This Policy gives you information about how PRA Group (UK) Limited collects and uses your personal data through your use of our website at https://www.pragroup.co.uk (the “Website” and our mobile app PRA Group (the “App”) (the “Platforms”).
If you are a customer of PRA Group (UK) Limited and/or PRA Group UK Portfolios Ltd, you will have also received our Fair Processing Notices when your account was purchased by the legal owner of your debt. These notices explain how PRA Group (UK) Limited and PRA Group UK Portfolios Ltd use your personal data to manage your account. If you want to read these Fair Processing Notices, please visit: Fair processing notice | PRA UK. If you are a user of the App, you will find them in the support section of your online account.
For our customers, this Policy supplements those Fair Processing Notices and provides additional information about how your personal data is used when you use our Platforms to manage your account online or make a payment via your online account using our Platforms.
For both our customers and any other persons visiting our Website, this Policy also provides information about how your personal data is used when you use our Website to contact us (e.g. via email, letter, phone, SMS, or Live Chat), complete forms or surveys, give consent for receiving marketing communications from us or respond to information requests.
This Policy explains:
If you plan to make a payment on the Platforms, please read the PRA Group Website & App Terms of Use and this Policy first.
Important: We may update this Policy from time to time. Please check it each time you visit.
We collect personal data in several ways:
We use the information we process about you for these purposes.
| Purpose | Explanation | Legal basis |
| Debt collection | We process your personal data to collect your debt, including processing your payments. We might also contact you to let you know about changes to our services. | Our legitimate interest |
| Online accounts | We process your data to provide you with access to your online account and its functionalities. | Contract Our legitimate interest |
| Contact | If you give us your name and contact details (address, phone, or email) and ask us to contact you, we will process your data for that purpose. We will also process your data if you contact us directly (e.g. by sending a letter, calling, or sending an e-mail or via Chat). | Our legitimate interest |
| Improve your experience on our Platforms | We make sure the Platforms work well on your device, and we run tests to make it better. | Our legitimate interest |
| Marketing | We may share information about our products and services, as well as selected third-party products and services that we believe may be of interest to you. We might also contact you to let you know about changes to our services. | Your consent |
| Fraud and crime prevention | We process data to ensure the security of our Website, services and to prevent crime. | Our legitimate interest |
| To discuss your experience with us | Based on feedback you provide. | Our legitimate interest |
We want to support your financial wellbeing, and to let you know about products and services that could help you meet your needs and goals. Where you have given us your consent, we may process your personal data to send you marketing communications about our products and services, as well as selected third-party products and services, that you might be eligible for.
You can provide your consent in your online account on our Platforms or by phone. When you provide consent, you can choose your preferred contact method (such as email, SMS, or phone). Consent is specific to each channel.
You can withdraw your consent or change your preferred contact method anytime:
You can also find a link to the Marketing Preferences section in your e-mail communication. Withdrawing consent will not affect the lawfulness of processing carried out before your withdrawal.
We do not share your personal data with third parties for their own marketing purposes. However, our marketing communications may include information about third-party products or services offered in partnership with us.
For more details about your rights, including the right to withdraw consent, please see the Your Rights section of this Privacy Policy.
We use strong security measures to protect your personal data from being lost, misused, accessed without permission, changed, or shared by mistake. Access to your data is limited to employees, agents, contractors, and third parties who need it for business purposes. They can only use your data following our instructions and must keep it confidential.
Important to know:
We have procedures to handle suspected data breaches. If a breach happens and the law requires it, we will inform you and the relevant regulator.
We may share your personal information with any member of PRA Group if there is a legal reason to do so. This includes our subsidiaries, our holding companies, and their subsidiaries.
We may also share your personal information in the following situations:
Your personal data may be transferred to a recipient in a third country. A third country is a country located outside the United Kingdom, including the United States of America and the European Economic Area. A third country may not have data protection laws equivalent to those in the UK. In such case, we will take all necessary steps to ensure the safety and security of your personal data in accordance with applicable data protection laws.
We may only transfer your personal data outside the UK if:
At your request we will electronically provide you with a copy of the concluded contractual provisions and information on the scope of your personal data that has been transferred. Where necessary and upon explicit request, a paper copy of this information may be sent to you.
Time for which we will keep your personal data depends on the purpose for which it was collected.
| Purpose | Data Retention |
| Debt collection | Generally, your personal data will be retained by us while we service your outstanding debt until 6 years after your account is closed, however different periods might apply. Please check our Fair Processing Notices for more information. |
| Online accounts | For the duration of time that your online account is active, being while we service your outstanding debt and 1 day thereafter. |
| Contact | If you are our customer, we will store the data for a period of time consistent with the purpose of the debt collection. If you are not our customer, we will store the data for up to 6 years. |
| Improve your experience on our Platforms | For the duration of the storage of performance cookies or SDKs. Please check our Tracking Technologies Policy below for more detailed information. |
| Marketing | We will process your data from the moment you give your consent until you withdraw it. |
| Fraud and crime prevention | If you are our customer, we will store the data for a period of time consistent with the purpose of the debt collection. If you are not our customer, we will store the data for up to 6 years |
| To discuss your experience with us | If you are our customer, we will store the data for a period of time consistent with the purpose of the debt collection. If you are not our customer, we will store the data for up to 6 years |
In some cases, you can ask us to delete your data. See Your Rights below for details.
