Privacy Policy

Here at Harrington Brooks (a trading style of Gregory Pennington Limited), we understand that protecting your personal information is of utmost importance. This privacy policy explains how we collect, use and store your personal information and how we ensure it is secure.

This privacy policy will apply to you if you provide your personal information to us, even if you decide not to go ahead with any product or service we offer. It is also used by all the companies within our Group who provide debt solutions, including Freeman Jones Limited and Wilson Andrews Limited. Information may also be shared with HD Law to enable them to offer claims management services. Within this privacy policy we have set out how each of these companies will use your personal data to provide their product or service to you. You can find this easily by clicking on the links below.

If you have any questions about how we may use your personal information you can contact us on the details below.

If you click on a link that takes you to a third party website that is not ours we will not be responsible for how they use your personal data. You should read its own privacy policy to understand how they may use your personal data.

Date last updated: 01/02/2019

The information we collect from you depends on the product or service you apply for, or the service that we provide to you. We will only collect information that we actually need, or where we’re required to collect the information to enable us to perform our legal, regulatory or contractual obligations necessary to provide you with the products or services, or where we have your permission.

This will likely include the collection of:

  • Your personal details (e.g. name, date of birth)
  • Address details
  • Contact details (e.g. phone number, email)
  • Special personal information* (e.g. health information)
  • Financial information
  • Employment information
  • Information on how you use our website(s) and products and services


Special personal information

Data protection law defines some personal information as “special categories of data”. This includes information about physical or mental health, sexual orientation, religious beliefs, race or ethnic origin, political opinions, trade union membership or biometric data. This information may be necessary to collect when understanding the reason for your financial circumstances, or where it may help us to provide a better service to you. For example, a period of ill health could have caused you to fall behind with your regular payments to your creditors.

Where we need to collect and process this type of data about you, by providing this information to us you give your explicit consent for us and any other third party to process this special data as set out in this privacy policy, unless we have a legal obligation to process this type of data.

Any personal information about you relating to criminal convictions or offences may only be used by us when authorised by law.

Information about other people

If you provide personal information about someone else, for example when a joint application is made, you must do so with the permission of the other person. If you enter into a service jointly with another person (for example, a joint Debt Management Plan), your personal information and any information about the service provided to you will be shared with the other person.

We will use the personal information about the other person in the ways as described in this privacy policy.

We collect your information in a number of ways.

  • When you make an application or enquiry to us either by phone, email our website, by a third party or by any other means

  • Information received from a third party, for example a creditor providing information about an account you hold with them, or where you have previously agreed for your information to be shared with us, for example, if you have been introduced to us by another company

  • When you participate in market research, competitions and promotions provided by us, or on our behalf

  • By adding reviews or interacting with us using social media such as Twitter or Facebook etc

  • When you use online platforms, such as an online portal

  • When we may need to obtain up to date information about you to meet our legal or regulatory obligations

  • Where you have given permission for your information to be provided to us

We can only use your personal information where it falls into one or more of the following categories:

  • It is necessary to enter into or fulfil a contract we have with you;

  • You have provided your consent;

  • We have a legal or regulatory obligation to do so;

  • It is necessary to carry out a task which is in the public interest;

  • It is necessary to protect your vital interests; or

  • It is in our legitimate interest to do so and it is not against your rights

Initial Application/Advice

Where you make an application or enquiry for one of our products or services we’ll use your information to provide you with appropriate information about any solutions we may be able to offer to you. If you cannot provide this information we may not be able to progress with your application or enquiry.

We may also use this information to contact you about and process your application, for example, sending you an email, text message or letter to welcome you to our services.

We will process the personal data we collect about you for the purposes set out below at Purposes for Processing your Personal Data.

After you have made you initial application/enquiry, if you also decide to go ahead with any of the products or services that we offer, the sections below explain how we will also process your data when we provide that particular product(s) or service(s).

Ongoing Services

Where we are providing you with a debt solution, such as a Debt Management Plan, Debt Arrangement Scheme (DAS), Individual Voluntary Arrangement (IVA); Debt Relief Order (DRO) or with claims management services or any other financial services solution, we will process your personal information to administer the services we provide. This may include contacting you where we may need further information, or sending you updates on the progress of the services we provide to you.

Where we provide ongoing services, we will normally require you to agree to the terms and conditions of the debt solution or service. These will set out how we will provide the services to you and where we will be required, under the terms and conditions, to process your personal information. For example, we would need to your share information with your creditors to enable us to set up and administer a Debt Management Plan.

Please read the section(s) relevant to the specific products and services you receive from us.

If we give you Debt Advice, this will be provided by Gregory Pennington Limited. The table below specifically explains how and why your personal data will be used so that the services can be provided to you. When providing you with debt advice we collect and use your personal information under the lawful basis of our legitimate interest and is necessary to enable us to provide you with the best advice possible.

What personal data will we need to collect?

To be able to provide you with Debt Advice we need to collect certain categories of personal data. This will include: - Contact details – so that we can contact you about and process your enquiry - The people you owe money to and your property and assets - so we fully understand your financial situation and give you personalised advice that’s tailored to you - Your Income and expenditure – so that we can accurately work out what you can afford to pay towards your debts and make sure the solution we recommend is the right one for you - Personal circumstances – such as your employment, living arrangements and financial dependents, so that we can understand and give you advice about how each of the available debt solutions could affect you - Special personal information – only with your permission and where this is relevant to your financial situation and how a debt solution needs to work for you, or where we have a legal right to do so.

For further information on how CRAs may use your personal information you can view the Credit Reference Agency Information Notice here or from the three main CRAs – TransUnion (formerly Callcredit); Equifax; and Experian.

Who will the data be shared with?

If you were introduced to our services by a third party, we will share information about what debt solution we have recommended and whether you choose to use our services. We may share your information with our service partners , i.e. companies who provide services to us that enable us to provide our services to you. This will include IT service providers, communication service providers, printers, professional advisors and insurers, advertisers and social media platforms. We will only share your information with them if they’ve agreed to keep it confidential. Our regulators , such as the Financial Conduct Authority, the Information Commissioner’s Office or any other regulatory body or authority may request certain information as part of supervising us. We have a legal or regulatory obligation to provide this.

If you have provided your authority, if we have a legitimate interest to do so or where we may be legally entitled to, we will share information with credit reference agencies (CRAs) to obtain information about your financial history or your credit commitments.

For further information on how CRAs may use your personal information you can view the Credit Reference Agency Information Notice here or from the three main CRAs – TransUnion (formerly Callcredit); Equifax; and Experian.

How long will your data be stored for?

If you continue to be our customer and we give you advice, we will keep a record of your personal information to ensure that we provide you with the best service possible and where we’re required to keep your data to meet our legal and regulatory obligations. This will normally be kept for at least 6 years, starting from the date when we are no longer providing you with a service. Telephone calls will be retained for at least 6 years from the date the call was made.

If you do not go ahead with any product or service offered by the Group, your personal information will normally be deleted after 2 years (except for any recorded telephone calls) unless we have another reason to keep your personal information, for example, if you have given your consent to receive marketing or promotional messages from us. After this time, we will delete the information or anonymise the data so that it cannot be linked back to you.

If you enter into a Debt Management Plan, this will be provided by Gregory Pennington Limited. The table below specifically explains how and why your personal data will be used so that the services can be provided to you.

What personal data will we need to collect?

To be able to provide you with Debt Advice we need to collect certain categories of personal data. This will include:

  • Contact details – so that we can regularly contact you where we need to and update you about your DMP
  • Your Income and expenditure - so that we can accurately work out what you can afford to pay towards your DMP
  • The people you owe money to – so we can properly administer your DMP
  • Personal circumstances – such as your employment, living arrangements, property, assets and financial dependents, to carry out your regular reviews and advise how any change in your situation affects your DMP and whether your DMP is still the right solution for you
  • Special personal information – only with your permission and where this is relevant to your financial situation and the administration of your DMP, or where we have a legal right to do so
  • Financial details – we need this information to be able to collect your regular payments for your DMP.

This is required to enable you to enter into a DMP and to fulfil our contractual obligations with you, and to fulfil our legal and regulatory obligations.

With your permission, we may use information from your credit file to confirm certain information, including about your lenders, balances, account numbers, your account, address and insolvency history and details of any county court judgments (CCJ). Your credit file data will be provided by Callcredit Consumer Ltd, and CCJ data by Callcredit Ltd subject to passing their authentication process.

Who will the data be shared with?

Your personal information will be shared with creditors and debt collectors who you owe money to so that we can arrange a payment arrangement under your DMP. This is a key part of the services we’ve contractually agreed to provide to you.

If your plan is covered by payment protection insurance or the income safeguard plan, we will tell the Policy Administrator about changes to your level of cover, the premiums you have paid or claims you may make.

Our regulators, such as the Financial Conduct Authority, the Information Commissioner’s Office or any other regulatory body or authority may request certain information as part of supervising us. We have a legal or regulatory obligation to provide this.

Your personal data may be shared with tracing agents where we have a legitimate interest to obtain up to date contact information to help us to continue to provide the services to you.

If you have provided your authority or we have a legitimate interest to do so, or where we may be legally entitled to, we will share information with credit reference agencies (CRAs) to obtain information about your financial history or your credit commitments.

For further information on how CRAs may use your personal information you can view the Credit Reference Agency Information Notice here or from the three main CRAs – Callcredit; Equifax; and Experian.

How long will your data be stored for?

Whilst you continue to be our customer, we will keep a record of your personal data to ensure that we provide you with the best service possible and where we’re required to keep your personal information to meet our legal and regulatory obligations. This will normally be kept for at least 6 years, starting from the date when we are no longer providing you with a service. We will retain telephone calls for at least 6 years from the date the call was made.

After this time, we will delete the information or anonymise the data so that it cannot be linked back to you.

If you use our full and final settlement service, it will be provided by Gregory Pennington Limited. The table below specifically explains how and why your personal data will be used so that this service can be provided to you.

What personal data will we need to collect?

To be able to provide you with our full and final settlement service, we will need to collect certain categories of personal data. This will include:

  • Contact details – so that we can regularly contact you where we need to and keep you updated
  • The people you owe money to – so we can advise you about settling your debts and to negotiate with and make payments to your creditors
  • Personal and financial circumstances – such as your income and expenditure, employment, property, assets, living arrangements and financial dependents, to understand your situation and advise you about settling your debts, and to help us try to agree full and final settlement terms on your behalf
  • Special personal information – only with your permission and where this is relevant to your financial situation and how we administer our services, or where we have a legal right to do so
  • Financial details – we need this information to be able to collect your payment.

This is required to enable you to enter our full and final settlement and to fulfil our contractual obligations with you, and to fulfil our legal and regulatory obligations. With your permission, we may obtain and use information from your credit file to confirm certain information, including about your lenders, balances, account numbers, your account, address and insolvency history and details of judgments made against you (e.g. CCJs). Your credit file data will be provided by Callcredit Limited (trading as TransUnion), subject to passing their authentication process. For more information about how TransUnion uses and shares your credit file information, please click here.

Who will the data be shared with?

Your personal information will be shared with creditors and debt collectors who you owe money to so that we can arrange a payment arrangement under the full and final settlement process. This is a key part of the services we’ve contractually agreed to provide to you. Our regulators, such as the Financial Conduct Authority, the Information Commissioner’s Office or any other regulatory body or authority may request certain information as part of supervising us. We have a legal or regulatory obligation to provide this. Your personal data may be shared with tracing agents where we have a legitimate interest to obtain up to date contact information to help us to continue to provide the services to you.

How long will your data be stored for?

Whilst you continue to be our customer, we will keep a record of your personal data to ensure that we provide you with the best service possible and where we’re required to keep your personal information to meet our legal and regulatory obligations. This will normally be kept for at least 6 years, starting from the date when we are no longer providing you with a service. Telephone calls will be retained for at least 6 years from the date the call was made. After this time, we will delete the information or anonymise the data so that it cannot be linked back to you.

If you enter into an Individual Voluntary Arrangement (IVA), it will be provided by Freeman Jones Limited. The table below specifically explains how and why your personal data will be used so that the services can be provided to you.

What personal data will we need to collect?

To be able to provide our services we will need to collect certain categories of personal data. This will include:

  • Contact details – so that we can regularly contact you where we need to and update you about your IVA
  • Your Income and expenditure – so that we can accurately work out what you need to pay into your IVA
  • The people you owe money to and your property and assets – so we can properly supervise your IVA and advise you what you need to do to complete your arrangement
  • Personal circumstances – such as your employment, living arrangements and financial dependents, so that we can understand how any change in your situation affects your IVA
  • Special personal information – only with your permission and where this is relevant to your financial situation and the administration of your IVA, or where we have a legal right to do so
  • Financial Details - we need this information to be able to collect your regular payments for your IVA.

This is required to enable you to enter into an IVA and to fulfil our contractual obligations with you, and to fulfil our legal and regulatory obligations.

With your permission, we may use information from your credit file to confirm certain information, including about your lenders, balances, account numbers, your account, address and insolvency history and details of any county court judgments (CCJ). Your credit file data will be provided by Callcredit Consumer Ltd, and CCJ data by Callcredit Ltd subject to passing their authentication process.

Who will the data be shared with?

Your personal information will be shared with creditors, debt collectors and voting agents dealing with the debts included within your IVA. This is a key part of the services we’ve contractually agreed to provide to you.

If your IVA is accepted, information about you and your IVA will be shared with the Insolvency Service and will appear in the publicly accessible Individual Insolvency Register maintained by the Insolvency Service.

We will share your information with a claims management company, HD Law, to assess whether there are any other potential assets that could be made available to your creditors. HD Law will not act for you as a claims management company unless you instruct them and will provide a report to your Supervisor after they have completed the review.

If your payments to the IVA are covered by payment protection insurance or the Income Safeguard Plan, or your IVA is included in our IVA Cover life policy, we will tell the Policy Administrator, as relevant, about changes affecting your level of cover, the premiums payable or claims you or we may make. Our regulators, such as the Insolvency Practitioners Association, the Information Commissioners Office or any other regulatory body or authority may request certain information as part of supervising us. We would have a legal or regulatory obligation to provide this. Your personal data may be shared with tracing agents where we have a legitimate interest to obtain up to date contact information to help us to continue to provide the services to you.

If you have provided your authority or we have a legitimate interest to do so, or where we may be legally entitled to, we will share information with credit reference agencies (CRAs) to obtain information about your financial history or your credit commitments. For further information on how CRAs may use your personal information you can view the Credit Reference Agency Information Notice here or from the three main CRAs – TransUnion (formerly Callcredit); Equifax; and Experian.

How long will your data be stored for?

If you continue to be our customer and we give you advice, we will keep a record of your personal information to ensure that we provide you with the best service possible and where we’re required to keep your data to meet our legal and regulatory obligations. This will normally be kept for at least 6 years, starting from the date when we are no longer providing you with a service. Telephone calls will be retained for at least 6 years from the date the call was made.

If you do not go ahead with any product or service offered by the Group, your personal information will normally be deleted after 2 years (except for any recorded telephone calls) unless we have another reason to keep your personal information, for example, if you have given your consent to receive marketing or promotional messages from us.

After this time, we will delete the information or anonymise the data so that it cannot be linked back to you.

If you enter into a Trust Deed, it will be provided by Wilson Andrews Limited. The table below specifically explains how and why your personal data will be used so that the services can be provided to you.

What personal data will we need to collect?

To be able to provide our services we will need to collect certain categories of personal data. This will include:

  • Contact details – so that we can regularly contact you where we need to and update you about your Trust Deed

  • Your Income and expenditure – so that we can regularly contact you where we need to and update you about your Trust Deed

  • The people you owe money to and your property and assets – so we can properly administer your Trust Deed and advise you what you need to do to complete your arrangement

  • Personal circumstances – such as your employment, living arrangements and financial dependents, so that we can understand how any change in your situation affects your Trust Deed

  • Special personal information – only with your permission and where this is relevant to your financial situation and the administration of your trust deed, or where we have a legal right to do so.

  • Financial details – we need this information to be able to collect your regular payments for your Trust Deed.

This is required to enable you to enter into a Trust Deed and to fulfil our contractual obligations with you, and to fulfil our legal and regulatory obligations.

With your permission, we may use information from your credit file to confirm certain information, including about your creditors, balances, account numbers, your account, address and insolvency history and details of any county court judgments (CCJ).

Who will the data be shared with?

Your personal information will be shared with the creditors, debt collectors and voting agents that you owe money to.

We will share information about your Trust Deed with the Accountant in Bankruptcy (AiB). Information about you and your Trust Deed will appear in the publicly accessible Register of Insolvencies maintained by the AiB.

Our regulators, such as the Insolvency Practitioners Association, may request certain information as part of supervising us. We would have a legal or regulatory obligation to provide this.

Your personal data may be shared with tracing agents where we have a legitimate interest to obtain up to date contact information to help us to continue to provide the services to you.

If you have provided your authority or we have a legitimate interest to do so, or where we may be legally entitled to, we will share information with credit reference agencies (CRAs) to obtain information about your financial history or your credit commitments.

For further information on how CRAs may use your personal information you can view the Credit Reference Agency Information Notice here or from the three main CRAs – Callcredit; Equifax; and Experian.

How long will your data be stored for?

Whilst we continue to provide services in relation to your Trust Deed, we will keep a record of your personal data to ensure that we meet our legal and regulatory obligations and provide the best service possible. Your information will normally be kept for at least 6 years, starting from the date when the Trustee is discharged from acting in your case. Telephone calls will be retained for at least 6 years from the date the call was made.

After this time, we will delete the information or anonymise the data so that it cannot be linked back to you.

What personal data will we need to collect?

To be able to provide our services we will need to collect certain categories of personal data. This will include:

  • Contact details – so that we can regularly contact you where we need to and update you about your sequestration

  • Your Income and expenditure – so that we can regularly contact you where we need to and update you about your sequestration

  • The people you owe money to and your property and assets – so we can properly administer your sequestration and advise you what you need to do to complete your arrangement

  • Personal circumstances – such as your employment, living arrangements and financial dependents, so that we can understand how any change in your situation affects your sequestration

  • Special personal information – only with your permission and where this is relevant to your financial situation and the administration of your sequestration, or where we have a legal right to do so.

  • Financial details – we need this information to be able to collect your regular payments for your sequestration.

This is required to enable us to process your sequestration and to fulfil our legal and regulatory obligations.

Who will the data be shared with?

Your personal information will be shared with the creditors, debt collectors and voting agents that you owe money to.

We will share information about your sequestration with the Accountant in Bankruptcy (AiB). Information about you and your sequestration will appear in the publicly accessible Register of Insolvencies maintained by the AiB.

Our regulators, such as the Insolvency Practitioners Association, may request certain information as part of supervising us. We would have a legal or regulatory obligation to provide this.

Your personal data may be shared with tracing agents where we have a legitimate interest to obtain up to date contact information to help us to continue to provide the services to you.

If you have provided your authority or we have a legitimate interest to do so, or where we may be legally entitled to, we will share information with credit reference agencies (CRAs) to obtain information about your financial history or your credit commitments.

For further information on how CRAs may use your personal information you can view the Credit Reference Agency Information Notice here or from the three main CRAs – Callcredit; Equifax; and Experian.

How long will your data be stored for?

Whilst we continue to provide services in relation to your Sequestration, we will keep a record of your personal data to ensure that we meet our legal and regulatory obligations and provide the best service possible. Your information will normally be kept for at least 6 years, starting from the date when the Trustee is discharged from acting in your case. Telephone calls will be retained for at least 6 years from the date the call was made.

After this time, we will delete the information or anonymise the data so that it cannot be linked back to you.

If a Debt Relief Order (DRO) is the solution you decide on, Gregory Pennington Limited will collect and process your personal data to help you with your application. The table below specifically explains how and why your personal data will be used so that the services can be provided to you.

What personal data will we need to collect?

To be able to provide our services we will need to collect certain categories of personal data. This will include:

  • Contact details – so that we can regularly contact you where we need to and update you about your sequestration

  • Your financial situation – such as your income and expenditure, who you owe money to, your property and any assets, your employment, living arrangements and financial dependents, so we can advise you and confirm your eligibility for a DRO, and complete and submit your application.

  • Special personal information – only with your permission and where this is relevant to your financial situation and your application for a DRO, or where we have a legal right to do so.

This is required to enable us to process your sequestration and to fulfil our legal and regulatory obligations.

With your permission, we may obtain and use information from your credit file to confirm certain information, including about your lenders, balances, account numbers, your account, address and insolvency history and details of judgments made against you (e.g. CCJs). Your credit file data will be provided by Callcredit Limited (trading as TransUnion), subject to passing their authentication process. For more information about how TransUnion uses and shares your credit file information, please click here.

Who will the data be shared with?

We will share your information with the Official Receiver.

If your application for a DRO is accepted by the Official Receiver, information about you and your DRO will appear in the publicly accessible Individual Insolvency Register maintained by the Insolvency Service.

Our regulators, such as the Insolvency Service, or authorising body may request certain information as part of supervising us. We would have a legal or regulatory obligation to provide this.

Your personal data may be shared with tracing agents where we have a legitimate interest to obtain up to date contact information to help us to continue to provide the services to you.

If you have provided your authority or we have a legitimate interest to do so, or where we may be legally entitled to, we will share information with credit reference agencies (CRAs) to obtain information about your financial history or your credit commitments.

For further information on how CRAs may use your personal information you can view the Credit Reference Agency Information Notice here or from the three main CRAs – TransUnion (formerly Callcredit); Equifax; and Experian.

How long will your data be stored for?

Your information will normally be kept for at least 6 Years from the date your DRO is approved. Telephone calls will be retained for at least 6 years from the date the call was made.

After this time, we will delete the information or anonymise the data so that it cannot be linked back to you.

If a Debt Payment Programme (DPP) under the Debt Arrangement Scheme is the solution you decide on, Gregory Pennington Limited will collect and process your personal data to help you with your application and administer your DPP. The table below specifically explains how and why your personal data will be used so that the services can be provided to you.

What personal data will we need to collect?

To be able to provide our services we will need to collect certain categories of personal data. This will include:

  • Contact details – so that we can regularly contact you where we need to and update you about your DPP

  • Your Income and expenditure – so that we can accurately work out what you can afford to pay towards your DPP

  • The people you owe money to – so we can properly administer your DPP

  • Personal circumstances – such as your employment, living arrangements, property, assets and financial dependents, to carry out your regular reviews and advise how any change in your situation affects your DPP and whether it is still the right solution for you

  • Special personal information – only with your permission and where this is relevant to your financial situation and the administration of your DPP, or where we have a legal right to do so

  • Financial details – if we, trading as Think Link are appointed to be the Payment Distributor for your DPP, to collect the regular payments to your DPP.

This is required to enable a DPP to be entered into and to fulfil our contractual obligations with you, and to fulfil our legal and regulatory obligations.

With your permission, we may obtain and use information from your credit file to confirm certain information, including about your lenders, balances, account numbers, your account, address and insolvency history and details of judgments made against you (e.g. CCJs). Your credit file data will be provided by Callcredit Limited (trading as TransUnion), subject to passing their authentication process. For more information about how TransUnion uses and shares your credit file information, please click here.

Who will the data be shared with?

Your personal information will be shared with creditors and debt collectors who you owe money to so that we can arrange a payment arrangement under your debt arrangement scheme. This is a key part of the services we’ve contractually agreed to provide to you.

We will submit your DPP application to the DAS Administrator for approval.

If your DPP is approved, your details will be published on the publicly accessible DAS Register, maintained by the Accountant in Bankruptcy.

We will pass information about you and your approved Debt Payment Programme to the Payments Distributor appointed to deal with the payments due into your DPP.

If your plan is covered by payment protection insurance or the income safeguard plan, we will tell the Policy Administrator about changes to your level of cover, the premiums you have paid or claims you may make.

Our regulators, such as the DAS Administrator, the Information Commissioner’s Office or any other regulatory body or authority may request certain information as part of supervising us. We would have a legal or regulatory obligation to provide this.

Your personal data may be shared with tracing agents where we have a legitimate interest to obtain up to date contact information to help us to continue to provide the services to you.

If you have provided your authority or we have a legitimate interest to do so, or where we may be legally entitled to, we will share information with credit reference agencies (CRAs) to obtain information about your financial history or your credit commitments.

For further information on how CRAs may use your personal information you can view the Credit Reference Agency Information Notice here or from the three main CRAs – Callcredit; Equifax; and Experian.

How long will your data be stored for?

Whilst you continue to be our customer, we will keep a record of your personal data to ensure that we provide you with the best service possible and where we’re required to keep your personal information to meet our legal and regulatory obligations. This will normally be kept for at least 6 years, starting from the date when we are no longer providing you with a service. Telephone calls will be retained for at least 6 years from the date the call was made.

After this time, we will delete the information or anonymise the data so that it cannot be linked back to you.

If you require claims management services this will be provided by HD Law. The table below specifically explains how and why your personal data will be used so that the services can be provided to you.

What personal data will we need to collect?

  • Contact details – so that we can contact you about and process your enquiry

  • Account information – we need to know who you bought financial products and services from, your account numbers, any joint applicants, so that any claims can be assessed and administered on your behalf.

  • Financial and personal circumstances – such as your income, employment and credit commitments, so that we understand your situation at the time and since you bought the products and services we look into, to help us assess if they were missold and to form the basis of any complaint made on your behalf.

  • Special personal information – including about your health or medical conditions, only with your permission and where this is relevant to whether you were missold financial products and services or how your claim is administered, or where there is a legal right to do so.

This is required to to provide the Claims Management Service and to fulfil our contractual obligations with you, and to fulfil our legal and regulatory obligations.

Who will the data be shared with?

Your personal information will be shared with HD Law and the lenders, brokers and product providers who sold you the debt-solution/service that we look into when we request information about your accounts, and so they can investigate any complaint made on your behalf.

We will share your information with the Financial Ombudsman’s Service (FOS) to ask them to investigate your claim against the product provider if we don’t believe they have given a fair response to your claim or if they take too long to reply.

If you are in a debt solution and you give your permission, or if they have a legal right to ask us to, we will share information about the outcome of your claims with your debt management plan provider or with the supervisor of your IVA.

Our regulators, such as the Ministry of Justice, the Information Commissioners Office or any other regulatory body or authority may request certain information as part of supervising us. We would have a legal or regulatory obligation to provide this.

How long will your data be stored for?

Whilst you continue to be our customer, we will keep a record of your personal data to ensure that we provide you with the best service possible and where we’re required to keep your personal information to meet our legal and regulatory obligations. This will normally be kept for at least 6 years, starting from the date when we are no longer providing you with a service. Telephone calls will be retained for at least 6 years from the date the call was made.

After this time, we will delete the information or anonymise the data so that it cannot be linked back to you.

Websites and marketing

To help us understand you better and provide you with information about other products which may be suitable and relevant, we will use your personal information to create a profile of you and your circumstances. This allows us to provide more relevant, accurate and tailored services to you. For example, we may assess your income and expenditure to determine whether you would be eligible for a debt solution through us. We believe we have a legitimate interest to do this and that it is not against your rights.

However, if you don’t want us to profile your personal information this way, to then better enable us to tailor any marketing communications to you, you can contact us to let us know that you wish for your personal data not to be used in this way.

Reviews and Market Research

Where we have a copy of your personal information we may contact you to ask you to provide a review about the services you’ve received or where we are carrying out market research which may help us design future products and services or to help improve our current services. Although this information would really help us, you wouldn’t be required to provide us with this information unless you were happy to. We consider that this is in our legitimate interests to contact you in this way for market research purposes.

We are required to process your personal information where we have a legal or regulatory obligation to do so, for example, to adhere to anti-money laundering or our regulatory obligations.

Responding to complaints or enquiries

If you make an enquiry or complaint with us, we will use your personal information to investigate the complaint and deal with your enquiry. We have a legal and regulatory obligation to deal with your complaint appropriately.

Internal Analysis

As part of our legitimate interest to develop our business and our products we will use your personal information to assess our performance as a business and for statistical analysis. We will use your personal information to assess our performance as a business and for statistical analysis. We will use as little personal data as we can to achieve this. We may also share this analysis with third parties who provide us with services and where we have a contractual obligation to do so.

An automated decision is one which we rely on a computer or system to assess the information you provide to us to make a decision about you. This may include:

  • assessing your eligibility for a product or service
  • detecting any fraudulent activity which may be taking place, or there is a risk that it could take place
  • checking identity and residency statuses

If we do make an automated decision about you, in some cases you have the right to ask that we do not make our final decision based solely on the automated decision, and you can also object to the automated decision and ask that someone reviews it. If you want to do this you’d need to contact us, or use the contact information which will be provided to you once you’ve received the automated decision.

In addition to the companies, organisations and other third parties set out in Section 3, we may also share your personal information with the following organisations:

  • IT Service Providers who provide IT platforms or other IT services
  • Payment Service companies that process transactions for us (e.g. Direct Debits and card transactions)
  • Communication providers (e.g. telephone line providers, and email and text service providers)
  • Printers who print the letters and information packs which we send to you
  • Advertisers and social media companies such as Facebook, Google and Twitter for our social media accounts or where we can contact you using your social media account
  • Third parties who may have introduced you to our services

These companies help us to provide our services to you. We will have a contract in place with any provider who directly provides us with such direct services to ensure that they comply with their data protection obligations and ensure that they have appropriate security measures in place.

