Updated 14 September 2020
How we use your personal information
We can only use your personal information where it falls into one or more of the following categories:
- it is necessary to enter into or fulfil a contract we have with you;
- you have provided your consent;
- we have a legal or regulatory obligation to do so;
- it is necessary to carry out a task which is in the public interest;
- it is necessary to protect your vital interests; or
- it is in our legitimate interest to do so and it is not against your rights.
Where you make an application or enquiry for one of our products or services we’ll use your information to provide you with appropriate information about any solutions we may be able to offer to you. If you cannot provide this information we may not be able to progress with your application or enquiry.
We may also use this information to contact you about and process your application, for example, sending you an email, text message or letter to welcome you to our services.
We will process the personal data we collect about you for the purposes set out below at purposes for processing your personal data.
After you have made you initial application/enquiry, if you also decide to go ahead with any of the products or services that we offer, the sections below explain how we will also process your data when we provide that particular product(s) or service(s).
DebtCalmis a trading name of Debt Limited.
The Data Controller
DebtCalm is committed to complying with the UK’s Data Protection law and the EU General Data Protection Regulation (GDPR) for the protection of personal data, as well as the principles of data security in the configuration of our services.
If you have any questions about this privacy notice or how we use your personal data, please contact:
Group Data Protection Officer – Simon Towers
24 Gillotts Close
The data we collect and process
To use DebtCalm’s services we will collect, store and use elements of your personal data. Use of this personal data is necessary by DebtCalm in order to provide the services you have requested, and is a contractual requirement.
DebtCalm will usually need you to disclose the following to help advise you regarding debt solutions:
- first name
- last name
- date of birth
- email address
- employment details and company name, if you are responsible for it
- VAT ID number, if needed
- full address, including postcode
- telephone number
- monthly income, expenditure and creditor details
- partners details and those living with you
- details of assets
- vulnerability indicators
Any personal data we collect from you will be stored and transferred in line with the requirements of the General Data Protection Regulation (GDPR).
Our Partners are made up of categories of business types, and are authorised and regulated debt solution providers in the United Kingdom
Cookies are small files which are stored on your device when you visit websites. Temporary data about your visit is stored if you visit our website. This information helps us to better understand how our site is used, the number of visitors we have, the pages viewed per session and the amount of time spent on each page. Using this data helps us to improve the website.
The following data is collected and stored by DebtCalm until deletion:
- IP address of the accessing computer/device
- date, time and duration of your visit
- name and URL of the accessed pages
- identification data of the browser and operating system used
- website from which the data was accessed
- name of your internet service provider
In line with our data protection obligations, we will ensure that this retention period is not excessive, and that the data is only retained for as long as is necessary for the purpose for which it was collected.
Marketing and communications
If you have chosen to opt-in to our direct marketing communications, we may use your information to let you know about relevant products and services.
You have a right to opt-out of our communications at any time by emailing us.
How long will the data be stored for?
Where possible, DebtCalm will take steps to delete any personal data that is no longer necessary for the purposes for which it was collected – usually 12 months – or if you have withdrawn consent for its processing and retention.
Under the GDPR, you have the right to ‘block’ or request the deletion or removal of personal data to prevent further processing. This is also known as ‘the right to be forgotten’. Specific circumstances in which you can request the deletion or removal of personal data includes:
- where the personal data is no longer necessary for the purposes for which it is collected or otherwise processed
- where you withdraw consent
- when you object to the processing and there is no overriding legitimate interest for continuing the processing
- where the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR)
- where the personal data has to be erased in order to comply with a legal obligation
- in case a deletion is not possible due to legal, statutory or contractual retention periods, or if it requires disproportionate efforts or prejudices your legitimate interests, the data will be blocked instead of deleted.
Sharing of data with other data controllers
At DebtCalm the information we hold about you is confidential. We will only disclose it when:
- you have given us your consent to do so
- we or others need to investigate or prevent crime (e.g. to fraud prevention agencies)
- the law permits or requires it
- regulatory or governmental body requests or requires it
- there is a duty to the public to reveal the information
- to obtain professional advice (e.g. legal advice)
- to meet external audit requirements
If you give us false or inaccurate information, and if fraud is identified, we’ll pass details of it to the fraud prevention agencies and/or Law enforcement agencies. Organisations may also share, access and use this information to prevent fraud and money laundering. We only share information if we believe that disclosure is reasonably necessary to comply with a law, regulation or legal request; to protect the safety, rights, or property of the public. Or to detect, prevent, or otherwise address fraud, security or technical issues.
If at any time we become aware that your data has been compromised, or that a breach of our systems and controls has occurred, which has an impact on the security of your data, we will notify the Information Commissioner’s Office, and yourself, without undue delay.
Subject Access Requests
You have the right to request access to a copy of the personal information that we hold about you. This is also known as a ‘Subject Access Request’. This information is provided to you free of charge however, we can refuse to respond or charge a ‘reasonable fee’ when a request is manifestly unfounded, excessive or repetitive.
If you would like a copy of the information we hold on you, or believe that we are holding information about you which is incorrect or incomplete, please write to:
24 Gillotts Close
We will response to your request without delay and at the latest, within 30 days of receipt of your request.
If you have a complaint about any aspect of data protection or if you feel your privacy has been breached by us, please contact:
Group Data Protection Officer – Simon Towers
24 Gillotts Close
If you are unhappy with the final response you receive from DebtCalm you have the right to complain to the supervisory authority, the Information Commissioner’s Office (ICO) within three months of your last meaningful contact with us. You can call the ICO on 0303 123 1113 or visit https://ico.org.uk .
Due to the further development of our website, government regulations or the implementations of new technologies, this policy will be reviewed, and may change, from time to time. DebtCalm reserves the right to change this data protection information at any time with effect for the future.
The revised policy will be posted to this page so that you are always aware of the information we collect, how we use it and under what circumstances we disclose it. We therefore recommend you read the current data protection information again from time to time.
Last updated: 14 September 2020