Privacy Notice


This document describes how Mars Acquisition Limited and all of its subsidiaries in both the Republic of Ireland (Ireland) and United Kingdom (UK) (‘we, us, our, Mars Capital’) use and share personal data (also called ‘Account data’) they receive from you or other sources. This fully replaces all previous Fair Processing Notices.


Mars Capital is a credit servicing company which acquires and administers mortgages from lending institutions and other organisations.

We operate as the regulated entity in the UK and Ireland. All accounts serviced by us are operated by the below two companies under this Privacy Notice:

  • Mars Capital Finance Limited
  • Mars Capital Finance Ireland Designated Activity Company



Customer and Account Information Accuracy

We maintain information, including personal data, for the purposes of managing accounts where we are the owner or on behalf of that owner. This could include activities designed to support:

  • Making the utmost effort to ensure our customer and account information is accurate. This involves regular data quality reporting, investigating data inaccuracies and making corrections should they arise;
    • Arrears Management;
    • Processing statutory documents, including Statements, Notice of Sums in Arrears and Notices of Default.

Tracing and debt recovery

We may use data from Credit Reference Agencies (CRAs) and other 3rd party data providers to trace people who are not responding using known contact details.

An example of a tracing activity could be when a customer moves home without informing us of their new address. We may then use the data we obtain from 3rd party data providers to identify the customer’s new address and contact details.

Credit reporting

We report the status of the accounts we own and any customer confirmed changes to contact details to the CRAs in the UK. The CRAs combine this data with that from other lenders to build a credit profile of an individual which in turn may be used to help inform future lending decisions.

An example would be where a customer redeems their account with us. This information would be reported back to the CRAs which may be used by other lenders to assess an individual’s creditworthiness.

In Ireland we submit personal and credit information for the accounts we service to the Central Credit Register (CCR).

Statistical analysis, analytics and profiling

We will use and allow the use of personal data for statistical analysis and analytics purposes. Personal data can be used to create scorecards, models and variables in connection with the assessment of credit, fraud, risk or to verify identities. It can also be used to monitor and predict market trends, to allow use by Mars Capital for refining recovery and trace strategies, and for analysis such as loss and revenue forecasting.

Database activities

We carry out certain processing activities internally which support databases effectiveness and efficiencies. For example:

  • Data loading: this is where data is supplied to us and is checked for integrity, validity, consistency, quality and age to help make sure it is fit for purpose. These checks pick up things like irregular dates of birth, names, addresses, account start and default dates, and gaps in status history.
  • Data matching: this is where data supplied to us is matched to existing databases to help make sure it’s assigned to the right person, even when there are discrepancies e.g. spelling mistakes or different versions of a person’s name. We use the personal data people give lenders together with data from other sources to create and confirm identities, which they use to underpin the services they provide.
  • Data linking: this is where we compile data into its databases and we create links between different pieces of data. For example, people who appear financially associated with each other may be linked together and addresses where someone has previously lived can be linked to each other and to that person’s current address.
  • Systems and product testing: this is where data is used to help support the development and testing of new products and technologies.

Uses as required by or permitted by law

Your personal data will also be used for other purposes where required by law, such as where we are obliged to provide data to the law enforcement community at their request.


We use the following grounds for handling personal data:

  • Legitimate interests;
  • Compliance with a legal obligation;
  • Fulfilment of a contract.

Our primary grounds for handling data are the legitimate interests of our business, supplemented by both the compliance with our legal obligation to manage customers’ accounts and fulfil the terms of such contracts.

Data protection laws allow the use of personal data where the organisations legitimate interests aren’t outweighed by the interests, fundamental rights or freedoms of data subjects (customers). The law calls this the ’Legitimate Interests’ condition for personal data processing. The below outlines the activities we undertake in relation to your data, the appropriate legal grounds for processing as well as an explanation of what our legitimate interests are when this is our reason for processing.


Reason(s) for Processing


Managing your account

  • Legitimate interests
  • Compliance with a legal obligation

We have an obligation to appropriately manage your account in line with any loan arrangement/mortgage contract, and with respect to our duty to our regulators.

