Privacy Notice
How we process our customers’ personal information
Lantern are committed to protecting your personal data and to being open and honest about how we use your personal data.
This notice explains how we use your personal data.
Who we are
The Lantern group is a group of companies and trading styles owned or controlled by Lantern Group Holdings Ltd (“the Lantern group”).
Who controls the use of your personal data?
Lantern Debt Recovery Services Limited – Controller
If you are a Lantern Debt Recovery Services Limited (LDRS) customer then, through a legal assignment between LDRS and your original lender, we have purchased the legal rights under your credit agreement between you and your original lender. This includes the right to collect the outstanding balance from you. We are the controller of the personal data that your original lender transferred to us under the assignment. Not all your personal data was transferred to us – we only became controller of the minimum personal data needed to recover the balance from you.
Prior to the assignment to LDRS, we are a processor of your personal data, using your personal data only on the written instructions of your original lender.
Sonex3 Ltd – Processor
If you are a Sonex3 Ltd customer, we are working on behalf of a client (your lender or services provider) providing vulnerability and collection services. We have been instructed by your lender or services provider to contact you about your account with them. Your lender or services provider remains the controller of your personal data. We are a processor of your personal data, using your personal data only on the written instructions of your lender or services provider.
Data Protection Officer
The Lantern group Data Protection Officer monitors how we use your personal data.
You can contact our Data Protection Officer by post at: Lantern, Protection House, 83 Bradford Road, Stanningley, Pudsey, LS28 6AT, or by email at: [email protected]
How to contact us
| Company | Lantern Debt Recovery Services Limited | Sonex3 Ltd |
| Company number | 06637307 | 08839295 |
| Registered Office | Protection House, 83 Bradford Road, Stanningley, Pudsey, West Yorkshire, LS28 6AT | The Beacon, Dafen, Llanelli, Carmarthenshire SA14 8LQ |
| FCA Firm Reference Number | 718024 | 764250 |
| ICO Registration Number | Z1750842 | ZB991962 |
| How to contact | Get in touch – Lantern | [email protected] |
Links to other websites
Some of the hyperlinks provided in this Notice will lead you to websites which are not under our control. Once you leave our website, we are unable to accept responsibility for the protection of any personal data that you provide to/through the other websites. We encourage you to read the privacy notices and cookie policies on the other websites that you visit.
What personal data do we collect and where from?
The personal data we collect depends on our contact and relationship with you, but it could include:
| Categories | Types | Sources
|
| Website, Phone, WhatsApp, SMS and Portal users data | Internet Protocol (IP) address, Browser type/version, browsing behavior on our site, including the pages that you visit, the time spent on those pages and the date and time of your visit, geolocation data, telephone numbers. | From you
|
| Customers including potential customers | Name, address, gender, date of birth, contact information, including your current and previous phone numbers and email addresses, account details, including references and outstanding balance, financial and credit file/soft search data, , credit and payment history, financial information including bank and payment card details, property information, employment information, including your current employment status, information about your circumstances including vulnerability information, which will help us to identify that you may need to be signposted to additional support. Examples may include, but are not limited to, information about your physical and mental health conditions, or recent life events such as new caring responsibilities, bereavement, or redundancy and difficulties relating to communication. Any other information you choose to provide that helps us to have better interactions with you and contact details marked as inaccurate to prevent these being reused.
We process personal data about any queries, disputes, complaints and data rights requests.
We also use court judgment information, administration orders and bankruptcy, Individual Voluntary Arrangements, debt relief orders, search footprints, scores and ratings and public interest data and derived data such as address links, flags and indicators.
If we have reason to believe that you are in prison, we will obtain publicly available information which may contain some of your personal data such as the name of the prison you are in and the length of your sentence, to update the information we hold about you and to manage your account in the most appropriate way. |
From you.
From your original lender.
From our clients.
From Credit Reference Agencies.
From Lantern Group Companies.
From specialist data organisations.
From fraud prevention agencies.
From commercial sources, such as third-party data and services suppliers working on our behalf. From public source data such as Registry Trust Limited, Land Registry, Insolvency Service, Companies house, Electoral Register.
From Debt Management Partners representing you.
From third parties authorised to represent you.
|
| Third Parties
|
Name, address, contact information, including phone number and email address.
Any other information, which helps us to have better interactions with you or the customer.
|
Direct from Third Party.
We may also combine and match your personal with Credit Reference Agencies and other third parties for trace and data verification purposes.
|
| Third-Party Suppliers and our clients | Name, address and contact information, including phone number and email address. | Direct from you or your organisation.
|
Why do we process your personal data and what are our lawful basis?
| Purpose | Lawful Basis under UK GDPR
What we need Why we need it What we do with it How long we keep it
|
| Lantern group:
New business processing, including to bid to buy your debt from a client or to tender for a contract to provide collection services to a client |
Lawful Basis: Article 6(1)(f) – legitimate interests
You have a legitimate interest in your right to privacy and the protection of your personal data. Lantern group has a legitimate interest in bidding for new business. The processing is necessary for data verification, analysis and pricing to be completed as part of the bidding process.
