;

Our Privacy Promise

Lowell is about people – our customers, our clients, our colleagues, our suppliers and our business partners. Each of these relationships is built on trust – a trust we earn by protecting your information and privacy. Whatever your relationship with Lowell, we make these promises to you about how we will use, handle and protect your information. How we use your information depends on the nature of our relationship with you.

If you would like a copy of our Privacy Promise or any of our privacy notices, please contact us. If you would like to hear a recording of our privacy notices please call:

  • Customer – 0800 0212075

Calls to these numbers are free from landlines. Charges from mobile networks may vary so please check with your provider before calling.

If you would like a copy of our Privacy Promise or any of our privacy notices, please contact our Data Protection Officer. Our Data Protection Officer deals with data protection for all our UK companies, so whichever Lowell company your question relates to, please contact our Data Protection Officer by:
  • writing to Data Protection Officer, Lowell Financial Limited, PO Box 1411, Northampton, NN2 1BQ
  • by email at dpo@lowellgroup.co.uk

 

Whatever your relationship with Lowell, we make these promises to you.
We promise to be open and honest about the information we collect

Being open and honest is at the heart of all we do. 

We’ve designed our website to make it easy for you see what information we collect about you, how we use it, who we may share it with, how long we keep it and how we protect it.
Select the relevant link above to find out more about what how we use your information.
We promise to use it only for specific purposes we’ve told you about

We will only use your information for the purposes we’ve told you about in our privacy notice, which you will find by selecting the relevant link above.

We promise to collect no more than we need for those purposes

The information we collect about you depends on your relationship with us, select the relevant link above to find out more.

We promise to check that it’s accurate and keep it up to date

We do what we reasonably can to check the information that we collect is accurate and to keep it up to date.  If you spot a mistake in your information, you can call, write or email us to ask us to correct it.

We promise to keep it for no longer than we need it

We have a retention policy that sets limits on the length of time we keep your information. How long we keep it varies, depending on the type of information and the reason why we are using or keeping it.

Select the relevant link above to find out more.

We promise to protect your privacy and your information

Keeping information secure is a top priority for Lowell. We have put appropriate security measures in place to protect your information including being ISO27001 certified, which means that we meet the internationally recognised standards for managing risks to the security of the information we hold.

We promise to explain your privacy rights and how to exercise them

For details of your privacy rights and how you can exercise them, please select the relevant link above.

We promise to respond quickly to any concerns you raise with us

You can raise any concerns you may have about our handling of your information by writing to our Data Protection Officer at the contact details below.

If you are not happy with the outcome, you also have the right to raise your concern with the Information Commissioner’s Office.

We promise to treat you and your information fairly, lawfully and transparently

We will only collect, use and share your information where we have a lawful reason for doing so. This is known as the “legal basis” and we are required to tell you what the legal basis is for each of our activities which involves your information.

You will find the legal basis together with other details about how we use your information by selecting the relevant link above.

We provide you with detailed information about how we use your information to make sure that we are fair and transparent.

Customer Privacy Requests - Frequently Asked Questions
What should I do if I need to make a privacy request to more than one Lowell UK company or for more than one account?

Our Privacy Team handle requests for all of our UK companies so you only need to submit one

request. Please tell us in your request which companies and accounts you’d like us to include and we’ll be happy to help.

Why don't you need my consent to process my information?

We have a legitimate interest in holding and processing the data we use in order to collect any amounts you owe. As we have a legitimate interest we do not need to rely on your consent for the majority of the data we hold about you. We only ask for your consent in relation to the information you provide to us over the phone about your physical or mental health. If you withdraw your consent, we will remove any such information from your account. This will not affect the lawfulness of any processing of this information that we have carried out before you withdrew your consent. We may also process some information about you to comply with our legal, regulatory and professional obligations, for example under the anti-money laundering and counter-terrorist financing legislation and for crime and fraud prevention.

Can I make a request on behalf of another person?

Yes, you can make a request on behalf of another person. You will need to provide evidence that you are entitled to act on their behalf, such as a written authority to make the request or a general power of attorney. If you can’t provide appropriate evidence we will send the response directly to the individual.

How quickly will my request be resolved?

We will do our very best to fulfil your request within one month. In some circumstances, we may write to you extending this time period by an additional two months. This may happen where your request is complex or you have made a number of requests. We are allowed to extend the timescale for responding to you in this way under Article 12(3) of GDPR. If your request is for access to information and there is any specific information which you require copies of, please let us know what this is and we may be able to respond more quickly.

How is the response time calculated?

The Information Commissioner’s Office (ICO) have said that the ‘one month’ timescale for privacy requests should be calculated from the day the request is received (whether this is a working day or not) to the corresponding calendar date on the next month.

