Privacy Policy

MDF Recovery

About Us

MDF Recovery Ltd (“the Company”, “we”, “us” and “our””) is registered in England, company number 06999022. Its registered office is at 36 Castle St, Beaumaris, Gwynedd, LL58 8BB. The Company is registered with the Information Commissioner’s Office under reference ZA550184.


You may browse this website without providing any personal information whatsoever. We use tracking software to monitor visitor traffic patterns and site usage, and to help us develop the design and layout of the site. This software does not enable us to capture any personally identifying information.
We use cookies to analyse advertising effectiveness and manage browsing patterns within the site. These cookies are deleted when the browser is closed. Cookies are anonymous, i.e. they contain no personal information. Most browsers allow you to turn off the cookie function. You can find out more on how cookies work at

Privacy Notice

We are committed to protecting your privacy. This notice sets out the personal information that we may collect or obtain about you and how we treat that information.
For the purposes of applicable data protection legislation, we are a data controller in respect of the information that we collect or obtain about you. This is because the Company is the person who (either acting alone or jointly with others) determines why and how your personal information is processed.

The information we process about you

Your personal information will be collected or obtained by us whether we deal with you as an individual or on behalf of a company. Broadly, personal information (or ‘personal data’) is any information that can identify you as an individual. We may process many different types of personal information (for example, your name, address and date of birth). Note that if you provide us with documents that contain, or otherwise volunteer to us, data that constitutes a special category of personal information, then you will be regarded as giving your explicit consent to us processing that data as described in this privacy notice.

Why we process your personal information

We process your personal information for a variety of reasons, upon different legal bases, depending on the reason for which we have collected or obtained your personal information. The main types of processing that we carry out and the legal basis for doing so are as follows:

  • We process your personal information to manage our business operations, for example, our internal governance functions, which will include monitoring communications and activities in relation to your affairs.
  • We have legitimate interests in doing so (i.e. it is necessary for our business and compliance purposes) and we may also have legal obligations to fulfil.
  • If we are dealing with a request you have made in order to exercise your legal and regulatory rights (including those referred to in the ‘Your rights regarding your personal data’) below, this will be done in order to fulfil our legal obligation to respond to you.
  • We process your personal information for marketing purposes. This is necessary in order to fulfil our legitimate interests of providing you with information about products and services that you may be interested in.

Any consent that you give us will be as easy to withdraw as it was to give. Withdrawing your consent does not affect the lawfulness of any processing which occurred prior to the withdrawal of consent. If you do this, and if there is no alternative legal basis upon which we may process your personal information for a particular purpose, then this may affect what we can do for you.

Who your personal information may be shared with

We may share your personal information with the following third parties:

  • Legal and regulatory bodies, such as the Information Commissioner’s Office (ICO), our professional advisors and/or the courts when it is necessary for our legitimate interests and/or when we have a legal obligation to do so.
  • Organisations that provide us with business support services. For example, account service and administration companies, back-up and server hosting, IT software and maintenance and platforms, document storage and management services, receivers, repossession agents, recoveries agents and property valuers. This processing is undertaken as it is necessary for the performance of our agreement with you and is necessary for our legitimate interests (i.e. for our commercial operations or with respect to your treatment).
  • Market research organisations who we engage to assist us in developing and improving our products and services. This type of processing is necessary for our legitimate interests (e.g. for our commercial operations).

As mentioned above, if you voluntarily provide us with special categories of your personal information, this will be regarded as constituting your explicit consent to us processing such information. This includes us sharing that information with third parties as necessary.

How we collect and obtain your personal information

We may collect your personal information directly from you a number of ways, including:

    • when you provide it by telephone, on-line, via social media or by any other method of communication, for example, on “contact us” forms, or when you provide it through the course of our relationship, for example, if you inform us of a change in your circumstances; and
  • technical information, including the Internet Protocol (IP) address used to connect to the internet, may be collected from you when you visit our website.

We may obtain your personal information from third parties and they should have provided you with their own privacy notice in order to tell you (whether online or in person) how they may process your personal information. They should have also told you that your personal information is being shared with us for the purposes and uses set out in this privacy notice. If the third party did not tell you this, then you should let us know immediately by contacting our Data Protection Officer using the contact information set-out in the ‘Introduction’ section of this privacy notice.

International transfers of your personal information

Your personal information may be transferred outside the UK and the European Economic Area (EEA). Should we transfer your personal information to any other territories or countries outside the EEA we will take such steps as are necessary to ensure appropriate safeguards apply to maintain the same levels of protection as are needed under data protection laws in the UK. If we do so you may contact us to obtain a copy of the applicable safeguards.
We store data online using Dropbox, Microsoft and other software applications. All of these providers comply with GDPR regulations, including certification under the EU-US Privacy Shield Framework.

Your rights regarding your personal data

You have the right to request a copy of the personal data we hold about you. If you would like a copy, please contact us using the details below. We may make a small charge for this service. You may ask us to correct or remove personal data you think is inaccurate.
You have the following rights in relation to your personal information: (i) the right to be informed about how your personal information is being used; (ii) the right to access the personal information we hold about you; (iii) the right to opt-out of receiving direct marketing messages; (iv) the right to request the correction of inaccurate personal information we hold about you; (v) the right to request the blocking or deletion of your personal information where the processing does not comply with applicable data protection laws and; (vi) the right to request that we port elements of your data either to you or another service provider.

Third party websites

Our website may contain links to third-party sites not operated by the Company, such as Facebook or Twitter. These websites are not under our control and, as such, we are not responsible for the content of them or for their privacy practices. If you choose to use any linked third-party website, any personal data collected by that site will be controlled by the privacy notice of that third party.

How long your personal information will be stored for

We only keep your personal information for as long as it is necessary to fulfil the purposes for which it is processed (as described above).
In accordance with our retention policy, we will retain your personal information for a minimum of two years from the end of our business relationship with you. Our business relationship will be deemed to be at an end on the date upon which your contract with us ceases. We will retain your personal information and continue to communicate with you whilst you are a possible customer for our services, but you can notify us at any time if you wish us to cease communications and remove your personal information from our records.
Please note that if your personal information is shared with third parties (as detailed above) they may have different retention policies.

Keeping your information accurate

We strive to ensure that your personal information is kept up to date and accurate. If any of the personal information you have given to us or third parties changes, such as your contact details, please promptly inform us in accordance with the terms and conditions of your agreement with us.
You will be required to provide us with any changes to your personal information under the agreement you enter into with us. If you fail to do so this will put you in breach of your agreement.

How we monitor your communications

Subject to applicable laws, we may monitor and record calls, emails, text messages, social media messages and other communications. We will do this for the purposes of complying with applicable laws and regulations and our own internal policies and procedures, to prevent or detect crime, to protect the security of our communications systems and procedures and for quality control and staff training purposes.

What to do if you have concerns or want to make a complaint

If you have any concerns regarding our use of your personal information please notify our Data Protection Officer as soon as possible using the contact information set-out below. If we cannot resolve a complaint to your satisfaction you can contact the ICO at or by telephoning 0303 123 113 if the complaint relates to the way your personal information has been handled.

Changes to our Privacy Notice

This Privacy Notice may be updated periodically at the Company’s discretion to reflect changes in our privacy practices or relevant laws. We will make any changes to this Privacy Notice by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This Privacy Notice was last updated on 19 Sept 2019.

How to contact us

If you have any questions in relation to the processing of your personal data, you should:

  • Email us at, or
  • Telephone us on 01625 611706, or
  • Write to The Data Protection Officer, MDF Recovery Ltd, 36 Castle St, Beaumaris, Gwynedd, LL58 8BB