The following safeguards are in place: · We comply with UK GDPR and Data Protection Act 2018 · We limit the scope and duration of the processing · We only process under a written contract with the seller, which includes confidentiality and data protection obligations · Our employee access to your personal data is role restricted on a need-to-know basis. · We have retention and deletion policies which we follow · We have an overarching Information Management Framework which protects your personal data
On balance Lantern group’s legitimate interests outweigh your legitimate interest because we only process a limited amount of personal data for a short duration with no impact on your rights or freedoms and the processing is proportionate to the aim.
What we need: We receive information about you and your debt to bid for new business.
Why we need it: We use this information to conduct due diligence, data verification and bidding or tender activities.
What we do with it: When using your personal data for this purpose, we are a data processor and may only process your personal data on the written instructions of the seller (your original creditor).
How long we keep it: 3 months in the event of an unsuccessful bid
|
| Lantern Debt Recovery Services Limited:
Debt recovery, including recovery of monies owed, agreeing and setting up payment plans, processing payments, reporting and conducting soft trace activity with CRAs, tracing you, re-engagement visits, checking data accuracy, account placement, taking legal action including enforcement.
|
Lantern has purchased your debt from your original creditor. This means that the rights, including the legal right to recover the balance from you have been assigned to Lantern.
Lawful basis: Article 6(1)(b) – Necessary for the performance of a contract you are a party to Article 6(1)(c) – to comply with legal obligations related to the credit agreement: · Consumer Credit Act 1974 · Financial Services & Markets Act 2000 & 2023 · FCA Handbook Principles 1 to 11 · Principles of Reciprocity which are the rules established by the Steering Committee on Reciprocity
Sensitive data: For special category personal data such as health data, we rely on explicit consent and Schedule 1 Part 2(19) of Data Protection Act 2018 which relates to safeguarding your economic well-being.
Where you tell us about something sensitive, for example, your physical or mental health and this has an impact on your ability to repay your debt we will ask you if we can retain the sensitive information and share it with third parties where necessary. We do this to comply with the FCA’s requirements to treat you fairly and assess whether we believe you may be a in a vulnerable situation and need to be sign-posted to additional support, to make sure we treat fairly and deal with you in a way that best suits your needs, that any payment plan is tailored to your circumstances and we communicate with you in an appropriate way.
If you send us sensitive information such as physical or mental health information in writing, by post or email, and the information has an impact on your ability to repay your debt, this will be taken as your explicit consent to allow us to record and use this sensitive information about you
In some circumstances, where it is not possible to obtain your explicit consent, we may use your sensitive personal data, including health data, where we need to process this to safeguard your economic well-being where we reasonably consider that you may be in a vulnerable situation or at economic risk due to your health conditions.
We will only record what is necessary to help us to act in your best interests and to signpost you to appropriate additional support.
If you have any concerns about us using your sensitive information, please let us know by contacting us using any of our contact methods.
Please be aware that if we delete this sensitive information, this may prevent us from acting in your best interests and signposting you to any additional support you may need.
In any event if we believe you or somebody else is in immediate danger of significant injury or death, we may process information relating to your physical and mental health conditions (including sharing this information with the emergency services).
What we need: We need information about you and your debt so that we can contact you and help you to meet your financial objectives. We only receive the minimum personal data needed to recover the debt from you, which means we may not receive a copy of everything that is held by the original creditor.
Why we need it: We use the information to recover the debt from you so that you can become debt free.
What we do with it: We may match the information we receive from your original creditor with information we may hold about you and with information from Credit Reference Agencies (CRAs) and other third parties to allow us to recover the debt from you. This includes using the data to engage with you about the payment of your debt, to conduct data verification and accuracy checks and tracing where you have not responded to a known contact, setting up payment plans, credit reporting,
How long we keep it: 10 years from full account closure
|
| Sonex3 Ltd:
Vulnerability and Collection Services |
Article 6(1)(b): Necessary for the performance of a contract you are a party to
We need to process your personal data on behalf of our client to allow them to comply with contractual obligations and counter-obligations under your contract.
Article 6(1)(c) – to comply with legal obligations related to the contract · Consumer Credit Act 1974 & 2006 · Financial Services & Markets Act 2000 & 2023 · FCA Handbook Principles · Steering Committee on Reciprocity data sharing rules known as the Principles of Reciprocity
Sensitive data: For special category personal data such as health data, we rely on explicit consent and Schedule 1 Part 2(19) of Data Protection Act 2018 which relates to safeguarding your economic well-being.