We may also share your personal information where we have your consent to do so or where we’re required to do so under a legal or regulatory obligation or court order, such as the police, local authorities or the courts.

The personal information we have collected from you may be shared with law enforcement agencies and fraud prevention agencies who will use it to prevent fraud, money-laundering and terrorist financing and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information is used by us and these fraud prevention agencies, and your data protection rights, can be found by contacting us or email us at [email protected]

We use publicly available social media platforms to promote our services, to provide updates and to share any news and promotional updates. We may collect personal information from these social media platforms, for example, if you post a message on our Facebook page. By providing any of your information to us through these platforms you should be aware that:

The social media web pages are publicly available and you must not provide any personal or sensitive information on our pages that are accessible to the public, such as your account information. We may ask you for your account information via a private message to identify you and to service any request you make.

Each social media platform will process any personal information you provide through the platform and will be processed in accordance with its own privacy policy. The privacy policies are available to view on each social media platform.

We will only share your personal information outside the European Economic Area (EEA), where we have your consent; to comply with a legal obligation; or where we work with a business partner to enable us to provide you with our services, and they process information outside of the EEA.

If we do share your information outside of the EEA we will make sure that it is protected in the same way as if it was being used in the EEA to ensure appropriate safeguards are in place. This may include putting in place a contract with the business partner that means they must protect the personal data to the same standards as the EEA (this may include defined model clauses), or only share the data to a business partner in a non-EEA country where the privacy laws provide the same protection as within the EEA or where they are part of a Privacy Shield.

More information on this can be found on the European Commission Justice Website.

We take the protection of personal information very seriously and we will maintain appropriate measures to maintain the confidentiality, integrity and availability of the information you have provided. Such measures include:

  • Company security policies and standards
  • staff security awareness
  • role based access controls to prevent unauthorised access to the information
  • encryption and anonymisation technology
  • anti-malware technologies
  • security monitoring
  • security testing
  • secure archiving and deletion
  • compliance with industry regulation and legislation

To help us keep you up to date about the products and services that we provide to you, and to ensure that you’re kept fully informed, we may contact you by letter, telephone, email, text message, push notifications, social media or may send you messages by any online customer platforms or other electronic means.

If you start an application for a product or service through us we will attempt to contact you shortly after if you were unable to complete your application for whatever reason.

If you do not want to be contacted in a particular way then you can request this at any time, but if we are providing a service to you, we do need to be able to send you communications. This can often be due to a legal or regulatory requirement.

It is important that you keep us up to date when you change your contact details to ensure that we use your up to date contact information.

Access to your personal information

You have the right to request from us a copy of the personal information that we may hold about you. This is often called a “Data Subject Access Request”. You can request this information by contacting us as set out below.

Before providing this information to you or to another person or company where you have requested this personal information to be sent to, we may ask for proof of identity or ask sufficient questions to enable us to locate the information and ensure that we’re only providing it were you have given your agreement.

Right to have your personal information corrected

If the personal information we hold about you is incorrect you have the right to request that we correct this.

Right to stop or limit the processing of the data we carry out

You may request that your personal information is deleted or that we stop processing the information if we’re no longer entitled to process it. There may be occasions where we are unable to delete the data due to our legal or regulatory obligations. We will however discuss this with you if you request for your information to be deleted.

Portability

In some cases you may be able to request for your information to be provided to you or to another company in a format that can be processed electronically by you or the other company. If you want to request this you’ll need to contact us.

Whilst you continue to be our customer, we will keep a record of your personal information to ensure that we provide you with the best service possible and where we’re required to keep your personal information to meet our legal and regulatory obligations. The product specific information above sets out how long your personal information will normally be kept for. Telephone calls will be retained for at least 6 years from the date the call was made.

If you do not go ahead with any product or service offered by the Group, your personal information will normally be deleted after 2 years unless we have another reason to keep your data, for example, if you have given your consent to receive marketing or promotional messages from us.

If you have provided us with your consent or where we are legally entitled to do so, we may contact you to let you know about other offers, products and services that we provide which we think you may be interested or that may benefit you. We may do this through post, emails, text messages, telephone, push notifications, social media or other electronic means.

You can easily let us know at any time if you would no longer like to receive these messages. You can contact us using the details below, emailing us at [email protected] or unsubscribing using the link or information within the message.

When you visit our website or similar websites Google may use our advertisements promoting our products and services which may appear on other third party websites you visit across the internet for remarketing purposes, including cross-device remarketing. Google and other third parties will use cookies to tailor advertisements for website users based on their previous visit to our website. More information about cookies can be found below.

We do not have any control over the advertisements you see on other third party websites however you can request to opt out or customise these advertisements by using the Google Ads Preference Manager.

We record any telephone calls you make to us or we make to you or any other third party. This is for training, monitoring and quality purposes and to meet our legal and regulatory obligations. Some telephone calls may be observed by staff for training and development purposes.

