DIR Return Create A Forum - Home
---------------------------------------------------------
FreeTrafficLegalAdvice
HTML https://ftla.createaforum.com
---------------------------------------------------------
*****************************************************
DIR Return to: Private parking tickets
*****************************************************
#Post#: 102539--------------------------------------------------
Re: Letter Before Claim Moorside Legal
By: b789 Date: December 15, 2025, 11:08 am
---------------------------------------------------------
Just keep resending it until you don't receive a "mailbox not
monitored" response. At the same time do the following:
DO NOT use their portal. Your email response to their LoC has
been served on them. Send the following email:
[quote]Subject: Formal Notice – Breach of Transparency
Obligations and Imminent Escalation to ICO, SRA and CMA
To: help@moorsidelegal.co.uk; dpo@apn.co.uk
Cc: enquiries@apn.co.uk; [your own email address]
Dear Data Protection Officer,
This notice is issued to you in your statutory capacity under
the UK GDPR and the Data Protection Act 2018, in relation to
Moorside Legal Services Limited and the wider APN Group.
Moorside Legal’s own Privacy Notice states that any data subject
wishing to exercise their rights or contact the DPO should email
help@moorsidelegal.co.uk (subject heading: “Data Subject Rights
– Your Name”) or write to the postal DPO address.
Help@moorsidelegal.co.uk is the only email address Moorside
Legal publishes for contact and it is expressly described as the
DPO contact route.
Relying on that representation, a substantive response to a
Moorside Legal Letter of Claim was sent to
help@moorsidelegal.co.uk. That email contained personal data and
clearly engaged data subject rights and pre-action obligations.
In reply, instead of engaging with the substance of the
correspondence, Moorside Legal sent a boilerplate “fob-off”
email stating that the mailbox is “not monitored” and attempting
to force use of an online portal. This was not an automated
server bounce: it was a standard template that an individual
chose to send after accessing the original message. In other
words, a member of your staff is monitoring incoming messages to
the very address advertised as the DPO contact, reading those
messages, and then sending a stock response asserting that the
mailbox is “not monitored” and that the only acceptable
communication route is your portal.
That is not a technical quirk; it is a deliberate policy choice
designed to frustrate both data subject rights and responses to
Letters of Claim.
From a technical standpoint, the position is clear. I have
checked the configuration of your domain moorsidelegal.co.uk and
obtained the following information:
Summary of findings
[indent]- Email addresses tested: help@moorsidelegal.co.uk;
litigation@moorsidelegal.co.uk
- Status: both accepted; domain reported as catch-all
- SMTP provider: Barracuda Networks
- MX record: d238565.a.ess.uk.barracudanetworks.com
- Domain age: more than 800 days (a stable corporate domain, not
newly registered)[/indent]
A catch-all configuration on a Barracuda-hosted system means
your server is set to accept mail for any address at
moorsidelegal.co.uk and return a standard “250 OK” SMTP
response, even if the individual mailbox name is not
specifically configured, in order to mask mailbox validity. The
tests show that both help@ and litigation@ are accepted in this
way.
That behaviour may frustrate external probing of which
individual mailboxes exist, but it does not alter the core legal
and technical fact that once your server has accepted an email
at SMTP level with a 2xx OK success code and no bounce is
generated, delivery (service) into your system is complete.
What you choose to do internally with that message – including
routing it to staff who then send a boilerplate “this mailbox is
not monitored, use the portal” reply – does not change the
reality that:
[indent]– You are in possession of the personal data.
– You are the controller responsible for handling it lawfully,
fairly and transparently.
– You must not hold out help@moorsidelegal.co.uk as the DPO and
data subject contact address in your Privacy Notice while
instructing staff to fob people off with a knowingly misleading
“not monitored” line and forcing them into a payment
portal.[/indent]
When you put that together:
[indent]1. Your Privacy Notice explicitly designates
help@moorsidelegal.co.uk as the DPO contact for exercising
rights and as your contact email generally.
