Richardson mail provides services to you including; the investigation into all claims of mis-sold Payment Protection Insurance (PPI), Repayment Option Plan (ROP), Packaged Bank Account (PBA) and Payment Break Plan (PBP). This Privacy Notice explains how we collect, use and store your personal information.

When you become a customer of Richardson Mail, our lawful basis for processing your personal information is ‘contractual’. In some cases, we may also process information where we have a legitimate interest to do so, as explained in this Notice. If you share any special category data with us (such as information about your health or medical needs), we will only process this with your explicit consent.

Who Collects Your Data?

Richardson Mail has its own Data Controller. This is the entity responsible for ensuring that all information we hold about you is handled correctly, and they are is registered with the Information Commissioner’s Office (ICO), the data protection regulator. Your Data Controller will be made clear in your initial documentation.


Data Controller Data Protection Registration Number Why we need the data and what we do with it
Richardson Mail Limited Z3263339 If you use our claims management services


You can check the data protection registration of all UK firms on the ICO’s website at

How Do We Collect Your Information?

We may receive your personal information directly from you and any third party you appoint to act on your behalf, such as a partner or carer. Depending on the service you enter into, we may also receive information from your bank, creditors, or law enforcement.

We use cookies and plug-ins (e.g. Google Analytics and WordPress) to collect information about visitors to our website. Our site automatically logs your IP address, browser version and the type of device you are using in order to provide the best possible version of the site for how you’re viewing it. Cookies are text files placed on your computer to track how people use the site and compile statistical reports on activity, such as how long people stay on individual pages. For more information on what cookies are and how they work, visit www.aboutcookies.orgor

You can set your browser not to accept cookies, as explained in the links above, but this may mean some features of our sites do not function correctly. If you use your browser to save your password information or similar data for auto-fill forms, we do not have access to these details.

What Personal Information Do We Collect?

In order to provide your chosen service, we use Personal Information (data) that uniquely identifies you and your personal situation. The table below explains the information we collect and why.

Type of Personal Data Why we need the data and what we do with it
Personal Descriptors
e.g. Your name, age, date of birth, or address
We require this to identify and communicate with you. We may also require copies of photo ID, such as passport or driving licence, which will be explained in advance.

You cannot opt out of providing this information.

Employment Information
e.g. Your occupation, pay date, employment status (self-employed, full or part time)
This is a contractual requirement for our financial services as this helps us to assess eligibility for each potential solution.

You cannot opt out of providing this information.

Health Information
(also called Special Category Data)
e.g. details of physical or mental conditions, and/or sick notes
We may collect certain Special Category data to identify if you are potentially vulnerable or require further support from us to effectively use our services, but this information will only be stored or used by us if you explicitly consent to this.

You do not have to provide this information

Technical Information
e.g. IP address, cookies, IMEI mobile handset code, smart meter data
If you visit our websites, we collect your IP address, browser type and use cookies.

You can deactivate the use of cookies in your browser as explained below

How Do We Use Your Information?

The main lawful basis for us to process your information is ‘contractual’. This means that in order to provide the services you requested from us, we need to use your personal information.

For example  if you have contacted Richardson Mail about starting a Payment Protection Insurance claim, we will need to collect information from you regarding your previous names, addresses and details of your accounts held with creditors in order to complete the investigation on your behalf.

In some circumstances, the lawful basis for processing your information may change. For example, if we need to prioritise your vital interests – such as protecting your life – we will take any actions we deem necessary, such as contacting the emergency services.

The lawful basis may also change to ‘legitimate interests’ where we identify a benefit to using your data outside of our usual contractual service, such as statistical data purposes (though this is usually anonymised to safeguard your information). We may also use our legitimate interests to try and benefit you by letting you know about other services we offer that we think you would be interested in. Richardson Mail at this time does not have any other services to offer, however should this change, we will notify you.

How Do We Transfer and Share Your Information

We may share your information with third parties in order to provide the agreed contract. For example, if you begin your PPI claim, we will need to provide details such as your current address and name to your creditor in order for them to identify you and locate your account with them.

Where identity checks are require we can use Experian Limited, the UK’s largest credit reference agency, to complete a ‘soft search’ of your credit file. This does not impact your credit score. Experian will not use your data for any other purpose. You may be required to provide a copy of your passport, driving licence or other proof of identity to confirm your identity via Experian.

We may also use external consultants and specialists, and outsource aspects of our processes to other firms some of whom may be located outside of the European Union. We keep outsourcing activity to a minimum but may use external organisations to assist us with services like call quality monitoring, auditing, scanning of documents, record keeping, printing facilities and marketing. For example, we use Omni-Sign to provide secure facilities for electronically signing/returning documents. All outsourced service providers are carefully vetted and monitored to ensure your information is safeguarded.

You also have the option to appoint someone, such as a spouse or carer, to act on your behalf and deal with Richardson Mail for the majority of our services. You will need to provide separate explicit consent for us to be able to share your information with them, and you can revoke this consent at any time.

In accordance with our legal obligations, we may be required to share information with the police, other law enforcement agencies, government departments or regulatory bodies. We do not share your information with any company outside of Richardson Mail without your consent.

How Do We Secure and Retain Your Information?

We must retain your information for the full duration of our contractual relationship with you to enable us to provide our service. We will keep your information for a maximum of seven years following the closure of your account to comply with our legal and regulatory requirements. Any personal data we do not believe is necessary to provide our services and all information outside of the retention period is securely destroyed and deleted.

All personal information we hold is securely stored and we conduct our services through computer systems with any paperwork or documents we receive scanned to these systems. If you need to send us important documents, please ensure you keep a copy as we cannot guarantee we will be able to return originals. If we need to forward documents on to any third parties we will ensure that all reasonable measures are taken to ensure their safe delivery and return.

We conduct regular testing of our cyber and physical security procedures to ensure these are sufficiently maintained. If at any time we believe there has been a breach of your personal data, we will notify you immediately. If you believe your personal information may have been shared with an unauthorised third party, you must let us know as soon as possible. You are responsible for keeping any personal passwords, pin numbers or similar security information private.

If you have any concerns about how we have handled or protected your information, we would hope that you contact us to discuss this but you can also escalate your concerns to the UK’s data protection regulator, the Information Commissioner’s Office (ICO). For more information, visit

What Are Your Individual Rights?

Under the Data Protection Act 2018, you can enact any of the below rights at any time:

1. You have the right to access all information we hold about you at any point, and you can request copies of all data we have by contacting us at the details below. Your data will be provided free of charge unless your request is excessive or repetitive, for which Richardson Mail reserves the right to charge an administration fee of £10.00. You must contact us to exercise this right and we will respond within one month.

2. You have the right to rectify any information you believe is incorrect. Richardson Mail regularly refresh and check your data to make sure it is as accurate as possible but if you believe any details are incorrect, you can request this is amended or removed by contacting us. We will respond within one month to confirm the actions we have taken.

3. You have the right to request the erasure of your informationif you withdraw consent to Richardson Mail processing your data. You should contact us to request this and we will respond within one month. Please note that any right to erasure is overridden by our legal and regulatory record-keeping requirements.

4. You can restrict the processing of your data in certain circumstances, for example; if you contest the accuracy of the information or if you object to us processing the data we hold about you. You should contact us to request this and we will respond to confirm what action we have taken within one month.

5. You have the right for your data to be portable, which means that we can provide you with key personal information in a structured, commonly used and machine readable form free of charge. This enables you to transfer data to other companies easily and, if required, Richardson Mail can supply this information directly to another firm if technically feasible. You should contact us to request this and we will provide your data within one month, though this can be extended to two months for complex cases.

6. You have the right to understand and control automated decision making. When providing our services, we may use profiling and automated decision processes, such as to identify a customer’s eligibility for debt solutions. We have additional checks in place to protect vulnerable groups and oversee the accuracy of our systems, but users (you) can request human intervention, challenge decisions, or contact us to opt out of automated decision making at any stage.

7. You have the right to withdraw your consent at any time. You cannot remove your consent to some information we process without the contract being terminated (i.e. any data required to meet our contractual obligations) but you have the right to withdraw from the contract.


All customers of Richardson Mail are asked to provide their marketing preferences at the outset of their contract and, in most cases, at least annually thereafter. You will only receive marketing about third party products or services if you have explicitly informed us you wish to be sent this. We do not share your information with any third party companies for marketing without your explicit consent, and you can withdraw this consent or change your marketing preferences at any time

Over the course of your contract, we may have a legitimate interest to notify you of other products and services that Richardson Mail provides which we reasonably believe may be of benefit to you. If you have explicitly stated that you do not want to receive any marketing material, you will be excluded from this consideration. You can withdraw or amend your consent for marketing at any time.

Please note that you will likely receive routine information from Richardson Mail regarding updates of your PPI claim. This type of information is not marketing material but you can change how we contact you with this information at any time.

How to contact us

Email (all customers):

Post (all customers): Richardson Mail Limited, Stamford House, Northenden Road, Sale, M33 2DH

Phone: 0161 905 1308

Changes to our Privacy Notice

If we change how we plan to use your information in the future, we will give you a minimum of 14 days’ notice of this. You have the right to refuse any such changes but it may result in the termination of our service if this refusal affects our ability to provide the contractual service to you. Please contact us if you have any questions about this Privacy Notice or information we hold about you.