Skip to main content

Privacy Notice

Purpose

This Privacy Notice sets how and why Equivo Limited processes personal data, who the data is shared with and what rights you have in respect of the personal data we process. This is a general Privacy Notice for Equivo Limited. For applicants, please visit our Applicant Privacy Notice.

We may change this policy from time to time in accordance with changing privacy and data protection laws. Please visit this page occasionally to ensure that you are up to date with how we process your personal data. In this Privacy Notice any references to “we”, “us” or “our” are referring to Equivo Limited (“Equivo”).

About Equivo

Equivo is a trading name of Equivo Limited.

Equivo Limited is a limited liability company registered in England and Wales number 12058753. Equivo Limited’s registered office is Abbots House, Abbey Street, Reading, RG1 3BD. The addresses and contact information for each of our trading addresses can be found under the "Contact us" section of our website.

Equivo Limited is authorised and regulated by the Financial Conduct Authority (FCA). Firm Reference Number is FRN 845356. Details can be found on the Financial Services Register at register.fca.org.uk. We offer consumer credit and mortgage debt recoveries services.

Equivo Limited is also authorised and regulated by the Solicitors Regulation Authority (SRA), our SRA number is 811299. Our professional rules can be accessed, in English, from the Solicitors Regulation Authority website at www.sra.org.uk/solicitors/standards-regulations.

Equivo Limited has three key divisions; Collections & Field, Legal Services and Enforcement covering all disciplines within the recoveries lifecycle. Equivo Limited is authorised and regulated by the Financial Conduct Authority, the Solicitors Regulation Authority and authorised by the Ministry of Justice, coming together to enable unique in-house capabilities and expertise at national scale across four regional offices and supported by a nationwide field team.

In order that we can provide our services, we collect and use personal data about individuals. We collect and process different types of information depending on the purpose of processing. As a firm offering legal services, Equivo is a data Controller. This means that Equivo determines why and how the personal data it collects is processed. In very limited circumstances, Equivo may act as a data Processor, in which case it will process personal data only on documented instructions of another Controller.

As a Controller, Equivo is registered with the Information Commissioner’s Office (ICO) under the registration number: ZA542203.

How the law protects personal information and on what basis we will use your data

We may process your information for a number of different purposes, but we will only do so where we have one or more of the lawful bases. Data Protection regulations requires us to have one or more of these reasons:

  • When it is in our legitimate interest

We will in most circumstances process your data under our legitimate interests to do so. Such need will cover all activities required to carry out everyday business activities and will include:

  • Using your personal information to carry out debt collection and enforcement services;
  • Keeping business records;
  • Ensuring that we have up to date records;
  • Statistical analysis;
  • Analysing our business;
  • Management information;
  • Improving the services we offer;
  • Carrying out strategic reviews of our business model;
  • Developing and testing our systems.

When relying on this basis, we are under a duty to assess your rights to ensure that we do not use your personal information unless we can demonstrate a legitimate business need.

  • When it is our legal duty

When it is necessary to comply with our legal obligations. For example, our obligations under the law to protect vulnerable people or to comply with other statutory laws, such as the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017.

  • To fulfil a contract

Where you are our client and we enter into a contractual relationship with you, or where you are our employee. For details on how employees personal data is processed, please refer to the Workforce Privacy Notice.

  • Where we obtain a consent

In certain circumstances we may collect your personal data with your explicit consent. If this happens, we will inform you of your right to withdraw your consent, when it applies and what will happen with your data once you have withdrawn your consent.

  • Where it is necessary to protect the vital interests of an individual or another person

In some circumstances we may be required to collect your personal data where we believe that it is necessary to protect your or another person’s vital interests. Vital interests refer to matters of life and death and may be related to for example an emergency medical situation.

