CCICM’s registered office is at Stanhope House, Mark Rake, Bromborough, CH62 2DN and we are a company registered in England and Wales under company number 04358908. We are registered on the Information Commissioner’s Office Register of Data Controllers under registration number Z5640292 we are also regulated by the Financial Conduct Authority and act as the data processor, the designated Data Protection Officer for the organisation can be contacted at:
FAO: Data Protection Officer,
The CCI Centre,
Snowdonia Business Park,
We have appointed IT Governance Europe Limited to act as our EU Representative If you wish to exercise your rights under the EU General Data Protection Regulation (GDPR), or have any queries in relation to your rights or privacy matters generally please email our Representative at or post your request or query to:
EU Representative, IT Governance Europe, Third Floor, The Boyne Tower, Bull Ring, Lagavooren, Drogheda, Co. Louth, A92 F682
When contacting our Representative please ensure you include our company name in any correspondence.
Why we process your data
The creditor of your account has appointed us to collect the outstanding balance. We are not the owners of your account and act as a data processor on behalf of the data controller (our client).
When assigning your account to us the data controller has provided us with your personal data, this data originated from the controller and includes information collected during the life of your account where available and applicable.
Debt Collection is processed under the legitimate interest legal basis and there for we have a right to process your data on behalf of our clients once the case has been assigned to us. The processing is needed for collecting the debt owed and is permitted under that basis even if you do not consent to this processing.
We may also undertake the following activities in accordance with our legitimate interest:
- Data Enrichment from different sources e.g. Credit Reference Agencies
- Search public registers
- Obtain details from a supplier where our legal basis for processing allows
- Review historical cases we hold on you
We will verify that the data we hold on you is correct and share that data with approved third parties such as other debt collection agencies, process servers, solicitors and Credit Reference Agencies. Your data will always be held securely and in compliance with data protection legislation.
Who do we share your personal information with
To allow us to carry out our obligations and services we may need to share your information with the following organisations:
- Third Party Agents and advisers who we use to administer your account, such as approved debt collection agencies, tracing agents, process servers and solicitors.
- Our Clients (the original creditor).
- Credit Reference Agencies (CRA’s).
Please refer to the CRA’s information notice:
- Ombudsmen, Regulators and other authorities. This may include law enforcement agencies and other local and Government agencies (including social and welfare organisations).
- Fraud prevention agencies.
- CCICM’s independent financial and professional advisors.
- Consultants or approved parties.
- Executors of an Estate.
- Print and mail services.
- Land Registry.
- Legal advisors, insolvency practitioners and the courts in the event we pursue or defend legal actions in connection with your account.
- Your nominated Debt Management Company or third party appointed to act on your behalf.
- Approved subcontractors (suppliers who provide goods and services to us). Where this is necessary we will take all appropriate steps to safeguard your data and relevant rights and freedoms under the General Data Protection Regulation (GDPR).
Our employees have been extensively vetted and will have access to your personal data. Access will be granted only if necessary for the purposes described and only where an employee is bound by an obligation of confidentiality.
What categories of personal data do we hold
To enable us to manage your account and communicate with you as well as pass security identification we process the following information about you: Your name, Date of Birth, address details and history, other contact details such as email and telephone numbers.
So as to be able to evaluate your repayment abilities we may also process the following financial data: your payment history, credit history, default details, income, assets, information on your debt, credit agreements, loans and credit rating. These are processed so we can assess affordability based on current financial circumstances and agree repayment plans.
When evaluating your account we need to make informed decisions on how to move forwards. To enable us to do this we process the reason for non-payment with the information you or our client provide us e.g. individual or family circumstances, work situation and/or any health conditions (see special categories of data) that may affect your ability to repay.
Should we need to pursue legal action and/or to enforcement we will process your personal data in order to do this. This is always a last resort once other avenues have been exhausted. We also use your personal data to ensure good debt collection practices such as recording telephone conversations to train our employees and documenting communications received from you. For our employees’ security and to keep your personal data safeguarded we also use closed-circuit television surveillance cameras within our place of business.
We have a legal obligation to provide your personal data when we are audited by regulatory authorities to prevent, monitor and evidence any fraud, money laundering and other criminal activities.
Unless otherwise agreed with you or there is a legal requirement, we will not include special categories of personal information (see below).
Special Category Data
Unless otherwise agreed with you or where there is a legal requirement, or we believe it is in your ‘vital interests’, we will not process special categories of personal information on you (often known as ‘sensitive personal data’ such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life).
It may however help you to notify us of any health condition, disability and/or personal information relating to your private life that may impact on your ability to repay your account. This will allow us to take reasonable steps to accommodate your needs or requirements such as allowing sufficient breaks in your payment arrangement, providing breathing space (suitable time) to seek free independent debt advice, or adjusting your payment arrangement.
This information will be used by us to assist you and will be kept as long as it is required for this purpose, or until such time as you notify us that you no longer consent to its processing or it is unnecessary for the establishment, exercise or defence of legal claims. This is not a blanket right and we will review your request to ensure its compatibility with our legal grounds for processing.
When collecting any special categories of data disclosed by you in helping us understand your circumstances, we will obtain your specific and informed consent to process the data. We will also inform you at the point of capturing this data to whom the data will be disclosed. In most cases, this information may be disclosed to the original creditor as part of their ongoing auditing or as part of a dispute that you may raise that necessitates us sharing this data accordingly.