You can read their advice on the following link:  https://ico.org.uk/your-data-matters/time-limits-for-responding-to-data-protection-rights-requests/

Example                                                                                                                                         

A company receives a request on 3 September. This gives the company until 3 October to comply with the request.

If this is not possible because the following month is shorter and there is no corresponding calendar date, the company has to comply with the request on the last day of the following month. If the corresponding calendar date falls on a weekend or a public holiday, the company has until the next working day to respond.

This means that the exact number of days a company has to comply with a request varies, depending on the month in which the request was made.

Example                                                                                                                                         

A company receives a request on 31 March. As there is no equivalent date in April, the company has until 30 April to comply with the request.

If 30 April falls on a weekend, or is a public holiday, the company has until the end of the next working day to comply.

What information do Lowell UK provide in a subject access request (SAR)?

When you submit a SAR we will review the information we process and provide you with:

  • confirmation as to whether we process your personal information
  • a copy of any personal information we process
  • details of where to find the additional information you are entitled to about how we use your personal
Do I need to submit a full SAR to get access to my information?

If you would like all of the personal information we process about you, then we’re happy to provide it. We want to help you find the information you need as quickly as we can so if there is anything specific that you require, please let us know what this is and we may be able to respond more quickly.

What information am I entitled to?

You are entitled to a copy of your own personal information but not to information about other people (unless you are authorised to act on behalf of another person). You are not entitled to information which we do not hold or which is not within our control. We will not provide you with information which is subject to legal professional privilege or any of the other applicable exemptions under data protection legislation.

I didn't receive everything I was expecting, why wasn't it included?

We will provide you with the personal information which we process about you. Our response will not contain:

  • names or other information which could identify other people
  • information which is subject to legal professional privilege or any of the other applicable exemptions under data protection legislation
  • information which we do not hold or which is not within our control.
Why didn't I receive some of the documents I was expecting?

Deed of Assignment/ Contract of Novation

A SAR response includes a copy of your personal information which we process. The deed of assignment or contract of novation itself does not contain any specific details which would identify you as an individual whose debt is being purchased. The contract is therefore not part of the information which you are entitled to. The contract does refer to a separate document known as a sale file which contains the details of all the debts being purchased. The information relating to you which is contained in that sale file is in the originating creditor information sections of your SAR response.

Purchase Price

We do not hold pricing information on our systems from which you can be individually identified. As this is not personal information about you, it is therefore not part of the information which you are entitled to.

Original Agreement

If the agreement has been previously requested from the originating creditor and is held by Lowell, this will be provided.

Letters

The scope of a SAR includes information we hold. In most cases, we are able to provide copies of letters we have sent to you. In a small number of cases, the letters are not held in our systems.

Where this is the case, we will provide you with information from your account about the letters without providing a copy of the letter itself.

We may also send copies of letters we have sent that contain variable fields, these letters are not a full representation of the actual letter we sent at the time.

If the original letter we sent you is no longer stored on our system, we will not be able to include this in your SAR.  

Requests to have your information erased or deleted (Right to be forgotten)

When can I ask for my information to be erased?

You can ask for your information to be erased at any time.

What happens when I ask for my information to be erased?

The right to erasure only applies in certain circumstances including:

  • where Lowell no longer need your information
  • we rely on your consent to process your information and you withdraw your consent
  • where the law says we have to erase your information and we have not already done

When we receive your erasure request, we will review the information we hold about you. We will erase any information that we no longer need, any health information that you have provided to us over the phone and any other information that we are legally obliged to erase.

Is there any information you won't erase?

We will not delete any information that we are legally required to keep, for example under the anti- money laundering and counter-terrorist financing legislation. We will also keep any information that we are required to keep by any regulatory authorities.

We will not delete information that we need in order to administer and manage your accounts or that we need to establish, exercise or defend legal claims, for example, where there are ongoing court proceedings.

What happens to the information that isn't erased?

We will keep your information on our systems until we no longer need it either to administer and manage your accounts or to comply with our legal, regulatory, professional and corporate governance obligations.

We only keep your information for as long as we need it and we will keep your information for no more than 7 years from the date you cease to have any active accounts with us. We keep your information for this long so that we can:

  • deal with any issues or concerns that you may have about how we handled your account
  • answer any questions HM Revenue and Customs may have and
  • bring or defend any legal

However, we won’t keep all of your information for so long, and we will delete some information much sooner, for example, we only retain call recordings for 18 months.

We have a retention policy which we have written by considering all the different types of information that we hold about you, understanding how long we need to keep it for and agreeing not to keep it for any longer.

System.Web.Mvc.HtmlHelper`1[Umbraco.Web.Models.RenderModel] ;