Consumer privacy notice

The Financial Ombudsman Service is a free and easy-to-use service that settles complaints between complainants and businesses that provide financial services. We resolve disputes fairly and impartially and have the power to put things right. The Financial Ombudsman Service is the data controller for any personal information that we process unless we state otherwise.

Our powers are set out in Part XVI and Schedule 17 of the Financial Services and Markets Act 2000. We decide complaints based on what is fair and reasonable in all the circumstances of the case – taking into account relevant law, codes and good practice that applied at the time of the event. We follow the rules in the Financial Conduct Authority's (FCA) handbook, although we’re operationally independent of the regulator.

We use your personal information to investigate and resolve individual complaints and prevent unfairness. We also analyse complaints data to make our services and processes more effective for you and others. More detail is set out in the ‘Why we process your personal information’ section.

You can contact us at:

• Letter: Financial Ombudsman Service, Exchange Tower, London, E14 9SR
• Email: [email protected]
• Website: www.financial-ombudsman.org.uk
• Phone: 0300 123 9 123 or 0800 023 4 567

Personal data means information that is about an individual or that can identify them in some way. In this notice we refer to this as personal information.

The amount and type of personal information we process varies depending on the individual circumstances of the complaint and why we are processing personal information, it could include:

• Name and contact details
• Date of birth
• Complaint details
• Financial details
• Family matters

Some personal information requires higher levels of protection – data protection law refers to this as ‘special category data’. This could include information about your health conditions, ethnic origin, disabilities, or accessibility needs. We may also process sensitive information about criminal convictions.

We will only ask for information to be shared with us if it is for one of the purposes below – usually this will be because we consider it relevant to your complaint or if it will help us to resolve your complaint.

We have a range of channels that you can use to get in contact with us. Generally, we collect personal information either from you directly or from the financial business the complaint is against. But sometimes, where it is necessary for resolving a complaint or fulfilling our legal functions, we may also gather information from other individuals or organisations such as a loss adjuster hired by an insurance company, a medical expert, or a credit reference agency. When investigating a complaint, information from other individuals or organisations may also be held on the file. This may include the names and contact details of individuals working at the financial business, details of experts or witnesses, or details of family members or individuals impacted by the event.

If someone is bringing a claim on behalf of the complainant, then we will likely receive information from the representative, and we’ll need to process some details about the representative to liaise with them about the complaint.

We only use your personal information where we have a lawful basis for it. This will generally be where we process information for a task in the public interest or for our official functions, and the task or function has a clear basis in law. This is called the 'public task' basis.

Investigating and resolving complaints and queries

We collect and process your personal information to investigate and resolve complaints brought to our service and to respond to your queries and redirect you to the correct parties if that is necessary.

Preventing complaints and unfairness

We may use information about complaints we receive to spot any wider issues or trends or to inform our discussions with industry, consumer groups, regulators and other stakeholders so we are able to take a take a more robust and proactive approach to preventing complaints and unfairness arising. For example, we may review a group of similar complaints to check whether a product has been sold unfairly to consumers on a wider scale and what the cause might be. We’ll look to anonymise the information before sharing it with others.

Improving the effectiveness of our service and processes

We may use information about your complaint to review and improve the effectiveness of our service, for example, through quality assurance checks. We may also use the information to inform our internal training or as examples of the type of complaints we see. We’ll anonymise the information before sharing it with colleagues.

We record and monitor incoming and outgoing telephone calls between customers and our casework teams. Recordings are used to protect the interests of those participating in the call and provide us with useful information or evidence that supports your complaint. Recordings may also be used for staff training exercises and to improve the quality of our services. We may also use automated tools to analyse patterns in our customer calls.

We use technology to help us progress complaints and to improve our casework processes. For example, this may include using automation to route complaints, or gauge the urgency – as well as to support our quality assurance. This helps us better understand our casework, to support both our operational planning and our complaints prevention.

Getting feedback on our service

We conduct regular surveys to understand your views on the service we have provided to you. We will automatically add you to our survey participant list. However, you can let us know at any time if you do not want us to contact you for our surveys. Please tell your Investigator if you wish to do this or contact us.

Meeting your needs and making adjustments

We’ll record your specific needs and any adjustments you may require. This will include key details such as a brief description of why it is required. Relevant staff can access this to improve the level of service that we provide and ensure they and any relevant third parties can understand and adapt to your needs and communicate with you in the required way.

Working with the regulator and other bodies

We work with other public bodies when it helps us to carry out our responsibilities, such as resolving complaints quickly and informally or sharing insights about the complaints we see and the customers and businesses we help.  

This may include the Financial Conduct Authority (FCA), the Financial Services Compensation Scheme (FSCS), the Pensions Regulator (TPR), the Money & Pensions Service and other ombudsman schemes – although we’re independent in the way we investigate and decide cases.

Dealing with contact you may make with us through social media

You can contact us to make an enquiry through Twitter or Facebook. We have no influence on the scope of data that is collected by these social networks through their sites. You can check the data use policies of the social networks for information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy. We may retain some information provided by you through social networks and attach it to your complaint file if it is relevant to your complaint.

Complying with a legal duty

There will be times when we are under a legal duty to process information. This includes, but is not limited to, disclosure under a court order, sharing with the police for the prevention or detection of crime, where there is an overriding public interest to prevent abuse or serious harm to others or responding to a Freedom of Information request.

Publishing final decisions

 We have a legal obligation to publish final decisions made by our ombudsmen. These are published on our website. We remove the name of the person making the complaint as well as any other personal information that would be likely to identify them.

Sharing information with financial businesses

When an enquiry is brought to us, we need to contact the financial business and make them aware that an enquiry has been received and ask them what has happened so far. The personal details of the complainant and details of the complaint are shared during this initial process.

In order to investigate a complaint, we need to share information with both parties of the complaint to get both sides of the story. Sometimes, depending on the nature of the complaint, we may also need to share relevant information with other individuals or organisations. For example: we may share with another financial business, medical experts or credit reference agencies.

Sharing information with the regulator and other relevant bodies

Sometimes we may need to share information with other public bodies when it helps them or us to further their or our objectives and carry out our responsibilities, such as resolving complaints quickly and informally. We’ll always satisfy ourselves that we have a lawful basis on which to share the information and document our decision making. For example, we share information with the FCA so that we can work effectively and share any trends and common problems we see that could inform future regulation.  We may also have a legal obligation to share information with the FCA in certain circumstances. We may also need to transfer your information to the FSCS if the firm you’ve used has gone out of business and can’t pay your claim.

Sharing information with other individuals or organisations

We will not share your personal information with anyone for the purposes of their direct marketing.  We will not sell your information.

If you ask your elected representative to get in touch with us, we may share information with them to assist in resolving the matter you have asked them to raise.

We do use data processors who are suppliers that process personal information on our behalf or who provide services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it only for the period we instruct.

The Independent Assessor

The Independent Assessor is appointed by the Board and is an employee of the Financial Ombudsman Service. The Independent Assessor is independent and separate to the casework function. If you have a complaint about the standard of service provided by us during the handling of your case and we’ve not been able to resolve this, you can ask the Independent Assessor to consider this complaint. We will pass on relevant details to the Independent Assessor so that they can consider and respond to your service complaint in line with their terms of reference. 

The law on data protection sets out a number of different reasons for which an organisation may collect and process your personal data – these are called lawful bases. We’ll only use your information if there’s a lawful basis for it. This could include situations where we have to use or share your information:

• For us to carry out a task in the public interest or for our official functions, and the task or function has a clear basis in law, called ‘public task’ – for example to resolve your complaint.
• To carry out processing where there’s a legitimate purpose to do so, called ‘legitimate interests’ – for example, where we need to process data for a legitimate reason outside the scope of our tasks as a public authority.
• To follow the law, called ‘legal obligation’ – for example, if a court orders us to share information.

If the information you provide us in relation to your enquiry contains special category data, such as health or ethnic origin, we need to also rely on another specific legal reason as well. We’ll generally rely on the fact that our use is necessary for reasons of substantial public interest and we’ll have an appropriate policy document to cover our use of the information, where this is required.

We design, build, and run our systems to make sure that your personal information is as safe as possible at all stages, both while it’s being processed and when it’s stored.  We store your personal information in the UK or the European Union (EU).  Our technical support teams in India may process your information to provide technical advice and assistance.

Where we allow access to your information from countries outside the UK, we ensure that necessary safeguarding and protections are in place as set out by data protection law and guidance issued by the Information Commissioners Office, such as checking the applicable adequacy regulations and implementing robust contractual and security safeguards with third parties.

We know that data security is important to us all. When we receive personal information, we take steps to ensure that it is stored securely, both physically and electronically, in accordance with the internal policies that we have in place for the effective and secure processing of your personal information.

We will keep your case file for 6 years after your case closes (or 3 years if we did not go on to fully investigate your case or if we transferred your case to another organisation). Paper documents sent by post are destroyed 6 months after the date they are scanned into our system.

We also have procedures in place to deal with any suspected personal data breach and will notify the data subject and any applicable regulator of a breach where we are legally required to do so.

Our retention schedule sets out how long we hold all information, including any personal information used for each of the areas mentioned in this privacy notice.

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. Details of each of these rights are set out on our privacy notice.

Please first let the person looking after your complaint (or their manager) know so they can look into your concerns. You can also contact our Data Protection Officer at:

[email protected]. Details of how to raise a complaint are available on our privacy notice.

We hope we’ll be able to resolve your concerns, but if you still remain unhappy with our final response, you can contact the Information Commissioner’s Office at [email protected] or 0303 123 1113.

We may change this privacy policy. In that case, the ‘last updated’ date at the bottom of this page will also change along with a note on the reason for the change. Any changes to this privacy policy will apply to you and your personal information immediately.

June 2023 – updated the Information Commissioner’s Office contact details.