Google translate: 
PAGE.PHP - BREAKPOINT: xs smmdlgxlxxl

Privacy Policy

MORTGAGE DIRECT S.L., located at Calle de Velázquez 24, 2ºD, 28001, Madrid, Spain, CIF/NIF/NIE: B97701569 is the Spain’s leading mortgage broker. This privacy notice tells you about how we use your personal information and your information rights when you use our website.

About Mortgage Direct SL and how to contact us

Mortgage Direct are registered with Mercantile Registry of Madrid, Volume 45044, Folio 123, Page V-792748, 2nd Inscription

We operate as Data Controllers for the information you provide to us and joint Data Controllers with the third parties we deal with in order to process your mortgage applications, such as Banks, Estate Agents, Professional firms (Lawyers, Surveyors and F/X exchange organisations). These third parties have their own Privacy Notices explaining how they collect and process your data.

We have reviewed and updated our policies and procedures to comply with the General Data Protection Regulation (EU) 2016 / 679 (GDPR) and the UK Data Protection Act 2018 (DPA) to ensure we meet our obligations under these regulations.

If you have any questions about the protection of your data, please email our Data Protection Manager

Post: Calle de Velázquez 24, 2ºD, 28001, Madrid, Spain

What information we collect and how we use it

Our core business is acting as a mortgage broker. This involves searching against the lenders we deal with to find the mortgage that best suits your circumstances.

We do this when you call us by asking you about your identity and contact details; your product preferences; your property and tenancy history and types and number of occupants and their relationship to you; your lifestyle;nationality and residence status; employment, income and expenditure and other financial circumstances.

How you answer these questions will determine what other questions we ask you because different lenders serve different parts of the market and have different eligibility criteria. We will always explain the process to you and answer any questions you may have about why certain types of information may be needed.

We are required to collect information under certain circumstances for the prevention of money laundering and preventing and detecting unlawful acts.

Type of DataProcessingLawful basis
Contact details – name, address, email address, phone number, details of property To respond to requests for information.
To process your application
Performance of contract
Legitimate Interests
Financial Information eg. Income details, debts and expenses, assets and investments, dependents, other service information To process your application or give advice Performance of contract
Legal Requirement
Identification documents eg. Passport, proof of address To process your application and adhere to legal requirements Legal Requirement
Immigration documents eg. Visas To process your application and adhere to legal requirements Legal Requirement
Credit Card details To be paid for our services Performance of contract
Employer details – bank account, Tax numbers To process your application or give advice Performance of contract
Photographic images of documents received from you To process your application Performance of contract
Records of communications eg emails, phone calls Communication / respond to queries, requests and complaints
Prevent fraud and resolve any disputes
Legitimate Business Interest
Legal requirement
Cookie data (please see our Cookie policy here) To monitor how our site is used and how it performs Legitimate business interest

Source of your data

We receive information about you when you: complete our online forms; you instruct an estate agent; via Search engines; through the websites of our collaborators; through recommendations from our collaborators or any other adviser which recommends to you.

Recipients of your data

As joint Controllers with the other parties eg Banks, involved in your application we are required to pass on any data requested by them based on their requirements to assess and process the application. Their Privacy Notice/s sets out how they use their data.

We do not pass on your information to any other party unless required to by law for example: Law enforcement agencies.

Third parties / sub processors

We use third party companies to perform certain services for us, such as website hosting and support, SaaS services, IT support and payment processors. All third party processors are subject to a binding contractual obligation to process your personal data in accordance with our instructions and to comply with their responsibilities as Data Processors under GDPR and DPA.

Automated decision making

We do not undertake any automated decisions using your data.

Security of your data

We understand how important it is to keep your personal information secure. We use a variety of technologies and procedures to protect your personal information from accidental or unlawful breaches of security. These include physical, organisational, and technological measures.

All information we process is encrypted in transit where possible (sometimes third parties, ie Banks, will not accept encrypted data) so that your personal and financial information is secure.

All our advisers sign a duty of confidentiality over all personal and other confidential data handled by them while providing our services to you.

Overseas Transfers

We process your data within the EU and UK with limited exceptions, mainly when you request that we send your information outside the EU and UK.

From time to time, we use data processors located in non-EU or UK jurisdictions and when we do, we require that those data processors apply appropriate security safeguards and comply with all the required laws and standards for protecting personal information.

Retention of your data

If you become a client of a lender as a result of the advice we provide to you, we will keep a full record of your interactions with us for a minimum of 6 years depending on the legal requirements in place from time to time. This is because we must ensure we keep your records for your lifetime to enable us to meet our regulatory obligations to evidence we gave suitable advice and to enable us to answer any complaints that may arise as a result of our advice. If we collect personal information from you, but are unable to progress your application or you decide you do not want to progress your application, then we will keep a full record of your interactions with us for 3-6 months to facilitate an easier interaction between us if you re-engage our services within this period.

If you request, we contact you in relation to our service by providing us with your name and a contact method (e.g. phone, email) through an our website enquiry forms we will retain this information for a period of 90-days from the time we deactivate your details in our database.

Your rights under GDPR and DPA

You are entitled to ask about the data that is held about you, subject to certain exceptions. This is called a Subject Access Request (SAR).

These should be made by email or in writing to the following address:

Address: Data Protection Manager, at Calle de Velázquez 24, 2ºD, 28001, Madrid, Spain

In addition, the GDPR and DPA provides the following rights for individuals

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

If you would like to exercise any of your rights under GDPR and DPA, please email our Data Protection Manager on email

We will make every attempt to ensure you are satisfied with our handling of your data queries or requests. Within the EU you have the right to complain to your national Data Regulator.

Last updated May 2023

Instant quote