Contact Us Pay Now
Pay Now
Close

Group Data Privacy Notice

Bristow and Sutor Group

Data Privacy Notice

The Bristow & Sutor Group (BSG) is made up of three businesses which are inter-related:

  1. Bristow & Sutor (B&S) (bristowsutor.co.uk) is incorporated and registered in England and Wales with company number 01431688 whose registered office is at Bartleet Road, Washford, Redditch, Worcestershire, B98 0FL. Contact number: 0330 390 2010.

B&S is registered at the Information Commissioner’s Office under registration number Z5641725. B&S is registered as a data controller.  There are limited instances where B&S is acting as a data processor.

B&S is an enforcement agency specialising in local authority debt recovery.

  1. Debt Recovery Plus Limited (DRP) (debtrecoveryplus.co.uk) is incorporated and registered in England and Wales with company number 06774150 whose registered address is at 78 York Street, London, W1H 1DP. Contact number: 0208 234 6775.

DRP is registered at the Information Commissioner’s Office under registration number Z1583570.  DRP is registered as a data controller.  There are limited instances where DRP is acting as a data processor.

DRP provides debt collection services in relation to unpaid parking charges to private parking companies which issue Parking Charge Notices.

  1. Credit Style Limited (CSL) (creditstyle.co.uk) is incorporated and registered in England and Wales with company number 06133356 whose registered office is at 5 Rutland Court, 161 Rutland Road, Sheffield S3 9PP. Contact number: 03300 450 650.

CSL is registered at the Information Commissioner’s Office under registration number Z1040109.  CSL is registered as a data controller.  There are limited instances where CSL is acting as a data processor.

CSL provides credit management, debt collection and debt litigation services to business clients.

(Data may be shared with other companies in the Group but only for the purposes described in this Notice.)

This notice explains how the B&S Group complies with the General Data Protection Regulations (GDPR) and the Data Protection Act 2018. You can find our respective client’s details, as well as directions on how to view their Privacy Notice detailing how and why they have processed your personal data on their website or on the original documentation provided to you by our client.

This Privacy Notice relates to the processing of personal information by B&S, DRP and CSL which make up BSG (otherwise stated as “we”, “us” or “our”) and relates to personal information belonging to debtors and people with whom BSG interacts in our debt collection and enforcement activities and members of the public who visit our websites. There are separate Privacy Notices relating to BSG employees, BSG prospective employees and contractors.

  1. Data Protection Principles

BSG will comply with data protection law, which states that the personal information BSG holds about you must be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about.
  • Kept securely.

 

  1. How BSG may collect your personal information and when

Each of our three businesses may collect personal information about you from the following sources:

  • Our client, the creditor, who chose to engage us for the recovery services we offer.
  • Third parties such as credit reference and tracing agencies and other third parties and, in the case of B&S and DRP, from the DVLA under a KADOE (Keeper of Vehicle at the Date of an Event) contract.
  • You when you provide such information when making an enquiry by - including but not limited to- post, phone or e-mail, when you use our automated payment website, telephone payment lines and through discussions with our field agents. This information may include bank account number or numbers, payment card details and a delivery address.
  • Your use of our websites through the use of cookies.
  • You through information you provide to enable us to assess your ability to make payments or the special category information you provide if you claim to be a vulnerable person.
  • Body worn video camera footage and voice recordings (“BWV”) that may evidence a visit by one of our enforcement agents or a visit by you to one of our offices and through voice recordings made during communications with a business contact centre.
  • Any device you may have used to access our services – such as your device’s make, model, browser or IP address – and how you use our services. For example, we may seek to identify which of our apps you use and when and how you use them.

 

  1. Categories of personal information that may be processed

The personal data relating to you that we collect and receive from yourself (or a representative you appoint), and from third parties may include but not be limited to any or all of the following:

Your name, postal address, date of birth, e-mail address or addresses, landline and/or mobile telephone numbers, financial details (including bank account number or numbers, balances, payment card details), information relating to your: employment, profession or state benefits situation, nationality, your health (including any vulnerabilities), residency and property ownership, vehicle registration number, details of how the debt was incurred, your comments during calls or correspondence you have provided to us.

