Here at First Target Recoveries Limited, we understand that protecting your personal information is very important.
This Privacy Notice tells you who we are, how we collect, share and use information which identifies you (“personal data”) and how you can exercise your privacy rights. This Privacy Notices applies to personal information that we collect through our website but also to other personal information that you may provide to us when we provide you with our services.
If you have any comments or queries regarding our use of your data, please contact our Data Protection Officer email@example.com
Alternatively, you can write to our Data Protection Officer
Data Protection Officer
First Target Recoveries Limited
Carrington Business Park
What personal information do we collect?
The information we collect from you depends on the product or service you apply for, or the service that we provide to you. We will only collect information that we actually need, or information we are required to collect to enable us to perform our legal, regulatory or contractual obligations necessary to provide you with the products or services, or where we have your permission.
When we speak with you about your mis-sold Payment Protection Insurance (PPI) Policy or mis-sold Packaged Bank Account (PBA) claim(s) requirements we do so on the basis that both parties are entering a contract for the supply of services.
To perform that contract, and to arrange the services you require, we have the right to use your Personal Data for the purposes detailed below:
Pre-Submission checks with the Bank/Lender specified to determine the validity of the PPI or PBA claim(s)
Submission, pursuit, and resolution of a mis-sale claim if determined to be valid
Regular contact with you to update you on your account and about related services you may be interested in
We have the right to use your Personal Data, provided it is in our legitimate business interest to do so and your rights are not affected, either during initial discussions with you or when the contract between us has come to an end for whatever reason. For example, we may need to respond to requests from mortgage lenders, insurance providers, and our Compliance Service Provider relating to the advice we have given to you, or to contact you to seek feedback on the service you received.
On occasion, we will use your Personal data for contractual responsibilities we may owe our regulator, the Claims Management Regulator, or for wider compliance with any legal or regulatory obligation to which we might be subject. In such circumstances, we would be processing your Personal Data to meet a legal, compliance or other regulatory obligation to which we are subject to.
The information that we need for these purposes is known as your “personal data”. This includes
- your personal details (e.g. name, date of birth)
- address details
- contact details (e.g. phone number, email)
- special personal information* (e.g. health information)
- financial information
- employment information
- information on how you use our website(s) and products and service
How we will deal with your Special Data
Where you ask us to assist you with your mis-sold Payment Protection Insurance (PPI) Policy or mis-sold Packaged Bank Account (PBA) claim(s), we may ask you information about your ethnic origin, your health, and medical history (“Special Data”)
We will record and use your Special Data to illustrate to the seller of the Payment Protection Insurance (PPI) Policy or mis-sold Packaged Bank Account that the product may not meet your needs and to provide you with advice/guidance regarding the suitability of any product that may be available to you.
We will use Special Data in the same way as your Personal Data generally, as set out in this Privacy Notice.
Information on Special Data must be capable of being exchanged freely between claims management companies such as our Firm, and Banks/Lenders, to enable your claim to fully illustrate your eligibility or ineligibility for the alleged mis-sold product the claim requires.
How we collect your Personal Data
- When you make an application or enquiry to us either by phone, email, our website, by a third party or by any other means
- Information received from a third party, for example where you have previously agreed for your information to be shared with us if you have been introduced to us by another company
- When you participate in market research, competitions and promotions provided by us, or on our behalf
- By adding reviews or interacting with us using social media such as Twitter or Facebook
- When we may need to obtain up to date information about you to meet our legal or regulatory obligations
- Where you have given permission for your information to be provided to us
We may also obtain some information from other third parties, for example, credit checks, information from your employer, and searches of information in the public domain such as the voters roll. If we use technology solutions to assist in the collection of your Personal Data, for example software that can verify your credit status, we will only do this if we have consent from you for us or our nominated processor to access your information in this manner. With regards to electronic ID checks we would not require your consent but will inform you of how such software operates and the purpose for which it is used.
How we use your personal information
We will only collect and use your personal information in accordance with data protection laws. Our grounds for processing your personal information are as follows:
Contractual – When it is necessary to enter into or fulfil a contract we have with you
Consent – Where necessary we will only collect and process your personal information if you have consented for us to do so. For example, when you make an enquiry on our website to be contact regarding a service we provide and have given your preferred contact information/method.
You can withdraw your consent (opt-out) for us to contact you at any time. Please note: if you have signed a contract to complete a claim, our contractual rights will still apply and we can contact you in relation to a cancellation fee or any outstanding monies owed to us.
Legal Obligation – Where we have a legal or regulatory obligation to do so.
Legitimate Interests – We may use and process some of your personal information where we have sensible and legitimate business grounds for doing so and it is necessary to protect your vital interests; or it is in our legitimate interest to do so and it is not against your rights.
Other – We may also use aggregate information and statistics for the purposes of monitoring website usage in order to help us to develop our website and our services and may also provide aggregate information to third parties. These statistics will not include information that can be used to identify you.
How we may contact you regarding products and services
If you have provided us with your consent or where we are legally entitled to do so, we may contact you to let you know about other offers, products and services that we can provide, which we think you may be interested in or that may benefit you. We may do this through post, emails, text messages, telephone, social media or other electronic means.
You can let us know at any time if you would no longer like to receive these messages by please follow the opt out and consent information on every SMS or email communication you receive from us. You can also contact us by emailing firstname.lastname@example.org
Who do we share your information with
We control the use of your data as you have directed.
To allow us to provide our services to you, the following third parties provide critical functions to our business and will process your personal information as directed by us and in accordance with strict data security arrangements:
Our Services: during our services we will provide your data, under your specific instruction, to named lenders, loan brokers and, if required, the Financial Ombudsman. We will also provide a referral to our legal partner, Anthony Philip James & Co Limited, at your request;
Our Systems and IT: we use third party firm who provide essential storage arrangements (including call recordings), software and support to our infrastructure;
Post and Printing: we use an outsourced print-house who manages our printing, they receive a copy of postal communication and print and send this on our behalf;
Our Regulators: we may be required to provide your data to our Regulators, who include the Claims Management Regulator, the Legal Ombudsman Service and the Information Commissioner’s Office; and
Our Professional Services: we use professional legal, consultancy and accountancy services to help us fulfil our legal obligations.
We do not sell your data to third parties in any circumstances. We have carefully selected our third parties due to their commitment to keeping your data safe, and all data is processed within the European Union and subject to the same legislation. If you request for us to stop processing your data, we will also communicate this to the relevant third parties if they are processing this on our behalf. If you have any concerns about the above third parties, please let us know and we can provide advice and support to help you manage your data preferences.
We may also share data with the following organisations:
- Payment Service companies that process transactions for us (e.g. Direct Debits and card transactions, automated payment service)
- Communication providers (e.g. telephone line providers, and email and text/live chat service providers)
- PR & Marketing agencies who help to promote our products and services and manage our brands.
- Advertisers and social media companies such as Facebook, Google and Twitter for our social media accounts or where we can contact you using your social media account
- Third parties who may have introduced you to our services
Other Third Parties: Where we have your consent to do so, or where we are required to do so under a legal or regulatory obligation, for example where we are required to do so by a court order, the police, local authorities or the courts. We might share some of your information with the emergency services if we think you are in any immediate danger
Sharing your data outside of the EEA
We will only share your personal information outside the European Economic Area (EEA), where we have your consent; to comply with a legal obligation; or where we work with a business partner to enable us to provide you with our services, and they process information outside of the EEA.
If we do share your information outside of the EEA we will make sure that it is protected in the same way as if it was being used in the EEA to ensure appropriate safeguards are in place. This may include putting in place a contract with the business partner that means they must protect the personal data to the same standards as the EEA (this may include defined model clauses), or only share the data to a business partner in a non-EEA country where the privacy laws provide the same protection as within the EEA or where they are part of a Privacy Shield..
Fraud Prevention Agencies
The personal information we have collected from you may be shared with law enforcement agencies and fraud prevention agencies who will use it to prevent fraud, money-laundering and terrorist financing and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information is used by us and these fraud prevention agencies, and your data protection rights, can be found by contacting us or email us at
Data Privacy and security
We take the protection of personal information very seriously and we will maintain appropriate measures to maintain the confidentiality, integrity and availability of the information you have provided. Such measures include:
Company security policies and standards
staff security awareness
role based and biometric access controls to prevent unauthorised access to the information
encryption and anonymisation technology
secure archiving and deletion
compliance with industry regulation and legislation
We maintain a comprehensive data management work programme, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy.
We also maintain an active information security work programme which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:
- Protect against potential breaches of confidentiality;
- Ensure all IT facilities are protected against damage, loss or misuse;
- Secure archiving and deletion
- Increase awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that they handle; and
- Compliance with industry regulation and legislation
- Ensure the optimum security of this website.
We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us
Under the terms of data protection legislation, you have the following rights
Right to Be Informed
This privacy notice, together with our Cookies Policy, fulfils our obligation to tell you about the ways in which we use your information as a result of you using this website or our services.
Right to Access
You have the right to ask us for a copy of any personal data that we hold about you. This is known as a “Subject Access Request”. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost. We will send you a copy of the information within 30 days of your request.
To make Subject Access Request, please refer to the ‘Contact Us’ section below
Right to Rectification
If you wish to amend any inaccurate data that we hold, please notify us specifically by telephone, post or email, or during the course of the provision of our services. We will make the amendment as soon as possible. If any data held is incomplete, you can complete this at any time. We may require this to be completed to allow us to provide our services (e.g. if we do not have your full address).
Right to Be Forgotten
From 25 May 2018, you can ask that we erase all personal information that we hold about you. Where it is appropriate that we comply, your request will be fully actioned within 30 days.
Right to Object
You have the right to object to:
The continued use of your data for any purpose listed in section 3 above for which consent is identified as the lawful basis for processing i.e. you have the right to withdraw your consent at any time. The continued use of your data for any purpose listed in section 3 above for which the lawful basis of processing is that it has been deemed legitimate.
Right to Restrict Processing
You can restrict us from processing your data in the following circumstances:
You believe your data is inaccurate;
You believe your data has been unlawfully processed but do not want us to delete your data;
We no longer need your data but it is required by you for making or defending a legal claim; orYou object to the processing, as described below, but we are verifying this.
If you make a restriction request, we will still store a copy of your data but cannot use this. We will inform you if the restriction needs to be lifted. You can make this request using reasonable means including by telephone, post or email. If you request for your data to be restricted, we will confirm whether this can take place and the next steps that we will take. If we cannot restrict your data, we will explain why and confirm any actions required to allow us to do so.
Right to Data Portability
In some cases you may be able to request for your information to be provided to you or to another company in a format that can be processed electronically by you or the other company. If you want to request this you’ll need to contact us.
Rights Related To Automated Decision-Making
If you would like to object to automated decision making without any individual involvement, and to the profiling of your data, please notify us specifically by telephone, post or email, or during the course of the provision of our services
There may be occasions where we are unable to delete the data due to our legal or regulatory obligations. We will however discuss this with you if you request for your information to be deleted.
How long do we keep your personal information for?
If you do not go ahead with any product or service with us, your personal information will normally be deleted after 12 months unless we have another reason to keep your personal information, for example, if you have given your consent to receive marketing information from us. We will delete your information sooner if you ask us to.
If you become our customer by entering in contract, we will keep your data to ensure that we provide you with our services and comply with our legal and regulatory obligations. Your Personal Data will be retained by us either electronically or in paper format for a minimum of six years, or in instances whereby we have legal right to such information we will retain records indefinitely.
We also expect you to take reasonable steps to safeguard your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.
Other types of advertising
We do not have any control over the advertisements you see on other third party websites however you can request to opt out or customise these advertisements by using the Google Ads Preference Manager.
We use publicly available social media platforms to promote our services, to provide updates and to share any news and promotional updates. We may collect personal information from these social media platforms, for example, if you post a message on our Facebook page. By providing any of your information to us through these platforms you should be aware that:
- The social media web pages are publicly available and you must not provide any personal or sensitive information on our pages that are accessible to the public, such as your account information. We may ask you for your account information via a private message to identify you and to service any request you make; and
We record any telephone calls you make to us or we make to you or any other third party. This is for training, monitoring and quality purposes and to meet our legal and regulatory obligations. Some telephone calls may be observed by staff for training and development purposes.
We may keep a copy of the telephone calls for up to 6 years from the date the telephone call was made.
When using this website, some information may be collected automatically using ‘cookies’. These are small text files which facilitates the processing of your data and enables us to analyse how the site is being used.
Two types of cookies are used:
Temporary cookies which form part of the security process while you are using the website;
Permanent cookies which identify the link you used to find our website check your browser so that we can make sure that our website and services work well with your computer and to help us monitor traffic on our website.
If you have any questions or comments about this Privacy Notice or wish to make contact to exercise any of your rights set out within please contact:
Data Protection Officer
Carrington Business Park
If we feel we have a legal right not to deal with your request, or to action it in different way to how you have requested, we will inform you of this at the time.
You should also contact us as soon as possible on you becoming aware of any unauthorised disclosure of your Personal Data, so that we may investigate and fulfil our own regulatory obligations.
If you have any concerns or complaints as to how we have handled your Personal Data you may lodge a complaint with the UK’s data protection regulator, the ICO, who can be contacted through their website at https://ico.org.uk/global/contact-us/ or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.If you have any questions or queries about how we use your personal information you can contact us or our Data Protection Officer using the address or email below:
Last Updated 23/05/2018