Privacy Policy

1. Who We Are

Visible Legal Marketing Limited ("we", "us", "our") is a claims management company. We are authorised and regulated by the Financial Conduct Authority (FCA No. 835293) for IVA claims management. Our business energy claims service is NOT FCA-regulated.

• Company number: 10263322
• Registered address: 5 Eagle Fold, Hyde, England, SK14 4GU
• Contact: support@visiblelegal.co.uk

Controller: For the purposes of UK data protection law, Visible Legal Marketing Limited is the data controller of your personal data. We do not appoint a mandatory Data Protection Officer, but you can contact our Data Protection Lead at support@visiblelegal.co.uk.

2. Purpose of This Policy

This is our main company privacy policy. It explains how we collect, use, store, and share your personal information across all of our services, including our IVA Claim Checker, Business Energy Claim Checker, Letter of Authority (LOA) processes, document uploads, and general enquiries. For service-specific details, please see:

• IVA Claims (FCA-regulated): IVA Privacy Policy
• Business Energy Claims (unregulated): BEC Privacy Policy

3. The Data We Collect

We may collect:

• Contact details (name, email, phone)
• IVA details (provider, reference number, status, debt level, monthly payment, IVA type)
• Address & residency information (current/previous address, residential status)
• Employment & income details (employment status, job title, salary)
• Supporting documents you upload (e.g., IVA letters, statements)
• LOA status and the signed LOA PDF
• Marketing source and consent preferences
• Interaction logs (e.g., "LOA Sent/View/Signed", "DSAR Sent/Received", and contact events)
• Technical data from essential cookies; analytics cookies only with consent (see Cookies)

4. How We Collect Your Data

Directly from you (our forms, email, SMS/WhatsApp, phone). We also receive updates from our SRA-regulated solicitor partners in relation to your claim and from your IVA provider when fulfilling DSARs you authorise.

5. How We Use Your Data

• Assess your potential IVA mis-selling or business energy claim
• Generate and send your LOA for e-signature
• Provide you a secure link to upload supporting documents (optional)
• For IVA claims (regulated): securely obtain your DSAR from your provider (using your LOA) and share the DSAR pack with our panel solicitors to review and progress your claim
• For business energy claims (unregulated): assess your commercial claim and share your information with specialist commercial solicitors
• Communicate with you about your case via email and, where applicable, SMS/WhatsApp
• Maintain compliance and audit logs
• Improve our services and website (analytics only with consent)

Automated steps: certain steps (e.g., sending the LOA, issuing document-upload links, logging status changes, and routing data to our systems) are automated. We do not carry out automated decision-making that produces legal or similarly significant effects.

Controller roles: We act as the controller for our processing activities. Once your data (including the DSAR pack we secure) is shared with a panel solicitor, that firm acts as an independent controller for its legal services.

6. Lawful Basis

Our primary basis is consent (UK GDPR Art. 6(1)(a)) for claim assessment, contacting you, securing DSARs, and sharing information with solicitors. We may also rely on:

• Legitimate interests (Art. 6(1)(f)) for fraud prevention, security, service improvement, and maintaining audit logs (balanced against your rights)
• Legal obligation (Art. 6(1)(c)) to meet regulatory and record-keeping requirements (applies to FCA-regulated services only)
• Contract (Art. 6(1)(b)) where we enter into an agreement with you (primarily for business energy claims)

Note: FCA regulatory obligations apply only to our IVA claims service. Our business energy claims service is not FCA-regulated and we do not rely on FCA obligations as a lawful basis for that service.

You can withdraw consent at any time by emailing support@visiblelegal.co.uk. Withdrawal does not affect prior processing.

Where you choose to provide information about health or other vulnerability (special-category data), we process it only with your explicit consent (UK GDPR Art. 9(2)(a)) to help ensure appropriate handling of your claim.

7. Sharing Your Data

• Panel solicitors (SRA-regulated): we share your case details and the DSAR pack we secure to review and progress your claim.
• Service providers (processors): we use reputable vendors for secure processing, including:
  • Airtable (case records and interaction logs)
  • eSignatures.io (LOA e-signature and signed LOA PDFs)
  • Dropbox (secure file requests and document storage)
  • Make (automation/orchestration between systems)
  • Email/SMS/WhatsApp providers as needed to contact you
  These providers act under our instructions and we have appropriate data processing agreements in place.
• Regulators or authorities: where required by law (e.g., FCA, ICO).

We do not sell your personal data.

7A. Children

Our services are intended for adults (18+). We do not knowingly collect data from children. If you believe a child has provided personal data to us, please contact us so we can delete it.

8. Retention

• Form-only enquiries without LOA or continued consent: retained for up to 90 days for follow-up and then deleted or anonymised, unless we are required to keep them longer (e.g., to resolve a complaint).
• Active claims (with LOA and DSAR/solicitor referral): retained for up to 6 years after closure to meet regulatory and record-keeping requirements.

We retain cookie consent records for up to 12 months. We review our retention periods regularly and may retain data longer where required by law or to establish, exercise, or defend legal claims.

9. Your Rights

You have rights to access, rectification, erasure, restriction/objection, and data portability. To exercise them or to withdraw consent, email support@visiblelegal.co.uk. We may ask you to verify your identity.

We aim to respond to rights requests within one month of receipt (extendable by two months for complex requests). You are not required to provide personal data, but without certain details (e.g., a signed LOA) we cannot secure a DSAR or progress a claim.

10. Data Security

We use appropriate technical and organisational measures to protect your data against unauthorised access, loss, or misuse (including encryption in transit, access controls, and audit logging).

11. International Transfers

Some service providers may process data outside the UK. Where this occurs, we implement appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) and/or Standard Contractual Clauses, and rely on adequacy regulations where available.

12. Cookies

We use essential cookies to operate the site. We may also use analytics and marketing cookies (e.g., GA4/Meta) only with your consent. You can manage preferences via our cookie banner. See our Cookie Policy for details.

Analytics and marketing technologies are not loaded until you consent, and you can change your choice at any time via "Change cookie settings".

13. Communications Preferences

We may contact you about your claim via email and, where you provide a number and consent, via SMS/WhatsApp. You can opt out at any time by replying STOP (for SMS/WhatsApp) or using the unsubscribe option in emails, or by contacting us.

14. Complaints

If you're unhappy with how we handle your data, please contact us first at support@visiblelegal.co.uk. You can also complain to the Information Commissioner's Office (ICO) at ico.org.uk.