General Data Protection Regulations (GDPR)
The General Data Protection Regulations replace the Data Protection Act 1998 on 25th May 2018. All information we collect is stored and used in accordance with GDPR. In accordance with the regulations, we will only collect and retain personal information that is relevant, and we will only keep it for as long as necessary. We ensure all information we have is kept up to date and accurate, and we dispose of all information that we no longer need securely. We will only use the information we collect for the purposes of our work and the needs of our business. We will not disclose information to unauthorised third parties and we will never sell this information under any circumstances. Our Administration Staff and Repossession Field Agents are trained to handle, manage and work with personal information, and will handle your data under strict policy and procedure, and in accordance with Data Protection.
Information relevant to Customers subject to our involvement with them
We will not sell your data and we do not use any automated decision-making or profiling tools.
Who we are and what we do
Ceatta Limited is a Repossession and Debt Recovery company. Our services include repossessions, debt collection, asset recovery, investigations and enquiry activities, execution of court orders, and other related services. The services we perform requires the processing, use and collection of personal information. Our staff who handle, manage, and maintain personal information are trained to do so and are also fully aware and understand their legal and contractual obligations and responsibilities regarding Data Protection.
Why we process, use, obtain, collect and store personal Data
Basic Data - Under the services we provide we are required to process personal data in providing a service to our client. Our Client will share with us your personal data for us to process to carry out their instruction. We call this the Basic Data, our Client is the Controller of this Basic Data. They will have provided you with their contact details and other relevant information relating to the processing of your personal data by us.
Additional Data – When we process the Basic Data we use the information to carry out our client’s instruction. Whilst carrying out the instruction we may also obtain additional personal information about you. It is necessary to record this information and the activity history of the instruction we have carried out; to ensure we maintain accurate up to date records. We are the Controllers of the additional data. Our Contact details are stated further on in this document.
What personal information do we process, use, obtain and store
It is necessary for us to process, use, obtain and store personal information to enable us to carry out our services. Any information will only be necessary and proportionate to enable us to carry out our work.
The basic data will be personally identifiable information including, but not limited to, your name, address, Date of Birth, email address, contact numbers, employment details and also may include photographic ID. We will also be provided with relevant notes, legal documents and/or agreements, our clients asset/vehicle details and details of monies due. We will also be provided with information concerning potential vulnerability and/or sensitive circumstances, for example a recent bereavement. This ensures forbearance and due consideration is being applied to your individual circumstances.
We will obtain and process additional personal data whilst carrying out our client’s instruction. This additional data may include but is not limited to, your up to date contact details (address, contact numbers, employment details), your current circumstances, including financial circumstances and, with your consent, any potential vulnerability or sensitive or mitigating circumstances relevant to you regarding our instruction to act.
How we obtain, collect and store additional information
Data Protection Verification Process
We take data security extremely seriously and ask you to assist in the security of your personal data, when we contact you, and when you contact us. Any information that we ask you to provide is needed in order to identify you to enable us to speak to you. You will be asked to confirm certain information and details which we hold to assist in verification. If you authorise a third party to speak on your behalf, they will also be required to go through a verification process.
Sharing your information
Unless necessary, obligated by law, regulatory requirements or compliance; for example, under Court or Law Enforcement Agency Instruction, the Financial Ombudsman Service or a medical emergency, we will not share your data with anyone other than; our client, whose instruction we are acting under, other associated agents acting under our instruction, and any third party authorised by you.
As part of our work we will share certain relevant information obtained and collected with our client. This information will only be relevant and in accordance with their instruction, it will include updates regarding the carrying out of our instruction and any other relevant information, which will include your updated contact and employment details, if applicable. Our client will process the relevant information we share and record the information on your account held with them. It is necessary to share this information with our Client, especially personal information, such as new address and contact numbers, to enable them to maintain accurate and up to date records, ensuring their compliance with Data Protection regulations.
We will never disclose information to unauthorised third parties.
Please Note: We will disclose information to law enforcement departments in the case of actual, potential, or suspected criminal activity; including but not limited to acts of, or threats of, violence and / or aggression against our employees or others, or where we have a duty or are legally or regulatory obliged to disclose information; for example, financial crime and fraud.
Retention periods for Basic Data and Additional Data – How long we retain data
We retain your data only for as long as is necessary and in line with GDPR and other applicable Acts. Our retention periods are guided by what we deem no longer than necessary and take into account the Limitation Act 1980.
Once our instruction is complete we have the following retention periods in place to either anonymise your data (make it unidentifiable to any individual person(s)) or delete your data;
Anonymisation of live data – Current year plus 3 Years
Deletion of hard copy data – Current year plus 3 Years
Deletion of electronically stored data - Current year plus 6 Years
Body Worn Video data and any data in relation to an incident will be kept indefinitely
Company Data General Information
Lawful Basis for processing personal information
We have lawful basis to process personal data, being;
- We have your consent (if consent is needed)
- We need to process the information due to the data subject being party to contractual obligations.
- We need to process the information to comply with legal obligations
- We need to process the information to exercise official authority under acts of law vested in the Controller
- It is necessary for us to process the information to maintain accurate and up to date records which streamline and evidence the debt recovery and enforcement process for the data subject and our clients.
Other data we process, use, obtain, collect and store
We also process, use, obtain, collect and store information on our clients, potential clients, our current and past employees, job applicants, suppliers, information, feedback and enquiries from customers, clients and others who contact us, information on complainants and other individuals in relation to service complaints or enquiries made.
We will only collect, process, use and store information that is relevant to our services and necessary for Company records, legal obligations and compliance. Some of the information we process, use, collect, store and share is necessary for us to comply with our legal obligations. The information we collect is also used for internal record keeping; maintaining accurate and up to date records, and for improving our services; any feedback we receive is used for management information.
Company information can be in any format including electronic records.
We will only share company data, including employee data, where obligated by law, regulatory requirements, contractual obligations, business administration purposes, insurance purposes, recruitment purposes, audit & compliance purposes or when authorised to do so. We will not sell company data.
We use our best endeavours to protect and safeguard the personal information we hold. Policies and procedures have been implemented to safeguard against unauthorised access, improper use, unlawful loss and unlawful or accidental destruction. We use physical and electronic security measures in our efforts to safeguard all information we collect and hold.
We strive to protect your personal information, but the internet or electronic storage is never a 100% completely secure environment, therefore we cannot guarantee that hackers or unauthorised persons will not gain access to personal information, despite our best efforts.
Different categories of Company information have their own retention periods set by the Company or Law. Retention periods are based on company requirements along with legal requirements and obligations.
Calls to our office
All calls made to our office are recorded for training and quality assurance purposes.
Body Worn Video
For specific purposes and legitimate aims, including but not limited to health and safety and transparency, Staff may use or activate Body Worn Video upon attendances. Any data held will only be accessed by management in certain specific circumstances in line with our specific purposes and legitimate aims of the equipment being deployed. Data will only be disclosed based on circumstances in which disclosure is appropriate and will be controlled and consistent. Disclosure will be at the discretion of Ceatta Limited; the system operator. They have the right to refuse any request for information unless there is an overriding legal obligation. Data will never be disclosed by Ceatta Limited to the media.
Rights of a Data Subject
All data subjects have rights. They have the right to obtain from a controller confirmation as to whether or not personal data concerning them are being processed, and where they are being processed, access to the personal data. They also have the right to rectify and correct any inaccurate or incorrect data, and also withdraw consent at any time, where relevant. In certain circumstances they also have the right to object to the processing of their data, and have their data erased.
Data Subject Rights Requests
You can contact us to make enquiries for further information about exercising any of your rights or to exercise them. Please make all requests in writing. We will respond to a request in accordance with Data Protection law. You will be required to provide proof of your identity, and should you be unable to provide proof, we reserve the right to refuse to disclose.
You can make a complaint to us by any reasonable means; in person, by telephone or in writing. However, we suggest that communication of a complaint is sent to us in writing. This gives you chance to fully consider and then clearly explain a grievance to us, as well as providing all parties with a documented account.
You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office, at https://ico.org.uk
Transfers to third Countries
We do not transfer data outside of the Economic European Union or to Countries not permitted under GDPR.
You can contact us at:
1st Floor, 35 Mandale Road, Thornaby, Stockton-on-Tees, TS17 6AD
Cookies are small text files that are sent to your browser by websites you visit. Cookies are used to help websites store information about your visit, such as preferred settings e.g. language, text size. You can remove or block cookies using your internet browsers settings, however doing so may impact your ability to use our website.
Head Office: 1st Floor, 35 Mandale Road, Thornaby, Stockton-on-Tees, TS17 6AD
Tel: 0333 4567999 (Local Rate) Email: [email protected]
NOTE: Calls to Ceatta may be recorded for security, monitoring and training purposes. Ceatta Limited are legally bound by the Data Protection Act; Data Protection Licence Z1592468. We can only discuss matters with named parties, unless consent to speak to a third party is authorised and granted by the named parties.