Consumer privacy notice

We collect and process your personal information to:

• investigate and resolve complaints brought to our service, and
• respond to your queries and redirect you to the correct parties where necessary.

We may use information about complaints we receive to:

• spot any wider issues or trends, and
• inform our discussions with industry, consumer groups, regulators and other stakeholders.

This allows us to take a take a more robust and proactive approach to preventing complaints and unfairness.

For example, we may review a group of similar complaints to check whether a product has been sold unfairly to consumers on a wide scale and what the cause might be. We’ll anonymise the information before sharing it with third parties.

We may use your personal data to perform statistical and analytical analysis. When we do this, we use appropriate ‘privacy enhancing technologies’ (PETs) – where proportionate and reasonable – to protect your privacy.

We may use artificial intelligence (AI) and other technologies to assist with statistical and analytical analysis.

We may use information about your complaint to review and improve the effectiveness of our service, for example, through quality assurance checks.

We may also use the information to guide our internal training or as examples of the type of complaints we see. We’ll use ’privacy enhancing technologies’ (PETs) – where appropriate and proportionate – before sharing it with colleagues.

We record and monitor incoming and outgoing telephone calls between customers and our casework teams. Recordings are used to protect the interests of those participating in the call and provide us with useful information or evidence that supports your complaint.

We may userecordings and the monitoring of live calls for staff training exercises and to improve the quality of our services. We may also use automated tools – including AI – to analyse patterns and behaviours in our customer calls.

We use technology, including AI, to help us:

• progress complaints
• improve casework processes
• plan operations
• prevent complaints arising
• route, or gauge, the urgency of complaints
• support our quality assurance
• analyse patterns and behaviours in our customer calls
• transcribe recordings
• help our casework teams investigate a complaint – for example, by automatically labelling documents, summarising key information and suggesting key considerations.

See our AI principles

As part of this, we may use your personal information – while we’re investigating your complaint, or after it’s been resolved – to improve the complaints process.

When we do this, we use appropriate ‘privacy enhancing technologies’ (PETs) – where proportionate and reasonable – to protect your privacy.

Your data will be safeguarded within our network. We’ll never sell your data to third parties. And third parties will not be able to use your data for their own purposes.

If you’re concerned about how your data is being used – or would like to object to this type of processing – contact us or see Your rights in our main privacy notice.

We conduct regular surveys to understand your views on the service we’ve given you. We will automatically add you to our survey participant list.

However, if you do not want us to contact you for our surveys, you can let us know at any time. Please tell your investigator or email us at [email protected].

We’ll record your specific needs and any adjustments you may require. This will include key details such as a brief description of why it is required.

Relevant staff can access this to:

• improve the service we provide, and
• ensure they – and any relevant third parties – understand and adapt to your needs and communicate with you in the you require.

We may collect and process demographic information  to:

• comply with our public sector duty, and
• measure and test for bias in both human and automated systems.

We work with other public bodies when it helps us to carry out our responsibilities, such as resolving complaints quickly and informally or sharing insights about the complaints we see and the customers and businesses we help.  

This may include the Financial Conduct Authority (FCA), the Financial Services Compensation Scheme (FSCS), the Pensions Regulator (TPR), the Money & Pensions Service and other ombudsman schemes – although we’re independent in the way we investigate and decide cases.

You can contact us to make an enquiry through Twitter or Facebook. But we have no influence on the scope of data that is collected by these social networks through their sites. You can check their data use policies for information on:

• the purpose and extent of the data they collect
• how this data is processed and used
• the rights available to you, and
• the settings that you can use to protect your privacy.

We may retain some of the information you provide through social networks and attach it to your complaint file if it is relevant to your complaint.

There will be times when we are under a legal duty to process information. This includes, but is not limited to:

• disclosure under a court order
• sharing with the police for the prevention or detection of crime
• where there is an overriding public interest to prevent abuse or serious harm to others, or
• responding to a freedom of information request.

We have a legal obligation to publish final decisions made by our ombudsmen. These are published on our website.

We remove the name of the person making the complaint as well as any other personal information that would be likely to identify them.

When an enquiry is brought to us, we need to contact the financial business and make them aware that an enquiry has been received and ask them what has happened so far. The personal details of the complainant and details of the complaint are shared during this initial process.

To investigate a complaint, we need to share information with both parties of the complaint to get both sides of the story. Sometimes, depending on the nature of the complaint, we may also need to share relevant information with other individuals or organisations. For example: we may share with another financial business, medical experts or credit reference agencies.

Sometimes we may need to share information with other public bodies when it helps them or us to further their or our objectives and carry out our responsibilities, such as resolving complaints quickly and informally.

We’ll always satisfy ourselves that we have a lawful basis on which to share the information and document our decision making. For example, we share information with the FCA so that we can work effectively and share any trends and common problems we see that could inform future regulation.

We may also have a legal obligation to share information with the FCA in certain circumstances. We may also need to transfer your information to the FSCS if the firm you’ve used has gone out of business and can’t pay your claim.

We will not share your personal information with anyone for the purposes of their direct marketing.  We will not sell your information.

If you ask your elected representative to get in touch with us, we may share information with them to assist in resolving the matter you have asked them to raise.

We use data processors to provide services and process personal information for us.

To fulfil a contract and carry out work, they’ll often need access to your data rather than anonymised or ‘obfuscated’ data – that is, data that has been changed to protect sensitive information.

Their contracts ensure they cannot do anything with this information unless we instruct them to. They won’t share your personal information with any organisation apart from us or a ‘sub-processor’ – that is, a third-party data processor that they use.

They’ll hold your data securely and retain it only for the period we instruct.

The Independent Assessor is appointed by the Board and is an employee of the Financial Ombudsman Service. The Independent Assessor is independent and separate to the casework function.

If you have a complaint about the standard of service provided by us during the handling of your case and we’ve not been able to resolve this, you can ask the Independent Assessor to consider this complaint.

We will pass on relevant details to the Independent Assessor so that they can consider and respond to your service complaint in line with their terms of reference. 

We will only keep your personal information for as long as is necessary to complete the purpose(s) we collected it for. This includes satisfying any legal, accounting, or reporting requirements.

To decide the appropriate retention period for any personal information, we consider a variety of factors. These include what our service's operational needs are as well as the amount, nature, and the sensitivity of the personal information. It also includes the purpose(s) for which we process your personal information and whether we can achieve those purposes through other means – plus any other applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can't be associated with you. In this case, we can use the information without further notice to you.

 Our current retention periods are:

Any documents sent by post are scanned into our electronic system. Paper documents that are original documents, e.g. birth or death certificate, will be returned to the complainant once scanned in.

There may be rare occasions where we need to keep your information for longer than the time periods set out above. This is in order for us to effectively resolve issues or activities surrounding your case or a group of cases, but these will be rare.