How we use your data-Credit Limits International Ltd – Privacy Notice
Credit Limits International Ltd (CLI) are a debt collection agency based in Faversham, Kent (UK). We take privacy very seriously and commit to handle personal data in an appropriate manner. We comply with the Data Protection Act 1988, the General Data Protection Regulation 2016 (GDPR) and The Data Protection Act 2018.
All the services we offer have something in common: they are all aimed at assisting creditors to collect monies due to them. To do so we will collect data from a variety of sources. The debt may be owed for a variety of reasons including (but not exclusively) in respect of a contractual relationship between you and the creditor, as a result of an unpaid fine, underpaid taxes, failure to reimburse an overpayment or a duplicated payment, or any other situation, and we are instructed in respect of non-payment of your liability in respect of the contract.
The creditor is the data controller and we may act as a data processor or as a joint data controller depending on our mandate and the actions which need to be performed using your personal data.
Who controls the data that you are holding about me?
With the first letter you receive from us, you will also receive an Information notice in line with Article 13 and 14 of GDPR which contains the name and contact details of the data controller and information on how to contact the data protection officer.
If you do not have a letter from us or you cannot locate it, please contact:
Data Protection Officer
Credit Limits International Ltd
7 Church Road, Oare
When we are not the data controller, we will be able to let you have details of the data controller.
What right do you have to hold my data without my permission?
The data controller has supplied your personal data to us so we assist him in connection in relation to a debt collection matter. This gives the data controller the right to share your data with a third parties such as CLI as there is a legitimate interest to do so. This is referred to in Article 6 (1) f of GDPR.
Do you collect data about me?
Yes, whenever you communicate with us we will retain a record of the contact and details of what was said. We also obtain data about you from various other sources. All the information we gather can be recorded and processed because we have a legitimate interest in doing so for the purpose of collecting the debt owed to the creditor. This is referred to in Article 6 (1) f of the GDPR.
If you share details with us about your health or your financial circumstances, this is because you consent to do so and we will keep record of the data you share with us confidentially, although we will take care to only keep the information relevant to the case so that the data controller can make decisions in the way your case should be handled.
What do you do with my data?
We use your personal data to contact you and to negotiate repayment of the outstanding debt. We do not do anything else with your data, it is not sold nor given to, nor shared with any third parties unless these are also involved with the process of collecting the debt owed. The data passed to us by the data controller is only used to collect the debt owed to the creditor.
The data we collect is then shared with the data controller as we provide updates on how matters are progressing. So, when you (or an advisor you have authorised to act on your behalf) speak or write to us, what was said will be shared with the data controller.
Who do you share my data with?
If your contact details are out of date, we will attempt to obtain current contact information for you so we can get in touch with you and start a discussion. To do this we may share your name, address, date of birth and contact details with third parties who will provide up to date contact information for you.
We only share contact information with our information providers. Information about the debt is not necessary for the purpose of identifying new contact details for you.
We will only share information about your debt with third party debt collection partners such as process-servers, collection agents, Solicitors, enforcement agents, whom we may ask to act on our behalf.
All movement of your data between us and a third party is made by secured methods of data transfer and encryption is used so that it remains safe at all times.
Do you send my data outside of the EU?
Yes, if the data controller or you are based outside of the EU, the data we collect will be transferred wherever in the world the data controller or you are based.
When you are based outside of the EU, we send your data to a partner company, selected and approved by CLI, who will contact you locally. CLI data protection standards are met by all of CLI approved partners across the world and we require that they meet the same standards of protection of your data as that which you can expect in the UK and across the EU.
What happens when you have finished using my data?
We have an agreement with the data controller specifying how long we will retain your data securely prior to deleting and/or destroying it. We usually hold your data for a minimum period of six years in line with Statute of Limitation Laws in the UK.
Do I have a right to withdraw my consent for you to use my data?
Consent for us to use and process your data is not usually required as the reason why we are holding your data is linked to the collection of a debt and there is a legitimate interest for us to hold your data. Whilst any data subject can withdraw consent at any time, this can only be done where consent needs to be given for the purpose of using the data. This is not the case when your data is being held and processed in connection with a debt collection matter.
You have the following rights under Articles 15 to 22 of GDPR: the right to information, correction, and deletion, restriction of processing and data portability.
Do I have a right to alter or restrict the processing of my data?
The right to restrict processing or alter the data that we have processed about you does exist, but just as with the right to withdraw consent, this is only possible in some circumstances.
Do you ever use my data in automated decision making?
Some of our processes are automated, such as the sending of letters and the scheduling of calls but only up to the point that contact is made with you.
We do not automate any decision-making tasks which may have more severe action such as the starting of Court Action for example. Such decisions are only made by an employee with appropriate knowledge.
Other tasks such as monitoring instalments are automated, but these do not involve decisions being made which would have any severe consequences or implications.
Who do I talk to if I want to lodge a complaint?
You should first raise any issue relating to data protection with the data controller whose details are sent with our first letter to you. Alternatively, you can contact:
Data Protection Officer
Credit Limits International Ltd
7 Church Road, Oare
We will then refer your concerns to the data controller and they will contact you directly.
Article 77 of the GDPR say that you have the right to complain to our supervisory authority if you think there are valid reasons or indications that the processing we are undertaking is not lawful. If you feel that we have not dealt with your complaint satisfactorily, you can contact the Information Commissioner’s Office at: