My Cookie Preferences
Privacy Statement

Privacy Statement

We take the privacy of our customers seriously and are open about how we handle customer information.

1. Who are we

This website is operated by Link Financial Outsourcing Limited (referred to as “we”, “us” or “our” in this privacy statement). We take privacy seriously and we are open and transparent about how we handle your personal information and about our obligations under applicable data protection laws and regulations, including the General Data Protection Regulation (the “GDPR”) and the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 (including as further amended or modified by the laws of the United Kingdom or a part of the United Kingdom from time to time).

This privacy statement explains the basis on which we will control and process any personal information we collect from you or that you may provide to us through this website or otherwise. We are responsible for any such personal data in our capacity as a data controller or as a data processor, as determined in accordance with applicable data protection legislation.

We have tried to keep this statement as straightforward as possible. However, if you require any further information or clarification then please contact us directly at:

Link Financial Outsourcing Ltd, Brecon House, Caerphilly Business Park, Caerphilly CF83 3GQ

Telephone number: 02920 85 3600

Email address: [email protected]

2. Do we have a Data Protection Officer

Yes, given the nature of our business and the data that we hold we have appointed a Data Protection Officer to help ensure that your rights are protected. You can contact our Data Protection Officer at the following email address: [email protected] or write to the Data Protection Officer at the address listed above.

3. What information do we collect

Personal data means any information capable of identifying an individual. It does not include anonymised data.

Personal Data

We may process the following categories of personal data about you:

  • Customer data – this includes data such as names, title, address, phone number, email address, financial details and circumstances and employment details.
  • Client data – this includes data such as names, title, address, email address for the purposes of carrying out know your client and anti-money laundering checks.
  • Communication data – this includes any communication that you send to us whether that be via email, telephone or any other method.
  • Technical data – this includes data about how you use our website such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details of the number of times you use our website. The source of this data is our analytics tracking system.

We collect and use this personal data in order to provide our services to you. If you do not provide personal data we ask for, it may delay or prevent us from performing our contract with you and providing these services.

We do not carry out automated decision making or any type of automatic profiling.

Special Category Data

We require your explicit consent if we process special category data (e.g health data). Where relevant, we will send you a further communication asking you to confirm your consent for this processing.

4. How do we collect your data

We may collect data about you when you provide the data directly to us (for example, by sending us emails or through other forms of correspondence we have with you such as phone calls).

We may obtain data about you from the previous (or current) owner of your account.

Third parties that we appoint may collect data from you and pass it on to us.

We may automatically collect certain data from you as you use our website through our use of cookies and similar technologies. Please see our cookie policy for more details about this.

We may receive data from third parties such as analytics providers for example, Google, some of which may be based outside the United Kingdom and/or the European Economic Area. Please see section 11 below for further details.

5. What do we do with your information

We may use your information on any of the following lawful grounds:

  1. For the performance of a contract with you; or
  2. For compliance with a legal obligation to which we are subject; or
  3. For the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms.

Our legitimate interests include the following:

  • To conduct our business as an asset manager;
  • To communicate with you;
  • To provide, monitor and improve any service we offer to you;
  • To manage and maintain relationships with you and for ongoing customer service;
  • For record keeping;
  • To generate reports;
  • To monitor and record calls for quality, business analysis, training and related purposes in order to improve any service we offer you;
  • To protect our legal rights and interests including screening for fraud prevention and anti-money laundering purposes;
  • For the establishment, pursuance or defence of complaints, investigations and legal claims;
  • To operate and ensure the security of our website;
  • To maintain back-ups of our website or databases;
  • To analyse your use of our website;
  • To deliver relevant website content;
  • To grow our business;
  • To decide our marketing strategy (to the extent that we market to customers as a result of this, we will rely on our legitimate interests or otherwise obtain consent from customers).
  • To meet our regulatory, legal and/or compliance requirements.

6. Who do we share your information with

The three main credit reference agencies TransUnion, Equifax and Experian ( also called CRAs) each use and share personal data they receive about you that is part of, derived from or used in credit activity and this is explained in more detail in the Credit Reference Agency Information Notice (CRAIN)  available at any of the following: TransUnion (; Equifax (www. and Experian (

We may share your information with our employees, directors, shareholders and to those of our affiliates (and our trading names which include Honours Student Loans, Thesis Servicing and Elmwood Park), financial institutions, the previous or current owner of your loan (or their advisers and third party service providers), investment companies, accountants, lawyers, auditors, insurers, professional advisors, or other third party service providers who provide services to us such as those that assist us with running our business (e.g IT service providers) and asset management companies. We may also disclose information we have a legal or regulatory right or obligation to report. Further, we may share your information with third parties to whom we sell, transfer or merge parts of our business or our assets.

It is our commitment that prior to disclosing any personal information about you to another organisation we have taken all reasonable steps to ensure that that organisation will hold and protect your information with adequate security measures and in accordance with relevant regulation.

7. How do we keep your information safe

We protect your information with appropriate security measures under the laws and regulations that apply to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed without authorisation. We confirm our security measures are subject to regular testing and updated as appropriate to the level of data that we hold.

We have procedures in place to deal with suspected personal data breaches and will notify you and any applicable regulator of a breach if we are legally required to do so.

8. How long do we keep your information for

We will only retain your personal data for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When deciding what the correct time is for which we should keep the data, we look at its amount, nature and sensitivity, the potential risk of harm from unauthorised use or disclosure, the processing purposes, whether these can be achieved by other means and legal requirements.

For tax purposes, in certain circumstances the law requires us to keep information about customers (including Customer, Client, Investor and Communication Data) for six years after they stop being customers.

In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

9. What are your rights regarding your information

You have explicit rights concerning your personal information and we will ensure that your rights are protected while your data is in our possession. Your rights include the following:

  • Right of Access – you may request a copy of all the personal information we hold about you and we will respond within one month. If your request is particularly complex or you have made a number of requests, we may extend this period by a further two calendar months and we shall explain our reasons.
  • Right of Deletion – You may wish to have certain data we hold deleted and we will comply with this right where, for example, it is no longer necessary for us to hold the data or if there is no lawful ground for processing.
  • Right of Rectification – You have a right to request that any incorrect, inaccurate or incomplete data is updated, corrected and/or completed.
  • Right of Restriction – You may wish to restrict us from using your data where, for example, you contest the accuracy of the data.
  • Right to Object – You have a right to object to us using your data where processing is carried out for direct marketing or for our legitimate interest. We will no longer process your data unless we can demonstrate compelling legitimate grounds.
  • Right to Data Portability – You have a right to request we share your data with another organisation and we will assist with that process where possible.

You will not have to pay a fee to access your personal data (or to access any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

Please note that we may ask you to provide us with additional documentation to verify your identity before we action your request. This is to ensure we are dealing with the correct individual and also for Anti-Money Laundering purposes. We will tell you when we ask for your information whether it is a statutory or contractual requirement to give us the information and the consequences of not providing the information.

10. Making a complaint

If you wish to make a complaint then you may do so in person, by telephone, in writing and/or by email. Please note that all complaints are dealt with according to our complaints policy and will be fully logged and investigated.

You can also contact the Information Commissioner’s Office (ICO), which is the UK supervisory authority for data protection issues (

11. General

We will not transfer your data to a country outside of the United Kingdom and/or the European Economic Area unless that country ensures an adequate level of data protection, has appropriate safeguards in place or relies on one of the derogations provided for under applicable law and regulation.

This site may contain links to other sites. We are not responsible for their privacy practices or content nor potential damage, loss or offence caused.

It is very important that the information we hold about you is accurate and up-to-date. Please let us know if at any time your personal information changes by contacting us via the details set out above.

This privacy statement was published in May 2018 and last updated in October 2023. This may be updated by us at any time. When we make any material changes to this statement, we will communicate these to you appropriately.

Link Financial Outsourcing Limited, October 2023