Mis-sold Brief takes the security and privacy of the personal information that you provide very seriously and is committed to protecting and respecting your privacy. Mis-sold Brief takes every reasonable precaution to ensure that your information is used only in ways as outlined in this Privacy Policy and handled within compliance of the Mis-sold Brief Terms and Conditions.

Mis-sold Brief is registered under the Data Protection Act 2018 (the, “DPA”) and the Information Commissioner’s Office (the, “ICO”) under registration number ZA776119 and operates in accordance with these laws, as well as The Privacy and Electronic Communications (EC Directive) Regulations (the, “Directive”), and the UK General Data Protection Regulation (the, “UK GDPR”). Mis-sold Brief is the Data Controller for all information and data you give to us.

This Privacy Policy will explain how Mis-sold Brief will use your information for marketing and all other purposes. By submitting your details to Mis-sold Brief via the website, missoldbrief.co.uk (the “Site”, “We”, “Us”), or by telephone via the contact centre (the “Contact Centre”), you consent to Mis-sold Brief using your personal information in accordance with this Privacy Policy, and in particular to:

  • Administer our website, including ensuring that we can enable your use of the services on our website (including enquiries and complaints about our website) and improve your browsing experience by personalising the website.
  • Contact you about your potential financial mis-selling complaint, including payment protection insurance, packaged bank accounts, concealed commissions, mis sold pensions and investments, payday loans, mortgages and other secured lending, car finance agreements and other claims management services.
  • Contact you via the contact methods you have chosen to provide, including via text message, telephone, email and by post.

This policy sets out the basis on which any personal data Mis-sold Brief collects from you, or that you provide to Us, will be processed by. Please read the remainder of this Policy carefully to understand Mis-sold Brief practices regarding your personal data and how we will treat it.


It is necessary for this website to use cookies. In fact, most websites you visit will use cookies in order to improve your user experience by enabling that website to ‘remember’ you, either by creating session cookies (for the duration of your visit) or persistent cookies (for repeat visits). This makes the interaction between you and the website faster and easier. If a website does not use cookies, it will think you are a new visitor every time you move to a new page on the site – for example, when you enter your login details and move to another page it will not recognise you and it will not be able to keep you logged in. Cookies are also used to enable help target advertising or marketing messages based on your location and/or browsing habits. Cookies may be “first party cookies” (set by the website you are visiting) or “third party cookies” (set by other websites who run content on the page you are viewing). Third Party cookies assist with collating information to assist with analytics or targeted marketing.

What is in a cookie?

A cookie is a simple unique text file stored on your computer or mobile device by a website server. Only that website’s service is able to retrieve or read the contents of the cookie. It will contain some information such as the URL of the website, a unique identifier and some digits and numbers.

What to do if you don’t want cookies to be set

Some people find the concept of cookies intrusive. If you prefer, it is possible to block cookies or even to delete cookies that have already been set; but you need to be aware that you might negatively affect the manner in which this website responds to you and may prevent you from using certain parts of the site.

Should you wish to control the manner in which Cookies are handled on your computer, configuring your Internet browser is a free and effective way to do this. Please see the guides below to assist with the most popular Browsers:

What Cookies do we use?

This website uses the following external tracking services:

  • Google Analytics Universal Tracking
  • Google AdWords Conversion
  • Google AdWords Remarketing

Google Analytics

We use Google Analytics to analyse how website visitors interact with our website. We use this information to identify trends and help us improve our website. The cookies collect information in an anonymous form about visitors to the site, including what pages they visited, how long they stay on each page for and the number of clicks.

To opt out of Analytics for the web, please visit the Google Analytics Opt Out Page.

Google Adwords

This website uses cookies to track conversions from the sites Adwords marketing campaigns and also for the purpose of addressing visitors via remarketing campaigns with online advertising at a later point in time within the Google advertising network. For the placing of remarketing adverts, third parties such as Google Cookies use this current website on the basis of a visit. You, as a user, have option of deactivating the use of cookies via Google by visiting the Google deactivation page.

For more information on how businesses use cookies and how to manage cookies you can visit the following resources:


During the course of your interaction with Mis-sold Brief, there is various information that we will collect about you. We only collect the personal data about you that is needed to proceed with claims management services on your behalf. This includes information you voluntarily provide to us, including; name, address, email, phone number and all other information you provide to us as part of the Claims Management process.

All personal data we hold is processed by Mis-sold Brief staff in the UK. Your information is held on our servers, which are hosted by our IT provider – compliant to ISO9001 and ISO27001), also based here in the UK.

We collect, store and use the following kinds of your data:

  • information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit and number of page views);
  • information relating to any transactions carried out between you and us on or in relation to this website, including information relating to the supply of our services;
  • information that you provide to us for the purpose of registering with us (including name, address, telephone number and any financial information);
  • information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters);
  • information required to complete our services that we will request directly from you, including your personal circumstances and information about your financial products and services; and
  • any other information that you choose to send to us.

Why we need your Data

During the provision of our services, you agree for us to process your personal information through signing our Letter of Authority which means you agree to our Terms of Engagement, to allow us to:

  • Supply to you services under your contract;
  • Send you general commercial communications by the contact details you have provided to us during our services (you can update your communication preferences by using the contact details on our Contact Us Page;
  • Contact third parties on your behalf, with your specific instruction; and
  • Send you email notifications which you have specifically requested;

Please note, there is certain information and data we need to be able to complete our services for you. We will always explain what it is we need, and why we need it. If you do not provide this, we may not be able to fulfil our contractual obligations with you. If you do not wish to provide this, we have the right to terminate your contract with us in accordance with our Terms of Engagement, which you agree to by signing our Letter of Authority.

What we do with your Data and how we use it

As part of the service we provide to you, we do need to share your information with the specific Lender(s) you have stated in your instruction to us. Mis-sold Brief will not sell, assign, disclose or rent your personal data to any other external organisation or individual except in instances where the law requires us to disclose it, or where it is necessary to disclose the information to comply with a regulatory or legal process. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users of our website with our business partners, affiliates and advertisers for the purposes outlined above.

To allow us to provide our services to you, the following third parties provide critical functions to our business and will process your personal information as directed by us and in accordance with strict data security arrangements:

  • Our Services: during our services we will provide your data, under your specific instruction, to named lenders, brokers and other entities your specify and, if required, the Financial Ombudsman. We will also provide a referral to any legal partner, at your request. Before any referral is done, you will always know which Law firm we will offer to refer you to and will have the chance to review their paperwork and any charges you are agreeing to before proceeding;
  • Our Advertising: We also use third party advertising services who provide analytical information about our advertising to help us improve this in the future. In any event, the data held by analytics firms is on an anonymised basis meaning they cannot identify you;
  • Our Systems and IT: we use third party firms who provide essential storage arrangements (including call recordings), software and support to our infrastructure;
  • Our Regulators: we may be required to provide your data to our Regulators, who include the Claims Management Regulator, the Legal Ombudsman Service and the Information Commissioner’s Office; and
  • Our Professional Services: we use professional legal, consultancy and accountancy services to help us fulfil our legal obligations.

We have carefully selected our third parties due to their commitment to keeping your data safe, and, where possible, all data is processed within the UK. Where data is transmitted outside of the UK, we ensure that there are appropriate security measures in place such as technical security, including encryption and restricted access to your data.

If you request for us to stop processing your data, we will also communicate this to the relevant third parties if they are processing this on our behalf. If you have any concerns about the above third parties, please let us know and we can provide advice and support to help you manage your data preferences.

Except as described herein, we do NOT disclose your information to nor share your information with third parties.

We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorised access to systems where we store personal data.

We restrict access to personal information to our employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

We also have procedures in place to deal with any data security breach should one occur. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Legitimate Interests

We rely on legitimate interests as our lawful basis for processing. Processing is necessary for the performance of a contract to which you, the data subject is party and to take steps at the request of you, prior to entering in to a contract. We will only process your personal data in a way that you reasonably expect.

In respect of our legitimate interests, we have a legitimate interest in keeping you updated about any further services offered by us which may be of interest to you both during and after the conclusion of your contract with us, including communication of any developments that may have an impact on your original service (e.g. a change in the law that will make additional services available to you). We will use the details you have provided to contact you including by telephone, email and post. If you do not wish for us to contact you in this manner, or by a specific method, you will be able to unsubscribe at any time to one or all contact methods and this option will be easy for you to complete.

Furthermore, we offer a comprehensive service to address several areas of financial mis-selling and will help you assess any affected products. As part of this service, we can provide a direct referral to any legal partners who are able to offer specialist support in respect of alternative financial products. We will always ask for your consent before doing so and this is entirely your choice.

We also have a legitimate interest in using your data to help us to review our services and obtain analytics in respect of our customer base.

We may also be required to use your data due to a legal requirement which is placed upon us; this includes our regulatory requirements such as financial record keeping, staff training and monitoring, in addition to complaint handling. In these circumstances, we may be required to keep your data by law. We will always inform you if this is the case.

General Data Protection Regulation

We will do our utmost to ensure our requirements pursuant to the UK GDPR (including any statutory modification or re-enactment) are fully complied with at all times. As is necessary for the purposes of legitimate interests, we will use your data (Data) in the progression of your matter and will act as a “data controller” (for the purposes of UK GDPR) of your data. Specifically we will use your data for the purpose of progressing your claim including through Court, Counsel, Arbitrators, Ombudsman Schemes and Solicitor Agents and any other search in the progression of your matter.

We comply at all times with our obligations under UK GDPR, including but not limited to, taking appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal or special personal data. When considering what measures are appropriate, we shall have regard to the state of good practice, technical development and the cost of implementing any measures to ensure a level of security appropriate to the harm that might result from such unauthorised or unlawful processing or accidental loss or destruction, and to the nature of the data to be protected.

Our Data Retention Policy

Adhering to the Information Commissioner’s Office guidance and under the Financial Conduct Authority’s rules, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for a reasonable period. This extends to keeping recordings of all inbound and outbound calls and copies of electronic communications such as emails or SMS.

We have determined a reasonable retention period to be 6 years after a customer ceases a contractual relationship with us. We believe this is an appropriate period to preserve evidence for tax, regulatory and legal purposes and with one eye on appropriate limitation periods relevant and the necessity to preserve evidence to aid scrutiny.

In instances where we receive an enquiry but a service contract is NOT entered into, we keep personal data for a period of 12 months following last contact.

Telephone Preference Service (TPS)

If you are registered with the telephone preference service (TPS) you understand that by agreeing to the terms of this privacy policy you are giving express consent for Blue Panda Finance to contact you via telephone and SMS (text) for the purpose of progressing your application(s). Further information is available on the ICO website found here.


If you believe we have mistreated your information/data and wish to lodge a complaint you can do it in the following ways: You can register a complaint directly with us by email via complaint@bluepandafinance.co.uk with the email subject header “Complaint”. We will respond to your inquiry within 48 hours. You are also able to raise a complaint directly with us any of the contact methods shown in the Key Contact Details section below.

You can also register a complaint directly with the ICO via their online form, by telephone on 0303 123 1113, or in writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Policy Modifications

We may change this Privacy Policy from time to time especially when new Regulation or better practices become available to us. When we makes changes to this Privacy Policy, the updated version will be posted on this page. We encourage you to visit this page periodically.

Key Contact Details

Should you have any questions regarding your privacy and/or data that are not detailed throughout this Privacy Policy then we provide you with the following details for contact, the Data Protection Officer (DPO), and the Data Controller. The DPO and Data Controller accept liability for the lawful processing of your data and agrees to only use your data lawfully and only collect necessary and non-excessive data. Our Data Protection Officer can be contacted using the details below:

Phone: 0800 000 0000

Email: hello@missoldbrief.co.uk

Post: For the Attention of the DPO, Mis-sold Brief, 70 Hutcheson Street, Second Floor, Glasgow, G1 1SH