This Privacy Notice sets out how we will use and process personal data. Please read this Privacy Notice, carefully before using this website www.arceuropeltd.co.uk (“Website”). We would also draw you attention at this time to our website Terms & Conditions and our Cookies Policy
In this Privacy Notice:
- “we”, “us” and “our” means ARC (Europe) Ltd.
- “you” and “your” means the user of this Website and so far as it is applicable, the customer.
- “customer” refers either to an identifiable person whose account balance we have purchased from the original creditor (the “creditor”), or to an identifiable person whose account is owned by the creditor, who has engaged us to act on their behalf to recover the debt. This Privacy Notice applies to both current and former customers.
Who we are
We are a debt collection agency acting on behalf of various clients whereby we process data when engaging with their customers/members to facilitate payment arrangements and other solutions.
Registered Office Kent House, Churchfield Road, Walton-On-Thames, Surrey, KT12 2TU. Registered in England No. 4214145.
Authorised and Regulated by the Financial Conduct Authority (Reference No. 716072) for accounts formed under the Consumer Credit Act 1974 (amended 2006).
Data Protection Legislation and the Information Commissioner’s Office
ARC (Europe) Ltd. considers the confidentiality of any information you may provide us with, as well as your personal details, to be of the utmost importance. We are committed to ensure that we comply with the prevailing data protection legislation, applicable to the United Kingdom and as currently regulated by the Information Commissioner’s Office (“ICO”) whose website is https://ico.org.uk/.
In meeting our obligations, we actively consider both the privacy of personnel data held and the security measures we employ in order to prevent the unauthorised disclosure of the data.
Data Controllers and Data Processors
- A “Data Subject” means any living person about whom data is processed. You will be the Data Subject if we process your data.
- A “Data Controller” is the party who has overall control of the data being processed. Typically, this will be the name of the original creditor on whose behalf we are contacting you in order to request payment of the balance outstanding. In those circumstances, we will be processing the data as a “Data Processor” on behalf of the Data Controller. Where we have informed you that we have purchased the debt, we will be the Data Controller and any third party we engage (as set out in this notice) will be a Data Processor.
Why do we need to process personal data?
We respect your privacy and we only collect, store and process your personal data for lawful and defined purposes. In this respect, we process personal data by reason of having a “legitimate interest” to do so. This legitimate interest includes processing personal data for the purposes of debt collection, early arrears activity, tracing and processing for employment related reasons (for our employees only).
Processing enables us to use the data for these purposes and ensures that we understand a customer’s personal circumstances to enable us to provide customers with affordable payment plans or tailored customer solutions.
Wherever possible (or required in the case of “special data”- please see below) we will also seek your consent to process personal data.
How do we collect your data?
We collect personal data from various sources including:
- data you give us directly or that data which has been passed to us by the creditor;
- data from customers’ transactions with us, our affiliates, or others;
- data we receive from data/consumer reporting agencies or tracing agencies where used;
Recorded phone calls
For quality control, security and training purposes, we monitor or record your telephone communications with us. However, we do not record or store your debit or credit card details.
What is “personal data”?
‘Personal Data’ means any information relating to an identified or identifiable natural person (‘data subject’).
The personal data we collect and process relating to you as a customer may include, but is not limited to, your:
- Date of birth
- Contact information, including your phone number and email address
- Financial and credit score information
- Employment information, including your current employment status
- Information about your circumstances, where it will help us to identify that you may need additional support from us. Examples may include, but are not limited to, information about your physical and mental health conditions, or recent life events such as new caring responsibilities, bereavement or redundancy
- Any other information you choose to provide, which will help us to have better interactions with you
What is “special data”?
Special Category Data is personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or genetic data, biometric data or data concerning health or a person’s sex life or sexual orientation (also known as “sensitive personal data”).
As outlined above, special data is more sensitive and personal to the Data Subject and therefore requires particular controls to process it. If special data is not necessary for the purpose of the processing, it will not be collected. If it is considered necessary for the processing, we will ask you for your consent to note the account and to share the information with our client (i.e. the Data Controller).
How do we keep your personal data secure?
To maintain security of customer information, we restrict access to your personal and account information to persons who need to know that information.
We also maintain physical, electronic, managerial and procedural safeguards to protect the privacy of your personal and account information.
Information gathered will only be used for our own business and for client communication purposes.
Disclosure of personal data.
We do not disclose any non-public personal information to anyone - unless it is necessary for the processing and permitted or required by law.
We may pass your details on to:
- another entity with which ARC (Europe) Ltd. enters or reasonably may enter into a corporate transaction (e.g. a merger consolidation, acquisition, or asset purchase);
- a third party pursuant to a Court Order, or other form of legal process or in response to a lawful request by or on behalf of any government agency, department, or body;
- the Data Controller (i.e. the creditor); or
- a third party if determined by us where we are permitted or required by law to do so, for the purposes of this lawful processing (e.g. a payment processing business, a printing/mailing business, another debt collection agency or a tracing agent). Where we transfer your information to a third party we do so, only on the understanding that they keep the information confidential and use it only for our agreed purposes;
- The data we collect from you will not be transferred or stored outside the European Economic Area (“EEA”)
How long do we hold personal data for?
We will retain your personal data for only as long as permitted for our legitimate business/processing purposes and also for as long as necessary to satisfy any retention period that we are legally required to meet. All data is securely stored during the retention period with sufficient electronic and physical measures.
Some data formats where the data is duplicated (e.g. correspondence and call recordings) may be destroyed sooner than other data. Once we have met the retention period (typically 6 years after the account was paid/closed) the remainder of the personal data is destroyed or anonymised.
Your data subject rights
UK data protection law defines what rights you have in relation to the processing of your personal data, including:
- Your right of access – You have the right to ask us for a copy of your personal data.
- Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete data you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances.
- Your right to restrict processing – You have the right to ask us to restrict the processing of your personal data, in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal data, in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
- Your rights in relation to automated decision making and profiling – You have the right not to be subject to a decision based solely on automated processing, including profiling, if this will have a legal or other significant effect on you.
Should you wish to exercise any of your rights as defined under UK data protection law, you can write to us at:
FAO Data Protection
ARC (Europe) Ltd
Walton on Thames
Or you can email us at email@example.com.
Please remember to state your reference number as appears in our written communications with you. We will immediately forward all requests to our client (the “Data Controller”) to respond to the request within one calendar month. You are not required to pay a charge for exercising your rights, except in exceptional circumstances.
As you will appreciate, there is a need for us to protect your confidentiality and one of the ways we do this is to check that anyone asking for personal information has the right to receive it. So we may ask you to prove your identity or provide a written authority before making information available.
Finally, you may want to review your data rights independently or if you are unhappy with the response we provided you with, you should contact the Information Commissioner's Office, on the internet at https://ico.org.uk/concerns/.
You will find the ICO’s address and email address on that website or by calling the ICO helpline on 0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers).