Privacy statement

This document describes how and why we collect, store, protect, process and share the data given to us.

About us

Sarah Lowe Credit Management is the Data Controller. This means it is ultimately responsible for the personal data it holds.

Contact Address:


19 Sandy Lane
Fair Oak 
SO50 8EG

The personal data we will collect

  • The contact details of our clients

  • Contact details of our clients’ debtors (as provided by our clients or from other public or investigative sources)

  • Details of debts or credit that has been extended

  • Banking details

The reason we will process personal data

  • We collect personal data to allow us to recover money owed to our clients.

Our legal basis for processing personal data

  • The processing of our clients’ personal data is carried out as part of the contract they have with us to recover their money (GDPR Article 6(1)(b)).

  • The processing of the personal data of our clients’ debtors is carried out as a legitimate interest of SLCM and of our clients (GDPR Article 6(1)(f)).

Who we will share personal data with

  • Business associates and other professional advisers (eg solicitors)

  • Family and associates of the person whose personal data we are processing

  • Suppliers and service providers

  • Financial organisations

  • Ombudsmen and regulatory authorities

  • Central government Credit reference agencies

  • Debt collection and tracing agencies

  • Courts and tribunals

  • Current, past and prospective employers

The rights of the people whose data we process

  • The people whose personal data we are processing have the following rights that are applicable to our business:

  • To be informed – they have a right to be told that we are processing their data. This right however does not apply if they already have the information we are processing or being informed would ‘render impossible or seriously impair’ our purposes for processing it (eg for the recovery of debt)

  • Access – they have a right to confirmation that we are processing their data, a copy of their personal data and other supplementary information Rectification – they have a right to have inaccurate personal data corrected

  • Erasure – they have a right to have their personal data erased, providing there are no reasons for this right not to apply (eg for the establishment, exercise or defence of legal claims)

  • Portability – they have a right to obtain and reuse their personal data for their own purposes across different services

  • To object – they have the right to object to the processing of their personal data in certain circumstances

If you want exercise any of your rights please contact us at .

How long we keep personal data

  • After it has finished the use for which it was being processed (eg as a live case or current client) we destroy most personal data after 2 years. Some personal data may however be retained for up to 7 years (current financial year plus 6) in line with the Limitation Act 1980.

How data is stored and processed?

  • Personal data are stored in electronic and hard copy formats. Electronic records are protected by encryption, anti-hacking and anti-virus technologies. Hard copy documents are stored in appropriate containers and in locations to which access is restricted.


  • If you’ve already told us we need to do something, but we haven’t responded in a way that you’re satisfied with, you can complain to the Information Commissioner’s Office (the ICO).

  • It’s easiest to do this online via the ICO website ( ), but you can also do so in writing to:

The Information Commissioner’s Office
Wycliffe House
Water Lane