Where you tell us about something sensitive, for example, your physical or mental health and this has an impact on your ability to repay your debt we will ask you if we can retain the sensitive information and share it with third parties where necessary. We do this to comply with the FCA’s requirements to treat you fairly and assess whether we believe you may be a in a vulnerable situation and need to be sign-posted to additional support, to make sure we treat fairly and deal with you in a way that best suits your needs, that any payment plan is tailored to your circumstances and we communicate with you in an appropriate way.
If you send us sensitive information such as physical or mental health information in writing, by post or email, and the information has an impact on your ability to repay your debt, this will be taken as your explicit consent to allow us to record and use this sensitive information about you
In some circumstances, where it is not possible to obtain your explicit consent, we may use your sensitive personal data, including health data, where we need to process this to safeguard your economic well-being where we reasonably consider that you may be in a vulnerable situation or at economic risk due to your health conditions.
We will only record what is necessary to help us to act in your best interests and signpost you to additional support you may need.
If you have any concerns about us using your sensitive information, please let us know by contacting us using any of our contact methods. Please be aware that if we delete this sensitive information, this may prevent us from acting in your best interests and signposting you to additional support you may need.
In any event if we believe you or somebody else is in immediate danger of significant injury or death, we may process information relating to your physical and mental health conditions (including sharing this information with the emergency services).
What we need: We need information about you and your account(s), so that we can contact you and work with you to help you to meet your financial objectives. We only receive the minimum personal data needed to help you to manage your account, which means we may not receive a copy of everything about you that is held by our client.
Why we need it: We use the information to manage your account and to identify whether you are vulnerable so we can act in your best interests.
What we do with it: We use your personal data to engage with you about your account.
How long we keep it: 6 years from when our relationship with you comes to an end
|
| Lantern group:
Database processing |
Article 6(1)(f) – legitimate interests
You have a legitimate interest in your right to privacy and the protection of your personal data.
Lantern group has a legitimate interest in carrying out processing activities, including data loading, matching and linking and system and services testing to support databases effectiveness and efficiencies.
The following safeguards are in place: · We comply with UK GDPR and Data Protection Act 2018 · We limit the scope and duration of the processing · Where we work with third-party suppliers, we only process under a written contract, which includes confidentiality and data protection obligations · Our employee access to your personal data is role restricted on a need-to-know basis. · We have retention and deletion policies which we follow · We have an overarching Information Management Framework which protects your personal data
On balance we consider that our legitimate interest outweighs your legitimate interests because we will use your personal data for a valid business purpose, with appropriate safeguards in place to protect your privacy and with the aim of ensuring that we hold accurate and timely information about you so that we can use this to help you to meet your financial objectives.
What we need: We need accurate and timely information about you and your account(s).
Why we need it: To ensure that we hold accurate and timely information about you and have effective and efficient databases.
What we do with it: Data loading, matching and linking and system and services testing.
How long we keep it: In line with our retention and deletion policies, we only keep the data for as long as we need it for databases processing purposes.
|
| Lantern group:
Customer and Account Accuracy |
Lawful Basis:
Article 6(1)(b) – Necessary for the performance of a contract you are a party to Article 6(1)(c) – to comply with legal obligations related to the contract · UK GDPR and Data Protection Act 2018 – Accuracy Principle
What we need: Update information and details of any rectifications that need to be made to the information we hold about you.
Why we need it: To ensure that we hold accurate information as we make decisions based on the information we hold.
What we do with it: Update and rectify the information we hold about you.
How long we keep it: In line with our retention and deletion policies, we only keep the data for as long as we need it for customer and account accuracy purposes.
|
| Lantern group:
Credit Reporting |
Lawful Basis: Article 6(1)(c) – to comply with legal obligations related to the contract
· Consumer Credit Act 1974 · Financial Services & Markets Act 2000 & 2023 · FCA Handbook Principles 1 to 11 · Steering Committee on Reciprocity data sharing rules known as the Principles of Reciprocity · Steering Committee on Reciprocity data sharing rules known as the Principles of Reciprocity
What we need: Information about you including name, DOB, contact, financial information, public source data, financial associations with other people.
Why we need it: To ensure the information that we hold about you is accurate, complete and up to date.
What we do with it: We check your credit file and share information about to you CRAs.
How long we keep it: In line with our retention and deletion policies, we only keep the data for as long as we need it for credit reporting purposes.
For more information about how we share information with CRAs, please see our FAQS: Got questions? – Lantern
|
| Lantern group:
Statistical analysis, analytics and profiling and business improvement – including data collected through customer surveys, Websites and Portals. |
Lawful Basis: Article 6(1)(f) – legitimate interests
You have a legitimate interest in your right to privacy and the protection of your personal data.
