Your privacy matters
Who we are

Lantern is one of the leading debt purchase companies in the UK. We specialise in buying non-performing loans predominantly in the financial services sector, especially where customers require a more tailored approach to help them to reduce their debts. If you are a Lantern customer, this means we have bought your account and will use your personal data to work with you to clear your debt with dignity. We pride ourselves on being open and honest with our customers, which includes being transparent about how we process your personal data.

Lantern is the trading name of Lantern Debt Recovery Services Limited (Company Number 06637307) and our registered office is at Protection House, 83 Bradford Road, Leeds, LS28 6AT.

If you need to get in touch with us, you can visit https://lanternuk.com/get-in-touch/ to see all the different contact options available to you.

Introduction

Lantern are committed to protecting the personal data that we collect and process through the course of our business activities.

This Privacy Notice (‘Notice’) explains what personal data we collect, the way we use it and why, the circumstances when we may share it, and your rights and choices in respect to your personal data.

What personal data we use
Type of personal data
Website users When you browse our website, including if you are a customer logging into the ‘My Account’ area of our site, we use cookies to collect usage data, which may include, but is not limited to, your: 

 

  • Internet Protocol (IP) address 
  • Browser type/version 
  • Browsing behaviour on our site, including the pages that you visit, the time spent on those pages and the date and time of your visit 
  • Geolocation data

All usage data that the cookies on our site collect is aggregated and therefore anonymous. More information can be found in our Cookie Policy at https://lanternuk.com/cookies/. 
Customers The personal data we collect and process relating to you as a customer may include, but is not limited to, your: 

  • Name 
  • Address 
  • Gender 
  • Date of birth 
  • Contact information, including your current and previous phone numbers and email addresses. 
  • Your account details, including references and outstanding balance. 
  • Financial and credit score, credit and payment history, information 
  • Employment information, including your current employment status. 
  • Information about your circumstances, which will help us to identify that you may need additional support from us. Examples may include, but are not limited to, information about your physical and mental health conditions, or recent life events such as new caring responsibilities, bereavement, or redundancy. 
  • Any other information you choose to provide, which will help us to have better interactions with you. 
  • Vulnerability markers. 
Third Parties There may be occasions where we process personal data relating to third parties, for example if you are a customer’s authorised third-party representative. In these instances, we commit to ensuring that the personal data we process about you is accurate, relevant, and not excessive. This may include, but is not limited to, your: `

  • Name. 
  • Address. 
  • Contact information, including your phone number and email address. 
  • Any other information you choose to provide, which will help us to have better interactions with you. 
Where we get your personal data from

 We get your personal data from several different sources, including, but not limited to: 

  • Directly from you, for example when you engage with us by letter, phone, email, instant chat, or when you send us a secure message via our website. If you are a customer, you may also provide us with personal data when you update your information in the ‘My Account’ area of our website.
  • As a debt purchaser, we receive customers’ personal information directly from original lenders immediately following the successful purchase of a book of non-performing debt. This is when Lantern becomes the data controller and takes on the legal rights previously held by the original lender.
  • As a debt purchaser, we also receive customers’ personal information directly from original lenders prior to bidding for a book of non-performing debt. Lantern processors customer personal data under a relevant data agreement for the purposes of due diligence and pricing activities including conducting credit checks where appropriate. 
  • We use Credit Reference Agencies and other specialist organisations to ensure the data we are processing for our customers is as accurate and up to date as possible. The personal data we receive about you from these organisations may include, but is not limited to, your name, address, residential status, date of birth and contact information, including your phone number and email address. 
Our purposes for processing your personal data

UK data protection law requires that we only process your personal data where we have a valid reason/legitimate purpose (purpose) and a lawful basis for doing so.  

An overview of how and why we use your personal data, and the relevant lawful basis (or bases) that applies in each case, is provided below: 

Use Lawful Basis
Website Users Internal analysis and reporting.  Legitimate interest – to help us improve our website by better understanding behaviours across our site. 
Customers Debt Management – Checking your identity and residential status, to make sure the information we hold for you is as accurate and up to date as possible.  Contract  

Legal obligation 
Debt Management – Sending statutory notices and other communications relating to your account including, but not limited to, statements, payment reminders, formal reminders and notices to support you in becoming debt free, offering support and informing you of forthcoming changes.  Contract

Legal obligation
Debt Management – Assessing affordability before we agree a payment plan with you to recover the money you owe us, to make sure that the payments we agree are sustainable and affordable for you.  Contract

Legal obligation
Debt Management – Processing payment arrangements and ad hoc payments, as requested by you, or your authorised third-party representative.  Contract

Legal obligation
Detecting, investigating, and reporting financial crime, and taking measures to prevent the same.  Legal obligation
Queries and Complaints – Responding to queries and disputes in relation to your account, as requested by you, or your authorised third-party representative.  Contract 

