Privacy Policy

EOS Solutions UK Plc is a debt recovery service dedicated to helping manage and resolve outstanding debts. We are registered in the UK and committed to protecting your personal data. This notice outlines how and why we process your personal information.

EOS UK both purchases debt and services debt on behalf of clients and so it can act as either a data controller or a data processor depending on the circumstances. We operate as the data controller in all purchased debt portfolios and as a data processor in all other debt recovery servicing.

Yes! Whenever you communicate with us, we keep a record of the contact and what was discussed. We do this because we have a legitimate interest in collecting the debt, which is allowed under Article 6 (1) f of the UK GDPR.

If you share any health-related information with us, we’ll ask for your consent to record this special category data. We’ll only keep information that’s relevant for the data controller (either us or our client) to make decisions about your case.

In the event of debt purchasing:

• Debt purchasing - Before we buy your debt

Before we buy your debt, we may receive some of your personal information from the original lender. We use this data to carry out important checks, such as verifying your information, conducting credit assessments, and determining the pricing for the debt collection process. In this role, we are considered a data processor and will only use your personal information based on the written instructions we receive from the original lender.​​​​​​​

• Debt purchasing - After we buy your debt

Once we buy your debt from the original lender, we gain all the legal rights to recover the amount you owe under your consumer credit agreement. The original lender will provide us with the necessary personal data required to assist in recovering your debt. At this point, we become the data controller for the transferred personal information.

Rest assured, we will only receive the minimum amount of personal data needed for the purpose of recovering the debt.

We process your personal data for the purpose of:

• Purchasing your debt.
• Identifying and contacting you to recover the money you owe us or our clients.
• Checking and confirming your identity as a customer, to ensure that we hold the correct information related to your case. 
• Sending notices and letters of information linked to your case (hello letters, payment reminders, notices to inform you about changes or to support you to become debt free).
• Processing payments regularly or ad hoc, based on the contract and legal obligation you have to us or our clients.
• Reviewing your case to offer support relevant to your circumstances.
• Responding to disputes in relation to your case.
• Detecting, investigating, reporting financial crime, and taking measures to prevent it.             
• Processing data, to fulfil our legal obligations as a company towards authorities, or regulatory bodies.

The data controller has provided us with your information to help collect a debt you owe them under a contract. This means that our clients have the right to share your data with third parties like EOS, as it serves their legitimate interest (as allowed under Article 6 (1) f of the UK GDPR) in facilitating debt collection.

Our clients should have tried to inform you about our involvement before passing your details to us. In any case we have reached out to you through hello letters at the first contact. If you want more information, please contact them using the address on the back of the letter(s) we sent you.

Alternatively, your information may have been shared with us because we purchased the rights to collect your debt and have a legitimate interest (as allowed under Article 6 (1) f of the UK GDPR) in facilitating debt collection.

We only process your data under one of these legal basis:

• You have given your consent in accordance with Art. 6 (1) a or Art. 9 (2) a GDPR UK.
• There is a legitimate interest for the processing Art. 6 (1) f GDPR UK .
• There is a legal obligation Art. 6 (1) c GDPR UK.
• It is necessary for the initiation or fulfillment of contractual relationships with you pursuant to Art. 6 (1) b  GDPR UK.

On behalf of our clients, in compliance with Art. 28 GDPR UK.

The personal data we collect varies based on our interactions and relationship with you. This may include:

Categories	Types	Sources
Website and customer portal users	IP address of the requesting computer Date and time of access  Name and URL of the retrieved file Website from which you reached the current website (referrer URL) Websites that are accessed via our website The browser used and, if applicable, the operating system of your computer and the name of your access provider	Directly from you.
Customers including potential customers	We may collect various types of personal information including your: Name. Address. Gender. Date of birth. Contact details (such as your current and previous phone numbers and email addresses). Account information, including references and outstanding balances, as well as your financial and credit score, credit and payment history Employment status and any relevant circumstances that may indicate you need additional support from us Information related to vulnerability such as details about your health condition. Any other information you choose to share with us that can help improve our interactions with you is also welcomed	Directly from you. Indirectly: Third parties authorised to represent you Original lender. Credit Reference Agencies.
Third Parties	Name. Address. Contact information (phone number and email address). Any other information, which helps us to have better interactions with you or the customer.	Directly from Third Party.

