Chevron

GDPR Data Protection Policy and Privacy Notice

DCBL chevron plain

Table of Contents

  1. Definitions used in this Policy
  2. Who We Are
  3. What We Do
  4. The Law
  5. Data protection principles we follow
  6. What rights do you have regarding your Personal Data
  7. Where we get your Personal Information
  8. The Personal Information we collect and how we use it
  9. How long we retain Personal Information
  10. How we store and secure your data
  11. Who else can access your Personal Data
  12. Data Transfers
  13. Privacy by Design and Data Protection Impact Assessment (DPIA)
  14. Training and Audit
  15. Children
  16. Contact information
  17. Complaints
  18. Changes to this Privacy Policy

1) Definitions

Personal Data – any information relating to an identified or identifiable natural person.

Processing – any operation or set of operations that is performed on Personal Data or on sets of Personal Data.

Data subject – a natural person whose Personal Data is being Processed.

Child – a natural person under 16 years of age.

We/us (either capitalized or not)
This document and references to “DCBL” and “we” and “us” apply equally to all the group companies.

2) Who We Are

Direct Collection Bailiffs Ltd is a company registered in England under company number 07408649. We are also known as “Direct Collections”, “DCB” and “DCBL”. We manage and make decisions about personally identifiable information we hold, as well as conducting specific activities using data provided by other companies, on their behalf.

This document and references to “DCBL” and “we” and “us” apply equally to all the group companies.

3) What We Do

DCBL collect debts owed to clients on their behalf via Debt Recovery, enforcement of High Court Writs, and provide security provision and perform other services related to these matters. This often involves receiving personal information from our clients so that we can effectively carry out our services, some of which are externally regulated. We also transfer information to other companies that perform specific actions at our request, and this may involve the transfer of personal data for that purpose.

DCBL is committed to safeguarding your privacy. Contact us at dpo@dcbltd.com if you have any questions regarding the use of your Personal Data.

By using this site or/and our services, you consent to the Processing of your Personal Data as described in this Privacy Policy. This Privacy Policy is a part of our Terms and Conditions; by agreeing to Terms and Conditions you also agree to this Policy. In the event of collision of terms used in Terms and Conditions and Privacy Policy, the latter shall prevail.

4) The Law

DCBL is based in England and thus subject to the law applicable in England & Wales. In the case of data protection, the primary legislation in effect from 25th May 2018 is Regulation EU 216/679 (the General Data Protection Regulation), as well as the Data Protection Act 2018.

5) Data Protection Principles

DCBL follow the following data protection principles:

  • Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you with information regarding Processing upon request.
  • Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
  • Processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
  • Processing is limited with a time period. We will not store your personal data for longer than needed.
  • We will do our best to ensure the accuracy of the data.
  • We will do our best to ensure the integrity and confidentiality of data.

6) Data Subject’s rights

The Data Subject has the following rights:

  1. Right to information – meaning you have the right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
  2. Right to access – meaning you have the right to access the data collected from/about you. This includes your right to request and obtain a copy of your Personal Data gathered.
  3. Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
  4. Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
  5. Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
  6. Right to object to processing – meaning in certain cases you have the right to object to Processing your Personal Data, for example in the case of direct marketing.
  7. Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
  8. Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
  9. Right to lodge a complaint – if we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
  10. Right for the help of supervisory authority – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
  11. Right to withdraw consent – you have the right to withdraw any given consent for the Processing of your Personal Data.

The following forms of ID are accepted when information on your personal data is requested:

  • Driving license or passport – Please note, this is essential where requests involve images.
  • Utility bill (within the last 3 months of the request being made)

7) Where We Get Your Personal Information

Information about individuals may originate from different sources, including being collected from the person themselves. DCBL will disclose the source of any data held about a person upon their request if there is no overriding legal requirement not to do so. Such requests should be directed to the Data Protection Officer (DPO).

8) The Personal Data We Collect and How We Use It

8.1) Information that we collect automatically

When you visit DCBL’s Website, certain personal information can automatically be collected from your device. Specifically, may include information like your IP address, device type, unique device identification number, browser type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors. Some of this information may be collected using cookies and similar tracking technology, as explained further in our Cookie Notice.

In relation to tracing instructions only, received from a client. DCBL do not hold or process this data. Upon trace completion, all data is returned to the client unless further instruction is received for another of DCBL’s services.

8.2) What personal information does DCBL collect when you engage our Services

DCBL stores and uses information that could be used to identify a living person. The information collected will vary depending on the purposes for which that data is used. The purpose of this storage and use will vary depending on the area of the business that it pertains to. Where consent is required or used as the basis for storage and use of personal information, this will be clearly communicated, and the person providing their consent has the right to withdraw it at any time.