2. Emails sent to that address are in fact accepted by your
server, read by staff, and then met with a mendacious template
claiming the mailbox is “not monitored” and that all
communication must be via your portal.[/indent]
Both positions cannot simultaneously be true in a way that
complies with your legal obligations. Either:
[indent]– The mailbox is monitored and the “not monitored” claim
is knowingly false, used to deter and obstruct data subjects and
defendants from asserting their rights by email; or
– It is not monitored for DPO purposes, in which case your
Privacy Notice is materially inaccurate and misleading because
it advertises a non-functional route for exercising rights and
contacting you.[/indent]
In both scenarios, your current practice appears incompatible
with:
[indent]– Article 5(1)(a) UK GDPR (lawfulness, fairness and
transparency).
– Article 12 UK GDPR (duty to facilitate the exercise of data
subject rights and avoid undue obstacles).
– Articles 13, 14 and 37(7) UK GDPR (duty to provide accurate,
functional contact details for the controller and, where
appointed, the DPO, and to enable data subjects to contact the
DPO easily and directly).[/indent]
It is particularly serious that you are using this “mailbox not
monitored, use the portal” template specifically in response to
reasoned pre-action correspondence, where the Civil Procedure
Rules and the Pre-Action Protocol for Debt Claims require
meaningful engagement. Attempting to channel defendants into a
payment portal while pretending that your published DPO/contact
address is effectively dead is plainly calculated to frustrate
both procedural fairness and statutory data protection rights.
Moorside Legal’s Privacy Notice states that Moorside Legal
Services Limited “is part of the APN Group”. APN Group’s own
privacy policy designates dpo@apn.co.uk as the group DPO
contact. The APN Group DPO is therefore now expressly on notice
that a group entity is operating a sham DPO/contact email route
and using a stock “mailbox not monitored, use the portal” script
in circumstances where the underlying mailbox is clearly active
and handled by staff.
For the avoidance of doubt:
[indent]– Emails to help@moorsidelegal.co.uk are being accepted
by your Barracuda-hosted server and are not bouncing.
– At least one such email has been opened and acted upon by
staff, who chose to send the “mailbox not monitored, use the
portal” template rather than deal with the content as a
DPO/contact request and as pre-action correspondence.
– In those circumstances, any denial of receipt or attempt to
treat emails to help@moorsidelegal.co.uk as “not valid”
communications will be treated as bad-faith conduct.[/indent]
You are therefore put on formal notice that:
[indent]– The burden of delivery is satisfied once your server
has accepted an email at SMTP level with a 2xx “OK” status and
no bounce. You cannot evade receipt by labelling the mailbox
“not monitored” after staff have already accessed the message
and responded with a template.
– Continuing to publish help@moorsidelegal.co.uk as the
DPO/contact address while staff send “not monitored, use the
portal” replies is inherently misleading and obstructive of data
subject rights and defendants’ rights.
In addition to the data protection issues, these practices will
be drawn to the attention of the Competition and Markets
Authority (CMA) under the Digital Markets, Competition and
Consumers Act 2024 (DMCC), specifically the unfair commercial
practices regime in Part 4, Chapter 1 and the banned practices
set out in Schedule 20. In outline:
[indent]– You are engaging in misleading actions and omissions
in relation to published contact channels and access to redress.
– You are failing to meet the requirements of professional
diligence within the meaning of section 229 DMCC by maintaining
a non-functional or deliberately frustrated DPO/contact route
and channelling consumers exclusively into a payment-focused
portal when they dispute liability.[/indent]
If the CMA finds against you, consequences can include:
[indent]– Compliance directions and enforcement orders requiring
changes to your practices.
– Monetary penalties of up to the higher of £300,000 or 10% of
global turnover.
– Further regulatory action if systemic bad-faith conduct is
identified.[/indent]
I am simultaneously lodging formal complaints to:
[indent]– The Information Commissioner’s Office (ICO), for
failure to meet the transparency and facilitation requirements
of UK GDPR in relation to data subject communications and
objections to processing; and
– The Solicitors Regulation Authority (SRA), in relation to
Moorside Legal Services Limited, for operating sham contact
routes and frustrating written engagement in the context of
pre-action debt claims, in a way that undermines access to
redress and public confidence in the profession.[/indent]
I therefore require the following, in writing, within one
calendar month:
[indent]1. A clear statement whether help@moorsidelegal.co.uk is
monitored for DPO and data subject communications. If it is
monitored, you must confirm that the “mailbox not monitored, use
the portal” template will be withdrawn immediately and that all
future emails sent in reliance on your Privacy Notice will be
treated as valid data subject and pre-action communications. If
it is not monitored, you must confirm that your Privacy Notice
will be corrected immediately and that a functional DPO email
address will be published and properly monitored.
