Who are we?
We’re Refund Ultimate. We specialise in Claims Management Services.
This notice explains how and why we use your personal data when you contact us to potentially start a claim (you’re a Potential Client), or contract for our Claims Management Services (you’re a Client).
Have a question about something in this notice, or want to contact our Data Protection Officer? Complete a contact us form and highlight it for the attention of the DPO.
Navigating this Privacy Policy
For the purposes of data processing we refer to you as either a Potential Client or a Client depending on your relationship with us. So that you can navigate your way through the policy easily, we’ve split it into three sections:
Potential Clients: this section is relevant to any potential customers who have not entered into a contract with Refund Ultimate
Client: this section is relevant if you have entered into a contract with Refund Ultimate
Everyone: this section is relevant to all individuals who engage with us, including potential clients and clients.
Throughout this policy, we refer to your personal information as your data
Potential Clients
Why we require your data
When you provide your data to us, you consent to us using your personal information to:
Contact you about the Claims Management Services we offer using the contact methods you’ve chosen, which could include telephone, SMS, email and/or post;
Administer our website, including ensuring that we can enable your use of the services on our website (including enquiries and complaints about our website) and improve your browsing experience by personalising the website.
The data we require
When you’ve contacted us about your claim, in order to move forward we need you to provide your full name, postal address, telephone number and email address. We’re likely to also need information about your case, such as the events that took place as well as the amount that you lost.
Once we receive this information we’ll use your data to email you a Welcome Pack that includes full information about our services for you to sign. If you don’t want to provide this information or sign our contract contained in the welcome pack, then we won’t be able to offer our Claims Management Services to you.
Data Retention
We’ll keep your contact details following an enquiry for a maximum period of three years. During this time we may contact you using the contact details you provided in order to offer you our Claims Management Services. We’ll reach out using the contact methods you’ve selected which could include:
Telephone / SMS
Email, Post
We’ll take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We’ll store all the personal information you provide on our secure servers that are subject to strict security requirements.
Withdrawing your consent
You can withdraw your consent to us contacting you through any medium at any time. You can do so verbally via telephone or in writing via email, live chat or through the post using our contact details.
Clients
The data we require
When you’ve contracted with us, we need you to hold your full name, postal address, telephone number and postal address. We need to hold details about your case, such as the events that took place as well as the amount that you lost.
In the process of working your claim, we speak to the banks / lenders relevant to your claim and potentially the Ombudsman Service. During this process, we may obtain and store other personal data, such as bank account details or finance agreements relevant to the claim and complaint reference numbers. If you don’t want us to process this information then we won’t be able to offer our Claims Management Services to you.
How we’ll process your data
While using our Claims Management Services, you agree for us to process your personal information through signing our Letter of Authority which means you agree to our Terms & Conditions, allowing us to:
Supply to you Claims Management services under our Agreement which involves us sharing your information with the banks / lenders relevant to your claims as well as the Ombudsman Service
Contact Third Parties on your behalf, with your specific instruction
Provide you with updates via email, telephone, SMS or post
Send statements and invoices to you and collect payments from you. We reserve the right to share your data with relevant third parties in order to collect funds in the event that we’re due funds and you’ve failed to make payment within the expected timescale.
Data Retention
Once you’ve entered into a contract with us, we’ll keep your data for as long as necessary to fulfil the purpose it was collected for (our Claims Management Services). We’ll normally keep your data for 6 years starting from the date of the conclusion of your last contract. After this time has expired we’ll delete the information or anonymise it so that it can’t be linked to you.
The retention of your data enables us to provide our Claims Management Services to you, and fulfil our legal obligations including our accounting requirements and our regulatory obligations, such as complaint handling.
We’ll take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We’ll store all the personal information you provide on our secure servers that are subject to strict security requirements.
Updating your contact preferences
You’re able to opt-out of contact at any time letting us know via telephone, email, SMS or post. While under contract, you’re unable to withdraw consent for postal communications, as we require this method of contact to fulfil our regulatory obligations.
You’re able to withdraw consent verbally via telephone or in writing via email or post using the contact details listed in this policy and on our website.
FAQs
I was under contract with you but decided to cancel before we received an outcome. What happens to my data?
When you’ve contracted with us, we keep your data for as long as necessary to fulfil the purpose it was collected for (our Claims Management Services). If you’ve cancelled your contract with us, that data is only necessary in case we believe that, at a later date, our fee will become payable. We’ll therefore normally keep your data for 6 years starting from the date of the conclusion of your last contract (in this scenario, the date you contacted us to cancel your contract). After this time has expired we’ll delete the information or anonymise it so that it can’t be linked to you.
Everyone
Marketing
We use marketing to let you know about our services offered as well as any other services which may be of interest to you, including developments that could have an impact on the original service you engaged with us on, new claim areas, and/or similar services.
Should you no longer wish to receive information about similar products and services, you can always object to receiving marketing communications from us and we’ll stop processing your data for marketing purposes. You’re able to withdraw your consent verbally via telephone or in writing via email or post using the contact details at the start of this policy.
We may use your personal information, including information about how you interact with communications we send to make decisions about what services we think you may be interested in and tailor our marketing communications to you. This is called profiling for marketing purposes. We believe we have a legitimate interest to do this and that it is not against your rights. However, if you don’t want us to use your personal information in this way you have a right to object to this and can let us know using the contact details at the start of this policy.
What data do we collect
We’ll only collect information that we genuinely need to meet or perform the legal or contractual obligations necessary to provide you with our services, where we have a legitimate interest to do so, or where we have your permission (your consent). This will likely include the collection of:
information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit and number of page views).
information relating to any transactions carried out between you and us on or in relation to our website, including information relating to the supply of our Claims Management Services.
information that you provide to us for the purpose of registering with us (including name, address, telephone number, email address, details of the claim including loss amount and any financial information relevant to your claim).
information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters.
information required to complete our Claims Management Services that we’ll request directly from you, including your personal circumstances.
information to help us to better understand you and provide you with information about other services which may be suitable and relevant. For example, information about how you interact with electronic communications we send, such as email and text message (SMS).
any other information that you choose to send to us.
Recipients of your data
We control the use of your data in line with this policy and we don’t sell your data to third parties in any circumstances.
So that we can effectively provide our Claims Management Services to you, we’ll share your data with third parties relevant to your claims that provide critical functions in accordance with strict data security arrangements:
Our Claims Management Services: While providing you with Claims Management Services we’ll provide your data, under your specific instruction, to banks / financial services organisations relevant to your claim, any third party named by you as being relevant to your claim (such as building companies, conveyancers etc) and, if required, the Ombudsman Service.
Our Advertising: we use any third party advertising representatives to design, host and manage our advertisements on platforms such as Facebook, Google ads and others. They’ll set cookies on your device in accordance with our cookie policy.
Our Systems and IT: we use third party firms who provide essential storage arrangements (including call recordings), software and support to our infrastructure some of which are stored outside of the European Economic Area (EEA).
Communicating with you: we may use an outsourced print-house to manage our printing, they would receive a copy of postal communication to print and send this on our behalf.
Our Regulators: we may be required to provide your data to our Regulators, who include the Financial Conduct Authority, the Ombudsman Service and the Information Commissioner’s Office.
Our Professional Services: we use professional legal, consultancy and accountancy services to help us fulfil our legal obligations and help us improve our business.
Other Third Parties: we may share your data with other third parties that provide services to us where you provide consent or we believe we have a Legitimate Interest to do so, including review platforms, tracing agents, credit controllers and/or debt collectors.
We’ve carefully selected our third parties due to their commitment to keeping your data safe. If you request for us to stop processing your data, we’ll also communicate this to the relevant third parties if they’re processing this on our behalf. If you have any concerns about the above third parties, please let us know and we can provide advice and support to help you manage your data preferences.
Your data rights
As a data controller, if you request the rectification, erasure or restriction of your data, we’ll also communicate this to any third party who your data has been disclosed to.
In exercising any of your rights, we’ll take action within one month. However, should the request be complex we can extend this by a further two months. We’ll inform you of this in this event. We’ll need to confirm your identity before completing any action on your behalf, and reserve the right to not complete action until we are satisfied that you are making the request. If we cannot complete your request, we’ll inform you within one month and explain why.
