Customers
This section explains what personal information we typically collect once you become a customer, following our purchase of your debt, and what we do with it.
The specifics of each account will vary according to the type of debt, so the below is intended as a general guide only. When we purchase your debt we write to you at the last known address and provide you with a Privacy Notice that is specific just to you. If you have not received your Notice (because you moved house and did not update the original lender for example) then you can contact us for a copy via dpo@azzurroassociates.com
Sources of Data
You provided a range of personal information to the original creditor as part of entering into a contract with them. This information will have been amended and updated during the course of your relationship with them. They will have obtained additional information about you as part of their processes, such as a credit check, or confirming your details through background checks and searches.
Some or all of this information is passed to Azzurro when we purchase your debt, and we are now the Data Controller in respect of the Account and all related information we hold. We have the same rights to give information to Credit Referencing Agencies (CRAs) about the debt that you owe in respect of this Account, for example if you have fallen behind with your payments; information about the process can be found at http://www.scoronline.co.uk/
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained at each of the three CRAs – clicking on any of these three links will also take you to the same CRAIN document.
https://www.transunion.co.uk/crain; TransUnion (formerly Callcredit),
https://www.equifax.co.uk/crain; Equifax
https://www.experian.co.uk/crain/ Experian
We may carry out further checks at the start of our relationship with you, such as credit checks and searches, in order to confirm the accuracy of, and to update as required, the information we have been passed, and we will also use information gathered during interactions directly with you, such as updating contact details or information surrounding your circumstances and ability to pay.
What We Will Do With Your Data
Your information will be used for the purpose of operating our business and collecting on the debts owed. For the most part, data is processed under
- GDPR Article 6 (1) (b) – processing is necessary for the performance of a contract to which the data subject (you) is party.
We also have various legal obligations, such as to check the debt is not money laundering or proceeds of crime or fraud, so some of the processing falls under
- GDPR Article 6 (1) (c) – processing is necessary for compliance with a legal obligation to which the controller is subject
Your data will be stored securely in an encrypted volume in the EU. Access to your data is controlled to ensure that only those with a business-need to view your details or process your data can do so.
Information will be gathered during the course of the collections process in relation to payments and account management, and this may include both factual data and formed opinion. This information may be used to assist in the management of you as a customer, for the purposes of payment review or making you an offer of settlement, for making reasonable adjustments to terms, and for the pursuit of legal proceedings.
We analyse data and create groups and profiles in order to tailor the human interaction that follows, or to segment accounts in order to pass them to collections agents who specialise in your type of account; we do not make any fully-automated decisions about you from data.
Sharing Your Data
Azzurro Associates do not directly manage the accounts we own; personal details will be released to third-party organisations such as Debt Collection Agencies and Solicitors acting on our behalf. When we write to you upon purchase of your account, the contact details of the assigned DCA or Solicitor is provided; if you lose this information or have not received your letter, please contact us via dpo@azzurroassociates.com and we will provide it again.
We may also release information to regulatory or law enforcement agencies if they require us to do so. We will also disclose your information where we are permitted and requested to do so by law.
Your Rights Over This Data
You have the right to request a copy of the personal information we hold about you. This is known as a Data Subject Access Request and if you would like to exercise this right, please contact dpo@azzurroassociates.com stating you wish to make a DSAR and we will help you with the process.
We encourage you to exercise your right to update and correct any inaccurate information we hold on you, as decisions should always be made with the most accurate information. Where you identify we have something wrong, you can request we restrict processing until data is correct again.
You can object to our processing of your data, withdraw Consent (where we rely on consent rather than a Contract) and request that data we hold about you be deleted at any time. Where such requests are made, a review of the data will be made with a view to balancing your rights and request, with any business need of Azzurro, any regulatory or legislative requirement to continue processing, or to retain said data.
Data Retention Period
Customer data is typically retained for 6 years after the end of our relationship in case of future legal action, query or audit.
Some retention periods are longer as they are governed by the type of debt involved, for example 12 years for Mortgages
Your Right to Complain
Azzurro Associates aim is to treat customers fairly at all times. However, we recognise that sometimes things can go wrong. If you’ve got an issue, in the first instance please contact the 3rd party agency that we have appointed to act on our behalf and is managing your account, and let them know what your concerns are. If the agency is unable to resolve the issue you should contact us via our “contact us” page or via dpo@azzurroassociates.com
If you’re not satisfied with the outcome of your complaint, and your complaint falls under the remit of the Financial Ombudsman, you can contact them online at Financial Ombudsman Service or call 0800 023 4567; the FOS are an independent authority for settling complaints between businesses and their customers. However, if you do not take up the problem with us first, any case will be referred back to us by the ombudsman in the first instance.
If your complaint falls outside of the remit of the Financial Ombudsman you may refer your complaint to the Credit Services Association by emailing info@csa-uk.com or calling 0191 217 0775. Azzurro are members of the Credit Services Association (CSA) and they investigate complaints raised between customers and their members in relation to the CSA Code of practise
Where you believe we are acting otherwise in accordance with the law you have the right to lodge a complaint straight to the supervisory authority. For the UK that would be The Information Commissioner’s Office.
An online service is available at: https://ico.org.uk/concerns/handling/
Recruitment
This section explains what personal information we collect as part of our recruitment process, and what we plan to do with it.
What We Collect And Why
The information that you provide and that which is obtained from other relevant sources will be used to process your application for employment. The information that you give to us will also be used in a confidential manner in order to help us to monitor our recruitment process. This information may include personal data and sensitive personal data as defined by legislation.
