Unauthorised and Mistrace Third Party privacy notice

I am an unauthorised third party

This is our privacy notice explaining how we use your personal information as an unauthorised third party/mistraced person with Lowell.

If you would like a copy of this privacy notice or if you have any questions about how Lowell Financial Ltd and Lowell Portfolio I Ltd use and share your personal information, please contact our Data Protection Officer by:

  • email at dpo@lowellgroup.co.uk
  • letter at Data Protection Officer, Lowell Financial Limited, PO Box 13079, Harlow, CM20 9TE

Our Data Protection Officer deals with data protection for all our UK companies, so whichever Lowell company your question, concern or complaint relates to, please contact our Data Protection Officer using these contact details.

Who are we?

You are an unauthorised third party with one of the UK Lowell companies:

Company

Lowell Portfolio I Ltd

Lowell Financial Ltd

Company number

04857418 

04558936

ICO registration

Z8222569

Z7273861

Country

Incorporated in the UK

Incorporated in the UK

Registered office

 

No.1 The Square, Thorpe Park View, Thorpe Park, Leeds, LS15 8GH

No.1 The Square, Thorpe Park View, Thorpe Park, Leeds, LS15 8GH

 

 

Where we use “Lowell”, “we”, “our” or “us” in this notice, we mean Lowell Portfolio I Ltd and Lowell Financial Ltd unless we say otherwise.

We have contacted you as we believed you to be our customer based on the information we hold.

We are joint controllers of your information which means that we are both responsible for looking after it.

For details of the UK companies in the Lowell group, please see the section 'Who are the Lowell Group?'  below.

Information we may collect about you

We collect:

  • Your name
  • Contact details
  • If you make a payment by credit or debit card on behalf of a customer, we process your card information for the purposes of taking your payment, but we do not store your card details unless you consent to us doing so.
  • Any other information you have chosen to share with us as part of our interaction with you.
  • We do not collect special category information or criminal records data intentionally from you, however if you disclose these types of information within your communication with us, it will be recorded as part of the communication.

Where do we get your information from?

 

Information that you give us

You may provide us with your name and contact details as part of your query, complaint or payment to us.

Information that we obtain from credit reference agencies

We may collect information about you from Credit reference agencies (or CRAs) who hold personal information about individuals. They provide us with information such as address, email address and telephone numbers which are on our customer’s credit file.

We obtain information about you from one or more of the following credit reference agencies:

      Experian

      Equifax

      Transunion

We collect this information to confirm the details provided by the previous owner of the debt, verify a customer’s identity, and confirm the accuracy of the information that we hold.

The 3 CRAs listed above have put together an information notice which explains in more detail, how they each use and share personal information they receive about you, which is available at www.experian.co.uk/crain, www.equifax.co.uk/crain and https://www.transunion.com.

Information that we obtain from third party data providers

We may also obtain information about you from third party data providers, such as GBG, which are not credit reference agencies.  We also use it to confirm our customer’s contact details. GBG have put together a privacy policy which explains in more detail how they use and share your personal data at 

https://www.gbgplc.com/products-services-privacy-policy.

For details of the information that we share with third party providers, please see the section 'Who do we share your information with?' below.

Call recording

We may monitor and/or record calls for the purposes of resolving issues on customer debt(s), training and to improve our quality and service standards.

CCTV images

We operate CCTV at all of our premises. If you visit any of our offices, you may be recorded by our CCTV system. 

 

We may combine the information that you give us with the information we collect about you from the other sources listed above.

Who do we share your information with?

 

We sometimes need to share some of your information with other organisations.

Information that we share with other companies in the Lowell group

We may share your information with other members of the Lowell group of companies: 

      In order to remove your contact information where we have confirmed that you are not our customer

      For our internal administrative purposes such as audits

   including any company associated or otherwise connected with the Lowell group if we transfer our customer’s debt(s) to them whether as part of a group reorganisation or otherwise.  If we transfer our customer’s debt(s) to another member of the Lowell group, Lowell Financial Ltd will continue to manage our customer’s debt(s) on behalf of the new owner of the customer’s debt(s) and your personal data will continue to be used and shared as set out in this privacy notice. 

Information that we share with the original creditors

We may share call recordings and information about your interactions with our customer’s original creditor and prospective creditors for quality assurance purposes.

Information that we share with our third party suppliers

We use a number of carefully selected third parties to supply us with other products and services, such as IT and mailing services.

