A good set of terms and conditions protects us – and, just as importantly, you. Here are ours:
- The content of the pages of this website is for your general information and use only. It is subject to change without notice.
- Neither we nor any third parties provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the information and materials found or offered on this website for any particular purpose. You acknowledge that such information and materials may contain inaccuracies or errors and we expressly exclude liability for any such inaccuracies or errors to the fullest extent permitted by law.
- Your use of any information or materials on this website is entirely at your own risk, for which we shall not be liable. It shall be your own responsibility to ensure that any products, services or information available through this website meet your specific requirements.
- This website contains material which is owned by or licensed to us and our designated design team. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
- All trademarks reproduced in this website, which are not the property of, or licensed to the operator, are acknowledged on the website.
- Unauthorised use of this website may give rise to a claim for damages and/or be a criminal offence.
- From time to time this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website(s). We have no responsibility for the content of the linked website(s).
- You may not create a link to this website from another website or document without DFC’s prior written consent.
- Your use of this website and any dispute arising out of such use of the website is subject to the laws of England, Scotland and Wales.
This Policy sets out the following:
- About DFC (and how to contact us)
- Our relationship to your Service Provider
- What information we collect
- Why we need your information
- How we use your information
- Website visitors and cookies
- Other recipients of information
- Storing your data
- Keeping your data safe
- Your rights
- Updates to this Policy
1. About DFC (and how to contact us)
We are Debit Finance Collections PLC (DFC), a company incorporated in England and Wales with number 03422873. Our registered office is at 16 Davy Avenue, Knowlhill, Milton Keynes, Buckinghamshire, MK5 8PL.
You can contact our Data Protection Officer with questions about this Policy or your personal data by writing to our office address (above, marking your letter for the attention of The Data Protection Manager), telephoning 01908 422 007 or emailing
[email protected]. You can also visit our website www.debitfinance.co.uk.
For the purposes of data protection law we will be a controller of your personal information in some situations (this means we make decision about how and why your information is used, and have a duty to ensure your rights are protected). In other situations we will be processor of your information (meaning we have no control of your information and only act on the instructions of your Service Provider).
We are registered with the UK Information Commissioner’s Office under controller number: Z504594X.
2. Our relationship to your service provider
We collect and process payments on behalf of your service provider (the “Service Provider”).
In order subscribe for the Service Provider’s services, you may be asked to visit an online portal and provide certain information, including contact details, payment information and other information. We operate and administer this portal (and collect information from you) on the Service Provider’s behalf.
3. What information we collect
We may collect some or all of the following information on individuals who use our services:
- personal details (such as your name, address, date of birth, telephone number and email)
- financial information (such as bank account details)
We will also store information about your payment history, including missed payments and unpaid debts. If you telephone us we may record that conversation for training or security purposes or in order to establish, defend or conduct a legal claim. We will also keep a record of correspondence (including emails and letters) between us and you.
We also collect information on our employees, contractors and other workers. If you fall into this category, we will provide you with separate and additional privacy information when you start working with us and during the course of our relationship.
We get information by collecting it from you directly (on the phone, on the internet or in person) or obtaining it from your Service Provider. If we are gathering information in order to collect or assist in collecting a debt you owe, we may also obtain information from other relevant third parties and public sources, including credit reference agencies, collection agencies, professional service providers, Companies House and the electoral register.
Where we need to collect Personal Data by law, or under the terms of a contract we have with you and you fail to provide that data when requested:
- We may not be able to agree, enter in to or perform a contract we have or are trying to enter into with you or a person or organisation associated with you, including your Service Provider.
- If you are an employee, contractor or applicant for a position with us, we may not be able to consider your application, provide you with pay or benefits, or administer a contract for services or contract of employment with you.
- Your Service Provider may decline to provide you with services.
- We may not be able to fulfil our legal obligations in respect of you, your organisation or as required under relevant law, and we may have to take steps to protect our legal position (for example, under anti money-laundering or anti-bribery laws), which may also affect our ability to do business with you or your organisation.
4. Why we need your information
We will only use your information with your consent, or because we need to use the information:
- enter into, or perform, a contract with you
- comply with a legal duty
- for our own (or a third party’s) legitimate interests, provided your rights don’t override the these (this includes promoting and operating our business, your Service Provider’s interest in operating its business and administering contracts with you, and our interest (and that of your Service Provider) in recovering unpaid debts)
In any event, your information will only be used for the purpose(s) it was collected for (or another closely related purpose, such as keeping records where necessary).
5. How we use your information
We use different types of information for different purposes. These are described below.
Identifying information and contact details
We collect basic information (such as your name and date of birth) in order to enable us to identify you and for us and the Service Provider to provide you with services. We also collect contact details so that we and the Service Provider can contact you.
Health data and other sensitive information
In some cases your Service Provider may request sensitive personal information (such as medical history or ethnicity) will be passed to the Service Provider and we will not store or have access to that data. If you have any questions or concerns about your sensitive information, you should contact the Service Provider directly (as we only process that information on the Service Provider’s behalf in accordance with its instructions).
We use your financial information to collect and process payments, and will act as a data controller in respect of this information.
If you fail to pay sums which are due (for example a subscription fee), your Service Provider may instruct us to recover the debt. In these situations, we may use your information (including contact details, and information about your payment history and dealings with us) in connection with debt recovery. We may assign or transfer or take an assignment or transfer of any debt and obtain or pass information about you to or from any person who assigns or takes assignment of the debt. We may also obtain information from or pass it to third parties who provide debt collection services, and to professional advisers such as a firm of solicitors. If this does occur, either us or the debt collection agency will contact and let you know. We may also share relevant information with the Service Provider, HM Courts and Tribunals Service and other professional advisers.
We do not use any form of fully automated decision making when dealing with your personal data.
6. Website visitors and cookies
Visitors to our website
We don’t normally collect or process personal information about visitors to our website unless they choose to provide information. We may collect non-personal information about visitors to our website as this helps us optimise and improve the website. This information might include your internet protocol address, the browser being used to connect to our site, the device (e.g. its operating system) and the connection type (e.g. the Internet service provider used). However, none of this information will directly identify you.
Google Analytics Cookies
The cookie file names are: __utma, __utmb, __utmc, __utmv, __utmz
The cookies will identify your browser, the times and dates that you interacted with our site and the marketing materials or referring pages that led you to our website. We use this information to compile reports (e.g. regarding the number of visitors to the site, where visitors have come to the site from and the pages they visited) and to help us improve the website. This information is anonymous and will not identify you.
7. Other recipients of information
We respect the privacy of your information, and will never sell or trade your personal data. We may however share or transfer your data in certain circumstances. Some of these are outlined elsewhere in this notice, but there are other situations where sharing or transferring your data may be appropriate.
We will share information with the Service Provider because this is necessary in order for them to contract with you and provide you with services (please see paragraphs 2 and 3 above for further details). If you have questions regarding the Service Provider’s use of your data, you should contact the Service Provider directly, as we have no control over or responsibility for its use of your information.
We might also share information with service providers (for example our IT support provider) acting on our behalf. We will only do this if it is absolutely necessary, and there will be a written contract in place to ensure the Service Provider only acts on our instructions. We may also share information in connection with recovery proceedings (please see ‘Financial Information’ above for more details on this).
We may also share information about you with other companies within our group [ including Transaction Services Group, a company limited by shares incorporated in England and Wales under registered number 09766556, with an address at Rockwood House, Perrymount Road, Haywards Heath, West Sussex, United Kingdom, RH16 3TW], and with any person who purchases or offers to purchase all or part of our business or the shares in our business.
We may contact you by email, telephone or post with updates or information about your account with us, notifications regarding your payments and also with updates to our terms of business or this Policy.
We are engaged to provide services to organisations like the Service Provider, and therefore do not market to our services to individuals personally.
We do send marketing emails, which contain information about DFC and our services, to organisations we think might be interested in them. If you receive such an email, it could be because your organisation is an existing client or has enquired about our services. Alternatively, we may have received the details of your organisation from a third party as we do, on occasion, purchase marketing lists containing contact details for potential business clients.
If you receive marketing communications from us, you can change how you hear from us or unsubscribe at any time. You can do this by clicking the “unsubscribe” link on any of our emails, or by writing to DFC, 16 Davy Avenue, Knowlhill, Milton Keynes, Buckinghamshire, MK5 8PL, telephoning 01908 422 007 or emailing [email protected].
If you have received a marketing communication in error and wish to complain then please contact [email protected].
9. Storing your data
We only store personal information for as long as required in order to fulfil the purpose it was collected for (or for a related compatible purpose, such as keeping a record of a transaction).
We regularly review what data we have and delete that which is no longer necessary. You also have a right to request that your data be deleted (the right to be forgotten), please see paragraph 11 for further details.
The Direct Debit Guarantee
The Direct Debit Scheme provides customers who pay by Direct Debit with a guarantee to protect against payment errors. The guarantee is not time limited and covers any payments you make to us. In order to ensure you are able to exercise your rights under the guarantee, we keep records of Direct Debit instructions and payments on file.
This information is not retained for a fixed period, and instead we keep it on file until we are satisfied that there is no longer a reasonable prospect you might make a guarantee claim. Once you cease using our services, we will restrict the use of this information so that it is securely stored and only accessed in the event of such a claim.
We normally only store personal information within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (such as a US organisation which is certified under the EU-US Privacy Shield framework).
If you believe that any information we are holding on you is incorrect or incomplete, please write to DFC, 16 Davy Avenue, Knowlhill, Milton Keynes, Buckinghamshire, MK5 8PL or email [email protected]
10. Keeping your data safe
We employ a variety of physical and technical measures to keep your personal data safe and to prevent unauthorised access to, or use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which personnel are required to follow when handling personal data.
Our online portal complies with the Payment Card Industry Data Security Standard (PCI-DSS), and we do not store card information. Any payment information you provide will be sent to us via a secure connection. However, we cannot absolutely guarantee the security of the internet or external networks or your own device, accordingly any online communications (e.g. information provided by email or through our website) are at your own risk.
11. Your rights
We want to ensure you remain in control of your personal information. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether or not we have your information and, if we do, to obtain a copy of the personal data;
- (from 25 May 2018) the right to have certain information provided to you in a portable electronic format, or transmitted to another data controller, where technically feasible;
- the right to have inaccurate data rectified;
- where personal data is processed on the basis of your consent, the right to withdraw that consent;
- the right to object to your data being used for marketing or for legitimate interests purposes;
- the right to restrict how your personal information is used; and
- the right to be forgotten, which allows you to have your data erased in certain circumstances (though this is not an absolute right and may not apply if we need to continue using the information for a lawful reason).
If you would like further information on your rights or wish to exercise them, please write to The Data Protection Manager, DFC, 16 Davy Avenue, Knowlhill, Milton Keynes, Buckinghamshire, MK5 8PL or email [email protected], making sure that you state your request clearly.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so (for example, because the information no longer exists or there is an exception which applies to your request).
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner’s Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
12. Updates to this Policy
DFC may update this Policy at any time. When we do, we will post a notification on the main page of our website, revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect.
This policy was last updated on 24th May 2018.
All comments, queries and requests relating to our use of your information are welcomed and should be addressed to:Debit Finance Collections Plc
16 Davy Avenue
United KingdomTelephone: 01908 422 000
Fax: 01908 422 009