise any of the rights set out in this policy, please reach out to us.

You have the right to:

  • Be informed about how we collect and use your data. You can do so by reviewing this Privacy Policy.

  • Have access to your data. To do that just email us at and we’ll provide copies of your data we store for free. 

  • Request correction of the personal data we hold about you. You can ask us to correct your data if it’s not accurate, or add more data to complete it. 

  • Withdraw your consent to use your data. If you’ve given us consent to use your data for a specific reason, you can withdraw this at any time by emailing us requesting so.

  • Delete your data. If you need us to delete your information, please reach out to us via email. We’ll respond to your request within a month. Bear in mind that sometimes we might have to keep your data, if laws or regulations tell us to. 

  • Limit the way we process your data. You can ask us to do this, for example, if you want us to correct the data we hold about you, or if you object to how we’ve processed it. There may be situations where we can’t do that. If that7s the case, we will let you know.

  • Object to us processing your data. You can ask us to stop processing your data. In some cases we can do this – for example, if the reason we’re using your data is for direct marketing. But there might be situations where we’re not able to. If that is the case, we will let you know.

  • Change your mind about direct marketing. If you’ve ever chosen to get direct marketing from us, you can opt-out at any time. You can do that by choosing to unsubscribe or change your preferences from the emails you receive from us. Alternatively, you can request for us to do that by emailing us. It might take up to 5 working days for us to update your records after you made that request,

  • Request the transfer of your data. If you do so, we will provide you with the personal data we hold about you in a format that allows you move somewhere else