The information that we share with our suppliers will depend on the nature of the products and services that they provide to us, but we will only share the minimum amount of your information which is necessary for them to provide us with the products and services we need. 

If you agree to our marketing cookies, we share the information they collect about you and your use of our site with our trusted social media, advertising and analytics partners - particularly Facebook and Instagram. This helps us to customise our social media ads and analyse traffic driven to our site from advertising and the effectiveness of our ads.  You can find more details about our marketing cookies in our Cookie Notice.

Information that we share with other third parties

If we or any member of the Lowell group of companies merges, transfers or sells part or all of its business or assets or any of the share capital of Lowell Portfolio I Ltd or Lowell Financial Ltd to a third party, your personal information may be disclosed to that third party and its advisers for the purposes of negotiating and completing the merger, transfer or sale.  If the merger, transfer or sale does complete, that third party may use or disclose your information as set out in this privacy notice.

We may also share your information with our investors, insurers, lenders, legal and other professional advisers where necessary.

 

Where is your information stored?

Your information is generally stored on servers and filing systems in the UK but from time to time it may be stored in or accessed from countries outside the UK. Where this may happen, we always make sure that there are appropriate safeguards in place, such as the standard contractual clauses, international data transfer agreements or binding corporate rules, to guarantee that your information, and your rights , are protected to the same high standard as under UK law.

 

Adequacy Decision

Where a county has been granted adequate by the European Commission, this means they have been found to offer the same level of safeguarding as the UK and therefore are safe countries to transfer information to and no extra contractual obligations are required in order to transfer your information.  

 

A list of countries with adequacy is linked here: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

Standard contractual clauses

These are a set of standard clauses which have been recognised by the European Commission and the Information Commissioner’s Office as providing adequate protection to personal information transferred outside the EU or UK

When we include these clauses in a contract with one of the companies we work with, it means that if they transfer your information outside the EU or UK they must make sure that your information is just as safe as it is in the EU or UK.

As part of this, a transfer impact assessment is also completed to identify any risks with the information sharing. This enables us to put extra protections in place before we decide whether to transfer your information.

A copy of the standard contractual clauses is linked here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

Internation Data Transfer Agreement (IDTA)

This is a transfer mechanism that has been created by the Information Commissioners Office which provides sufficient protection to personal information transferred outside the UK to restricted countries outside of the EU.

A copy of the IDTA is linked here: international-data-transfer-agreement.pdf (ico.org.uk)

Binding corporate rules

These are a way for large groups of companies which are based in lots of countries around the world to transfer personal information to companies in their group in a way that complies with the UK data protection laws. The binding corporate rules must be approved by the data protection regulator before the group of companies can adopt them. 

When one of the companies we work with uses binding corporate rules, it means that if they transfer your information outside the UK, they have procedures in place to make sure that your information is handled in a way that makes sure that your information is just as safe as it is in the UK and EEA.

A list of the Binding corporate rules is linked here: BCRs approved under UK GDPR | ICO

 

How long do we keep your information?

We only keep your information for as long as we need it in line with our customer data retention as we need to keep certain information to confirm that you are not our customer, so we do not contact you again.

Do we carry out profiling and automated decision-making?

We do not carry out profiling or any automated decision-making using your information.

What rights do you have?

Under the data protection laws, you have a number of rights in respect of your information and the way we use it. Some of these rights only apply in certain situations. We explain below what rights you have, what these mean and how they apply to the way we use your information. 

You have the right to

What does this mean?

How does this apply to the way we use your information?

Access your information

You can ask for: 

  • confirmation that we process your personal information
  • a copy of your personal information that we hold and
  • other information about how we process your information.

We will provide you with a copy of your personal information which we hold unless the data protection laws provide an exception that we decide to rely on, for example where there are ongoing court proceedings. We may also redact out the names of any other individuals to protect their privacy.

Wherever possible, we will provide you with a copy of your personal information in the same manner you make your request unless we agree otherwise with you.

This privacy notice also includes the other information you can ask for about how we process your information.

Have your information rectified

You can ask us to rectify your information if it is not accurate, incomplete or up to date.

We will update or correct your information, although sometimes we may need to ask you to provide evidence to confirm the changes.

Have your information erased

This is also known as the right to be forgotten.

You can ask us to delete your information where: 

  • we no longer need it
  • we rely on your consent to use your information and you withdraw it
  • you object to our processing it and we have no overriding legitimate grounds to continue processing it or
  • we are legally required to delete it.

