Global Privacy Policy - Worldwide

Last Updated: 10 October 2023

Introduction

This privacy policy (“Privacy Policy”) describes the privacy practices of Ophelos Ltd and our subsidiaries and affiliates (collectively, “Ophelos”, “we”, “us”, or “our”) and how we handle personal information that we collect through our website at www.ophelos.com and in the context of the debt collection services (collectively, the “Services”) we provide to business clients (the “Clients”) who mandate us to reach out to customers (the “Customers”) to resolve an unpaid debt. This Privacy Policy describes how we process personal information from Clients, Customers and other business contacts such as suppliers and business partners.

Personal information we collect

Information you provide to us. Personal information you may provide to us through the Services or otherwise includes:

  • Account and profile data. If we contact you regarding an outstanding balance, you can create an account with us and complete your profile with information such as your first and last name, gender, data of birth, email address, password, address and phone number.
  • Contact data and communications. If you contact us with questions or feedback in relation to our Services, or otherwise interact with us through our website, via live chat, email, phone or otherwise, we collect your contact information and the content of your communications and messages.
  • Debt and financial information. You may provide us with information about your debt(s) and your financial situation such as on your outstanding balance, who you owe a debt to, details about your payment plan, and information about your income and expenses for affordability purposes.
  • Payment information. If you make a payment through our Services, we collect information on your payment, such as the amount paid and your payment method. We rely on Stripe as our payment processor and we do not have direct access to your credit card information.
  • Benefits information. If you use the benefits calculator on our website to understand your benefit entitlements, you may provide us with information such as whether you are living with a partner, how many children live in your household, your housing situation and your household’s income after deductions.
  • Marketing data. We collect your preferences for receiving our marketing communications, and details about your engagement with them.

Third party sources. We may combine personal information we receive from you with information we obtain from other sources, such as:

  • Credit reference agencies. We may receive personal information from credit reference agencies like TransUnion. TransUnion is a credit reference agency authorised and regulated by the Financial Conduct Authority. Information on how TransUnion handles personal information can be found in their Privacy Policy.
  • Clients. If you are a Customer, we receive information about your debt(s) and your financial situation from our Client, such as on your outstanding balance, financial information, details about your payment plan, any conversation history and information about your income.
  • Customers. Customers may provide us with personal information on connected third parties which have indicated that they wish to help with debt advice services or about other third parties. If you provide us with information on a third party, please ensure they have read this Privacy Policy.
  • Third party data providers. We may obtain personal information about you from third parties like Data on Demand. Information on how Data on Demand handles personal information can be found in their Privacy Policy.

Automatic data collection. We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with the Services, our communications and other online services. In particular, we collect information about how you use and interact with the Services, to estimate what day and time is the most convenient to contact you. The information we automatically collect includes:

  • Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G).
  • Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.

We collect this information using cookies and other similar technologies. For more information, please visit our Cookie Policy. “

How we use personal information

We use your personal information for the following purposes or as otherwise described at the time of collection:

Providing our Services. We use personal information to operate, maintain, and provide Clients and Customers with our Services, including to process payments by Customers. In particular, we use personal information to perform our contractual obligations under our Terms of Service and under our Debt Resolutions Services Agreement.

Communicating with you about our Services. It is in our legitimate business interests to use personal information to reach out to Customers to resolve unpaid debt, to respond to requests, provide support, and communicate about our Services, including by sending announcements, updates, security alerts and support and administrative messages.

Improving, monitoring, personalising, and protecting our Services. It is in our legitimate business interests to improve and keep our Services safe, which includes:

  • Optimising the means and timing for communicating with you;
  • understanding your needs and interests, and personalising your experience with the Services and our communications;
  • troubleshooting, testing and research and to keep the Services secure; and
  • investigating and protecting against fraudulent, harmful, unauthorised or illegal activity.

Research and development. We may use personal information for research and development purposes in our legitimate business interests, including to analyze and improve the Services and our business. As part of these activities, we may create or use aggregated, de-identified or other anonymized data from personal information we collect. We make personal information into anonymized data by removing information that makes the data personally identifiable to you. We may use this anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.

Marketing. We and our service providers may collect and use personal information for direct marketing purposes. We may send you direct marketing communications as permitted by law, including by email. You may opt-out of our marketing communications as described in the Opt-out of marketing communications section below. Except where consent is required, we undertake such marketing and advertising on the basis of our legitimate business interests. Where we seek your consent, you may withdraw your consent at any time.

Compliance and protection. We may use personal information to comply with legal obligations, and it is in our legitimate business interests to use your personal information to defend ourselves against legal claims or disputes, including to:

  • protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
  • audit our internal processes for compliance with legal and contractual requirements and internal policies;
  • enforce the terms and conditions that govern the Services;
  • prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft; and
  • comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.

