This document describes how and why we collect, store, protect, process and share the data given to us.
Sarah Lowe Credit Management is the Data Controller. This means it is ultimately responsible for the personal data it holds.
19 Sandy Lane
The personal data we will collect
The contact details of our clients
Contact details of our clients’ debtors (as provided by our clients or from other public or investigative sources)
Details of debts or credit that has been extended
The reason we will process personal data
We collect personal data to allow us to recover money owed to our clients.
Our legal basis for processing personal data
The processing of our clients’ personal data is carried out as part of the contract they have with us to recover their money (GDPR Article 6(1)(b)).
The processing of the personal data of our clients’ debtors is carried out as a legitimate interest of SLCM and of our clients (GDPR Article 6(1)(f)).
Who we will share personal data with
Business associates and other professional advisers (eg solicitors)
Family and associates of the person whose personal data we are processing
Suppliers and service providers
Ombudsmen and regulatory authorities
Central government Credit reference agencies
Debt collection and tracing agencies
Courts and tribunals
Current, past and prospective employers
The rights of the people whose data we process
The people whose personal data we are processing have the following rights that are applicable to our business:
To be informed – they have a right to be told that we are processing their data. This right however does not apply if they already have the information we are processing or being informed would ‘render impossible or seriously impair’ our purposes for processing it (eg for the recovery of debt)
Access – they have a right to confirmation that we are processing their data, a copy of their personal data and other supplementary information Rectification – they have a right to have inaccurate personal data corrected
Erasure – they have a right to have their personal data erased, providing there are no reasons for this right not to apply (eg for the establishment, exercise or defence of legal claims)
Portability – they have a right to obtain and reuse their personal data for their own purposes across different services
To object – they have the right to object to the processing of their personal data in certain circumstances
If you want exercise any of your rights please contact us at email@example.com .
How long we keep personal data
After it has finished the use for which it was being processed (eg as a live case or current client) we destroy most personal data after 2 years. Some personal data may however be retained for up to 7 years (current financial year plus 6) in line with the Limitation Act 1980.
How data is stored and processed?
Personal data are stored in electronic and hard copy formats. Electronic records are protected by encryption, anti-hacking and anti-virus technologies. Hard copy documents are stored in appropriate containers and in locations to which access is restricted.
If you’ve already told us we need to do something, but we haven’t responded in a way that you’re satisfied with, you can complain to the Information Commissioner’s Office (the ICO).
It’s easiest to do this online via the ICO website (https://ico.org.uk/concerns/handling/ ), but you can also do so in writing to:
The Information Commissioner’s Office