Lantern group has a legitimate interest in carrying out statistical analysis, analytics and profiling activities to support business effectiveness and efficiencies in how we engage with you to help you to meet your financial objectives and to improve out processes so that you have a good customer journey with us.
The following safeguards are in place: · We comply with UK GDPR and Data Protection Act 2018 · We limit the scope and duration of the processing · Where we work with third-party suppliers, we only process under a written contract, which includes confidentiality and data protection obligations · Our employee access to your personal data is role restricted on a need-to-know basis. · We have retention and deletion policies which we follow · We have an overarching Information Management Framework which protects your personal data
On balance we consider that our legitimate interests outweigh your legitimate interests because we will use your personal data for a valid business purpose, with appropriate safeguards in place to protect your privacy and with the aim of operating more effectively and efficiently in how we engage with you to help you to meet your financial objectives.
What we need: Accurate and timely information about you and your customer journey and interactions with us.
Why we need it: To ensure that our databases hold information about you which is accurate. To improve our business processes.
What we do with it: We use the information in our databases to help us to make decisions about how we engage with you to help you to meet your financial objectives. We may also use it to create models and variables in connection with recovery and trace strategies and for analysis such as loss and revenue forecasting and expected remaining collections. We also use personal data to help us to understand behaviours across our website and customer portal so that we can maintain and improve our online services to you. We use personal data to test, train, monitor, audit our policies, processes and systems to improve the quality of your customer journey, including staff training. We conduct data analysis to identify and monitor risks and market trends. This processing may involve using your personal data only where the aim cannot reasonably be achieved by using test data or anonymised data.
For more information about how our cookies work:
https://lanternuk.com/cookies/ Privacy Policy – Sonex Financial
How long we keep it: In line with our retention and deletion policies, we only keep the data for as long as we need it for statistical analysis, analytics and profiling and business improvement purposes.
|
| Lantern group:
Legal, Audit, Risk and Compliance
|
Lawful Basis: Article 6(1)(c) – to comply with legal obligations related to the contract
· Consumer Credit Act 1974 · Financial Services & Markets Act 2000 & 2023 · FCA Handbook Principles 1 to 11 · Steering Committee on Reciprocity data sharing rules known as the Principles of Reciprocity · UK GDPR · Data Protection Act 2018 What we need: Information about you relating to you, your account and your relationship with us.
Why we need it: To comply with our legal and regulatory obligations including (for example_:
What we do with it: We use your information to ensure we meet our legal and regulatory obligations.
How long we keep it: In line with our retention and deletion policies, we only keep the data for as long as we need it for legal, audit, risk and compliance purposes.
|
| Lantern group:
Data Protection – data rights
|
Lawful Basis:
Article 6(1)(c) – legal obligation · Data Protection Act 2018 and UK GDPR Article 9 (2)(g) – substantial public interest based on union or member state law · Data Protection Act 2018 and UK GDPR
What we need: Details of your request, information to confirm your identity, information to satisfy your request
Why we need it: To deal with any Internal Review or ICO Complaint
What we do with it: We use the information to meet our legal obligations under data protection laws and to satisfy your data rights request
How long we keep it: In line with our retention and deletion policies, we only keep the data for as long as we need it for data protection – data rights purposes.
|
| Lantern group:
Services and Outsource Management |
Lawful Basis: Article 6(1)(c) – to comply with legal obligations related to the contract
What we need: Information about you and your account with us or with one of our clients.
Why we need it: To instruct third parties so that we can deliver the best outcome for you. If a third-party processes your personal data, we will have a written contract in place to make sure they protect your personal data in line with UK GDPR and DPA 2018.
What we do with it: Share the information under a written contract through a secure transfer mechanism to allow the third parties to act on our behalf.
How long we keep it: In line with our retention and deletion policies, we only keep the data for as long as we need it for Services and Outsource Management purposes.
|
| Lantern group:
Complaints |
Lawful Basis: Article 6(1)(c) – to comply with legal obligations related to the contract
· Consumer Credit Act 1974 · Financial Services & Markets Act 2000 & 2023 · FCA Handbook Principles 1 to 11 · Steering Committee on Reciprocity data sharing rules known as the Principles of Reciprocity · UK GDPR · Data Protection Act 2018 Article 6(1)(a) consent and Article 9 (2)(a) – explicit consent for sensitive data, e.g. health.
What we need: Information about you and your account with us or with one of our clients, details of the complaint, investigation information, Financial Ombudsman Service and Financial Conduct Authority and information.
Why we need it: To deal with any complaint you make about us or one of our clients.
What we do with it: We use the information to respond to your complaint through to final closure.
How long we keep it: In line with our retention and deletion policies, we only keep the data for as long as we need it for complaints purposes.
|
|
Lantern group: Visitor safety and security (including CCTV at our premises) |
Lawful Basis: Article 6(1)(c) – legal obligation · Health and Safety at Work Act 1974 · Prevention and detection of crime
What we need: Images of you, references and links to your account Why we need it: For crime prevention and health and safety purposes if you visit our premises.
What we do with it: We retain the footage for evidential and audit purposes.
How long we keep it: 90 days, or until internal investigations, formal action, or law enforcement sharing has concluded (whichever is longer).
|
| Lantern group:
Criminal Offence Data relevant to the management of your account or crime and fraud prevention |
Lawful Basis: Article 6(1)(c) – to comply with legal obligations related to the contract
Article 9 (2) (a) – explicit consent – assumed where you tell us or instruct an authorised third party to tell us (verbally or in writing or under a power of attorney) about your convictions Article 9 (2)(g) – substantial public interest based on union or member state law DPA 2018 Schedule 1 Part 2 (10) Preventing or detecting unlawful acts DPA 2018 Schedule 1 Part 2 (14) – Preventing fraud
What we need: Prison name, prison number, date of conviction and length of sentence. We may also use publicly accessible information, e.g., from a media search, to confirm the accuracy of any information about your criminal convictions.
Why we need it: So, we can deal with your accounts in the best way to suit your circumstances and treat you fairly and ethically.
What we do with it: We will use this information for the purposes of crime and fraud prevention and for complying with our legal and regulatory obligations, e.g., under the anti-money laundering and counter-terrorist financing legislation.
How long we keep it: In line with our retention and deletion policies, we only keep the data for as long as we need it for the management of your account(s) or crime and fraud prevention purposes.
|
| Lantern group:
Protecting Life |
Lawful Basis: Article 6(1)(g) – Vital interests
What we need: Information relating to the risk of treat to life so significant injury.
Why we need it: To prevent death or serious injury to you or another person.
What we do with it: Share the information with appropriate third parties such as the Police or other emergency services.
How long we keep it: In line with our retention and deletion policies, we only keep the data for as long as we need it for the purpose of protecting life.
|
Who do we share your personal data with?
The Lantern group may share your personal data to another organisation, where it has a valid business reason and a lawful basis to do so, including the following:
- Credit Reference Agencies
The Lantern group may share your personal data with Credit Reference Agencies (‘CRAs’) in order to comply with the Principles of Reciprocity.
The Principles of Reciprocity are industry standards that ensure credit information is shared fairly, consistently, and responsibly between lenders and CRAs. This helps to maintain accurate credit records, supports responsible lending, and protects the wider credit system.
Lawful basis – Article 6(1)(c) – legal obligation.
To find out more about the CRAs we share with and how they process your personal data please visit:
TransUnion: www.transunion.co.uk/crain
Equifax: www.equifax.co.uk/crain
Experian: www.experian.co.uk/crain
- Specialist Data Organisations
The Lantern group may also share your personal data with specialist data organisations.
The reason we do this is for the purposes of tracing and data cleansing so that we can make sure that the information we have about you is accurate so that we can contact and engage with you about your debt and also to gather information to allow us to conduct trend, vulnerability and affordability analysis so that we can offer you the best customer journey based on your likely circumstances. Article 6(1)(f) – legitimate interests.
TransUnion International UK Ltd – To find out more please visit:
https://www.transunion.co.uk/legal/privacy-centre/pc-general
If you have a query about how TransUnion process your personal data, please contact them: https://www.transunion.co.uk/consumer/consumer-enquiries
Data on Demand Ltd – To find out more please visit:
https://dataondemand.co.uk/personal-data-privacy-notice/
If you have a query about how Data on Demand process your personal data, you should email: [email protected]
GB Group plc –To find out more please visit:
Products and services privacy policy | GBG
Individual Data | General Enquiry | GBG
- Third-Party Online Benefits Screening and Full Benefits Calculator – Policy in Practice Ltd
Benefits Screening Tool
We use Policy in Practice to provide a benefits screening tool. The screening tool will run automatically when you complete an income and expenditure on our Portal and tell you whether you may be eligible to any/additional benefits.
Lawful Basis: UK GDPR Article 6(1)(f) – legitimate interests
Legitimate Interest Assessment:
We have a legitimate interest because we have a valid business reason to conduct the processing so that we can treat you fairly and ethically by helping you to understand whether you may be eligible to any/additional benefits.
You have a legitimate interest in your data privacy and protection.
The processing is necessary because it will give you vital insight into additional benefits that may be available to you.
We have told you about this processing in this notice and we are authorised by the FCA which means we must treat you fairly, ethically and lawfully.
There will be minimum impact on you because:
- We have complied with UK GDPR and Data Protection Act 2018
- We have conducted due diligence and have a written contract with Policy in Practice which restricts and controls their processing of your personal data
- Limited personal data is used for the screening (none of it sensitive)
- You have the choice whether to process more personal data (including some sensitive personal data) in the full calculator or not
- We have an overarching Information Management Framework which protects your personal data
- Our employee access to your personal data is role restricted on a need-to-know basis.
- We have retention and deletion policies which we follow
Lantern group considers that your legitimate interests in data privacy do not outweigh Lantern group’s legitimate interest in the processing because the processing is limited in scope, no sensitive data is processed, and the processing offers a vital outcome for you; namely informing you of the possibility of new or additional benefits that you might be eligible to apply for.
Full Benefits Calculator
You are free to choose whether you want to complete a full benefits assessment by:
Making a benefits application directly: Benefits – GOV.UK
Seeking advice from Citizen’s Advice: Benefits – Citizens Advice
Following a link to the Policy in Practice full online calculator: https://betteroffcalculator.co.uk/
Online Portal and Payment Services and Payment Merchants Suppliers
Lawful Basis: UK GDPR Article 6(1)(b) – Necessary for the performance of a contract you are a party to
- Portal Service Providers
We use a third-party called DebtSteam Solutions Ltd to provide our Portal services to you.
DebtSteam Solutions Ltd – To find out more please visit: Privacy Policy – DebtStream
We use a third-party payment service when we take online payments from you:
Acquired Ltd – To find out more please visit: Our Privacy Policy | Acquired.com
We also use third-party payment merchants to process online payments:
Trust Payments – To find out more please visit: Privacy notice | Trust Payments
Cashflows Europe Ltd – To find out more please visit: Privacy Policy | Cashflows
We may also share your personal data with other third parties where we have a lawful basis to do so.
Where we share your personal data with a third-party services provider, we will only do so where we have a written contract with them to protect your personal data.
How to raise a query on your Credit File
- Please note that any queries relating to your personal credit file should be raised directly with the relevant Credit Reference Agency:
- Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS
Tel Number: 0844 335 0550
Website: https://www.equifax.co.uk
- Experian Ltd, Customer Support Centre, PO Box 9000, Nottingham, NG80 7WF
Tel Number: 0800 013 8888
Website: https://www.experian.co.uk
- TransUnion International UK Ltd, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ
Tel Number: 0330 024 7574
Website: https://www.transunion.co.uk
For more information about how we share your personal data with CRAs please read our FAQs: Got questions? – Lantern
Our Service Providers
The categories of third-party recipients of your personal data include:
- Courts
- Communications Providers, including email and SMS providers
- Customer Service Companies, such as Customer Survey companies
- Debt Management Companies and Third-Party Representatives, such as Insolvency Practitioners or Carers, where you have appointed them to assist you with managing your debts
- Information Technology processors, including software, website, analytics and hosting services providers
- Legal Services companies, where legal action is required to recover monies owed by you, including asset claims in bankruptcy
- Management Consultancies
- Original Creditors
- Benefits Calculator service provider
- Outsource Partners, such as debt recovery, tracing, reconnection and engagement specialists, who assist us with the recovery of outstanding debts
- Payment Services including online payment processors and merchants
- Professional Services Firms, for example, solicitors, auditors, accountants
- Regulators, including the Financial Conduct Authority (FCA), Financial Ombudsman Service (FOS), Prudential Regulation Authority (PRA) and the Information Commissioner’s Office (ICO)
- Specialist Data Organisations to ensure the information we hold about you is as accurate and up to date as possible, and to allow us to perform strategy, trend and affordability analysis.
- Law enforcement and emergency services.
- Fraud Prevention organisations
- His Majesty’s Revenue and Customs
- You – where you request a copy of your personal data – see below
Preventing and Detecting Crime
Sometimes we must share your personal data with Law Enforcement Agencies (including Government Agencies) to prevent and detect crime or fraud or for safeguard purposes, either on request or because a court orders us to do so. We may not have to tell you if we do share in this way, if this would undermine the purpose of the sharing.
How long do we keep your personal data?
We will keep your personal data in accordance with our Data Asset Register (Record of Processing Activity) and our Data Retention Standard only for as long as we need it to fulfil a valid business reason.
Where it is not possible to delete or anonymise any of expired personal data due to technical or organisational reasons, it will be put beyond use.
What rights do you have?
- Right to be Informed
You have the right to be informed about how we process your personal data.
This notice fulfils this obligation.
- Right to Request Access to your Personal Data
You have the right to request a copy of the personal data that we process as a controller, also known as a Subject Access Request or SAR.