Once the retention period has ended, we will either delete or anonymise your data. If we decide to keep some data for research, analysis purposes, or to improve our services, we anonymise it to prevent identifying you. This involves removing information such as your name, contact details, and other personal data that could lead to your identification. We have implemented additional measures to prevent re-identification. Our anonymisation processes are regularly reviewed to help ensure the security of your data. We do not use anonymised data to make decisions about you as an individual.
If you give us personal information about someone else, you confirm that they have authorised you to act for them. You also confirm that you have told them who we are and explained why their personal information will be processed, as described in this Policy.
Important: You must have permission before sharing someone else’s data.
Under data protection laws, you have certain rights regarding your personal data. Please note that many of these rights are not absolute. We may not fully comply with your request if, for example, the law requires us to process your data in a way that conflicts with your request or if exemptions under data protection law apply. If this happens, we will explain when you make your request.
Your rights include:
You can exercise your rights by contacting us in writing, by phone, SMS, or electronically, or through an authorised third party. For security reasons, we may ask for more information to confirm your identity.
Right to complain to Supervisory Authority:
If you believe we have processed your data incorrectly, you can complain to the Information Commissioner (ICO):
Please note that the Information Commissioner now expects that you will have given us an opportunity to resolve your concerns, before raising the matter with them.
When using our Platforms, we automatically collect some information and store it in log files for statistical purposes. These logs include standard details such as your IP address, browser type, internet service provider, and operating system.
This information is used only by PRA UK in accordance with this Policy. We do not share or sell it to third parties. We use it to analyse trends, manage the Platforms, and understand general information about our users.
On our Platforms we use cookies and Software Development Kits (SDKs) as well as other similar technologies (“Tracking Technologies”) to make our Platforms work better and to provide useful information to platform owners. We use different technologies depending on whether you interact with our Website or our App. The sections below explain the Tracking Technologies used on our Website, followed by the Tracking Technologies used in our App.
In our App we use Software Development Kits (SDKs). SDKs are small pieces of software we add to the App to help it work properly.
We use SDKs to:
Some SDKs need to process information from your device to do this. This may include:
We only use the information that is needed for each purpose.
| Vendor | SDK / Group | SDK used | Platform | Lifespan |
|---|---|---|---|---|
| Apple | Core iOS system frameworks (e.g. UIKit, Foundation, Core Graphics, Security, WebKit, Networking libraries) | First party (device operating system) | iOS | No independent storage. Data processed on device or retained in line with core account and security records |
| Apple | Security & Authentication frameworks (e.g. CryptoKit, Local Authentication) | First party (device operating system) | iOS | Processed on device. Authentication data is not stored by PRA systems |
| Apple | System runtime and processing libraries (e.g. libswift, libSystem) | First party (device operating system) | iOS | No independent storage. Required for app operation only |
| AndroidX Libraries | First party (device operating system) | Android | No independent storage. Required for app functionality | |
| Firebase Core components | Third party | iOS | Retained only as required for service operation and in line with system configuration | |
| Supporting libraries (e.g. Promises, transport components) | Third party | iOS | No independent storage. Supports internal processing only | |
| OneTrust | CMP SDK | Third party | iOS / Android | Retained for the duration of your consent preferences and in line with preference records |
| Apple | App Tracking Transparency | First party (device operating system) | iOS | Stored in line with device-level privacy settings |
| Vendor | SDK / Group | SDK used | Platform | Lifespan |
|---|---|---|---|---|
| Firebase Cloud Messaging | Third party | Android | Retained while notifications are active or until preferences are changed | |
| Firebase Remote Config | Third party | iOS / Android | Retained while feature configuration is active | |
| Firebase A/B Testing | Third party | iOS | Retained for the duration of the testing period | |
| Mapp | Engage (notifications and messaging) | Third party | iOS / Android | Retained until preferences are changed or messaging is no longer active |
| Apple | EventKit / EventKit UI | First party (device operating system) | iOS | Processed on device and subject to user device settings |
| Apple | PhotosUI | First party (device operating system) | iOS | No independent storage by PRA. User-controlled via device permissions |
| Airbnb | Lottie / lottie-ios | Third party | iOS / Android | No personal data stored |
| Coil‑KT | Coil | Third party | Android | No personal data stored |
| Square | OkHttp / Retrofit | Third party | Android | No independent storage. Supports secure communication only |
| JetBrains / Koin | Kotlin support libraries | Third party | Android | No personal data stored |
| ZXing (Barcode Scanner) | Third party | Android | Data processed only at point of use and not stored |
| Vendor | SDK / Group | SDK useds | Platform | Lifespan |
|---|---|---|---|---|
| Firebase Analytics | Third party | iOS / Android | Up to 14 months, after which data is deleted or anonymised | |
| Firebase Crashlytics | Third party | iOS / Android | Up to 90 days | |
| Firebase Performance Monitoring | Third party | Android | Up to 14 months (aggregated performance data) | |
| Apple | MetricKit | First party (device operating system) | iOS | Short-term diagnostic data (typically up to 90 days) |
| Google Ads On-Device Conversion | Third party | iOS | Processed on device and retained only in aggregated form | |
| Analytics support components (e.g. GoogleAppMeasurement, DataTransport) | Third party | iOS | Supports analytics data retention (aligned to Firebase Analytics – up to 14 months) |
The App does not use traditional web cookies. However, it may store certain information locally on your device, such as security tokens, temporary files, and settings, to ensure the App functions correctly.
You can change or withdraw your consent in respect of our opt-in Tracking Technologies at any time by going to:
Profile → App settings → Data consent
SDKs that are essential for the App to work do not need your consent and you cannot turn them off.
Android devices allow users to manage an individual app’s stored data directly through device settings.
You can remove locally stored App data by:
After clearing data, you may need to sign in again.
You can continue to manage your account as normal once the App restarts.
Changing your tracking or analytics choices on Android:
Because Android allows you to reset the App’s stored data from Settings, you can change your preferences at any time by clearing the App’s data and then reopening it. When the App starts again, you will be presented with the cookie or tracking choices available for your device and App version.
iOS does not allow individual apps to selectively delete specific stored data (such as the equivalent of cookies). All App‑related local data is removed only when the App itself is deleted.
To remove stored data on iOS:
When the App is deleted, all associated temporary files, identifiers, and stored settings are removed.
You can then reinstall the App from the App Store.
When you reinstall and open the App, you will be shown any applicable cookie or tracking choices again.
Using the App after rejecting optional tracking on iOS:
If you reinstall the App and are shown a screen asking whether you accept additional tracking, you can select “Reject all” and still continue to use the App to manage your account. Essential functionality will always remain available.
We use Google Analytics cookies to understand how visitors use our Website. Google Analytics uses cookies, but on our Website, IP anonymisation is enabled. This means your IP address is masked and cannot be linked to other Google data.
If you choose to opt in to non-essential cookies using our cookie banner, we use Google Analytics to collect general, anonymised statistics. This includes page visits, actions on the Website, time spent, how you arrived, clicks, and browser and device details.
Google may process this data on servers in the U.S. For more details, visit Google’s Privacy Policy for Partners (www.google.com/policies/privacy/partners).
We use Google Analytics cookies to understand how visitors use our Website. Google Analytics uses cookies, but on our Website, IP anonymisation is enabled. This means your IP address is masked and cannot be linked to other Google data.
If you choose to opt in to non-essential cookies using our cookie banner, we use Google Analytics to collect general, anonymised statistics. This includes page visits, actions on the Website, time spent, how you arrived, clicks, and browser and device details.
Google may process this data on servers in the U.S. For more details, visit Google’s Privacy Policy for Partners (www.google.com/policies/privacy/partners).
In our App we use Firebase, a service provided by Google, to collect information about how customers use the App and to improve its performance and reliability.
We use these services to:
Where Google services are used (including Firebase and limited measurement functionality such as Google Ads On‑Device Conversion):
We do not currently use SDKs in the App for marketing purposes. If this changes, we will update this Policy and obtain your consent where required.
MAPP is a web analytics service provided by Webtrekk GmbH in Berlin, Germany. It collects data in an anonymous or pseudonymised form.
If you choose to opt-into non-essential cookies using our cookie banner, we use Webtrekk to ensure the security and integrity of the Platforms.. Data collected includes:
For questions, contact datenschutz@webtrekk.com. More details: Webtrekk Privacy Notice (https://www.webtrekk.com/privacy-notice.html).
VWO, provided by Wingify Software Private Limited, uses tracking technologies to test and improve Platforms usability. Data is collected in an anonymised form.
If you accept additional tracking technologies, VWO places an anonymous ID on your device to track usage. No personally identifiable information is recorded.
For questions, contact privacy@wingify.com. More details: VWO Privacy Policy (https://vwo.com/privacy-policy).
PRA Group (UK) Limited
Level 11, Riverside House
2A Southwark Bridge Road
London, SE1 9HA
Contact our Data Protection Officer
If you need to contact our Data Protection Officer, you can reach them:
Our EU/EEA Representative
We have appointed PRA Group Polska Holding Sp. z o.o. as our representative for EU/EEA consumers.
Each year millions of people fall behind on their bills for many reasons - things don’t go as planned, and then debt happens…
When a person is unable to pay back a loan, credit card or another account, their creditor may sell that debt to a company like ours..
If your account was sold to us, we’re here to help make repayment easier.
We’ll send you a welcome letter that explains who we are and invites you to access your account online –
where you can view your account information and manage flexible payment options that allow you to create an affordable payment plan, make a payment or pay it all off.
We don’t add interest or fees, and we won’t sell your account.
And when your debt is cleared, we’ll happily send you a confirmation.
Because we understand debt happens.
We’re PRA Group.
We’re changing the way debt repayment works by treating our customers with the fairness and respect they deserve.
We’ve helped millions of people clear a debt - let’s work together to find your path to recovery.
Debt happens. So can recovery.