2. Confirmation that the specific email sent in response to your
Letter of Claim (to help@moorsidelegal.co.uk) has been
retrieved, placed on the relevant file, and is being treated
both as a valid data subject communication (including an
objection to processing and request for restriction) and as
formal pre-action correspondence under the Pre-Action Protocol
for Debt Claims.
3. Details of the concrete steps you will take, and deadlines
for implementation, to ensure that all published DPO and contact
addresses (including those in Moorside and APN privacy notices)
are truthful, functional, properly monitored, and not undermined
by staff being instructed to send “not monitored, use the
portal” responses.
You are fully responsible for the configuration and operation of
your email systems and for ensuring that your published privacy
information is accurate and not misleading. This letter puts
both Moorside Legal and APN Group on explicit notice that the
current arrangements are being treated as deliberate obstruction
and misrepresentation and that the regulators are being asked to
investigate and, where appropriate, sanction that conduct.
Yours faithfully,
[Your Name]
[Your address]
[Relevant references: PCN/Moorside ref][/quote]
Here are the three complaint templates you can use in parallel
(ICO, SRA, CMA).
ICO complaint template (email/text to paste into ICO form).
You’ll usually use the ICO’s online form, but this is the
narrative you can paste in:
[quote]Subject: Complaint against Moorside Legal Services Ltd –
Non-functional DPO email and obstruction of data subject rights
I wish to complain about the handling of personal data and data
subject communications by:
[indent]Moorside Legal Services Limited
Part of the APN Group
Email as published in their privacy notice:
help@moorsidelegal.co.uk[/indent]
Moorside Legal’s Privacy Notice states that any data subject
wishing to exercise their rights or contact the DPO should email
help@moorsidelegal.co.uk (with the subject “Data Subject Rights
– Your Name”) or write to a given postal address.
help@moorsidelegal.co.uk is the only published email address.
Relying on that notice, I have sent a detailed response to a
Letter of Claim to help@moorsidelegal.co.uk. Those emails
contain personal data and clearly engage data subject rights
(objection to processing, restriction, rectification) and
pre-action obligations.
The firm replied not with a substantive answer, but with a
boilerplate “fob-off” email stating that the mailbox is “not
monitored” and that all contact must instead go through their
online portal, which is presented as a payment/“customer”
portal. This reply was not an automated bounce. It was a
standard template that a staff member chose to send after
accessing the original email.
I have also tested the technical configuration of their domain,
moorsidelegal.co.uk. Both help@moorsidelegal.co.uk and
litigation@moorsidelegal.co.uk are accepted by their
Barracuda-hosted catch-all mail server (MX:
d238565.a.ess.uk.barracudanetworks.com). The server returns a
normal "250 OK" SMTP response and no bounce is generated. That
means the emails are being delivered into Moorside Legal’s
system, and at least a subset of them is being read by staff.
In practice, this means:
[indent]• Moorside publish help@moorsidelegal.co.uk as the
DPO/contact email in their privacy notice.
• Emails sent to that address are accepted and read.
• Staff then send a template claiming the mailbox is “not
monitored” and instructing individuals to use a payment portal
instead.[/indent]
Either the mailbox is monitored, in which case the “not
monitored” wording is knowingly false and deters people from
using their rights by email, or it is not properly monitored, in
which case the privacy notice is materially inaccurate and
misleading.
In my view this breaches:
[indent]• Article 5(1)(a) UK GDPR – lack of fairness and
transparency.
• Article 12 UK GDPR – failure to facilitate the exercise of
data subject rights and placing undue obstacles in the way.
• Articles 13, 14 and 37(7) UK GDPR – inaccurate and
non-functional DPO/contact details, and failure to ensure the
DPO can be contacted easily and directly.[/indent]
It is particularly concerning that this behaviour occurs in the
context of debt collection and pre-action letters before claim,
where individuals are already under pressure and need a clear
route to assert their rights and correct their data.
What I am asking the ICO to do:
[indent]• Investigate whether Moorside Legal and APN Group are
complying with Articles 5, 12, 13, 14 and 37–39 UK GDPR in
relation to the help@moorsidelegal.co.uk address and their
handling of data subject communications.
• Require them to either:
[indent]– make help@moorsidelegal.co.uk a genuinely monitored
DPO/contact address and stop sending “not monitored, use the
portal” replies; or
– amend their privacy notice and publish a functional DPO email
address that is properly monitored.[/indent]
• Require them to treat emails already sent to
help@moorsidelegal.co.uk as valid data subject communications
and pre-action correspondence and to confirm this to affected
individuals.[/indent]
I attach:
[indent]• A copy of their privacy notice extract showing
help@moorsidelegal.co.uk as the DPO/contact email.
• A copy of my original email to that address.
• The boilerplate “mailbox not monitored, use the portal”
response.[/quote]
SRA complaint template (Moorside’s conduct as a firm). Email to
report@sra.org.uk and CC yourself:
[quote]Subject: Complaint about Moorside Legal Services Ltd –
Obstructive contact practices and misuse of “not monitored”
email in debt claims
I wish to complain about the conduct of:
[indent]Moorside Legal Services Limited
SRA number: 8006077[/indent]
Moorside Legal act as solicitors in bulk debt recovery/parking
charge litigation. Their Privacy Notice states that data
subjects and clients should contact their Data Protection
Officer via help@moorsidelegal.co.uk. This is also the only
email address they publish for contact.
When a consumer/defendant replies by email to a Letter Before
Claim (e.g. to set out a defence, raise issues under the
Pre-Action Protocol for Debt Claims, or exercise data rights),
Moorside Legal do not engage with the contents. Instead, after a
delay, they send a boilerplate response stating that the mailbox
is “not monitored” and instructing the individual to use their
online portal or telephone number. This is not an automatic
server reply; it is a template a member of staff sends after
reading the email.
Technical checks show that their Barracuda mail server accepts
emails to help@moorsidelegal.co.uk and
litigation@moorsidelegal.co.uk with a normal "250 OK" response
and no bounce. At least some emails are clearly being read,
because staff then send the “not monitored, use the portal”
template in response.
The effect is that:
[indent]• A published email route for serious pre-action
correspondence is, in practice, converted into a dead-end.
• Defendants who try to comply with the Pre-Action Protocol in
writing are fobbed off and pushed into a payment portal instead.
• The public-facing privacy notice and “contact us” information
are inconsistent with the reality of how the firm actually
handles incoming emails.[/indent]
In my view, this undermines:
[indent]• The proper administration of justice and compliance
with the Civil Procedure Rules and Pre-Action Protocol for Debt
Claims.
• Public trust and confidence in the solicitors’ profession,
because a regulated firm is using a sham contact route and a
standard script to frustrate written engagement.
• Basic standards of honesty and integrity – either the email
address is monitored and the “not monitored” claim is untrue, or
the privacy notice is materially misleading.[/indent]
I ask the SRA to consider whether Moorside Legal’s conduct is
compatible with the SRA Principles and Codes of Conduct, in
particular the duties:
[indent]• To act in a way that upholds public trust and
confidence in the solicitors’ profession.
• To act with honesty and integrity.
• To behave in a way that maintains the trust the public places
in solicitors when handling disputes and pre-action
correspondence.[/indent]
I attach:
[indent]• Moorside’s privacy notice extract showing
help@moorsidelegal.co.uk as the DPO/contact email.
• A copy of a reasoned email response to a Letter Before Claim
sent to that address.
• Moorside’s “this mailbox is not monitored, use the portal”
reply.[/quote]
CMA/Trading Standards complaint template (DMCC 2024) which you
email to general.enquiries@cma.gov.uk and CC yourself:
[quote]Subject: Complaint about Moorside Legal Services Ltd –
Unfair commercial practice under DMCC 2024 (obstructed contact
channels and sham DPO email)
I wish to report a business-to-consumer practice which I believe
breaches the unfair commercial practices provisions in Chapter 1
of Part 4 of the Digital Markets, Competition and Consumers Act
2024 (DMCC).
[indent]Trader: Moorside Legal Services Limited (part of APN
Group)
Sector: Legal services / debt recovery / private parking
claims[/indent]
Moorside Legal pursue private individuals for alleged parking
charges and send Letters Before Claim. Their Privacy Notice
tells consumers and data subjects to contact their Data
Protection Officer at help@moorsidelegal.co.uk – this is also
their only published email address.
When a consumer replies to a Letter Before Claim by email to
that address (for example, to dispute the debt, challenge the
claim or correct their data), Moorside Legal do not deal with
the contents. Instead they send a standard “this mailbox is not
monitored – please use our portal” response and attempt to
divert the consumer into a payment-oriented online portal.
This response is not an automated server bounce. It is a
boilerplate email sent by staff after reading the original
message. Technical checks on their Barracuda-hosted mail server
show that emails to help@moorsidelegal.co.uk and
litigation@moorsidelegal.co.uk are accepted with a "250 OK" SMTP
status and no bounce, so messages are reaching their system and
being processed.
In practice, this means:
[indent]• Moorside Legal advertise an email address as the route
to contact them and their DPO, but then treat written
correspondence sent to that address as if it were invalid.
• They use a template to claim the mailbox is “not monitored”
and funnel consumers into a portal that is clearly designed
around payment rather than dispute resolution.
• Consumers trying to exercise statutory rights or respond
properly to a Letter Before Claim are obstructed and channelled
towards paying instead of being allowed to use a clear written
route.[/indent]
I believe this behaviour falls within the unfair commercial
practices regime because:
[indent]• It is at least a contravention of the requirements of
professional diligence under section 229 DMCC – falling short of
the standard of skill and care reasonably expected of a trader
dealing with consumers in a debt-claim context, and not
commensurate with honest market practice or the general
principle of good faith.
• It may also amount to misleading actions or omissions, because
the published contact details suggest consumers can use email to
exercise their rights and engage with the trader, whereas in
reality those emails are dismissed and they are pushed into a
portal.
• It is likely to cause the average consumer to make a
transactional decision they would not otherwise have made – in
particular, to use the portal in the belief that it is the only
valid channel, to prioritise payment over dispute, or to abandon
attempts to challenge the claim because the advertised contact
route proves to be a sham.[/indent]
I ask that this practice be investigated as a potential unfair
commercial practice under the DMCC 2024, with a view to:
[indent]• Requiring Moorside Legal to provide functional,
monitored contact details that match their privacy notices and
letters.
• Preventing them from using a “mailbox not monitored, use the
portal” script in response to legitimate dispute correspondence.
• Considering enforcement measures and penalties if systemic
unfair practices are established.[/indent]
I attach:
[indent]• Screenshots/extracts from Moorside Legal’s privacy
notice (help@moorsidelegal.co.uk as DPO/contact email).
• Copy of a Letter Before Claim.
• Copy of an email response sent to help@moorsidelegal.co.uk.
• Moorside’s “mailbox not monitored, use the portal”
reply.[/quote]
Use this image as the evidence of their Data Protection email
address from their Privacy Notice:
[img width=650
height=477]
HTML https://i.ibb.co/R47zCqC4/Screenshot-2025-12-08-at-10-38-34.png[/img]
#Post#: 102644--------------------------------------------------
Re: Letter Before Claim Moorside Legal
By: AsmaraBella Date: December 16, 2025, 6:40 am
---------------------------------------------------------
Than you so much b789 I will do so and let you know the outcome.
Kindest Regards
#Post#: 105128--------------------------------------------------
Re: Letter Before Claim Moorside Legal
By: AsmaraBella Date: January 8, 2026, 2:23 pm
---------------------------------------------------------
Dear b789
I hope you have had a very happy new year. Moorside has replied
today after couple of weeks with this no reply email as follows
Thank you for your email. Kindly please advise of next step I
have also send them a letter via Post office.
Please note that this mailbox is no longer monitored and cannot
receive, review, or process any correspondence, including data
protection requests, objections, complaints, or responses to
pre‑action communications. All communication must now be
submitted through our secure online portal.
