By providing our clients/your original creditor with your personal information and taking out a contract with them, you consented to them processing your data which includes passing your account to us if it falls into arrears and/or default.
We process your data on the legal basis of this relationship creating a legitimate interest for us to pursue the debt on their behalf.
The Digital DRA Ltd provides debt resolution services to third party clients. The majority of your data is provided to us by our client. Other data about you that we will hold is provided to us by you, our customer.
2.0 INFORMATION ABOUT US
Company Name: The Digital DRA Ltd
Company Number: 13264034
Registered Address: Office 32, The Elsie Whiteley Innovation Centre, Hopwood Lane, Halifax, HX1 5ER
3.0 WHAT DOES THIS POLICY COVER
4.0 WHAT IS PERSONAL DATA?
Personal data is defined by the UK General Data Protection Regulation (hereinafter referred to as the GDPR) as:
“‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Personal data is any information about you that enables you to be identified. Personal data covers information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
5.0 WHAT ARE YOUR RIGHTS?
Under the GDPR, you have the following rights, which we will always seek to uphold:
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in this Policy.
Further information about your rights can also be obtained from the Information Commissioner’s Office (ICO).
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it.
No fee is required to make a request unless your request is clearly unfounded or excessive.
Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
If you have cause to complain about our use of personal data, please send an email with the details of your complaint to firstname.lastname@example.org We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the ICO. For further information on your rights and how to complain to the ICO, please refer to the ICO website, www.ico.org.uk.
6.0 WHAT PERSONAL DATA DO WE COLLECT?
We may collect some or all of the following personal data:
We may record and use family and lifestyle information where it has an impact on your account to ensure we deal with you in an appropriate and fair manner which best suits your needs.
We may collect publicly accessible information about you, for example through an internet search or news articles.
6.1 SPECIAL CATEGORY DATA
Special category data is information about an individual’s:
We only record and process special category data with your explicit consent. If you inform us of any information which is sensitive, we will ask for your explicit consent to record it. The information recorded will be kept to a minimum and limited to that which is necessary. With your consent, we record and process special category data to ensure we deal with you in an appropriate and fair manner which best suits your needs, to understand any impact upon your ability to pay and to understand any impact upon the way we communicate with you.
You can withdraw your consent to us processing special category data by using the details provided in this Policy.
If you provide us with information which we believe puts your life in danger, we may record and process this information, including sharing this information with the emergency services, on the lawful basis of Vital Interest, to protect your life.
6.2 CRIMINAL CONVICTIONS
We may collect some limited information (prison name, prison number, date of conviction and length of sentence) about any current criminal convictions you may have from publicly accessible information, such as media reports. The information recorded will be kept to a minimum and limited to that which is necessary. We record and process this data to ensure we deal with you in an appropriate and fair manner which best suits your needs, to understand any impact upon your ability to pay and to understand any impact upon the way we communicate with you.
Where you (or someone authorised to act on your behalf) has provided us with this information, we use it on the basis that you have given us your consent to do so. You can withdraw your consent to us processing this information at any time using the details provided in this Policy.
7.0 WHERE DO WE GET YOUR PERSONAL DATA FROM?
We get your personal data from various sources, specifically:
8.0 VISITORS TO OUR WEBSITE
When you access our website, we may collect information about your visits to understand the frequency with which specific visitors visit various parts of our website. For example, we may collect your Internet Protocol (IP) address, which identifies the computer or service provider that you use, or information about your browser type, authentication identifiers, and other software and hardware information. If you access our website through a mobile or other device, we may collect your mobile device identifier, geolocation data (including your precise location), or other transactional information for that device.
If you visit our website to communicate with us, you are generally in control of the personal data shared with us. We receive personal data, such as your name, title, email address and telephone, when you contact us via Webchat or our form submission pages. When you provide personal data to us, we will use it for the purposes for which it was provided to us as stated at point of collection, or as obvious from the context of the data. The chat transcripts may be stored and integrated with other secure applications.
We ask that you do not provide special category information to us when using our website unless you feel this information will impact how we handle your account. If you choose to provide special category information to us for any reason, the act of doing so constitutes your explicit consent for us to collect and use that information in the ways described in this Policy or as described at the point where you choose to disclose this information.
Our website does not collect or compile personal data for the dissemination or sale to outside parties for consumer marketing purposes or host mailings on behalf of third parties.
We may use any of the following cookies:
Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to access all or parts of our site or to fully experience the interactive features of our website.
10.0 VISITORS TO OUR OFFICE
There are security measures in place at our offices, including CCTV and building access controls.
The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation.
We require visitors to our offices to sign in and keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis.
11.0 HOW WE USE YOUR PERSONAL DATA
We process your personal data because it is necessary for our performance of a contract with our client. We need your information in order to carry out the following activities:
12.0 HOW LONG WE KEEP YOUR PERSONAL DATA
We retain the personal data processed by us for as long as is considered necessary for the purpose for which it was collected. We retain personal data to provide our services and to comply with applicable laws or regulations. Unless a different time frame applies as a result of a business need or specific legal, regulatory or contractual requirements, where we retain personal data in accordance with these uses, we retain personal data for seven years.
In the absence of specific legal, regulatory, or contractual requirements, our retention period for records is no more than 7 years from the date you cease to have an active account with us.
13.0 WHERE WE STORE YOUR PERSONAL DATA
We only store or transfer some or all your personal data in countries that are part of the European Economic Area. This means that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR.
The security of your personal data is essential to us and to protect your data, we have put appropriate technical and organisational security policies and procedures in place to protect personal data from loss, misuse, alteration, or destruction. We aim to ensure that access to your personal data is limited only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information.
14.0 SHARING YOUR PERSONAL DATA
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality, and security standards.
Personal data held by us may be transferred to:
If any of your personal data is transferred to a third party, as described above, we take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
The information that we share with our suppliers will depend on the nature of the products and services that they provide to us, but we will only share the minimum amount of your information which is necessary for them to provide us with the products and services we need.
If for any reason any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the GDPR.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
15. ACCESSING YOUR PERSONAL DATA
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a data subject access request.
Subject access requests can be made using the details found in this Policy.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request without undue delay and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
16. LINKS TO OTHER WEBSITES
Our website contains links to other sites. Please review the destination websites’ privacy policies before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.
17. CONTACT US
To contact us about anything to do with your personal data and data protection, including making a subject access request or withdraw consent, please mark your communications for the attention of the Data Protection Officer and use the following details:
Email Address: email@example.com
Postal Address: Office 32, Elsie Whiteley Innovation Centre, Hopwood Lane, Halifax, HX1 5ER
18. CHANGES TO THIS POLICY