We may combine personal data relating to you that we receive from third party sources with personal data you give to us and personal data we otherwise collect about you.   

  1. The lawful basis on which we may process your personal information

The information that we collect about you will only be used lawfully. The data processing we carry out on behalf of our client is necessary for:

  • the performance of a contract to which the data subject is party. [GDPR Art 6 1(b)].
  • compliance with a legal obligation to which our client and BSG as controllers are subject. [GDPR Art 6 1(c)].
  • the performance of a task carried out in the public interest or in the exercise of official authority vested in our client and BSG as controllers. [GDPR Art 6 1(e)].
  • the legitimate interests of both BSG’s client and BSG to recover an outstanding debt and where we record our interactions with you. [GDPR Art 6 1(f)].
  • the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity. [GDPR Art 9 2(f)].
  • the carrying out of research and production of statistics where BSG partners with a research / trade industry body, such as the Enforcement Conduct Board (“ECB” – an independent oversight body for the debt collection industry), to assist in their carrying out research into our industry. This may involve BSG in sharing pseudonymised then anonymised BWV with a research company instructed by them for analysis.

 

  1. How we may use your personal information

 

All personal data that BSG receives is processed in accordance with this Privacy Notice.

 

We may process the personal information relating to you which we receive from the client and other sources for one or more of the following reasons, as appropriate:

  • To enable us to recover debts owed by you to the client including, for certain types of debts, undertaking enforcement activity using the process contained in Schedule 12 to the Tribunals, Courts and Enforcement Act 2007, and / or the operation of BSG’s debt litigation service, processing of private parking charge appeals on our client’s behalf, recovery of unpaid council tax from your wages in accordance with an attachment of earnings process, the service of arrest warrants, the instruction of insolvency solicitors and High Court Enforcement Officers and the inspection of commercial properties, as appropriate. Where necessary, BSG may also disclose personal data to third party tracing agencies to assist it in locating you and may receive further personal data from such agencies and from you directly.
  • To assess your ability to pay and to consider your vulnerability to ensure you are treated with an appropriate degree of sensitivity. BSG may also process the personal data of members of your household as part of its assessment, as appropriate.
  • To carry out our obligations to our client, which wishes to use the services we offer in line with the terms and conditions of any original parking or other charge.
  • To process contact details provided (address, email and phone) to enable you to have access to your payment account and also to verify or contact you on matters relating to this account.
  • To process and keep a record of all payments made by you.
  • To keep a record of correspondence and agreements made with you, including payment plans that reflect your individual circumstances.
  • To process, for security reasons, the personal data BSG collects from use of CCTV at business premises.
  • To process the personal data BSG collects from its use of Body Worn Video cameras (“BWV”) and the recording of telephone calls with you to:
    • Monitor the performance of BSG’s employees and agents.
    • Share BWV – which will be pseudonymised and then anonymised – with a research company instructed by ECB as part of an ECB research project.
    • Ensure compliance with applicable laws and to be able to respond adequately and fairly in the event that complaints are made against such processing.
  • The use of BWV also discourages abuse and/or violence against our enforcement agents and may be used to provide evidence to investigate and prosecute any such abuse and/or violence.
  • To carry out our obligations to our clients who wish to use the services we offer in line with the terms and conditions of any original agreement that they had with you.