Processing personal information

Debt collection and enforcement services are provided in the public interest. We have a legitimate interest to process your personal data if your account has been issued to us for debt collection or enforcement activities. The processing of your personal data is necessary and lawful if your account has been issued to us for debt collection or enforcement activities, even if you do not consent to the processing. In accordance with our legitimate interest we may undertake activities such as:

  • Enhancement of data from different sources such as Credit Reference Agencies (CRAs);
  • Obtaining data from suppliers where our lawful grounds for processing permits us to do;
  • Tracing of individuals, vehicles and assets;
  • Reviewing historical cases we hold on you (such as accounts previously issued to us);
  • Scoring to ensure compliance with good debt collection practices and;
  • Searching public registers.

We will verify that the personal data we hold on you is correct and we will share your data with approved third parties such as Credit Reference Agencies, solicitors, Appointed Representatives and Certificated Enforcement Agents. Your data will be held securely in compliance with data protection legislation.

In circumstances where you provide personal information to us about other people, you must provide them with a copy of this Privacy Policy and obtain any consent where it is required for the processing of that person's information in accordance with this Privacy Policy.

Information we obtain, process and/or store

We hold the necessary categories of personal data for the efficient management of each account, and this applies whether you have engaged us to provide services for you or whether your personal information has been issued to us for the processing of debt collection or enforcement activities. The personal information that we collect about you will vary depending on our relationship with you.

To diligently assess your ability to enter into any repayment arrangement we process financial information about you such as; your repayment history, account default details, credit history, account notes/history, other debts, income and expenditure (means), your assets, other credit agreements, loans and your credit rating. This information is processed to enable us to determine your repayment affordability by assessing your current circumstances. We may also need to process the reasons for your non-payment and this may be subject to information you provide to us, such as family or personal circumstances, changes to your job/employment and/or any health conditions (see special categories of data) that may affect your ability to repay a debt.

To be able to effectively communicate with you, efficiently manage your account and to ensure correct identification, we will process the following information:

  • Full name (including title, forename, middle name and surname);
  • Date of birth;
  • Residential address(es) including former address(es);
  • Email address(es);
  • Mobile and landline telephone numbers;
  • Vehicle registration;
  • Vehicle registered keeper details;
  • National Insurance Number;
  • Driving Licence Number;
  • Deceased date (for deceased customers);
  • Trading name, business name or company name;
  • Employment status;
  • Employment details (including job title, employer name, address and contact details);
  • Credit reference data;
  • The location of your address or vehicle;
  • Information and expenditure information;
  • Visual and audio images obtained through use of body worn video recording equipment;
  • Financial information such as bank details provided for the collection of Direct Debits;
  • Bank details that you have permitted us to use on your behalf;
  • Information relating to your financial status or personal solvency;
  • Information relating to your debt;
  • Information held by our Client (claimant or creditor) relating to your account;
  • Details about the property associated with a visit;
  • Personal information collected pursuant to the debt collection and enforcement process;
  • Information obtained from credit and tracing checks;
  • Information obtained from public sources such as social media profile names;
  • Caller line identification;
  • Lifestyle information such as whether you are ex-directory;
  • Telephone call recordings;
  • Technical information about any visit that you make to our website including IP address.

Special categories of personal data we collect

Sometimes we will ask or collect information about your mental and physical health and in particular any information about disabilities you may have, any medical conditions, illnesses or whether you are pregnant. This type of information is known as 'special categories of personal data'. When we are carrying out debt collection or enforcement activities, we are required to determine whether individuals who are the subject of debt collection or enforcement action could be regarded as vulnerable. In order to make such a determination we may ask you for, or you may volunteer to give us, information about your vulnerability.

Processing of this data will occur on the basis of one of the following exemptions: where it is necessary for the establishment, exercise or defence of legal claims; where it is necessary to protect your vital interests, for example if we believe that discontinuing to process this data could result in significant harm to your well-being; or if we have collected this information with your explicit consent.

Withdrawal of consent

You have the right to withdraw your consent where we are processing your data using consent as the lawful basis. In the context of administering your account, withdrawal of your consent is only likely to apply, where we have collected ‘special categories of your personal data’ based on your explicit consent.

Do I have to provide you with my personal data?

Most of the personal data that we process about you will have come from another source than yourself, such as our Client, Credit Reference Agencies or our approved data suppliers.

You may choose to provide us with additional personal data or special categories of personal data. Such information helps us to manage your account with the appropriate diligence and due care for your benefit.

How we collect your personal information

We will collect your personal information from sources including:

  • Information provided from our Clients (the original claimant or creditor);
  • Credit Reference Agencies;
  • Third party tracing agencies;
  • Public sources (such as search engines or information available on the internet);
  • Driver and Vehicle Licensing Agency (DVLA);
  • Motor Insurance Database (MID);
  • Information obtained when address visits are made on our behalf;
  • Information provided by parties present when address visits are made on our behalf;
  • From body worn video recording equipment used on our behalf;
  • From information you provide to us;
  • From our website including through the use of cookies.

Who will we share your personal information with?

We may share your personal information within our group and with the following organisations:

  • Our Clients (the original claimant or creditor);
  • Appointed Representatives and/or Certificated Enforcement Agents to assist us in carrying out the debt collection or enforcement activities;
  • Third party agents and approved advisers who we use to administer your account, such as debt collection agencies, tracing agents, process servers and solicitors;
  • Our Regulators, the Financial Services Ombudsman and/or other authorities. This includes local and Government agencies, law enforcement agencies or social/welfare organisations;
  • Fraud prevention agencies;
  • Our independent financial or professional advisors;
  • Approved parties or consultants;
  • Executors of an Estate;
  • HM Land Registry;
  • Driver and Vehicle Licensing Agency (DVLA);
  • Motor Insurance Database (MID);
  • The Insolvency Service;
  • Insolvency practitioners, legal advisors and HM Courts & Tribunals Service (where we pursue legal actions or defend legal actions relating to your account);
  • Debt Management Company or a third party nominated by you to act on your behalf;
  • Approved subcontractors (suppliers who provide goods and services to us). Where this is necessary we will take all appropriate steps to safeguard your data and relevant rights and freedoms under the General Data Protection Regulation (GDPR);
  • Credit Reference Agencies (refer to the Credit Reference Agencies Information Notices):

Our own employed company personnel are extensively vetted in accordance with our Pre-Employment Screening (PES) Policy and will have access to your personal data. Access to your personal data will only be granted to appropriate screened personnel and only if necessary for the purposes described. Any such employee will always be required to process data in a confidential and secure manner.

Changes to Corporate Structure

We may also share your personal information if the structure of our company changes in the future. We may choose to sell, transfer, or merge parts of our business or our assets. We may seek to acquire other businesses or merge with them.

During any such change to our corporate structure, it may be necessary that we share your data with other parties. We will only do this if they agree to keep your data safe and private.

If any such change to our group or company structure happens, then other parties may use your data in the same way as set out in this notice.

How do we protect your personal information when sending it abroad?

We do not send your personal information outside of the UK.

In the event that this situation changes, we will notify you.

What marketing activities do we carry out?

We do not perform any marketing activities that use your personal information.

How long do we keep personal information for?

We will retain your data for as long as is required for the lawful purpose for which it was obtained, so long as we have a legitimate interest to keep it (such as to ensure good debt collection practices and to be able to defend ourselves against legal claims). We are also legally obliged to keep your personal data for a period of time to prevent and detect fraud, detect and evidence money laundering and for financial audits. We may also keep anonymised data for statistical purposes.

In cases where a debt is due and remains payable, data will be retained until such time the debt is either extinguished (Scotland), paid (settled) or closed.

Data will be maintained in accordance with the following retention timescales:

  • Customer data (including all correspondence, telephone call recordings and backups) will be retained for seven years following closure of the account (to allow for the defence of legal claims and/or complaints);
  • Body worn video recordings will be retained for a period of three years after the year in which the recording was made unless the case is subject to investigation or complaint at this point. In such circumstances recordings will then be deleted one year after the year in which the complaint/investigation is closed.

Right to be informed

You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the Data Protection Laws. Our Privacy Notice provides you with information including our purposes for processing personal data, retention periods for that personal data and who it will be shared with.

