Any customer of Pastdue Credit Solutions.

We publish a separate Privacy Notice for Pay by Bank Account (FundBy Bank), which should be read in conjunction with this Privacy Notice, where applicable - it can be found here, Pay by bank account Privacy Notice

The Personal Data that we would be processing may include:

• Name
• Address (including any new or previous addresses)
• Date of birth
• Information surrounding the matter that we are contacting our customers regarding.

As the data controllers, our clients determine the lawful basis under which we process customer data. The usual basis on which we process the above information is in order to fulfil performance of a contract; or legitimate interests; or, in instances where we are employed by a public authority, to fulfil performance of a task carried out in the public interest.

Pastdue Credit Solutions act as a data controller for the processing of data that is shared with the Money Adviser Network, and with our customer satisfaction survey provider. This applies only in the circumstances when customers provide their explicit consent, and consent is our lawful basis for the processing. Before proceeding with the data transfer, a customer will be advised of their right to withdraw their consent at any time.

When we process data by referring consenting customers to the Money Adviser Network or our customer satisfaction survey provider, the data that we process will be your name, telephone number and, in some instances, email address.

Pastdue Credit Solutions also act as a data controller when inviting customers to leave a Trustpilot review of our firm. The lawful basis for the processing is legitimate interests. The data that we process will be your name, email address, and any data provided in response to the invite.

Financial Data
This is to ensure that we have up to date information surrounding our customers finances to ensure that we have the best affordable repayment plan in place for them.

Vulnerability Data
This is to ensure that we deal with our customers account in the best possible manner and take the appropriate action for them, for example sending letters in a suitable medium.

We collect Personal Data to fulfil our contractual requirements with our clients. Consent may have been originally obtained within the Terms & Conditions of our client’s contract.

Personal data is collected by our clients prior to the information being passed to our business and therefore, is as accurate as possible and in line with the information that was provided to them by their customers.

We could have obtained customer information from a number of different sources, such as:

• From our clients to fulfill our contractual requirements with them.
• Personal Data may have been provided by our customers when communicating with us.
• We may have received up to date contact information from a credit reference agency or data management company.

If customers wish to obtain further details on the Credit Reference Agencies we use and the information they hold then please use the following links specific to each Credit Reference Agency’s own Privacy Notice.

• https://www.transunion.co.uk/crain
• https://www.equifax.co.uk/crain
• https://www.experian.co.uk/crain/index.html

The reason that we process customer information is to satisfy our contractual requirements with clients and fulfil our duties as a Debt Recovery Agency.

It is important that customers are aware of what we do with the Personal Data that we hold on them.

We process Personal Data when performing the contract that we have in place with our client. We do this to ensure that we manage customer accounts appropriately and contact them to resolve the issue accordingly. The Consent to contact customers has already been provided to our client when the terms & conditions of their contract or service was agreed or provided.

We will also process Personal Data to comply with legal obligations, such as the Financial Conduct Authority rules.

We will:

• Keep an accurate record of our dealings with our customers. This ensures that we have an accurate history of customer accounts in case of any disputes or Subject Access Requests.
• We record all of our calls and monitor these accordingly to help train our staff and ensure that we have an accurate history of customer accounts. We will not record or store any credit or debit card details on our system.
• We will store any correspondence received from customers for a period of 30 days to ensure that we can appropriately deal with any disputes or queries that we receive.

If customers request information from us, or ask us to contact them, and provide us with details so that we can do this, then we may process this information for the purpose of managing customer accounts. We do this to ensure that we provide the detailed information when providing customers with feedback on this.

• To provide our customers with a friendly customer service and ensure that they gain the best possible resolution.
• For debt recovery & collection purposes.
• To trace customers through the use of Credit Reference Agencies.
• To prevent money laundering and fraud.
• To ensure that customer accounts are updated with the appropriate history notes and that this reflects the communications our customers have with us.
• If our customers provide us with further contact information such as an additional telephone number or email address then we may use this to contact them.
• Any updated information that we receive from customer may be shared with our client.
• If any personal sensitive data is disclosed to us this may be shared with our client where we have received consent or we are contractually required to do so. The appropriate questioning will be conducted when we are made aware of sensitive Data to ensure that customers are happy with us to share the information with our client.

Your data will be securely stored in the UK and will only be shared with those necessary in order to satisfy our contractual requirements with clients. This means that your data may be shared with third-party suppliers. Contracts are in place with our third-party suppliers, covering expectations for; Data Protection, Confidentiality and Information Security. Our third-party suppliers are compliant with all applicable data privacy regulation, ensuring your data is safe and secure.

The categories of our third-party suppliers are:

• Credit reference agency.
• Data management company.
• Card payment providers.
• Direct Debit payment providers
• Text, email and letter fulfilment.
• Business continuity.
• Automated contact centre technology.
• Secure transfer of cash, postal orders & cheques.
• Confidential waste disposal.
• Security technology such as anti-virus scanning.
• Cloud-based storage solutions providers.
• Customer satisfaction survey provider.

The only data that may be transferred outside the UK and European Economic Area is data captured during customer satisfaction surveys, data shared with a credit reference agency to provide up to date contact details for you, or data from reviews of our firm which you provide on Trustpilot.

The data transferred for customer satisfaction surveys is customer contact information and survey responses, and the data may be transferred to Ireland or the United States (for storage and hosting), and the United States and Australia (for respondent contact, usage, cookies and other tracking information, processed for customer and product support services.) Data transfers are protected by means of signed Data Protection Agreements containing EU standard contractual clauses, and a UK international data transfer addendum.

The only data that may be transferred outside the UK and European Economic Area is data captured during customer satisfaction surveys. The data transferred is customer contact information and survey responses, and the data may be transferred to Ireland or the United States (for storage and hosting), and the United States and Australia (for respondent contact, usage, cookies and other tracking information, processed for customer and product support services.) Data transfers are protected by means of signed Data Protection Agreements containing EU standard contractual clauses, and a UK international data transfer addendum.

The data transferred for credit reference agency purposes is customer name and contact information. The data may be accessible, on a transactional basis, in the USA, India, Costa Rica and the Philippines. Data is encrypted in transit and at rest, and is accessible only in anonymised, encrypted form. Data processing conducted within the USA is protected by the EU-US Data Privacy Framework, and the processing in both the USA and other countries detailed is protected by appropriate safeguards as required by the regulator (standard contractual clauses and an International Data Transfer Agreement or its UK Addendum).

If you consent to an invite to leave a review of our firm on Trustpilot, once these data are shared with Trustpilot the information may be shared with their suppliers. The data may be processed in Australia or the United States, and the transfers are protected by means of an International Data Transfer Agreement or addendum.

If you consent to an invite to leave a review of our firm on Trustpilot, once these data are shared with Trustpilot the information may be shared with their suppliers. The data may be processed in Australia or the United States, and the transfers are protected by means of an International Data Transfer Agreement or addendum.

We take privacy very seriously and will use personal information solely for the purpose of administering customer accounts.

At Pastdue Credit Solutions we do the utmost to ensure that Personal Data is kept safe and secure. Our business is certified with ISO9001 (Quality Assurance) and ISO27001 (Information Security) management systems. This means that we are audited on a regular basis by an certified organisation to ensure that we fully comply with the requirements of these standards, which includes keeping our customers' personal data safe. We can assure our customers that their information will not be disclosed to any unauthorised third parties and that all of the businesses we share customer data with are compliant with the General Data Protection Regulations.

• To know why and how we are processing their personal data. We will inform customers of this on our website by means of this Privacy Notice.
• To obtain details of personal data that we are processing: please see below on how to go about this.
• To obtain details of personal data in specific formats: depending on what our customers require we can provide the requested information to them by post or by electronic mail.
• To have personal data rectified if it is incorrect. Once notified of this we will take the appropriate steps to have data rectified accordingly. Customers can notify us of any incorrect data through a phone call, email or letter. If our customers believe that we should not be processing the data then they can speak with us about why they believe that the processing should be stopped or the data removed completely.

Should our customers wish to exercise their “Right to Access” and access the data that we hold on them at any point, we would advise them to make contact with us in writing by addressing this to:

FAO Complaints Department
1 Blair Court
North Avenue
Clydebank Business Park
Glasgow
G81 2LA

Or send an email to [email protected]. Customers will receive an acknowledgement to the request within 5 working days of the communication being received. Customers can also make a request for data by contacting us via telephone and speaking to one of our Customer Service Consultants.

If our customers agree, we will attempt to deal with this informally where appropriate, for example by providing specific information that is required over the telephone.

Should a customer wish to make a complaint to us regarding the use of their Personal Data, then we would advise them to send this to send this to either [email protected] or the address detailed above (please see “Right of access to Personal Data”.)

Customers also have the Right to contact the Information Commissioner’s Office (ICO) if they are unhappy with the way that we have handled Personal Data. The ICO are the supervisory authority who regulate the handling of Personal Data in the UK. Customers can contact them by using their website, phoning them on 0303 123 1113 or by post to:

Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

We would like to assure our customers that none of their Personal Data or information will be shared with third parties for marketing purposes.

If any customer wishes to withdraw their consent for us to share their data with the Money Adviser Network or our customer satisfaction survey provider, or has any complaint about this activity or our processing their data when inviting them to participate in a Trustpilot review of our firm, please contact our Data Protection Officer (details below.)

Our Data Protection Officer is:

Paul Le Poidevin
Data Protection Officer
Pastdue Credit Solutions Limited

Email: [email protected]

Should our customers wish to discuss how long we retain the Personal Data that we hold on them, then we would ask that they contact us either via telephone, email or letter as the retention period may vary for each of our client requirements and circumstances. We also do request customers contact us to ensure that they can exercise their “Right to Access”.

Information and text displayed in this website is for information only. Whilst every care is taken to ensure accuracy, visitors to the site must use their own discretion in using the material. No responsibility can be accepted by Past Due Credit Solutions Ltd. or its executives for errors or omissions. Where links to other sites, products or services are provided, these are for ease of access only and in no way constitute an endorsement of any products or services thereon. Pastdue Credit Solutions Ltd. is not responsible for the content of any sites other than www.pastduecredit.co.uk.