About our notice
This privacy notice tells you what to expect when Grosvenor Credit Management and Investigations Ltd and GCMI Enforcement Group Ltd (Grosvenor) collects personal information. Grosvenor will, when delivering services, collect and use personal information only which is relevant to the work that we are undertaking and which will be controlled, stored and processed in accordance with the Data Protection Legislation however it is collected, recorded and used; whether it be on paper, in electronic media form or recorded by other means.
We consider the lawful and correct treatment of personal information by the company as critical in maintaining the confidence of our customers, clients and staff; we therefore manage and process personal information lawfully and correctly.
We will, through appropriate management and by strict application of criteria and controls:
- Observe fully the conditions regarding the fair collection and use of information.
- Meet its legal obligations to specify the purposes for which information is used.
- Collect and process appropriate information and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements.
- Ensure that the quality and accuracy of the information used is adequate and is maintained.
- Apply strict checks to determine the length of time information is held and that it is stored for no longer than is necessary.
- Provide the source of where the personal data originates from and whether it came from publicly accessible sources.
- Take appropriate technical and organisational security measures to safeguard personal information.
- Ensure that personal information is not transferred abroad to countries to which transfers are not permitted under the Regulations.
- Ensure that the rights of people about whom information is held are able to be fully exercised under the Regulations.
- These include the right to be informed that processing is being undertaken, the right of access to one’s personal information, the right to prevent processing in certain circumstances and the right to correct, rectify, block or erase information.
- They also include the right to withdraw consent at any time and the right to lodge a complaint with a supervisory authority.
Personal Data defined under the Data Protection Legislation means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Information is likely to be classed as Personal Data if any of the following criteria are met:
- Can a living individual be identified from the data, or, from the data and other information in the possession of, or likely to come into the possession of, the data controller?
- Does the data “relate to” the identifiable living individual, whether in their personal or family life, business or profession?
- Is the data “obviously about” a particular individual?
- Is the data “linked to” an individual so that it provides particular information about that individual?
- Is the data used, or is it to be used, to inform or influence actions or decisions affecting an identifiable individual?
- Does the data have any biographical significance in relation to the individual?
- Does the data focus or concentrate on the individual as its central theme rather than on some other person, or some object, transaction or event?
- Does the data impact or have the potential to impact on an individual, whether in a personal, family, business or professional capacity?
The information storage and processing systems used by Grosvenor are all certified as compliant with the International standard for information security management systems (ISMS), ISO 27001:2013. This is designed to ensure that:
- There is an officer appointed with specific responsibility for data protection within the organisation: You may contact our Chief Privacy Officer by telephone on 44 (0) 330 390 4555, via e-mail at firstname.lastname@example.org, by using the Contact us page on our web site or by letter to Grosvenor, Lindsey House, 1 Station Road, Addlestone, Surrey, KT15 2AL.
- Everyone handling, managing and working with personal information understands that they are contractually and legally responsible for following the Regulation and good data protection practice.
- Everyone handling, managing and working with personal information is appropriately trained to do so and audited.
- Everyone handling, managing and working with personal information is appropriately supervised.
- Anyone wanting to make enquiries about personal information knows how to do so.
- Queries about personal information are promptly and courteously dealt with, in accordance with the Regulation.
- Methods of handling, managing and working with personal information are clearly described.
- A regular review and audit is made of the way personal information is managed.
- Methods of handling, managing and working with personal information are regularly reviewed, assessed and evaluated.
- The performance of the methods and process is regularly reviewed, assessed and evaluated.
Grosvenor adhere to the Principles of Data Protection Legislation. The principles set out the main responsibilities for organisations. The requirements set out that personal data shall be;
a) Processed lawfully, fairly and in a transparent manner in relation to individuals;
b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to the implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of individuals; and
f) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Visitors to our websites
When someone enters our websites, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
- Social media. Some of our websites include social media cookies, including those that enable users who are logged in to the social media service to share content via that service.
We use Google Analytics to monitor traffic levels, search queries and visits to this website. Google Analytics stores IP addresses (anonymously) on its servers in the United States, and neither The Sheriff’s Office nor Google associate your IP address with any personally identifiable information. A mixture of both persistent and session cookies are used to enable Google to determine whether you are a return visitor to this site and to track the pages that you visit during your session.
In addition to the cookies we set when you visit our websites, third parties may also set cookies when you visit our sites. In some cases, that is because we have hired the third party to provide services on our behalf, such as site analytics. In other cases, it is because our web pages contain content from third parties. Because your browser connects to those third parties’ web servers to retrieve that content, those third parties are able to set or read their own cookies on your device and may collect information about your online activities across websites or online services.
How to control cookies
Most web browsers automatically accept cookies but provide controls that allow you to block or delete them. Most browsers allow you to refuse to accept cookies; however, blocking cookies will have a negative impact upon the usability of some websites.
You can opt-out of data collection from Google Analytics by clicking on this link:https://tools.google.com/dlpage/gaoptout
Data subjects have a right, as set out in the Regulation, to obtain the personal information which is stored and used by us and can obtain this information by contacting the Chief Privacy Officer whose details are given in this document. The data comprising the personal information will be delivered to the data subject in a secure manner and in a format which is readily accessible using common proprietary data access tools.
What Information do we Process
The information that we obtain may be dependent upon the nature and context of your enquiry or instruction. The information that we collect can include the following:
- We receive personal information from authorities and companies which we deal with.
- The personal information which is obtained and stored consists of name, previous names, trade addresses, home address, email, national insurance number, gender, social media handles, employee, vulnerability, financial information, marital status, housing status, sensitive data – special category date, benefits, billing, video imagery, occupation, car registration number, telephone number, date of birth, IP address and location data from online analytics services such as city or postcode.
- We also may collect other information; however, this is not personally identifiable.
- We hold the information we received when making a decision about you, offences committed, outstanding debt, income and expenditure, health, your loan or application (including information collected from the Credit Reference Agencies).
- We hold details of all transactions processed.
- We hold details of when you contact us and when we contact you.
- We obtain information by recording how persons use our websites by means of embedded technology such as cookies, and by receiving written enquiries and usage data from relevant forms hosted on our website.
- Calls to our telephone system may be recorded and Calling Line Identity (CLI) numbers are identified and stored where they are not withheld.
- To engage in services some or all of the above personal information is required. Failure to provide the appropriate information where required will result in termination of services.
- We also obtain data from third parties.
- We protect data obtained from third parties according to the practices described in this statement, together with any additional restrictions that are imposed by the source of the data. These third-party sources vary over time, but have included:
- Field agents, charities and support workers
- Data brokers from whom we purchase demographic data
- Service providers that help us determine a location based upon your IP address
- Partners with whom we offer co-branded services or engage in joint marketing activities
- Publicly-available sources such as open government databases or other data in the public domain
The Purpose of Data Processing
- The personal information which we obtain, store and process is necessary and is used to enable us to fulfil our legal and contractual obligations with clients.
- Automated decision making may be used in the form of credit checks, vehicle valuations and tracing debtors.
- We may keep details of any phone number(s) that you call us from and use them to contact you.
- For marketing purposes, we may contact you by telephone or by e-mail or other means to inform you when a publication or presentation which may be of professional interest is available or to enquire or to advise about a service enquiry that you have made, or to invite you to participate in a survey or to attend a commercial event. For information about how to manage, edit or to delete contact data which contains your personal information, please use the contact section at the bottom of this privacy notice.
- For advertising purposes we may use personal information contained in an e-mail, telephone calls or voicemail, or your documents, or data files to target advertisements to you.
- If you provide us with any debit card details, we may keep these for reference purposes.
- If a card is identified as having been used fraudulently then we will maintain a record of its use for reporting and preventing fraud; the card details will be deactivated to ensure that they can no longer take payment.
- When we are managing cases, we may be given sensitive information such as medical information. We will hold and process this information to allow us to make decisions about you and your accounts with us.
- When we are required to obtain health information where it is relevant to issues of vulnerability, the information obtained is used by administration staff and Enforcement Agents to alert creditors where they have identified such debtors. Enforcement Agents and relevant staff are trained to recognise and to manage interactions with vulnerable debtors, and when to withdraw from such situations.
- Body worn video footage is recorded as a legitimate interest to protect both the user and / or the data subject. Images are encrypted and will only be accessible to senior management upon compliant or investigation.
How to access and control your personal data
You can submit a request to view, edit or delete any personal data that we hold and which is not retained for the purpose of writ or order enforcement.
You may do so by submitting a request in writing via post or email. We will respond to requests within 1 month.
Your marketing choices
You may opt-out of receiving marketing information by contacting us at email@example.com, or by unsubscribing using the link incorporated into all our e-mail communication. Because the data used for marketing may also be used for other necessary purposes, in such cases, opting out of marketing does not stop that data from being collected or stored.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We recommend you to read the privacy notices on the websites you visit yourselves.
Changes to this Privacy Statement
We will update this privacy statement when necessary to reflect customer feedback and changes in our services. When we post changes to this statement, we will revise the “last updated” date at the top of the statement. If there are material changes to the statement or in how we will use your personal data, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this privacy statement to learn how we are protecting your information. This privacy notice was last updated on 22nd July 2020.
How to contact us
If you have a privacy concern, complaint or a question for the Chief Privacy Officer, please contact us by email to firstname.lastname@example.org. We will respond to questions or concerns within 30 days. Unless otherwise stated Grosvenor is a data controller for personal data we collect through the products subject to this statement. Our address is; Grosvenor, Lindsey House, 1 Station Road, Addlestone, Surrey, KT15 2AL.