Newlyn PLC is registered with the Information Commissioners Office (ICO) as the data controller under registration number Z7559829 and have held this licence since 16 January 2003. Our registered address is Batchworth Place, Church Street, Rickmansworth, WD3 1JE.
Newlyn PLC are committed to safeguarding the privacy of all data obtained for the collection of outstanding debts such as Council Tax, Non-Domestic Rates and Parking contraventions.
2. About this Notice
This Privacy Notice explains what personal data we may collect and how it is used. This notice also explains what rights you have over your personal data and how you can use those rights.
This notice applies where Newlyn PLC are acting as the ‘data controller’ with respect to the personal data of its employees; where Newlyn PLC determines the purposes and means of the processing of that personal data.
This notice also applies where Newlyn PLC act as either the ‘data processor’ and/or ‘data controller’ with respect to the personal data of ‘data subjects’; where the Data Controller determines the purposes and means of the processing of that personal data..
3. Personal data we may obtain from others or collect from you
We may obtain or collect your personal information through various means, such as from:
Local authorities (data controller)
You; through our interactions with you (data subject)
Appointed representatives i.e. not the data subject (data processor)
Enforcement Agents (data controller and processor)
Our products and services (sub processors) used to assist with the collection of outstanding debts
Other data may be collected through email or other electronic correspondence, by telephone, by direct contact, or if you voluntarily submit it. We only collect information that is relevant to our services and necessary to identify you.
Some of the information we may collect is listed below:
Contact information such as Full name, home address, address history, email address, home and mobile telephone numbers.
Date of birth
Financial Details e.g. income and expenditure details to establish circumstances for repayment options
Information from Credit Reference Agencies, electoral roll, court records of judgments and bankruptcies and other publicly available sources.
Family, lifestyle, or social circumstances (normally obtained during the income and expenditure procedure to help ascertain your circumstances, namely your financial circumstances)
Employment details, status (normally obtained during the income and expenditure procedure to help ascertain your circumstances, namely your financial circumstances)
Personal data of any appointed representative acting on your behalf to verify who they are; name, address, relationship to you.
Visual and audio images of you through our use of Body Worn Video and audio recording equipment
Personal data collected arising from debt collection and enforcement processes, some of which may include sensitive personal data relating to physical or mental health and incidents which may occur during a debt enforcement visit.
LinkedIn or Facebook
Complainants and other individual’s information in relation to a judicial service complaint or enquiry
HPI (Hire Purchase Insurance) Check
Vehicle registration keeper details
Information you provide for a job application e.g. name and contact details, curriculum vitae, covering letter, references etc.
Newlyn may obtain additional personal or ‘sensitive’ personal data throughout the processes and procedures for collecting outstanding debts. Additional ‘sensitive’ personal data which has not already been supplied by the data controller but obtained by Newlyn PLC as the data processor could be; Physical or Mental Health Conditions, Criminal Proceedings, outcomes and sentences.
We are required to understand whether the people that we deal with could be regarded as vulnerable and this may involve collecting and using sensitive personal data. We may, for debt collection purposes, therefore ask you for some sensitive details or you may voluntarily give such personal data to us. We will only use this information for debt collection purposes, we will obtain your consent to process this data and may also share the sensitive personal data with the client (local authority) to ensure your case is managed appropriately.
Any such data will be obtained for regulatory compliance, self-regulatory practices, crime prevention and detection, for quality control and staff training justified by our legitimate interests or legal obligations.
4. Personal information collected via online forms (from you, the Data Subject)
Our policy is to respect and protect the privacy of anyone who visits the Newlyn website. Where we ask you for personal information via an online form, this information will only be used for the purpose indicated and will be held in a secure manner. It will not be used for any other purpose without your permission and will not be kept for longer than necessary (see section 10).
5. How we use your personal data
All personal information is stored securely and in accordance with the principles of the Data Protection Act 1998 and the EU General Data Protection Regulation.
Newlyn PLC use your data to provide the best possible services to you and to fulfil their legal obligation to staff and enforcement agents acting on their behalf. This includes:
Supplying services to you on behalf of our clients
Personalising and tailoring services for you
Responding to communications from you, including any complaints
Enabling payments to be made by debtors on behalf of the clients
Sharing information about incidents occurring at the doorstep to protect the health and safety of the individuals involved with debt enforcement visits
Collecting information (where appropriate) on the vulnerability of individual customers who they are collecting or enforcing debts against, to ensure that they are treated fairly.
6. Purposes for processing your personal data
We will process your data as necessary to manage and maintain your account until the outstanding debt has been paid;
We will maintain and keep up-to-date accurate records of you and to verify your identity
We will use credit reference agencies to trace your whereabouts so that we can obtain contact regarding your account(s) to recover the debts. The credit reference agencies (CRAs), in conjunction with the ICO and major financial services trade associations, developed a common form of privacy notice. The aim of this notice (known as CRAIN) was to ensure that the data sharing and the CRAs’ processing activities are transparent to consumers, in line with the GDPR’s requirements. Each CRA has produced its own version of this notice. The notice developed by TransUnion (formerly Callcredit) is called the TransUnion Bureau Privacy Notice and can be viewed at the following address https://www.callcredit.co.uk/legal-information/bureau-privacy-notice
We will enforce Liability Orders or Warrant of Control orders via certificated Enforcement Agents
Enforcement Agents will maintain a log and audit of all visits made to your property via the use of and storage of Body Worn Video cameras
We will process payments in line with PCI DSS guidelines and allocate these to your account(s)
We will use Automatic Number Plate Recognition (ANPR) technology for automatically reading vehicle number plates.
Calls are recorded for training purposes and for the analysis and management of internal staff performance. Call recordings may be reviewed also as part of a Complaint investigation. The use of this information assists with the improvement of our efficiency and effectiveness.
We will store all correspondence (letters, emails, text messages, documentary evidence etc.) in relation to any dealings with you for effective file management and for use in any necessary legal proceedings.
7. Legal basis for Processing your personal data
We will process your personal information as necessary to manage and perform a contract with local authorities:
To update your records
To trace your whereabouts to contact you about your account and recover the debt
To enforce a Liability Order or Warrant of Control
To recover outstanding monies owed
We will process your personal information for legitimate interests, a legitimate interest is when we have a business or commercial reason to use your data, such as:
We will monitor emails, calls, other communications and activities on your account(s)
For analysis and developing statistics
Data profiling – automated decision-making involving processing your personal data without human intervention to develop and improve upon our processes
For good governance, accounting, managing and auditing business operations
For compliance and regulatory requirements and related disclosures.
We will process your personal information based on legal obligation:
When you exercise your rights under data protection law and make requests
For compliance with legal and regulatory requirements and related disclosures
For establishment and defence of legal rights
For activities relating to the prevention, detection and investigation of crime
To verify your identity and make anti-money laundering checks
We will process your personal information based on consent:
When you make a request to disclose your personal data to other people or organisations such as a company handling my account on my behalf or a discuss with (family member)
When we process any special category of personal data about you at your request (such as race, ethnic origin, political opinions, religious beliefs)
You are free to change your mind and withdraw your consent to points K and l above at any time.
8. Data Sharing
Newlyn PLC may share your personal data with your consent or as necessary to recover the outstanding debt;
We may sometimes contract with third parties to supply services to you on our behalf. These may include payment processing, correspondence management and mailing, tracing agents. In some cases, the third parties may require access to some or all your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely and in accordance with your rights, our obligations and the obligations of the third party under the law.
We may also sometimes contract legal and other professional advisors such as Solicitors or legal representatives or auditors. In some cases, the third parties may require access to some or all your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely and in accordance with your rights, our obligations and the obligation of the third party under the law.
In certain circumstances we may be legally required to share certain data held by us, which may include your personal information, for example, where we are involved in legal proceedings, where we are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you to share your data in such circumstances and will comply, as required, with any legally binding request that is made of us.
When we investigate a complaint, we may need to share personal information with the organisation you have an outstanding debt with and with other relevant government bodies e.g. the Civil Enforcement Association (CIVEA) or the Information Commissioners Office (ICO).
We will share personal information with our enforcement agents to deliver the liability order or warrant of control.
We will only transfer data outside the European Economic Area (EEA), to third countries or international organisations where the organisation receiving the data has provided adequate safeguards.
For some activities Newlyn uses third party service providers, such as CCTV system provision and maintenance, IT development, support, maintenance and hosting, including the provision of applications and website hosting.
If our business is to be integrated with another business or sold, your details would be shared with our advisors and any prospective purchaser’s advisers. Your information will be passed to the new owners and you would be notified.
9. Cookies and IP addresses
We collect IP addresses only for the purposes of system administration and to audit the use of our site. We do not link IP addresses to anything personally identifiable, which means that while your user session will be logged you will remain anonymous to us.
10. Data Retention
We keep your data to enable us to fulfil our contract with the UK local authorities, where required by law or to protect legal rights.
We will look to keep your data to a minimum time in line with data protection and GDPR principles and our processes.
For example, we will keep your personal data for a minimum of 6 years from the date of account closure for legal purposes and will keep financial records for a minimum of 7 years for accounting and tax purposes.
We may keep your data for longer if we cannot delete it for legal, regulatory or technical reasons.
11. Your rights under GDPR
The General Data Protection Regulation (GDPR) provides you with the following individual rights:
The right to be informed about the processing of your personal data.
The right to have your personal data rectified if its inaccurate and to have incomplete personal data completed
The right to object to the processing of your personal data
The right to restrict processing of your personal data
The right to have your personal data erased (right to be forgotten)
The right to request access to your personal data and how it is processed
The right to move, copy or transfer your personal data (data portability)
Rights in relation to automated decision making including profiling
Some rights however, may be limited. We may be obliged by law or regulation to keep information. We must also respect other people’s privacy which means we may need to redact or remove information where it includes personal information about someone else, even if it is connected to you and your information. On occasion there may be a compelling legitimate reason to keep processing data.
If you have any queries regarding your rights, wish to object to how we use your data, or ask us to delete or restrict how we use your information, please contact the DPO as detailed in section 12.
If you wish to make a request for a copy of the personal information we hold about you, please send your ‘Subject Access Request’ to Newlyn PLC, PO BOX 933, Northampton, NN1 9DX or email Enquiries@newlynplc.co.uk.
To process a request from you, we may need to confirm your identity to ensure we are accessing the right data.
12. How to complain if you are unhappy with the use of your personal data
Should you have any queries relating to this privacy notice, please contact the Data Protection Officer (DPO) via email: firstname.lastname@example.org or in writing to: DPO, Newlyn PLC, PO Box 933, Northampton, NN1 9DX.
Should you remain not satisfied with our data processing purposes and procedures, you have the right to complain to the data protection Supervisory Authority of the UK who is the Information Commissioners Office (ICO). You can contact them at the details below:
Information Commissioner’s Office
0303 123 1113
13. Changes to this notice
We will update, change or add to this privacy notice in the future so please ensure you check back from time to time so that you remain happy with the changes and the way in which we process your personal data.
This notice was last updated and published on 05.09.2018.