This Privacy Notice (“notice”) is in respect of the personal data processed by Claven Group Ltd and its
subsidiaries (as detailed in Section 1 below) collectively referred to throughout this notice as “the Group”,
“we”, “our” or “us”.
The privacy and security of your personal data is of the utmost importance to us and we invest in measures
that help to protect your data protection rights. We respect the privacy of our clients, their customers, our staff
and our field agents and we ensure that the personal data we process is accurate, adequate, relevant and not
excessive, given the purpose for which it was obtained.
This notice outlines how your data will be processed lawfully, fairly and in a transparent manner. It explains
how we use, collect and store your personal data and your rights under the law relating to your personal data.
1. What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”)
as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by
reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified and covers
obvious information such as your name and contact details, but also covers less obvious information such as
identification numbers, electronic location data, and other online identifiers.
2. About Us
Each of the firms within the Group is a separate Limited company, registered in England & Wales. In addition,
each firm is registered individually with the Information Commissioner Office (ICO) for the purposes of Data
Protection. Details are as follows:
Firm Name Company
Reg. No ICO Reg. No
Claven Group Ltd (Parent) 11053927 ZA309002
The Property Service Partnership Ltd 2703244 Z6834043
Fieldcall Ltd 04898479 Z9242218
Debt Management Services Ltd (also trading as Capital Recoveries) 00629957 Z6130756
The Registered Company address for each of these firms is Swan Court, Lamport, Northampton NN6 9EZ
Any queries regarding this Privacy Notice for any of the Group firms should be directed to:
Our Representative: Head of Group Audit & Compliance (Data Protection)
Address: Claven Group Ltd. Swan Court, Lamport, Northampton NN6 9EZ
Telephone: 01604 686000
We are defined as a Data Processor with regard to the Personal Data we process, on behalf of our client for
the provision of services to our client’s customers.
3. Our Clients (The Data Controller)
The Data Controller is our client and they determine the purposes and means of the processing of personal
Wherever possible, queries regarding the processing of data should be directed to the Data Controller, in the
Information about the way in which the Data Controller processes your information can be found on their own
Privacy Notice. You may find this by visiting their website or by contacting them directly. If you need help to do
this, we will be happy to assist, just contact us using the details in Section 2.
Our clients provide us with your personal data in order that we can provide the requested services. This
typically involves us obtaining new information, or updated information from you customer on behalf of the
client and returning this to them.
Sometimes the services we provide include the ongoing management of your account, and where this is the
case the information will only be returned to the client, when they request the information or when we cease to
provide this service to them.
4. What Personal Data Do We Collect?
We may collect some or all of the following personal data (this may vary according to the service being
• Name; Date of birth;
• Contact details (including your current and previous addresses, telephone numbers and e-mail
• financial information about you including payment history, credit reference information,
employment details, income and expenditure, assets and creditors, property information and
any other details relating to your account and how you maintain this.
• details about the account being managed by us, such as your bank account (where Direct
Debit is in place) Debit/Credit Card for the purpose of processing a payment only but this
information is not stored
• Claven may obtain personal information about you when you use our website. If you make
enquiries regarding our services or careers with us may be asked to send us personal
information including, but without limitation, your name and contact details.
• On occasion, we may receive information from you regarding your physical or mental health.
When you tell us this on the telephone or during a visit to you, and we believe the information
to be relevant to any decisions made on your account, we will ask you for your consent to
record this data.
This information is provided to us by our clients, or directly from you. We may also obtain information
from Credit Reference Agencies.
5. How Do We Use Your Personal Data?
Under the GDPR, we must always have a lawful basis for processing personal data. It is the Data
Controller (our client) who determines the purposes and means of the use of personal data and this is
set out in the individual agreements we have with our clients.
This is typically because it is necessary for performance of a contract our client has with you, because
it is in our (or our clients) legitimate business interests to use it or in some circumstances, for example
where you have volunteered information, because you have consented to the use of your personal
data. Your personal data may be used for the following purposes:
• Managing your account.
• Supplying our services to you and our clients.
• Communicating with you and receiving and responding to communications from you. This may
include responding to letters, emails or calls from you, or communication with you face to face.
• We use call recordings to resolve issues on your account, to improve our service standards.
• We use Survey Data for the purposes of analysing insights and information to enable us to
improve our services.
• We may also obtain information from Credit Reference Agencies to trace customers and to
prevent money laundering and/or fraud. We may also search public records, such as the
Electoral Roll, that are available from Credit Reference Agencies to help us verify your
• Ensure that we are able to fulfil our regulatory obligations regarding your account, including by
verifying the accuracy of any information;
• Comply with our obligations under applicable laws
• Investigate, and assist with the investigation of, suspected unlawful, fraudulent or other
improper activity connected with the services (including, where appropriate, dealing with
requests from regulatory bodies for the sharing of information);
• In the event that we sell or buy any business, assets or shares in part or whole we may
disclose your personal details to such relevant third parties involved.
• The information collected via our website may be used to administer, support, improve and
develop our business. Each web page access is recorded in a log file. The contents of the log
file are analysed to determine how many visitors we serve, what pages they look at most, and
from where they connect. This information is not shared with anyone outside our associates or
We do not use your personal information for marketing purposes, and we don’t sell or pass your
personal data to third parties for marketing purposes either.
We do not use automated systems to carry out any automated profiling or automated decision making.
6. Card Payments
Made by you via our Online Portal
Claven uses third party payment processor SagePay and WorldPay, to process payments made for
products and services via the Website.
All online payments will be conducted in accordance with Payment Card Industry (PCI) data security
standards and your billing information (which is only used by this payment processor for the purpose
of performing fraud protection) is encrypted before being communicated to them.
Your card details are communicated directly from your browser to this payment processor – Claven
never sees your full Permanent Account Number (PAN). This means that the payment form is either
off-site or displayed in a frame on the payment page.
By telephone when talking to one of our advisors
If you make a payment by credit or debit card, we process your card information via a secure transport
for the purposes of taking your payment only, we do not store your card details.
We are PCI DSS compliant. This is the worldwide Payment Card Industry Data Security Standard to
ensure firms process card payments securely and reduce card fraud by enforcing tight controls
surrounding the storage, transmission and processing of cardholder data that firms handle.
7. What Are Your Rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
a) The right to be informed about our collection and use of your personal data. This Privacy
Notice should tell you everything you need to know about us. You can always contact us to
find out more or to ask any questions using the details in Part 2, or you could contact the Data
Controller (our Client) directly to find out how they use your personal data.
b) The right to access the personal data we hold about you.
c) The right to have your personal data rectified if any of your personal data is inaccurate or
d) The right to be forgotten, i.e. the right to request that information we or our client holds be
e) The right to restrict (i.e. prevent) the processing of your personal data.
f) The right to object to use of your personal data for a particular purpose or purposes.
g) The right to data portability. This means that you can ask our client for a copy of your data to
re-use with another service or business in many cases.
h) Rights relating to automated decision-making and profiling. We do not use your personal data
in this way. You will need to contact the Data Controller directly to find out if and how they may
use your data in this way.
Further information about your rights can also be obtained from the Information Commissioner’s Office
For more information about exercising your rights as outlined above, please contact the Data
Controller directly, or contact us using the details provided in section 2.
8. How Long Will We Keep Your Personal Data?
We will not keep your personal data for any longer than is necessary or required.
The period of time we retain your data for depends on the nature of the services we are providing, the
requirements of our client and their contract with us to carry out the services. Typically, this will be for
no more than 6 years after completion of the required service.
We may be required to retain by information for longer than 6 years, but this is not typical. For
example, this includes data for legal, regulatory, audit or tax purposes.
For more information about retention periods specific to your data, please contact the Data Controller
directly, or contact us using the details provided in section 2
9. How and Where Do We Store or Transfer Your Personal Data?
Your information is stored on servers and filing systems in the UK, we do not transfer your data
outside of the UK.
10. Do We Share Your Personal Data?
We may pass any data we collect to our Client (as the Data Controller), where applicable.
We may share data with the companies within our Group (including to its employees and subcontractors) which assists us in providing the services or which otherwise has a need to know such
information. This includes our holding company and its subsidiaries as set out in section 2.
In some limited circumstances, we may be legally required to share certain personal data, which might
include yours, if we are involved in legal proceedings or complying with legal obligations, a court order,
or the instructions of a government authority.
We also contract with third parties to support the provision of services to you. We use third parties for
the services outlined below. Not all of these will be applicable to your data please contact us if you
would like more details relating to your information:
• Secure Server System Hosting & Data Storage
• Data Back up and Disaster Recovery Services
• Communications Lettering, Email, SMS and Telephony Services
• Field based customer information gathering
All third parties are fully vetted by us before we engage their services and we will take steps to ensure
that your personal data is handled safely, securely, and in accordance with your rights, our obligations,
and the third party’s obligations under the law.
We may share your data with any contractors or other advisers auditing any of our business processes
or who have the need to access such information for the purpose of advising us.
In the event that we sell or buy any business, assets or shares in part or whole we may disclose your
personal details to such relevant third parties involved.
11. How Can You Access Your Personal Data?
You may obtain a copy of your Personal Information by contacting the Data Controller (our Client).
Their contact details will be available on their website, or they may have already provided their contact
details to you.
As part of their response to your request they will contact us a Data Processor to obtain a copy of any
relevant information we hold to include in their response to you.
If you prefer you can send your request to us and we will forward this on to our Client for you. Please
send this to us using the contact details in section 2.
We use a number of methods to ensure that all customer information remains confidential. We have
developed a comprehensive policy for data protection management which is reviewed and updated as
13. Web /Cookies
When we provide services, we want to make them easy, useful and reliable. Where services are
delivered on the internet, this sometimes involves placing small amounts of information on your
device, for example, computer or mobile phone. These include small files known as cookies. They
cannot be used to identify you personally.
These pieces of information are used to improve services for you through, for example measuring how
many people are using services, so they can be made easier to use and there’s enough capacity to
ensure they are fast.
You can manage these small files yourself and learn more about them through “Internet browser
cookies – what they are and how to manage them”.
Cookies for improving service
Google Analytics sets cookies to help us accurately estimate the number of visitors to the website and
volumes of usage so we can ensure that the service is available when you want it and fast.
Name Typical Content Expires
_utma randomly generated number 2 Years
_utmb randomly generated number 30 Minutes
_utmc randomly generated number when user exits browser
_utmz randomly generated number and information on how the site was
reached (e.g. directly, via a link, organic search or paid search) 6 Months
For further details on the cookies set by Google Analytics, please refer to Google Code.
Claven takes the responsibility of holding personal data very seriously and is happy to receive any
queries or concerns you may have. If you believe that we have not adhered to this policy or that your
data has been handled in a way which you feel is not in accordance with your expectations then you
may raise your concerns directly with the Data Controller or with our Data Protection Representative
Head of Audit & Compliance (Data Protection)
Claven Group Ltd
Northampton NN6 9EZ
Alternatively, you may contact the Information Commissioners Officer (ICO) directly who are the body
responsible for managing data protection compliance in the UK.
Information Commissioner’s Office
Cheshire SK9 5AF
Tel: 0303 123 1113
15. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law
changes, or if we change our business in a way that affects personal data protection.
Updated: October 2019