Privacy Policy

Privacy Notice – created on 11/07/2025

Please read the following information carefully. This Privacy Notice details what personal data we collect and process and how we shall use it, your rights, and how we safeguard your information in accordance with data protection laws, including the UK GDPR, the Data Protection Act 2018 and the Data Use and Access Act 2025. This Privacy Notice applies to:

  • Customers and business contacts of Red Star Financial Management Ltd
  • Individuals whose data may be processed when visiting this website.

About Us

At Red Star Financial Management, we are committed to upholding individuals’ rights to privacy and data protection, ensuring that all data processing is conducted fairly and lawfully. As a company that specialises in managing Personal Contract Purchase claims, we collect and process your personal information to assess your eligibility, manage your claim, and ensure regulatory compliance.

Red Star Financial Management Ltd is a Private Limited Company registered in England and Wales with number 07044178 Its registered office is:

Red Star Financial Management Ltd
St Georges House
Peter Street
Manchester
M2 3NQ

Contact Us

If you have any questions about this privacy notice or the information we hold about you, please contact our Data Protection Officer at dpo@redstarfm.com or by letter to the Data Protection Officer:

Data Protection Officer
Red Star Financial Management Ltd
St Georges House
Peter Street
Manchester
M2 3NQ

If it would be helpful to have this notice provided in another format, please let us know.

Changes to this Privacy Notice

We continually review our Privacy Notice and update it where necessary. We advise that you regularly check our Privacy Notice for updates. We do not wish to bother you with lots of minor amendments, but where we make significant changes to our policy, we may contact you to inform you.

Your Rights

You have the right to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data in certain circumstances. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data in certain circumstances, including where we are processing your personal data for direct marketing purposes.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
    • If you want us to establish the data’s accuracy.
    • Where our use of the data is unlawful, but you do not want us to erase it.
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
    • You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party in certain circumstances. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
  • Withdraw consent at any time where we are relying on consent to process your personal data. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you want to exercise any of these rights, please contact our Data Protection Officer using the contact details listed above.

You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Keeping Your Data Secure

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used/accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data for specified purposes, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How Long Will We Store Your Personal Data?

We maintain retention schedules which define the periods for which we will store your personal data. We will only store personal data for as long as we have a legitimate need to retain it, either for statutory/legal reasons or because we need the data to be able to provide you with services or for other legitimate business needs.

When we no longer need this information, we will anonymise your data and/or dispose of it securely. A copy of our retention schedule is available by request to the DPO.

Transfer Of Your Information Outside of the United Kingdom

Red Star Financial Management Ltd may transfer your personal data to our trusted service provider based in South Africa, who assists us by performing administrative tasks related to your claim.

If Red Star Financial Management Ltd transfer your personal data out of the UK, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
  • We will put in place appropriate safeguards as set out in the UK GDPR, including the use of International Data Transfer Agreement/Standard Contractual Clauses or other specific contracts approved for use in the UK which gives personal data the same level of protection as the UK GDPR.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK. If you would like any further information, please contact the DPO using the contact details provided in this document.

Automated decision-making.

Automated decision-making is the process of making a decision by automated means without any human involvement. We do not currently process your personal data in this manner.

The Data We Collect About You

Personal data is any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Personal data may be collected from you when you use our services or by communicating with us. This includes information you provide when you participate in discussion boards, answer specific questions on our website, provide us with feedback, participate in surveys, and when you report a problem. We may also receive your data from other sources, such as third parties who give us information about you collected from cookies.

We may process different kinds of personal data about you as follows:

  • Identity Data: This includes first name, maiden name, last name, marital status, title, date of birth and gender.
  • Contact Data: This includes email address and telephone numbers.
  • Financial Data: This includes bank account information, car finance agreement details and payment details
  • Compliance Data: This includes recorded calls for quality checks and staff training. Such recordings may also be used to help us combat fraud.
  • Technical Data: This includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Usage Data: This includes information about how you use our website, products and services.
  • Marketing and Communications Data: This includes your preferences in receiving marketing from us and your communication preferences.
  • Aggregated Data: This includes statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
  • Special Categories of Personal Data: This includes health and vulnerability related data that you may voluntarily share with us during the fulfilment of our services to you. We will always ask for your explicit consent to record and share Special Category Data.

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract, we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.
  • Where we have your consent to do so.

We have set out below, in a table format, a description of all the ways we use your personal data, and which of the GDPR lawful bases we rely on to do so.

Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

For What Purposes Do We Process Personal Data?

Lawful basis for processing

Supply, perform, manage and fulfil our products and services to you which enable you to claim money that you are owed, will save you money or will strengthen your financial position and associated customer support and aftercare;

Contract

Make and manage customer payments

Contract

Manage fees and charges due on customer payments

Contract

Complete postcode validation checks

Contract

Complete identity verification for AML purposes

Legal

Complete credit search checks

Legitimate Interest

Communicate with clients to fulfil, administer or enforce contractual obligations via email, telephone, SMS text, postal mail and push notifications;

Contract

Communicate with customers where we have your consent to do so via email, telephone, SMS text, postal mail and push notifications;

Consent

Communicate with clients on matters where we have a legal obligation to do so via email, telephone, SMS text, postal mail and push notifications;

Legal Obligation

Communicate with clients on matters where we have a legitimate interest to do so (see legitimate interest section below), via email, telephone, SMS text, postal mail and push notifications;

Legitimate Interest

Direct market similar or aligned new products and services to our existing customers;

Legitimate Interest, Consent

Request specific consent to share customer personal data with specific fulfilment partners so that they may direct market similar or aligned new products and services to our existing customers;

Consent

Update clients about changes to how we process their personal data and/or new processing activities via email, telephone, SMS text, postal mail;

Legal Obligation

Gather feedback for service and product improvement via email, telephone, SMS text, postal mail;

Legitimate Interest

Share testimonials, case studies and feedback on our website and future marketing;

Consent

Resolve complaints and/or disputes;

Legitimate Interest

Request continuation of Consent prior to consent expiry;

Consent

Collect payments or arrears should we have the need to do so;

Legitimate Interest

Protect our organisation, staff, associates, suppliers, partners and clients;

Legitimate Interest

Prevent, detect and investigate fraud;

Legal Obligation

Prevent, detect and investigate crime;

Legal Obligation

Comply with the law;

Legal obligation

Fulfil our statutory or regulatory obligations;

Legal obligation

Maintain our own accounts and records;

Legal obligation

For reporting, analytics and product/service improvement (including training);

Legitimate Interest

Improve and maintain data accuracy or completeness;

Legitimate Interest

Track your email engagement;

Legitimate Interest

Personalise your online experience;

Legitimate Interest

Conduct market research.

Legitimate Interest

Sell your personal data

Legitimate Interest, Consent

Glossary Of Lawful Bases

  • Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
  • Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
  • Consent means that you have provided us with a freely given, specific, informed and unambiguous indication of your agreement to the processing of personal data.
  • Legal Obligation means we process your personal data when it is necessary for us to comply with a legal or regulatory requirement. This means we are required by law to collect, use, or share certain information, for example, to meet financial reporting duties, respond to law enforcement requests, or comply with consumer protection laws.

What are our legitimate interests for processing your data?

Where we have used legitimate interest as the lawful basis for processing your Personal Data we may:

  • Direct market products and services to you via post, emails, telephone, SMS text and push notifications where they are similar/aligned to our to our current products and services that enable you to claim money that you are owed, will save you money or will strengthen your financial position, and a soft opt-in exists;
  • For reporting, analytics and product/service improvement (including training);
  • Improve and maintain data accuracy or completeness;
  • Track your email engagement;
  • Personalise your online experience. This could include customising the content and/or layout of our pages for individual users, for both visitors and contributors;
  • Conduct market research. Including research on the demographics, interests and behaviour of our customers in order to help us gain a better understanding of different audiences and enable us to improve our service. This research may be carried out internally by our employees or we may ask another company to do this work for us. Data will be anonymised to protect your data rights for research purposes.
  • Sell your personal data;
  • Resolve complaints and/or disputes;
  • To prevent, detect and investigate fraud;
  • To fulfil our statutory or regulatory obligations;
  • To maintain our own accounts and records, including recording any contact we have with you via post, emails, telephone, SMS text and push notifications;

Sharing Your Personal Data

We may share your personal data with the parties set out below:

  • Suppliers and those who process data on our behalf for example, cloud based software providers, email service providers and IT software services.
  • Outsourced contact and administration centres
  • Couriers for delivery purposes.
  • Any entity to whom we are legally required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, law enforcement agency or other regulatory authority.
  • Those to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Postcode validation services
  • We obtain information from Credit Reference Agencies on your behalf. In particular we will obtain credit report information from Equifax Limited, TransUnion Information Group Limited and Experian Limited on your behalf, via third party service Valifi Limited. Please see the relevant privacy notices listed below:

We require all Red Star Financial Management Ltd Employees and other third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

How To Make a Complaint

If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority or seek redress through the courts. The UK supervisory authority is the Information Commissioner’s Office who can be contacted by calling 0303 123 1113 or by visiting their website at https://ico.org.uk/for-the-public.

Submit a PCP claim

Arrange a callback