We will not send your Data outside the EEA. We may check the Data collected with third parties or with other information held by us. We may also use or pass to certain third parties the Data in order to prevent or detect crime, or in other ways as permitted or required by law or regulation. We will apply appropriate information security to the Data held within the recruitment system. We may also use the Data if there is a complaint or legal challenge relevant to the recruitment process.
If you succeed in your application and take up employment with us, the Data will be used in the administration of your employment with us and to provide you with information about us or third party via your payslip. If you are unsuccessful in your application, we will retain your data for a maximum of 12 months from your last activity unless you request us to delete it.
By submitting your application we will be assuming that you agree to the processing of sensitive personal data, (as described above), in accordance with our registration with the Data Protection Commissioner.
What We Will Do With Your Data
Your information will be solely used for the purpose of arriving at a decision relating to the success of your application to work for us and will never be passed to a third party, unless that third party is actively involved in the recruitment process (such as a Recruitment agency) or you first give us Explicit Consent to do so (such as us passing your CV to a partner organisation we feel you would be a good fit for).
Your Rights Over This Data
You have the right, at any time, to request a copy of the information we hold on file about you. This is known as a Data Subject Access Request and if you would like to exercise this right, please contact dpo@azzurroassociates.com stating you wish to make a DSAR and we will help you with the process.
You have the right to update and correct any information we hold. For example, if you have been rejected due to a lack of qualifications but we have agreed to keep you on file for the future, you can inform us of any new qualifications that make you more suitable for future employment and we will update our records accordingly.
Notifying us of any change to contact details would also be worthwhile.
You can object to our processing of your data, withdraw Consent (where we rely on consent) and request that data we hold about you be deleted at any time.
Where you believe we are acting otherwise in accordance with the law you have the right to lodge a complaint with a supervisory authority. For the UK that would be The Information Commissioner’s Office. An online service is available at: https://ico.org.uk/concerns/handling/
Summary Of How We May Use Your Personal Data
Under the GDPR and our new Data Protection Act 2018, you have a number of new rights, and the way companies use your data should be made clear to you – which is what this page is all about.
More information on the subject can be found at https://ico.org.uk/your-data-matters/
We have set out below the types of information we may hold (which will vary according to our relationship with you), the ways in which we may use your personal data, and which legal basis allows us to do so. We have also identified what our legitimate interests are where appropriate.
It’s all pretty straightforward and we use your data in ways you’d expect us to. There are no surprises, and we don’t do marketing, so the only contact from us will be in direct relation to your account, job or application to work for us.
Please note that we may process your personal data for more than one lawful reason, depending on the specific purpose for which we are using your data.
The lists are not exhaustive and are provided as a general summary, to inform you of the type of processing activity undertaken. Please contact us if you would like more detail about any of the information shown, such as which piece of legislation grants us rights, or where we have listed more than one type of data or Lawful basis, which one applies specifically to you.
Identity Data
May include first name, last name, maiden name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data
May include current address, previous address(s), email address and telephone numbers.
Financial Data Customers – may include original debt value, additional advances/credit, interest and charges, historic and current notes about your account and financial situation. We store no bank account or payment card details. Employees – we store your bank details to pay your salary.
Transactional Data
Customers – may include details about payments made by you, credits made against your account, notes and details about your account and collections.
Employees – Salary and expense payments, pension contributions and other benefits paid.
Profile Data is a tag to identify you as a job applicant, member or former member of staff, or a customer.
Performance Data may include productivity, sickness, absence information and statistics, accident reports, qualifications and CPD.
Communications Data may include details of your preferences in how we make contact with you, emails and letters, notes and transcripts, and some recordings of calls.
Technical Data may include internet protocol (IP) addresses, operating system, browser type, location (country only), date and time of contact. For employees this will also include systems access and usage logs.
| Purpose/Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
| To register you as a job Applicant, new member of Staff or a new Customer | Identity
Contact |
|
| To deal with a general enquiry | Identity
Contact |
|
| To deal with a Subject Access Request | Identity
Contact Financial Transactional Communications Performance Technical |
|
To manage our relationship with you which may include:
|
Identity
Contact Profile Communications Performance |
|
To manage your account and records, which may include:
|
Identity
Contact Financial Transactional Communications Performance Special Category Data |
|
| To maintain an archive of your data, following the end of our relationship | All account data |
|
| To administer and protect our business (including data analysis, testing, system maintenance, support, audit, reporting and hosting of data) | Identity
Contact Financial Transactional Communications Technical Performance |
|
| To use data analytics to improve our business processes |
Financial Transactional Technical Performance |
|
Data Retention Periods
The period of time we retain data for depends on a number of factors, such as its relevance, its purpose, its source and any regulatory or legal requirements we must consider.
We follow the requirements of the Data Protection Act 2018 and GDPR in terms of only retaining data for the purpose(s) it was collected for, ensuring as far as possible that it is correct and accurate, and not stored for any longer than we or the law requires. Where we identify an issue with our data, we take appropriate action to correct and update as quickly as possible.
In general:
General information from enquiries and questions is retained only until we have answered the question We may retain certain aspects for longer, for the purpose of FAQs to better answer future questions or to evaluate our service and communications, but no personal information will be retained.
Recruitment information is retained until the end of the process and a decision is made. For an unsuccessful candidate we will retain for longer if you like the idea of working with us and wish to be considered for future roles, and you can still ask us to delete at any time.
Where you are successful, most of your information is retained within staff records and updated throughout your employment, with the exception of CRB/background checks which are deleted shortly after you join as they serve no further purpose.
Customer data is typically retained for 6 years after the end of our relationship in case of future legal action, query or audit.
Some retention periods are longer as they are governed by the type of debt involved
If you have any specific questions about your data, please get in touch via:
