Personal Data Privacy Notice
Version: 2.1
Date adopted: 10th November 2021
This privacy notice details how Data OD ltd, trading as Data On Demand and with the brands 4.ID, FIN.TRACE, ID.VU and RES.ID process and share personal data for the purposes below.
Your data protection rights are explained in section 9 below, including your right to object to some of the processing which Data OD carries out.
Overview
For the purposes set out above, Data OD provide data and data-related services to clients including:
Some of our services process data which may include:
More information about the data we use can be found in section 3.
In providing our services to clients, we may use third party service providers to assist us (a summary of the key providers can be found in the table at section 6).
We may need to send your details to other countries as part of our services, occasionally outside of the European Union – details are provided at section 7.
You have the right to object to our use of your personal data. Please see section 9 to find out more.
Click on any header section below from 1. to 10. to auto-scroll to that section.
1. Our company and how to contact us?
2. How do we use personal data?
3. Who shares personal data with us and what types of personal data do we process?
4. How long do we retain personal information for?
5. What is the lawful basis we rely on for processing personal data?
6. Who do we share the personal data with?
7. Where do we store personal data and where is it sent?
8. Data profiling and decision making.
9. What are your rights?
10. Who can you complain to if you are unhappy about the use of your personal data?
1. OUR COMPANY AND HOW TO CONTACT US?
Our company
Data OD Ltd, is a UK registered company. We are also known as DoD, Data OD and we trade as ‘Data On Demand.’
Our trading address is Data On Demand, Platform, New Station Street, Leeds, LS1 4JB.
Our registered office address is Data OD Ltd, C/O Ground Floor St Pauls House, 23 Park Square, Leeds, West Yorkshire, England, LS1 2ND.
Our registered company number is 10183365.
Data OD is a controller of the personal data covered in this privacy notice and we are duty-bound to ensure the data is processed lawfully.
Our contact details
Please contact us about issues relating to personal data, including the contents of this notice, by any of the following methods:
2. HOW DO WE USE PERSONAL DATA?
This section explains the purposes for which we process personal data. Additional information about the types of personal data that we might use for these purposes can be found in section 3 below.
Providing services to the organisation you may be dealing with
We use your personal data to provide services to the organisation you may be dealing with.
These services might include, for example:
Affordability assessments
For example, where little or no other information is available the data may be shared to assess the ability to repay a loan.
For example, the data may be combined with other data to assess the affordability for a debt repayment plan.
Anti-money laundering checks
For example, the data may be shared and combined with other data about you, to help give confidence that an identity is a valid one.
Asset repatriation
For example, the data may be used to enhance historical data with new data, to allow you to be contacted about assets that need to be returned to you.
Contact information validation
For example, the data may be used to validate that a telephone number is assigned to the correct person.
For example, the data may be used to validate that a person is currently living at an address OR was living at an address over a specified time.
Credit risk and affordability assessments
For example, where little or no other information is known or in combination with other known information, the data may be used in models to assess credit risk and affordability for borrowing money.
For example, where you are servicing credit such as a loan, credit card, store card or a mortgage, the data may be used to flag events, such as loss of a job or an application for a loan for debt consolidation, to identify potential future credit risk and ability to continue with repayments.
Debt tracing services
For example, if you owe money to a company and have moved without telling them, they may use our services to update your contact details so that they can contact you to arrange repayment.
Determining debt portfolio value
For example, the data may be used to match against a historical debt book to enable the debt purchaser to determine the value of the portfolio.
Fraud prevention services
For example, the data may be used to highlight information that is being used wrongfully utilised by another person for the purpose of fraudulent online activity or account opening.
Identity verification services
For example, if you are required to prove your identity to a company, they may check the details you supply against the information we share, to help verify you are who you claim to be.
Pre-pop and form fill
For example, when you register with an online service and you have shared your information, that service may ask you if you would like to use the shared information to pre-populate a form with associated information that is matched to the data you provide when registering for the other service.
Vulnerability assessments
For example, to highlight events such as the loss of employment, a relationship break-up, or the purpose of a loan application to flag new events that may lead to vulnerability, to allow a creditor or organisation to take positive, proactive action to help the consumer avoid further debt or delinquency.
Some of our other related services
For example, the data may be used by law enforcement agencies for the purpose of –
-
Prevention, detection, and investigation of a crime
-
Apprehension and prosecution of offenders
-
To put before a court to obtain a search warrant
-
To prepare a file for the Coroner’s Court
-
To risk assess to safeguard the health and safety of any emergency personnel attending
-
To locate a missing person to ascertain their wellbeing
-
To progress enquiries into a Road Traffic Accident
-
To protect life or property
We may also process your personal data after services have been provided to our clients if, for example, we need to investigate any issues around the data that has been sent to us, stored by us or if we need to restore our systems in the event of a data loss incident.
Product or systems development and testing
We sometimes use personal data while improving, developing, monitoring, maintaining and testing our products and systems. This includes making sure that our security measures are working properly. Where possible, we will anonymise, pseudonymise or aggregate the data before doing this and these tests will take place on a development server before they are implemented in a live environment.
Personal data enquiries and legal/regulatory purposes
If you contact us with questions about your data, including origination, lawful basis for processing or with a complaint we will process the data to provide a response to you.
Your data may be processed for legal and regulatory purposes where we have an obligation to share information, including processing personal data to respond to any enquires from the regulator.
3. WHO SHARES DATA WITH US AND WHAT TYPES OF PERSONAL DATA DO WE PROCESS?
When a client uses our services, they will typically share information with us which includes:
You share data with us, which can include:
We match the information that is shared with us against the information we store to:
4. HOW LONG DO WE RETAIN PERSONAL INFORMATION FOR?
When personal data is shared with us for processing under instruction from a client, we will keep a copy that data for up to 12 months to investigate any data supply or data load issues, restore our systems in the event of a data loss incident, and to investigate and respond to any complaints, claims and enquiries that we may receive from consumers, clients or regulators.