Right to access

You may request information on how we process your personal data, including information on:

  • Why we process your personal data;
  • What categories of personal data we process;
  • Who we share your personal data with;
  • How long we store your personal data or the criteria for determining this period;
  • What rights you have;
  • From where we have received your personal data (if we have not received it from you);
  • If the processing includes automatic decision making (also known as profiling);
  • If your personal data has been transferred to a country outside of the EEA, how we ensure the protection of your personal data.

All the above information is available within this Privacy Notice.

You may also request a copy of the personal data we process about you. This is known as your Right to Access. Requests for additional copies may attract an administrative fee or be considered manifestly unfounded and rejected where deemed reasonable and appropriate.

Right to erasure (to be forgotten)

The right to erasure is not an absolute right. However, if you believe that we process your personal data in an unlawful manner, you may ask us to delete this information. We will then review your request and respond to you on whether either confirming that your data has been deleted or explain the reasons for which we must retain your personal data.

Right to rectification

It is important that we have the right information about you and that we encourage you to let us know if any of your personal data is incorrect (for example if you have changed your name or your address). If you believe that any information we are holding on you is incorrect or incomplete, please contact us as soon as possible. We will promptly correct any information found to be incorrect.

Right to object

If you believe that we do not have the right to process your personal data, you may object to our processing. In such cases, we may continue processing it only if we can show that our overriding lawful basis for processing outweighs your rights and freedoms under the Data Protection Laws.

Right to data portability

Where processing is based on your consent or for the performance of a contract and where the processing is carried out by automated means, you have the right to data portability of the data you have provided to us.

Rights in relation to automated decision making and profiling

We do not undertake automated decision making or profiling. This means that we do not make decisions based solely on automated means without human involvement. As your account will be subjected to a manual review at periodic points throughout its lifecycle, our processing is not carried out by automated means.

Right to restrict processing

From the time you request that we correct your personal data or if you have objected to the processing of your personal data, and until we have been able to investigate the issue or confirm the accuracy of your personal data (or changed it in accordance with your instructions), you may be entitled to the restriction of processing. This means that (except for storing the personal data) we may process your personal data only in accordance with your consent, if necessary with reference to legal claims, to protect someone else's rights or if there is an important public interest in the processing.

In many circumstances, it will be necessary for us to continue processing data, to protect the rights of another (natural or legal) person, or because it is an important public interest.

Please note that once we believe that we have resolved the dispute or validated the accuracy of the personal data that we hold, we will continue to process your data in accordance with our overriding legitimate interest.

How to complain about the use of your data

You have a right to complain to the Information Commissioner's Office if you believe that any use of your personal information by us is in breach of applicable data protection laws and/or regulations. More information can be found on the Information Commissioner’s Office website: https://ico.org.uk. This will not affect any other legal rights or remedies that you have.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access to personal data or disclosure thereof, we have put in place appropriate electronic, physical and managerial procedures to safeguard and secure the information we collect.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree to our use of cookies, the file is added and the cookie helps us analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to our customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

The use of cookies help us to provide you with a better website experience by enabling us to monitor which pages you find useful and, similarly, which pages you do not find useful. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

How do I control/disable cookies?

You can opt-out of each cookie category (except strictly necessary cookies) by clicking on the button below:

Links to other websites

Our website may contain links to other websites of interest. Once you have used these links to leave our site, we do not have any control over that other website. We cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Notice. You should exercise caution and look at the Privacy Notice applicable to the website in question.

Updates to this Privacy Notice

We may need to make changes to this Privacy Notice periodically, for example, as the result of government regulation, new technologies, or other developments in data protection laws or privacy generally. Our most up to date Privacy Notice will always be shown on our website and you will be signposted to it in all of our communications.

Review and Risk Assessment

This policy must be reviewed at annual intervals from the date below, or as required by any regulatory change or as otherwise necessary.

Issue and Circulation

This policy will be circulated to all personnel, agency workers, consultants, sub-contractors and others working on behalf of the company irrespective of their location, function or grade.

Contacting us

If you require any further information, would like to exercise any of your rights or if you need to raise any concern, you can contact us at data.protection@equivo.co.uk

 

John Ingram
CEO
Equivo Limited

Date: 31 August 2021