As one of the UKs leading Debt Purchasers, we receive the personal data of customers following the successful purchase of a debt from an original lender.
Our legal basis for retaining and processing such personal data is for the recovery of the outstanding debts. Once we have purchased an outstanding debt, we become the data controller of the personal information relating to the customer and take on the legal rights previously held by the original lender.
The personal data retained and processed relating to our customers include:
- Date Of Birth;
- Telephone Numbers;
- Email Address;
- Financial and Credit Score Information;
- Employment status;
- National Insurance Number (in some instances).
There may be instances in which we retain and process sensitive data as defined under Data Protection Law. Should such instances arise, we will ensure we receive the explicit consent, directly from our customers prior to the processing.
Possible categories of sensitive data include:
- Physical and Mental Health Information.
The information collected by us may be processed for the following defined reasons:
- Verify the identity of customers and their residential status;
- Assess affordability prior to entering into a payment arrangement which ensures payments agreed are sustainable and affordable;
- Processing of payment arrangements and adhoc payments as consented by the customer;
- Detect, prevent and investigate potential and actual fraud and other such related activities;
- Fulfil all aspects in relation to any agreement or accounts, including but not limited to complaints, disputes and queries;
- Recover outstanding debts.
How Personal information is obtained:
We receive personal information relating to customers following the successful purchase of debts from original lenders.
In addition to the above and in order to comply with the principles governed by Data Protection Law, we may use the following channels to ensure the information we hold, relating to customers is accurate and where possible up to date. This is to also enable us to meet our needs in recovering outstanding debts.
The external resources utilised to ensure data retained is accurate and up to date include:
- Credit Reference Agencies including CallCredit, Experian and Equifax.
Who personal information may be shared with:
Throughout the course of the debt recovery journey, there may be instances in which we have to disclose customer information to organisations external to MMF.
We only disclose information where there is a clearly defined legitimate reason in doing so.
In order to verify customers identity, MMF may utilise third parties organisations including but not limited to; Call Credit, Equifax and Experian. Such processing is performed to ensure the most up to date information is retained. Potential information received from such third parties include;
- Residential Address;
- Residential Status;
- Date Of Birth;
- Email Address (if applicable);
- Contact Telephone Numbers (Home and Mobile).
NB: Please note that email addresses and mobile numbers will only be used as an avenue of communication where prior consent was given for Debt Collection purposes.
Personal information, the status of account, details of payment plans and any defaulted plans* will be shared with Credit Reference Agencies (CRA).
*Any defaults registered with CRA will remain on an individuals credit reports for a period of 6 years.
We may from time to time pass personal information of customers onto contracted organisations in the following instances:
- To outsource partners who assist in the recovery of any outstanding debts. MMF will ensure customers remain up to date and aware of such data sharing activities;
- Where the process of litigation has been instigated against a customer;
- The disclosure is required in order to recover assets associated with a debt;
- Ensure Customer Credit Reports are accurate and up to date;
- When customers have entered into a payment plan with an appointed Debt Management Company;
- To detect, investigate and prevent, potential or actual fraud;
- To meet our regulatory obligations as defined by the Financial Conduct Authority (FCA) and the Information Commissioners Office (ICO).
We only disclose the personal data of customers with other organisations once appropriate contractual agreements are in place. Such agreements ensure parties processing personal data, of which we are responsible, are doing so in accordance with all associated laws, regulations and as per our instructions.
We may pass customer information onto approved Customer Survey Partners who conduct satisfaction surveys on our behalf and as per our instruction.
We will never share or transfer personal information outside of the European Economic Area (EEA) unless appropriate technological and security measures are in place offering adequate protection.
Information held by us:
Customer information will be retained for the period in which an account remains active. Upon closure, a level of personal information will be retained in order to comply with our associated financial obligations.
Personal information will be securely disposed of when no longer required using appropriate technological measures.