Providing local finance for over 92 years!

Privacy policy

Under the new General Data Protection Regulations (GDPR), Sarnia Mutual Ltd. will be known as the “controller” of the personal data you provide to us.

This policy clearly outlines what information we collect, why we collect it, and what we do with it. It also outlines how we protect your data and what rights you have.

When do we collect information?

We collect information from you when you apply for a loan, subscribe to a newsletter, or enter information on our site.


What kind of information do we collect?

In order to process your loan application, whether you apply or register on our site or in person, we will collect your name, email address, mailing address, phone number, credit card information, social security number, or other details. We will not collect any personal data from you that is not required for the purposes of the loan application.

We will only use your personal information for the purpose it was collected for. We will only ask for information that is required to process your loan application. We do not require any information relating to sensitive personal information, such as Racial or ethnic origin, personal data concerning an individual’s sex life or sexual orientation, political opinions, and religious beliefs.


How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

  • To quickly process your application
  • To send you details of new products or special offers, competitions, or events that we think you may be interested in.
  • To carry out market research—from time to time, to help us provide you with improved products and services, we may ask you to fill in a questionnaire. This is your chance to let us know how we are doing and how we can improve.


Types of data held.

Data collected and retained comes under the following categories:

  • Personal data
  • Banking data
  • Underwriting notes
  • Financial history
  • Credit history.
  • Conversation history with clients
  • Public data

The data provided and held in each of these categories is required to fulfil any contractual obligations to the client and Sarnia Mutual Ltd.


Recipients of data

  • The client
  • Credit Reference Agencies
  • Gateway Payment Providers
  • IT Hosting Platforms
  • Regulatory Authorities (including Police, Customs, and FIS)
  • Auditors
  • Debt Collecting Agents
  • Financial Ombudsman (
  • Any organisation that processes data on behalf of Sarnia Mutual Limited
  • Suppliers of services


Credit Reference Agencies

In order to process a loan application, we will submit client’s personal information to a credit reference agency, they provide information about a client’s financial history and checks their name against the EU, UK and US current sanction lists. This is done in order for us to assess your creditworthiness, confirm your identity, recover and trace debts and prevent criminal activity.

We will also submit information about you with CRAs on an ongoing basis, including your cleared loan accounts and any outstanding debts not fully repaid as per your loan agreement. CRAs will share your information with other organisations. Your data may be linked to the data of any joint applicants or other associated financial businesses.

Sarnia uses Channel Island Data service


How do we protect your information?

Our website is scanned regularly for security purposes and known vulnerabilities to make your visit as safe as possible.

We utilise Malware Scanning on our website to increase your data’s security further.

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

We implement various security measures when users make applications, enter, submit, or access their information to maintain the safety of their personal information.

All transactions are processed through a gateway provider and are not stored or processed on our servers.

All online applications via our website are immediately transmitted to our team in the office and are stored on our website for only nine days before being deleted from the website.

All website contact form entries are transmitted immediately to our office team and stored for only 30 days before being deleted from the website.


How long do we hold your data?

Loan Application Data:  Six years after the final payment has been received and the loan is finished.

Loan Applications not taken up/turned down:  Five Years.


Do we use ‘cookies’?

Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enable the site’s or service provider’s systems to recognise browsers and capture and remember certain information. For instance, we use cookies to help us remember and process the information you enter when completing a loan application. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.


We use cookies to:

Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser’s Help Menu to learn the correct way to modify your cookies.

If you turn cookies off, some features will be disabled. It won’t affect the user’s experience that make your site experience more efficient and may not function properly.


How long we keep the information.

We will only use and store the information for as long as it is required for the purposes it was collected. How long this is stored depends on the information collected and what it is being used for.


What are my rights?

You have the following rights with regards to your information.

  1. The rights to confirmation as to whether we have your personal data and if we do, to obtain a copy of the personal information we hold. (this is known as a data subject access request)
  2. The right to rectification – if the information we hold is inaccurate or incomplete you have the right to have this information corrected.
  3. The right “to be forgotten” – this means you have the right for your information to be deleted where there is no reason for it to be kept.
  4. The right to be object to your data being used for marketing. We can still store your data but can no longer use it.
  5. The right to data portability – this means you have the right to have the data you provided transmitted to another controller i.e. another financial institution. 

Third-party disclosure

We do not sell, trade, or otherwise transfer your personally identifiable information to outside parties unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it’s release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property or safety.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.


Third-Party Links

Occasionally, we may provide links to a third party, for example, a link to an event we are sponsoring. We are not responsible for the data policies, content or security of these linked websites.


You will be notified of any Privacy Policy changes:

  • On our Privacy Policy Page

You can change your personal information:

  •  By emailing us
  • By calling us


Complaints Process & Financial Ombudsman

Details of our complaints process can be found online at or alternatively provided upon request.

If you have a complaint in the first instance you should contact Sarnia with the details. We have eight weeks to consider the complaint. If we have not resolved, it within this time the client may complain to the Channel Islands Financial Ombudsman.  Details of this will be put on our website.


The contact details for the CIFO are as follows:

Channel Islands Financial Ombudsman (CIFO)

P O Box 114
Jersey, Channel Islands

Tel: +44 (0) 1481 722218



The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions
  • Process applications and to send information and updates pertaining to applications.
  • Send you additional information related to your application and/or service
  • Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.

To be in accordance with CANSPAM, we agree to the following:

  • Not to use false or misleading subjects or email addresses.
  • Identify the message as an advertisement in some reasonable way.
  • Include the physical address of our business or site headquarters.
  • Monitor third-party email marketing services for compliance, if one is used.
  • Honour opt-out/unsubscribe requests quickly.
  • Allow users to unsubscribe by using the link at the bottom of each email.

If at any time you would like to unsubscribe from receiving future emails, you can follow the instructions at the bottom of each email, and we will promptly remove you from ALL correspondence.


Changes to our privacy policy

Our privacy policy is regularly reviewed. Any future changes made to our privacy policy will be posted on  Please check online frequently to see any changes to our privacy policy or complaints procedure have been made.


Contacting Us

If you have any questions regarding this privacy policy, please contact us using the information below.

Sarnia Mutual Limited t/a Sarnia Finance

Suite 5, La Plaiderie Chambers, La Plaiderie, St Peter Port, Guernsey, GY1 1WG


Tel: 01481 723501


Contacting the Regulator

If you feel that your data has been handled incorrectly or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the data protection regulator – The Office of the Data Protection Authority (ODPA). You can contact them for advice by writing to:

The Office of the Data Protection Authority
St Martin’s House
Le Bordage
St Peter Port

You can also telephone (01481) 742074 or email, or you can submit a complaint online at and complete the ‘make a complaint’ section.


If you wish to view our full Terms & Conditions, please get in touch with us using the above methods, and we will be happy to send you a copy.

Data Privacy Policy Last Edited April 2024