Privacy Policy

Firm Name: JMT FINANCE LTD

Website: www.jmtfinance.com

Effective Date: 1^st November 2025

Reviewed by: MLRO

 

1. Introduction

JMT Finance Ltd (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal information about our customers, applicants, guarantors, introducers, and employees, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

JMT Finance Ltd is an unregulated lending firm providing commercial and property finance services within England and Wales. Our registered office is located in the United Kingdom. We act as the Data Controller for the personal data we collect and process.

3. How We Collect Personal Data

We collect personal data directly from you when you apply for a loan, provide supporting documentation, or contact us by email, phone, or post. We may also collect information from third parties such as credit reference agencies, Companies House, fraud prevention databases, introducers, or publicly available sources.

4. Types of Personal Data We Collect

Depending on your relationship with us (customer, employee, or business partner), we may collect the following types of data:

– Identification details (name, date of birth, address, ID documents)
– Contact details (email, phone number, correspondence address)
– Financial information (bank details, income, credit history)
– Employment and business information (role, company, shareholding)
– AML/KYC information (source of funds, beneficial ownership)
– Staff HR records (employment history, training, payroll, references)
– Technical data (website usage, IP address)

5. How We Use Personal Data

We use personal data to perform our legitimate business activities, including:

– Processing loan applications and managing lending relationships
– Conducting identity verification and due diligence checks (AML/CTF/CPF compliance)
– Communicating with clients and service providers
– Maintaining internal records and compliance registers
– Managing employment and payroll administration
– Fulfilling legal and regulatory obligations
– Preventing fraud, money laundering, and other financial crimes

6. Lawful Bases for Processing

We process personal data under one or more of the following lawful bases:

– Contract: to take steps at your request prior to entering into a contract or to perform an existing contract.
– Legal Obligation: to comply with laws such as the Money Laundering Regulations 2017 and the Proceeds of Crime Act 2002.
– Legitimate Interests: to operate our business efficiently and securely (e.g., fraud prevention, credit risk assessment).
– Consent: where required, such as for optional marketing communications.

7. Sharing Personal Data

We may share your personal data with trusted third parties, including:
– Service providers and professional advisers (IT, compliance, auditors, legal advisers)
– Fraud prevention databases
– Regulatory authorities, law enforcement, or the National Crime Agency (NCA) when legally required
– Payroll providers and HR service partners (for staff data)
All third parties are required to maintain appropriate security and confidentiality of your data.

8. International Data Transfers

We do not routinely transfer personal data outside the United Kingdom. Where transfers are necessary (e.g., cloud storage or service providers), we ensure appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, including legal, accounting, or reporting requirements. Under the Money Laundering Regulations 2017, customer due diligence records are retained for five years after the end of the business relationship. Employee records are retained for up to six years after employment ends, unless a longer period is legally required.

10. Data Security

We implement appropriate technical and organisational security measures to protect personal data from loss, misuse, unauthorised access, or disclosure. These include access controls, encryption, secure servers, and staff training in data protection and confidentiality.

11. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

– Right to access a copy of your data
– Right to rectification of inaccurate or incomplete data
– Right to erasure (‘right to be forgotten’) in certain circumstances
– Right to restrict or object to processing
– Right to data portability
– Right to lodge a complaint with the Information Commissioner’s Office (ICO)

12. Automated Decision-Making

We do not engage in fully automated decision-making that produces legal or similarly significant effects on individuals.

13. Contact Us

If you have any questions, concerns, or requests about how we handle your personal data, please contact:

Data Protection Contact / MLRO: Imogen Stocks
Email: imogen.stocks@jmtfinance.com
Address: JMT Finance Ltd, Prospect Court, 2 Courthouse Street, Otley, LS21 1AQ United Kingdom

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at www.ico.org.uk.

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or business operations. The most recent version will always be available on our website at www.jmtfinance.com.