Hello, my name is ***** ***** I am a qualified lawyer happy to help you today.
If your data is being used without your consent, this is in breach of the General Data Protection Regulations (GDPR). Note that this is EU law but it still applies in the UK until the end of December this year (during the Brexit transition period). A revision of the law (“UK GDPR”) will come in to effect in January 2021 but for the present purposes, it applies as normal in the UK.
GDPR protects data subjects and if you do not consent, anyone who hands out your data can be held in breach of GDPR. What this means is that the Information Commissioner's Office (the "ICO") can fine companies heavily if they find there has been a breach. The fines are either up to £17m or 4% of company turnover, whichever is greater. As such, I would recommend that you inform the ICO on 0303(###) ###-#### They will take your details and if they feel there has been a data breach will contact the company and possibly fine them. A lot of companies do not realise the extent of the fines and it is envisaged a lot of businesses will go bust in the event of a breach, not just because of the fines but because the aggrieved party can also claim compensation.
If the ICO tells you there has been a GDPR breach then it makes it much easier to claim compensation (under Article 77 of GDPR) - the amount of which varies and depends on the severity of the breach and the impact it has had upon the aggrieved party. The new data protection law is very new so unfortunately not many cases have been tried in court, so there is not a precedent for compensation levels (yet). As a very rough guide you would be looking at anything between £1,000 and £10,000 (the latter being for a serious breach which has adversely affected you).
I hope this helps - if you can please accept the answer and give me a 5 star rating (there should be a button at the top of your screen to do this), I can answer follow up questions at no extra charge and Just Answer will credit me for helping you today.