8.3) Human Resources

We Process Personal Data under the legal basis of:

‘Performance of a Contract’ and/or
‘Legal Requirement’ and/or
‘Consent’ and/or
‘Vital Interest’ and/or
‘Legitimate Interest’ and/or
‘Public interest’ for the following purposes:

We store information relating to employees and contractors so that we have adequate records to be able to contact, manage and pay them, and meet our legal obligations as an employer.

This information may be sent to another company working on our behalf, where the relationship is defined by a contract, and they are not permitted to use the information in any way we have not explicitly asked them to. Only certain authorised personnel within the company have access to this information. This information may include name, dob, billing address, home address, e-mail address, telephone, company name, financial and other information

Under the legal basis of vital interests, we process your Personal Data for the following purposes:

We collect data concerning health relating to employees, so we can make any necessary adjustments for their benefit and so that we may pass relevant information on to emergency services and healthcare professionals in the event of an illness or accident at work in order to protect their vital interests. This information may include name, dob, billing address, home address, e-mail address, telephone, medical, financial, and other information.

8.4) Sales

We Process your Personal Data under the legal basis of
‘Performance of a Contract’ and/or
‘Consent’ for the following purposes:

Whenever we sell products and services, we collect and store information about the person or people we have dealt with in the course of the sale, including prior to any sale taking place, in order to serve the mutual interests of our own and our clients’ or prospective clients’ companies. This is used for the purpose of completing the sale, managing service delivery, and marketing further products and services in the future. This information may include name, dob, billing address, postal address, e-mail address, telephone, financial and other information.

8.5) Marketing

We Process Personal Data under the legal basis of
‘Performance of a Contract’ and/or
‘Consent’ for the following purposes:

We conduct direct marketing activities in order to obtain new and repeat business, and sometimes this requires that we store and use names and business contact details of specific people whom we know or believe to be the most appropriate recipient of our marketing communications.

This work is also performed by other companies on our behalf. Since we obtain published or offered contact details for people in their business role and take steps to ensure that we and our suppliers are compliant with legal requirements such as the provision of a means of opting out of further marketing communications, we believe recipients’ privacy rights are balanced with our business interests. This information may include name, dob, billing address, postal address, e-mail address, telephone, financial and other information.

8.6) Purchasing

We Process your Personal Data under the legal basis of
‘Performance of a Contract’ and/or
‘Legal Requirement’ and/or
‘Vital Interest’ for the following purposes:

From time to time we may store names and business contact details of individual people working for our suppliers’ business. This is necessary to ensure we can contact the relevant people and maintain a relationship to the benefit of both our and their business. This information may include name, dob, billing address, postal address, e-mail address, telephone, financial and other information.

8.7) Service Delivery

We Process Personal Data under the legal basis of
‘Performance of a Contract’ and/or
‘Legal Requirement’ and/or
‘Vital Interest’ and/or
‘Legitimate Interest’ and/or
‘Public interest’ for the following purposes:

To deliver services to our clients, we collect, store, and use personally identifiable information including names, addresses, telephone numbers, email addresses and demographic information, as far as it is necessary for the provision of that service.

8.8) Publicly Available Information

We might gather information about you that is publicly available.
8.9) Other Information

We reserve the right to anonymise Personal Data gathered and to use any such data. We will use data outside the scope of this Policy only when it is anonymised.

We might process your Personal Data for additional purposes that are not mentioned here but are compatible with the original purpose for which the data was gathered. To do this, we will ensure that:

  • the link between purposes, context and nature of Personal Data is suitable for further Processing.
  • further Processing would not harm your interests and
  • there would be an appropriate safeguard for Processing.

8.10) Automated Decision Making

DCBL do not currently utilise automated decision-making functions within its business. A Data Protection Impact Assessment (DPIA) would be carried out before any Automated Processing (including profiling) activities were to be undertaken.

9) Data Retention

Except where a legal obligation to retain data exists, DCBL does not store personal information for any longer than is necessary for its defined purpose. Wherever an individual has expressed that they no longer wish to have the information we hold about them used for the purpose under which we hold it, we may need to continue storing certain identifiers to ensure that person’s information does not re-enter our systems at a later date. This data is stored apart from data that is in current use, is clearly labelled and access to it is restricted.

Data we hold on behalf of our clients will be held for up to 2 years unless it is needed for longer to complete the delivery of the service we have agreed to provide.

When data is no longer to be retained, its removal, deletion or erasure will be performed according to processes suitable for the medium, for example, the secure shredding of paper documents, deletion from internal systems, or overwriting (wiping) of hard disks.

10) Data Storage and Security

We do our best to store information relating to our business on computer systems rather than paper files, although it is often necessary to print or write upon certain documents, especially where legal documents are concerned. While these and similar items are ordinarily transferred quickly in sealed envelopes or given directly to the recipient, storage of them is managed by authorised staff who ensure that unauthorised persons do not have direct access. Paper files transported by agents operating in approved vehicles will be locked in a mobile safe according to our policy on data in transit.