We may keep a copy of the telephone calls for up to 6 years from the date the telephone call was made.

If you have any questions or queries about how we use your personal information you can contact us or our Data Protection Officer using the address or email below:

Data Protection Officer Gregory Pennington Limited Think Park Mosley Road Trafford Park Manchester M17 1FQ

Email: [email protected]

If you are not happy with how we process your personal information you should contact us in the first instance. If you’re not happy with how we have dealt with your complaint you have the right to lodge a complaint with the Information Commissioner’s Office. You can find their details on their website at https://ico.org.uk/

Any updates to this privacy policy will be found on this page. If we make any important or significant changes to the way we may collect and use your personal information we will endeavour to notify you of this change.

When using this website, some information may be collected automatically using ‘cookies’. These are small text files that facilitate the processing of your data and enable us to analyse how the website is being used. Cookies can be temporary or permanent.

Temporary cookies form part of the security process while you are using the website; permanent cookies identify the link you used to find our website, check your browser so that we can make sure that our website and services work well with your computer and to help us monitor traffic on our website.

Why are cookies used?

They help visitors. Cookies allow sites to do things like provide personalised content and remember their log-in details and settings. You can turn them off - this won’t stop a website from working, but it might mean it won’t work as well as it could, or that you have to do the same thing more than once.

They help website owners. Cookies tell website owners things like: what search engine a visitor used to find the website, how often they’ve visited it, how long they’ve spent on it, and so on.

We’ve set out below the cookies that we may use and those that are set by third parties on our website.


Cookie Name Purpose More Information
All Response Media pk(x) This cookie is used to collect information about how visitors use our website and allows us to compile reports to further improve our website. Click here for more information about All Response Media cookies
Amazon ad-(x) Display advertising and conversion tracking
AppNexus anj, uuid(x), sess Display advertising cookie Click here for more information about Outbrain cookies
AOL API(x), C2, ASCID, IDSYNC Remarketing and conversion tracking
Bing Ads mui(x), _uet(x) Remarketing script and conversion tracking
Cloud Flare _cfduid Security and performance script Click here for more information about Cloud Flare cookie.
DoubleClick Cookies _ide, _nid, _ssid, _dsid These are 3rd party cookies served by DoubleClick. They serve adverts to visitors based on the websites they’ve been to previously Click here for more information about DoubleClick and how to disable this cookie.
Facebook fr Remarketing and conversion tracking Click here for more information about Facebook cookies
Google Analytics _utm(x), _ga(x), _gid, amp_token These cookies are used to collect information about how visitors use our website. They keep track of when a visitor enters and leaves the website and an search engines and keywords that are used, including any personal and/or special categories of data. Click here for more information about google analytics and how to disable this cookie.
Hotjar _hj(x) These cookies are used to record anonymous videos about how visitors use our website. They keep track of how visitors engage with pages on our website. Click here for more information about Hotjar and how to disable this cookie
Marin Software _msuuid, msuuid(x) Remarketing and conversion tracking
Microsoft Azure ai_(x) Web performance monitoring
Outbrain obuid, _ofcap_DOC1, _utastes_1, _fcap_CAM4 Remarketing and conversion tracking
Quora m-b Remarketing and conversion tracking
Taboola taboola(x), t(x), JSEESIONID, DNT Remarketing and conversion tracking
Twitter guest_id, personalisation_id Remarketing and conversion tracking
Yahoo! B Remarketing and conversion tracking
Session Variables ASP.NET_SessionId ASPESSIONID These cookies are used to keep all information about the visitor’s session of the website and are essential for the website to work. These expire when the browser is closed.
VISITOR_INFO1_LIVE This tracks a layout version that the YouTube applet will use when displayed on the website.
Our Cookies _sid used for session tracking
_af used to store internal system information
_culture language code e.g. ‘en-GB’
HasMarketingConsent This allows the website to identify when a customer has started a journey in response to an e-mail
SourceId This allows the website to identify which source the customer has entered the website from


Except for essential cookies, all cookies will expire after 10 years.

Disabling/Enabling Cookies

You have the ability to accept or decline cookies by modifying the settings on your browser and by clicking on the disable button below. Please remember though that disabling certain cookies may affect the functionality of our website.

None of the features of our website will be affected - giving you the full experience.

Disable

If you are using Microsoft Windows Explorer:

  • Open ‘Windows Explorer’
  • Click on the ‘Search’ button on the tool bar
  • Type ‘cookie’ into the search box for ‘Folders and Files’
  • Select ‘My computer’ in the ‘Look In’ box
  • Click ‘Search Now’
  • Double click on the folders that are found
  • ‘Select’ any cookie file
  • Use the ‘Delete’ button on your keyboard

If you are not using Microsoft Windows Explorer, then you should select ‘cookies’ in the ‘Help’ function for information on where to find your cookie folder.

We do not pass on, or sell cookies to any other companies. Further information on the use of and managing cookies can be found at http://www.allaboutcookies.org.