Privacy Policy

About us

CCICM (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy policy and in compliance with the relevant data protection Regulation and Law. This notice provides you with the necessary information regarding your rights and obligations, and explains how, why and when we collect and process your personal data.

CCICM’s registered office is at Stanhope House, Mark Rake, Bromborough, CH62 2DN and we are a company registered in England and Wales under company number 04358908. We are registered on the Information Commissioner’s Office Register of Data Controllers under registration number Z5640292 we are also regulated by the Financial Conduct Authority and act as the data processor, the designated Data Protection Officer for the organisation can be contacted at:

FAO: Data Protection Officer,
The CCI Centre,
Snowdonia Business Park,
Porthmadog,
LL48 6LD

Email:

EU Representative

We have appointed IT Governance Europe Limited to act as our EU Representative If you wish to exercise your rights under the EU General Data Protection Regulation (GDPR), or have any queries in relation to your rights or privacy matters generally please email our Representative at or post your request or query to:

EU Representative, IT Governance Europe, Third Floor, The Boyne Tower, Bull Ring, Lagavooren, Drogheda, Co. Louth, A92 F682

When contacting our Representative please ensure you include our company name in any correspondence.

Why we process your data

The creditor of your account has appointed us to collect the outstanding balance. We are not the owners of your account and act as a data processor on behalf of the data controller (our client).

When assigning your account to us the data controller has provided us with your personal data, this data originated from the controller and includes information collected during the life of your account where available and applicable.

Debt Collection is processed under the legitimate interest legal basis and there for we have a right to process your data on behalf of our clients once the case has been assigned to us. The processing is needed for collecting the debt owed and is permitted under that basis even if you do not consent to this processing.

We may also undertake the following activities in accordance with our legitimate interest:

• Data Enrichment from different sources e.g. Credit Reference Agencies
• Tracing
• Search public registers
• Obtain details from a supplier where our legal basis for processing allows
• Review historical cases we hold on you

We will verify that the data we hold on you is correct and share that data with approved third parties such as other debt collection agencies, process servers, solicitors and Credit Reference Agencies. Your data will always be held securely and in compliance with data protection legislation.

Who do we share your personal information with

To allow us to carry out our obligations and services we may need to share your information with the following organisations:

• Third Party Agents and advisers who we use to administer your account, such as approved debt collection agencies, tracing agents, process servers and solicitors.
• Our Clients (the original creditor).
• Credit Reference Agencies (CRA’s).

Please refer to the CRA’s information notice:

https://www.experian.co.uk/crain/index.html
https://www.equifax.co.uk/crain.html

• Ombudsmen, Regulators and other authorities. This may include law enforcement agencies and other local and Government agencies (including social and welfare organisations).
• Fraud prevention agencies.
• CCICM’s independent financial and professional advisors.
• Consultants or approved parties.
• Executors of an Estate.
• Print and mail services.
• Land Registry.
• Legal advisors, insolvency practitioners and the courts in the event we pursue or defend legal actions in connection with your account.
• Your nominated Debt Management Company or third party appointed to act on your behalf.
• Approved subcontractors (suppliers who provide goods and services to us). Where this is necessary we will take all appropriate steps to safeguard your data and relevant rights and freedoms under the General Data Protection Regulation (GDPR).

Our employees have been extensively vetted and will have access to your personal data. Access will be granted only if necessary for the purposes described and only where an employee is bound by an obligation of confidentiality.

What categories of personal data do we hold

To enable us to manage your account and communicate with you as well as pass security identification we process the following information about you: Your name, Date of Birth, address details and history, other contact details such as email and telephone numbers.

So as to be able to evaluate your repayment abilities we may also process the following financial data: your payment history, credit history, default details, income, assets, information on your debt, credit agreements, loans and credit rating. These are processed so we can assess affordability based on current financial circumstances and agree repayment plans.

When evaluating your account we need to make informed decisions on how to move forwards. To enable us to do this we process the reason for non-payment with the information you or our client provide us e.g. individual or family circumstances, work situation and/or any health conditions (see special categories of data) that may affect your ability to repay.

Should we need to pursue legal action and/or to enforcement we will process your personal data in order to do this. This is always a last resort once other avenues have been exhausted. We also use your personal data to ensure good debt collection practices such as recording telephone conversations to train our employees and documenting communications received from you. For our employees’ security and to keep your personal data safeguarded we also use closed-circuit television surveillance cameras within our place of business.

We have a legal obligation to provide your personal data when we are audited by regulatory authorities to prevent, monitor and evidence any fraud, money laundering and other criminal activities.

Unless otherwise agreed with you or there is a legal requirement, we will not include special categories of personal information (see below).

Special Category Data

Unless otherwise agreed with you or where there is a legal requirement, or we believe it is in your ‘vital interests’, we will not process special categories of personal information on you (often known as ‘sensitive personal data’ such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life).

It may however help you to notify us of any health condition, disability and/or personal information relating to your private life that may impact on your ability to repay your account. This will allow us to take reasonable steps to accommodate your needs or requirements such as allowing sufficient breaks in your payment arrangement, providing breathing space (suitable time) to seek free independent debt advice, or adjusting your payment arrangement.

This information will be used by us to assist you and will be kept as long as it is required for this purpose, or until such time as you notify us that you no longer consent to its processing or it is unnecessary for the establishment, exercise or defence of legal claims. This is not a blanket right and we will review your request to ensure its compatibility with our legal grounds for processing.

When collecting any special categories of data disclosed by you in helping us understand your circumstances, we will obtain your specific and informed consent to process the data. We will also inform you at the point of capturing this data to whom the data will be disclosed. In most cases, this information may be disclosed to the original creditor as part of their ongoing auditing or as part of a dispute that you may raise that necessitates us sharing this data accordingly.

Withdrawing your consent

Where we are processing your personal data using consent as our legal basis (disclosed special category data) you have the right to withdraw that consent. Where you exercise this right and we do not have a legitimate interest which overrides this then we shall stop processing this data.

Does my data go to another country

In the case of international debt collection your personal data may be transferred to our partners working in the relevant country. Where we do transfer your data to those countries we always ensure suitable safeguards are in place to protect your data and comply with GDPR. Our client may also be based overseas and in these cases we will share the data with them but again ensure the protection of your personal data.

Security

We are always striving to ensure your information is as secure as it can be and adopt the best industry standards to that end. We work hard to prevent unauthorized access or disclosure of your data and have put in place policies and procedures in our offices as well as physical and electronic safeguards to secure the information

Do you have to give us data

You may decide to provide us additional data (including special category) which is used to help us service your account and reach a suitable solution with you. However most of the data which we process about you comes from sources other than yourselves, where this be our client, credit agencies or other suppliers.

How long is your data retained

We will retain your data for as long as it is required by us for the lawful purpose of which it was obtained.

We use the following timelines for data retention:

Data	Retention Period	Reason
Digital Customer data on an account	6 years after the date of closure on our system	To defend any legal or regulatory claim after the closure of the file for the limitations period.
Call recordings	6 years	Kept to help support case information and is expunged after this time (should the case be subject to dispute or legal action retention may be extended).
External Trace Information	6 years after the date of closure on our system	To defend any legal or regulatory claim after the closure of the file for the limitations period.
Data for Statistical purposes	10 years	Data is anonymised post retention and will not identify individuals.
Financial transactions	8 years	Required for our legal obligations, customer identifier data is removed after the customer data retention period
Physical Customer data & Correspondence	6 years after the closure of the case	To defend any legal or regulatory claim after the closure of the file for the limitations period.

Automated decision making

CCICM do not undertake any automated decision making on files which would lead to an impact on data subjects or to a legal effect concerning the data subject as there is always human intervention.

Your Rights

You have rights afforded to you with your personal data, these rights can be exercised should you wish at any point even if we are not processing your personal data based on consent. Your rights are as follows;

Right of access

You can request what information we process about you including the following:

• Why we process your personal data
• The purposes of the processing
• The categories of personal data concerned
• The recipients to whom the personal data has/will be disclosed
• How long we intend to store your personal data for
• If we did not collect the data directly from you, information about the source
• If your personal data has been transferred to a country outside of the EEA, how we ensure the protection of your personal data.
• If the processing includes automatic decision making

All of the above is also set out in this privacy policy.

You may also request a copy of the personal data we process about you. This is known as your Right to Access. Additional copies where considered manifestly unfounded may be combined with a fee or rejected where deemed appropriate.

Right to be informed

You have the right to be informed where the collection and use of your personal data is concerned. This is a key requirement to GDPR and why this privacy policy exists so as to provide you with that information.

Right to erasure

It is unlikely that we will delete your data unless the account is closed with ourselves and it has been held for the period outlined in the data retention section on customer data. This is due to our obligations with the data, if we do process your data in an unlawful manner then you may ask us to delete it.

Right to rectification

We want to ensure the data we hold about you is correct and therefore we would encourage you to inform us if anything we hold is incorrect and we shall ensure our data is correct.

Right to object

If you believe that we do not have the right to process your personal data, you may object to our processing. In such cases, we may continue processing only if we can show our overriding legal grounds for processing out-weigh your rights and freedoms under the GDPR. However, we will process your personal data if it is required for the determination, exercise or defence of legal claims (note that this right only provides you with the ability to raise your objections, not a blanket right to have any and all processing ceased).

