As one of the UKs leading debt purchasers, we receive the personal data of customers following the successful purchase of a debt from an original lender.
Our legal basis for retaining and processing such personal data is for the recovery of the outstanding debts. Once we have purchased an outstanding debt, we become the data controller of the personal information relating to the customer and take on the legal rights previously held by the original lender.
The personal data retained and processed relating to our customers include:
- Date of Birth;
- Telephone Numbers;
- Email Address;
- Financial and Credit Score Information;
- Employment Status;
- National Insurance Number (in some instances).
There may be instances in which we retain and process sensitive data as defined under Data Protection Law. Should such instances arise, we will ensure we receive the explicit consent, directly from our customers prior to the processing.Customers have the right to withdraw their consent for us to process sensitive information at any time
Possible categories of sensitive data include:
- Physical and Mental Health Information.
The information collected by us may be processed for the following defined reasons:
- Verifying the identity of customers and their residential status, and doing our best to ensure this information is accurate and up-to-date;
- Assessing affordability prior to entering into a payment arrangement which ensures payments agreed are sustainable and affordable;
- Processing of payment arrangements and adhoc payments as consented by the customer;
- Detecting, preventing and investigating potential and actual fraud and other such related activities;
- Fulfilling all aspects in relation to any agreement or accounts, including but not limited to complaints, disputes and queries;
- Tracing customers and recovering outstanding debts;
- Performing statistical analysis to identify and monitor risks and emerging market trends.
How Personal information is obtained:
We receive personal information relating to customers following the successful purchase of debts from original lenders.
In addition to the above and in order to comply with the principles governed by Data Protection Law, we may use the following channels to ensure the information we hold, relating to customers is accurate and where possible up to date. This is to also enable us to meet our needs in recovering outstanding debts.
The external resources utilised to ensure data retained is accurate and up-to-date include:
- CRAs including TransUnion, Experian and Equifax.
Who personal information may be shared with:
Throughout the course of the debt recovery journey, there may be instances in which we have to disclose customer information to organisations external to Lantern.
We only disclose information where there is a clearly defined legitimate reason in doing so.
In order to verify a customer’s identity, Lantern may utilise third party organisations including but not limited to; TransUnion, Equifax and Experian. Such processing is performed to ensure the most up-to-date information is retained. Potential information received from such third parties include;
- Residential Address;
- Residential Status;
- Date Of Birth;
- Email Address (if applicable);
- Contact Telephone Numbers (Home and Mobile).
We will only send communications via email and text where the details have been appropriately verified. Customers can change their contact permissions at any time by contacting the Customer Services department on 0113 887 6876 or emailing [email protected].
Personal information, the status of account, details of payment plans and any defaulted plans* will be shared with CRAs.
*Any defaults registered with CRA will remain on an individuals credit reports for a period of 6 years.
We may from time to time pass personal information of customers onto contracted organisations in the following instances:
- To outsource partners who assist in the recovery of any outstanding debts. Lantern will ensure customers remain up–to-date and aware of such data sharing activities;
- Where the process of litigation has been instigated against a customer;
- The disclosure is required in order to recover assets associated with a debt;
- Ensure customer credit reports are accurate and up-to-date;
- When customers have entered into a payment plan with an appointed Debt Management Company;
- To detect, investigate and prevent, potential or actual fraud;
- To meet our regulatory obligations as defined by the Financial Conduct Authority (FCA) and the Information Commissioner's Office (ICO).
We only disclose the personal data of customers with other organisations once appropriate contractual agreements are in place. Such agreements ensure third parties processing personal data, of which we are responsible, are doing so in accordance with all associated laws, regulations and as per our instructions.
We may pass customer information onto approved Customer Survey Partners who conduct satisfaction surveys on our behalf and as per our instruction.
We will never share or transfer personal information outside of the European Economic Area (EEA) unless appropriate technological and security measures are in place offering adequate protection.
Information held by us:
Customer information will be retained for the period in which an account remains active. Upon closure, personal information will only be retained in order to comply with our associated financial obligations.
Personal information will be securely disposed of when no longer required using appropriate technological measures.