Last Updated: 10 October 2023
This privacy policy (“Privacy Policy”) describes the privacy practices of Ophelos Ltd and our subsidiaries and affiliates (collectively, “Ophelos”, “we”, “us”, or “our”) and how we handle personal information that we collect through our website at www.ophelos.com and in the context of the debt collection services (collectively, the “Services”) we provide to business clients (the “Clients”) who mandate us to reach out to customers (the “Customers”) to resolve an unpaid debt. This Privacy Policy describes how we process personal information from Clients, Customers and other business contacts such as suppliers and business partners.
Information you provide to us. Personal information you may provide to us through the Services or otherwise includes:
Third party sources. We may combine personal information we receive from you with information we obtain from other sources, such as:
Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with the Services, our communications and other online services. In particular, we collect information about how you use and interact with the Services, to estimate what day and time is the most convenient to contact you. The information we automatically collect includes:
We collect this information using cookies and other similar technologies. For more information, please visit our Cookie Policy. “
We use your personal information for the following purposes or as otherwise described at the time of collection:
Providing our Services. We use personal information to operate, maintain, and provide Clients and Customers with our Services, including to process payments by Customers. In particular, we use personal information to perform our contractual obligations under our Terms of Service and under our Debt Resolutions Services Agreement.
Communicating with you about our Services. It is in our legitimate business interests to use personal information to reach out to Customers to resolve unpaid debt, to respond to requests, provide support, and communicate about our Services, including by sending announcements, updates, security alerts and support and administrative messages.
Improving, monitoring, personalising, and protecting our Services. It is in our legitimate business interests to improve and keep our Services safe, which includes:
Research and development. We may use personal information for research and development purposes in our legitimate business interests, including to analyse and improve the Services and our business. As part of these activities, we may create or use aggregated, de-identified or other anonymised data from personal information we collect. We make personal information into anonymised data by removing information that makes the data personally identifiable to you. We may use this anonymised data and share it with third parties for our lawful business purposes, including to analyse and improve the Services and promote our business.
Marketing. We and our service providers may collect and use personal information for direct marketing purposes. We may send you direct marketing communications as permitted by law, including by email. You may opt-out of our marketing communications as described in the Opt-out of marketing communications section below. Except where consent is required, we undertake such marketing and advertising on the basis of our legitimate business interests. Where we seek your consent, you may withdraw your consent at any time.
Compliance and protection. We may use personal information to comply with legal obligations, and it is in our legitimate business interests to use your personal information to defend ourselves against legal claims or disputes, including to:
We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection:
Clients. We share information about our interactions with you, your debt, payment plan and your financial situation with Clients you have outstanding debt with.
Credit reference agencies. We share information with credit reference agencies.
Affiliates. We may share personal information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.
Service providers. We share personal information with companies and individuals that provide services on our behalf or help us operate the Services or our business (such as hosting e.g. AWS, information technology, customer support e.g. Front, email delivery e.g. Sendgrid, and website analytics services e.g. Thoughtspot).
Professional advisors. We share personal information with professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. We share personal information with law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
Business transferees. We may share personal information with acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganisation, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Ophelos or our affiliates (including, in connection with a bankruptcy or similar proceedings).
Opt out of marketing communications. You may opt out of marketing-related communications by following the opt-out or unsubscribe instructions contained in the marketing communication we send you or by contacting us at communication@ophelos.com or as provided in the How to Contact Us section below. You may continue to receive services-related and other non-marketing emails.
Online tracking opt out. You can opt out of third-party cookies as described in our Cookie Policy.
Personal information requests. We also offer you choices that affect how we handle the personal information that we control. Depending on your location and the nature of your interactions with our Services, you may request the following in relation to personal information:
To make a request, please email us or write to us as provided in the “How to Contact Us” section below. We may ask for specific information from you to help us confirm your identity.
Limits on your privacy rights and choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the “How to Contact Us” section below.
Right to complain. Depending on where you reside, such as if you reside in the European Economic Area or United Kingdom, you may have the right to complain to a data protection regulator where you live or work, or where you feel a violation has occurred. Click here to find your local supervisory authority.
The Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect, including 2048-bit end-to-end encryption of our databases and adopting a secure protocol. Any personal information collected by us is only accessible by a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality. If and when we use sub-processors to store your personal information, we will ensure such processors have implemented adequate measures to protect your personal information. However, unfortunately no transmission of data over the internet is guaranteed to be completely secure. While we strive to protect your personal information, we cannot ensure or warrant the security of any personal information you transmit to us. Any such transmission is done at your own risk.
You will provide personal information directly to us in the United Kingdom, where we will process your personal information. We may also transfer personal information to our affiliates and service providers in other jurisdictions, including the United States. Please note that such jurisdictions may not provide the same protections as the data protection laws in your home country.
When we engage in cross-border data transfers, we will ensure that relevant safeguards are in place to afford adequate protection for personal information and we will comply with applicable data protection laws, in particular by relying on an EU Commission or UK government adequacy decision or on contractual protections for the transfer of personal information. For more information about how we transfer personal information internationally, please contact us as set out in the “How to Contact Us” section below.
The Services are not intended for use by children under 18 years of age. If we learn that we have collected personal information through the Services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.The Services are not intended for use by children under 18 years of age. If we learn that we have collected personal information through the Services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.
Where required under applicable laws, we retain personal information only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws and regulatory obligations or until you withdraw your consent (where applicable).
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of personal information, the purposes for which we use personal information and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.
We reserve the right to modify this Privacy Policy at any time. We will post the update Privacy Policy on the website. If we make material changes to this Privacy Policy, we will let you know.
Responsible entity. Ophelos is the entity responsible for the processing of personal information under this Privacy Policy (as a controller, where provided under applicable law).
Contact us. If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, please contact us by email at contact@ophelos.com or by writing to us at:
Ophelos, 1 Finsbury Avenue, London, EC2M 2PF.
You can also contact our DPO officer at dpo@ophelos.com, or by writing at Ophelos, 1 Finsbury Avenue, London, EC2M 2PF.