Lantern Debt Recovery Services Limited:
Lantern Debt Recovery Services Limited (‘LDRS’) through a legal assignment purchased the legal rights under your credit agreement between you and your original lender. We are the controller of the personal data that your original lender transferred to us under the assignment. Not all your personal data was transferred to us – we only became controller of the personal data necessary to recover the balance from you.
If you make a request to LDRS we will provide a copy of your personal data that we hold as soon as possible but please be aware this could take up to a calendar month. In exceptional cases it may take us up to a further two months, but we will notify you if this is the case and the reason for the delay.
Please note that you can access and update your personal data through our online Portal:
You would need to contact your original lender to access a copy of any of your personal data that was not transferred to us.
Sonex3 Ltd:
Your lender or services provider remains the controller of your personal data.
Right of access/subject access/SAR requests can be sent to Sonex3 Ltd but these will be sent to your lender or services provider who will respond to your directly.
- Right to Request Rectification
Lantern Debt Recovery Services Limited:
You have the right to request that your personal data is amended, if inaccurate or incomplete
Lantern may make decision based on the information it holds about you. It is important that you keep your information up to date and inform us of any changes.
Please note that you can update your personal data through our online Portal:
Sonex3 Ltd:
Your lender or services provider remains the controller of your personal data.
Requests should be sent directly to your lender or services provider.
- Right to Request Erasure
Lantern Debt Recovery Services Limited:
You have the right to request erasure of your personal data, if it is no longer required to be kept in law or is needed for a valid business purpose.
This is not an automatic right and so where we have a valid business reason to keep your personal data, we may legally refuse your request.
Sonex3 Ltd:
Your lender or services provider remains the controller of your personal data.
Requests should be sent directly to your lender or services provider.
- Right to Request Restriction
Lantern Debt Recovery Services Limited:
You have the right to request that the processing of your personal data is restricted. This is not an automatic right and so where we have a valid business reason to keep using your personal data, we may legally refuse your request.
Sonex3 Ltd:
Your lender or services provider remains the controller of your personal data.
Requests should be sent directly to your lender or services provider.
- Right to Object
Lantern Debt Recovery Services Limited:
You have the right to object to your personal data being processed.
This is not an automatic right and so where we have a valid business reason to keep using your personal data, we may legally refuse your request.
Sonex3 Ltd:
Your lender or services provider remains the controller of your personal data.
Requests should be sent directly to your lender or services provider.
- Right to Data Portability
Lantern Debt Recovery Services Limited:
You can ask us to transfer a copy of your personal data you gave us to another organisation, or to you.
Sonex3 Ltd:
Your lender or services provider remains the controller of your personal data.
Requests should be sent directly to your lender or services provider.
- The right not to be subject to a decision based solely on automated processing, including profiling
Automated Decision Making – Lantern Debt Recovery Services Limited
We operate several automated systems which include third-party systems that help us to make decisions about you, including whether to take legal or enforcement action.
We do this to help us to make quicker decisions which are fair, efficient and accurate based on the information that we have about you.
Lawful Basis: UK GDPR – Article 6(1)(b) – Necessary for the performance of a contract you are a party to
The possible impacts on you are:
You may have to be involved in court proceedings and judgment maybe entered against you if you do not pay the balance/settle or successfully defend the case
We will report to the CRAs about the action we take which may have a negative impact on your credit score and your ability to borrow monies or get credit in the future.
We have safeguards in place to:
- check that the information that we hold about you and use for making automated decisions is accurate and up to date, and
- test the credit scoring methods and the mathematical model we use on a regular basis to make sure that they are fair, effective and unbiased.
You have the Right to ask us for human review and intervention of any automated decisions we have made about you.
Profiling – Lantern group
We conduct profiling by using mathematical models to predict how likely you are to pay your balance or respond to our communications. We use the profiles created to help us to decide what is likely to be the best way for us to work with you to manage your account and to achieve your financial objectives.
Lawful Basis – UK GDPR Article 6(1)(f) – legitimate interests
Legitimate Interest Assessment:
We have a legitimate interest because we have a valid business reason to conduct the processing so that we can work out the best way for us to work with you to manage your account, working with you so you can meet your financial objectives to become debt free.
You have a legitimate interest in your data privacy and protection.
The processing is necessary because it will allow us to engage with you in the best way to collect the balance owed by you based on your circumstances so that we can offer a suitable and affordable payment plan. It allows us to improve our services to you. For Sonex3 Ltd customers it allows us to provide credit management solutions to your lender or services provider and helps support the ongoing relationship you have with them.
We have told you about this processing in this notice and we are authorised by the FCA which means we must treat you fairly, ethically and lawfully.
