The CollectionHub.com Ltd. (“CollectionHub”, “Hub”, “we”, “us”, or “our”) is strongly committed to protecting the privacy and security of your personal data. This privacy notice aims to give you information on how CollectionHub collects and processes personal data during the use of our website and during and after the use of any of the services provided by us and eventually by our group companies.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. We process your personal data only to the necessary extent and for the stated purpose. If you have given us a consent to do so, we use your personal data for purposes stated in such consent.
When collecting and using personal data, our policy is to be transparent about why and how we process personal data. To find out more about our specific processing activities, please go to the relevant sections of this notice. Please note that we may update this notice at any time.
1. IMPORTANT DEFINITIONS, DATA CONTROLLER AND CONTACT DETAILS
Personal data or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Data subject is you because personal data we process concerns you. Data subjects are not legal entities.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller is the one who determines the purposes and means of the processing of personal data. We, CollectionHub Ltd. (Company Number: 10744526) 107-111, Fleet Street, London, United Kingdom, EC4A 2AB, are the controller and the person responsible for your personal data. Our e-mail is firstname.lastname@example.org and phone number is + 44 20 37 69 19 90.
To protect personal data, we have appointed a Data Protection Officer who, among other things, ensures that all processing of personal data in our company is conducted in a proper and lawful manner.
The e-mail of the Data Protection Officer is email@example.com and the phone number of the Data Protection Officer is + 44 20 39 58 44 40.
Processor is the one who processes personal data on behalf of the controller. As we collect information about our client’s receivables, we may process personal data of their debtors. In such case the processing of their personal data is carried out on behalf of our clients as controllers therefore we are the processor. This means that our clients determine the purposes and means of the processing and they are responsible for lawful, fair and in transparent manner processing of their debtor’s personal data.
Legitimate interest is one of the lawful reasons based on which we can process your personal data. For more details please click here to see our Legitimate Interest Policy.
2. WHAT KIND OF PERSONAL DATA DO WE USE?
The personal data CollectionHub collects about you will depend on the services you use and subscribe to. CollectionHub processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
We will process the following categories of personal data about you:
|Identity Data||Personal contact details such as name and title, residence and date of birth, nationality (if this is necessary for us to comply with our legal and regulatory requirements)|
|Contact Data||Addresses, telephone numbers, and personal e-mail addresses|
|Financial Data||Bank account details and other banking information|
|Transaction Data||Billing history and anything else relating to transactions between you, CollectionHub and our other clients|
|Profile Data||Information which you give to us in your communications with us, information that you provide to us when using the Hub.|
|Data Relating to Receivables||Identity data and Contact data of debtors as listed above and data about the amount and reason of the receivable|
|Marketing and Communications Data||Preferences in receiving marketing from us and our third parties and communication preferences|
|Technical Data||We may also collect technical data and information about your activity on our website including information about the browser or device you use to access this site, your IP-address, how you use our website and the pages you visit, traffic and location data|
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
3. WHAT ARE THE SOURCES OF PERSONAL DATA?
We collect personal data from multiple sources, always in accordance with legal regulations based on one or more legal titles.
Direct interactions. Information we hold about you comes directly from you in the most cases. You may give us your Identity, Contact, Financial, Transaction Data and Data Relating to Receivables when you use our website and our services. We will collect additional personal data while performing our contract with you and in providing our services to you throughout the period of your contract with us.
Third parties or publicly available sources. We may sometimes receive personal data and additional information from third parties including our clients, credit reference agencies or other background check agencies, our business partners; and business directories.
4. FOR WHICH PURPOSES WE PROCESS PERSONAL DATA WITHOUT YOUR CONSENT?
We will only use your personal data without your consent when the law allows us to do so. We will use your personal data in the following circumstances:
- Where we need to comply with a legal obligation;
Where we need to
perform the contract, we have entered with you; and
Where it is
necessary for our legitimate interests(or those of a third party) and your interests and fundamental rights do not override those interests.
To protect your interests we may process your personal data in the following circumstances:
- Carrying out our obligations arising from any contracts entered between you and us;
confirmthat your offers have been received and to process them;
- To provide our services;
- To provide you with the information and services that you request from us;
billing purposes, to manage payments, fees and charges;
- To collect and recover money owed to you or us.
