Who we are
Chameleon Finance Ltd is an Appointed Representative of Beneficial Ltd, which is authorised and regulated by the Financial Conduct Authority (FCA).
Beneficial Ltd is the Principal firm responsible for overseeing the regulated activities we carry out.
For the purposes of data protection law, we act as a data controller in relation to the personal data you provide to us. In certain circumstances, Beneficial Ltd may also act as a data controller or joint controller where required for regulatory oversight and compliance.
Important information
This Privacy Notice explains:
- What personal data we collect
- How and why we use it
- Who we share it with
- Your rights
We are committed to protecting your personal data and handling it transparently, fairly and securely.
The personal data we collect
We collect and process personal data relevant to providing mortgage and protection advice, including:
Personal details
- Name, date of birth, marital status, dependants
Contact details
- Address, email address, telephone number
Financial information
- Income, expenditure, assets, liabilities
- Bank statements and financial history
Identification data
- Passport, driving licence, proof of address
Credit information
- Credit history and credit scores
Employment details
- Employment status, employer details, income verification
Special category data (where required)
- Health information (for protection insurance)
- Vulnerability information where relevant to your circumstances
How we use your personal data
We use your data to:
- Provide mortgage and protection advice
- Assess your suitability for products
- Submit applications to lenders and insurers
- Carry out affordability and eligibility checks
- Communicate with you about your case
- Meet our legal and regulatory obligations
- Prevent fraud and financial crime
- Improve our services
Credit checks
We may carry out credit checks using credit reference agencies such as:
- Experian
- Equifax
- TransUnion
These checks may include:
- Soft searches (which do not affect your credit score)
- Hard searches (which may be visible to other lenders)
We will inform you before any hard credit search is carried out.
Legal basis for processing
We process your personal data under the following legal bases:
Contractual necessity
To provide mortgage and protection services you have requested.
Legal obligation
To comply with regulatory requirements, including those set by the Financial Conduct Authority and anti-money laundering regulations.
Legitimate interests
To manage our business effectively, improve our services, and ensure appropriate advice is provided.
Consent
Where required, including:
- Marketing communications
- Processing health data for insurance purposes
Who we share your data with
We may share your data with:
Lenders and insurers
To arrange mortgage and protection products.
Credit reference and fraud prevention agencies
For identity verification and fraud prevention.
Beneficial Ltd
For compliance oversight, supervision, and regulatory requirements.
Service providers
Including CRM systems, sourcing platforms, and administrative support providers.
Regulatory bodies
Including the Financial Conduct Authority and other authorities where required.
We only share data where necessary and ensure appropriate safeguards are in place.
Fraud prevention and financial crime
We may share your information with fraud prevention agencies. If false or inaccurate information is provided and fraud is suspected or identified, this may be recorded and shared with other organisations.
International transfers
Where your data is transferred outside the UK, we ensure it is protected through appropriate safeguards in line with UK data protection laws.
How long we retain your data
We retain your personal data in line with regulatory requirements:
- Typically at least 6 years from the end of our relationship
- Longer where required for legal, regulatory, or complaint purposes
Your rights
You have the following rights regarding your personal data:
| Rights to be informed | You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we are providing you with the information in this Privacy Policy. |
| Right of access | You have the right to obtain access to your personal data (if we are processing it) and certain other information (similar to that provided in this Privacy Policy). This is so you are aware and can check that we are using your personal data in accordance with data protection law. |
| Right to rectification | You are entitled to have your personal data corrected if it is inaccurate or incomplete. |
| Right to erasure | This is also known as ‘the right to be forgotten’ and, in simple terms, enable you to request the deletion or removal of your personal data where there is no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions. |
| Right to restrict processing | You have the right to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further. |
| Right of data portability | You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party. |
| Right to object to processing | You have the right to object to us processing your personal data for our legitimate business interests or for direct marketing purposes (including in each case any related profiling). |
| Right to withdraw consent to processing | If you have given your consent to us to process your personal data for a particular purpose (for example, direct marketing), you have the right to withdraw your consent at any time (although if you do so, it does not mean that any processing of your personal data up to that point is unlawful). |
| Right to make a complaint to the data protection authorities | You have the right to make a complaint to the Information Commissioner’s Office (ICO) if you are unhappy with how we have handled your personal data or believe our processing of your personal data does not comply with data protection law. |
Marketing
We will only send you marketing communications where:
- You have given consent, or
- We are permitted to do so under applicable law
You can opt out at any time.
How to contact us
If you would like to exercise your data protection rights or if you are unhappy with how we have handled your personal data, please feel free to contact us by using the details set out on our Site.
If you’re not satisfied with our response to any enquiries or complaint or believe our processing of your personal data does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) by:
- Writing to: Information Commissioner’s Officer, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF;
- Calling: 0303 123 1113; or
- Submitting a message through the ICO’s website at: ico.org.uk
Updates to this Privacy Notice
This Privacy Notice may be updated from time to time. The latest version will always be available on our website. Latest version 01/04/2026.
