I am an Authorised Third Party for a Lowell customer

Company

Lowell Financial Ltd

Lowell Portfolio I Ltd

Company number

04558936

04857418 

ICO Registration

Z8222569

Z7273861

Country

Incorporated in the UK

Incorporated in the UK

Registered office

No. 1 The Square, Thorpe Park View, Thorpe Park, Leeds, LS15 8GH

No. 1 The Square, Thorpe Park View, Thorpe Park, Leeds, LS15 8GH

Information that you give us

You may provide us with updated contact details for yourself in any communications with us by telephone, email, online chat, post, social media or otherwise, whether this is in connection with the customer’s debt(s) or to report an issue, ask questions or make a complaint.

Information that we collect about you

We will collect information about you from the customer when they provide your details to us to enable us to discuss their debt(s) with you.

Call recording

We may monitor and/or record calls for the purposes of resolving issues, training and to improve our quality and service standards.

CCTV images

We operate CCTV at all of our premises. If you visit any of our offices, you may be recorded by our CCTV system. 

Information that we share with other companies in the Lowell group

We may share your information with other members of the Lowell group of companies: 

·         if we instruct them to act on our behalf in connection with our customer’s debt(s)

·         for our internal administrative purposes

·         including any company associated or otherwise connected with the Lowell group if we transfer our customer’s debt(s) to them whether as part of a group reorganisation or otherwise.  If we transfer our customer’s debt(s) to another member of the Lowell group, Lowell Financial Ltd will continue to manage our customer’s debt(s) on behalf of the new owner of the customer’s debt(s) and your personal data will continue to be used and shared as set out in this privacy notice. 

For details of the UK companies in the Lowell group, please see the section 'Who are the Lowell group' below.

Information that we share with other authorised third parties

If the customer has authorised multiple people or debt management companies such as Step Change, Pay Plan or Money Wellness to manage their debt(s) with us, then we may discuss your activity managing the debt(s) with the other authorised third party.

Information that we share with our third party suppliers

We use a number of carefully selected third parties to supply us with products and services, such as our IT and mailing services.

The information that we share with our suppliers will depend on the nature of the products and services that they provide to us but we will only share the minimum amount of your information which is necessary for them to provide us with the products and services we need. 

This may sometimes involve your information being shared or stored outside of the UK and outside the European Economic Area. 

Information that we share with the original creditor

We may share some limited information with the previous owner of the customer’s debt which may include call recordings and information about the debt with our clients and prospective clients for quality assurance purposes.

Information that we share with other third parties

If we or any member of the Lowell group of companies merges, transfers or sells part or all of its business or assets or any of the share capital of Lowell Portfolio I Ltd or Lowell Financial Ltd to a third party, your personal information may be disclosed to that third party and its advisers for the purposes of negotiating and completing the merger, transfer or sale.  If the merger, transfer or sale does complete, that third party may use or disclose your information as set out in this privacy notice.

We may also share your information with our investors, insurers, lenders, legal and other professional advisers where necessary.

Adequacy Decision

Where a county has been granted adequate by the European Commission, this means they have been found to offer the same level of safeguarding as the UK and therefore are safe countries to transfer information to and no extra contractual obligations are required in order to transfer your information.  

A list of countries with adequacy is linked here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

Standard contractual clauses

These are a set of standard clauses which have been recognised by the European Commission and the Information Commissioner’s Office as providing adequate protection to personal information transferred outside the EU or UK

When we include these clauses in a contract with one of the companies we work with, it means that if they transfer your information outside the EU or UK they must make sure that your information is just as safe as it is in the EU or UK.

As part of this, a transfer impact assessment is also completed to identify any risks with the information sharing. This enables us to put extra protections in place before we decide whether to transfer your information.

A copy of the standard contractual clauses is linked here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

Internation Data Transfer Agreement (IDTA)

This is a transfer mechanism that has been created by the Information Commissioners Office which provides sufficient protection to personal information transferred outside the UK to restricted countries outside of the EU.

A copy of the IDTA is linked here: international-data-transfer-agreement.pdf (ico.org.uk)

Binding corporate rules

These are a way for large groups of companies which are based in lots of countries around the world to transfer personal information to companies in their group in a way that complies with the UK data protection laws. The binding corporate rules must be approved by the data protection regulator before the group of companies can adopt them. 

