I am not a Lowell customer

I am an unauthorised third party

Who are we?

Information we may collect about you

Where do we get your information from?

Information that you give us	You may provide us with your name and contact details as part of your query, complaint or payment to us.
Information that we obtain from credit reference agencies	We may collect information about you from Credit reference agencies (or CRAs) who hold personal information about individuals. They provide us with information such as address, email address and telephone numbers which are on our customer’s credit file. We obtain information about you from one or more of the following credit reference agencies: Experian Equifax Transunion We collect this information to confirm the details provided by the previous owner of the debt, verify a customer’s identity, and confirm the accuracy of the information that we hold. The 3 CRAs listed above have put together an information notice which explains in more detail, how they each use and share personal information they receive about you, which is available at www.experian.co.uk/crain, www.equifax.co.uk/crain and https://www.transunion.com.
Information that we obtain from third party data providers	We may also obtain information about you from third party data providers, such as GBG, which are not credit reference agencies. We also use it to confirm our customer’s contact details. GBG have put together a privacy policy which explains in more detail how they use and share your personal data at https://www.gbgplc.com/products-services-privacy-policy. For details of the information that we share with third party providers, please see the section 'Who do we share your information with?' below. We may also obtain your data from posts you've made about Lowell on public forums online.
Call recording	We may monitor and/or record calls for the purposes of resolving issues on customer debt(s), training and to improve our quality and service standards.
CCTV images	We operate CCTV at all of our premises. If you visit any of our offices, you may be recorded by our CCTV system.

We may combine the information that you give us with the information we collect about you from the other sources listed above.

Who do we share your information with?

We sometimes need to share some of your information with other organisations.

Information that we share with other companies in the Lowell group	We may share your information with other members of the Lowell group of companies: In order to remove your contact information where we have confirmed that you are not our customer For our internal administrative purposes such as audits including any company associated or otherwise connected with the Lowell group if we transfer our customer’s debt(s) to them whether as part of a group reorganisation or otherwise. If we transfer our customer’s debt(s) to another member of the Lowell group, Lowell Financial Ltd will continue to manage our customer’s debt(s) on behalf of the new owner of the customer’s debt(s) and your personal data will continue to be used and shared as set out in this privacy notice.
Information that we share with the original creditors	We may share call recordings and information about your interactions with our customer’s original creditor and prospective creditors for quality assurance purposes.
Information that we share with our third party suppliers	We use a number of carefully selected third parties to supply us with other products and services, such as IT and mailing services. The information that we share with our suppliers will depend on the nature of the products and services that they provide to us, but we will only share the minimum amount of your information which is necessary for them to provide us with the products and services we need. If you agree to our marketing cookies, we share the information they collect about you and your use of our site with our trusted social media, advertising and analytics partners - particularly Facebook and Instagram. This helps us to customise our social media ads and analyse traffic driven to our site from advertising and the effectiveness of our ads. You can find more details about our marketing cookies in our Cookie Notice.
Information that we share with other third parties	If we or any member of the Lowell group of companies merges, transfers or sells part or all of its business or assets or any of the share capital of Lowell Portfolio I Ltd or Lowell Financial Ltd to a third party, your personal information may be disclosed to that third party and its advisers for the purposes of negotiating and completing the merger, transfer or sale. If the merger, transfer or sale does complete, that third party may use or disclose your information as set out in this privacy notice. We may also share your information with our investors, insurers, lenders, legal and other professional advisers where necessary.

Where is your information stored?

Your information is generally stored on servers and filing systems in the UK but from time to time it may be stored in or accessed from countries outside the UK, including by our outsourced partners in South Africa. Where this may happen, we always make sure that there are appropriate safeguards in place, such as the standard contractual clauses, international data transfer agreements or binding corporate rules, to guarantee that your information, and your rights , are protected to the same high standard as under UK law.

Adequacy Decision	Where a county has been granted adequate by the European Commission, this means they have been found to offer the same level of safeguarding as the UK and therefore are safe countries to transfer information to and no extra contractual obligations are required in order to transfer your information. A list of countries with adequacy is linked here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
Standard contractual clauses	These are a set of standard clauses which have been recognised by the European Commission and the Information Commissioner’s Office as providing adequate protection to personal information transferred outside the EU or UK When we include these clauses in a contract with one of the companies we work with, it means that if they transfer your information outside the EU or UK they must make sure that your information is just as safe as it is in the EU or UK. As part of this, a transfer impact assessment is also completed to identify any risks with the information sharing. This enables us to put extra protections in place before we decide whether to transfer your information. A copy of the standard contractual clauses is linked here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
Internation Data Transfer Agreement (IDTA)	This is a transfer mechanism that has been created by the Information Commissioners Office which provides sufficient protection to personal information transferred outside the UK to restricted countries outside of the EU. A copy of the IDTA is linked here: international-data-transfer-agreement.pdf (ico.org.uk)
Binding corporate rules	These are a way for large groups of companies which are based in lots of countries around the world to transfer personal information to companies in their group in a way that complies with the UK data protection laws. The binding corporate rules must be approved by the data protection regulator before the group of companies can adopt them. When one of the companies we work with uses binding corporate rules, it means that if they transfer your information outside the UK, they have procedures in place to make sure that your information is handled in a way that makes sure that your information is just as safe as it is in the UK and EEA. A list of the Binding corporate rules is linked here: BCRs approved under UK GDPR \| ICO

How long do we keep your information?

Do we carry out profiling and automated decision-making?

What rights do you have?

Under the data protection laws, you have a number of rights in respect of your information and the way we use it. Some of these rights only apply in certain situations. We explain below what rights you have, what these mean and how they apply to the way we use your information.

You have the right to	What does this mean?	How does this apply to the way we use your information?
Access your information	You can ask for: confirmation that we process your personal information a copy of your personal information that we hold and other information about how we process your information.	We will provide you with a copy of your personal information which we hold unless the data protection laws provide an exception that we decide to rely on, for example where there are ongoing court proceedings. We may also redact out the names of any other individuals to protect their privacy. Wherever possible, we will provide you with a copy of your personal information in the same manner you make your request unless we agree otherwise with you. This privacy notice also includes the other information you can ask for about how we process your information.
Have your information rectified	You can ask us to rectify your information if it is not accurate, incomplete or up to date.	We will update or correct your information, although sometimes we may need to ask you to provide evidence to confirm the changes.
Have your information erased	This is also known as the right to be forgotten. You can ask us to delete your information where: we no longer need it we rely on your consent to use your information and you withdraw it you object to our processing it and we have no overriding legitimate grounds to continue processing it or we are legally required to delete it. This right does not apply where: we are legally required to keep your information we have a compelling legitimate ground for using your personal information or we need your information to establish, exercise or defend legal claims, for example where there are ongoing court proceedings.	As we rely on the fact that we need your information to (a) comply with our legal obligations or (b) protect you where it is a matter of life and death for most processing of your personal information, we will only be able to delete your personal information: if you have the right to object to our processing your personal information and to carry out your request we have to erase your information and where we no longer need your information. Although our retention policy means that we will delete your information once we no longer need it. Please see the section How long do we keep your information? above for more details.
Restrict our processing of your information	You may ask us to restrict our processing of your personal information where: you believe the information we hold about you is inaccurate while we check whether it is accurate we no longer need your information but you need it to establish, exercise or defend a legal claim or you object to our processing your personal information while we reconsider our legitimate interests assessment.	We will not process your personal information whilst we consider your request. However, we will still be able to process your personal information for the purposes of any ongoing court or other legal proceedings. We will inform you if we begin processing your personal information again and explain why.
Have your information transferred to you and/or a third party	This is also known as the right to data portability. You can ask us to provide you with a copy of the information which you have provided to us and which we hold electronically.	This right only applies to the information which you have provided to us which we hold electronically. We will provide this information to you in a commonly-used and machine readable format.
Object to our processing of your information, including profiling	You can object to our use of your information, including profiling unless: we have compelling legitimate grounds for using your information or we need to use your information to establish, exercise or defend a legal claim, for example where there are ongoing court proceedings. You can also object to us using your information for marketing purposes.	We don’t carry out any profiling of people who are unauthorised third parties. This right only applies to the information that we process on the basis that it is in our legitimate interests. We don’t use your information for direct marketing
Not to be subject to an automated decision	You can ask us to review any automated decision which has a legal or significant effect for you. You can provide us with your point of view and any additional information that you think we need and ask for a human to reconsider our decision.	You can ask us to reconsider any automated decision we have made about you.

We will always do our best to respond to your request within one month of receiving it and any additional information we need to confirm your identity and understand your request.

However, sometimes we may need some more time to deal with your request, particularly if it is complicated. Where this happens, we will write to you within one month and let you know why we need some more time and when we will provide you with our response.

If we are unable to carry out your request, we will send you a response explaining why.

If you would like to exercise any of your rights, please contact our Data Protection Officer by:

by email at dpo@lowellgroup.co.uk or
letter at Data Protection Officer, Lowell Financial Ltd, PO Box 13079, Harlow, CM20 9TE.

Our Data Protection Officer deals with data protection for all our UK companies, so whichever Lowell company your question, query or request relates to, please contact our Data Protection Officer using these contact details.

What if you have a complaint?

Who are the Lowell group?

Changes to this notice

Company	Lowell Portfolio I Ltd	Lowell Financial Ltd
Company number	04857418	04558936
ICO registration	Z8222569	Z7273861
Country	Incorporated in the UK	Incorporated in the UK
Registered office	No.1 The Square, Thorpe Park View, Thorpe Park, Leeds, LS15 8GH	No.1 The Square, Thorpe Park View, Thorpe Park, Leeds, LS15 8GH

Lowell Portfolio I Ltd	Company number 04857418
Lowell Financial Ltd	Company number 04558936
Lowell Legal Limited	Company number 08647091
Overdales Legal Limited	Company number 07407310
Lowell UK Shared Services Limited	Company number 08336897
Lowell Group Shared Services Limited	Company number 08647094
Lowell Receivables Financing 1 Limited	Company number 11344999
Lowell Receivables Financing 2 Limited	Company number 13403235
Lowell Receivables Financing 3 Limited	Company number 13849615
Lowell Portfolio IV Limited	Company number 08654105
Simon Bidco Limited	Company number 09709443
Metis Bidco Limited	Company number 07652466
Wolf Receivables Financing plc	Company number 13949210
Wolf Receivables Financing 3 plc	Company number 15073494

Cookies

Cookie Preferences

Performance Cookies

Marketing Cookies

Essential Cookies

I am not a Lowell customer