ACT Credit Management Ltd (ACT) is strongly committed to protecting personal data. This Privacy Notice describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy notice or as otherwise stated at the point of collection and in a way that is consistent with our obligations and your rights under the law.
ACT Credit Management Ltd provides credit management services to third party clients. The majority of your data is provided to us by our client (the Data Controller).
- Information About Us
ACT Credit Management Ltd
Registered number: 05073492.
Registered address: Bank House, 7 St. Johns Road, Harrow, HA1 2EE
We are a member of Credit Services Association.
Where we use “we”, “our” or “us” in this privacy notice, we mean ACT Credit Management Ltd unless we say otherwise
- What Does This Notice Cover?
This Privacy Notice explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
- What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out in Part 5, below.
- What Are Your Rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 15.
- The right to access the personal data we hold about you. Part 13 will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company if is technically feasible.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 15.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make a request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
If you have cause to complain about our use of personal data, please send an email with the details of your complaint to email@example.com. We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) (the UK data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website.
- What Personal Data Do We Collect?
We may collect some or all of the following personal data:
- Date of birth;
- Address and previous addresses;
- Email address;
- Telephone and mobile numbers;
- Business name;
- Job title;
- Employment status;
- Payment information;
- Details of the debt owed to our client;
- Payment information;
- Income and expenditure information (ability to pay information);
- If you make a payment by credit or debit card, we process your card information for the purposes of taking your payment but we do not store your card details;
- Information about you contained in correspondence with you and with third parties;
- Call recordings;
- Details of any County Court Judgments (CCJs) which you may have;
- Details of any bankruptcy or insolvency proceedings which you have entered into;
- Credit score/credit referencing data (if requested by our Clients);
- Details of any queries, disputes or complaints;
- CCTV footage (if you visit our premises).
We may record and use family and lifestyle information where it has an impact on your account to ensure we deal with you in an appropriate and fair manner which best suits your needs.
We may collect publicly accessible information about you, for example through an Internet search or media articles.
Special Category Data
Special category data is information about an individual’s:
- ethnic origin;
- trade union membership;
- biometrics (where used for ID purposes);
- sex life;
- sexual orientation.
We only record and process special category data with your explicit consent. If you inform us of any information by telephone which is sensitive, we will ask for your explicit consent to record it. The information recorded will be kept to a minimum and limited to that which is necessary. With your consent, we record and process special category data to ensure we deal with you in an appropriate and fair manner which best suits your needs, to understand any impact upon your ability to pay and to understand any impact upon the way we communicate with you.
If you inform us of any special category data by letter or email, the act of doing so constitutes your explicit consent for us to collect and use that information in the ways described in this Privacy Notice or as described at the point where you choose to disclose this information.
You can withdraw your consent to us processing special category data by using the details provided in Part 15.
If you provide us with information which we believe puts your life in danger, we may record and process this information, including sharing this information with the emergency services, on the lawful basis of Vital Interest, to protect your life.
We may collect some limited information (prison name, prison number, date of conviction and length of sentence) about any current criminal convictions you may have from publicly accessible information, such as media reports. The information recorded will be kept to a minimum and limited to that which is necessary. We record and process this data to ensure we deal with you in an appropriate and fair manner which best suits your needs, to understand any impact upon your ability to pay and to understand any impact upon the way we communicate with you.
Where you (or someone authorised to act on your behalf) has provided us with this information, we use it on the basis that you have given us your consent to do so. You can withdraw your consent to us processing this information at any time using the details provided in Part 15.
- Where do we get your Personal Data from?
- Our clients to whom we provide Services;
- From yourself (communications via telephone, email, letter, text messaging, live chat, our website);
- Third parties with authority to act on your behalf, including someone who is acting under a power of attorney;
- Publicly accessible information (Internet searches, news and social articles, Companies House;
- Credit reference agencies: Equifax, Experian & Callcredit.
- Visitors to our Website
When you access our website, we may collect information about your visits to understand the frequency with which specific visitors visit various parts of our website. For example, we may collect your Internet Protocol (“IP”) address, which identifies the computer or service provider that you use, or information about your browser type, authentication identifiers, and other software and hardware information. If you access our website through a mobile or other device, we may collect your mobile device identifier, geolocation data (including your precise location), or other transactional information for that device.
If you visit our website to communicate with us, you are generally in control of the personal data shared with us. We receive personal data, such as your name, title, email address and telephone, when you contact us via “Live Chat” or our “Contact Us” page. When you provide personal data to us, we will use it for the purposes for which it was provided to us as stated at point of collection (or as obvious from the context of the data). Chat data is encrypted during transmission using secure socket layer (SSL) technology. The chat transcripts may be stored and integrated with other secure applications.
We ask that you do not provide sensitive information (such as race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records) to us when using our website; if you choose to provide sensitive information to us for any reason, the act of doing so constitutes your explicit consent for us to collect and use that information in the ways described in this privacy statement or as described at the point where you choose to disclose this information.
Our website does not collect or compile personal data for the dissemination or sale to outside parties for consumer marketing purposes or host mailings on behalf of third parties.
We may use any of the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of the Website. They include, for example, cookies that enable you to log into secure areas of our website or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website.
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to access all or parts of our site or to fully experience the interactive features of our wesbite.
- Visitors to our Office
There are security measures in place at our offices, including CCTV and building access controls.
There are signs showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).
We require visitors to our offices to sign in at reception and keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis (e.g. to look into an incident).
- How Do You Use My Personal Data?
We collect personal data from our clients or from third parties, acting on the instructions of the relevant client. We process your personal data because it is necessary for our performance of a contract with our client. We need your information in order to carry out the following activities:
- contacting you to arrange payment of your debt
- agreeing and monitoring payment plans
- processing any payments you make
- managing your account
- locating you, checking your identity and verifying that the information we hold about you is accurate
- acting as Agents for our Client and assisting our Client in taking legal action against you
- acting as Agents for our Client and assisting our Client to enforce a Judgment/Decree/Decision against you.
- How Long Will You Keep My Personal Data?
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected. We retain personal data to provide our services and to comply with applicable laws or regulations. Unless a different time frame applies as a result of a business need or specific legal, regulatory or contractual requirements, where we retain personal data in accordance with these uses, we retain personal data for seven years.
In the absence of specific legal, regulatory or contractual requirements, our retention period for records is no more than 7 years from the date you cease to have an active account with us.
- Where Do You Store My Personal Data?
We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR.
The security of your personal data is essential to us and to protect your data, we have put appropriate technical and organisational security policies and procedures in place to protect personal data from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.
- Do You Share My Personal Data?
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
Personal data held by us may be transferred to:
- Our Client to ensure their data is accurate, complete and up to date.
- Parties that support us as we provide our services (e.g. providers of telecommunication systems, payment processing, mailroom services, IT support, archiving services, website hosting and database software services).
- Third party law firms, process servers and enforcement agents to act on our Clients’ behalf to recover the amount you owe, take legal action and enforce any Judgments\Decrees\Decisions that our Client may have against you
- Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation
If any of your personal data is transferred to a third party, as described above, we take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law. The information that we share with our suppliers will depend on the nature of the products and services that they provide to us but we will only share the minimum amount of your information which is necessary for them to provide us with the products and services we need.
If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
- How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
Subject access requests can be made over the telephone or in writing using the details shown in Part 15.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request without undue delay and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
- Third Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
“Digital Marketing Service Providers”.
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
- Links to other Websites
Our website contains links to other sites. Please review the destination websites’ privacy policies before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.
- How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including making a subject access request or withdraw consent, please mark your communications for the attention of: Data Protection Manager and use the following details:
Email address: firstname.lastname@example.org
Telephone number: 0203 1500 150.
Postal Address: Bank House, 7 St. John’s Road, Harrow, HA1 2EE
- Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. We recognise that transparency is an ongoing responsibility so we will keep this privacy statement under regular review.