Privacy and Data Protection Policy Statement

How We will use Your Information

We take your privacy very seriously. This policy explains what personal information In Control Debt Solutions Limited collect about you and how we use this information. We encourage you to read this policy thoroughly. To make it easier, we’ve broken it up into sections and longer sections have headings and a summary.

General Data Protection Regulation (‘GDPR’) from 25 May 2018

Data protection law is changing in the UK with the Data Protection Act 1998 (‘DPA’) being replaced with the European General Data Protection Regulation (‘GDPR’) from 25 May 2018. This Privacy Statement explains how we process your information and your rights under both the Data Protection Act 1998 and GDPR.

In Control Debt Solutions will use your information only to contact you to discuss the provision of debt solutions and related services, which includes PPI reclaims services where we are endeavoring to reduce your debt levels. Where the service you have requested is provided on our behalf by a third party then we will notify you of that fact (e.g. where a personal insolvency practitioner is reviewing your file). We will treat all Your Personal Information as defined by the Data Protection Act 1998 and General Data Protection Regulation as confidential (although we reserve the right to disclose this information in the circumstances set out below). We will keep it on a secure server and we will fully comply with all applicable UK data protection and consumer legislation from time to time in place.

Where you provide the name(s) or other personal information about family/household members you confirm that you have their consent to do so for the purposes set out in our Privacy Policy. Where this relates to children under the age of 18 then this usually only requires disclosure of their ages for the purposes of calculating expenditure and child benefit allowances.

Any information we collect and hold is used to help us improve the quality of our service, including electronic call recordings, SMS messages, e-mails and secure messages between you and us.

Use of Personal Information

We confirm that any Personal Information that we collect about you, from which we can identify you, is held in accordance with the requirements of the Data Protection Act and GDPR.

We use your information only for the following purposes:

• Provision of debt counselling and debt adjustment services as defined by the Financial Conduct Authority (FCA), who are our primary regulator
• Provision of PPI reclaims services as defined by the Claims Management Regulator
• Provision of financial services and advice
• Debt administration and factoring
• Undertaking Know Your Client (KYC) checks
• To administer our websites
• Accounts and records
• For the prevention and detection of crime and the prosecution of offenders
• Advertising, Marketing and Public Relations on our own behalf or on behalf of third parties (subject to your consent)

When we contact you and collect Personal Information from you for any other reason than delivery of our core debt management and claims management services, you will be given the option to receive information from In Control Debt Solutions, or its business partners by post, e-mail, SMS or telephone, about products, promotions or special offers which we feel may be in your best interests. In the event that you do not wish to be contacted for such purposes, you will be given the opportunity to opt out of receiving information about such products, promotions or special offers from us or our trusted business partners. Your consent will be periodically refreshed.

We will not release your Personal Information or that of any family/household members to any company outside of In Control Debt Solutions for marketing purposes without your or their explicit consent. You may unsubscribe from our mail, e-mail, telephone or SMS contact list at any time by replying to a promotional e-mail or SMS message with the word “STOP” in the subject line; by e-mailing us at or telephoning us on 01392 459 267 between 9:00 am and 5:00 pm.

Your Personal Information may be disclosed to reputable third parties who will help process any account you may have with us. In Control Debt Solutions requires all such data processors to treat your personal information as fully confidential and to fully comply with all applicable UK data protection and consumer legislation from time to time in place.

You should be aware that if we are requested by the Police or any other regulatory or government authority investigating suspected illegal activities to provide your Personal Information and/or User Information, we may be legally required to do so.

We use Cookies to personalise your experience and so that you may retrieve your details at any time – if you do not accept Cookies You may be unable to use these facilities on our Website. See “About cookies” for further details. Any changes to this policy will be posted on our website or notified to you in writing. The policy is version controlled.

Your rights under Data Protection Law

We operate under the Data Protection Act 1998 (‘DPA’) as replaced by the European General Data Protection Regulation (‘GDPR’) from 25 May 2018. The DPA and GDPR apply to ‘personal data’ that we process and the data protection principles set out the main responsibilities we are responsible for.

We must ensure that personal data shall be:

a. Processed lawfully, fairly and in a transparent manner;
b. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
c. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d. Accurate and where necessary kept up to date;
e. Kept for no longer than is necessary for the purposes for which the personal data are processed. We operate a data retention policy that ensures we meet this obligation.

We only retain personal data for the purposes for which it was collected and for a reasonable period thereafter where there is a legitimate business need or legal obligation to do so. For detail of our current retention policy contact our Data Protection Officer at In Control Debt Solutions at

f. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

We will ensure lawful processing of personal data by obtaining consent; or where there is a contractual obligation to do so in providing appropriate products and services; or where processing the data is necessary for the purposes of our legitimate interests in providing appropriate products and services.