We use your data to contact you and negotiate the repayment of the outstanding debt. We don’t share or sell your data to third parties. It is only used to collect the debt which has been either purchased by us or assigned to us by the data controller. Updates on our progress are only shared with the data controller (if that isn’t us). So, if you communicate with us, the details will only be shared with the data controller or an authorised advisor working on your behalf.

If your details are outdated, we’ll try to get your current contact information to start discussions. To do this, we may share your name, address, date of birth, and contact details with one or more Credit Reference Agencies, who can provide us with updated information. We only share the necessary information with Credit Reference Agencies to help them provide us with updated information. For more about how they process your data, please check the Credit Reference Agency Information Notice (CRAIN) which we have provided here.

If we’ve purchased a debt, we’ll share information with the Credit Reference Agencies to identify ourselves as the debt owner, including the default balance and its current status (outstanding, paid in full, or partially settled).

All data transfers between us and third parties are done securely and encrypted, keeping your information safe.

We process your data in the UK, and in the E.U., where data protection and privacy standards are established, and your rights are protected. For example, in rare cases where you currently live outside the UK we’ll send your data to a partner company approved by EOS Group to contact you locally. They must meet EOS Group’s data protection standards, which are aligned with standards in the UK and across the E.U.

As the data controller we have a retention period for which we’ll keep your data. After the retention period is over, we start the process of deleting or anonymising the data. This process starts once we have no legal, contractual obligation, or legitimate interest to process your personal data.

If we process your data based on an agreement on behalf of our client, the data controller, we will keep your data based on instructions provided by our client.  

For more information, you can always contact our Data Protection Officer or the data controller at the address on the back of the letter(s) we sent you. The agreed timeframes allow for any future requests from you to see your data, without us retaining it longer than necessary.

If you’ve received a letter from us, please check the back of it for the section titled "Data Protection & Processing." There, you’ll find the contact details of the responsible data protection officer. If you can’t find the letter or haven’t received one, feel free to reach out to us at:
 

Stephan Bovermann
Data Protection Officer
Email: dpo@eos-solutions.uk.com

EOS Solutions UK Plc
Lytham House
Kelvin Close
Birchwood
Warrington
WA3 7PB
United Kingdom

Under the UK GDPR, you have the right to know how we handle your personal data. This Privacy Notice is designed to fulfill that obligation.

You also have the following rights:

Request a Copy of Your Data: You can ask for a copy of your personal data, commonly known as a Subject Access Request.

Request Corrections: If your personal data is inaccurate or incomplete, you can request that we amend it. It’s important to keep your information up to date, so please let us know about any changes.

Request Deletion: You can ask for your personal data to be erased if it’s no longer legally required or needed for a valid business purpose. Keep in mind that this isn’t an automatic right; if we have a valid business reason to retain your data, we may legally refuse your request.

Request Restrictions: You have the right to request that we restrict the processing of your personal data.

Object to Processing: You can object to the processing of your personal data when we are processing your data based on legitimate interest, or we are using profiling. However, this isn’t an automatic right, and if we have a valid business reason to continue using your data, we may legally refuse your request.

Request Data Portability: You can ask for your personal data to be transferred to another organisation or to you.

Protection Against Automated Decisions: You have the right not to be subject to decisions made solely based on automated processing, including profiling, if it significantly affects you. For further details see section 15.

If you’d like to exercise any of your rights, please contact our Data Protection Officer.

Check out some more important rights below. For more details on your rights or any consent-required data usage, please contact the data controller at the address on the back of the letter(s) we sent you.

Consent isn’t always required for us to use your data. While you can withdraw consent at any time, this only applies when consent is given.

As mentioned earlier, we hold your data based on our legitimate interest in collecting a debt, which doesn’t require your consent. Therefore, you may not have the right to withdraw consent in this case.

If you’ve consented to us recording health-related information affecting your ability to repay the debt, you can withdraw that consent. Both we and the data controller will then remove that data in the future. Withdrawing consent does not affect the processing of data retroactively. If the data controller has made decisions based on that information, they’ll inform you how this might impact debt collection.

Yes, you can request to restrict or alter the data we’ve processed about you, but this is only possible in certain situations.

We use automated systems to determine if you might be in a vulnerable situation or not. This helps us understand your ability to pay back any debts and allows us to communicate with you effectively. We do this because it is important for us to serve you better while we exercise our legitimate interest to collect the outstanding debt. The automated system will not have any significant effect on you because they are not used for decision making purposes.

