What Personal Information Do We Collect & Why?
The information we collect from you depends on the product or service you apply for, or the service that we provide to you. We will only collect information that we require, or where we’re required to collect the information to enable us to perform our legal, regulatory or contractual obligations necessary to provide you with the products or services, or where we have your permission.
This will likely include but not limited to the collection of:
- your personal details (e.g. name, date of birth)
- address details
- contact details (e.g. phone number, email)
- special personal information* (e.g. information that may affect your ability to make decisions.)
- financial information
- employment information
- information on how you use our website(s) and products and services
Special Category information*
Data protection law defines some personal information as “special categories of data”. This includes information about physical or mental health, sexual life, religious beliefs, race or ethnic origin, political opinions, trade union membership or biometric data.
This information may be necessary to collect when understanding the reason for your financial circumstances, or where it may help us to provide a better service to you. For example, a mental health condition that could affect your ability to make a decision regarding your financial situation or a prolonged illness that may have caused you to fall behind with your regular payments to your creditors.
Information about other people
If you provide personal information about someone else, for example when a joint application is made, you must do so with the permission of the other person.
How do we collect your personal information?
We collect your information in various ways.
- When you make an application or enquiry to us either by phone, email, our website, by a third party or by any other means
- Information received from a third party, for example you have been introduced to us by another company
- By adding reviews, comments or interacting with us using social media such as Twitter or Facebook etc
- When you use online platforms, such as WhatsApp
- When we may need to obtain up to date information about you to meet our legal or regulatory obligations
- Where you have given permission for your information to be passed to us
What Do We Do With Your Personal Information?
We can only use your personal information where it falls into one or more of the following categories as set out in Article 6 of the GDPR
- Contract. It is necessary to enter into or fulfil a contract we have with you
- Legal Obligation. We have a legal or regulatory obligation to do so
- Legitimate Interest. It is in our legitimate interest to do so and it is not against your individual rights
- Vital Interests. It is necessary to protect your vital interests
- Public Task. It is necessary to carry out a task which is in the public interest.
Initial Debt Advice
Where you make an application or enquiry for debt advice or other services, we offer we’ll use your information to provide you with appropriate information and advice about any solutions we may be able to offer to you. If you cannot provide this information, it may not be possible to progress with your application or enquiry.
We may also use this information to contact you about and process your application, for example, sending you an email, text message or letter to explain about our services.
After you have made you initial debt advice enquiry, if you then decide to go ahead with any of the products or services that we offer, the sections below explain how we will also process your data when we provide that product(s) or service(s).
Websites and Marketing
To help us understand you and your situation better and provide you with information about other products which we feel may be suitable and relevant, we will use your personal information to create a profile of you and your circumstances. This allows us to provide more accurate service for you. For example, we may assess your creditors owing and household income and expenditure to determine whether you would be eligible for a debt solution.
However, if you don’t want us to profile your personal information this way, to then better enable us to tailor any marketing communications to you, you can contact us to let us know that you wish for your personal data not to be used in this way.
Legal or Regulatory Obligation
We are required to by law or regulatory bodies to process your personal information, for example, to adhere to anti-money laundering or our regulatory obligations.
Where we have a copy of your personal information we may contact you to ask you to provide a review about our services and advice.
If you make complaint to us, we will be required to use your personal information to investigate the complaint and deal with your enquiry. We have a legal and regulatory obligation to deal with your complaint appropriately.
Who Do We Share Your Information With?
In addition to the companies, organisations and other third parties mentioned above, we may also share your personal information with the following organisations or companies:
- IT Service Providers who provide IT platforms or other IT services (e.g. our CRM System hosted by Two Financial Services Ltd)
- Our Network Principal (Two Financial Services Ltd)
- Communication providers (e.g. telecommunications providers)
- Advertisers and social media companies such as Facebook for our social media accounts or where we can contact you using your social media account
- Third parties listed below but not limited to:
- Gregory Pennington
- Freeman Jones
- Forest King
- Carrington Dean
- Campbell Wallace Fraser
- Fresh Start Finance
These companies help us to provide our services and solutions to you. We will have a contract in place with any provider who directly provides us with such direct services to ensure that they comply with their data protection obligations and ensure that they have appropriate security measures in place.
We may also share your personal information where we have your consent to do so or where we’re required to do so under a legal or regulatory obligation or court order, such as the police, local authorities or the courts.
Automated Decision-Making Systems
An automated decision is one which we rely on a computer or system to assess the information you provide to us to make a decision about you, for example the CRM System mentioned above provides a full financial assessment, this may include:
- assessing your eligibility for a product or service
- credit searches
- checking identity and residency statuses
If we do make an automated decision about you, in some cases you have the right to ask that we do not make our final decision based solely on the automated decision, and you can also object to the automated decision and ask that someone reviews it.
Fraud Prevention Agencies
We may on occasion be required to share the personal information we have collected from you with law enforcement agencies and fraud prevention agencies who will use it to prevent fraud, money-laundering and terrorist financing and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment.
Keeping You Updated
To help us keep you informed about the products and progress of your application, we may contact you by letter, telephone, email, text message, push notifications, social media or other online messaging platforms as agreed.
If an application for a product or service is started, we will attempt to contact to regain contact with you using thee above methods if we are unable to complete your application for whatever reason.
If your preference is not to be contacted in any of the above methods please let us know at your earliest convenience, however if we are providing a service to you, we and third parties mentioned above will need to be able to send you communications. This can often be due to a legal or regulatory requirement.
If your contact details or preferences change at all it is of paramount importance that you update us as soon as possible.
Information Shared Outside The EEA
At present we have no reason to share your information outside of the European Economic Area (EEA) but please be assure if we did, we would only share your personal information outside EEA, where we have your consent.
If we do share your information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA.
Protection of Your Personal Information
The protection and security of your personal information is a matter we take very seriously, we will take as many precautions as possible in order to protect your data some of the steps we take but not limited to are listed below:
- company security policies and standards
- staff security awareness & training
- role-based access controls to prevent unauthorised access to the information
- encryption and anonymisation technology
- anti-malware & anti-virus technologies
- security monitoring
- secure archiving and deletion
- compliance with industry regulation and legislation
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
- Request access to your personal data (commonly known as a “data subject access request”).This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- Object to processing of your personal data.Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
- Request restriction of processing of your personal data.This enables you to ask us to suspend the processing of your personal data.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
- Right to rectification. If the personal information we hold about you is incorrect you have the right to request that we correct this.
If you wish to exercise any of the rights set out above, please contact us.
Data Protection Officer
Debt Consultancy Service C.I.C
If you are not happy with how we process your personal information you should contact us in the first instance. If you’re not happy with how we have dealt with your complaint you have the right to lodge a complaint with the Information Commissioner’s Office. You can find their details on their website at https://ico.org.uk/
How Long Will We Retain Your Personal Information?
If you choose to take out one of our products or services and are referred to one of the Third Parties listed above, we will retain your records for a period of 6 years. Telephone calls will be retained for at least 6 years from the date the call was made. (see call recordings section for more details)
If you do not go ahead with any product or service offered by us, your personal information will normally be deleted after 2 years unless we have another reason to keep your data, for example, if you have given your consent to receive marketing or promotional messages from us.
We record any telephone calls you make to us or we make to you or any other third party. This is for training, monitoring and quality purposes and to meet our legal and regulatory obligations. Some telephone calls may be observed by staff for training and development purposes.
As stated above we may keep a copy of the telephone calls for up to 6 years from the date the telephone call was made
End of Policy