Privacy Notice
How we process your personal information
Who we are
Lantern is one of the leading debt purchase companies in the UK. We specialise in buying non-performing loans predominantly in the financial services sector, especially where customers require a more tailored approach to help them to reduce their debts. We pride ourselves on being open and honest with our customers, which includes being transparent about how we process personal data.
Lantern is the trading name of Lantern Debt Recovery Services Limited (Company Number 06637307) and our registered office is at Protection House, 83 Bradford Road, Leeds, LS28 6AT.
If you need to get in touch with us, you can visit https://lanternuk.com/get-in-touch/ to see all the different contact options available to you.
Introduction
Lantern is committed to protecting the personal data that we collect and process through the course of our business activities.
This Privacy Notice (‘Notice’) explains what personal data we collect, the way we use it and why, the circumstances when we may share it, and your rights and choices in respect to your personal data.
What personal data we use
| Type of personal data | |
| Website users | When you browse our website, including if you are a customer logging into the ‘My Account’ area of our site, we use cookies to collect usage data, which may include, but is not limited to, your:
All usage data that the cookies on our site collect is aggregated and therefore anonymous. More information can be found in our Cookie Policy at https://lanternuk.com/cookies/. |
| Customers | The personal data we collect and process relating to you as a customer may include, but is not limited to, your:
|
| Third Parties | There may be occasions where we process personal data relating to third parties, for example if you are a customer’s authorised third-party representative. In these instances, we commit to ensuring that the personal data we process about you is accurate, relevant and not excessive. This may include, but is not limited to, your:
|
Where we get your personal data from
We get your personal data from several different sources, including, but not limited to:
- Directly from you, for example when you engage with us by letter, phone, email, instant chat, or when you send us a secure message via our website. If you are a customer, you may also provide us with personal data when you update your information in the ‘My Account’ area of our website.
- As a debt purchaser, we receive customers’ personal information directly from original lenders immediately following the successful purchase of a book of non-performing debt. This is when Lantern becomes the data controller and takes on the legal rights previously held by the original lender.
- We use Credit Reference Agencies and other specialist organisations to ensure the data we are processing for our customers is as accurate and up to date as possible. The personal data we receive about you from these organisations may include, but is not limited to, your name, address, residential status, date of birth and contact information, including your phone number and email address.
Our purposes for processing your personal data
UK data protection law requires that we only process your personal data where we have a legitimate purpose for doing so. These purposes are more formally known as “lawful bases”. Lantern relies on a combination of the following lawful bases to process your personal data:
- Legal obligation – Where the processing is necessary for us to comply with our legal obligations as a business.
- Contract – Where the processing is necessary for us to fulfil a contract we have with you.
- Legitimate interest – Where the processing is in our legitimate business interests, and we have assessed that those interests are not incompatible with your own interests and/or your fundamental rights and freedoms.
- Consent – Where you have provided your consent for us to process your personal data for a specific purpose, or purposes. For any processing which relies on your consent, you have the right to withdraw your consent at any time.
An overview of how we use your personal data, and the relevant lawful basis (or bases) that applies in each case, is provided below:
| Use | Lawful Basis | |
| Website Users | Internal analysis and reporting, to help us improve our website by better understanding behaviours across our site. | Legitimate interest |
| Customers | Checking your identity and residential status, to make sure the information we hold for you is as accurate and up to date as possible.
|
Legal obligation |
| Sending statutory notices and other communications relating to your account including, but not limited to, statements, formal reminders and notices informing you of forthcoming changes. | Contract
Legal obligation |
|
| Assessing affordability before we enter into a payment plan with you to recover the money you owe us, to make sure that the payments we agree are sustainable and affordable for you. | Legal obligation
Legitimate interest |
|
| Processing payment arrangements and ad hoc payments, as requested by you, or your authorised third-party representative. | Contract | |
| Detecting, investigating, and reporting financial crime, and taking measures to prevent the same. | Legal obligation | |
| Responding to queries and disputes in relation to your account, as requested by you, or your authorised third-party representative. | Contract
Legal obligation |
|
| Tracing your current address and contact details, to assist us in recovering the money you owe us. | Legitimate interest | |
| Performing statistical analysis to identify and monitor risks and market trends. This activity may involve using your personal data only where it is essential to do so, and the same purpose cannot be achieved by using test data or anonymised data. | Legitimate interest | |
| Improving our systems and processes and testing the proper working of the same. This activity may involve using your personal data only where it is essential to do so, and the same purpose cannot be achieved by using test data or anonymised data. | Legitimate interest | |
| Inviting you to participate in customer satisfaction surveys. | Legitimate interest | |
| Identifying where you may need additional support from us. | Legal obligation | |
| Staff training and quality monitoring. | Legitimate interest | |
| Third Parties | If you are a customer’s authorised third-party representative, we will use your personal data to contact you to discuss our customer’s account, in line with their instructions. | Legitimate interest |
| If you are not a Lantern customer and you submit an enquiry to us, we will use your personal data to contact you with our response to your enquiry. | Legitimate interest |
How we use your special categories of personal data
There are some circumstances when it may be necessary for us to process your special categories of personal data (often known as ‘sensitive data’) as defined under UK data protection law. We will use your special categories of personal data for the following purposes:
| Use | Lawful Basis | |
| Customers | We will only ever collect the minimum amount of data relating to any physical or mental health conditions you may have. We do this to make sure we:
If you send us physical or mental health data in writing, by post or email, we will record the data and use it in the way we outline in this Notice, only where we feel it will help us to act in your best interests and offer any additional support you may need. We will inform you that we have done this as soon as reasonably practicable, as well as providing you with information about how you can withdraw your consent to us processing the data at any time. If you provide us with physical or mental health data over the phone, or during an instant chat with one of our digital agents, we will obtain your consent to record the data and use it in the way we outline in this Notice, during the course of the conversation we have with you. You can withdraw your consent to us processing the data at any time. If you wish to withdraw your consent to us processing your physical or mental health data, you can do this by writing to our Data Protection Officer at Data Protection Officer, Lantern, Protection House, 83 Bradford Road, Leeds, LS28 6AT or by emailing [email protected]. Please be aware that doing this may prevent us from acting in your best interests and offering you any additional support you may need. |
Explicit consent |
| If we have reason to believe you are in immediate danger, we may process data relating to your physical or mental health (including sharing this information with the emergency services) on the basis that it is in your vital interests, such that it may be a matter of life or death. | Vital interest |
Automated decision making and profiling
We may use the services of a specialist organisation to determine whether it is appropriate to take legal action on your account. This will involve your account data, including your personal data, being subject to a rigorous scoring process. In cases such as this, wherever a fully automated decision is made which has legal effects for you, under UK data protection law you have the right to request a review of any decision made. If you wish to exercise this right, please contact us using the details in the ‘Your rights’ section of this Notice below.
Marketing
Lantern will never initiate any marketing activities towards you, nor will we sell your information to other organisations for marketing purposes.
Who we share your personal data with
There are instances where we need to share your personal data with other organisations outside of Lantern. In all cases, we will only ever do this where there is a legitimate business reason to do so. For example, personal data relating to you as a customer including, but not limited to, the status of your account, details of any payment plans and defaulted payments, will be shared with Credit Reference Agencies (CRAs). The identities of the CRAs, and the ways in which they use and share your information, are outlined in more detail in their information notices:
- TransUnion: www.transunion.co.uk/crain
- Equifax: www.equifax.co.uk/crain
- Experian: www.experian.co.uk/crain
We also use a variety of service providers and sub-contractors to provide business services for us, or to carry out certain activities on our behalf. This may require these organisations to have access to and process your personal data.
Examples of the types of organisations we may share your personal data with through the course of our business activities include, but are not limited to:
- Communications providers, including email and SMS service providers
- Credit Reference Agencies
- Customer service function providers
- Customer survey partners, who conduct satisfaction surveys on our behalf
- Debt Management Companies and other authorised third-party representatives, such as insolvency practitioners or carers, where you have appointed them to assist you with managing your debts
- Fraud prevention services
- IT service providers
- Legal service providers, where legal action is required to recover monies we are owed
- Management consultancies
- Original creditors
- Outsource partners, including reconnection specialists, who assist us with the recovery of outstanding debts
- Payment service providers
- Professional services firms
- Regulators, including the Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA) and the Information Commissioner’s Office (ICO)
- Software providers
- Tracing services
- Web analytics service providers
- Website hosting service providers
We will only ever disclose your personal data to organisations outside of Lantern where appropriate contractual agreements are in place, or where we are legally obligated to do so. This is to ensure that any third parties who process the personal data that we are responsible for, do so in accordance with all associated laws, regulations and as per our instructions.
Where your personal data is stored
From time to time your personal data may be transferred to organisations based in countries outside the UK and European Economic Area (EEA). In these circumstances, we will ensure the organisations process your personal data only in accordance with applicable data protection law and under strict organisational and contractual controls. For more information about these controls, please visit https://ico.org.uk and search for “International transfers”.
How long we’ll keep your personal data
We will keep your personal data for as long as necessary to fulfil the purposes that we describe in this Notice. As a general rule, the following retention rules will apply:
| Retention Period | |
| Website Users | We keep usage data for internal analysis and reporting purposes. This will generally be for a limited period of time, except where the idata is needed to strengthen the security of our site or to improve its functionality, or we are otherwise legally obligated to keep the data for a longer period. |
| Customers | If you are a Lantern customer, we will only keep your personal data for as long as we need it to manage our relationship with you, which will generally be for no more than 6 years from the date you cease to have any active accounts with us. We keep your information for this length of time for a number of reasons, including to make sure that we can:
Your personal data will be securely deleted or anonymised once it reaches our defined retention period. |
| Third Parties | Personal information relating to you as a customer’s authorised third-party representative will be retained for the duration the authority remains in place and for a limited period thereafter, after which it will be securely deleted. |
| If you are not a Lantern customer and you submit an enquiry to us, your personal data will be kept only for as long as we need it to respond to your enquiry, after which it will be securely deleted. |
Your rights
UK data protection law defines what rights you have in relation to the processing of your personal data, including:
- Your right of access – You have the right to ask us for a copy of your personal data
- Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete
- Your right to erasure – You have the right to ask us to erase your personal data, in certain circumstances
- Your right to restrict processing – You have the right to ask us to restrict the processing of your personal data, in certain circumstances
- Your right to object to processing – You have the right to object to the processing of your personal data, in certain circumstances
- Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances
- Your rights in relation to automated decision making and profiling – You have the right not to be subject to a decision based on solely automated processing, including profiling, if this will have a legal or other significant effect on you.
Should you wish to exercise any of your rights as defined under UK data protection law, you can write to our Data Protection Officer at Data Protection Officer, Lantern, Protection House, 83 Bradford Road, Leeds, LS28 6AT or by emailing your request to [email protected].
All requests submitted will be fulfilled within one calendar month. You are not required to pay a charge for exercising your rights.
Your choices
We are committed to communicating with you via your preferred contact method wherever possible once engagement has been established with you. However, failure to respond to our communications will result in other contact methods being used.
If you wish to update your contact details or preferences, you can send a request by email to [email protected], or you can call 0113 8876 876 and speak to one of our customer service agents.
Other information
Details of our Complaints Procedure can be found at: https://www.lanternuk.com/downloads/Lantern_Customer_Complaints_Procedure.pdf
You can lodge a concern with the Financial Ombudsman Service (FOS) in relation to a regulated account, if you feel that we have incorrectly handled a complaint you made to us. Further information can be found in our Complaints Procedure, or by visiting the FOS website: http://www.financial-ombudsman.org.uk.
You have the right to make a complaint to the Information Commissioner’s Office (ICO), if you feel that we have acted in a manner which contravenes UK data protection law. Further information can be found on the ICO website: https://ico.org.uk/.
Any queries relating to your personal credit file should be raised directly with the relevant Credit Reference Agency:
- Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS
Tel Number: 0844 335 0550
Website: https://www.equifax.co.uk
- Experian Ltd, Customer Support Centre, PO Box 9000, Nottingham, NG80 7WF
Tel Number: 0800 013 8888
Website: https://www.experian.co.uk
- TransUnion, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ
Tel Number: 0330 024 7574
Website: https://www.transunion.co.uk
Please note that some of the hyperlinks provided in this Notice will lead you to websites which are not under Lantern’s control. Once you leave our website, we are unable to accept responsibility for the protection of any personal data you provide to the controllers of other websites. In such cases, you should review the privacy information applicable to those websites.
Contact us
Any questions you have relating to this Notice can be sent in writing to our Data Protection Officer at Data Protection Officer, Lantern, Protection House, 83 Bradford Road, Leeds, LS28 6AT or by email to [email protected].
Changes to this Notice
This notice was last reviewed and updated in October 2022.