Privacy Policy

Home » Privacy Policy

Last updated: 24 February 2026

MortgageToolkit (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website at www.mortgagetoolkit.co.uk (the “Site”). It applies to all visitors and users of the Site.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller responsible for your personal data is MortgageToolkit. If you have questions about this policy or wish to exercise your data rights, please contact us via our contact page.

2. Information We Collect

2.1 Information You Provide Directly

When you use our contact form, you may provide your name, email address, and the content of your message. We collect this information solely to respond to your enquiry.

2.2 Information Collected Automatically

When you visit the Site, certain information is collected automatically through cookies and similar technologies:

• IP address (anonymised where possible)
• Browser type and version
• Operating system
• Pages visited and time spent on each page
• Referring website or source
• Device type (desktop, mobile, tablet)
• Approximate geographic location (country/region level)

2.3 Cookies

We use the following types of cookies:

• Essential cookies: Required for the Site to function correctly. These cannot be disabled.
• Analytics cookies: Help us understand how visitors use the Site so we can improve content and user experience. We use Google Analytics, which processes data in accordance with Google's privacy policy.
• Advertising cookies: Used by Google AdSense to display relevant advertisements. These cookies may track your browsing activity across other websites to serve personalised ads.

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect your experience of the Site.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To respond to enquiries submitted through our contact form
• To analyse website traffic and usage patterns to improve our content
• To display advertisements through Google AdSense
• To ensure the security and proper functioning of the Site
• To comply with legal obligations

4. Legal Basis for Processing

Under the UK GDPR, we process your personal data on the following legal bases:

• Consent: For non-essential cookies (analytics and advertising). You can withdraw consent at any time by adjusting your browser cookie settings.
• Legitimate interests: For analysing website usage to improve our content, and for maintaining the security of the Site. We have assessed that these interests do not override your fundamental rights and freedoms.
• Contract performance: For responding to your contact form submissions.

5. Third-Party Services

We use the following third-party services that may process your data:

• Google Analytics: Website traffic analysis. Data may be transferred to Google servers. We use IP anonymisation to minimise personal data processing.
• Google AdSense: Advertisement display. Google may use cookies to serve ads based on your browsing history. You can opt out of personalised advertising at Google's Ad Settings page.

Each third-party service has its own privacy policy governing their use of your data. We encourage you to review their policies.

6. Data Retention

We retain personal data only for as long as necessary:

• Contact form submissions: Retained for up to 12 months after your last correspondence, then securely deleted.
• Analytics data: Retained according to Google Analytics' default retention settings (currently 14 months).
• Server logs: Retained for up to 90 days for security and diagnostic purposes.

7. Data Sharing

We do not sell, rent, or trade your personal data. We may share data with:

• Third-party service providers as described above (Google Analytics, Google AdSense)
• Law enforcement or regulatory authorities if required by law or to protect our legal rights

8. International Data Transfers

Some of our third-party service providers (particularly Google) may transfer data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including adequacy decisions, Standard Contractual Clauses, or other approved transfer mechanisms under UK GDPR.

9. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can request correction of inaccurate personal data.
• Right to erasure: You can request deletion of your personal data in certain circumstances.
• Right to restrict processing: You can request that we limit how we use your data.
• Right to data portability: You can request your data in a commonly used, machine-readable format.
• Right to object: You can object to processing based on legitimate interests, including direct marketing.
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us via our contact page. We will respond within one month. If your request is complex, we may extend this by a further two months, but we will inform you of the delay.

10. Children's Privacy

The Site is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.

11. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include HTTPS encryption for all pages, secure server infrastructure, and access controls for administrative systems.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page indicates when the policy was most recently revised. We encourage you to review this page periodically. Continued use of the Site after changes constitutes acceptance of the updated policy.

13. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Telephone: 0303 123 1113
• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF