Terms of Use | Privacy Policy | Cookies Policy | Diversity Statement |
About Us
Why Sell?
Resources
Contact Us
Are you a
customer?

Privacy Policy

This Privacy Policy explains how MFDP Ltd (“we”, “us”, “our”) collects, uses, stores and protects personal data in connection with our activities as a debt purchase business.

We are authorised and regulated by the Financial Conduct Authority (FCA) and are committed to handling personal data in accordance with the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018, and applicable FCA rules and guidance.

1. Who We Are

MFDP Ltd
Authorised and regulated by the Financial Conduct Authority – FRN 992807
Registered in England and Wales – Company number 14225831

Registered Office:
800 Mandarin Court
Centre Park
Warrington
WA1 1GG

Email : dpo@mfdp.co.uk
Telephone : 01925 358 216

For the purposes of data protection law, we are a Data Controller in respect of personal data we process.

2. Regulatory Context

As an FCA-authorised firm, we are required to process personal data in a manner that supports:

  • Treating customers fairly
  • Consumer Duty obligations
  • Complaint handling and redress
  • Record-keeping and audit requirements
  • Anti-money laundering (AML) and financial crime prevention
  • Regulatory reporting and supervision

This may require us to retain and process personal data for regulatory purposes even where a business relationship has ended.

3. Scope of This Policy

This policy applies to:

  • Creditors, lenders, and businesses that sell or assign debt to us
  • Brokers, introducers, and servicing partners
  • Business representatives and contacts
  • Users of our website
  • Individuals whose personal data is included in debt portfolios acquired by us

This policy complements, but does not replace, any contractual data protection provisions agreed with portfolio sellers.

4. Personal Data We Process
4.1 Business and Professional Contacts which may include:
  • Name
  • Job title and role
  • Business contact details
  • Employer or organisation
4.2 Debtor and Account Data

Where debt is sold to us, this may include:

  • Identity information (name, date of birth)
  • Contact information (address, phone, email)
  • Account information and reference numbers
  • Financial information (balances, payments, arrears status)
  • Account history and status
  • Vulnerability flags or customer support indicators (where provided and lawful)
  • Dispute, complaint, or forbearance information
4.3 Regulatory and Compliance Data
  • Call recordings and correspondence
  • Complaint records
  • Affordability and vulnerability assessments (where applicable)
  • AML and fraud prevention data
4.4 Website and Technical Data
  • IP address
  • Device and browser data
  • Usage analytics
  • Cookies (see Cookie Policy)
5. Sources of Personal Data

We may receive personal data from:

  • Portfolio sellers and assignors
  • Servicing agents and collection partners
  • Brokers and introducers
  • Credit reference agencies
  • Fraud prevention agencies
  • Publicly available sources
6. Lawful Bases for Processing

We process personal data under the following lawful bases:

  • Performance of a contract – to purchase, administer, and manage debt portfolios
  • Legal obligation – to comply with FCA rules, AML laws, complaints handling, and regulatory record-keeping
  • Legitimate interests – to conduct due diligence, manage risk, operate our business, and communicate with partners
  • Consent – where required (e.g. certain marketing or optional processing)
7. How We Use Personal Data

We use personal data to:

  • Assess, price, and purchase debt portfolios
  • Comply with FCA regulatory requirements
  • Prevent fraud and financial crime
  • Conduct audits, quality assurance, and compliance monitoring
  • Meet Consumer Duty obligations
  • Maintain business records and reporting
8. Data Sharing and Disclosure

We may share personal data with:

  • FCA and other regulators
  • Professional advisers (legal, audit, compliance, risk)
  • Debt collection and servicing agents
  • IT and secure data hosting providers
  • Credit reference and fraud prevention agencies
  • Courts, ombudsman services (including the Financial Ombudsman Service), and law enforcement
  • Prospective purchasers or assignees of debt

All sharing is subject to appropriate data processing agreements and security controls.

9. International Transfers

Where data is transferred outside the UK, we ensure appropriate safeguards, including:

  • UK adequacy regulations
  • International Data Transfer Agreements (IDTAs)
  • Other approved transfer mechanisms
10. Data Security

We maintain robust security measures, including:

  • Role-based access controls
  • Encryption and secure transmission
  • Secure physical and electronic storage
  • Staff training and confidentiality obligations
  • Breach detection and incident response procedures
  • Regular compliance and security reviews
11. Data Retention

We retain personal data in line with:

  • FCA record-keeping requirements
  • Legal and regulatory obligations
  • Limitation periods
  • Legitimate business needs

Data may be retained for extended periods where required for regulatory, audit, complaint, or legal purposes.

12. Individual Rights

Individuals have rights under UK GDPR, including the right to:

  • Access personal data
  • Request correction of inaccurate data
  • Request erasure (where applicable)
  • Restrict or object to processing
  • Request data portability

Certain rights may be limited where we are required to retain data to meet FCA or other legal obligations.

13. Complaints and the ICO

If you have concerns about our use of personal data, please contact us first.

You also have the right to complain to:

Information Commissioner’s Office (ICO)
Website: https://www.ico.org.uk

Telephone: 0303 123 1113

Bottom Img

Get in touch with us