Creditlink Account Recovery Solutions Limited (CARS) is committed to protecting and respecting your privacy, and this document explains how we look after your personal data and make sure that we meet our legal obligations to you under the GDPR and other data protection rules.
Phone: 01256 306798
Post: The Data Protection Officer, Creditlink Account Recovery Solutions Ltd, Midpoint, Alencon Link, Basingstoke, RG21 7PP
The processing of your personal data is necessary for us to fulfil our obligations under the agreement which is in place with you (even where you did not enter into it with us directly) and to comply with our other legal obligations. We may also process your personal data for the purposes of pursuing our legitimate interests, including debt purchase, debt sale, debt recovery and for the promotion of responsible lending and the prevention of fraud and crime.
CARS may use your personal information for its debt collecting, debt purchasing, and debt sale activities. This may include the following:
It is likely that you will have shared your personal data with our associates with whom you originally entered into the agreement (Our clients and Debt sellers) to purchase items or services from them. You may also share your personal data with us over the phone, by email or by letter.
The categories of personal data we process are as follows:
The GDPR defines certain personal data as “special categories of personal data”, which includes data relating to your health.
From time to time we may need to process information about your mental or physical health; this is to ensure we meet our obligations in respect of the sensitive treatment of potentially vulnerable consumers.
You have no statutory or contractual obligation to provide us with any of your special categories of personal data, such as details of bad health, but refusing to do so could mean that we would not be able to manage your account according to your needs.
We may use data concerning your health for the purposes of:
We will always obtain your explicit consent to record and share this information for the above purposes and you have the right to request its deletion.
When we process your personal data on the basis that you have provided consent for us to do so, you have the right to withdraw that consent. You can withdraw consent to us processing your personal data at any time by contacting us using one of the methods specified above. If you change your mind about agreeing to us processing your information, this will not have any effect on the lawfulness of the processing we have carried out before you change your mind.
In order to conduct our business, we may share your personal data with organisations that offer us support and services such as:
CRAs collect and maintain information on consumers’ and businesses’ credit behaviour on behalf of organisations in the UK. FPAs collect, maintain and share information on known and suspected fraudulent activity. Some CRAs also act as FPAs. We share information about you, members of your household and those to whom you are linked financially with CRAs and FPAs and may carry out periodic searches with them to verify your identity, manage your account, prevent and detect crime and fraud and carry out a credit reference check.
Details of your agreement with us will be sent to CRAs and FPAs and recorded by them. This information may be supplied to other organisations by CRAs and FPAs and may be used and searched by us and other organisations, such as debt collection agencies, in order to:
When CRAs receive a search from us they place a search “footprint” on your credit file whether or not the application proceeds. Records remain on file with CRAs and FPAs for 6 years after they are closed, whether settled by you or defaulted. You have a right to be told which credit reference agencies we have used and obtain a copy of your file from CRAs.
The contact details of the CRAs we use are:
Transunion, Red Lion Buildings, 12 Cock Lane, London, EC1A 9BU https://www.transunion.co.uk/
Experian, The Sir John Peace Building, Experian Way, NG2 Business Park, Nottingham, NG80 1ZZ https://www.experian.co.uk/
Further information about CRAs and how they use personal information is available at http://www.experian.co.uk/crain/index.html]
It is possible that your personal data may be shared with other entities within our group that are based in the USA; the group is collectively known as JCAP. All affiliates within the group adhere to the Privacy Shield Principles. To learn more about the privacy shield programme and our certification, please visit https://www.privacyshield.gov/welcome. In addition to Privacyshield we also utilise an Intragroup Data Sharing Agreement which contains all appropriate Standard Contractual Clauses which allow the entities within our group to share your personal data with each other.
We may share your personal data with service providers based in countries outside the UK and EU which do not have an adequacy decision. In these circumstances we will ensure there are appropriate safeguards in place including Data Sharing Contracts which contain applicable Standard Contractual Clauses.
Call recordings will be retained for 6 months. We will retain any other personal data for a period of 6 years after your account has been closed.
Under the GDPR you have the following rights in respect of your data:
You have the right to lodge a complaint with our supervisory body. If you wish to do so, please contact the Information Commissioner’s Office (ICO), Tel: 0303 123 1113, website: https://ico.org.uk/.
We obtain your personal data from our clients and yourself. We may also receive your personal data from trace companies and CRA