Most information is however stored in computer systems. We apply an information security management system in accordance with the requirements of ISO 27001. Critical systems such as those relating to finance and service delivery are regularly backed up and/or continuously mirrored to protect against data loss and are physically located in secure premises.

We do our best to keep your Personal Data safe. We use safe protocols for communication and transferring data (such as HTTPS). We use anonymising and pseudonymising where suitable. We monitor our systems for possible vulnerabilities and attacks.

It is our policy that data stored electronically be protected from unauthorised access, accidental deletion, and malicious hacking attempts. In addition to internal processes, we employ third-party service providers to manage elements of this.

Even though we try our best we cannot guarantee the security of information. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.

11) Who Else can Access your Personal Data

In some cases, Personal Data about you is shared with our trusted partners to ensure we can provide our service to you as a client, or fulfil legal obligations or enhance your customer experience. We only work with Processing partners who can ensure an adequate level of protection to your Personal Data. We disclose your Personal Data to third parties or public officials when we are legally obliged to do so. We might disclose your Personal Data to third parties if you have consented to it or if there are other legal grounds for it such as tracing within High Court Enforcement or Debt Recovery processes.

We may share personal data with:

Credit Reference Agencies

12) Data Transfers

DCBL currently don’t but may make transfers of personal data outside the United Kingdom, including out of the European Economic Area. Such cases may be due to the physical location of a digital service provider that is storing data on our behalf, whose services are regulated by terms compatible with this policy and our compliance with applicable law. DCBL has, where local data protection regulations so require, put in place security measures for the export of personal data from its jurisdiction. Where local data protection regulations so require, DCBL has made arrangements with entities receiving your personal data such that they shall ensure that security measures are in place and that your personal data is processed only in accordance with EU Data Protection laws.

The safeguards we have taken include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information to our non-EEA members operating under DCBL, which requires our non-EEA members to protect personal information they process from the EEA in accordance with European Union data protection laws.

13) Privacy by Design and Data Protection Impact Assessment (DPIA)

We are required to implement Privacy by Design measures when Processing Personal Data by implementing appropriate technical and organisational measures (like Pseudonymisation) in an effective manner, to ensure compliance with data privacy principles.

We will assess what Privacy by Design measures can be implemented on all programs/systems/processes that Process Personal Data by considering the following:

(a) the state of the art.

(b) the cost of implementation

(c) the nature, scope, context, and purposes of Processing; and

(d) the risks of varying likelihood and severity for rights and freedoms of Data Subjects posed by the Processing.

Furthermore, DCBL will also conduct DPIAs with respect to high-risk Processing.

We will always conduct a DPIA (and discuss the findings with the DPO) when implementing major system or business change programs involving the Processing of Personal Data including:

(e) use of new technologies (programs, systems, or processes), or changing technologies (programs, systems, or processes).

(f) Automated Processing including profiling and Automated decision making.

(g) large scale Processing of Sensitive Data; and

(h) large scale, systematic monitoring of a publicly accessible area.

(k) an assessment of the risk to individuals; and

(l) the risk mitigation measures in place and demonstration of compliance.

14) Training and Audit

It is our policy to ensure that all DCBL Company Personnel has undergone adequate training to enable them to comply with data privacy laws. We must also regularly test our systems and processes to assess compliance. Company Personnel will undergo all mandatory data privacy related training. DCBL regularly review all the systems and processes under our control to ensure that we comply with this Privacy Notice and check that adequate governance controls and resources are in place to ensure proper use and protection of Personal Data.

15) Minors

We do not intend to collect or knowingly collect information from children. We do not target children with our services.

16) How to Contact Us

DCBL’s Data Protection Officer (DPO) is the main contact for anyone who wants to discuss matters covered under this policy or the law, including any person whose personal data we have come into contact with and used or stored, whether for our own purposes or on behalf of another company.

You can email dpo@dcbltd.com

Or write to:

Direct Collection Bailiffs Ltd
Direct House
Greenwood Drive
Manor Park
Runcorn
WA7 1UG

17) Complaints

If you have any concerns about how your data is being processed by us or any of our third parties, please contact us in the first instance and we will attempt to resolve any issues. We are governed by the Office of the Information Commissioner (ICO) in the United Kingdom. In the event that you wish to make a complaint about how your personal data is being processed by us or any of our third parties, or how your complaint has been handled, you may contact the supervisory authority:

The Information Commissioners Office (The ICO)

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113

www.ico.org.uk

18) Changes to this Privacy Policy

We reserve the right to make changes to this Privacy Notice at any time, for any reason. However, DCBL will review and update this Privacy Notice periodically or from time to time in response to legal, technical, or business developments. If material changes to this Notice are made, they will be updated via the business website.