1 Introduction


This Privacy Policy sets out how we process your personal data when we control the processing for instance conducting debt collection. For some of our services, we merely act as a data processor and process your personal data on our client’s instructions.
Personal data is defined as that belonging to any individual (including a sole trader business).
We may process personal data about you in different ways and different situations, depending on if you are a client or a customer. Regardless of situation, we will never sell, commercialise or use your personal data in violation of applicable data protection laws.
Tag Security Recovery Limited respects your privacy, regardless of if we process your personal data on our own or on other parties’ behalf. It is important for us that you understand what personal data we process about you, why we do it and what your rights are. This Privacy Policy will give you more information on the processing of your personal data by Tag Security Recovery Limited .
If you want to notify us of a personal data breach or send us a request regarding your data subject rights, please contact our data protection officer.
Policy
This policy refers to our processing of your personal data.
2.1 – Why have we access to and process your data?

We will only process your personal data if we have a legal ground to do so. k if I
We have a legal obligation to provide your personal data when we are audited by the authorities and to prevent, monitor and evidence fraud, anti-money laundering and other government interference gby gu criminal activities. Your data will be held securely in compliance with data protection legislation.
2.2 What personal data are you processing about me and why?


We hold necessary information for the management of the contractual or business relationship. To be able to communicate with you and to ensure safe and true identification we need your name, job title and contact details such as address, telephone number and email. To discuss any indebtedness to our clients, we require certain debt information. We have a legal obligation to provide your personal data when we are audited by the authorities and to prevent, monitor and evidence fraud, anti-money laundering and other criminal activities.
2.3 – Will you share my personal data with others?


We may share personal data with our suppliers that facilitate and/or provide parts of our services, e.g. solicitors, process servers and legal representatives. We may also share personal data with our clients.
Our employees will have access to the personal data. In such a case, access will be granted only if necessary for the purposes described and only if the employee is bound by an obligation of confidentiality.
2.4 – Will my personal data be transferred to another country?


In order to execute our responsibilities to our clients, we may transfer data to another country. If we do, we will ensure there are suitable safeguards in place to comply with EU General Data Protection Regulation (GDPR).
2.5 – How long do you store my personal data?


We will retain your data as long as required for the lawful purpose for which it was obtained, as long as we have legitimate interest to keep it e.g. until termination of our agreement and/or the statue barring period is due to be able to defend ourselves against legal claims. We are also legally obliged to keep your personal data for a period of time to prevent and detect fraud, detect and evidence anti-money laundering and for financial audits.
As far as our backups are concerned, we will also delete your data in our backups, but only if and when the back-up tape comes up for restore, according to our backup policy. If the backup comes up for deletion as per back up policy, we will fully delete your data.
2.6 – Will I be subject to automated decision-making?


We will not use your personal data for automated decision-making.
Your rights
It is important you understand that it is your personal data that we process and that we want you to be comfortable with us doing so. Even if we do not need your permission to process your personal data, you have many rights in relation to the processing of your personal data.
3.1 – Right to access –

You may request information on how we process your personal data, including information on:
– Why we process your personal data
– What categories of personal data we process
– Who we share your personal data with
– How long we store your personal data or the criteria for determining this period
– What rights you have
– From where we have received your personal data (if we have not received it from you)
– If the processing includes automatic decision making (so-called profiling)
– If your personal data has been transferred to a country outside of the EEA, how we ensure the protection of your personal data.
You may also request a copy of the personal data we process about you. However, additional copies will be combined with a fee.
3.2 – Right to correction

It is important that we have the right information about you and urge you to let us know if any of your personal data is incorrect, e.g. if you have changed your name or moved.
3.3 – Right to be forgotten

If we process your personal data in an unlawful way, for example if we process your personal data longer than necessary or for no reason, you may ask us to delete this information.
3.4 – Right to restriction

From the time you have requested we correct your personal data or if you have objected to the processing and until we have been able to investigate the issue or confirm the accuracy of your personal data (or changed it in accordance with your instructions), you are entitled to restrict processing.This means that we (except for storing the personal data) may process your personal data only in accordance with your consent, if necessary with reference to legal claims, to protect someone else’s rights or if there is an important public interest in the processing. You may also request that we restrict the processing of your personal data if the processing is unlawful but you do not want us to delete the personal data.
3.5 – Right to objection

If you believe that we do not have the right to process your personal data, you may object to our processing. In such cases, we may continue processing only if we can show compelling justifying reasons that out-weigh your interests, rights and freedoms. However, we may always process your personal data if it is required for the determination, exercise or defense of legal claims.
3.6 – Right to data portability

You may request to have your personal data that you have provided to us for processing based on consent or to fulfil a contract, provided to you in a structured, widely used and machine-readable format. You also have the right to request to transfer that information to another data controller.
3.7- Withdrawal of consent

Tag Security Recovery Limited does not base its processing upon consent.
Complaints and queries

If you wish to raise a complaint about how we handle your personal data, including in relation to any of the rights outlined above, you can contact our Data Protection Officer and we will investigate your concerns. Our data protection officer is Grant Murray.
If you are not satisfied with our response, or believe we are processing your data unfairly or unlawfully, you can complain to the Information Commissioner’s Office.
If you have any further questions on how we process your personal data you may contact us through our Data Protection Officer.
List of sub-processors
Your data may be shared, when necessary, with other parties involved in the collections, legal or tracing process:
1. CW Harwood & Co Ltd – solicitors practice.
2. MTA Solicitors LLP
3. Grosvenor Investigations & Security Services Ltd – process server
4. Call credit Information Group (Retriever) – tracing agents
5. HM Courts & Tribunals Service – HM Land Registry
6. LexisNexis Risk Solutions UK Ltd (Compliance product)
7. CGDM Ltd – High Court Enforcement Officers
8. DocuSign Inc – digital document signing platform
9. Dattabarracks – data backup service
10. Nexum Software Ltd – system software provider