This right does not apply where: 

  • we are legally required to keep your information
  • we have a compelling legitimate ground for using your personal information or
  • we need your information to establish, exercise or defend legal claims, for example where there are ongoing court proceedings.

As we rely on the fact that we need your information to (a) comply with our legal obligations or (b) protect you where it is a matter of life and death for most processing of your personal information, we will only be able to delete your personal information: 

  • if you have the right to object to our processing your personal information and to carry out your request we have to erase your information and
  • where we no longer need your information. Although our retention policy means that we will delete your information once we no longer need it. Please see the section How long do we keep your information? above for more details.

Restrict our processing of your information

You may ask us to restrict our processing of your personal information where: 

  • you believe the information we hold about you is inaccurate while we check whether it is accurate
  • we no longer need your information but you need it to establish, exercise or defend a legal claim or
  • you object to our processing your personal information while we reconsider our legitimate interests assessment.

We will not process your personal information whilst we consider your request. However, we will still be able to process your personal information for the purposes of any ongoing court or other legal proceedings.

We will inform you if we begin processing your personal information again and explain why.

Have your information transferred to you and/or a third party

This is also known as the right to data portability.

You can ask us to provide you with a copy of the information which you have provided to us and which we hold electronically.

This right only applies to the information which you have provided to us which we hold electronically. 

 

We will provide this information to you in a commonly-used and machine readable format.

Object to our processing of your information, including profiling

You can object to our use of your information, including profiling unless: 

  • we have compelling legitimate grounds for using your information or
  • we need to use your information to establish, exercise or defend a legal claim, for example where there are ongoing court proceedings.

You can also object to us using your information for marketing purposes.

We don’t carry out any profiling of people who are unauthorised third parties.

 

This right only applies to the information that we process on the basis that it is in our legitimate interests.  

 

We don’t use your information for direct marketing

Not to be subject to an automated decision

You can ask us to review any automated decision which has a legal or significant effect for you. You can provide us with your point of view and any additional information that you think we need and ask for a human to reconsider our decision.

You can ask us to reconsider any automated decision we have made about you.

 

We will always do our best to respond to your request within one month of receiving it and any additional information we need to confirm your identity and understand your request.

However, sometimes we may need some more time to deal with your request, particularly if it is complicated.  Where this happens, we will write to you within one month and let you know why we need some more time and when we will provide you with our response.

If we are unable to carry out your request, we will send you a response explaining why. 

If you would like to exercise any of your rights, please contact our Data Protection Officer by:

  • by email at dpo@lowellgroup.co.uk or
  • letter at Data Protection Officer, Lowell Financial Ltd, PO Box 13079, Harlow, CM20 9TE.

Our Data Protection Officer deals with data protection for all our UK companies, so whichever Lowell company your question, query or request relates to, please contact our Data Protection Officer using these contact details.

What if you have a complaint?

If you have any questions, concerns or complaints about the way any of the UK Lowell companies process your personal information, our Data Protection Officer will do their very best to help you.  You can contact our Data Protection Officer by:

  • email at dpo@lowellgroup.co.uk or
  • letter at Data Protection Officer, Lowell Financial Ltd, PO Box 13079, Harlow, CM20 9TE.

Our Data Protection Officer deals with data protection for all our UK companies, so whichever Lowell company your question, concern or complaint relates to, please contact our Data Protection Officer using these contact details.

If you are not happy with the way we have handled your complaint or are still concerned about our handing of your personal information, you have a right to take your complaint to the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF and www.ico.org.uk.

Who are the Lowell group?

The Lowell group is made up of the following companies incorporated in the UK

Lowell Portfolio I Ltd    

Company number 04857418

Lowell Financial Ltd

Company number 04558936

Lowell Legal Limited  

Company number 08647091

 Overdales Legal Limited

Company number 07407310

Lowell UK Shared Services Limited 

Company number 08336897 

Lowell Group Shared Services Limited 

Company number 08647094

Lowell Receivables Financing 1 Limited 

Company number 11344999

Lowell Receivables Financing 2 Limited 

Company number 13403235 

Lowell Receivables Financing 3 Limited 

Company number 13849615 

Lowell Portfolio III Limited

Company number 08096778

Lowell Portfolio IV Limited

Company number 08654105

 

Changes to this notice

This privacy notice was updated in May 2024.

We will regularly review this notice and keep it updated to make sure that the information we provide you with is accurate and up to date.