Legitimate Interests Assessments

What is the legitimate interest?

Efficient automated extraction of structured data from construction documents enables timely loan monitoring and reduces manual re-keying errors that could affect financial decisions worth millions of pounds.

• Development finance loans involve hundreds of documents per project (invoices, QS reports, certificates, valuations)
• Manual extraction is slow, error-prone, and does not scale across a lender's portfolio
• Timely data extraction is essential for covenant monitoring — delays can mean missed risk signals
• This is a core function that directly benefits both the lender (risk management) and the borrower (early issue detection)

Is the processing necessary for that purpose?

• The alternative — manual data entry — is significantly slower and more error-prone, and does not meet the speed required for continuous monitoring
• AI processing is applied only to documents voluntarily uploaded to the platform for the specific purpose of loan monitoring
• Data minimisation is applied: only relevant sections of documents are sent to AI processors, not entire files
• All AI sub-processors operate under zero-retention agreements (no customer data used for model training)
• AI outputs are always presented to human users for review — there is no autonomous decision-making

Do the individual's interests override?

• Expectation: Individuals whose data appears in documents (contractors, QS, architects) would reasonably expect that documents submitted for loan monitoring would be processed and analysed
• Nature of data: Professional/commercial data (company names, invoice amounts, certifications) — not sensitive personal data
• Impact: Minimal adverse impact on individuals — data is used solely for loan monitoring, not for marketing or profiling
• Safeguards: Zero-retention AI APIs, encryption in transit (TLS 1.3) and at rest (AES-256), RBAC, pre-signed URLs with time-limited access, full audit trail
• Opt-out: Data subjects can object to processing; lenders can exclude specific documents from AI analysis

What is the legitimate interest?

Continuous property valuation monitoring is essential for lenders to manage ADC loan risk, comply with PRA capital requirements under Basel 3.1, and protect borrower interests through early covenant breach detection.

• ADC loans are secured against property; if property values decline, loan-to-value covenants may be breached
• PRA PS6/23 requires lenders to monitor collateral values and apply appropriate risk weights
• Early detection of valuation declines protects both the lender (capital adequacy) and the borrower (opportunity to cure)
• Market monitoring also benefits buyers named in pre-sale agreements by tracking completion risk

Is the processing necessary for that purpose?

• Property valuation monitoring cannot function without processing property addresses and ownership data
• Land Registry data is already public and available to anyone via the public register
• Pre-sale buyer names are processed only where relevant to GDV calculations and covenant compliance
• All data processing is limited to the geographic area and property types relevant to the monitored loan
• No less intrusive alternative exists — manual quarterly valuations are too infrequent for continuous monitoring

Do the individual's interests override?

• Expectation: Property owners and buyers would expect their property data to be monitored as part of the loan facility they are party to
• Nature of data: Property addresses and ownership details are public register data; pre-sale details are commercial transaction data
• Impact: No decisions are made about individuals based on this data — it informs loan-level covenant calculations
• Safeguards: Data stored in encrypted database (AWS eu-west-2), RBAC, audit trail, UK-only processing for this activity
• Neighbouring owners: Only public Land Registry data is used for comparable sales; no direct impact on neighbouring owners

What is the legitimate interest?

Lender monitoring of construction site communications enables real-time progress tracking, automated variation detection, and verifiable drawdown evidence — protecting both lender capital and borrower interests.

• Lenders need regular site progress evidence to verify drawdown requests and monitor construction timelines
• Contractors communicate with each other in project Telegram supergroups (forum topics); the Mintstone bot passively reads these messages as a group administrator
• Telegram is already in widespread use among UK construction workers — using existing groups avoids forcing adoption of a new tool
• AI processes messages to generate progress summaries and detect potential variations, providing lenders with structured reporting from unstructured site communications

Is the processing necessary for that purpose?

• The Mintstone bot is added as an administrator to project Telegram supergroups; it passively reads all messages in forum topics assigned to work items — no additional data is scraped from other sources
• Only Telegram username, user ID, message content, and shared media files are processed — the minimum data present in the group
• The primary processing path generates AI summaries of message batches rather than storing verbatim transcripts, applying data minimisation at the point of processing
• EXIF metadata (GPS, timestamps) from photos provides verification that progress evidence is genuine and recent; non-essential EXIF (camera model, lens, serial) is stripped before storage
• Alternative: requiring contractors to use a dedicated reporting app would require download, registration, and training — significantly reducing adoption and losing the natural communication data that reveals genuine progress

Do the individual's interests override?

• Expectation: Because the bot passively reads group messages (rather than receiving direct messages), contractors have a higher transparency entitlement. This is addressed by a GDPR monitoring notice pinned in every forum topic, informing all participants that messages are processed under Art. 6(1)(f). The lender also discloses monitoring as a condition of the facility agreement.
• Nature of data: Professional communications about construction work — not sensitive personal information. However, group messages may contain incidental personal information (e.g. scheduling, availability).
• Impact: Messages are used solely for construction progress monitoring and variation detection; no profiling, no marketing, no sharing beyond the lender and authorised platform users
• Safeguards: 3-year retention (OPERATIONAL_3Y), AI summaries stored instead of verbatim transcripts in primary processing path, encryption at rest (AES-256) and in transit (TLS 1.3), RBAC, data replicated to AWS eu-west-2 immediately
• Right to object: Contractors can exercise their right to object under Art. 21. Objections are assessed against the legitimate interest. Alternative reporting arrangements (email, phone updates) can be made for individual contractors who object. Contractors can also request erasure of their message data.
• Site photos: May incidentally capture other individuals on site — these are not processed for biometric purposes and are viewed only by authorised lender users

What is the legitimate interest?

