Privacy Policy


This Privacy Policy is has been compiled to encompass the requirements of the General Data Protection Regulations (GDPR).

Optima property Funding Limited are Property Finance Brokers based at The Stanley Building, 7 Pancras Square, Kings Cross, London N1C 4AG.

Company Registration No. 06602590

Financial Conduct Authority (FCA) Ref. No. 723931

Members of the FIBA (Financial Intermediary & Broker Association)

Registered with the Information Commissioner’s Office (ICO), Data Protection No. Z1494879

Registered Data Controller, Gary Walsh, Director



GDPR requires an organisation to consider how Personal Data (herein described as Data and defined as ‘information relating to an individual who can be identified from that information or from a combination of other information held by the data controller’) is managed and more particularly in relation to;

A Collection of Data

B Sharing of Data

C Use of Data in Marketing

D Storage and Security of Data

E Rights, Complaints Procedure and Breaches

We will use ‘Individual’ as a generic term in this document when referring to those whose Data we collect, process and share (whether they are Targets, Prospects, Clients, Customers – as defined under Marketing to Individuals, below.)

A Collection of data:

The GDPR rules allow us to collect and use Individual’s Data under one or more of the following categories:

  • To fulfil a contract we have with the Individual.
  • Where we have a legal duty to do so.
  • Where the Individual consents to it.
  • Where it is in the legitimate interest of both the Individual and us to do so. A legitimate interest is where there is a business/commercial benefit.

The Individual will instruct us, both verbally and in writing, to source appropriate finance for their property related project(s). To enable us to fulfil this instruction we will need to collect (and share with lenders and associated professional services firms) both business data (which is not covered by GDPR) and Personal Data.

Listed below are examples (but not limited to) of categorises of Data we may collect;

Names/Date of Birth/Address/Gender/Marital Status/Dependents/Occupation/Career History/Business History/Nationality/Telephone Numbers/E Mail Addresses/Web Site Addresses/Passport Number/Driving Licence Number/Bank Account Details/ Income & Expenditure/Assets & Liabilities/Financial Accounts/ HMRC Tax Data/Credit Reference Agency Data.

We collect Data from a number of sources including (but not limited to) the following:

Telephone/E Mail Correspondence/Written Correspondence/ Web Site Data Capture Forms/ Website Cookies/Internet Marketing/Direct Mail Marketing/ Social Media Marketing/Website/Social Media Pages/Finance Application Forms/Companies House/Land Registry/Local Authority Planning Portals/Other Data Collection Platforms/Credit Reference Agencies/ Third Party Introducers/Professional Advisors (e.g. Solicitor, Accountant).

B Sharing of Data:

Who will we share Data with?

We may require to share Data with some or all (but not limited to) of the following;

  • Our employees and officers.
  • Lenders and Investors.
  • Professional Services Firms relevant to a specific funding project (e.g. RICS Valuers, Project Monitoring Surveyors).
  • Other Finance Brokers (if required to source appropriate funding).
  • Solicitors acting for a Lender or Investor.
  • The Individual’s Solicitor.
  • The Individual’s Accountant.
  • Credit reference Agencies.
  • Fraud Prevention Agencies.
  • Third party organisations, if we are legally bound to.
  • Third parties that introduce the Individual to us.
  • Third parties that we introduce to the Individual.
  • Third parties that the Individual request us to share their data with.

Before we share information with a lender, and associated third parties, we will require the Individual to enter into a contract with us by signing our Terms of Business (this is amongst other things a fee agreement) and Privacy Notice, which sets out how we will collect, process and share the Data and contains an express authority from the Individual to us to allow us to do so.

Where the introduction to the Individual has come from a third party we will require confirmation from the third party that they have consent from the Individual, to pass Data across. Irrespective of the existence if this consent, we will proceed with the issue of our Terms of Business and Privacy Notice before sharing Data with a lender, or associated third parties.

If it is not practical to issue to obtain signed Terms of Business and a Privacy Notice (for example if the enquiry is urgent and either the Prospect or Optima staff member does not have immediate access to IT hardware/Software/ Applications), we may rely temporarily on obtaining consent to share Data by e mail.

We will never share Data to a third party unless it is specifically relates to sourcing funding for a project or as a general introduction of the Individual by us to them.

We will never sell Data to a third party.

We will not share Data outside of the E.E.A, unless we are legally bound to do so.

Where we submit multiple applications to lenders for a project, we will request that Data is deleted by those lenders where the transaction does not lead to a successful drawdown of finance. Where the Individual become a borrowing client of a lender they will be subject to the terms of the Lender’s Privacy Policy and the Individual may expect to receive a copy from the lender.

C Use of Data in Marketing to Individuals

In our role as Property Finance Brokers we communicate (verbally, written) with Individuals under two broad categories;

Reacting to an enquiry from the Individual (telephone, e mail, web site, social media, referral from a third party etc.)

We will engage with the Individual (verbally, in writing etc.) and ultimately, they will be classified as one of the following;


We classify the Individual as a Customer if we have engaged with them and they become a client of a lender (i.e. borrow from the lender) we introduce them to, and for which we have received a fee. The Individual will have agreed to and signed both our Terms of Business and Privacy Notice, which gives us express authority to market our services to them and includes clear instructions on how to unsubscribe from future marketing.


We classify an Individual as a Client if we have engaged with them and have introduced them to a lender(s) but they have not become a client (as defined above). The Individual will have agreed to and signed both our Terms of Business (which refers to them as the Client) and Privacy Notice which gives us express authority to market our services to them and includes clear instructions on how to unsubscribe from future marketing.


We classify an Individual as a Prospect if they have made an enquiry to us and we have engaged with them, but we have not introduced them to a lender. The Individual will not have signed out Terms of Business or Privacy Notice.

To enable us to market our services to the Individual (that is if we wish to), we undertake to do the following;

  • Request verbally, if circumstances allow, that we may market our services to them.
  • Send out a standard e mail advising them that we will market our services to them and offering them the opportunity to unsubscribe by way of return e mail. The e mail also includes a reminder that they may unsubscribe at any time in the future.

Notwithstanding the above, we consider that given the Individual has contacted us with an enquiry about our services, and assuming there is mutual benefit, that there is a Legitimate Interest (as defined under GDPR) to market our services to them.

  • Proactively approaching the Individual to market our services

We purchase B2B Data for marketing purposes (never B2C) of Property Developers and Property Investors but restricted to Limited Companies (not Partnerships or Sole Traders). The Data, in addition to company specific Data, will include contact details of one, or more, Individuals which will be either the Managing Director, Finance director or a Director. In most cases the Individual will also be a shareholder (owner or part thereof) of the Company. This Data will generally include the Individual’s name and title and sometimes the Individual’s business e mail address, and as such we classify this as Personal Data.


We classify these Individuals, initially as Targets (as we have made a pro-active approach to them), and they may ultimately become Prospects, Clients or Customers as defined above. Whilst we are marketing our services to the Limited Company, albeit via the Individual, we consider that there is a Legitimate Interest to both us and the Company/Individual in us doing so.

We market our services by one or more of the following methods, and include opt out instructions:

Direct Mail

E Mail

If the Target moves through the process to become either a Prospect, Client or Customer; we proceed as laid out under 1. Above.

D Storage and security of data:

Where and how will we store Data?

  • Data may be held in (but not limited to) one or more of the following formats:
    • Paper in a file in the Individual’s name, or the name of a business.
    • CRM (Customer Relationship Management) software– on a PC hard drive.
    • CRM (Customer Relationship Management) software– in a cloud.
    • In a folder in the Individual’s name within My Documents – on a PC hard drive.
    • In a folder in the Individual’s within My Documents – in a cloud.
    • In Microsoft Office Applications (Outlook, Word, Excel etc.) in a cloud (Office 365).
    • In E Mail Marketing Database software – in a cloud
    • Data held in cloud format may be accessed via various hardware devices including PC Desktop, lap top, mobile phone, tablet.
  • Paper records will be stored in secure locked cabinets within an office which can only accessed by the Data controller, or authorised persons. The office and cabinets are locked when the office is vacated.
  • Access to hardware devices is password protected.
  • Data held in a cloud is encrypted and held on secure severs within the E.E.A
  • All electronic data is backed up daily and saved by a third party data storage facility in a server located in the E.E.A
  • We operate a Clean Desk Policy at the end of each working day.

How long will we retain Data?

We are required to retain data for a number of reasons including (but not limited to) Financial Conduct Authority (FCA) regulations, under the term of our Professional Indemnity Insurance, UK Money Laundering regulations, HMRC guidelines, NACFB guidelines and best practices for treating customers fairly, record keeping and complaints handling.

How long we keep Data depends upon our relationship with the Individual (as defined above under C - Marketing);

Customer Data

  • As a Customer, we are required to keep records indefinitely. Client Data
  • As a Client, we are required to keep Data for a period of 6 years.Prospect Data
  • As a Prospect, we are required to keep your data for a period of 3 years. Target Data
  • We will retain Target Data for 1 year but will delete it sooner upon request.

E Rights and complaint procedure

As a Data Subject, the Individual the following rights:

  1. The right to request a copy of all Data we hold about them,
  2. The right to request correction of Data we hold about them if it incorrect or incomplete.
  3. The right to deletion of Data we held about them where there is no compelling reason for us to continue to hold it.
  4. The right to restrict our Data processing activities.
  5. The right to request transfer of Data to a third party.
  6. The right to file a complaint with the ICO.


Should you wish to trigger any of your rights, or make a complaint please contact Gary Walsh, Data Controller at

Should the Individual wish to trigger any of their rights, or make a complaint please contact Gary Walsh, Data Controller at

The ICO (Information Commissioner’s Office) contact details are:

  • Commissioner’s Office, Wycliffe House, Water lane, Wilmslow, Cheshire SK9 5AF


A Data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Data.

If we experience a Data breach we are bound to consider whether this poses a risk, and the severity of that risk, to Individuals’ rights and freedoms. Upon completion of this assessment, if it is likely there will be a risk then we must notify the ICO; if it is unlikely then we don’t have to report. It is not necessary to report every breach to the ICO.

The ICO provides us with guidelines on how to assess, report and remedy any Data breach.

Further information:

For more information about Cookie Policy, and website Terms & Conditions, please visit the following:

Link to Cookie Policy

Link to Terms & Conditions

Copyright; Optima Property Funding Ltd_March2019_v2