In the majority of cases we process personal data based on your contract (i.e. Debt Management Agreement) with the us. In other cases, we process personal data only where there are legitimate grounds for so doing.

To meet our data protection obligations, we have established comprehensive and proportionate governance measures. We have our own dedicated Data Protection Officer (DPO) to oversee data protection compliance through:

a. Implementing appropriate technical and organisational measures including internal data protection policies, staff training, internal audits of processing activities, and reviews of internal HR policies.
b. maintaining relevant documentation on processing activities.
c. implementing measures that meet the principles of data protection by design and data protection by default including data minimisation, pseudonymisation, transparency, deploying the most up-to-date data security protocols and using data protection impact assessments across our organisation and in any third party arrangements.

Your rights under Data Protection Law

You have a right to receive a copy of the personal data that we hold about you. Under the current DPA, we have the discretion to make a charge of £10.00 towards the cost of administration, although currently we do not charge for this service. To obtain a copy of the personal information we hold on you, please write to us at the address below or ring us on 01392 459 267 between 9:00 am and 5:00 pm and provide us with your details or ask for a Subject Access Request form.

Under the DPA you also have a number of additional rights in respect of your personal data. The Information Commissioner’s website provides guidance on these at

Questions regarding this Privacy Statement should be directed to:

Data Protection Officer
In Control Debt Solutions
2nd Floor, 11-15 Dix’s Field
Exeter EX1 1QA

From 25 May 2018 under the GDPR you have the following specific rights in respect of the personal data we process:
1. The right to be informed about how we use personal data. This Privacy Statement explains who we are; the purposes for which we process personal data and our legitimate interests in so doing; the categories of data we process; third party disclosures; and details of any transfers of personal data outside of the UK.2. The right of access to the personal data we hold. In most cases this will be free of charge and must be provided within one month of receipt.
3. The right to rectification where data are inaccurate or incomplete. In such cases we shall make any amendments or additions within one month of your request.
4. The right to erasure of personal data, but only in very specific circumstances, typically where the personal data are no longer necessary in relation to the purpose for which it was originally collected or processed; or, in certain cases where we have relied on consent to process the data, when that consent is withdrawn and there is no other legitimate reason for continuing to process that data; or when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
5. The right to restrict processing, for example, while we are reviewing the accuracy or completeness of data, or deciding on whether any request for erasure is valid. In such cases we shall continue to store the data, but not further process it until such time as we have resolved the issue.
6. The right to data portability which, subject to a number of qualifying conditions, allows individuals to obtain and re-use their personal data for their own purposes across different services. A common example of this in a wider context is switching bank accounts.
7. The right to object in cases where processing is based on legitimate interests, where our requirement to process the data is overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling); or for processing for purposes of scientific/historical research and statistics, unless this is for necessary for the performance of a public interest task.
8. Rights in relation to automated decision making and profiling.

Please contact our Data Protection Officer at In Control Debt Solutions on for more information about the GDPR and your rights under Data Protection law.

Alternatively, contact our supervisory authority for data protection compliance (

Information Commissioner’s Office
Wycliffe House
Water Lane
Cheshire SK9 5AF
Telephone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

About cookies

Cookies are pieces of information that a website transfers to your computer’s hard disk for record-keeping purposes. Cookies can make the internet more useful by storing information about Your preferences on a particular site, such as Your personal preference pages.

The use of cookies is an industry standard, and most websites use them to provide useful features for their customers. Cookies in and of themselves do not personally identify users, although they do identify a user’s computer. Most browsers are initially set to accept cookies.

We use the following cookies:

• Strictly necessary cookies. These are cookies that are required for the operation of our website.
• Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Read more about cookies:

If you would prefer, you can set yours to refuse cookies. However, you may not be able to take full advantage of a website if you do so.

We use the following cookies:

Cookie description



This cookie is typically written to the browser upon the first visit to our site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits our site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to our site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure.


This cookie is used to establish and continue a user session with our site. When a user views a page on our site, the Google Analytics code attempts to update this cookie. If it does not find the cookie, a new one is written and a new session is established. Each time a user visits a different page on our site; this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals. This cookie expires when a user pauses on a page on our site for longer than 30 minutes.


This cookie stores the type of referral used by the visitor to reach our site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to our site.


This cookie stores that you have seen the initial message on our site about cookies. The cookie is updated with each page view to our site.


Links to other web sites

This Privacy Statement only covers the web services offered from this site. Other websites are governed by their own privacy statements.

Updates to this Privacy Statement

This Privacy Statement will be kept under continual review, and changes may be made from time to time.