Data Protection Notice

Last updated: 1/17/2026

Data Controller

[Your Company Name] is the data controller for personal data processed in connection with our debt recovery services. We are responsible for determining how your personal data is processed and for what purposes.

Data Minimisation

We follow the principle of data minimisation, collecting and processing only the personal data that is necessary for:

  • Providing debt recovery services
  • Fulfilling contractual obligations
  • Complying with legal and regulatory requirements
  • Maintaining security and preventing fraud

Purpose Limitation

Personal data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.

Storage Limitation

Personal data is kept in a form that permits identification for no longer than necessary. Our retention periods are:

  • Active cases: For the duration of the case
  • Closed cases: 7 years after closure (legal requirement)
  • Portal accounts: While active, plus 2 years after last login
  • Marketing data: Until consent is withdrawn

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. You can update your information through the portal or by contacting us directly.

Integrity and Confidentiality

We implement appropriate technical and organizational measures to ensure personal data is processed securely, including:

  • Encryption of sensitive data
  • Access controls and authentication
  • Regular security assessments
  • Staff confidentiality agreements
  • Secure data transmission

Accountability

We maintain records of our data processing activities and can demonstrate compliance with data protection principles. This includes:

  • Documentation of processing purposes
  • Records of data sharing and transfers
  • Security incident logs
  • Data protection impact assessments

International Transfers

We primarily process and store data within the UK/EEA. If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the European Commission
  • Standard contractual clauses
  • Binding corporate rules

Your Rights

You have the following rights regarding your personal data:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Request deletion (subject to legal obligations)
  • Right to restrict processing: Limit how we use your data
  • Right to data portability: Receive your data in a structured format
  • Right to object: Object to certain types of processing
  • Rights related to automated decision-making: Human review of automated decisions

Complaints

If you have concerns about how we handle your personal data, you can:

  1. Contact us directly to resolve the issue
  2. Lodge a complaint with the Information Commissioner's Office (ICO)

ICO Contact:
Website: ico.org.uk
Phone: 0303 123 1113

Contact

For data protection inquiries or to exercise your rights:

Data Protection Officer:
Email: dpo@debtrecovery.example.com
Address: [Your Business Address]