Lantern is one of the leading debt purchase companies within the UK. We specialise in buying non-performing loans in the alternative lending sector.  We pride ourselves on being open and honest with all our customers, which includes being transparent around how we process personal data.

The address for the Registered Office is Protection House, 83 Bradford Road, Leeds, LS28 6AT.

We are authorised and regulated by the Financial Conduct Authority (FCA). We are also registered as a Data Controller as defined under the Data Protection Law with the Information Commissioner’s Office (ICO).

Your privacy matters
Who are we?

Lantern is one of the leading debt purchase companies within the UK. We specialise in buying non-performing loans predominantly in the financial services sector, especially where customers require a more tailored approach to enable them to reduce their debts. We pride ourselves on being open and honest with all our customers, which includes being transparent around how we process personal data.

Lantern is the trading name of Lantern Debt Recovery Services Limited (Company Number 06637307) whose Registered Office is at Protection House, 83 Bradford Road, Leeds, LS28 6AT.

We are authorised and regulated by the Financial Conduct Authority (FCA). We are also registered as a Data Controller as defined under the Data Protection Law with the Information Commissioner’s Office (ICO).

Introduction and General Terms

Lantern are committed to protecting the personal data that we collect and process in relation to the recovery of outstanding debts. This Privacy Notice relates to all personal information collected and processed through the course of our business activities.

This Privacy Notice will be updated regularly to ensure ongoing compliance with associated laws and regulations.

In order for us to fulfil our business requirements, personal data relating to customers, potential new customers and any individuals who have made previous contact will be processed and retained for a defined period of time. This Privacy Notice will explain:

  1. The type of information that we hold relating to our customers and other individuals;
  2. How this information is obtained;
  3. Who the information may be shared with;
  4. The reasons behind such processing; and
  5. How long personal information is retained.

Personal information will be kept for no longer than necessary for the purpose by which it was originally provided.

General Website Users

No personal data will be requested or retained from individuals navigating our website. Google Analytics is used within our Customer Self Service Portal to help improve the customer journey by understanding behaviours across the portal.

Should individuals choose to provide personal information by making an online enquiry, the data provided will be kept for the sole purpose of responding to a query. An enquiry made by a customer will be held within the account notes for the duration the account is live and in line with our defined retention period once the account is closed.


As a debt purchaser, we receive personal data from lenders for the purpose of pricing in accordance with the terms and conditions agreed with the lender. Once an agreement to purchase a portfolio from a lender has been reached, Lantern become the data controller and take on the legal rights previously held by the original lender.

As a data controller Lantern must ensure that all personal data is processed lawfully, fairly and in a transparent manner. To achieve this, Lantern rely on a combination of the following lawful bases to process personal data:

  • Legitimate interest
  • Contract
  • Legal obligation
  • Consent

The personal data retained and processed relating to our customers include:

  1. Name;
  2. Address;
  3. Date of Birth;
  4. Telephone Numbers;
  5. Email Address;
  6. Financial and Credit Score Information;
  7. Employment Status;
  8. National Insurance Number (in some instances).

There may be instances wherein we process special category or sensitive data as defined under Data Protection Law. We will ensure we receive consent from the customer before we process the information . Customers have the right to withdraw their consent for us to process this information at any time.

Possible categories of sensitive data include:

  1. Physical and Mental Health Information.

The information collected by us may be processed for the following defined reasons:

  1. Verifying the identity of customers and their residential status, and doing our best to ensure this information is accurate and up-to-date;
  2. Assessing affordability prior to entering into a payment arrangement which ensures payments agreed are sustainable and affordable;
  3. Processing of payment arrangements and ad hoc payments as requested by the customer;
  4. Detecting, preventing and investigating potential and actual fraud and other such related activities;
  5. Fulfilling all queries and disputes in relation to any agreements or accounts;
  6. Tracing customers and recovering outstanding debts;
  7. Performing statistical analysis to identify and monitor risks and emerging market trends.
How personal information is obtained

We receive our customers’ personal information directly from the original lender immediately following the successful purchase of a book of non-performing loans.

We also use Credit Reference Agencies (including TransUnion, Experian and Equifax) to ensure the data we are processing is accurate and up-to-date.

Who personal information is shared with

Throughout the course of the debt recovery journey, there may be instances wherein we have to disclose customer information to organisations external to Lantern.

We only disclose information where there is a clearly defined legitimate reason in doing so. For example to verify a customer’s identity, Lantern use third party organisations including but not limited to; TransUnion, Equifax and Experian. We do this to ensure that the data we are processing is accurate and up-to-date. The personal data received from these third parties includes:

  1. Name;
  2. Residential Address;
  3. Residential Status;
  4. Date Of Birth;
  5. Email Address (if applicable);
  6. Contact Telephone Numbers (Home and Mobile).

We will only send communications via email and text where the details have been appropriately verified. Customers can change their contact permissions at any time by contacting the Customer Services Department on 0113 8876 876 or emailing [email protected]

Personal information, the status of account, details of payment plans and any defaulted plans may be shared with Credit Reference Agencies. The identities of the Credit Reference Agencies, and the ways in which they use and share personal information, are explained in more detail in the respective information notices;

We may from time to time pass personal information of customers onto contracted organisations in the following instances:

  1. To process payments on behalf of our customers/Lantern;
  2. To outsource partners who assist in the recovery of any outstanding debts;
  3. Where the process of litigation is required against a customer;
  4. The disclosure is required in order to recover assets associated with a debt;
  5. Ensure customer credit reports are accurate and up-to-date;
  6. When customers have entered into a payment plan with an appointed Debt Management Company or have appointed a 3rd party representative to assist with their debts e.g. insolvency practitioner or carer;
  7. To detect, investigate and prevent potential or actual fraud;
  8. To meet our regulatory obligations as defined by the Financial Conduct Authority (FCA) and the Information Commissioner’s Office (ICO);
  9. To approved Customer Survey partners who conduct satisfaction surveys on our behalf and as per our instruction.

We only disclose the personal data of customers with other organisations once appropriate contractual agreements are in place. Such agreements ensure third parties processing personal data, for which we are responsible, are doing so in accordance with all associated laws, regulations and as per our instructions.

From time to time your personal data may be transferred to organisations that are based in countries outside the European Economic Area. In these circumstances, we will ensure they process your personal data only in accordance with the applicable Data Protection Laws and under strict organisational and contractual controls, specifically standard contractual clauses approved by the EU. For more information about these controls, please visit and search for ‘International transfers’.

Information held by us

Customer information will be retained for the period during which an account remains active. When an account is closed, personal information will only be retained in order to comply with our associated financial obligations. This is typically six years after account closure.

Personal information will be securely disposed of when it is outside of our retention period.

Automated decision making

We use specialist credit reference agencies to determine whether it is appropriate to litigate on an account. This involves accounts being subject to a rigorous scoring process. In cases such as these where an automated decision is made, under Data Protection Law customers have the right to appeal any decision that is made.

Third Parties

There may be occasions where we process personal information relating to third parties. In these instances we commit to ensuring ongoing adherence to Data Protection Laws. Information processed will remain proportionate, relevant and not excessive. This includes:

  1. Name;
  2. Email Address;
  3. Address;
  4. Contact Details;
  5. Any other information disclosed by the individual.

Personal information relating to a customer’s appointed third-party representative will be retained for the duration such authority remains valid and for a defined period thereafter.

Online enquiries

Third party communications sent via the online ‘contact us’ form or via email will be retained for no longer than necessary. We commit to only asking for the personal information which is considered essential to the enquiry and in order to respond to the query or request.

Rights of data subjects under the Data Protection Law

Data Protection Law defines the rights which Data Subjects have in relation to the processing of their personal data, including:

  1. Your right of access – You have the right to ask us for copies of your personal information;
  2. Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete;
  3. Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances;
  4. Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances;
  5. Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances;
  6. Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

Should you wish to express any right as defined under Data Protection Law, the following channels may be used:

Data Protection Officer
Protection House
83 Bradford Road
LS28 6AT

[email protected]

All requests submitted are acknowledged to confirm receipt and will be fulfilled within one calendar month, as defined under current Data Protection Law. You are not required to pay a charge for exercising your rights.

Accuracy of data

We take all reasonable steps to ensure the data held for customers remains accurate and up to date. Customers are also responsible for notifying us, without undue delay on any changes in circumstances. Individuals wishing to update personal information can do so through the channels given on our website:


We are committed to ensuring we communicate with customers via their preferred contact channel, where at all possible, once engagement is established. Failure to communicate with Lantern will result in other channels of communication being used.

If a customer communicates through a verified email, we will respond via the same channel unless otherwise stated.

For customers wishing to change their contact permissions**, requests must be sent via email to [email protected] or alternatively customers can call 0113 8876 876.

** Please note that at least one contact method must be in place in order to ensure our legal and legitimate reason for processing the data can be achieved.

Lantern will never instigate any marketing activities towards our customers, nor will we sell customer information to other organisations for marketing purposes.

Further information

Details in relation to our Complaints Procedure can be found at the following location:

Individuals are able to lodge a concern with the Financial Ombudsman Service in relation to regulated accounts, should they feel a complaint has been handled incorrectly. Details in relation to this can be found within our Complaints Procedure or on the Financial Ombudsman website

All individuals have the right to lodge a complaint with the UK Data Protection Regulator, the Information Commissioner’s Office (ICO), should they feel a company is in violation of the Data Protection Laws. Contact details can be found on the ICO website should an individual wish to make such a complaint.

Any queries or questions relating to this Privacy Notice should be forwarded to the following email address: [email protected].

Alternatively, you can write to: Data Protection Officer, Lantern, Protection House, 83 Bradford Road, Leeds, LS28 6AT.

Any queries relating to a personal Credit File can be raised directly with the following organisations: