Privacy policy
In accordance with The General Data Protection Regulation
Effective date: 16 January 2025
1. Introduction Redwood Collections Limited (“we,” “our,” or “us”) provides debt recovery services to businesses (“clients”). In doing so, we act as a data processor, handling personal data on behalf of and under the instruction of our clients, who are the data controllers. This privacy policy explains how we process personal data, in compliance with the General Data Protection Regulation (GDPR).
2. Role and Responsibility
- Our Role as Data Processor:
We process personal data provided by our clients to fulfil their instructions. This includes assisting with the recovery of outstanding balances owed by individuals or entities we refer to as debt account holders. - Clients as Data Controllers:
Our clients determine the purpose and legal basis for processing personal data. They remain responsible for ensuring compliance with data protection laws in relation to their data collection and sharing practices.
3. Legal Basis for Processing We process personal data in line with GDPR Article 6.1(b):
- Processing is necessary for the performance of a contract to which the data subject (debt account holder) is a party or for taking steps at the request of the data subject prior to entering into a contract.
This ensures our actions directly facilitate the contractual relationship between our clients and debt account holders.
4. Data We Process The types of personal data processed may include, but are not limited to:
- Contact information (e.g., name, address, email, phone number)
- Financial details (e.g., outstanding balances, payment history)
- Other information relevant to the contractual relationship (as provided by the client)
5. How We Use Data As a processor, we use personal data strictly to:
- Facilitate communication between our clients and debt account holders.
- Support the resolution of outstanding balances.
- Provide updates and reports to our clients.
Additionally, we share client and debt account holder data with Google to improve the experience for individuals searching online. This ensures they are directed away from sales-related advertisements and toward accurate, relevant information, such as payment options or support resources.
We do not use personal data for marketing or any purpose outside the scope defined by our clients.
6. Data Sharing and Transfers We do not share personal data with third parties unless instructed by our clients or required by law. When sharing data with Google for search optimization purposes, we ensure compliance with GDPR by applying appropriate safeguards and anonymizing data where possible.
7. Data Retention Personal data is retained only for as long as instructed by the client or as required by law. Upon completion of our services, data is securely returned or deleted, as per our agreements.
8. Rights of Data Subjects
- Exercising Your Rights: If you wish to exercise your rights under data protection law (e.g., access, rectification, erasure), please contact the relevant data controller (our client) directly.
- Our Role: As a processor, we will assist the data controller in responding to your request as required under GDPR.
9. Data Security We implement technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, and destruction. Regular audits and staff training ensure ongoing compliance with data protection requirements.
10. Contact Information If you have any questions regarding this policy or how your data is handled, please contact our Data Protection Officer (DPO) at info@redwoodcollections.com