Legal obligation
Debt Management – Tracing your current address and contact details, to assist us in recovering the money you owe us.  Contract
Analysis and Reporting – Performing statistical analysis to identify and monitor risks and market trends. This activity may involve using your personal data only where it is essential to do so, and the same purpose cannot be achieved by using test data or anonymised data.  Legitimate interest – to help us improve our services to you. 
Quality, Regulatory, Audit and Monitoring – Improving our systems and processes and testing the proper working of the same. This activity may involve using your personal data only where it is essential to do so, and the same purpose cannot be achieved by using test data or anonymised data.  Legitimate interest – to help us improve our services to you and for business continuity. 
Quality, Regulatory, Audit and Monitoring – Inviting you to participate in customer satisfaction surveys.  Legitimate interest – for quality control and to help us improve our services. 
Debt Management vulnerable customers -Identifying where you may need additional support from us.  Legal obligation 

Contract 
Quality, Regulatory, Audit and Monitoring – Staff training and quality monitoring.  Legal obligation 

Contract 
Third Parties If you are a customer’s authorised third-party representative, we will use your personal data to contact you to discuss our customer’s account, in line with their instructions.  Contract
If you are not a Lantern customer and you submit an enquiry to us, we will use your personal data to contact you with our response to your enquiry.  Legal Obligation 
How we use your special categories of personal data

There are some circumstances when it may be necessary for us to process your special categories of personal data (often known as ‘sensitive data’) as defined under UK data protection law like physical and mental health data. We will use your special categories of personal data for the following purposes: 

Use Lawful Basis
Customers We will only ever collect the minimum amount of data relating to any physical or mental health conditions you may have. We do this to make sure we: 

  • Comply with the FCA’s conduct rules, which require us to treat you fairly and assess whether we believe you may need additional support from us. 
  • Understand whether your physical or mental health condition has, or may in future have, an impact on your ability to pay the money you owe us. 
  • Make sure that before we enter into a payment plan with you, the payments we agree are sustainable and affordable for you. 
  • Manage your account to better suit your individual needs, including communicating with you via your preferred contact method, wherever possible. 

 

If you send us physical or mental health data in writing, by post or email, we will record the data and use it in the way we outline in this Notice, only where we feel it will help us to act in your best interests and offer any additional support you may need. We will inform you that we have done this as soon as reasonably practicable, as well as providing you with information about how you can withdraw your consent to us processing the data at any time. 

 

If you provide us with physical or mental health data over the phone, or during an instant chat with one of our digital agents, we will obtain your consent to record the data and use it in the way we outline in this Notice, during the conversation we have with you. You can withdraw your consent to us to process the data at any time.  

 

If you wish to withdraw your consent to us processing your physical or mental health data, you can do this by writing to our Data Protection Officer at Data Protection Officer, Lantern, Protection House, 83 Bradford Road, Leeds, LS28 6AT or by emailing [email protected]. Please be aware that doing this may prevent us from acting in your best interests and offering you any additional support you may need. 

 Explicit consent
If we have reason to believe you are in immediate danger, we may process data relating to your physical or mental health (including sharing this information with the emergency services) on the basis that it is in your vital interests.  Vital interest
Automated decision making and profiling

Lantern do not use any fully automated decision-making processes.  

We may use profiling of personal data, including using the services of a specialist organization, to determine whether it is appropriate to take legal action on your account. This will involve your account data, including your personal data, being subject to a scoring process but the decision to take legal action will have human involvement. 

You have the right to request a review of any decision made using profiling. If you wish to exercise this right, please contact us using the details in the ‘Your rights’ section of this Notice below. 

Marketing

Lantern will never initiate any marketing activities towards you, nor will we sell your information to other organisations for marketing purposes. 

Who we share your personal data with

There are instances where we need to share your personal data with other organisations outside of Lantern. In all cases, we will only ever do this where there is a legitimate business reason to do so. For example, personal data relating to you as a customer including, but not limited to, the status of your account, details of any payment plans and defaulted payments, will be shared with Credit Reference Agencies (CRAs). The identities of the CRAs, and the ways in which they use and share your information, are outlined in more detail in their information notices: 

We also use a variety of service providers and subcontractors to provide business services for us, or to carry out certain activities on our behalf. This may require these organisations to have access to and process your personal data.  

Examples of the types of organisations we may share your personal data with through the course of our business activities include, but are not limited to: 

  • Communications providers, including email and SMS service providers 
  • Credit Reference Agencies 
  • Customer service function providers 
  • Customer survey partners, who conduct satisfaction surveys on our behalf 
  • Debt Management Companies and other authorised third-party representatives, such as insolvency practitioners or carers, where you have appointed them to assist you with managing your debts 
  • Fraud prevention services 
  • IT service providers 
  • Legal service providers, where legal action is required to recover monies, we are owed including asset claims in bankruptcy as a lawful creditor 
  • Management consultancies 
  • Original creditors 
  • Outsource partners, including reconnection specialists, who assist us with the recovery of outstanding debts 
  • Payment service providers 
  • Professional services firms 
  • Regulators, including the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA) and the Information
  • Commissioner’s Office (ICO)
  • Software providers
  • Tracing services 
  • Web analytics service providers 
  • Website hosting service providers

We will only ever disclose your personal data to organisations outside of Lantern where appropriate contractual agreements are in place, or where we are legally obligated to do so. This is to ensure that any third parties who process the personal data that we are responsible for do so in accordance with all associated laws, regulations and as per our instructions. 

Where your personal data is stored

From time to time your personal data may be transferred to organisations based in countries outside the UK and the European Economic Area (EEA). In these circumstances, we will ensure the organisations process your personal data only in accordance with applicable data protection law and under strict organisational and contractual controls. For more information about these controls, please visit https://ico.org.uk and search for “International transfers”. 

How long we’ll keep your personal data

We will keep your personal data for as long as necessary to fulfil the purposes that we describe in this Notice. Generally, the following retention rules will apply: 

Retention Period
Website Users Lantern’s website uses essential cookies to store temporary information during your visit which expire with your user session. Where you have consented, Google Analytics cookies collect and share information with Lantern about how you use our site. This is shared to Lantern in a non-identifiable format and retained for 14 months by Google. 

To learn more about cookies and how to control and delete them visit www.aboutcookies.org. 

To learn more about how Google processes personal data please go to: https://policies.google.com/privacy?gl=GB&hl=en 
Customers If you are a Lantern customer, we will keep your personal data for no more than 10 years from the date of total customer account closure. We keep your information for this length of time for several reasons, including to make sure that we can: 

  • Deal with any issues or concerns that you may have about how we handled your account. 
  • Answer any questions HM Revenue and Customs may have.  
  • Bring or defend any legal claims. 
  • Fulfil our legal, regulatory and audit obligations. 
  • Conduct appropriate customer history analysis to help us to improve our services to you and to support Lantern in business development.

Your personal data will be anonymised once it reaches our defined retention period. 
Third Parties Personal information relating to you as a customer’s authorised third-party representative will be retained for 10 years from the date of total customer account closure. 

Your personal data will be anonymised once it reaches our defined retention period. 
If you are an unauthorised third party and you make a complaint or data rights request  to us, your personal data will be kept for 6 years from the date of the closure of the full complaint or data rights request, after which it will be securely deleted. 
Your rights

UK data protection law defines what rights you have in relation to the processing of your personal data, including: 

  • Your right of access – You have the right to ask us for a copy of your personal data.
  • Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances.
  • Your right to restrict processing – You have the right to ask us to restrict the processing of your personal data, in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your personal data, in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
  • Your rights in relation to automated decision making and profiling – You have the right not to be subject to a decision based solely on automated processing, including profiling, if this will have a legal or other significant effect on you.

Should you wish to exercise any of your rights as defined under UK data protection law, you can write to our Data Protection Officer at Data Protection Officer, Lantern, Protection House, 83 Bradford Road, Leeds, LS28 6AT or by emailing your request to [email protected]. 

All requests submitted will be fulfilled within one calendar month. You are not required to pay a charge for exercising your rights, except in exceptional circumstances. 

Your choices

 We are committed to communicating with you via your preferred contact method and channels wherever possible once engagement has been established with you. However, failure to respond to our communications will result in other contact methods being used or previous contact methods or channels being reinstated. 

If you wish to update your contact details or preferences, you can send a request by email to [email protected], or you can call 0113 8876 876 and speak to one of our customer service agents. 

Other information

Details of our Complaints Procedure can be found at: https://www.lanternuk.com/downloads/Lantern_Customer_Complaints_Procedure.pdf 

You can lodge a concern with the Financial Ombudsman Service (FOS) in relation to a regulated account, if you feel that we have incorrectly handled a complaint you made to us. Further information can be found in our Complaints Procedure, or by visiting the FOS website: http://www.financial-ombudsman.org.uk. 

You have the right to make a complaint to the Information Commissioner’s Office (ICO), if you feel that we have acted in a manner which contravenes UK data protection law. Further information can be found on the ICO website: https://ico.org.uk/. 

Any queries relating to your personal credit file should be raised directly with the relevant Credit Reference Agency: 

  • Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS
    Tel Number: 0844 335 0550 
    Website: https://www.equifax.co.uk 
  • Experian Ltd, Customer Support Centre, PO Box 9000, Nottingham, NG80 7WF 
    Tel Number: 0800 013 8888
    Website: https://www.experian.co.uk 

Please note that telephone, webchat and sms messages may be recorded for training, quality assurance and audit purposes. 

To read our Cookie Policy: https://lanternuk.com/cookies/ 

Links to other websites

Please note that some of the hyperlinks provided in this Notice will lead you to websites which are not under Lantern’s control. This privacy notice does not cover how those organisations process your personal information. Once you leave our website, we are unable to accept responsibility for the protection of any personal data you provide to the controllers of other websites. We encourage you to read the privacy notices on the other websites you visit.

Contact us

Any questions you have relating to this Notice can be sent in writing to our Data Protection Officer at Data Protection Officer, Lantern, Protection House, 83 Bradford Road, Leeds, LS28 6AT or by email to [email protected]. 

Changes to this Notice

This notice was last reviewed and updated in June 2023.