When one of the companies we work with uses binding corporate rules, it means that if they transfer your information outside the UK, they have procedures in place to make sure that your information is handled in a way that makes sure that your information is just as safe as it is in the UK and EEA.

A list of the Binding corporate rules is linked here: BCRs approved under UK GDPR | ICO

You have the right to

What does this mean?

How does this apply to the way we use your information?

Access your information

You can ask for: 

• confirmation that we process your personal information
• a copy of your personal information that we hold and
• other information about how we process your information.

We will provide you with a copy of your personal information which we hold unless the data protection laws provide an exception that we decide to rely on, for example where there are ongoing court proceedings. We may also redact out the names of any other individuals to protect their privacy.

Wherever possible, we will provide you with a copy of your personal information in the same manner you make your request unless we agree otherwise with you.

This privacy notice also includes the other information you can ask for about how we process your information.

Have your information rectified

You can ask us to rectify your information if it is not accurate, incomplete or up to date.

We will update or correct your information, although sometimes we may need to ask you to provide evidence to confirm the changes, for example a copy of your marriage certificate if you are changing your name because you have got married.

Have your information erased

This is also known as the right to be forgotten.

You can ask us to delete your information where: 

• we no longer need it
• we rely on your consent to use your information and you withdraw it
• you object to our processing it and we have no overriding legitimate grounds to continue processing it or
• we are legally required to delete it.

This right does not apply where: 

• we are legally required to keep your information
• we have a compelling legitimate ground for using your personal information or
• we need your information to establish, exercise or defend legal claims, for example where there are ongoing court proceedings.

As we rely on the fact that we need your information to (a) comply with our legal obligations or (b) protect you where it is a matter of life and death for most processing of your personal information, we will only be able to delete your personal information: 

• if you have the right to object to our processing your personal information and to carry out your request we have to erase your information and
• where we no longer need your information. Although our retention policy means that we will delete your information once we no longer need it. Please see the section How long do we keep your information? above for more details.

Restrict our processing of your information

You may ask us to restrict our processing of your personal information where: 

• you believe the information we hold about you is inaccurate while we check whether it is accurate
• we no longer need your information but you need it to establish, exercise or defend a legal claim or
• you object to our processing your personal information while we reconsider our legitimate interests assessment.

We will not process your personal information whilst we consider your request. However, we will still be able to process your personal information for the purposes of any ongoing court or other legal proceedings.

We will inform you if we begin processing your personal information again and explain why.

Have your information transferred to you and/or a third party

This is also known as the right to data portability.

You can ask us to provide you with a copy of the information which you have provided to us and which we hold electronically.

This right only applies to the information which you have provided to us which we hold electronically. 

We will provide this information to you in a commonly-used and machine readable format.

Object to our processing of your information, including profiling

You can object to our use of your information, including profiling unless: 

• we have compelling legitimate grounds for using your information or
• we need to use your information to establish, exercise or defend a legal claim, for example where there are ongoing court proceedings.

You can also object to us using your information for marketing purposes.

We don’t carry out any profiling of people who are third parties authorised by a customer to manage their debt(s).

This right only applies to the information that we process on the basis that it is in our legitimate interests.  

We don’t use your information for direct marketing

Not to be subject to an automated decision

You can ask us to review any automated decision which has a legal or significant effect for you. You can provide us with your point of view and any additional information that you think we need and ask for a human to reconsider our decision.

You can ask us to reconsider any automated decision we have made

Lowell Portfolio I Ltd    

Company number 04857418

Lowell Financial Ltd

Company number 04558936

Lowell Legal Limited  

Company number 08647091

 Overdales Legal Limited

Company number 07407310

Lowell UK Shared Services Limited 

Company number 08336897 

Lowell Group Shared Services Limited 

Company number 08647094

Lowell Receivables Financing 1 Limited 

Company number 11344999

Lowell Receivables Financing 2 Limited 

Company number 13403235 

Lowell Receivables Financing 3 Limited 

Company number 13849615 

Lowell Portfolio IV Limited

Company number 08654105

Simon Bidco Limited

Company number 09709443

Metis Bidco Limited

Company number 07652466

Wolf Receivables Financing plc

Company number 13949210

Wolf Receivables Financing 3 plc

Company number 15073494