This change has been implemented to ensure:
A single, secure point of contact for all correspondence
Consistent logging and tracking of all communications
Faster allocation to the correct team
Improved data security and auditability, which cannot be
guaranteed through this discontinued inbox
For clarity, and in response to the points raised in your
message:
References to this email address in older documentation
Our Privacy Notice is currently being updated to reflect the
transition to the portal as the sole communication route. As a
result, this email address is no longer used for data subject
requests or general correspondence.
Your previous email
As this inbox is no longer monitored, we are unable to retrieve
or process any messages sent here. To ensure your correspondence
is received and actioned, please resubmit your communication
through the portal.
Data subject rights requests
All requests relating to UK GDPR (including objections,
restrictions, rectification, erasure, or access requests) must
now be submitted through the portal so they can be logged,
verified, and directed to the appropriate team.
Contacting the Data Protection Officer
All data protection‑related correspondence must also be
submitted through the portal. This ensures secure handling and
prevents delays associated with discontinued email channels.
Future communications
We are unable to accept or process any information‑rights
correspondence sent to this or any other discontinued email
address. The portal is the only active and monitored
communication route.
To ensure your enquiry is dealt with securely and efficiently,
we kindly ask that you register on our customer portal using the
link below:
🔗
HTML https://portal.moorsidelegal.co.uk
Once registered, you’ll be able to view case details, send and
receive messages, and manage your account directly through the
portal. Please note that we do not process queries or
instructions via email for security reasons.
If you need any assistance registering, feel free to contact us
on 0330 822 9950.
Kind regards,
Moorside Legal
#Post#: 112187--------------------------------------------------
Re: Letter Before Claim Moorside Legal
By: AsmaraBella Date: March 5, 2026, 1:19 pm
---------------------------------------------------------
The
Solicitors Regulation Authority has replied as follows
Decision not to investigate
Case reference number: RGC-000179137
Date: 5 March 2026
Investigation officer: M R
Relevant person and SRA number: Moorside Legal Services Limited
(8006077)
Matters considered
On 18 December 2025, we received a report from XX which raised
the following
concerns about Moorside Legal Services Limited (the firm) a
Licensed Body:
1. The firm issued a vague Letter Before Claim and signposted to
an inbox that appears
unmonitored but does not provide an automated response. The firm
then signposted
Mr XX to a payment portal and did not provide any further
details.
Our assessment
We assessed the report by:
1. Reviewing Mr XX report.
2. Reviewing the firm’s regulatory history.
3. Applying our Standards and Regulations and Assessment
Threshold Test.
Our reasons for not investigating
Concern 1 – Limited information
Mr XX has raised concerns that he was contacted with a Letter
Before Claim that
contained insufficient details. When Mr XX contacted them, he
received a
manual email advising the inbox is not monitored and was
signposted to a payments
platform without being provided with any additional information.
This allegation represents a
potential failure to comply with Principles 2 and 5 of the SRA
Principles which sets out a
solicitor’s responsibility to act in a way that upholds public
trust and confidence in the
solicitors' profession and to act with integrity, respectively.
Mr XX regarding the insufficient detail in the Letter Before
Claim and the
subsequent lack of meaningful engagement are already under
consideration as part of an
ongoing investigation. We are currently engaging with the firm
to address any potential
breach of our rules. As this is a mirrored concern that falls
within the scope of our ongoing
enquiries, we will now close this separate matter.
Sensitivity: Confidential
Decision
For the reasons set out above, I have decided not to investigate
this matter. This decision is
made under Rule 1.1 of the SRA Regulatory and Disciplinary
Procedure Rules (RDPRs) as
to whether the matter should be considered under Rule 3 of the
RDPRs.
Appeal/Review
Under the SRA Application, Notice, Review and Appeal Rules,
there is no right of appeal or
review of this decision by either the person who reported the
concern(s) to us, or the subject
of this decision.
………………………………………………..
Investigation Officer
#Post#: 112200--------------------------------------------------
Re: Letter Before Claim Moorside Legal
By: DWMB2 Date: March 5, 2026, 2:57 pm
---------------------------------------------------------
Whilst they've chosen not to investigate, I would say it is due
to positive reasons, namely that the issue in question is
already being investigated.
*****************************************************
DIR Next Page