Privacy Policy

Introduction

We respect our client’s privacy and are dedicated to protecting their personal information. This policy sets out how we aim to do this when you visit our website and inform you of the law that protects you and your rights when it comes to the privacy of your personal data.
Mis-Sold Expert is a trading name of M. R. Consumer Services Limited herein referred to as ‘the company’.
This policy aims to provide you with details of how the company will collect and process your personal data when you use our website, this includes any of your data you may input through our website when you complete our online forms which sign you up to any of our services.

Our website is intended for the use of adults and therefore we do not wish to knowingly collect any data in relation to children.
This policy aims to complement our other policies and notices, with no intention of overruling them. Therefore, it is key to read this policy along with any other notice that we may provide to you on specific matters where we collect/ process your personal data, to ensure you are informed of the reasons why we require your personal data.

Version: 1.0
Last updated: 3 July 2025
any historic versions can be provided upon request.

Data Controller

The company is the data controller and is responsible for protecting your personal data in line with this policy.

Our Data Protection Officer is Stephen Harman, they are responsible for overseeing the implementation of this Policy and for monitoring compliance with this Policy. They are also accountable for answering any queries in relation to this policy and should you wish to get in contact or exercise your legal rights as explained in this policy, then you are able to do so using the below contact details:

Address: 1 Queens Park Gate, 86 Richmond Park Road, Bournemouth, Dorset, BH8 8TQ, United Kingdom
Telephone: 01618837261
Email: info@mis-soldexpert.co.uk

If you are dissatisfied at any time, please contact us and we will try our best to resolve your concerns. At any time, you also have the right to make a complaint by contacting the Information Commissioner’s Office (ICO), who is the UK supervisory authority for data protection issues (www.ico.org.uk). It’s crucial that personal data we hold on our files about you is up to date and accurate, so please do keep us updated with any changes throughout your relationship with us.

Our Privacy Policy may be subject to changes, we aim to inform you of such changes and you can check this policy on our website at any time.

Social Media

Any of our actions and engagements on external social media platforms that the company undertakes are subject to that platform's terms and conditions along with their individual privacy policies. We advise users to use such platforms with caution and be aware of supplying personal data on such sites.

Our website uses sharing buttons on social media sites in order to help share web content directly to the platform. We advise users to use such sharing tools at their own discretion and to be aware that the social media platform can monitor their usage. The platform may store users' requests to share a web page directly through their social media accounts.

Our website through social media accounts might on occasions share links to other relevant web pages. Despite our best efforts we cannot protect against spam or hacking on social media sites, so again we advise users to approach shortened URLs published on such sites with caution. The company therefore cannot be held liable when visiting any shortened URLs should any damages occur.

Third-Party

Our website may include links to other third-party websites, applications, and plug-ins. If you click on a third-party link or enable such connections this may allow third- parties to collect or share data about you. We are not responsible for these third-party websites or their privacy policies, therefore when you leave our website, we urge you to be aware of other websites' privacy notices.

Data we collect about you

Personal data

Personal data relates to information about an individual from which that person can be identified. Personal data does not include anonymous data where the identity of the individual has been removed. The personal data we might collect, process, store and transmit are detailed as follows:

Identity Data: title, first, maiden, and last name. marital status, gender, and date of birth.
Contact Data: current and previous addresses, email address and contact phone numbers.
Claims Related Data: information provided by yourself or your finance provider for the purposes of considering your financial mis-selling claim.
Transaction Data: products and services you have engaged us for.
Technical Data: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug- in types and versions, operating system and platform and other technology on the devices you use to access our website.
Usage Data: information about how you use our website, products, and services.
Marketing and Communications Data: your marketing/communication preferences in receiving marketing/ communications from us and our third parties.

Once we receive the Data Subject Access Request from the finance provider. We will collect and categorise any information with regards to future claims activities. This could include other financial claims you may have been involved in.
Should you fail to provide personal data which we require by law, or under the terms of a contract we have with you, we may not be able to perform the contract agreed or are trying to enter into with you. In such a scenario, we may have to cancel a product or service you have with us, but we will notify you at the time should this be the case.

Special Categories

Should we identify that you are a vulnerable customer, we may collect data relating to your health, this will ensure we can tailor our communication and service to meet your needs and circumstances. In this instance we would obtain your consent prior to storing this information for the sole purpose of delivering our service.

Additionally, if we identify that you are currently in an Individual Voluntary Arrangement (IVA), a debt management plan, or a similar financial agreement, we may share this information other parties as necessary to assist with your case. This is necessary to ensure compliance with legal and regulatory obligations.

We do not collect any other Special Categories of Personal Data about you (including: your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your genetic and biometric data). We also do not collect any information about previous criminal offenses or convictions.

Aggregated Data

We may collect, use, and share aggregated data that derives from your personal data such as demographic data. It is not considered personal data in law as it doesn’t reveal your identity, however, should we combine such data with your personal information so that your identity could be recognised we will treat this as personal data and ensure it is used in accordance with this policy.

Profiling Data

We may collect, use, and share your personal data solely within our group for the purpose of improving our customer experience, for example we may perform data analysis on your engagement with us to improve our service offering.

Collecting Personal Data

The company uses various methods to collect data including:

Direct Communications

Where you directly provide us with your personal data such as by completing one of our forms or by corresponding with us by telephone, post, email etc. This includes personal data you provide when you:

Appoint our products or services
Request marketing information to be sent to you; or provide us with feedback.

Automated technologies/interactions

When you visit and interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. This personal data is collected by using cookies and other similar technologies. Please see our separate cookies policy to find out more

Third parties/publicly available sources

At times we might get personal data about you from different third parties such as:

Technical Data: from analytics providers for example Google based outside the EU.
Identity and Contact Data: from various publicly available sources such as the Electoral Register, Companies House and credit checks based inside the EU. Identity and Contact Data: from various data brokers based inside the EU, including marketing which directs consumers to our website.

CRAIN (Credit Reference Agency Information Notice)

Personal Data will be shared with a credit reference agency or fraud prevention agency, which may then retain that Personal Data and disclose it to third parties for the purposes of credit risk assessment, identity verification, fraud prevention, debt collection or such other uses as set out in the CRAIN (Credit Reference Agency Information Notice) LINK. We will receive information relating to your car finance history which will allow us to determine whether you have an eligible claim for compensation due to mis-sold car finance

Using your Personal Data

We only use personal data in line with the law normally in following scenarios: Where you have provided clear consent for us to process your personal data for a specific purpose.

Where we need your personal data to implement the contract we are about to enter or have entered with you. Where it is necessary for our legitimate interests (or those of a third-party) and your interests and fundamental rights do not override those interests.
To provide our service, we may share your personal information, including identification documents, with banks, lenders, and regulatory bodies such as the Financial Ombudsman Service, the Financial Services Compensation Scheme, and the Financial Conduct Authority. We only share this information where it is necessary to verify your identity, confirm account ownership, or process your claim in line with regulatory requirements.

Where we need to comply with a legal or regulatory obligation.

Below we have set out a full description of all the ways we intend to use your personal data. We only intend to use your data for the purpose we collected it for, if there is a requirement to use your data for another unrelated reason, we will notify you explaining the legal basis for this decision. There may be a situation where we process your personal data without your consent where it is required by law.

There may be a situation where we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please do not hesitate to get in touch with us if you want details about the specific legal ground, we are relying on you to process your personal data.

In most cases, we process your personal data because it is necessary to perform our contract with you, for example, to assess and pursue your claim. Some processing activities, such as marketing, are based on your consent. We may also process your personal data where it is necessary to comply with our legal or regulatory obligations, or where it is in our legitimate interests (for example, to manage our business efficiently or to maintain accurate records), provided those interests do not override your rights and freedoms.

There may be occasions where we need to approach different businesses such as lenders or the Financial Ombudsman Service on your behalf, and you agree that your electronic signature may be used by us on each Letter of Authority that is applicable to your claim(s) and/or enquiry, without further permission.

Your electronic signature is securely stored and used solely for authorising claim-related documents that you have expressly agreed to as part of your engagement with us. We will not apply your signature to any document that falls outside the agreed claim process or for any unrelated purpose.

Marketing, advertising, and promotions

We are committed to providing you with clear choices around personal data and the way we use it. In line with your contact preferences, we may contact you regarding different products or services that we or other companies within our group can offer you. At times we may rely upon legitimate interest to make such recommendations to you about products or services that could be of interest to you. In this case we will consider and review any potential impact upon you (positive and negative) and your rights before we begin to process your personal data for our legitimate interests. For any activity where our interests are overruled by the impact on you, we will not use your personal data (unless we have your consent or are otherwise required or permitted to, legally). Where we rely on legitimate interests, we have conducted a Legitimate Interests Assessment to ensure your rights and freedoms are fully considered.

At any time, you can update your marketing preferences by contacting us and you can opt out and stop all marketing messages should you require (this will not apply to personal data that you provided us using our services).

Identity, Contact, Technical, Usage and Profile Data may be used by us to make an assessment on what we think may be of interest or what you may need or want. This enables us to conduct future marketing by deciding which product/service offers could be applicable to you.

Before we share your personal data with any third-party companies outside of the company’s group for the intention of marketing purposes will we always get your consent through an opt-in.

Cookies

A cookie is an element of data that websites can send to your browser, which might then be stored on your system. See our separate cookies policy for more information about how we use cookies. Should you set your browser settings to refuse any cookies some parts of our website may not work.

Sharing your Personal Data

To undertake our processes, maintain our relationships and improve the services we oer, we may also share your personal data with other third parties we work with, such as:

There may be times when we are required to disclose your personal information, these include with:

Solicitors’ Regulation Authority (SRA), Financial Conduct Authority (FCA), HM Revenue & Customs, other authorities, and regulators acting as processors based in the UK who may require reporting of processing activities in certain circumstances. Professional bodies such as solicitors, accountants, consultants, and any similar bodies acting as processors, based in the UK who may require reporting of processing activities under certain legal or compliance circumstances. Third parties which we may choose to sell, transfer, or merge parts of our business/assets. We may also seek to acquire another business or merge with them. If this were to happen to our business, then the subsequent new owners may choose to use your personal data in the same way as detailed in this policy.

We will only ever share your personal data in line with current UK data protection laws. Requiring all third parties to treat your personal data in line with the law and use for the intended purpose in line with our guidelines.

International Transfers

The Company may from time to time transfer personal data to countries outside of the European Economic Area (EEA). The transfer of personal data to a country outside of the EEA shall take place only if one or more of the following applies:

The transfer is to a country, territory, or one or more specific sectors in that country (or an international organisation), that the European Commission has determined ensures an adequate level of protection for personal data.
The transfer is to a country (or international organisation) which provides appropriate safeguards in the form of a legally binding agreement between public authorities or bodies; binding corporate rules; standard data protection clauses adopted by the European Commission; compliance with an approved code of conduct approved by a supervisory authority (e.g., the Information Commissioner’s Office); certification under an approved certification mechanism (as provided for in the GDPR); contractual clauses agreed and authorised by the competent supervisory authority; or provisions inserted into administrative arrangements between public authorities or bodies authorised by the competent supervisory authority;
The transfer is made with the informed consent of the relevant data subject(s).
The transfer is necessary for the performance of a contract between the data subject and the Company (or for pre-contractual steps taken at the request of the data subject).
The transferis necessary forimportant public interestreasons; The transferis necessary forthe conduct of legal claims.
The transfer is necessary to protect the vital interests of the data subject or other individuals where the data subject is physically or legally unable to give their consent; or
The transfer is made from a register that, under UK or EU law, is intended to provide information to the public and which is open for access by the public in general or otherwise to those who can show a legitimate interest in accessing the register.

Data Security

The company aims to maintain a high standard of security and privacy when it comes to protecting our customers personal information. We want to give our customers confidence in our processes and have robust measures in place to ensure we protect your information from any loss, unauthorised access, or misuse. We constantly review our data security processes to ensure they remain fit for purpose. We also limit access to customers' personal data to those colleagues, agents, third- parties or contractors who absolutely need to have access.

All personal data breaches must be reported immediately to the Company’s DPO. We have an appropriate procedure in place to deal with any data breaches and will notify the persons affected and any regulator which legally requires us to report the breach.

Data Retention

The company shall not keep personal data for any longer than is necessary considering the purpose or purposes for which that personal data was originally collected, held, and processed. We have to keep some specific information about our customers by law, where this is the case, we will keep it securely and hold solely for the legal purpose required.

When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of securely without delay. For full details of the company’s approach to data retention, including retention periods for specific personal data types held by the company, please refer to our Data Retention Policy which you can request by contacting us.

For the purpose of future claims activities we will collect data provided from the data subject access report. This data will be stored for future financial claims activities, until a time the data is no longer required.

Data Protection Rights

Under UK data protection law, you have several rights in relation to your personal data and the processing of it, including:

Right of Access - entitles you to request a copy of all the information we hold about you, commonly referred to as a ‘Data Subject Access Request (DSAR)’
Right to be Informed - entitles you to request to be provided with details of how we collect and process your personal data, which is covered by this Privacy Notice
Right to Rectification - entitles you to have inaccurate personal data rectified, or completed if it is incomplete
Right of Erasure (to be forgotten) - entitles you to request for the deletion/removal of your personal data where there is no reason for its continued processing
Right to Restrict Processing - entitles you to request no further processing of your personal data that we have collected previously in certain circumstances.
Right to Object - entitles you to request that your personal data is not processed in certain circumstances, for example for marketing purposes or to challenge the basis of the processing of your data
Right to data portability - you have a right to request for your personal data we hold on to you to be sent to another Data Controller for their own purposes
Right to withdraw consent - you have the right to withdraw consent at any time.

However, this will not have affected our legal ability to do this before you withdraw your consent, and if you do withdraw consent to process your personal data, we may not be able to offer you certain services.

Should you wish to exercise your rights please contact us, there could be occasions when we aren’t able to complete your request, however we will inform you of this and the reasoning.

There is no fee when requesting a copy of your personal data, although there may be occasions where we charge a reasonable amount should we find your request recurring or unwarranted or if you require further copies of such information that we have previously provided.

To process any of your requests we may need to confirm your identity through a process of security checks.

We aim to respond to all relevant requests as soon as possible and usually within one month of receiving. Sometimes it may however take us longer to process, but we will always keep you informed if this is the case.