Recovery of funds owed

  • Legitimate interests
  • Compliance with a legal obligation

Our business is primarily the recovery of funds owed by individuals in the consumer credit/mortgage market. As such, our customers typically have overdue funds that we are seeking to be repaid, either actively or by awaiting a change to customers’ personal circumstances.

This explicitly requires us to understand our customers and their circumstances in order to conduct ourselves in an appropriate way.

Promoting responsible lending and helping to prevent over-indebtedness

  • Legitimate interests

Responsible lending means that lenders only sell products that are affordable and suitable for the borrowers’ circumstances. We help to ensure this by sharing personal data about our customers, their circumstances where applicable, and their financial history with the CCR/CRAs.

A comprehensive range of regulatory and statutory measures exists to underpin the financial services industries, which helps address the balance of our legitimate interests so that they aren’t outweighed by the interests, fundamental rights and freedoms of data subjects. Further explanation about this balance is set out below.

Complying with and supporting compliance with legal and regulatory requirements

  • Legitimate interests
  • Compliance with a legal obligation
  • Fulfilment of a contract

We must comply with various legal and regulatory requirements and help other organisations comply with their own legal and regulatory obligations. For example, many kinds of financial services are regulated. Regulators impose obligations to check that financial products are suitable for the people they are being sold to. The CCR/CRAs may data to help with those checks.

Maintenance of data for use in defending legal actions

  • Legitimate interests

We need to be able to investigate and respond to customer claims and to provide appropriate disclosure in the event of proceedings being issued.  This requires it to maintain information for a period after its original legitimate purpose has expired.

This is subject to the retention of personal information, described below.

Training and Quality

  • Legitimate interests
  • Compliance with a legal obligation

To ensure the good quality of the service we provide, customer data is used while training staff and reviewing the quality and output of ourselves and our partners.


Our use of this personal data is subject to an extensive framework of safeguards that help make sure that people’s rights are protected. These include the information given to people about how their personal data will be used and how they can exercise their rights to obtain their personal data, have it corrected or restricted, object to it being processed, and complain if they are dissatisfied. These safeguards help sustain a fair and appropriate balance so that our activities don’t override the interests, fundamental rights and freedoms of data subjects.

Additionally, Mars Capital will look for your consent to process personal information in relation to your health. This will only be in circumstances where you choose to share this information with us to help us understand your circumstances and appropriately manage your account. This will be used for no other purposes than managing your account and for training and quality purposes.


We obtain and use information from different sources, so we often hold different information and personal data about each customer. All information we hold about our customers falls into the below categories:

Information Type



Key Customer Identifiers

We hold personal data that can be used to identify people; this includes:

  • Name, including Title, Forename and Surname.
  • Address, including current and previous addresses, if these are marked as no longer resident. Additionally, we will hold address confirmed as inaccurate to prevent these being reused.
  • Contact details, including telephone and email information, past and present. Additionally, we will hold contact details marked as inaccurate to prevent these being reused.

This personal data is included with all the other data sources.
For example, names, addresses and dates of birth are attached to financial account data, so it can be matched and associated with all the other data Mars Capital holds about the relevant person.

Data is first obtained from the lender of the debt prior to our acquisition.

Data is also provided by customers directly in the daily interactions with ourselves or our agents.

Data about postal addresses is also obtained from sources like Royal Mail, Eircode, Eir Phonebook.

We also may obtain copies of the Edited Electoral Register/Register of Electors containing the names and addresses of registered voters from local authorities in accordance with specific legislation.

We also have access to public data sources on people and businesses, including from the Insolvency Service, Companies House, Companies Registration Office, the CCR/CRAs and commercial business directories.

Customer Circumstances

We hold personal data relating to individual’s circumstances including mental and physical health, financial status (including hardship) and difficulties relating to communication.

The purpose of this information is to ensure all circumstances are taken into account when managing your account(s).

This information will be obtained from:

  1. You, the customer, during an interaction directly with Mars Capital
  2. A 3rd party you have authorised to work on your behalf, or
  3. You, the customer, directly during an interaction with an agency working on our behalf.

We do not actively obtain data from external sources relating to customer circumstances.

We will always obtain customer consent before recording information relating to personal circumstances such as health, financial status or communication requirements.

Financial data

We receive information that includes personal data from credit accounts and other financial accounts that people hold with other organisations. This includes data about bank accounts, credit card accounts, mortgage accounts and other agreements that involve credit agreements such as utilities and communications contracts (including mobile and internet).

The collected data includes the date the account was opened, the amount of debt outstanding (if any) and the repayment history on the account, including late and missing payments.

We may also receive data about financial accounts like current accounts, credit cards or loans and may receive payment information that businesses hold from the organisations who maintain other accounts belonging to you.

We also use external data services from the CCR/CRAs to help credit assessment.

Banks, building societies, lenders and other financial services providers supply data including personal data about people’s financial accounts and repayments to the CCR/CRAs.

Other credit providers, such as hire purchase companies, utilities companies, mobile phone networks, retail and mail order, and insurance companies also provide this data when they agree credit facilities with their customers to the CCR/CRAs.

These are then provided to us with regards to our customers, to assist us in our legitimate purposes.

Court judgments, decrees and administration orders

We obtain data about court judgments that have been issued. This may include, for example, the name of the court, the nature of the judgment, how much money was owed, and whether the judgment has been satisfied.

Additionally, we may receive information about enforcement taken, such as Charging Orders on properties held by customers.

Judgments and some other decrees and orders are made publicly available through statutory public registers. These are maintained by Registry Trust Limited, which also supplies the data on the registers to the CRAs, and in turn Mars Capital.

Charging Order information may also be provided by the Land Registry.

Arrangement (IVAs), debt relief orders and similar events

We obtain data about insolvency related events that happen to our customers and may also obtain this type of data about businesses. This includes data about bankruptcies, IVAs and debt relief orders, and in Scotland it includes sequestrations, trust deeds and debt arrangement schemes. This data includes the start and end dates of the relevant insolvency or arrangement.

We obtain this data from our customers, their representative (Insolvency Practitioner), The Insolvency Service, and the CCR/CRAs.

Search footprints

We have access to credit application information where a financial institution uses the CCR/ a CRA to make enquiries about a particular person, the CCR/CRA keeps a record of that enquiry which appears on the person’s credit file.

This includes the name of the application, the date, and the reason they gave for making the enquiry.

Additionally, it may include such information as contact details, address information, income and employment situation of the applicant when they applied for the credit.

The CCR/CRAs generate search footprints when enquiries are made about a particular person by other lenders.

The lender making the enquiry provides some of the data in the footprint (such as the reason for the enquiry).

We in turn obtain this information from the CCR/CRAs.

Scores and ratings

We will use data to stress test the portfolios to account for affordability, risks, collections, litigation and pre-arears.

We produce their scores and ratings using the data available to them detailed in this section only.

This is sometimes supplemented by CRAs’ own scores and impairment indicators.

Public interest data

We receive data from commercial sources which includes lists of politically exposed persons (PEPs) and sanctions data; this is to ensure we meet our regulatory requirements.

We receive this data from reputable commercial sources as agreed from time to time.

Other derived data

We produce other kinds of data ourselves to manage our databases efficiently and ensure that all the relevant data about a person is on the correct credit file.

Address links: when we detect that a person seems to have moved to a different residence, it may create and store a link between the old and new address.

Flags and triggers: through analysis of other data, we can add indicators to a customer’s account file. These aim to summarise particular aspects of a person’s financial situation including any vulnerability identified.

Mars Capital generates this data from the data sources available to them.




This section describes the types of recipient we share data with and our process for ensuring it is an appropriate organisation.

In some cases, some organisations have the ability to compel us, by law, to disclose certain data for certain purposes.

Members of the credit reference agency data sharing network

We share information with the CCR/CRAs as part of our obligation to ensure appropriate lending for consumers and help ensure the health of the UK financial services industry.

Each organisation that shares financial data with the CRAs is also entitled to receive similar kinds of financial data contributed by other organisations. These organisations are typically banks, building societies, and other lenders, as well as other credit providers like utilities companies and mobile phone networks.

We use the following CRA and the CCR:


Credit reference agency

 Contact details

Experian Limited

Web Address:

Phone:              0344 481 0800 or 0800 013 8888

Post:                 Experian, PO BOX 9000, Nottingham, NG80 7WF

Central Credit Register

Web Address:

Phone:              01 2245500 or 1890 100050 




We may entrust your account for management by one of our Partner companies, who will operate as our agent. We use market leading partners, and we rely on their expertise in their fields to manage your account efficiently on our behalf. We will communicate with you at the time should this outsourcing take place.

Information Technology Processors

We will use other organisations to perform tasks on their own behalf (for example, IT service providers) in order to assist us with running our business. These providers will always act as our agents.

Court Service

If proceedings are issued against you or enforcement activity is taken, we will provide information to the relevant Court service.

Payment Processors

If you have chosen to make payments via Debit Card, Mars Capital will provide relevant information to payment processing companies to facilitate the transaction. 


People are entitled to obtain copies of the personal data that Mars Capital holds about them. You can find out how to do this in Section 10 below.

Legal and Regulatory

Any law enforcement agency, regulator, court, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.


Customers whose accounts were established in Ireland and the UK have their personal information maintained within the European Economic Area. The personal data in those locations is protected by European data protection standards.

We do not send customer personal information outside of the European Economic Area, unless explicitly required to do so (such as circumstances where the customer themselves lives outside of the EEA and requires communication in their resident country).


In general, we will retain all information held about our customers for as long as they continue to have an active account with us. This will include for as long as funds are owed to us.

Once the account is closed and no funds are owed, and unless otherwise required by a law or regulation, we will continue to retain all data for a period typically of seven years from closure. The criteria used to determine the storage period will include the legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements and industry standards.

Exceptions to this standard seven-year approach are detailed below:

Credit Balances

In the rare situations where customers’ accounts have some form of overpayment, the data is kept for as long as the account remains in credit and for seven years from the date these monies are repaid to the customer.

Archived data

We will hold archived data in both physical and digital formats for business continuity purposes. Where data is retained in archives for longer than the periods described above, it will not be accessible to unauthorised staff and in the case of digital backups data is encrypted. We will take steps to ensure that, if such archives are required to be accessed, we will have all personal information no longer required removed.






Right to be informed

You have the right to be informed about how we collect and use your personal data. This has been described within this Privacy Notice.


Rights related to automated decision making

You have rights in relation to any automated decision-making and/or profiling that has legal or similarly significant effects on you.


Right of access

You have the right to access your personal data and supplementary information held by us.


Right to data portability

In certain circumstances, you have the right to obtain and reuse your personal data for your own purposes across different services.


Right of rectification

You have the right to have inaccurate personal data rectified, or completed if it is incomplete.


Right to object

You have the right to object to the processing of your personal data.


Right of erasure

In certain circumstances, you have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.


Right to restrict processing

In certain circumstances, you have the right to request us to ‘block’ or suppress processing of personal data.



If you wish to exercise any of these rights, you can contact us by email:

UK office:      

Irish office:    


Scores and ratings

We do not use automated decision making for any accounts that we service.

We use the data we hold on the accounts we service and own along with data from the CRAs and other 3rd party data providers to produce various scores such as risk, fraud, affordability, collection, litigation and/or insolvency scores to profile accounts and customers. The following factors are likely to impact these scores:

  • How long the person has lived at their address;
  • The number and type of credit agreements and how they use those credit products;
  • Whether the person has been late making payments;
  • Whether the person has had any court judgments made against them;
  • Whether the person has been bankrupt or had an IVA or other form of debt-related arrangement;
  • Income and expenditure assessments of affordability.

These scores will inform appropriate actions to manage customers’ accounts with us and ensure appropriate steps are taken with respect to personal circumstances. An example would be where we use the insolvency scores and data to place an account with a specialist insolvency practitioner.


You have the right to ask us what data we hold about you. This is known as a Data Subject Access Request (DSAR). You have a right to find out what personal data we hold about you. You can do this by using the contact details mentioned below.


