How the policy is intended to work
Through the continued use of this site, you agree to and are bound by our policies.
What personal information we collect
The information we collect from you depends on the product or service you apply for, or the service that we provide to you. We will only collect information that we actually need, or where we’re required to collect the information to enable us to perform our legal, regulatory or contractual obligations necessary to provide you with the products or services, or where we have your permission.
This will likely include the collection of:
- your personal details (e.g. name, date of birth)
- address details
- contact details (e.g. phone number, email)
- special personal information* (e.g. health information)
- financial information
- employment information
- information on how you use our website(s) and products and services
Special personal information
Data protection law defines some personal information as “special categories of data”. This includes information about physical or mental health, sexual life, religious beliefs, race or ethnic origin, political opinions, trade union membership or biometric data. This information may be necessary to collect when understanding the reason for your financial circumstances, or where it may help us to provide a better service to you. For example, a period of ill health could have caused you to fall behind with your regular payments to your creditors.
Any personal information about you relating to criminal convictions or offences may only be used by us when authorised by law.
Information about other people
If you provide personal information about someone else, for example when a joint application is made, you must do so with the permission of the other person. If you enter into a service jointly with another person (for example, linked Individual Voluntary Arrangements), your personal information and any information about the service provided to you will be shared with the other person.
How we collect your personal information
We collect your information in a number of ways:
- When you make an application or enquiry to us either by phone, email, our website, by a third party or by any other means
- Information received from a third party, for example a creditor providing information about an account you hold with them, or where you have previously agreed for your information to be shared with us, for example, if you have been introduced to us by another company
- When you participate in market research, competitions and promotions provided by us, or on our behalf
- By adding reviews or interacting with us using social media such as Twitter or Facebook etc
- When you use online platforms, such as an online portal
- When we may need to obtain up to date information about you to meet our legal or regulatory obligations
How we use your personal information
We can only use your personal information where it falls into one or more of the following categories:
- it is necessary to enter into or fulfil a contract we have with you;
- you have provided your consent;
- we have a legal or regulatory obligation to do so;
- it is necessary to carry out a task that is in the public interest;
- it is necessary to protect your vital interests; or
- it is in our legitimate interest to do so and it is not against your rights.
Where you make an application or enquiry for one of our products or services we’ll use your information to provide you with appropriate information about any solutions we may be able to offer to you. If you cannot provide this information we may not be able to progress with your application or enquiry.
We may also use this information to contact you about and process your application, for example, sending you an email, text message or letter to welcome you to our services.
We will process the personal data we collect about you for the purposes set out below at purposes for processing your personal data.
After you have made your initial application/enquiry, if you also decide to go ahead with any of the products or services that we offer, the sections below explain how we will also process your data when we provide that particular product(s) or service(s).
Where we are providing you with a debt solution, such as an Individual Voluntary Arrangement (IVA) we will process your personal information to administer the services we provide. This may include contacting you where we may need further information or sending you updates on the progress of the services we provide to you.
Where we provide ongoing services, we will normally require you to agree to the terms and conditions of the debt solution or service. These will set out how we will provide the services to you and where we will be required, under the terms and conditions, to process your personal information. For example, we would need to share information with your creditors to enable us to set up and administer an Individual Voluntary Arrangement.
The Services we Provide
- Individual Voluntary Arrangements (“IVA”)
If you enter into an Individual Voluntary Arrangement (“IVA”), it will be provided by PennyPlan Limited. The information below specifically explains how and why your personal data will be used so that the services can be provided to you.
What personal data we need to collect
To be able to provide our services we will need to collect certain categories of personal data. This will include:
Contact Details: Your full name, address, contact number, e-mail address etc. We need this so that we can keep you updated on the progress of your IVA and contact you when necessary. We also need this information to draft your proposal to creditors.
Personal & Financial Details: Your date of birth, gender, any previous names that you were known by, your living arrangements, employment details, details of any dependants, creditor details (including the names of your creditors, reference numbers and balances), details of any assets you hold and your payment information. We need this so that we can decide whether an IVA is appropriate for you and so that we can draft and send a proposal to your creditors. Once you enter into an IVA, we need this information to ensure that we can collect payments and take any changes in circumstances into consideration when administering the IVA.
Income and Expenditure: Details of your financial position including all sources of income and your household expenditure. We need this so that we can draft your proposal to creditors and set the correct level of payments to be paid into your IVA.
Special Personal Data: In some circumstances, we may need to collect special personal data however we will not do so without express consent from you and we will only do so where it is necessary for the purposes of assisting with your financial situation.
Creditor Reference Agency Data: We will ask for your consent to obtain information from a credit reference agency to obtain information about your financial situation, including information about your creditors, their status, outstanding balances and account numbers. We will also use this information to confirm your identity and to comply with anti-money laundering legislation.
Call Recordings, Chat Logs and E-mails: When you contact us by telephone, your call may be recorded for training and monitoring purposes. We also keep any e-mail correspondence and online chat logs to help us to manage your IVA.
Who the data be shared with
Your Creditors and their Representatives: Your personal data will be shared with your creditors, their agents, debt collectors, bailiffs and solicitors dealing with the debts. This is key to allow us to provide the service we have agreed to provide you and also ensures that we comply with our regulatory obligations.
The Insolvency Service: If your IVA is accepted then details about you and your IVA will be recorded on the Insolvency Register which is accessible by the public. The information we share includes your name, gender, date of birth and address. We have a legal obligation to supply this information. The IVA register is provided to credit reference agencies, as well as being open for public inspection.
Our Regulators: From time to time we may have to share your information with regulatory bodies. These include the Insolvency Practitioners Association, the Information Commissioners Office or any other regulatory body or authority who may request certain information as part of their supervisory role. We are under legal and regulatory obligations to provide this.
Solicitors: We may from time to time need to instruct solicitors to assist with the administration of your IVA or to assist us with legal, regulatory and contractual obligations.
IT Providers: We use third-party software companies to help manage your data.
Puritie Limited, a case management system.
Fastdox Limited, a documents management system.
Insolvency Risk Services, an insurance broker.
Telephony companies, so we can communicate with you.
External printing company, who print correspondence that we send to you.
These companies help us to provide our services to you. We have contracts in place with all providers to ensure that they comply with their data protection obligations and ensure that they have appropriate security measures in place.
Agents: Where we have a duty to investigate any potential compensation claims that you may be entitled to, for example, payment protection insurance mis-selling claims, we will share some of your information with claims management companies.
Other Third Parties: We may also share your personal information where we have your consent to do so, or where we are required to do so under a legal or regulatory obligation, for example where we are required to do so by a court order, the police, local authorities or the courts or in the event that your contact details require to be updated and you cannot be traced. We might share some of your information with the emergency services if you are in any immediate danger.
Your personal data may be shared with tracing agents where we have a legitimate interest to obtain up to date contact information to help us to continue to provide the services to you.
If you have provided your authority or we have a legitimate interest to do so, or where we may be legally entitled to, we will share information with credit reference agencies (“CRAs”) to obtain information about your financial history or your credit commitments. We collect your information in a number of ways.
For further information on how CRAs may use your personal information you can view the Credit Reference Agency Information Notice here or from the three main CRAs – Callcredit; Equifax; and Experian.
We may also share your personal information where we have your consent to do so, or where we are required to do so under a legal or regulatory obligation, for example where we are required to do so by a court order, the police, local authorities or the courts or in the event that your contact details require to be updated and you cannot be traced. We might share some of your information with the emergency services if you are in any immediate danger.
Automated Decision Making
An automated decision is one which we rely on a computer or system to assess the information you provide to us to make a decision about you.
This may include:
- assessing your eligibility for a product or service, for example a credit check for a credit card or loan application
- detecting any fraudulent activity which may be taking place, or there is a risk that it could take place
- checking identity and residency statuses
If we do make an automated decision about you, in some cases you have the right to ask that we do not make our final decision based solely on the automated decision, and you can also object to the automated decision and ask that someone reviews it. If you want to do this, you’d need to contact us, or use the contact information which will be provided to you once you’ve received the automated decision.
Contacting you about the products or services we provide
To help us keep you up to date about the products and services that we provide to you, and to ensure that you’re kept fully informed, we may contact you by letter, telephone, email, text message, WhatsApp, push notifications, social media or may send you messages by any online customer platforms or other electronic means.
If you start an application for a product or service through us we will attempt to contact you shortly after if you were unable to complete your application for whatever reason.
If you do not want to be contacted in a particular way then you can request this at any time, but if we are providing a service to you, we do need to be able to send you communications. This can often be due to a legal or regulatory requirement.
It is important that you keep us up to date when you change your contact details to ensure that we use your up to date contact information.
How long we keep your data.
If you do not go ahead with any product or service with us, your personal information will normally be deleted after 12 months unless we have another reason to keep your personal information, for example, if you have given your consent to receive marketing information from us. We will delete your information sooner if you ask us to.
