(‘OFSG’) and Oracle Loan and Mortgage Brokers Limited (‘OLMB’), together ‘Oracle’. We are committed
to protecting your personal information when you use our services. Personal data is any information
that may be used to identify you as an individual.
In providing our services, we must obtain certain data from you, which may be construed as constituting
personal data for the purposes of The Data Protection (Bailiwick of Guernsey) Law, 2017 (the “DP Law”)
which is aligned to , the General Data Protection Regulation. At all times, we shall process personal
data in accordance with these requirements.
Both Oracle Financial Services (Guernsey) Limited and Oracle Loans and Mortgage Brokers Limited are
registered with and regulated by the Office of the Data Protection Authority (the ‘ODPA’)
Data Protection Officer
What information do we collect?
When you engage with us, such as enquiring about services, or enter into any agreement for services
with us, we will request personal information about you, which will include your name, email address
and other personal information. By giving us your details, you enable us to address your query or to
provide services to you.
In order to provide many of our services, we will routinely require data known as sensitive data.
Examples of this will include medical history and, when applicable, details of criminal convictions. It
should also be noted that you will frequently be required to provide information in relation to your
dependents for the purpose of policy quotations etc. We shall only ever obtain such information as is
necessary in all cases.
When providing certain services, we are also obliged by law to hold certain additional personal
information on clients and certain associated parties, which will include Customer Due Diligence, which
we are required to hold in respect of business conducted under license issued by the Guernsey Financial
How do we use your information?
We use your information for a number of reasons, including to contact you regarding an enquiry
received from you, to complete transactions envisaged by our services and/or to meet contractual,
legal and regulatory obligations.
The information you provide is used by us to assess and consider requests by you to use our facilities.
This may include sharing your information with third parties in order for us to be able to assess your
credit worthiness. We may apply for a search of your records with registered Credit Reference Agencies.
Our search will be recorded and seen by other organisations that make searches.
Because of the nature of our services, we are habitually required to transmit your information to
external service providers in order to obtain quotations, enter into terms etc in accordance with details
you have provided to us. Such information shall only be transmitted to countries subject to equivalent
data protection provisions.
Personal data collected from you directly or by the other means described shall only be utilised for the
purpose of entering into and maintaining a contract with you and/or providing services, including
handling any enquiry you make of us in respect of our services regardless of whether you go on to enter
into a contract with us.
From time to time, we may undertake checks utilising accredited screening software, which searches
publicly available databases; provide your information to outsourced service providers or be required
to provide your information to law enforcement, the regulator(s) and/or associated parties because of
our legal obligations. This may require information to be submitted to the United Kingdom, EU or other
jurisdictions. We shall not provide your information to any other third parties (e.g. for marketing
purposes) without your express consent and acknowledge that such consent may be withdrawn by you
at any time.
When may we contact you?
We may contact you in relation to any service you have enquired about, where you have opted to
receive further correspondence and in relation to a service we have agreed to provide. We may also
need to contact you to obtain further information in order to be able to address an enquiry or to meet
our legal and regulatory obligations.
We will not send any marketing material but may contact you in relation to associated services
frequently packaged alongside those you have enquired about or have purchased through us, (e.g. life
insurance where you utilise us for mortgage services).
How will we manage your personal information?
At all times, information provided to us will be protected by the relevant data protection obligations.
Howsoever collected, information shall only be collected by us and, as such, we are the Controller for
the purposes of data protection law. Wherever we engage with third parties who may be required to
handle your data or process it on our behalf, such Processors shall be vetted to ensure their own policies
comply with data protection laws.
When you enter into a contract with a third party, such as a mortgage provider or insurer, the relevant
third party shall be required to process your personal data. This processing is outside of our control
and, as such, the third party should also be considered a controller in respect of the service they offer.
Your personal data shall be held at all times in accordance with and for as long as our statutory and
regulatory requirements require it. This includes a retention period following the cessation of our
provision of services to you. Our standard retention period is 6 years, however we reserve the right to
hold your data for differing periods, which shall, at all times, be determined by our legal and regulatory
obligations. As soon as such obligations cease to apply, we shall permanently erase all personal
information held on you from our records within a maximum period of 12 months.
Your Internet Protocol address (IP address) may be collected to help us diagnose problems with our
server, identify you during a particular session, gather broad demographic data and to assist in the
administration of our site. When you use the internet your computer has an assigned IP address which
does not contain any identifiable personal information about you.
Pieces of information placed on an individual's computer hard drive are called "Cookies". These enable
individual's easier communication and interaction with our site. Cookies are used to record how many
times a user has visited our site, what pages were accessed; cookies are also used to customise your
your interaction with our site. By using your web browser you can disallow receiving cookies at any
What are your rights?
We hereby undertake to provide you with all the rights and protections granted to you under the data
protection law. These include, but are not limited to, your right to ensure that your personal data is
maintained accurately, your right to access your personal data and your right to ensure that your
personal data is only utilised for the purposes envisaged.
If at any time you believe we hold information in error or that the information we hold on you is
inaccurate or incomplete, you may submit a request to us to consider rectifying and/or erasing it.
You have the right to request a copy of the personal information we hold about you and to have any
inaccuracies corrected. Information requests are free, though we reserve the right to charge a small
fee where more than one copy is requested or where the request is unfounded, repetitive and/or
excessive. Where a request is submitted, we will require you to prove your identity with 2 pieces of
approved photographic identification. Once identity has been verified, we will use reasonable efforts
to supply, correct or delete personal information about you on our files within 30 days of the request.
If at any time you are concerned with the information held, the way in which we hold it or are unhappy
with any response from us in relation to information held or with any other element relating to your
personal information, you may lodge a complaint.
We would ask that you contact us in the first instance using the contact details below and we will seek
to resolve any concerns as soon as possible. You also have a right to lodge a complaint directly with a
regulatory authority, in Guernsey this is the ODPA:
St Martins House
St Peter Port
Details of the complaints and appeals processes are available on their website at www.odpa.gg.
Primary Point of Contact
The primary point of contact for all data protection purposes is the Data Protection Officer. Should you
wish to make contact or require any further information on any of the above, please contact us;
26 Glategny Esplanade
St Peter Port
T +44(0)1481 727347
Updates to this Policy
personal information to Oracle.