Data that you, the Data Subject, have shared with us, via our data partners, which may be processed for the purposes of affordability assessments, anti-money laundering checks, asset repatriation, contact information validation, credit risk and affordability assessments, debt tracing services, determining debt portfolio value, fraud prevention services, identity verification services, pre-pop and form fill, vulnerability assessments and some of our other related services may be retained for a minimum of six years unless you issue a request to restrict the processing or execute any other legal rights under GDPR to restrict the processing of the data.
5. WHAT IS THE LAWFUL BASIS WE RELY ON FOR PROCESSING PERSONAL DATA?
This section explains the basis on which we process your personal data.
Legitimate interests
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided this is not outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data.
The legitimate interests the data is typically processed for are:
Consumer debt collection and tracing.
To support debt collection and tracing where there is a legitimate interest in conducting such activities to find individuals to recover debts.
Establishing creditworthiness to help to prevent over-indebtedness.
To aid in supporting responsible lending requirements when an individual is entering into a regulated credit agreement.
To aid in carrying out a creditworthiness assessment to ensure that an individual’s total financial liability does not exceed the amount they wish to borrow.
To aid in reducing individuals becoming over-indebted.
Asset repatriation.
To repatriate assets or to confirm an asset relates to the right person so it can be returned to them.
Identifying customer vulnerability.
To support the requirements to identify vulnerable customers to provide the help they need to manage their finances and avoid further debt..
Prevent and detect crime and fraud; anti-money laundering; and identity verification.
To support companies who provide services for identity, anti-fraud and anti-money laundering services to help meet legal and regulatory obligations, and to the benefit of individuals to support identity verification and support of the detection and prevention of fraud and money-laundering.
To support criminal investigations by the Police.
Complying with and supporting compliance with legal and regulatory requirements.
Where the law determines it is necessary, we must comply with various legal and regulatory requirements and our services also help other organisations comply with their own legal and regulatory obligations.
Our use of personal data is subject to an extensive framework of safeguards that help make sure that your rights are protected. These include the information you are given about how your personal data will be used and how you can exercise your rights to obtain your personal data, have it corrected or restricted, object to it being processed, and complain if you are dissatisfied. These safeguards help sustain a fair and appropriate balance so that our activities do not compromise your interests, fundamental rights and freedoms.
Necessity for compliance with a legal obligation
We sometimes need to use your personal data to comply with a legal obligation that we are under. For example, if you submit a request to us for a copy of your personal data, either directly or through a third party that you have authorised to act on your behalf, we will normally be legally required to provide that personal data. See section 9 below for details of what requests you can make and how to make them.
6. WHO DO WE SHARE THE PERSONAL DATA WITH?
Our clients and reseller partners.
We share personal data with our clients for the purposes described in section 2 above. Our clients will each have their own privacy notices which will provide more information about how they (specifically) use the data we supply.
Our clients typically operate in the following sectors:
In some cases, our clients may appoint an intermediary to act on their behalf; these intermediaries will often receive the data too. We also appoint data reseller partners who will distribute data to their clients in a similar manner to the ways we do.
Group companies
Data OD Ltd group companies
Specific companies
LexisNexis Risk Solutions UK Ltd, Global Reach, Dunleavy Drive, Cardiff, CF11 0SN
Service providers
We may provide your information to third parties who help us use it for the purposes described in section 2. For example, our databases of personal data may be hosted by third parties on our behalf.
More detail is provided below in respect of our key service providers.
These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.
Data Subjects
You, the Data Subject, are entitled to obtain copies of the personal data that we hold about you. You can find out how to do this in section 9 below.
Business transfers
If we sell our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.
Regulators and law enforcement
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if required by law, or if required for the legal protection of our legitimate interests in compliance with applicable laws. For example, we may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office.
7. WHERE DO WE STORE PERSONAL DATA AND WHERE IS IT SENT?
Within the United Kingdom
We are based in the United Kingdom and will access and use your information from here.
We may also send personal data to some of our service providers who have operations within the European Union.
Elsewhere
We also send information elsewhere in the world. For example:
Where we use cloud-based technology or a data centre or backup facility overseas. People in other countries may also need to access that database for purposes such as technical support or system development and testing.
Where our service providers have operations outside the European Union (see the table at section 6 above).
While the UK and countries within the European Union all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:
Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection.
Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection.
If your information has been sent overseas like this, you can obtain further information about the safeguards used by contacting us using the details set out in section 1 above.
8. DATA PROFILING AND DECISION MAKING.
Decisions
In almost all cases, we do not use your personal data to make automated decisions about you or to profile you.
We provide data that may help our clients make decisions about lending and other matters (such as preventing fraud or protecting consumers), but our clients’ own data, knowledge, processes and practices will also generally play a significant role in their decisions – and those decisions will always be for them to make.
For example, when we sell our services to credit or loan providers, we do not decide whether you should be granted credit or a loan – this is for the lender to decide. Similarly, where we provide information to gambling companies, we do this to help them protect vulnerable consumers or those at risk of becoming over-indebted.
However, they will ultimately decide how to act upon that information, considering their legal and regulatory obligations.
9. WHAT ARE YOUR RIGHTS?
You have several different rights in relation to the personal data that we hold about you. These are described in the tables below.
10. WHOM YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA.
We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us using these details:
Post: Compliance Team, Data OD Ltd, Platform, New Station Street, Leeds, LS1 4JB.
Email: myinfo@dataondemand.co.uk
Telephone: +44(0)113 4 266550
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk or by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.