Last Updated: 10 October 2023
Personal information we collect
Information you provide to us. Personal information you may provide to us through the Services or otherwise includes:
- Account and profile data. If we contact you regarding an outstanding balance, you can create an account with us and complete your profile with information such as your first and last name, gender, data of birth, email address, password, address and phone number.
- Contact data and communications. If you contact us with questions or feedback in relation to our Services, or otherwise interact with us through our website, via live chat, email, phone or otherwise, we collect your contact information and the content of your communications and messages.
- Debt and financial information. You may provide us with information about your debt(s) and your financial situation such as on your outstanding balance, who you owe a debt to, details about your payment plan, and information about your income and expenses for affordability purposes.
- Payment information. If you make a payment through our Services, we collect information on your payment, such as the amount paid and your payment method. We rely on Stripe as our payment processor and we do not have direct access to your credit card information.
- Benefits information. If you use the benefits calculator on our website to understand your benefit entitlements, you may provide us with information such as whether you are living with a partner, how many children live in your household, your housing situation and your household’s income after deductions.
- Marketing data. We collect your preferences for receiving our marketing communications, and details about your engagement with them.
Third party sources. We may combine personal information we receive from you with information we obtain from other sources, such as:
- Clients. If you are a Customer, we receive information about your debt(s) and your financial situation from our Client, such as on your outstanding balance, financial information, details about your payment plan, any conversation history and information about your income.
Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with the Services, our communications and other online services. In particular, we collect information about how you use and interact with the Services, to estimate what day and time is the most convenient to contact you. The information we automatically collect includes:
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G).
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.
How we use personal information
We use your personal information for the following purposes or as otherwise described at the time of collection:
Providing our Services. We use personal information to operate, maintain, and provide Clients and Customers with our Services, including to process payments by Customers. In particular, we use personal information to perform our contractual obligations under our Terms of Service and under our Debt Resolutions Services Agreement.
Communicating with you about our Services. It is in our legitimate business interests to use personal information to reach out to Customers to resolve unpaid debt, to respond to requests, provide support, and communicate about our Services, including by sending announcements, updates, security alerts and support and administrative messages.
Improving, monitoring, personalising, and protecting our Services. It is in our legitimate business interests to improve and keep our Services safe, which includes:
- Optimising the means and timing for communicating with you;
- understanding your needs and interests, and personalising your experience with the Services and our communications;
- troubleshooting, testing and research and to keep the Services secure; and
- investigating and protecting against fraudulent, harmful, unauthorised or illegal activity.
Research and development. We may use personal information for research and development purposes in our legitimate business interests, including to analyze and improve the Services and our business. As part of these activities, we may create or use aggregated, de-identified or other anonymized data from personal information we collect. We make personal information into anonymized data by removing information that makes the data personally identifiable to you. We may use this anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.
Marketing. We and our service providers may collect and use personal information for direct marketing purposes. We may send you direct marketing communications as permitted by law, including by email. You may opt-out of our marketing communications as described in the Opt-out of marketing communications section below. Except where consent is required, we undertake such marketing and advertising on the basis of our legitimate business interests. Where we seek your consent, you may withdraw your consent at any time.
Compliance and protection. We may use personal information to comply with legal obligations, and it is in our legitimate business interests to use your personal information to defend ourselves against legal claims or disputes, including to:
- protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
- audit our internal processes for compliance with legal and contractual requirements and internal policies;
- enforce the terms and conditions that govern the Services;
- prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; and
- comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
How we share personal information
Clients. We share information about our interactions with you, your debt, payment plan and your financial situation with Clients you have outstanding debt with.
Credit reference agencies. We share information with credit reference agencies.
Service providers. We share personal information with companies and individuals that provide services on our behalf or help us operate the Services or our business (such as hosting e.g. AWS, information technology, customer support e.g. Front, email delivery e.g. Sendgrid, and website analytics services e.g. Thoughtspot).
Professional advisors. We share personal information with professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. We share personal information with law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
Business transferees. We may share personal information with acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Ophelos or our affiliates (including, in connection with a bankruptcy or similar proceedings).
Privacy rights and choices
Opt out of marketing communications. You may opt out of marketing-related communications by following the opt-out or unsubscribe instructions contained in the marketing communication we send you or by contacting us at email@example.com or as provided in the How to Contact Us section below. You may continue to receive services-related and other non-marketing emails.
Personal information requests. We also offer you choices that affect how we handle the personal information that we control. Depending on your location and the nature of your interactions with our Services, you may request the following in relation to personal information:
- Access to a copy of the personal information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
- Correction of personal information that is inaccurate or out of date.
- Deletion of personal information that we no longer need to provide the Services or for other lawful purposes.
- Additional rights, such as to object to and request that we restrict our use of personal information.
To make a request, please email us or write to us as provided in the “How to Contact Us” section below. We may ask for specific information from you to help us confirm your identity.
Limits on your privacy rights and choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the “How to Contact Us” section below.
Right to complain. Depending on where you reside, such as if you reside in the European Economic Area or United Kingdom, you may have the right to complain to a data protection regulator where you live or work, or where you feel a violation has occurred. Click here to find your local supervisory authority.
Other sites and services
The Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect, including 2048-bit end-to-end encryption of our databases and adopting a secure protocol. Any personal information collected by us is only accessible by a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality. If and when we use sub-processors to store your personal information, we will ensure such processors have implemented adequate measures to protect your personal information. However, unfortunately no transmission of data over the internet is guaranteed to be completely secure. While we strive to protect your personal information, we cannot ensure or warrant the security of any personal information you transmit to us. Any such transmission is done at your own risk.
International data transfer
You will provide personal information directly to us in the United Kingdom, where we will process your personal information. We may also transfer personal information to our affiliates and service providers in other jurisdictions, including the United States. Please note that such jurisdictions may not provide the same protections as the data protection laws in your home country.
When we engage in cross-border data transfers, we will ensure that relevant safeguards are in place to afford adequate protection for personal information and we will comply with applicable data protection laws, in particular by relying on an EU Commission or UK government adequacy decision or on contractual protections for the transfer of personal information. For more information about how we transfer personal information internationally, please contact us as set out in the “How to Contact Us” section below.
The Services are not intended for use by children under 18 years of age. If we learn that we have collected personal information through the Services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.The Services are not intended for use by children under 18 years of age. If we learn that we have collected personal information through the Services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.
Retention of personal information
Where required under applicable laws, we retain personal information only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws and regulatory obligations or until you withdraw your consent (where applicable).
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we use personal information and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.
How to contact us
Contact us. If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, please contact us by email at firstname.lastname@example.org or by writing to us at:
9th Floor, 107 Cheapside, London, EC2V 6DN.
You can also contact our DPO officer at email@example.com, or by writing at 9th floor, 9 Appold St, London EC2A 2AP.