Discretionary Commission Arrangements - Compaints and refunds

Privacy Policy

Identity & contact details

Redbridge Finance Limited is the Data Controller, or Controller, responsible for processing and storing the Personal Data (Data) you have provided along with any additional data that you provide in the future, or that which is obtained, observed, derived or inferred about you.


We are registered with the Information Commissioners Office in respect of the Data Protection Act 1998 and, from 28th May 2018, the General Data Protection Regulations (GDPR). Our registration number is ZA533663.


We can be contacted by:


BrightOffice Limited is a 3rd party Data Processor that we use to provide our service. This organisation supplies the software that we use to process your claim and your data is stored on their servers and processed by their systems. They do not control how your data is used or how it is managed, their systems process it according to our instructions.  BrightOffice Limited is registered with the Information Commissioners Office with registration number Z2557861. (You should not contact BrightOffice Limited directly about your data as they will not be permitted to access or discuss this with you without our instruction as they are not the Data Controller.)


If you have any questions or have a concern about this Privacy Policy, please contact us using the information above.



We would strongly encourage you to read the whole of this Privacy Policy as it contains important information about what we do and how we collect and process your Data. It also contains important information about your rights under the Data Protection Regulations.


Here is a short summary of what we do.


Redbridge Finance Limited is a regulated Claims Management Company (CMC).


In our role as a CMC we act on your behalf to submit and manage claims for compensation in respect of financial products and services that may have been mis-sold, or inappropriately granted to you.


Your claim is being processed by Redbridge Finance Limited. We believe it is important to protect your Personal and Non-Personal Data (as defined in the Data Protection Act 1998) and we are committed to giving you a personalised service that meets your needs in a way that also protects your privacy. This policy explains how we may collect Data about you. It also explains some of the security measures we take to protect your Data, informs you of your rights under the regulations, and tells you certain things we will do and will not do. You should read this policy in conjunction with the Terms of Business.


By submitting your information you are agreeing to us storing and processing your Data in accordance with this Privacy Policy. Where you give us Data on behalf of someone else, you confirm that you have provided them with the information set out in this Privacy Policy and that they have not objected to such use of their Data.


Purpose & legal basis for processing your Data

It is important that you understand the purpose that we have collected your Data for and the legal basis that we will use for processing it.



You are submitting your claim using our claim form (or by another agreed method). We need to collect this Data so we can assess your claim and determine whether it has merit. If it does we will use the information you have supplied to submit a claim to the relevant lender and manage this claim to its conclusion. If the lender rejects your claim we will also use your data to submit the complaint to the Financial Ombudsman Service (FOS). Please see the ‘Collecting Data’ and ‘Using Your Data’ sections below for details of how we will collect and use your Data to achieve this purpose.


The legal basis for processing

The legal basis for processing your Data means identifying what (or who) gives us the right to process your Data. Without at least one of these rights being present, we would have no legal right to do so. We rely on 4 different legal bases to process your Data.

  1. The main legal basis we use is that processing is necessary for the performance of the contact with you, or to take steps to enter such a contract – As part of the agreement (or contract), you have asked us to manage your claim, which we have agreed to do. In order to achieve this, we must process your Data in accordance with this Privacy Policy.
  2. Your consent – When you submit your claim to us you will be asked to agree to this Privacy Policy, and in doing so will agree to us processing your Data in the way described here. Without your consent, we will still be able to process your claim under Point 1 above, but would rather have your explicit consent too. You may withdraw your consent at any point, however, we may still be able to process your Data lawfully using the others bases detailed here.
  3. Processing is necessary for compliance with a legal obligation – We are required by our regulator, the Claims Management Regulator, to keep records of transactions and to respond to any complaints made against us in accordance with their rules. We are also required to keep records of your preferences in relation to Marketing and ensure that we adhere to these. Even if the other bases are no longer applicable, we will use these legal/regulatory requirements as a basis for processing your Data if required.
  4. Processing is necessary for the purpose of our own legitimate interests, except where this is overridden by your own interest, rights or freedoms – There will be times when we will want to process your Data for our own interests, rather than yours. There are more details on what this really means below, but we would never use this basis where your own interests, right or freedoms are more compelling.

Legitimate interest of the controller

One of the legal bases for processing your Data is where it is necessary for the purpose of our own legitimate interests. This means situations where we want, or need, to do something that is principally for our own benefit, provided it will not be detrimental to your own interests, rights or freedoms.


Details of our applicable legitimate Interests include:

  • Processing for Direct Marketing purposes where you have given your consented to this and have not subsequently withdrawn it.
  • Processing for the purpose of preventing fraud against us or other 3rd parties.
  • Transmitting data internally within our company for administration purposes.
  • Processing for the purpose of our own network and information security or that of any data processor we contract with.
  • Reporting possible criminal act or threats to our own, or public security, to a competent authority.
  • Being able to investigate and defend our actions in the event that you make a complaint against us.
  • Collecting and processing your activity when using our websites, including but not limited to pages visited, links followed, time spent on the website/pages and how you found the site. In most cases this data is collected anonymously and is used to help us improve our website, product offering and marketing activity and conversions which is then used to generate reports that will be used by us and may be shared with 3rd parties.


Collecting Data

This section will provide you with information about the different ways that we will obtain Data about you. This includes collecting Data by the following methods:

  • Directly from you when you complete our claim form; this may include your contact details, previous addresses, date of birth, your income & expenditure and your loan details.
  • From 3rd parties where you have expressly consent to them sharing your data with Redbridge Finance Limited for marketing purposes.
  • From 3rd parties who you have agreed may pass your Data to us to enable us to provide a service to you.
  • From you, or your representative, if contact is made by any means and we are provided with additional or updated Data about you. This may include the recording of telephone calls made by, or to us.
  • From sources that are publicly available, such as the Electoral Roll, County Court Judgements or Insolvency Register.
  • From the lenders that we are making claims on your behalf to.
  • From Google Analytics and other similar 3rd party analytical tools that provide information about your activity when using our websites.
  • From Cookies places on our websites – see the section on Cookies for more details of these.


Using your Data

When we have collected Data about you we may use this for many different legitimate purposes, both to enable us to provide the service to you, for our own administration and record keeping, to meet our regulatory & legal requirements and to communicate with you and to improve our own systems and services. Below is a summary of these uses:

  • To pass on to lenders who have, or may have, provided you loans in order to obtain details of these and, where we believe that there is merit, submit and manage a compensation claim with them on your behalf.
  • To refer your complaint to the Financial Ombudsman Service if we escalate your complaint to them.
  • To help identify you when you call, email or write to us.
  • To contact you about the service we have, or are, providing to you.
  • To allow us to carry out marketing analysis, conduct research, including creating statistical and testing Data.
  • To help identify products and services, either provided by us or the types of 3rd party that you have given your consent to receiving Direct Marketing about.
  • To allow us to contact you, where you have provided your consent, using the methods selected during the application process, about products and services from us, or from the types of 3rd party detailed during the application process.
  • To pass, where consent was given, to the types of 3rd party detailed during the application process, so that they may contact you directly about the products and services that they offer.
  • To monitor and review communications between us, including emails and recordings of voice communications, for quality assurance staff training and compliance.
  • To record and report any suspicion of fraud if false or inaccurate information is provided to protect our Company and other 3rd parties.
  • To allow us to improve our systems, processes and the services we offer.
  • To improve or enhance the security of your Data.
  • To comply with any of the Rights that you have under the Data Protection Act 1998, the General Data Protection Regulations or any other applicable law.
  • To share with our regulator, the Claims Management Regulator, to allow them to audit the services we offer and the work we have carried out on your claim(s).
  • Any other purpose where you have given your consent to us doing this which is not covered in any other point above.


In addition to the above we may allow other people and organisations to use the Data we hold about you to perform tasks on our behalf in the following circumstances:

  • If we, or substantially all of our assets, are acquired or are in the process of being acquired by a third party, in which case Data held by us, about our customers, will be one of the transferred assets.
  • If we have been legitimately asked to provide Data for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings.
  • If we employ companies and individuals to perform functions on our behalf and we may disclose your Data to these parties for the purposes set out in this section or, for example, providing software for us to use, for fulfilling our obligations to you, sending postal mail, SMS and email, removing repetitive Data from customer lists, analysing data, providing marketing assistance, providing search results and links (including paid listings and links), processing credit and debit card payments and providing customer service. Those parties are bound by strict contractual provisions with us and only have access to Data needed to perform their functions, and may not use it for other purposes. Further, they must process the Data in accordance with this Privacy Policy and as permitted by the Data Protection Act 1998. From time to time, these other people and organisations to whom we may pass your Data may be outside the European Economic Area. We will take all steps reasonably necessary to ensure that your Data is treated securely and in accordance with this Privacy Policy and the Data Protection Act 1998.


Keeping us updated

It is a requirement of the Data Protection Regulations that we keep our records up to date. For us to do this we require that you notify us of any changes to the Data that we hold about you. You can do this by contacting us using any of the methods detailed in the first section of this Privacy Policy.


We may, from time to time, send you an email asking you to visit our website to check and confirm that accuracy of the Data that we hold about you. You agree to receive these requests to validate your details and will notify us of any errors using the method that we outline in the email.

Recipients or categories of recipient of your Data

Under the regulations, we are required to tell you who we will be passing your Data on to. Sometimes it is not always possible to list these organisations by name as there can be too many of them and they can change regularly. In such circumstances, we are permitted to disclose the category of recipients of your Data.

  • Authorised lenders, and those lenders that have ceased to be authorised but were when you took out your loan, for the purpose of accessing your borrowing history and submitting and managing a claim for compensation.
  • The Financial Ombudsman Service (FOS) when we decided that following an unsatisfactory response, or no response, from the lender, that the case should be referred to them for arbitration.
  • Where you have consented in the application form to receiving Direct Marketing from 3rd parties, we will pass your Data to these organisations to allow them to do this. For more details please see the Direct Marketing section of this policy.
  • Companies or individuals who we employ to perform functions on our behalf.
  • Regulatory or legal bodies when required as part of an investigation, either by us or them.
  • Any other category of, or specifically named, the recipient that you give your consent to during our relationship which is not listed in this Privacy Policy.


Transfers to third countries and the safeguards

When we transfer your data within the UK and European Economic Area we will always make sure that the people or organisations are registered with the relevant Data Protection Authority for that country. This should protect you and your Data to the levels specified by the current regulations. In the UK this is the Information Commissioners Office.


From time to time, these other people and organisations to whom we may pass your Data may be outside the European Economic Area. We will take all steps reasonably necessary to ensure that your Data is treated securely and in accordance with this Privacy Policy, the Data Protection Act 1998 and, where applicable the General Data Protection Regulations.


The most common such transfer would be to the USA. Where this happens we would ensure that the third party is a member of the US-UK Privacy Shield agreement between the European Economic Area and the USA.


Direct marketing

This section is specifically aimed at you if you provide your consent to us, or third parties, contacting you for Direct Marketing (DM) purposes. Direct Marketing is defined as the communication, by whatever means, of any advertising or marketing material, which is directed at a particular individual.


Direct marketing from us

If you have consented to this we will only use the methods of contact you have agreed to. We have many different brands which we trade under and we may contact you from any of these. We will limit the categories of products that we include in this marketing. We may also contact you about products and services offered by trusted third parties.


A full list of the brand names we may use, along with the categories of products and services we may contact you about, is available if you follow the link from the claim form.


Direct marketing from 3rd parties.

If you have consented to this we will only permit them to use the methods of contact you have agreed to. While it is impossible to list these third parties by name, we are obliged to provide you with the categories of organisation and products that they will send you marketing material about.


A full list of the organisation and product categories is available if you follow the link from the claim form.


Opting out

If you choose to opt- in to either of the direct marketing options, you may change your mind at any time. The easiest way to do this is to follow the opt-out instructions contained in that message. This will however only opt you out of that method of communications from that sender. To opt out of all/other direct marketing methods, you will need to email, call or write to us using the details in the “Identity and contact details” section of this document. Please include your full name, email address and mobile number and what you wish to opt out of, in any written communication, so we can accurately follow your wishes.


Retention period of your Data

When you provide Data to us we will store it securely on our systems, and those of any third party Data Processor, and protect it to a level you would expect of us. The Data Protection Regulations require us to only keep, or retain, this Data for as long as we need to.


When determining this retention period we must consider what we would use the data for during this period. This includes:

  • To carry out Direct Marketing activity where you have permitted us to do this.
  • To ensure that, where you have withdrawn your consent for Direct Marketing that we can mark your account in this way and screen any future campaigns against it.
  • To allow us to carry out our obligations under the Claims Management Regulator and Information Commissioners Office regulations to investigate any complaint that you make in the future in relation us or to our service.


On the basis that you can make a complaint about us to the Legal Ombudsman up to 6 years after the event that you are complaining about, we will keep your Data on file for a period of 6 years from the date the we terminated our relationship. This will be later of:

  • the date that all financial matters on a claim were concluded
  • the date that we advised you we could not help you further with your claim
  • the date that you cancelled our services.


Where we have managed more than 1 claim, this will be the latest date across all such claims.


Your right to access

Under the Regulations, you have the right to obtain confirmation that your Data is being processed and also access to the Data we hold. You also have the right to supplementary information, however, this largely corresponds to the information which is provided in this document, where a copy will be supplied.


Generally, you have the right to obtain this information free of charge and within 1 month of us receiving your request.


On rare occasions where the request is manifestly unfounded, excessive, repetitive or where you request further copies of the same information already supplied, we will be entitled to charge a reasonable fee to cover our administrative costs. We will advise you in advance if we intend to charge this fee and ask you to confirm your acceptance of it by making payment to us at that point. Where one of the above applies we may also refuse to responds to your request, we will notify you of this refusal and provide details of the actions you may take if you are unhappy with this decision.


When making such a request, you must provide sufficient information about yourself to enable us to verify your identity.

Your right to rectification

Under the Regulations, you have the right to have your Data rectified if it is inaccurate or incomplete.


If we receive such a request, we will normally complete the rectifications and respond to you within 1 month to advise you that this has been done. In the unlikely event that we are not willing or able to take action in respect of your request to rectify your Data we will notify you of this and provide details of the actions you may take if you are unhappy with this decision.


Where we have disclosed your Data on to third parties, when it is possible to do so, we will inform them of the rectification. We will also, where appropriate, advise you of the third parties that your Data was passed to.


Your right to erasure

Under the Regulations, in some circumstances, you have the right to ask us to erase your Data and to prevent us from processing it.


We may, however, have the right to refuse this request, even if you withdraw your consent, on the following basis:

  • We have an overriding legitimate interest to retain your Data and a record of our transacting with you to allow us to investigate the matter as required by our regulator, and defend ourselves in the event that you make a complaint against us.
  • Should the complaint be escalated to involve legal action we have a legitimate interest to storing and processing your Data in defence of a legal claim.


We will advise you at the time whether we are able to carry out your request, or whether we deem that there is an overriding basis to continue to store and process your Data.


Where we have disclosed your Data on to third parties, when it is possible to do so, we will inform them of your request to have your Data erased.


Your right to restrict processing of your Data.

Under the regulations, you have the right to ‘block’ the processing of your Data. When the processing is restricted, we may still store your Data, but may not process it. We will allow a block to be placed on the processing of your Data in the following circumstances:

  • If you contest the accuracy of the Data we hold about you we will restrict the processing until we have verified the accuracy of it.
  • If you object to the processing of your Data we will restrict the processing until we have decided whether our legitimate grounds to process it override your grounds not to process it.
  • If processing your Data is, or becomes, unlawful, but instead of asking is to erase it, you request that we restrict the processing of it instead.
  • If we no longer need the Data, but still require it to establish, exercise or defend a legal claim.


If, following a restriction being placed on processing your Data, we decide to lift this restriction, we will advise you of this and explain why.


Where we have disclosed your Data on to third parties, when it is possible to do so, we will inform them of the restriction on processing your Data.


Your right to data portability

Under the regulations, you have the right to ask us to provide certain Data you have provided to us in a structured, commonly used, machine-readable form. In simple terms, this means a computer file containing your Data which another organisation can import directly into their computer systems. The aim of this right is to make it easier for you to switch providers without having to manually obtain and re-enter all your details. This right is ONLY applicable where:

  • The processing is carried out by automated means (this excludes paper files); and
  • We are processing the Data based on your individual consent or for the performance of the contract between us.


It should also be noted that this right is limited to Data that you provide to us. This may be through the application form, or through Data we collect, based on your actions, as you use our services. It does not include any Data that has been generated by us about you, such as our decision making or processes.


We will also, upon your request, and provided it is technically feasible, transmit this Data electronically to another organisation.


We will aim to carry out your request without undue delay, but in any case, we will take no longer than 1 month. If the request is complicated, we may extend this by two further months, but we will contact you within the initial month to provide more details on this.


We will normally produce the file in CSV format.


Before we will carry out this request we need to make sure that we can adequately identify you. If we cannot do this based on the information you provide in the request, we will ask for additional information to be supplied. We will only provide this Data when we have reasonably assured ourselves that it is you that is making the request.


Additionally, where you have asked us to transmit the Data to another organisation, we will only do this where the security of the file during transit can be assured. We will advise you whether we consider your requested transmission method to be adequately secure when we receive your request.


Note: The ‘right to data portability’ is not the same as the ‘right to access’. The right to access may provide you with more of the information that we hold on you as it will include more than just the Data you have supplied, however under the right to access, the data will not be provided in a machine-readable format and therefore will be unlikely to be easily imported into another organisations systems. As a rule of thumb, if you want to move your Data, portability is probably the best option, if you want to see for yourself what we hold about you, then it’s the right to access that should be considered.

Your right to object

Under the regulations, you have the right to object to us processing your Data for the following purposes:

  • Where we process your Data for our own legitimate interests.
  • Where we process your Data for direct marketing purposes.
  • Where we process your Data for research purposes.


You will be given your right to object to Direct Marketing during the application process. We will only carry out such marketing where you have given your explicit consent. We will stop such marketing if, at any stage, you advise us that you have changed your mind. More details can be found in the section on Direct Marketing.


If you object to us processing your Data on the basis of our own legitimate interests, we will stop processing UNLESS we can demonstrate to you that our interests will over-ride your own interests in this matter.


If you object to us processing your Data for research purposes, you must have grounds relating to your particular situation in order to exercise this right.

Your right to withdraw consent at any time

You have the right to withdraw your consent as a legal basis for processing your Data at any time. This can be done by contacting us using any of the contact methods provided in the first section of this Privacy Policy.


When you withdraw your consent, you may prevent is from carrying out some, or all, of the tasks you have asked us to perform on your behalf. In these circumstances, we will not be liable for the results of us not being able to fully execute our role in the process, including things that we have been unable to do which have led to us failing to provide the agreed service.


Even after you have withdrawn your consent as a legal basis for processing your Data, we may still be able to perform some, or all, of our actions using one or more of the other legal bases provided under the Data Protection Regulations. More details of these can be found in the section Purpose & legal basis for processing your data.


Your right to lodge a complaint with a supervisory authority

If you are unhappy with anything we have done, or not done, regarding your Data and the Data Protection Regulations, you have the right to make a complaint to our supervisory authority. In the UK the supervisory authority is the Information Commissioner’s Office (ICO). They can be contacted by:

  • Phone – 0303 123 1113
  • Live Chat – Via https://ico.org.uk/concerns/
  • Post – Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF


As a responsible Company, we would always prefer the opportunity to work with you to resolve your complaint ourselves before you contact our supervisory authority. If you would be happy for us to do this, please contact us using one of the methods in the first section of this document. You can always refer the matter to the ICO at any point if you are unhappy with the way we are dealing with it.


The provision of your Data

You are not required by any statutory (legal) or contractual requirement to provide us with any of your Data before you sign our Terms of Service. If however, you do not supply the information request on the claim form we will be unable to proceed with providing you the service.


After this point, unless you cancel our service in accordance with our Terms of Business, you will be required to provide us such information, as may be requested from time to time, which is reasonably required in order to submit and manage your claim.


If you do not provide us with the Data requested after signing the Terms of Business, we may be unable to carry out the claims management role that you have asked us to do when you apply. This may also put you in breach of our Terms of Business


The existence of Automated Decision Making (ADM) and your right in relation to automated decision making and profiling

Under the regulations, in some circumstances, you may have the right not to be subject to a decision which has been based on automated processing and produces a legal or similarly significant effect on you. Under these circumstances, your rights include obtaining human intervention, expressing your point of view or obtaining an explanation of the decision and then challenging it.


We do not use Automated Decision Making or Profiling in our processes.

Data Security

What we will do

We will ensure that we take all reasonable steps to protect your Data at all times. This includes, but is not limited to:

  • Preventing unauthorised access to your Data.
  • Preventing the loss of your Data.
  • Preventing your Data becoming inadvertently altered or corrupted.


We will only store your Data on secure servers, whether owned by us or another Data Processor. Where we transmit your data over the internet we will use a recognised encryption method such as https.


What you need to be aware of

Please remember that communications over the internet, such as emails and webmail’s (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered – this is the nature of the internet. We cannot accept responsibility for any unauthorised access or loss of Data that is beyond our control or occurs before we are in receipt of the data.



When we provide services, we want to make them easy, useful and reliable. This sometimes involves placing small amounts of information on your computer. These are called ‘cookies’.

These cookies cannot be used to identify you personally and are used to improve services for you. A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website.


Cookies are used by many websites and can do a number of things, for example remembering your preferences, recording what you have put in your shopping basket, and counting the number of people looking at a website.


We use cookies that are essential in order to enable you to move around our website and use its features when applying for your loan. Without these cookies, we would be unable to provide services you have asked for.


We use Google Analytics cookies to collect information about how visitors use our website and to help us ensure it is tailored to our customers’ needs and interests. These cookies only collect information in an anonymous form, including the number of website visitors and the pages visited. No Data is collected or stored by Redbridge Finance Limited. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout


A number of websites provide detailed information on cookies, including AboutCookies.org and AllAboutCookies.org.


If you have any queries about these or would like more information, please contact us using the details in the first section of this document.



The Website may include third-party advertising and links to other websites. We do not provide any personally identifiable customer information to these advertisers or third-party websites.


These third-party websites and advertisers, or internet advertising companies working on their behalf, sometimes use technology to send (or ‘serve’) the advertisements that appear on the Website directly to your browser. They automatically receive your IP address when this happens. They may also use cookies, JavaScript, web beacons (also known as action tags or single-pixel gifs), and other technologies to measure the effectiveness of their ads and to personalise advertising content. We do not have access to or control over cookies or other features that they may use, and the information practices of these advertisers and third-party websites are not covered by this Privacy Policy. Please contact them directly for more information about their privacy practices. In addition, the Network Advertising Initiative offers useful information about internet advertising companies (also called ‘ad networks’ or ‘network advertisers’), including Data about how to opt-out of their information collection.


We exclude all liability for loss that you may incur when using these third party websites.