Right to restrict processing

From the time you have requested we correct your personal data or if you have objected to the processing, and until we have been able to investigate the issue or confirm the accuracy of your personal data (or changed it in accordance with your instructions), you may be entitled to the restriction of processing. This means that we (except for storing the personal data) may process your personal data only in accordance with your consent, if necessary with reference to legal claims, to protect someone else’s rights or if there is an important public interest in the processing.

Please note that once we believe that we have resolved the dispute or validated the accuracy of the data we hold, we will continue to process your data in accordance with our overriding legitimate interest.

Right of data portability

Where processing is based on your consent or for the performance of a contract and where the processing is carried out by automated means, you have the right to data portability. As outlined within this Privacy Policy, we will in most circumstances process your data under its legitimate interest to do so. We also do not use automated decision making on your account therefore it is unlikely this right will apply to your personal data which we hold we will still consider requests where you believe this right applies.

Rights in relation to automated decision making

As stated above we do not make any decisions based solely on automated decision making therefore this right does not apply to your data while it is with CCICM.

How to exercise your rights or complain

If you would like to exercise any of your rights above or complain with regards to how your data is being handled by us then please contact our data protection officer who will investigate any concerns you might have:

FAO: Data Protection Officer,
The CCI Centre,
Snowdonia Business Park,
Porthmadog,
LL48 6LD

Email:

Should you not be satisfied with our response, or you believe that we are unlawfully or unfairly processing your personal data then you can complain to the Information Commissioners Office (ICO) who are the regulators for data in the UK. More information can be found on the ICO website as well as how to register a complaint:  https://ico.org.uk/

How we use cookies

We use cookies on our website to understand more about our users and to improve their experience across our website.  The purposes for which they are used, are set out below:

We use cookies on our website to recognise a computer when a user visits the website

• Track users as they navigate the website
• Improve the website’s usability
• Analyse the use of the website
• Administer the website
• Prevent fraud
• Improve the security of the website
• Personalise the website for our users.

What are cookies

A cookie is a file containing an identifier a string of letters and numbers that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.  Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website.

What cookies do we use

We use Google Analytics Universal to analyse the use of our website.  Our analytics service provider generates statistical and other information about website use by means of cookies.

The information generated relating to our website is used to create reports about the use of our website. It can also be used to help improve Google’s products and services. Our analytics service provider’s privacy policy is available at: http://www.google.com/policies/privacy.

For the purposes of identifying prospect client leads and for optimisation, products and services from the company Lead Forensics www.leadforensics.com are presented on this website. Lead Forensics’ headquarters are located at Communication House 26 York Street, London, W1U 6PZ United Kingdom.

Lead Forensics determines details of your organisation including telephone number, web address, SIC code and a description of the company. Lead Forensics shows the actual course of your visit to the website, including all pages that you have visited and viewed and how long you have spent on the page. Under no circumstances will the data be used to personally identify and individual visitor. As far as IP addresses are collected, they are anonymised immediately after collection.

On behalf of CCICM, Lead Forensics will use the information collected to evaluate your visit to our website, to compile reports on website activity and to provide CCCIM with details of your organisation, other services related to website activity and internet usage. If you do not agree, you can object to the collection, processing and storage of data at any time with effect for the future by clicking the following link: https://optout.leadforensics.com/?clientID=211378

How to disable cookies

You may be able to configure your browser or our website, application or service to restrict cookies or block all cookies if you wish, however if you disable cookies you may find this affects your ability to use certain parts of our website, applications or services. For more information about cookies and instructions on how to adjust your browser settings to accept, delete or reject cookies, see the www.allaboutcookies.org website.

Marketing Communications

We will only send marketing communications to you via email or other communication means where you have consented that we may do so.

You may request to receive marketing communications verbally or by email to your point of contact within the business, alternatively, you will be offered a tick box on the forms we use to collect your personal information, where if you agree to receive marketing communications, you will be required to tick the box.

Where marketing communication is sent to you via email, you may unsubscribe from receiving any further marketing communications by clicking the ‘opt-out’ or ‘unsubscribe’ function within the email. You may also exercise your right to unsubscribe by emailing and providing your name, email address or telephone number the marketing communications you would like to unsubscribe from.

Client Data Processing

CCICM may process client data to fulfil contractual obligations. This includes collecting, storing, and utilising information essential for service delivery. We prioritise the careful handling of client data, ensuring compliance with relevant data protection laws. Our commitment extends to implementing measures that safeguard the confidentiality, integrity, and availability of the data our clients provide. For further information on how we process client data please contact us at