Where such automated systems are used to organise your information , you have the right  to request information, to appeal and request for human oversight and intervention. In this instance we will review your account and determine whether the automated process reached the correct decision. 

You can always talk to us if you have concerns or need more information on how we manage your personal data, by reaching out to our Data Protection Officer using the contact details provided earlier. If we are the data processor we’ll refer your complaint to the data controller and they’ll get in touch with you directly. Alternatively, you can reach out to the data controller directly, whose details are on the back of any letters we’ve sent you.

If we’re unable to address your concerns, you have the right based on Article 77 of GDPR to file a complaint with the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/. Additionally, through Article 78 of GDPR you have the option to make a claim through the Courts if necessary.

Like most websites, we use cookies to make your visit to our site as comfortable and effective as possible. Cookies are small files created by the website and automatically stored in your device’s browser (like your laptop, tablet, or smartphone). They won’t harm your device and don’t contain viruses or malicious software. The information related to your specific device is stored in the cookie, but this doesn’t mean we know your identity directly.

Cookies help us improve your experience on our site. For example, we use session cookies to remember that you’ve visited certain pages. These are deleted automatically when you leave our site. We also use temporary cookies to enhance user-friendliness, which are saved for a defined period. When you return to our website, we can recognise you and remember your settings, so you don’t have to enter them again.

We categorise cookies into four types: “Necessary,” “Statistics,” “Comfort,” and “Marketing.”

Necessary cookies are essential for the basic functions of our website and ensure its security.

Statistical cookies help us improve our services and tailor the website to your needs by collecting anonymised data for analytics, such as site traffic and user behaviour.

Comfort cookies make using our website easier by remembering your preferences, so you don’t have to re-enter information each time you visit.

Marketing cookies allow us to provide you with relevant content based on your interests.

The data processed through necessary cookies is for safeguarding our legitimate interests (Article 6 (1) f of the GDPR). For comfort, statistical, and marketing cookies, we rely on your consent (Article 6 (1) a of the GDPR). You can change or withdraw your consent by clicking on the "Change Cookies settings" link at the bottom of our website.

Cookies we use:

Necesaary Cookies

Name	Java Session Cookie
Provider	Owner of this website
Purpose	This cookie helps the application server function correctly. It does not store any personal data.
Cookie Name	jsessionid
Cookie Duration	Session cookie - deleted when you close your browser.
Name	Cookie Consent Status
Provider	Owner of this website
Purpose	This cookie remembers that you’ve accepted the cookie banner.
Cookie Name	cookieconsent_status
Cookie Duration	60 days

Statistical Cookies

Name	nmstat Cookie
Provider	Siteimprove GmbH
Purpose	This cookie records your usage of the website, helping us gather statistics like when you last visited. It contains a randomly generated ID to recognise your browser but does not store personal information.
Cookie Name	nmstat
Cookie Duration	Persistent - expires after 400 days.
Name	AWSELB Cookie
Provider	Siteimprove GmbH
Purpose	This cookie ensures that all your page views during a visit are sent to the same endpoint, helping us track your journey on our site.
Cookie Name	AWSELB
Cookie Duration	Session cookie - deleted when you close your browser.

Comfort Cookies

Name	Visitor Cookie
Provider	Owner of this website
Purpose	This cookie helps us deliver personalised content to you.
Cookie Name	VISITOR
Cookie Duration	Session cookie - deleted when you close your browser.
Name	New Visitor Cookie
Provider	Owner of this website
Purpose	This cookie also helps us provide personalised content
Cookie Name	new_visitor
Cookie Duration	1 day

Marketing Cookies

Name	siteimproveses Cookie
Provider	Siteimprove GmbH
Purpose	This cookie tracks the sequence of pages you visit during a session, helping us create user journeys and make it easier for you to find relevant information.
Cookie Name	siteimproveses
Cookie Duration	Session cookie - deleted when you close your browser.

Cookie Management:

Most browsers automatically accept cookies, but you can adjust your browser settings to refuse cookies or to be notified before a new cookie is placed. Each browser has different instructions for managing cookie settings, which you can find in the Help menu of your browser. Here are some links to help you based on your browser:

• Internet Explorer
• Firefox
• Chrome
• Safari
• Opera

Please note that disabling cookies may limit your ability to use all features of our website.

We’ll post any changes on this page, so please check back regularly.

Last updated February 2025