Privacy Notice
How we process our customers’ personal information
Lantern is one of the leading debt purchase companies within the UK. We specialise in buying non-performing loans in the alternative lending sector. We pride ourselves on being open and honest with all our customers, which includes being transparent around how we process personal data.
The address for the Registered Office is Protection House, 83 Bradford Road, Leeds, LS28 6AT.
We are authorised and regulated by the Financial Conduct Authority (FCA). We are also registered as a Data Controller as defined under the Data Protection Law with the Information Commissioner’s Office (ICO).
Who we are
Lantern Debt Recovery Services Limited (Lantern) is a debt purchase company registered in the UK under Company Number 06637307. Lantern is committed to protecting your personal data. This notice explains how and why Lantern processes your personal data.
Who controls the use of your personal data?
Lantern is the Data Controller of your personal data unless we say otherwise in this notice. Lantern controls why and how we use your personal data.
Data Protection Officer
Lantern’s Data Protection Officer monitors how Lantern uses your personal data.
You can contact our Data Protection Officer by post at: Lantern Debt Recovery Services Limited, Protection House, 83 Bradford Road, Leeds, LS28 6AT, or by email at: [email protected]
How to contact us
You can contact us by post at Lantern Debt Recovery Services Limited, Protection House, 83 Bradford Road, Leeds, LS28 6AT or you can visit https://lanternuk.com/get-in-touch/ to see all the different contact options available to you.
Links to other websites
Some of the hyperlinks provided in this Notice will lead you to websites which are not under our control. Once you leave our website, we are unable to accept responsibility for the protection of any personal data that you provide to/through the other websites. We encourage you to read the privacy notices and cookie policies on the other websites that you visit.
What personal data do we collect and where from?
The personal data we collect depends on our contact and relationship with you, but it could include:
| Categories | Types | Sources |
| Website and customer portal users | Internet Protocol (IP) address, Browser type/version, browsing behaviour on our site, including the pages that you visit, the time spent on those pages and the date and time of your visit, geolocation data. | Direct from you. |
| Customers including potential customers | Name, address, gender, date of birth, contact information, including your current and previous phone numbers and email addresses, account details, including references and outstanding balance, financial and credit score, credit and payment history, information, employment information, including your current employment status, information about your circumstances including vulnerability information, which will help us to identify that you may need additional support from us. Examples may include, but are not limited to, information about your physical and mental health conditions, or recent life events such as new caring responsibilities, bereavement, or redundancy. Any other information you choose to provide that helps us to have better interactions with you. | Direct from you.
From your original lender. From Credit Reference Agencies. From specialist data organisations. From third party suppliers working on our behalf. From Debt Management Partners representing you. From third parties authorised to represent you. |
| Third Parties | Name, address, contact information, including phone number and email address.
Any other information, which helps us to have better interactions with you or the customer. |
Direct from Third Party. |
| Suppliers and organisations engaged in debt sale | Name, address and contact information, including phone number and email address. | Direct from you or your organisation. |
Before Lantern buys your debt
So that Lantern may make a bid to buy your debt from the original lender, we may receive some of your personal data.
Lantern may use this to conduct due diligence, data verification, credit checks and pricing activities. When using your personal data for this purpose, Lantern is a data processor and may only process your personal data on the written instructions of the original lender.
After Lantern buys your Debt
Once Lantern buys your debt from your original Lender, Lantern takes on all the legal rights to recover the debt that you owe under your consumer credit agreement.
The original lender transfers to Lantern a copy of the personal data needed by Lantern to recover the debt from you. Lantern becomes the data controller of the transferred personal data.
Lantern will only receive the minimum personal data needed to recover the debt from you, which means Lantern may not receive a copy of everything that is held by the original lender.
Why do we process your personal data and what are our lawful basis?
Lantern’s main reason for using your personal data is for debt recovery purposes, these include:
- The purchase of your debt.
- Tracing your current address and contact details, to assist us in recovering the money you owe us.
- Checking your identity and residential status, to make sure the information we hold for you is as accurate and as up to date as possible.
- Sending regulatory notices and other communications relating to your account including, statements, payment reminders, formal reminders and notices to support you in becoming debt free, offering support and informing you of forthcoming changes.
- Assessing affordability before we agree a payment plan with you to recover the money you owe us, to make sure that the payments we agree are sustainable and affordable for you.
- Processing payment arrangements and ad hoc payments, as requested by you, or your authorised third-party representative.
- Detecting, investigating, and reporting financial crime, and taking measures to prevent the same.
- Responding to queries and disputes in relation to your account, as requested by you, or your authorised third-party representative.
What are our lawful basis?
| Why we process | Lawful Basis |
| Debt recovery | Article 6(1)(b) – performance of a contract
Lantern purchased your debt from your original lender. This means that the legal rights to recover the debt under your original credit agreement with the lender have been transferred to Lantern. Lantern processes your personal data to comply with the contractual obligations and counter-obligations under the transferred agreement. Article 6(1)(c) – to comply with legal obligations related to the Agreement:
Article 6(1)(a) consent and Article 9 (2)(a) – explicit consent for sensitive data, e.g. health. Where you tell us about something sensitive, for example, your physical or mental health and this has an impact on your ability to repay your debt we will ask you if we can retain the sensitive information and share it with third parties where necessary. If you send us sensitive information such as physical or mental health information in writing, by post or email, and, the information has an impact on your ability to repay your debt, this will be taken as your explicit consent to allow us to record and use this sensitive information about you. We will only record what is necessary to help us to act in your best interests and offer any additional support you may need. If you change your mind about us using your sensitive information, please let us know by contacting us using any of our contact methods. Please be aware that doing this may prevent us from acting in your best interests and offering you any additional support you may need. |
| Debt purchase | Article 6(1)(b) – performance of a contract
Article 6(1)(f) – legitimate interests Lantern is a data processor and may only process your personal data on the written instructions of the original lender for the purposes of potential debt purchase – see Before Lantern buys your debt. |
| Legal, Audit, Risk and Compliance | Article 6(1)(c) – legal obligation under:
|
| Data rights | Article 6(1)(c) – legal obligation under Data Protection Act 2018 and UK GDPR
Article 6(1)(a) consent and Article 9 (2)(a) – explicit consent for sensitive data, e.g. health. |
| Supplier Management | Article 6(1)(b) – performance of a contract
Lantern may use a third party to deliver the best possible services. If a third supplier processes your personal data, we will have a written agreement in place to make sure they agree to protect your personal data in line with Data Protection laws. |
| Complaints Process | Article 6(1)(b) – performance of a contract
Article 6(1)(c) – legal obligation under:
Article 6(1)(a) consent and Article 9 (2)(a) – explicit consent for sensitive data, e.g. health. |
| Visitor safety and security | Article 6(1)(c) – legal obligation under Health and Safety at Work Act 1974 |
| Improve our services to you (including customer surveys) | Article 6(1)(f) – legitimate interests
We use personal data to test, train, monitor, audit our policies, processes and systems to and improve the quality of our services, including staff training. We conduct data analysis to identify and monitor risks and market trends. This activity may involve using your personal data only where the same cannot reasonable be achieved by using test data or anonymised data. |
| Website and Portal improvement | Article 6(1)(f) – legitimate interests
We use personal data to help us to understand behaviors across our website and customer portal so that we can maintain and improve our online services to you. For more information about how our Cookies work: https://lanternuk.com/cookies/. |
Who do we share your personal data with?
Lantern may share your personal data to another organisation, where it has a valid business reason and a lawful basis to do so, including the following:
1. Credit Reference Agencies
Lantern shares your personal data with Credit Reference Agencies (CRAs) to satisfy the Principles of Reciprocity. Lawful basis – Article 6(1)(c) – legal obligation.
To find out more about the CRAs we share with and how they process your personal data please visit:
TransUnion: www.transunion.co.uk/crain
Equifax www.equifax.co.uk/crain
Experian: www.experian.co.uk/crain
2. Specialist Data Organisations
Lantern may also share your personal data with specialist data organisations such as Data on Demand and TransUnion.
The reason we do this is for the purposes of tracing and data cleansing so that we can make sure that the information we have about you is accurate so that we can contact and engage with you about your debt and also to gather information to allow us to conduct trend, vulnerability and affordability analysis so that we can offer you the best customer journey based on your likely circumstances. Article 6(1)(f) – legitimate interests.
TransUnion – To find out more please visit:
https://www.transunion.co.uk/legal/privacy-centre/pc-general
If you have a query about how TransUnion process your personal data, please contact them: https://www.transunion.co.uk/consumer/consumer-enquiries
Data on Demand – To find out more please visit:
https://dataondemand.co.uk/personal-data-privacy-notice/
If you have a query about how Data on Demand process your personal data, you should email: [email protected]
How to raise a query on your Credit File
Please note that any queries relating to your personal credit file should be raised directly with the relevant Credit Reference Agency:
- Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS
Tel Number: 0844 335 0550
Website: https://www.equifax.co.uk
- Experian Ltd, Customer Support Centre, PO Box 9000, Nottingham, NG80 7WF
Tel Number: 0800 013 8888
Website: https://www.experian.co.uk
- TransUnion, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ
Tel Number: 0330 024 7574
Website: https://www.transunion.co.uk
Our Service Providers
We may also share your personal data with Government Agencies, or, Private Service Providers where we have a written contract with them to protect your personal data, such as:
- Courts
- Communications Providers, including email and SMS providers
- Customer Service Companies, such as Customer Survey companies
- Debt Management Companies and Third-Party Representatives, such as Insolvency Practitioners or Carers, where you have appointed them to assist you with managing your debts
- IT, Software, Website Analytics and Hosting Service providers
- Legal Services companies, where legal action is required to recover monies we are owed by you, including asset claims in bankruptcy
- Management Consultancies
- Original Creditors
- Outsource Partners, such as debt recovery, tracing, reconnection and engagement specialists, who assist us with the recovery of outstanding debts
- Payment Services
- Professional Services Firms, for example, solicitors, auditors, accountants
- Regulators, including the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA) and the Information Commissioner’s Office (ICO)
- Specialist Data Organisations to ensure the information we hold about you is as accurate and up to date as possible, and, to allow us to perform strategy, trend and affordability analysis.
Preventing and Detecting Crime
Sometimes we must share your personal data because of a legal requirement or because a court orders us to do so or with Law Enforcement Agencies to prevent and detect crimes. We may not have to tell you if we do share with organisations in this way if this would undermine the purpose of the sharing.
How long do we keep your personal data?
We will keep your personal data in accordance with our retention periods and only for as long as is reasonably necessary to fulfil its purpose.
What rights do you have?
Under the UK GDPR, you have the right to be informed about how we process your personal data. This notice fulfils this obligation.
You also have the right to:
- Request a copy of your personal data, also known as a Subject Access Request.
- Request that your personal data is amended, if inaccurate or incomplete. Lantern may make a decision based on the information it holds about you. It is important that you keep your information up to date and inform us of any changes.
- Request erasure of your personal data, if it is no longer required to be kept in law or is needed for a valid business purpose. This is not an automatic right and so where we have a valid business reason to keep your personal data, we may legally refuse your request.
- Request that the processing of your personal data is restricted.
- To object to your personal data being processed. This is not an automatic right and so where we have a valid business reason to keep using your personal data, we may legally refuse your request.
- To ask that we transfer the personal data you gave us to another organisation, or to you.
- The right not to be subject to a decision based solely on automated processing, including profiling, if this will have a legal or other significant effect on you.
We do not use any fully automated decision-making processes. We may use profiling of personal data, including using the services of specialist data organisations who conduct profiling. Profiling may be used, for example to identify whether you are likely to be vulnerable or whether it might be appropriate to act on your account. This will involve your account data, including your personal data, being subject to a scoring process but the decision to take any action that might have a significant effect on you will involve a human decision maker. You have the right to request a review of any decision made using profiling.
Should you wish to exercise any of your rights, you can write to our Data Protection Officer at Data Protection Officer, Lantern, Protection House, 83 Bradford Road, Leeds, LS28 6AT or by emailing your request to [email protected].
International transfers
Lantern is based in the UK but some of our electronic information may be stored outside the UK. Normally your personal data will not be transferred outside the UK. If your personal data is transferred outside the UK, Lantern will make sure that suitable safeguards are in place to protect your personal data.
Right to Complain
If you have any concerns about the way we have handled your personal data or would like any further information, then please contact our DPO using the details provided above.
If we cannot resolve your concerns, then you may complain to the Information Commissioner’s Office: https://ico.org.uk/.
You have the right to make a claim through the Courts.
Further Processing
Lantern processes personal data for other purposes – we have separate privacy notices for:
- Recruitment and Employment – available on request to staff
- Cookies – https://lanternuk.com/cookies/
Your Choices
Lantern is committed to communicating with you using your preferred contact method and channels wherever possible. However, failure to respond to our communications will result in other contact methods being used or previous contact methods or channels being reinstated. If you wish to update your contact details or preferences, you can send a request by email to [email protected], or you can call 0113 8876 876 and speak to one of our customer service agents.
Other information
Details of our Complaints Procedure can be found at: https://www.lanternuk.com/downloads/Lantern_Customer_Complaints_Procedure.pdf
You can lodge a concern with the Financial Ombudsman Service (FOS) in relation to a regulated account, if you feel that we have incorrectly handled a complaint you made to us. Further information can be found in our Complaints Procedure, or by visiting the FOS website: http://www.financial-ombudsman.org.uk.
Lantern will never initiate any marketing activities towards you or sell your personal data to other organisations for marketing purposes.
Please note that telephone, webchat and sms messages may be recorded for training, quality assurance and audit purposes.
This privacy notice was last reviewed: 02 August 2024