We need all the categories of personal data in the list above primarily to allow us to perform our contract with you. In some cases, we may use your personal data to pursue legitimate interests of our own, provided your interests and fundamental rights do not override those interests. The type if data and situations in which we will process your personal data are listed below.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To use our website and to perform our contract with you, i.e. to connect creditors and collectors in order to quickly and effectively recover debts.||
(e) Data Relating to Receivables
(a) Performance of a contract with you.
(b) Necessary for our legitimate interests (to recover debts due to us/our clients).
|To validate you as a registered client when using our services and calling our client services.||
|(a) Performance of a contract with you.|
To notify you about changes to our services and to make suggestions and recommendations to you about or services that may be of interest to you.
To improve the Hub’s services by customising your user experience and to measure the performance of our services and improve their content and layout as well as manage and protect our information technology infrastructure.
(f) Marketing and Communications
|(a) Necessary for our legitimate interests (to develop our services and grow our business).|
|For the administration of files and records; business management and planning, including accounting and auditing.||
(d) Data Relating to Receivables
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services).
(b) Necessary to comply with a legal obligation.
|To manage risk, or to detect, prevent, and/or remediate fraud or other potentially illegal or prohibited activities and to detect, prevent or remediate violations of the General Terms and Conditions or an agreement.||(a) Identity||(a) Necessary for our legitimate interests.|
|To provide targeted marketing and advertising, provide service updates, and deliver promotional offers, if you have requested information from us or services from us, and in each case, you have not opted out of receiving that marketing.||
(f) Marketing and Communications
|(a) Necessary for our legitimate interests (so we can provide you with interesting content and improve our services to your satisfaction).|
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal data.
5. FOR WHAT PURPOSES WE PROCESS PERSONAL DATA ONLY WITH YOUR CONSENT?
The processing of personal data for which no other legal title can be found can only be processed with your consent. Providing such consent is entirely up to your decision and you can revoke it at any time. With your consent, we process personal data for the following purposes:
1. Marketing if you are not yet our client and
2. Third-Party Marketing.
We will get your express opt-in consent before we share your personal data with any company outside the CollectionHub group of companies for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us at any time.
6. HOW WE PROCESS PERSONAL DATA AND HOW WE PROTECT IT?
We will only use your personal data for the purposes for which we have collected it , unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We take the security of all the data we hold very seriously. We adhere to internationally recognized security standards and our data security management system relating to client confidential data is independently certified as complying with the requirements of ISO/IEC 27001: 2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
7. WHO WE MAY SHARE THE PERSONAL DATA WITH?
We are part of a global network of companies and in common with other professional service providers, we use third parties located in other countries to help us run our business.
As a result, personal data may be stored and processed outside the countries where we and our clients are located. This includes countries outside the European Union ("EU") and to countries that do not have laws that provide specific protection for personal data.
We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully. Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses. The European Commission approved standard contractual clauses are available here.
Personal data held by us may be transferred to:
1. Other CollectionHub group companies
We may share personal data with other companies form the CollectionHub group where necessary for administrative purposes and to provide professional services to our clients (e.g. when providing services involving advice from CollectionHub companies in different territories). For details of our companies locations, please click here.
2. Third party organizations that provide us applications/functionality, data processing or IT services
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of information technology, cloud based software as a service provider, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are in secure data centers around the world, and personal data may be stored in any one of them.
3. Third party organizations that otherwise assist us in providing services or information
4. Tax advisers, auditors and other professional advisers
5. Statutory and regulatory bodies and law enforcement authorities
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
8. HOW LONG WE KEEP YOUR PERSONAL DATA FOR?
We retain your personal data for as long as necessary to fulfil the purposes we collected it for. We retain your data as long as we are providing the services to you. We retain your data after we cease providing services to you, even if you close your account, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. We also retain your data to comply with our tax, and accounting obligations. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in that case we may use such data without further notice to you. We retain and securely destroy your personal data in accordance with applicable laws and regulations.
9. WHAT RIGHTS DO YOU HAVE IN RELATION TO THE PROCESSING OF PERSONAL DATA?
In personal data protection, you have several rights that you can exercise at e-mail firstname.lastname@example.org and phone number + 44 20 37 69 19 90 or at our headquarters which is 107-111, Fleet Street, London, United Kingdom, EC4A 2AB.
You have following rights:
- Right to access your personal data which means that you are allowed access your personal data and related information (e.g. purpose of processing, source of the information etc.). You can also receive a (hard) copy of your personal data we process, so that you can be ensured that we process it lawfully.
- Right to correct inaccuracies means that you are allowed to have any incomplete or inaccurate information we process about you corrected.
- Right to delete your personal data enables you to have deleted your personal data we process once there is no more any legal ground for processing such information.
- Right to restriction of processing your personal data means that based on your request we restrict your personal data we process.
- Right to object processing your personal data. When you wish us not to continue processing certain information , you have the right to object the processing. The objection should be justified. It should be clear why you think that processing affects your privacy or the protection of your rights and legitimate interests negatively. We will then evaluate whether the protection of our legitimate interest or our third party is becoming stronger than the impact on you. This does not apply to processing for the purpose of direct marketing where processing is terminated automatically upon receipt of the objection. It is true that even after you opt out of marketing communication, we can continue to contact you for the purpose of serving and fulfilling our rights and obligations.
- Right to withdraw consent. There are limited circumstances when your consent is necessary for the processing your personal data for a specific purpose(s). If you have provided us with your consent, you have the right to withdraw your consent at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your data for the purpose or purposes you originally agreed to, unless there is another legal ground for processing it.
- Right to transfer your personal data to another party means that we are obliged to provide another party with your; personal data at your request.
How to exercise your rights. If you wish to access your personal data, if you have any reason to believe the data we process is inaccurate, if you want to withdraw you consent to processing your data, or if you wish to exercise any of your above stated rights, please do not hesitate to contact us.
What We May Need. We may request specific information from you to confirm your identity, to ensure it is truly you who is accessing your data or exercising your right(s) related to personal data protection. This is an appropriate security measure to ensure that no personal data is disclosed to an unauthorized person.
No Fee Usually Required. We do not charge a fee for requests concerning your data privacy rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request under such circumstances.
10. WHAT IS OUR COOKIES POLICY?
When using cookies, our policy is to be transparent about why and how we use them. A cookie is a little text file containing letters and numbers that we store in your internet browser or hard drive of your computer. This little text file is then sent back to our server each time your browser requests a page from our server. It is used as a standard tool for storing information about how our website is used.
There are several types of cookies which can be sorted by different classes:
By a duration:
- Persistent cookies will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; or
- Session cookies on the other hand, will expire at the end of your session, when the web browser is closed.
By a party:
- First-party cookies are cookies created by our website you're currently browsing; or
- Third-party cookies are cookies added by a domain that is not the domain you are currently visiting. The most common use of third-party cookies is to track users who click on advertisements and associate them with the referring domain.
Cookies are used for several purposes. We use the following cookies on our website:
|Type of cookies||Description of cookies||These cookies help us to:|
|Technical cookies||We use these cookies to make our website work properly. The website could not work without them at all.||
|Functional cookies||We use these cookies to keep you logged in and to not have you to set your preferences all the time. In this case, your password is always encrypted. The use of these cookies is not necessary but will greatly enhance your visit to our website.||
|Analytical cookies||We use these cookies to help us improve our online website and provided services and products.||
To view customized bids and targeted ads within advertising and social networks on websites other than our website, we may also provide advertising and social networks with information about your website behaviour. However, if we do, we do not pass on your identifying information to such partners. See list of social and advertising networks below.
- Google Ireland Limited with its registered office Gordon House, Barrow Street, Dublin 4, Ireland: https://policies.google.com/technologies/cookies ; and
- Facebook Ireland Limited with its registered office4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02 X525, Ireland: https://en-gb.facebook.com/about/privacy
Here are some links to help you configure cookies in the most commonly used browsers:
Internet Explorer; and
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
If you have any questions about this privacy notice or how we handle your personal data, please contact us at e-mail email@example.com and phone number + 44 20 37 69 19 90.
In addition, our Data Protection Officer is also available at firstname.lastname@example.org and the telephone number + 44 20 39 58 44 40.