Fullbrook Associates Limited Data Privacy Notice
Fullbrook Associates Limited values its clients and is committed to protecting and respecting your privacy. This Data Privacy Notice explains how we process and protect any personal data we collect or receive about you. This Data Privacy Notice applies to personal data provided by clients and referrers. Please read this Data Privacy Notice carefully to understand our practices regarding personal data.
We seek to comply with the EU General Data Protection Regulations May 2018.
We seek to comply with principles of "data minimisation". This means we try to ensure that we avoid collecting or processing data other than the types and volume of personal data required to achieve the purposes set out in this Data Privacy Notice.
Who we are
Fullbrook Associates Limited are a legal Services Business, who specialise in representing clients with contractual disputes with holiday ownership.
We represent our clients in exiting unfair contracts and assist them in making consumer credit claims.
Your personal data has either been, or will be collected by, or transferred to, Fullbrook Associates Limited and is kept in our office. Our nominated Data Protection Officer is Stephanie Connor who can be contacted via post at the below address. We aim to respond to all correspondence within one calendar month.
The Data Protection Officer
Fullbrook Associates Limited
Stirling Business Centre
Stirling
FK8 2DZ
Email: stephanie@fullbrookassociates.com
Our Data Protection Officer will handle any questions you may have on the use of your personal data and your rights as a data subject. This is covered in further detail under Your Data Subject Rights.
Types of personal data we hold
We capture and process a variety of different types of personal data depending on the nature of the services involved.
This includes but is not limited to:

Sometimes we may need to process special categories of personal data. These are certain types of personal data which require additional privacy protection. The special categories are:
- Health data
Personal data and special category data may be required to allow us to provide comprehensive contractual advice and to progress your relinquishment claim.
Why we use your personal data
We collect your personal data to help us with advising on and negotiating your relinquishment claims and/or your consumer credit claims. Specifically:
- Advising on the contractual basis for your relinquishment claim including:
- Perusing and considering your signed purchase agreements
- Understanding your requirements and instructions
- Providing comprehensive and appropriate legal advice regarding your contract
- Contacting you to offer additional relevant services to your relinquishment
- Negotiating your claim, including:
- Writing to you and your timeshare provider
- Providing and improving client services as appropriate
- Maintaining contact with you, for issues relating to your timeshare and general customer contact
- Advising on the contractual basis for your consumer credit claim including:
- Perusing and considering your signed purchase agreements and loan agreements
- Understanding your requirements and instructions
- Providing comprehensive and appropriate legal advice regarding your consumer credit claim
- Contacting you to offer additional relevant services to your consumer credit claim
- Further reasons, including:
- Any sale or transfer of your file to another company due to restructuring
- To allow us to perform the essential practice and process of negotiation of claims
- Analysing our clients and the services we provide
- To ensure we comply with any legal or regulatory obligations
- The testing of our systems and processes where imitation data is unavailable. Testing which uses personal data will only by carried out in limited circumstances and only when appropriate safeguards and controls have been put in place
Our legal bases for processing your personal data
We process personal data where necessary in order to:
- Engage with you when you or someone acting on your behalf asks us for an update;
- Satisfy our obligations under a contract with a client;
- Comply with a legal obligation as a member of a regulated profession;
- Process data as may be required in the public interest, such as detecting and preventing fraud;
- Pursue our legitimate interests in providing clients and customers with legal services.
We process special category data when you provide consent or when we need to:
- Advise and negotiate a claim;
- Protect, investigate, and defend legal claims;
- Process data for reasons of substantial public interest.
Who we share personal data with
To allow us to meet our obligations and effectively provide our services to you, it may be necessary to pass your personal data onto external parties. These external parties may include:
- Banks, building societies, finance houses, and other credit providers
- Claims handlers
- Timeshare Companies
- Lawyers and Solicitors
- External parties involved in the claim
- External parties involved in the investigation, defence or prosecution of claims
- The Financial Conduct Authority, The Financial Ombudsman Service, The Information Commissioner’s Office and other regulators as required by law
- Our suppliers and sub-contractors for the performance of any contract we have with them
Your data will be shared securely, and only when absolutely necessary. It will never be sold on to external parties or organisations for marketing purposes.
We only share data with external parties following receipt of a duly signed and dated mandate authorising us to do the same.
International data transfers
We will never transfer or share your data outside the European Economic Area.
Ongoing storage and use of your personal data
We will not keep personal data for longer than necessary for the purpose for which it is processed. It will be retained in accordance with the Law Society of Scotland File Destruction Guidance. Laws and regulations require us to keep records for specific periods of time. We may also need to keep records in order to fulfil our contractual or statutory obligations or to resolve queries or disputes which may arise in the future.
