Privacy Notice

EOS Solutions UK Plc - Privacy Notice - May 2018

Who are we and why do we hold data about you?

We are a debt collection agency based in Warrington in the UK.  EOS Solutions takes privacy seriously and works hard to protect personal data and to limit the amount of personal data that we hold only to the things that are absolutely necessary for us to do our job.

We comply with the Data Protection Act 1988 and the E.U. General Data Protection Regulation 2016 (which we refer to as the GDPR.)  This policy describes how we do that.  
Our job is to collect money and data, or sometimes just data, to help our clients collect debt that is owed to them.  The debt is owed because a contract between our client and you has not been paid. 

In most instances our client is the data controller unless they have sold the debt to us, in which case the responsibility of data controller passes to us.   

Our general contact details are:
EOS Solutions UK Plc
2 Birchwood Office Park
Crab Lane
Fearnhead
Warrington
WA2 0XS

Telephone: 01925 816626    Email: contact@eos-solutions.uk.com

Who controls the data that you are holding about me?

If you have received a letter from us please refer to the back of the letter and the section Data Protection & Processing this will give you the name and contact details of the data controller and their data protection officer.
Failing that, if you do not have a letter from us or you cannot locate it, please contact us at:

Anthony Jenks
Data Protection Officer
EOS Solutions UK Plc
2 Birchwood Office Park
Crab Lane
Fearnhead
Warrington
WA2 0XS

Email: dpo@eos-solutions.uk.com

We will be able to tell you the contact details for the data controller and their data protection officer if it isn’t us.
 

What right do you have to hold data about me and why wasn’t I asked if it was okay for you to be sent my data?

The data controller has given us the data about you to help them collect a debt that is owed under a contract to them.  This gives them a right to send data to third parties such as EOS because there is a legitimate interest in us helping them to collect the debt.  This is allowed for under Article 6 (1) f of the GDPR.

They will have attempted to inform you of our involvement before your details were transferred to us and they will be able to give you more information if you contact them at the address on the reverse of the letter(s) we have sent to you.
 

Do you collect data about me?

Yes, whenever you communicate with us we will retain a record of the contact and details of what was said.  This information can be recorded because we have a legitimate interest in collecting the debt.  This is allowed for under Article 6 (1) f of the GDPR.

If you share with us details about your health we will ask you for consent to record this special category data; although we will only record information that is relevant to the data controller making a decision about how to handle your case.

What do you do with my data?

We use the data to attempt to contact you and to negotiate repayment of the outstanding debt.  We do not do anything else with your data, it is not given or sold to third parties; it is only ever used to collect the outstanding debt that has been passed to us by the data controller.

It is only ever the data controller (if that isn’t us) that we provide updates on our progress to; so if you talk to us or write to us the details of what you tell us will only ever be shared with the data controller or an advisor who you have authorised to help or work on your behalf.  
 

Who do you share my data with?

If your details are out of date, we will attempt to get current contact details for you to allow us to start the discussion.  To do this we may share your name, address, date of birth and contact details with third parties who will sell us any new telephone numbers or contact emails that they have for you.  If you want to know who the third parties are, please contact us at the address supplied above.

We do not however share any information with these data providers that is not needed by them to give us updated information.  So information about the debt and who it is owed to remains at EOS and is not shared.


All movement of your data between us and a third party is made by a secure method and encryption is used so that it remains safe at all times; no communications containing any personal data are ever exchanged by email or in the post.  
 

Do you send my data outside of the E.U?

Only rarely if the case is one of the very small number of cases that we deal with each year where you now reside in a country outside of the E.U.  

In that instance we would send your data to a partner company, selected and approved by EOS Group, to contact you locally.  The EOS Group data protection standards would have to be met though and they are set at the same level as they are here in the U.K. and across the E.U.

What happens when you have finished using my data?

We have an agreement with the data controller as to how long we will hold the full data before we start the process of wiping the data so that it cannot be linked to you.  There is also a set date at which point even the partially wiped data will be completely removed from our records.  

If you want to get more information from the data controller, you should contact them at the address on the reverse of the letter(s) we have sent to you and they will be able to tell you more.  The time periods have been agreed between us to allow for any future requests from you to see the data, without us keeping it any longer than we have to.

 

Do I have a right to withdraw my consent for you to use my data?

Consent for us to use and process your data is not always required and whilst any data subject can withdraw consent at any time, this can only be done where consent needs to be given to use the data.

However, as we have said in the What right do you have to hold data about me and why wasn’t I asked if it was okay for you to be sent my data?  Section above, the reason we are holding your data is for a legitimate interest in the collection of a debt.  Using your data for this reason does not need your consent and so you may not have any right to withdraw consent.

If you have given us consent to record some information about your health that is having an impact on your ability to repay the debt, you can choose to withdraw that consent and both us and the data controller will remove that data.  If the data controller has made a decision on how to handle your case based on that data they will let you know how this change will impact on the collection of the debt.

You have the following rights under Articles 15 to 22 of the GDPR: the right to information, correction, and deletion, restriction of processing and data portability.  To get more information on your rights and for details of any use of your data that has to be consented by you, please contact the data controller at the address on the reverse of the letter(s) we have sent to you and they will be able to tell you more.  
 

Do I have a right to alter or restrict the processing of my data?

The right to restrict processing or alter the data that we have processed about you does exist, but as with the right to withdraw consent, this is only possible in some circumstances.

You have the following rights under Articles 15 to 22 of the GDPR: the right to information, correction, and deletion, restriction of processing and data portability.  To get more information on your rights and for details of any opportunity you have to alter or restrict the processing of your data, please contact the data controller at the address on the reverse of the letter(s) we have sent to you and they will be able to tell you more.  
 

Do you ever use my data in automated decision making?

Some of our processes are automated, such as the sending of letters and the scheduling of calls; but only up to the point that contact is made with you.  Once we have made contact with you, the automation stops and will not resume without warning from us first.
 
We do not automate any decisions on taking further, or more severe action; these are only ever taken by an employee with sufficient knowledge of the process to make sure the action is appropriate.

Certain administration tasks such as closing a case and returning it to the data controller are automated, but these decisions are straightforward and do not need to be looked at by an employee.  
 

Who do I talk to if I want to lodge a complaint?

You should first raise your complaint with the data controller whose details are on the reverse of any letters that we have sent to you.  Alternatively contact us at:

Anthony Jenks
Data Protection Officer
EOS Solutions UK Plc
2 Birchwood Office Park
Crab Lane
Fearnhead
Warrington
WA2 0XS

Email: dpo@eos-solutions.uk.com


We will then refer the complaint to the data controller where that is not us and they will contact you directly.  


Article 77 of the GDPR say that you have the right to complain to our supervisory authority if you think there are valid reasons or indications that the processing we are undertaking is not lawful. If you feel that we have not dealt with your complaint satisfactorily, you can contact the Information Commissioner’s Office at:


https://ico.org.uk/concerns/handling/

 

If we change our policy, we will post the changes to this page so please check the website regularly for any changes to this policy. Where required by law we will obtain your consent to make changes to this policy.

May 2018