Data Privacy, Use and Control

We all take data seriously and this page is dedicated to the resources you need to understand how we work with your data, who we work with and how we can help you.

Our Use of Information Notices and other policies

Our relevant GDPR Use of Information Notice is available here.  This is not the same as our contract or other agreements which you should already have received copies of (please contact us if not).

If you are a Client, our Client Use of Information Notice is available here.

If you are an Introducer, our Introducer Use of Information Notice is available here.


Who we work with: Processors and Sub-Processors

Brilliant maintains a current list of the subprocessors utilised in the processing of information for Brilliant Services, which may include personal data. These subprocessors are managed and individually selected by Brilliant.


  • Call Credit / TransUnion
  • iZone Software Ltd
    • Provider of Software used to Manage Clients,  Cases and payments
  • Sourcing Systems
    • Providers of software systems to help us find the best mortgage for your needs.  These are UK entities and we have contracts in place to ensure compliance with GDPR.
  • Banking and Professional Services Firms
    • These include our accountants, our pensions provider,  and our compliance support businesses as well as our legal advisers.  These are managed on a contract by contract basis and we are unable to make these public.
  • Google
    • We use GSuite and other business services offered by Google who offer guarantees on the security of the data stored in the cloud.  We run email, contacts, calendars, software and cloud storage using Google.  Google’s GSuite terms and conditions are available online.
  • Servers
    • We use servers based solely in the EU to run a wide range of services including email marketing and website hosting.  The company is based in Germany.  Further details available on request.
  • Iress
    • We use this company to provide payroll software and the company offers full GDPR assurances.
  • Social Media
    • We use social media and this may include some references to Personal Data.  If you have any concerns, please contact us.  Twitter and LinkedIn are global firms offering GDPR assurances in the EU.
  • WordPress Plugins
    • We use multiple plugins to deliver our online services.  For security reasons, we will only publish these on request but these have been audited and approved for GDPR.
  • Providers
    • We discuss Personal Data with a wide range of providers, typically mortgage lenders.  A list of these is available on request.  Note that each provider may become a Data Controller and this will depend on the stage of the case, the nature of the transaction, the nature of the disclosure and the provider’s interpretation.