Privacy policy
In accordance with The General Data Protection Regulation
1. Introduction
This Privacy Policy sets out how we process your personal data when we control the processing for instance conducting debt collection. For some of our services, we merely act as a data processor and process your personal data on our client’s instructions.
Personal data is defined as that belonging to any individual (including a sole trader business).
We may process personal data about you in different ways and different situations, depending on if you are a client or a customer. Regardless of situation, we will never sell, commercialise or use your personal data in violation of applicable data protection laws.
Redwood Collections Ltd respects your privacy, regardless of if we process your personal data on our own or on other parties’ behalf.
It is important for us that you understand what personal data we process about you, why we do it and what your rights are. This Privacy Policy will give you more information on the processing of your personal data by Redwood Collections Ltd.
If you want to notify us of a personal data breach or send us a request regarding your data subject rights, please contact our data protection officer.
2. Policy
This policy refers to our processing of your personal data.
2.1 - Why have we access to and process your data?
We will only process your personal data if we have a legal ground to do so. This means that the processing must be necessary for the performance of a contract to which you or the company you represent is party or in order to take steps at the request of you prior to entering into a contract.
We have a legal obligation to provide your personal data when we are audited by the authorities and to prevent, monitor and evidence fraud, anti-money laundering and other criminal activities.
Your data will be held securely in compliance with data protection legislation.
2.2 - What personal data are you processing about me and why?
We hold necessary information for the management of the contractual or business relationship. To be able to communicate with you and to ensure safe and true identification we need your name, job title and contact details such as address, telephone number and email. To discuss any indebtedness to our clients, we require certain debt information.
We have a legal obligation to provide your personal data when we are audited by the authorities and to prevent, monitor and evidence fraud, anti-money laundering and other criminal activities.
We may also process your data for the following purposes:
• To deliver services such as newsletters, training or support your request to purchase
• To conduct marketing campaigns and/ or market studies
• To develop and personalise our marketing, products and services to better meet your interests which may entail profiling
2.3 - Will you share my personal data with others?
We may share personal data with our suppliers that facilitate and/or provide parts of our services, e.g. solicitors, process servers and legal representatives. We may also share personal data with our clients.
Our employees will have access to the personal data. In such a case, access will be granted only if necessary for the purposes described and only if the employee is bound by an obligation of confidentiality.
2.4 - Will my personal data be transferred to another country?
In order to execute our responsibilities to our clients, we may transfer data to another country. If we do, we will ensure there are suitable safeguards in place to comply with EU General Data Protection Regulation (GDPR).
2.5 - How long do you store my personal data?
We will retain your data as long as required for the lawful purpose for which it was obtained, as long as we have legitimate interest to keep it e.g. until termination of our agreement and/or the statue barring period is due to be able to defend ourselves against legal claims. We are also legally obliged to keep your personal data for a period of time to prevent and detect fraud, detect and evidence anti-money laundering and for financial audits.
As far as our backups are concerned, we will also delete your data in our backups, but only if and when the back-up tape comes up for restore, according to our backup policy. If the backup comes up for deletion as per back up policy, we will fully delete your data.
2.6 - Will I be subject to automated decision-making?
We will not use your personal data for automated decision-making.
3. Your rights
It is important you understand that it is your personal data that we process and that we want you to be comfortable with us doing so. Even if we do not need your permission to process your personal data, you have many rights in relation to the processing of your personal data.
3.1 - Right to access - You may request information on how we process your personal data, including information on:
• Why we process your personal data
• What categories of personal data we process
• Who we share your personal data with
• How long we store your personal data or the criteria for determining this period
• What rights you have
• From where we have received your personal data (if we have not received it from you) If the processing includes automatic decision making (so-called profiling)
• If your personal data has been transferred to a country outside of the EEA, how we ensure the protection of your personal data.
You may also request a copy of the personal data we process about you. However, additional copies will be combined with a fee.
3.2 - Right to correction - It is important that we have the right information about you and urge you to let us know if any of your personal data is incorrect, e.g. if you have changed your name or moved.
3.3 - Right to be forgotten - If we process your personal data in an unlawful way, for example if we process your personal data longer than necessary or for no reason, you may ask us to delete this information.
3.4 - Right to restriction - From the time you have requested we correct your personal data or if you have objected to the processing and until we have been able to investigate the issue or confirm the accuracy of your personal data (or changed it in accordance with your instructions), you are entitled to restrict processing. This means that we (except for storing the personal data) may process your personal data only in accordance with your consent, if necessary with reference to legal claims, to protect someone else's rights or if there is an important public interest in the processing. You may also request that we restrict the processing of your personal data if the processing is unlawful but you do not want us to delete the personal data.
3.5 - Right to objection - If you believe that we do not have the right to process your personal data, you may object to our processing. In such cases, we may continue processing only if we can show compelling justifying reasons that out-weigh your interests, rights and freedoms. However, we may always process your personal data if it is required for the determination, exercise or defense of legal claims.
3.6 - Right to data portability - You may request to have your personal data that you have provided to us for processing based on consent or to fulfil a contract, provided to you in a structured, widely used and machine-readable format. You also have the right to request to transfer that information to another data controller.
3.7- Withdrawal of consent - Redwood Collections Ltd does not base its processing upon consent.
4. Complaints and queries
If you wish to raise a complaint about how we handle your personal data, including in relation to any of the rights outlined above, you can contact our Data Protection Officer and we will investigate your concerns. At this helm for Redwood Collections Ltd is Grant Murray.
If you are not satisfied with our response, or believe we are processing your data unfairly or unlawfully, you can complain to the Information Commissioner’s Office.
If you have any further questions on how we process your personal data you may contact us through our Data Protection Officer.
5. List of sub-processors
Your data may be shared, when neccessary, with other parties involved in the collections, legal or tracing process:
• Harwood & Co - solicitors practice
• Grosvenor Investigations & Security Services- process server
• LexisNexis TraceIQ - tracing agents
• HM Courts & Tribunals Service
• HM Land Registry
• LexisNexis Risk Solutions UK Ltd (Compliance product)
• DocuSign Inc - digital document signing platform
• Databarracks - data backup service
• Dataquest Group - IT support
• Nexum Software Ltd - system software provider
• Salesforce Inc - CRM provider