 

  1. With whom we may share your personal data, as appropriate

We will not share your information with third parties outside of BSG except where:

  • We are required to provide additional information to a client who appointed us, or is considering appointing us, to collect an outstanding debt.
  • We have a legal or contractual requirement to do so - for example, meeting our statutory obligations to report to central government.
  • As a data processor, we may use the tracing services of a third party service provider to provide our clients with information before we are instructed for our debt collection services. As a data controller, we may pass your information to a third party service provider for the purposes of completing tasks and providing services on our behalf for our clients. When we use third party service providers, we will disclose only the personal information that is necessary for them to deliver the service.  We will first have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. 
  • It is necessary to do so with a payment processor for processing any online payments, as required.
  • It is necessary to share with the Driver Vehicle Licensing Agency (“DVLA”) the Police and Courts.
  • The Parking On Private Land Appeals (“POPLA”) Service or the Independent Appeals Service (“IAS”) require your information for the purpose of assessing any appeals.
  • It is necessary to share your personal information with the following organisations, including but not limited to: The British Parking Association (“BPA”), The International Parking Community (“IPC”), The Civil Enforcement Association (“CIVEA”), The Traffic Enforcement Centre (“TEC”), The High Court Enforcement Officers Association (“HCEOA”),The Information Commissioner’s Office (“ICO”), The Credit Services Association (“CSA”), The Financial Ombudsman Service (“FOS”), The Solicitor’s Regulation Authority (“SRA”), The Chartered Institute of Legal Executives (“CILEX”) and The Local Government Ombudsman (“LGO”) for the purpose of complaint investigation and resolution.
  • It must be shared with print and mail service providers for the purpose of contacting you by post.
  • Your information is required by email service providers for the purpose of responding to you once you have consented by email.
  • It is necessary to provide your information to credit reference agencies for the purpose of ensuring that we are writing to you at your most recent correspondence address.
  • It is necessary to share with solicitors for the purpose of enforcing a parking contract or responding to a legal query.
  • It is necessary for us to provide it to any duly-authorised sub-contractors with whom we are in contract. We will first ensure that a contract is in place which requires such sub-contractors to keep your information secure and not to use it for their own direct marketing purposes.
  • It is beneficial for pseudonymised then anonymised BWV information to be viewed by a research company instructed by the ECB to undertake research and produce an anonymised report intended to assist in the updating of industry standards and / the implementation of a code of conduct to help improve industry standards leading to better customer experiences.  

BSG does not send or process any personal data outside of the UK and EU.

  1. How we protect your personal information

 

BSG will not retain your information for longer than is necessary for the purposes outlined in this Privacy Notice but for up to 6 years, or more if necessary, in order to protect our position in the event of any legal disputes. This may be extended if disputes are ongoing. All information that you provide to us is stored on secure servers and BSG implement and maintain physical, electronic and procedural measures to protect the privacy of your personal and account data. These measures are reviewed on a regular basis.

We always seek to protect the privacy of your information when you visit our website. If you choose to send personal information to us (i.e. by clicking a Confirm/Send button), the information you supply will be sent and processed in a secure manner.

In addition, BSG limit access to our buildings to those that we believe are entitled to be there (by use of passes, key fob access and other related technologies).  Access controls to our information technology and appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) are in place to safeguard your information across all our computer systems, networks, website, mobile applications and video cameras.

 

You are never asked for your password and we follow the internationally recognised security standard ISO 27001 as well as the Payment Card Industry's Data Security standards (“PCI-DSS”).

 

Your personal information will not be communicated to non-connected third parties (i.e. marketing or advertising companies) except where there is a direct link from this site to an external website and you choose to supply your information independently on those sites. Please observe the Privacy Notice and terms and conditions of external sites you may be directed to from this site. Always remain vigilant when using your personal details on the internet.

 

Special Category / Sensitive Personal Data

You may voluntarily give such Special Category / Sensitive personal data to us by, including but not limited to, telephone calls, letters or emails. This may involve BSG collecting and using such Special Category personal data. We will only use such personal data for debt collection purposes and process such personal data for this purpose.

We only process Special Category personal data relating to health for the sole purpose of carrying out the obligations and exercising the specific rights of our clients. In this process, we pay especial regard to safeguarding the fundamental rights and interests of customers, including equality of opportunity or treatment.  As applies to all data processing, we must have a lawful basis for the processing of Special Category Personal Data - see page 3 item 4 - to comply with the law.

We would only share such Special Category / Sensitive personal data with other internal members of BSG and our respective clients who need to be aware of such information for debt collection purposes only.  

  1. Automated Processing

We currently undertake some automated processing of your personal information to inform our business practices – such as comparing your personal information against trends or other data subjects with similar characteristics.

  1. Your data subject rights under the GDPR

Under the GDPR, data subjects have a number of rights - subject to certain exemptions:

  • The right to be informed: You have the right to be informed. We will inform you of the reason for processing your data when we first contact you.
  • The right of access: You have the right to access the personal information that we hold about you in many circumstances. This is sometimes called a ‘Subject Access Request’. Unless requested otherwise, your personal information will be provided to you by secure electronic means.  If you do not have an email address, your information will be sent by post.
  • The right to rectification: If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
  • The right to object: You have the right to object the processing of your personal information where we are relying on a Legitimate Interest and there is something about your particular situation, which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
  • The right to erasure: This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal information to comply with the law.
    Note, however, that we may not always be able to comply with your erasure request for specific legal reasons. Right to erasure does not apply in the following scenarios (i) when the lawful basis for processing the data is ‘legal obligation’ – BSG has the legal obligation to keep financial records for a period after a case has been completed; (ii) For the establishment, exercise or defence of legal claims – it is within BSG’s legal rights to retain records of dealing with a customer-debtor for a limited period in case we later receive legal claims.
    Please refer to page 3 item 4 above for the lawful basis under which BSG processes your personal information and page 5 item 7 for how long we retain your information.
  • The right to restrict processing: This enables you to ask us to suspend the processing of your personal information in the following scenarios: (i) if you consider that our use of the information is unlawful but you do not want us to erase it; (ii) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it; or (iii) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims.

 

For more information on your rights, please refer to the website of the Information Commissioner’s Office (ICO).

  1. Other websites

The BSG websites (B&S, DRP and CSL) and our written electronic responses to you may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these third-party websites, please note that they may have their own privacy policies and that we do not accept any responsibility or liability for these policies or your use of those websites.

  1. How we use cookies

Our BSG websites (B&S, DRP and CSL) each use cookies. These are small text files that are placed on your device to help the website provide a better user experience. In general, cookies are used to retain user preferences and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on our website and on others. The most effective way to do this is to disable cookies in your browser. We suggest you refer to the help section of your browser for guidance, if needed.

Our BSG websites set “first party” cookies through their use of Google Analytics. We use Google Analytics to provide us with non-personal site analytics which, in turn, helps us to improve each website. Google Analytics tracking uses cookies to provide meaningful reports about web site visitors, but they do not collect any personal data about you. Google Analytics sets or updates cookies only to collect data required for their reports. Additionally, Google Analytics only uses “first party” cookies. This means that all cookies set by Google Analytics cannot be altered or retrieved by any service on any domain other than: www.bristowsutor.co.uk;  www.creditstyle.co.uk or www.debtrecoveryplus.co.uk

  1. Contact and Complaints

Our Data Protection Officer is Adrian Whalley who can be contacted at [email protected] or via our B&S postal address below.  Please mark your envelope ‘Data Protection Officer.’

If you would like to exercise one of your rights as set out above, or you have a question about the way in which we process your personal information, please contact us as follows:

By post:

DPO

Bristow & Sutor

Bartleet Road,     

Washford, Redditch,

Worcestershire, B98 0FL

By email:

For:

B&S: [email protected]

DRP: [email protected]

CSL: [email protected]

If you have a concern about how we handle your personal information or you wish to lodge a complaint, you may do so by contacting the Information Commissioner’s Office (“ICO”). Go to ico.org.uk/concerns to find out more.

Please note that the guidance on the ICO’s website advises that you give the data controller (BSG) the opportunity to respond to you in writing via letter or email prior to you formally raising your concern with them.

  1. Changes to our Privacy Notice

We keep our Privacy Notice under regular review and we will place any updates on this web page. This Privacy Notice was last updated on 29.02.2024.