By ‘We’ or ‘Us’, we mean ACL Consultancy Limited (“ACL Consultancy”). By “You” we mean the customer or individual who has accessed our service. We are Registered in England and Wales. Registered Address: ACL Consultancy Ltd The Old Carnegie Library, 361 Ormskirk Road, Wigan, Lanchashire, England, WN5 9AE. Company Number: 07865881.
1. WHAT IS THE PURPOSE OF THIS PRIVACY NOTICE?
This website has not been designed for use by children. We do not knowingly collect data relating to children.
2. WHO IS THE DATA CONTROLLER?
We, ‘ACL CONSULTANCY LIMITED” is the controller and is responsible for your personal information.
We are not required to appoint a Data Protection Officer (DPO). If you have any questions relating to this privacy notice, including any requests to exercise your legal rights (as explained in section 14), please use the below contact information.
3. HOW CAN YOU CONTACT US?
Full name of Legal Entity: ACL CONSULTANCY LIMITED
The Old Carnegie Library,
361 Ormskirk Road,
Telephone Number: 0800 001 6677.
Email: Fill out one of the forms on our Contact Us Page and someone will be in touch.
4. YOUR RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
6. WHAT INFORMATION DO WE COLLECT FROM YOU?
How is Personal Data/Information defined?
Personal Data or Personal Information can be defined as “Any information about an individual from which that person can be identified” This does not include data where the identity has been anonymised.
Under GDPR we will only collect information that is specified, explicit and legitimate for the purposes required. This means the data we collect must be adequate, relevant and limited to the requirements of the service.
We may collect, use, store and transfer different kinds of personal information about you. These are detailed as possible:
- Identity Data: First name, last name, maiden name, marital status, date of birth and gender.
- Contact Data: Current address, previous addresses and post codes, email address and telephone number.
- Financial Data: Lender details, types of account, account history and account numbers relating to your claim. To specify, claims data refers to data collated for the purpose of your claim. A claim engaged with our service covers Payment Protection Insurance (PPI) and/or Packaged Bank Accounts (PBA).
- Claims Related Data: Includes, information provided by yourself for the purposes of investigating your mis-selling and/or breach claim.
- Transaction Data: Includes, payments made through our website, details of products and services you have engaged us for.
- Technical Data: Internet Protocol (IP) address, browser type and version, timer zone setting and location, browser plug-in types and versions, operating systems and platform and other technology on devices you use to access the website.
- Profile Data: Includes, your username and password (for claim updates), understanding the services you’ve engaged, your interests, preferences, feedback and analysing the data you have provided as part of the service to improve our services, marketing, customer relationships and experiences.
- Usage Data: Information about how you use our website, products and services.
- Marketing and Communications Data: This includes your preferences in receiving marketing from us and any third parties, as well as your communication preferences.
We collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
Special Categories of Personal Data
If we identify that you are a vulnerable customer, we may collect data relating to your health to ensure we can tailor and adjust our service to your needs and circumstances. We will obtain your consent to obtain and store this data for the sole purpose of delivering our service.
We do not collect any other Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you do not provide Personal Data?
Where we need to collect personal data by law, or under the terms of a contract we have entered with you and you fail to provide the data when requested, we may not be able to perform the contract as the service expects (for example, to provide you with goods or services). In this case, we may have to cancel the service you have entered into with us. As is your right to be informed, we will notify you of any chance or cancellation deemed necessary.
7. HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We have different methods of collecting data from and about you, including via:
- Direct Interactions:
You may provide us with your Identity, contact and financial data by completing online forms or by corresponding directly with us via post, phone, email or otherwise. This includes personal data you provide when you:
- Engage our products and services;
- Provide us with feedback; or
- Request marketing to be sent to you
- Automated Technologies or interactions
As you interact with our website, we may automatically collect Technical Data about your equipment, browsing patterns and actions. This will be collated after acceptance of ‘cookie’ and other similar technologies. Please refer to our Cookies Policy for further information.
- Third Parties or publicly available sources
We may receive personal data about you from various third parties as set out below:
- Technical Data from analytics providers such as Google based outside the EU;
- Identity and Contact Data from lead operators working on our behalf based inside the EU. These complete native marketing which directs consumers to our website.
- Identity and Contact Data from publicly availably sources such as Companies House, Electoral Register and Credit Checks based inside the EU.
8. HOW DO WE USE YOUR PERSONAL INFORMATION?
We will only use your personal information/data should the law allow it. Most commonly, we will use your personal data under the following circumstances. These are also known as the ‘Legal Basis for Processing’, they are as follows:
- Where we need to perform a contract, we are about to enter into or have entered into.
- Where it is necessary for our legitimate interests, taking into consideration your interests and fundamental rights, as to ensure we do not override such interests.
- Where we need to comply with legal or regulatory obligations.
9. PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please Contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer||(a) Identity
|Performance of a contract with you|
|To process and deliver your service to you including:
(a) investigating your claim
(b) making requests to financial institutions on your behalf
(c) making an introduction to a solicitor to process your claim
(d) Claims Related
(e) Marketing and Communications
Performance of a contract with you
|To manage our relationship with you which will include:
(b) Asking you to leave a review or take a customer satisfaction survey
(d) Marketing and Communications
|(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity
(e) Marketing and Communications
|Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||(a) Technical
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||(a) Identity
Necessary for our legitimate interests (to develop our products/services and grow our business)
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. You can ask us to stop sending you marketing messages at any time by Contacting us at any time to amend your preferences, methods of contact and products/services you wish to hear about.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and, in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal data with any company for marketing purposes.
You can opt-out of third-party marketing at any point. Please contact us via the information contained within Section 3.
A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit a website. Cookies are used by many websites and can do a number of things such as remembering your preferences, recording what you have put in your shopping basket, and counting the volume of people accessing the website.
10. DISCLOSURE OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above. These companies will not use your information to contact you. Selected third parties will be subject to obligations to process your personal information in compliance with the same safeguards that we deploy.
We may need to disclose your information to any one of the following:
- HM Revenue & Customs, Regulators (Claims Management Regulator, Information Commissioner’s Office, Financial Conduct Authority), and other authorities acting as processors based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Accountants, Solicitors, Compliance Consultants and other like-services acting as processors based in the United Kingdom who require the reporting of processing activities in certain legal and compliance circumstances.
Please note we will never knowingly allow third-party service providers to use your personal data for their own purposes and only permit them to process your data for specified purposes and in accordance with our strict instruction, of which is contractually cemented.
‘We’, ‘ACL Consultancy Limited’, shall not sell, distribute or lease your information to third parties unless we have the appropriate permission to do, or are required by law. We will gather specific consent from you before sending any form of direct marketing.
11. INTERNATIONAL TRANSFERS
We do not transfer your personal data outside the European Economic Area (EEA).
12. DATA SECURITY
We, ‘ACL Consultancy Limited’, are committed to ensuring your information is safe and secure. In order to prevent unauthorised access or disclosure, we have developed, implemented and maintained suitable physical, electronic and managerial procedures to safeguard and secure the information collected online. We wish for our customers to be completely confident in using our services, therefore we regularly review our processes and procedures to protect your personal information from unauthorised access, use, accidental loss, destruction or disclosure.
13. DATA RETENTION
How long will we hold your personal data?
We will only retain your personal data for as long as is necessary to fulfil our obligations under the provision of our service as well as any purposes necessary to satisfy any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk, of harm of unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, including applicable legal requirements.
Details of retention periods for different aspects of your personal data are available upon request. Please see Section 3. By law we have to keep certain information about our customers and this data will be held solely and securely for those legal purposes.
In some circumstances you can ask us to delete your data under the ‘Right to Request Erasure’ (please see Section 14 for further information. However, an erasure request may be partially declined. In the event a complaint has been made, coupled with an erasure request, we will maintain records relating to the complaint, including basic information such as name, and telephone name. In the event that you do not wish to be contacted by us, we are required to maintain a log of this request, withholding applicable data to ensure we no longer contact you further.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
14. YOUR LEGAL RIGHTS
In accordance with GDPR, you, in your capacity as a consumer and citizen you are entitled to a range of specific DATA SUBJECT RIGHTS that you may exercise under particular conditions, with a few exceptions.
|Your Right to ACCESS||The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps you to understand how and why we are using your data, and to check we are using it lawfully.|
|Your right to RECTIFICATION||You have the right to have inaccurate personal data rectified. You may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.|
|Your right to ERASURE||Under certain circumstances you have the have the right to have personal data erased. Also known as ‘The right to be forgotten’. The right is not absolute.|
|Your right to RESTRICT PROCESSING||Under certain circumstances you have the right to request the restriction or suppression of your personal data, and as like the right to erasure, it is not absolute. Restriction of processing means we are permitted to store your personal data, we are unable to use it.|
|Your right to DATA PORTABILITY||You have the right to obtain and reuse your personal data for your own purposes across different services. This eases the copying or transferring of personal data easily from one IT environment to another, safely and security, without affecting the usability of the data.|
|Your right to OBJECT||Under certain circumstances you have the right to object to the processing of your personal data, however you do have the absolute right to object to direct marketing.|
|Your right to be INFORMED||You have the right to be informed about the collection and use of your personal data. Your right to be informed forms part of this policy, and provides the purposes for processing your data, our retention periods and who it will be shared with.|
15. SUBJECT ACCESS REQUESTS (SARs)
You have the right of access to your personal information. Also known as a Subject Access Request (SAR). This means you are entitled to obtain the following information about yourself:
- Confirmation that we are processing their personal data;
- A copy of their personal data; and
- Other supplementary information;
A third party may make a request on your behalf. This will often involve a solicitor acting on your behalf. We will require evidence from the third party as to evidence this entitlement. This may take the form of a written authority or be a more general power of attorney.
How do we provide you with the data you have requested?
If you make a request electronically (via electronic means), we will provide the information in a commonly used electronic format unless you have specified otherwise. Please note, we may extend the time to respond by a further two months if the request is complex or you have made multiple requests. As you have the right to be informed, we will always ensure you are notified within one month of receiving the request, accompanied by an explanation.
How Long do we have to comply with a request?
We must act on your subject access request without undue delay and at the latest within one month of receipt. This is calculated as beginning from the day following receipt of the request until the corresponding calendar data the following month. We may request your identity to satisfy the request, however this will be proportionate to the request itself and if we have doubts of the authenticity of identification.
Will it cost you anything?
For the vast majority of requests, we cannot charge you a fee. Where the request is manifestly unfounded or excessive we may charge a reasonable fee to cover the administrative costs of complying with the request. This also applies in the event that you request further additional copies of data following your initial request. This will again be charged as an administrative cost.