If you become our customer by entering a debt solution, we will keep your data to ensure that we provide you with our services and comply with our legal and regulatory obligations. Your data will be stored for 6 years from the date that we cease to provide you with our services. We cannot delete this data if you ask us to because we are required to keep it by law. After this time, we will delete the information or anonymise the data so that it cannot be linked back to you.
Other purposes for processing your personal data
To help us understand you better and provide you with information about other products and promotions which may be suitable and relevant, we will use your personal information to create a profile of you and your circumstances. This allows us to provide more relevant, accurate and tailored services to you. For example, we may assess your income and expenditure to determine whether you would be eligible for a debt solution through us or enrol you into a promotion the company or group is running whilst you are a client. We believe we have a legitimate interest to do this and that it is not against your rights.
However, if you don’t want us to profile your personal information this way, to then better enable us to tailor any marketing communications to you, you can contact us to let us know that you wish for your personal data not to be used in this way.
Reviews and Market Research
Where we have a copy of your personal information we may contact you to ask you to provide a review about the services you’ve received or where we are carrying out market research which may help us design future products and services or to help improve our current services. Although this information would really help us, you wouldn’t be required to provide us with this information unless you were happy to. We consider that this is in our legitimate interests to contact you in this way for market research purposes.
Legal or Regulatory Obligation
We are required to process your personal information where we have a legal or regulatory obligation to do so, for example, to adhere to anti-money laundering or our regulatory obligations.
Responding to complaints or enquiries
If you make an enquiry or complaint with us, we will use your personal information to investigate the complaint and deal with your enquiry. We have a legal and regulatory obligation to deal with your complaint appropriately.
As part of our legitimate interest to develop our business and our products we will use your personal information to assess our performance as a business and for statistical analysis. We will use as little personal data as we can to achieve this. We may also share this analysis or personal data with third parties who provide us with services including conducting research for us and/or where we have a contractual obligation to do so.
Who we share your information with
We may also share your personal information with the following organisations:
- IT Service Providers who provide IT platforms or other IT services
- Payment Service companies that process transactions for us (e.g. Direct Debits and card transactions)
- Communication providers (e.g. telephone line providers, and email and text service providers)
- Printers who print the letters and information packs which we send to you
- Advertisers and social media companies such as Facebook, Google and Twitter for our social media accounts or where we can contact you using your social media account
- Third parties who may have introduced you to our services
These companies help us to provide our services to you. We will have a contract in place with any provider who directly provides us with such direct services to ensure that they comply with their data protection obligations and ensure that they have appropriate security measures in place.
We may also share your personal information where we have your consent to do so or where we’re required to do so under a legal or regulatory obligation or court order, such as the police, local authorities or the courts.
Fraud prevention agencies
The personal information we have collected from you may be shared with law enforcement agencies and fraud prevention agencies who will use it to prevent fraud, money-laundering and terrorist financing and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment. Further details of how your information is used by us and these fraud prevention agencies, and your data protection rights, can be found by contacting us or email us at email@example.com
We use publicly available social media platforms to promote our services, to provide updates and to share any news and promotional updates. We may collect personal information from these social media platforms, for example, if you post a message on our Facebook page. By providing any of your information to us through these platforms you should be aware that:
- the social media web pages are publicly available and you must not provide any personal or sensitive information on our pages that are accessible to the public, such as your account information. We may ask you for your account information via a private message to identify you and to service any request you make
International Transfer of Data
We will only share your personal information outside the European Economic Area (EEA), where we have your consent; to comply with a legal obligation; or where we work with a business partner to enable us to provide you with our services, and they process information outside of the EEA.
If we do share your information outside of the EEA we will make sure that it is protected in the same way as if it was being used in the EEA to ensure appropriate safeguards are in place. This may include putting in place a contract with the business partner that means they must protect the personal data to the same standards as the EEA (this may include defined model clauses), or only share the data with a business partner in a non-EEA country where the privacy laws provide the same protection as within the EEA or where they are part of a Privacy Shield.
We take the protection of personal information very seriously and we will maintain appropriate measures to maintain the confidentiality, integrity and availability of the information you have provided. Such measures include:
- Company security policies and standards
- staff security awareness
- role-based and biometric access controls to prevent unauthorised access to the information
- encryption and anonymisation technology
- anti-malware technologies
- security monitoring
- security testing
- secure archiving and deletion
- compliance with industry regulation and legislation
How we may contact you about other products we offer
If you have provided us with your consent or where we are legally entitled to do so, we may contact you to let you know about other offers, products and services that we provide which we think you may be interested or that may benefit you. We may do this through post, emails, text messages, WhatsApp, telephone, push notifications, social media or other electronic means.
You can easily let us know at any time if you would no longer like to receive these messages. You can contact us using the details below, emailing us at firstname.lastname@example.org or unsubscribing using the link or information within the message.
Other types of advertising
We do not have any control over the advertisements you see on other third party websites however you can request to opt out or customise these advertisements by using the Google Ads Preference Manager.
We record some of the telephone calls you make to us or we make to you or any other third party. This is for training, monitoring and quality purposes and to meet our legal and regulatory obligations. Some telephone calls may be observed by staff for training and development purposes.
We may keep a copy of the telephone calls for up to 6 years from the date the telephone call took place.
In instances where a site user does not qualify for products administered by PennyPlan Limited, these people will be transferred to partners that can best administer a product suitable to the individual that is non-insolvency products.
For the purpose of Individual Voluntary Arrangements, Debt Management plans, Debt Relief Orders.
Debt Support Service Limited incorporated and registered in England and Wales with company number 06812829 whose registered address is at Regency Court, 62-66 Deansgate, Manchester, England, M3 2EN.
Financial Wellness Group Limited incorporated and registered in England and Wales with company number 05254787 whose registered address is at Think Park Mosley Road, Trafford Park, Manchester, M17 1FQ.
Access to your personal information
You have the right to request from us a copy of the personal information that we may hold about you. This is often called a “Data Subject Access Request”. You can request this information by contacting us as set out below.
Before providing this information to you or to another person or company where you have requested this personal information to be sent to, we may ask for proof of identity or ask sufficient questions to enable us to locate the information and ensure that we’re only providing it were you have given your agreement.
- Right to have your personal information corrected
If the personal information we hold about you is incorrect you have the right to request that we correct this.
- Right to stop or limit the processing of the data we carry out
You may request that your personal information is deleted or that we stop processing the information if we’re no longer entitled to process it. There may be occasions where we are unable to delete the data due to our legal or regulatory obligations. We will however discuss this with you if you request for your information to be deleted.
In some cases you may be able to request for your information to be provided to you or to another company in a format that can be processed electronically by you or the other company. If you want to request this you’ll need to contact us.
If you have any questions or queries about how we use your personal information you can contact us or our Data Protection Officer using the address or email below:
Data Protection Officer
Meadowbank Business Park
If you are not happy with how we process your personal information you should contact us in the first instance. If you’re not happy with how we have dealt with your complaint you have the right to lodge a complaint with the Information Commissioner’s Office. You can find their details on their website at https://ico.org.uk/
When using this website, some information may be collected automatically using ‘cookies’. These are small text files that facilitate the processing of your data and enable us to analyse how the website is being used. Cookies can be temporary or permanent.
Temporary cookies form part of the security process while you are using the website; permanent cookies identify the link you used to find our website, check your browser so that we can make sure that our website and services work well with your computer and to help us monitor traffic on our website.
- Why are cookies used?
They help visitors.
Cookies allow sites to do things like provide personalised content and remember their log-in details and settings. You can turn them off – this won’t stop a website from working, but it might mean it won’t work as well as it could, or that you have to do the same thing more than once.
They help website owners.
Cookies tell website owners things like what search engine a visitor used to find the website, how often they’ve visited it, how long they’ve spent on it, and so on.
We’ve set out below the cookies that we may use and those that are set by third parties on our website.
|Google Analytics||ON site behaviour tracking|
|Retargeting and tracking conversions|
|Bing Ads||Track Conversions|
Except for essential cookies, all cookies will expire after 10 years.
- Disabling/Enabling Cookies
You have the ability to accept or decline cookies by modifying the settings on your browser and by clicking on the disable button below. Please remember though that disabling certain cookies may affect the functionality of our website.
None of the features of our website will be affected – giving you the full experience.
If you are using Microsoft Windows Explorer:
Open ‘Windows Explorer’
Click on the ‘Search’ button on the tool bar
Type ‘cookie’ into the search box for ‘Folders and Files’
Select ‘My computer’ in the ‘Look In’ box
Click ‘Search Now’
Double click on the folders that are found
‘Select’ any cookie file
Use the ‘Delete’ button on your keyboard
If you are not using Microsoft Windows Explorer, then you should select ‘cookies’ in the ‘Help’ function for information on where to find your cookie folder.
Updates to This Policy