We will store your personal data based upon the following criteria:
- Whether the personal data is actively required for the purposes stated in this Data Privacy Notice
- Whether there is a legal or regulatory reason to continue to retain the personal data
Your data subject rights
Under Data Protection regulation you have the right to:
- Obtain a copy of your personal data held by Fullbrook Associates Limited
- Have any incorrect personal data updated
- Request the erasure of any of your personal data
- Restrict the use of your personal data
- Object to the use of your personal data
- Request the personal data you provided to Fullbrook Associates Limited to be moved to another organisation
If you wish to exercise any of these rights please write to the below address stating your request and contact details. In order for Fullbrook Associates Limited to respond to your requests effectively and efficiently, please provide any further information you feel is necessary.
The Data Protection Officer
Fullbrook Associates Limited
Stirling Business Centre
Stirling
FK8 2DZ
If you contact us regarding the exercise of these rights, we will seek to implement your wishes. In some cases (particularly where the request relates to the restriction of use of personal data or the objecting to the use of personal data) there may be reasons why we are not able to fully comply with your request, particularly where we are required to keep and use that data to comply with legal or regulatory requirements. We aim to respond without undue delay but within one calendar month.
Data Breaches
Pursuant to EU GDPR, we have a Data Breach Policy and Register in relation to any breaches relating to your personal Data.
Where a breach occurs, a full investigation must be undertaken by Fullbrook Associates Limited. If it is determined that the same creates a high risk to the rights and freedoms of you i.e. it may impact on your physical wellbeing, property and finances or reputation, you will be informed of the same within 72 hours of us becoming aware of the breach.
Complaints
Fullbrook Associates Limited is committed to providing high quality legal services. If you feel that we have not met your expectations, we'd like to know so we can put things right for you. You can submit a complaint by email to our Managing Director at kate@fullbrookassociates.com or via post at the below address:
Complaints
Fullbrook Associates Limited
Stirling Business Centre
Stirling
FK8 2DZ
We would expect that any complaint can best be dealt with by contacting us in the first instance, and we will take complaints made to us seriously. Further information can be sought from out Managing Director re our complaints policy. However, if you wish to complain about our use of your personal data, and do not wish to contact us first, you also have the right to complain directly to the supervisory authority at ico.org.uk.
Where we might collect your personal data from
We might collect your personal data from various sources including:
- You;
- Your representative;
- Your referral company;
- Your bank, building society, finance house or other credit provider;
- Your timeshare company;
Which of the above sources apply, will depend on your particular circumstances.
Automated decision making
We do not use automated decision making.
Telephone recording
In line with our registration and regulation by the Financial Conduct Authority, and in order to maintain high standards as well as to protect the public and staff, all telephone calls made to Fullbrook Associates Limited are recorded and retained. Under normal circumstances a call will not be retrieved, monitored or retained for longer than twelve months unless:
- it is necessary to investigate a complaint
- it is part of a management 'spot check' that customer service standards are being met. NB. Recordings used for quality monitoring purposes will be retained for 12 months
- there is a threat to the health and safety of staff or visitors or for the prevention or detection of crime
- it is necessary to check compliance with regulatory procedures
- it will aid standards in call handling through use in training and coaching our staff. However, this will only be permitted if the recording is edited so that the caller remains anonymous and the member of staff who was party to the call agrees to its being used in this way.
- If it becomes clear that a communication is private or the person making the call says that they do not wish to have their call recorded, the call recording will be stopped.
We shall ensure that the use of these recordings is fair and that we comply with the requirements of the relevant legislation. This includes:
- The Regulation of Investigatory Powers Act 2000
- The Telecommunications (Lawful Business Practice) (Interception of Communications Regulations) 2000
- The Telecommunications (Data Protection and Privacy) Regulations 1999
- The General Data Protection Regulation 2018
- The Data Protection Act 2018
- The Human Rights Act 1998
Collecting information
Personal data collected in the course of recording activities will be processed fairly and lawfully in accordance with data protection law. It will be:
- adequate, relevant and not excessive
- used for the purpose(s) stated in this policy only and not used for any other purposes
- accessible only to managerial staff after securing permission from the Head of Secretariat
- treated confidentially
- stored securely
- not kept for longer than necessary and will be securely destroyed once the issue(s) in question have been resolved.
Advising callers that calls are being monitored/recorded
Where call recording facilities are used, we will inform the caller that their call is being monitored/recorded for quality/training purposes so that they have the opportunity to consent by continuing with the call or hanging up.