Data Access
You can access your data at any time by submitting a Subject Access Request (SAR). We’ll confirm what data is being processed and provide you with a copy of your data in addition to confirming your data rights for free. However, if you make repetitive requests, we’ll charge an administrative fee of $10.
You can make this request using reasonable means, including by telephone, post or email. If you make the request by email, we’ll provide your information in a commonly used electronic format unless you instruct us otherwise.
Data Rectification
You can amend any inaccurate data that we hold by notifying us by telephone, post or email, or during the course of the provision of our services. We’ll make the amendment as soon as possible. If any data held is incomplete, you can complete this at any time. We may require this to be completed to allow us to provide our Claims Management Services.
Data Erasure
At your request we can erase or “forget” your data in the following situations:
We no longer require your data (when we have finished providing any Claims Management Services requested by you and are no longer subject to any legal or Regulatory requirements, such as accounting requirements and complaints handling);
You withdraw your consent and there is no other reason for us to hold your data;
You object to the processing, as described below;
You believe your data has been unlawfully processed; or
There is a legal obligation to erase your data.
You can make this request using reasonable means including by telephone, post or email. If you request for your data to be erased, we’ll confirm whether this can take place and the next steps that we’ll take. If we cannot erase your data, we’ll explain why and confirm any actions required to allow us to do so.
Data Restriction
At your request you can restrict us from processing your data in the following situations:
You believe your data is inaccurate;
You believe your data has been unlawfully processed but do not want us to delete your data;
We no longer need your data but it is required by you for making or defending a legal claim; or
You object to the processing, as described below, but we’re verifying this.
If you make a restriction request, we’ll still store a copy of your data but cannot use this. We’ll inform you if the restriction needs to be lifted. You can make this request using reasonable means including by telephone, post or email. If you request for your data to be restricted, we’ll confirm whether this can take place and the next steps that we’ll take. If we cannot restrict your data, we’ll explain why and confirm any actions required to allow us to do so.
Object to data processing
You can object to the processing of your data at any time. If you object, we’ll no longer process your data unless we have a compelling and legitimate reason not to do so. In this case, you’ll be informed why we can’t stop processing your data. In the event that you do this while we are providing Claims Management Services to you, it is possible that we won’t be able to continue with your claim. If this is the case our fee may still be applicable at a later date.
You can always object to receiving marketing from us and we’ll stop processing your data for marketing purposes at any time.
You also have the right to object to us using information about you and how you interact with our services to tailor our communications to you.
You can exercise your right to object to the processing of your data using the contact details at the start of this policy.
Data Portability
We can provide your data in a commonly used electronic format at your request. We can also transfer this to another entity or person where we’re processing your data with your consent or in accordance with a contract. This only applies to information processed by automated means.
Legal & Regulatory Requirements
We have regulatory requirements and other legal requirements that may require us to use your data. This includes things such as complaint handling and financial record keeping. In these circumstances we may be required to keep your data by law and we’ll inform you if this is the case.
Cookies
Our cookie policy can be found here.
A cookie consists of information sent by a web server to a web server and is stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web server.
Disclosures
We may disclose information about you to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes as set out in this policy.
In addition, we may disclose information about you:
to the extent that we’re required to do so by law;
in connection with any legal proceedings or prospective legal proceedings; and
in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
Third Party Data Transfers
We may transfer and store the data we collect from you to organisations outside the European Economic Area (EEA). This would be where we have your consent, to comply with a legal duty or where we work with a third party to provide you with our Claims Management Services and they process information outside the EEA.
Where we do this, we’ll make sure that your data is protected to the same extent as in the EEA.
Third Party Websites
This policy references other websites. We’re not responsible for the privacy policies or practices of third party websites.
Complaints
If you have a complaint about how we use your personal information, you can contact us via telephone, through live chat on our website or by filling in a contact us form on our website and we’ll do our best to fix the problem. This is also how you can also reach our Data Protection Officer.
If you’re still not happy with our response, you can refer your complaint with a data protection supervisory authority in the US or where you live or work, or where you think a breach has happened.
Updates to this policy
We’ll post any changes to this privacy policy on this page and if they’re significant we’ll let you know by email.