Withdrawing your consent
Where we are processing your personal data using consent as our legal basis (disclosed special category data) you have the right to withdraw that consent. Where you exercise this right and we do not have a legitimate interest which overrides this then we shall stop processing this data.
Does my data go to another country
In the case of international debt collection your personal data may be transferred to our partners working in the relevant country. Where we do transfer your data to those countries we always ensure suitable safeguards are in place to protect your data and comply with GDPR. Our client may also be based overseas and in these cases we will share the data with them but again ensure the protection of your personal data.
We are always striving to ensure your information is as secure as it can be and adopt the best industry standards to that end. We work hard to prevent unauthorized access or disclosure of your data and have put in place policies and procedures in our offices as well as physical and electronic safeguards to secure the information
Do you have to give us data
You may decide to provide us additional data (including special category) which is used to help us service your account and reach a suitable solution with you. However most of the data which we process about you comes from sources other than yourselves, where this be our client, credit agencies or other suppliers.
How long is your data retained
We will retain your data for as long as it is required by us for the lawful purpose of which it was obtained.
We use the following timelines for data retention:
|Digital Customer data on an account||6 years after the date of closure on our system||To defend any legal or regulatory claim after the closure of the file for the limitations period.|
|Call recordings||3 years||Kept to help support case information and is expunged after this time (should the case be subject to dispute or legal action retention may be extended).|
|External Trace Information||6 years after the date of closure on our system||To defend any legal or regulatory claim after the closure of the file for the limitations period.|
|Data for Statistical purposes||10 years||Data is anonymised post retention and will not identify individuals.|
|Financial transactions||8 years||Required for our legal obligations, customer identifier data is removed after the customer data retention period|
|Physical Customer data & Correspondence||6 years after the closure of the case||To defend any legal or regulatory claim after the closure of the file for the limitations period.|
Automated decision making
CCICM do not undertake any automated decision making on files which would lead to an impact on data subjects or to a legal effect concerning the data subject as there is always human intervention.
You have rights afforded to you with your personal data, these rights can be exercised should you wish at any point even if we are not processing your personal data based on consent. Your rights are as follows;
Right of access
You can request what information we process about you including the following:
- Why we process your personal data
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
- If your personal data has been transferred to a country outside of the EEA, how we ensure the protection of your personal data.
- If the processing includes automatic decision making
You may also request a copy of the personal data we process about you. This is known as your Right to Access. Additional copies where considered manifestly unfounded may be combined with a fee or rejected where deemed appropriate.
Right to be informed
Right to erasure
It is unlikely that we will delete your data unless the account is closed with ourselves and it has been held for the period outlined in the data retention section on customer data. This is due to our obligations with the data, if we do process your data in an unlawful manner then you may ask us to delete it.
Right to rectification
We want to ensure the data we hold about you is correct and therefore we would encourage you to inform us if anything we hold is incorrect and we shall ensure our data is correct.
Right to object
If you believe that we do not have the right to process your personal data, you may object to our processing. In such cases, we may continue processing only if we can show our overriding legal grounds for processing out-weigh your rights and freedoms under the GDPR. However, we will process your personal data if it is required for the determination, exercise or defence of legal claims (note that this right only provides you with the ability to raise your objections, not a blanket right to have any and all processing ceased).
Right to restrict processing
From the time you have requested we correct your personal data or if you have objected to the processing, and until we have been able to investigate the issue or confirm the accuracy of your personal data (or changed it in accordance with your instructions), you may be entitled to the restriction of processing. This means that we (except for storing the personal data) may process your personal data only in accordance with your consent, if necessary with reference to legal claims, to protect someone else’s rights or if there is an important public interest in the processing.
Please note that once we believe that we have resolved the dispute or validated the accuracy of the data we hold, we will continue to process your data in accordance with our overriding legitimate interest.
Right of data portability
Rights in relation to automated decision making
As stated above we do not make any decisions based solely on automated decision making therefore this right does not apply to your data while it is with CCICM.
How to exercise your rights or complain
If you would like to exercise any of your rights above or complain with regards to how your data is being handled by us then please contact our data protection officer who will investigate any concerns you might have:
FAO: Data Protection Officer,
The CCI Centre,
Snowdonia Business Park,
Should you not be satisfied with our response, or you believe that we are unlawfully or unfairly processing your personal data then you can complain to the Information Commissioners Office (ICO) who are the regulators for data in the UK. More information can be found on the ICO website as well as how to register a complaint: https://ico.org.uk/
- Track users as they navigate the website
- Improve the website’s usability
- Analyse the use of the website
- Administer the website
- Prevent fraud
- Improve the security of the website
- Personalise the website for our users.
What are cookies
A cookie is a file containing an identifier a string of letters and numbers that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website.
What cookies do we use
We use Google Analytics Universal to analyse the use of our website. Our analytics service provider generates statistical and other information about website use by means of cookies.
How to disable cookies
You may be able to configure your browser or our website, application or service to restrict cookies or block all cookies if you wish, however if you disable cookies you may find this affects your ability to use certain parts of our website, applications or services. For more information about cookies and instructions on how to adjust your browser settings to accept, delete or reject cookies, see the www.allaboutcookies.org website.