There will be minimum impact on you because:
- We have complied with UK GDPR and Data Protection Act 2018
- We have conducted due diligence and have written contracts with the third parties we work with
- We have an overarching Information Management Framework which protects your personal data
- Limited personal data is used
- Our employee access to your personal data is role restricted on a need-to-know basis.
- We have retention and deletion policies which we follow
Lantern group considers that your legitimate interests in data privacy do not outweigh Lantern group’s legitimate interest in the processing because the processing is limited in scope, and the processing ensures that we work out the best way for us to work with you to manage your account, working with you to help you to meet your financial objectives and to become debt free.
You have a Right to Object to Profiling.
Artificial Intelligence
Copilot and Otter AI
We are trialling the use of Microsoft 365 Copilot (‘Copilot’) and Otter AI to enhance staff productivity and efficiency.
Copilot and Otter AI use large language models (LLMs), a type of artificial intelligence (‘AI’) algorithm that uses deep learning techniques to understand, summarise, predict, and generate content.
Please note that no decisions affecting customers will be made solely on the basis of outputs from Copilot or Otter AI. Human oversight is always applied to review and verify results.
Any future use of Copilot or Otter AI beyond the trial will be subject to our risk assessment processes and this privacy notice will be updated accordingly.
Webio- Chat Bot
Lantern group uses the Webio Chat Bot to assist with customer communications. When you contact us through our portal, SMS or WhatsApp, we may use artificial intelligence (‘AI’) to analyse your messages.
Webio AI analyses the information you provide to us, including understanding what your inquiry is about, what you need from us and looks for key information about any vulnerabilities.
We do this to help us to route your conversation to the best option for you based on what you tell us, either a chat bot or human agent.
If you communicate with our chat bot, it will not make automated decisions that would significantly affect you.
If you communicate with our chat bot but then wish to exit the conversation you can do so at any time and use instead one of our other contact methods, including speaking to a human agent.
Should you wish to exercise any of your rights, you can write to:
Lantern Debt Recovery Services Limited:
Data Protection Officer, Lantern Debt Recovery Services Limited, Protection House, 83 Bradford Road, Stanningley, Pudsey, LS28 6AT or by emailing your request to [email protected].
Sonex3 Ltd:
Data Protection, The Beacon, Dafen, Llanelli, Carmarthenshire SA14 8LQ or by emailing your request to: [email protected]
Please note that making a request to exercise any of your data rights does not automatically mean that the request will be upheld but where we do not uphold your request, we will explain why.
International transfers
All Lantern group companies are based in the UK, but some of our electronic information may be stored outside the United Kingdom (‘UK’) and European Economic Area (‘EEA’). Normally your personal data will not be transferred outside the UK and EEA by Lantern group or third-party suppliers. If your personal data is transferred outside the UK, Lantern group will make sure that suitable safeguards are in place to protect your personal data.
Right to Complain
If you are unhappy with our response to any data rights request, you have the right to request an internal review.
An independent decision maker will look at the request afresh and provide a final response – we will aim to provide the final response as soon as possible, but no later than within a calendar month.
In exceptional circumstance we may need to extend the time for completing a response to a data request or internal review. We will contact you to explain the reason for any extension of time.
If we cannot resolve your concerns, then you may complain to the Information Commissioner’s Office: https://ico.org.uk/.
You have the right to make a claim through the Courts.
Further Processing
Lantern group processes personal data for other purposes – we have separate privacy notices for:
- Recruitment and Employment – available on request to staff
- Lantern Debt Recovery Services Limited Cookies – https://lanternuk.com/cookies/
Sonex3 Ltd Cookies – https://sonexfinancial.com/cookie-policy/
How we protect your data
We use appropriate technical and organisational controls to protect your personal data and operate an overarching Information Management System.
Your Choices
Lantern group is committed to communicating with you using your preferred contact method and channels wherever possible. However, failure to respond to our communications will result in other contact methods being used or previous contact methods or channels being reinstated.
If you wish to update your contact details or preferences:
Lantern Debt Recovery Services Limited:
Portal: Lantern Self-Service Portal
Phone: 0113 8876 876
Email: [email protected]
Sonex3 Ltd:
Phone: 0330 100 3867
Email: [email protected]
Other information
Details of our Complaints Procedure can be found at: https://www.lanternuk.com/downloads/Lantern_Customer_Complaints_Procedure.pdf
You can lodge a concern with the Financial Ombudsman Service (‘FOS’) in relation to a regulated account, if you feel that we have incorrectly handled a complaint you made to us. Further information can be found in our Complaints Procedure, or by visiting the FOS website: http://www.financial-ombudsman.org.uk.
Lantern will never initiate any marketing activities with you or sell your personal data to other organisations for marketing purposes.
Please note that telephone, webchat and SMS messages may be recorded for training, quality assurance and audit purposes.
This privacy notice was last reviewed: 04.09.25