Privacy
Policy

Datatrac Limited specialises in the careful management and centralisation of consumer database access in order to support our legitimate interests covering the sharing of data to support enforcement, verification, credit and risk management, revenue collection / recoveries, asset re-unification, fraud investigation, vulnerability & affordability assessments, data enrichment and database tracing activities.

All data partners are declared to clients to enable source audits and undergo due diligence checks prior to using their data.

Enforcement, ID verification, credit and risk management, revenue collection, database tracing activities such as linking small pieces of information from multiple data sources to enable these activities.

Verification and enhancement of customer databases

Datatrac Limited only works with partners we think you can trust with your data. In each case, we ensure that our partners have collected your data fairly and compliantly and that you have been informed that your data will be shared with Datatrac’s Third Party Suppliers (normally in their own privacy notice). In addition, we ensure that they have been clear and transparent about the purposes for which Datatrac will use your data.

You have the right to withdraw your consent or object to our processing of your data at any time by contacting us using the details at the top of this policy.

A full list of data partners will be provided upon request.

We hold the personal data that you have provided to our data partners. This may vary from partner to partner, but this includes names, postal addresses, emails, telephone numbers, dates of birth, employment information, credit application data, personal information and lifestyle information.

We do not hold or process any of the following data about you:

• Financial data

• Health information

• Political preferences

• Religious preferences

• Sexual Preference

• Children’s data

Use of postal data

We make your postal address available for organisations to use for fraud investigation and prevention, collection and recoveries, asset re-unification, identity and verification

Use of telephone data

We make your telephone number(s) available for organisations to use for fraud investigation and prevention, collection and recoveries, asset re-unification, identity and verification

Use of email

We make your email address available for organisations to use for fraud investigation and prevention, collection and recoveries, asset re-unification, identity and verification

We share the data you provide with a number of credit / financial companies. They may combine, analyse and profile your information and share this information with other organisations for the purposes of:

• debt collection

• debt recovery

• fraud prevention

• tracing / locating you

• verifying your identity

• verifying the information they hold about you is correct

• assessing affordability

We rely on the legitimate interests of these organisations to share your data in this way. If you do not want your data to be used in this way, you can object here

The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided this is not outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.

The legitimate interests the data is typically processed for are:

Debt Collection and Tracing

We support debt collection and tracing where there is a legitimate interest in conducting such activities to find individuals to recover debts.

Asset Reunification

The process through which people are located, contacted and reunited with unclaimed or 'lost' entitlements as a result of forgotten investments, savings or matured policies.

Identity Verification

We support agencies that provide services for identity, verification and protect against anti fraud.

Customer Vulnerability/ Affordability

Supporting the identity of vulnerable customers to ensure they can afford further debt

The period for which we use personal data varies depending on the individual contract terms with our data partners. When our data partner sends us a refreshed file, any data beyond that partner’s retention period will no longer be in the file, meaning that Datatrac will no longer hold it. Additionally, when Datatrac stop working with a partner, we remove that data from our active systems, and then retain it for a period of 6 months for the purposes of Rights fulfilment (see below), before it is deleted fully.

We also need to retain information if there is a statutory retention period required for legal and regulatory reasons.

Datatrac has appropriate technical and organisational measures in place to restrict access to data and these are monitored regularly. We engage with a bureau that are Cyber Essentials Plus Certified, and systems are pen tested on an annual basis. Access to your personal information is strictly controlled on a ‘need to know’ basis. Staff members are only allowed access to your personal data if they have been sufficiently trained in data management.

We store your personal information in an Amazon Web Service cloud environment located in the UK. We do not transfer your data to any country outside this area.