How we share personal information

We may share your personal information with the following parties and as otherwise described in this Privacy Policy or at the time of collection:

Clients. We share information about our interactions with you, your debt, payment plan and your financial situation with Clients you have outstanding debt with.

Credit reference agencies. We share information with credit reference agencies.

Affiliates. We may share personal information with our corporate parent, subsidiaries, and affiliates, for purposes consistent with this Privacy Policy.

Service providers. We share personal information with companies and individuals that provide services on our behalf or help us operate the Services or our business (such as hosting e.g. AWS, information technology, customer support e.g. Front, email delivery e.g. Sendgrid, and website analytics services e.g. Thoughtspot).

Professional advisors. We share personal information with professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Authorities and others. We share personal information with law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.

Business transferees. We may share personal information with acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Ophelos or our affiliates (including, in connection with a bankruptcy or similar proceedings).

Privacy rights and choices

Opt out of marketing communications. You may opt out of marketing-related communications by following the opt-out or unsubscribe instructions contained in the marketing communication we send you or by contacting us at communication@ophelos.com or as provided in the How to Contact Us section below. You may continue to receive services-related and other non-marketing emails.

Online tracking opt out. You can opt out of third-party cookies as described in our Cookie Policy.

Personal information requests. We also offer you choices that affect how we handle the personal information that we control. Depending on your location and the nature of your interactions with our Services, you may request the following in relation to personal information:

  • Information about how we have collected and used personal information. We have made this information available to you without having to request it by including it in this Privacy Policy.
  • Access to a copy of the personal information that we have collected about you. Where applicable, we will provide the information in a portable, machine-readable, readily usable format.
  • Correction of personal information that is inaccurate or out of date.
  • Deletion of personal information that we no longer need to provide the Services or for other lawful purposes.
  • Additional rights, such as to object to and request that we restrict our use of personal information.

To make a request, please email us or write to us as provided in the “How to Contact Us” section below. We may ask for specific information from you to help us confirm your identity.

Limits on your privacy rights and choices. In some instances, your choices may be limited, such as where fulfilling your request would impair the rights of others, our ability to provide a service you have requested, or our ability to comply with our legal obligations and enforce our legal rights. If you are not satisfied with how we address your request, you may submit a complaint by contacting us as provided in the “How to Contact Us” section below.

Right to complain. Depending on where you reside, such as if you reside in the European Economic Area or United Kingdom, you may have the right to complain to a data protection regulator where you live or work, or where you feel a violation has occurred. Click here to find your local supervisory authority.

Other sites and services

The Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions.

Security

We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect, including 2048-bit end-to-end encryption of our databases and adopting a secure protocol. Any personal information collected by us is only accessible by a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality. If and when we use sub-processors to store your personal information, we will ensure such processors have implemented adequate measures to protect your personal information. However, unfortunately no transmission of data over the internet is guaranteed to be completely secure. While we strive to protect your personal information, we cannot ensure or warrant the security of any personal information you transmit to us. Any such transmission is done at your own risk.

International data transfer

You will provide personal information directly to us in the United Kingdom, where we will process your personal information. We may also transfer personal information to our affiliates and service providers in other jurisdictions, including the United States. Please note that such jurisdictions may not provide the same protections as the data protection laws in your home country.

When we engage in cross-border data transfers, we will ensure that relevant safeguards are in place to afford adequate protection for personal information and we will comply with applicable data protection laws, in particular by relying on an EU Commission or UK government adequacy decision or on contractual protections for the transfer of personal information. For more information about how we transfer personal information internationally, please contact us as set out in the “How to Contact Us” section below.

Children

The Services are not intended for use by children under 18 years of age. If we learn that we have collected personal information through the Services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.The Services are not intended for use by children under 18 years of age. If we learn that we have collected personal information through the Services from a child under 18 without the consent of the child’s parent or guardian as required by law, we will delete it.

Retention of personal information

Where required under applicable laws, we retain personal information only for as long as is necessary to fulfil the purposes for which it was collected and processed, in accordance with our retention policies, and in accordance with applicable laws and regulatory obligations or until you withdraw your consent (where applicable).

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of personal information, the purposes for which we use personal information and whether we can achieve those purposes through other means, and the applicable legal and regulatory requirements.

Changes to this privacy policy

We reserve the right to modify this Privacy Policy at any time. We will post the update Privacy Policy on the website. If we make material changes to this Privacy Policy, we will let you know.

How to contact us

Responsible entity. Ophelos is the entity responsible for the processing of personal information under this Privacy Policy (as a controller, where provided under applicable law).

Contact us. If you have any questions or comments about this Policy, our privacy practices, or if you would like to exercise your rights with respect to your personal information, please contact us by email at contact@ophelos.com or by writing to us at:

8th floor, 9 Appold St, London EC2A 2AP.

You can also contact our DPO officer at dpo@ophelos.com, or by writing at 8th floor, 9 Appold St, London EC2A 2AP.