The privacy and security of your personal data is of the utmost importance to us and we invest in measures that help to protect your data protection rights. We respect the privacy of our clients, their customers, our staff and our field agents and we ensure that the personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained.
This notice outlines how your data will be processed lawfully, fairly and in a transparent manner. It explains how we use, collect and store your personal data and your rights under the law relating to your personal data.
Personal data is defined by the United Kingdom General Data Protection Regulation (the “UK GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified and covers obvious information such as your name and contact details, but also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
Each of the firms within the Group is a separate Limited company, registered in England & Wales. In addition, each firm is registered individually with the Information Commissioner Office (ICO) for the purposes of Data Protection. Details are as follows:
|Firm Name||Company Reg. No||ICO Reg. No|
|Claven Group Ltd (Parent)||11053927||ZA309002|
|The Property Service Partnership Ltd||2703244||Z6834043|
|DMSFieldcall Limited (also trading as Capital Recoveries)||00629957||Z6130756|
The Registered Company address for each of these firms is Swan Court, Lamport, Northampton NN6 9EZ
Any queries regarding this Privacy Notice for any of the Group firms should be directed to:
Our Representative: Head of Group Audit & Compliance (Data Protection)
Address: Claven Group Ltd. Swan Court, Lamport, Northampton NN6 9EZ
Telephone: 01604 686000
We are defined as a Data Processor with regard to the Personal Data we process, on behalf of our client for the provision of services to our client’s customers.
The Data Controller is our client and they determine the purposes and means of the processing of personal data.
Wherever possible, queries regarding the processing of data should be directed to the Data Controller, in the first instance.
Information about the way in which the Data Controller processes your information can be found on their own Privacy Notice. You may find this by visiting their website or by contacting them directly. If you need help to do this, we will be happy to assist, just contact us using the details in Section 2.
Our clients provide us with your personal data in order that we can provide the requested services. This typically involves us obtaining new information, or updated information from you customer on behalf of the client and returning this to them.
Sometimes the services we provide include the ongoing management of your account, and where this is the case the information will only be returned to the client, when they request the information or when we cease to provide this service to them.
We may collect some or all of the following personal data (this may vary according to the service being provided us):
- Name; Date of birth;
- Contact details (including your current and previous addresses, telephone numbers and e-mail addresses).
- Financial information about you including payment history, credit reference information, employment details, income and expenditure, assets and creditors, property information and any other details relating to your account and how you maintain this.
- Details about the account being managed by us, such as your bank account (where Direct Debit is in place) Debit/Credit Card for the purpose of processing a payment only but this information is not stored
- Claven may obtain personal information about you when you use our website. If you make enquiries regarding our services or careers with us may be asked to send us personal information including, but without limitation, your name and contact details.
- On occasion, we may receive information from you regarding your physical or mental health. When you tell us this on the telephone or during a visit to you, and we believe the information to be relevant to any decisions made on your account, we will ask you for your consent to record this data.
This information is provided to us by our clients, or directly from you. We may also obtain information from Credit Reference Agencies.
Under the UK GDPR, we must always have a lawful basis for processing personal data. It is the Data Controller (our client) who determines the purposes and means of the use of personal data and this is set out in the individual agreements we have with our clients.
This is typically because it is necessary for performance of a contract our client has with you, because it is in our (or our clients) legitimate business interests to use it or in some circumstances, for example where you have volunteered information, because you have consented to the use of your personal data. Your personal data may be used for the following purposes:
- Managing your account.
- Supplying our services to you and our clients.
- Communicating with you and receiving and responding to communications from you. This may include responding to letters, emails or calls from you, or communication with you face to face.
- We use call recordings to resolve issues on your account, to improve our service standards.
- We use Survey Data for the purposes of analysing insights and information to enable us to improve our services.
- We may also obtain information from Credit Reference Agencies to trace customers and to prevent money laundering and/or fraud. We may also search public records, such as the Electoral Roll, that are available from Credit Reference Agencies to help us verify your identity.
- Ensure that we are able to fulfil our regulatory obligations regarding your account, including by verifying the accuracy of any information.
- Comply with our obligations under applicable laws.
- Investigate, and assist with the investigation of, suspected unlawful, fraudulent or other improper activity connected with the services (including, where appropriate, dealing with requests from regulatory bodies for the sharing of information).
- In the event that we sell or buy any business, assets or shares in part or whole we may disclose your personal details to such relevant third parties involved.
- The information collected via our website may be used to administer, support, improve and develop our business. Each web page access is recorded in a log file. The contents of the log file are analysed to determine how many visitors we serve, what pages they look at most, and from where they connect. This information is not shared with anyone outside our associates or affiliates.
We do not use your personal information for marketing purposes, and we don’t sell or pass your personal data to third parties for marketing purposes either.
We do not use automated systems to carry out any automated profiling or automated decision making.
Made by you via our Online Portal
Claven uses third party payment processor SagePay and WorldPay, to process payments made for products and services via the Website.
All online payments will be conducted in accordance with Payment Card Industry (PCI) data security standards and your billing information (which is only used by this payment processor for the purpose of performing fraud protection) is encrypted before being communicated to them.
Your card details are communicated directly from your browser to this payment processor – Claven never sees your full Permanent Account Number (PAN). This means that the payment form is either off-site or displayed in a frame on the payment page.
By telephone when talking to one of our advisors
If you make a payment by credit or debit card, we process your card information via a secure transport for the purposes of taking your payment only, we do not store your card details.
We are PCI DSS compliant. This is the worldwide Payment Card Industry Data Security Standard to ensure firms process card payments securely and reduce card fraud by enforcing tight controls surrounding the storage, transmission and processing of cardholder data that firms handle.
Under the UK GDPR, you have the following rights, which we will always work to uphold:
a) The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know about us. You can always contact us to find out more or to ask any questions using the details in Part 2, or you could contact the Data Controller (our Client) directly to find out how they use your personal data.
b) The right to access the personal data we hold about you.
c) The right to have your personal data rectified if any of your personal data is inaccurate or incomplete.
d) The right to be forgotten, i.e. the right to request that information we or our client holds be deleted.
e) The right to restrict (i.e. prevent) the processing of your personal data.
f) The right to object to use of your personal data for a particular purpose or purposes.
g) The right to data portability. This means that you can ask our client for a copy of your data to re-use with another service or business in many cases.
h) Rights relating to automated decision-making and profiling. We do not use your personal data in this way. You will need to contact the Data Controller directly to find out if and how they may use your data in this way.
Further information about your rights can also be obtained from the Information Commissioner’s Office www.ico.org.uk.
For more information about exercising your rights as outlined above, please contact the Data Controller directly, or contact us using the details provided in section 2.
We will not keep your personal data for any longer than is necessary or required.
The period of time we retain your data for depends on the nature of the services we are providing, the requirements of our client and their contract with us to carry out the services. Typically, this will be for no more than 6 years after completion of the required service.
We may be required to retain by information for longer than 6 years, but this is not typical. For example, this includes data for legal, regulatory, audit or tax purposes.
For more information about retention periods specific to your data, please contact the Data Controller directly, or contact us using the details provided in section 2.
Your information is stored on servers and filing systems in the UK, we do not transfer your data outside of the UK.
We may pass any data we collect to our Client (as the Data Controller), where applicable.
We may share data with the companies within our Group (including to its employees and subcontractors) which assists us in providing the services or which otherwise has a need to know such information. This includes our holding company and its subsidiaries as set out in section 2.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
We also contract with third parties to support the provision of services to you. We use third parties for the services outlined below. Not all of these will be applicable to your data please contact us if you would like more details relating to your information:
- Secure Server System Hosting & Data Storage
- Data Back up and Disaster Recovery Services
- Communications Lettering, Email, SMS and Telephony Services
- Field based customer information gathering
All third parties are fully vetted by us before we engage their services and we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
We may share your data with any contractors or other advisers auditing any of our business processes or who have the need to access such information for the purpose of advising us.
In the event that we sell or buy any business, assets or shares in part or whole we may disclose your personal details to such relevant third parties involved.
You may obtain a copy of your Personal Information by contacting the Data Controller (our Client).
Their contact details will be available on their website, or they may have already provided their contact details to you.
As part of their response to your request they will contact us a Data Processor to obtain a copy of any relevant information we hold to include in their response to you.
If you prefer you can send your request to us and we will forward this on to our Client for you. Please send this to us using the contact details in section 2.
We use a number of methods to ensure that all customer information remains confidential. We have developed a comprehensive policy for data protection management which is reviewed and updated as necessary.
When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, computer or mobile phone.
These include small files known as cookies. They cannot be used to identify you personally. These pieces of information are used to improve services for you through, for example measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast.
You can manage these small files yourself and learn more about them through “Internet browser cookies – what they are and how to manage them”.
Cookies for improving service
Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and volumes of usage so we can ensure that the service is available when you want it and fast.
|_utma||randomly generated number||2 Years|
|_utmb||randomly generated number||30 Minutes|
|_utmc||randomly generated number||when user exits browser|
|_utmz||randomly generated number and information on how the site was reached (e.g. directly, via a link, organic search or paid search)||6 Months|
For further details on the cookies set by Google Analytics, please refer to Google Code.
Please click here to download our latest Data Privacy Notice.
We are committed to providing the highest level of customer service and to behaving in a responsible, reasonable, and compliant way at all times.
If you feel we haven’t lived up to these expectations, then we would like to hear from you. In the first instance please contact us and we will do all we can to resolve any issues as quickly as possible without unnecessary fuss or formality.
Our complaint management process is fully compliant with the Financial Conduct Authority rules and which follows the guidelines recommended by the Financial Ombudsman Service and the Ombudsman Service.
We will do all we can to resolve your complaint immediately. If this is not possible, we will write to you within five working days to acknowledge your complaint and advise you of the person dealing with it.
We undertake to give you a full response within 4 weeks of receipt of your complaint or an explanation if more time is required.
Where more time is required, we are committed to giving you a full response within a maximum of 8 weeks from receipt of your complaint.
If we have not issued our ‘final response’ within 8 weeks, or the situation is ‘Deadlocked’, in that you are still dissatisfied with our response, you can ask the relevant Ombudsman Service for an independent review. The relevant Ombudsman Service will only consider your complaint once you have tried to resolve it with us, so please take up your concerns with us first.
Financial Ombudsman Service for a complaint relating to financial services:
Financial Ombudsman Service
Exchange Tower London, E14 9SR
Phone: 0800 023 4 567
The Ombudsman Services for a complaint relating to other services:
The Brew House