UK office


Post: Ashcombe House, 5 The Crescent, Leatherhead, Surrey KT22 8DY, UK

Telephone: 0330 33 55 111

Irish office


Post: PO Box 12546, Dublin 2, Ireland.

Telephone: 1890 303 702 or, if calling from abroad, +353 1 630 6054


New data protection legislation also contains a right to data portability that may give consumers a right in some data processing contexts, to receive their personal data in a portable format when it is processed on certain grounds, such as consent. This is not a right that will apply to data held by Mars Capital because this data is processed on the grounds of legitimate interests.


When we receive personal data, we perform a number of checks on it to try and detect any defects or mistakes. Ultimately though, we rely on our suppliers and our customers to provide accurate data to us.

If you think that any personal data we hold about you is wrong or incomplete, you have the right to request this is updated.

If our data does turn out to be incorrect, we will update our records accordingly. If we still believe our data is correct after completing our checks, we will continue to hold and keep it - although you can ask us to add a note to your file indicating that you disagree or providing an explanation of the circumstances. Additionally, we will need to keep a copy of the incorrect record but solely for auditing purposes.

If you’d like to request an update of your data, you should contact us by using the contact details mentioned in Section 10.


As an individual you have specific rights under the General Data Protection Regulation. You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and ‘right to erasure’, or the ‘right to be forgotten’. 

Section 4 of this notice details what information we process, and why we need this information within our organisation in relation to the activities we undertake. This is why your right to object doesn’t automatically lead to deletion of your information, but we will deal with every request we receive and if we can’t delete your information we shall inform you and explain why we cannot.


In some circumstances, you can ask us to restrict how we use your personal data. This is not an absolute right, and your personal data may still be processed where certain grounds exist. These grounds include:

  • With your consent;
  • For the establishment, exercise, or defence of legal claims;
  • For the protection of the rights of another natural or legal person;
  • For reasons of important public interest.

Only one of these grounds needs to be demonstrated to continue data processing. We will consider and respond to requests we receive, including assessing the applicability of these exemptions.

Please note that given the importance of complete and accurate records, for purposes outlined above, it will usually be appropriate to continue processing data. In particular, to ensure appropriate management of your account.


We try to deliver the best customer service levels, but if you’re not happy you should contact us so we can investigate your concerns.  Using the contact details mentioned in section 10. If you are unhappy with how we have investigated your complaint, you have the right, in the UK, to refer it to the Financial Ombudsman Service for free. In Ireland you have the right to refer the complaint to the Irish Financial Services and Pensions Ombudsman for free. These are independent public bodies that aim to resolve disputes between consumers and businesses like us. You can contact them by:


Contact Details

Financial Ombudsman Service



Telephone: UK – 0300 123 9 123 Outside UK - +44 20 7964 1000

Post: Financial Ombudsman Service, Exchange Tower London E14 9SR

Irish Financial Services and Pensions Ombudsman



Telephone: +353 1 567 7000

Post: Financial Services and Pensions Ombudsman, Lincoln House, Lincoln Place, Dublin 2, D02 VH29.

*Please note that the Financial Services Ombudsman’s Bureau will ask for a copy of our final decision before they review your complaint.


You may also refer your concerns to the Information Commissioner’s Office (or ICO), the body that regulates the handling of personal data in the UK or Irish Data Protection Commissioner (DPC), the body that regulates the handling of personal data in Ireland. You can contact them by:


Contact Details

Information Commissioner’s Office (or ICO)


Telephone: UK – 0303 123 1113 Outside UK - +44 1625 545700

Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

Irish Data Protection Commissioner (DPC)


Telephone: IRL – 1890 252 231 Outside IRL – +353 57 868 4800 or +353 761 104 800

Post: Data Protection Commissioner, Canal House, Station Road, Portarlington, R32 AP23, Co Laois


Our group Data Protection Officer can be contacted by emailing or by writing to The Arrow Group Data Protection Office, 12 Booth Street, Manchester, M2 4AW, UK.

For all Magellan Homeloans Limited customers, click here for their Privacy Notice.