Responding to voluntary business enquiries from prospective customers is necessary for Mintstone's core business operations and sales function.

• Prospective customers submit enquiries to learn about Mintstone and request demonstrations
• Responding to these enquiries is a fundamental business activity — the company cannot operate without it
• Processing is limited to information the individual has voluntarily provided for the purpose of receiving a response

Is the processing necessary for that purpose?

• Contact details (name, email, company) are the minimum data required to respond to an enquiry
• No additional data is collected beyond what the individual provides in the form
• Data is retained for only 12 months, then deleted unless the enquiry converts to a customer relationship
• Processing via Formspree is necessary for reliable form handling; no less intrusive alternative achieves the same reliability

Do the individual's interests override?

• Expectation: Individuals who submit a contact form clearly expect to receive a response — they initiated the interaction
• Nature of data: Basic business contact information voluntarily provided
• Impact: Positive — the individual receives the information they requested. No unsolicited marketing follows unless they opt in
• Safeguards: 12-month retention limit, TLS encryption, Formspree SOC 2 controls, privacy policy linked on form page
• Opt-out: Individuals can request deletion of their enquiry at any time via privacy@mintstone.co.uk

What is the legitimate interest?

Monitoring platform performance and security is essential to maintaining service availability, meeting SLA commitments, and detecting security threats in a financial services application handling sensitive loan data.

• Mintstone processes sensitive financial data on behalf of regulated lenders — any security breach or outage has severe consequences
• Performance monitoring enables early detection of anomalies that may indicate security incidents or system failures
• Usage analytics inform product improvements that benefit all users
• NIS Regulations 2018 and PRA outsourcing expectations require operators of critical systems to monitor for security threats

Is the processing necessary for that purpose?

• IP addresses and user-agent strings are necessary to identify the source of security threats and distinguish legitimate from malicious traffic
• Error logs with stack traces are necessary to diagnose and fix issues that affect service availability
• Page views and feature usage are aggregated where possible; individual-level tracking is limited to what is necessary for security
• API response times are essential for SLA monitoring and identifying performance degradation
• No analytics data is exported to third parties for marketing or profiling purposes

Do the individual's interests override?

• Expectation: Users of any SaaS platform reasonably expect that their usage is logged for security and reliability purposes
• Nature of data: Technical data (IP addresses, user agents, page views) — not content or communications
• Impact: Negligible impact on individuals; analytics are aggregated for reporting and no decisions are made about individuals
• Safeguards: 3-year retention (OPERATIONAL_3Y), log aggregation and anonymisation where possible, access restricted to admin/engineering, automated alerting for anomalies
• Opt-out: Cookie consent banner to be implemented for non-essential analytics; core security monitoring cannot be opted out of as it is necessary for platform integrity

What is the legitimate interest?

Processing contractor personal data is necessary for Mintstone's core function of monitoring construction loan spend, verifying that payments are made to legitimate contractors, and providing lenders with assurance that funds are being deployed as intended.

• Lender facility agreements require borrowers to evidence that drawdown funds are spent on approved contractors and work packages — contractor identity verification supports this obligation
• Transaction matching (linking bank transactions to known contractor accounts) is essential for accurate spend tracking and fraud detection
• Performance scoring (completion rates, response times, work quality ratings) helps developers make informed contractor selection decisions and enables lenders to assess project delivery risk
• Telegram-based communication and work-item assignment enables real-time site management that benefits both the developer and the contractor

Is the processing necessary for that purpose?

• Contractor name, phone number, and company are the minimum fields required to identify and communicate with individual contractors
• Bank account details (sort code and account number) are necessary for transaction matching — without them, automatic spend classification would not function
• Telegram chat ID is necessary for the bot-based work item assignment and photo upload workflow that operates on construction sites
• Performance metrics (average completion time, work item pass/fail rates) are derived from operational data and cannot be produced without linking activities to individual contractors
• Less intrusive alternatives (e.g. anonymous contractor tracking) were considered but would defeat the purpose of verifiable spend reporting to lenders

Do the individual's interests override?

• Expectation: Contractors engaged on a development project reasonably expect that the developer (and their lender monitoring platform) will hold their contact and payment details for the duration of the project
• Nature of data: Business contact details (name, phone, company) and payment identifiers (sort code, account number). No special category data is processed.
• Impact: Moderate — bank details are sensitive in a fraud context. Performance scores could affect future contractor engagement. However, scores are project-scoped and visible only to the developer, not published.
• Safeguards: Bank details are encrypted at rest (AES-256 via AWS RDS). Access is restricted to project-level admin users. Contractor profiles are soft-archived when a project completes (COMPLETED_7Y retention). Performance scores are not shared across unrelated projects.
• Opt-out: Contractors can request deletion of their profile data after project completion via the developer or directly via contact@mintstone.co.uk. Active project data cannot be deleted while the facility is live due to lender reporting obligations.