Updated 20 July 2021 V_6
This policy explains why we process your data and highlights your rights under the General Data Protection Regulation 2018, known as GDPR.
You can contact us directly on 01134 266 550 or by email or letter, as explained below, if you require further information.
Why do we process your data?
Your data was shared with us by a Third Party.
We process data for the purposes of tracing and verification, and marketing.
When you registered, made an application, submitted a form, agreed to sign-up or in any other way submitted your data to a third party website you were notified that the data you shared would be shared with Data OD Ltd and that they may share it with other third parties for the permitted purposes.
How do you restrict the processing of your data?
If you would like to restrict the processing of your data you should email this request to MyInfo@DataOnDemand.co.uk and provide your First Name, Surname and Postcode. You may also send the request in writing to The Compliance Officer, Data OD Ltd, Platform, New Station Street, Leeds, LS1 4JB, if you prefer. Alternatively, you can call us on 01134 266550.
Upon receipt of you request to remove your data from the database we will suppress your data record.
Suppressing your data record means that we will keep a copy of the data to process as a suppression. This means that the data record is retained to enable us to identify the data and, if we see the data again in the future, ensure that it is not included in the marketing database again.
The ICO recommend that your data is suppressed.
You can request your data record is deleted and removed completely from our systems, but we cannot guarantee that the data will not be added again in the future if we do not hold a copy of the data to be processed as a suppression only.
Typically, we retain data for up to six years or until a request is made to delete the data.
Who are we?
Our registered company name is Data OD Ltd and we are also known as “Data On Demand”.
Our tracing and verification service is known as “Fintrace” and our marketing service is known as “Continue”.
Our registered office address, in the United Kingdom, is C/O Ground Floor, St. Pauls House, 23 Park Square, Leeds, LS1 2ND.
All correspondence should be sent to our trading address, which is:
Data OD Ltd
New Station Street
Head Office Telephone Number: 01134 266 550
Enquiry Email Address: MyInfo@DataOnDemand.co.uk
We are a UK registered business with the company number 10183365.
Our ICO registration number is ZA231384.
How we process the data for tracing and verification and who we share the data with.
We use data to provide services to third-party organisations. These third parties will either already have a relationship with Individuals or will act under legally enforceable arrangements with those individuals and this includes the assigns of that third party (i.e. other businesses they give their rights to, such as assignments of debts).
The data may be processed for activities included in the following Scope for Tracing and Verification:
We use the word Tracing to cover the following types of processing activities:
- Asset Repatriation i.e. tracing family members of deceased individuals.
- Debt Collection and Recoveries means to trace individuals in order to send invoices or recover debts.
- Enforcement covers legal judgments/court orders and tracing activities related to those.
We use the word Verification to cover the following types of processing activities
- Credit Risk Assessment – verifying a Data Subject’s creditworthiness/risk.
- Fraud Prevention – Using data to identify patterns of fraudulent behaviour, or to reduce the overall risk of fraud by ensuring that persons are real.
- Identify Verification – To check that Data Subjects are whom they claim to be.
- Identifying Vulnerable Customers – Using data to identify certain classes or Data Subjects who may be at a higher risk of harm from taking out further debts for example. The anticipated processing is only intended to protect those vulnerable Data Subjects who are identified, not to target them in order to take advantage of their vulnerability (a risk we generally mitigate contractually – see below).
When a client uses our services they will typically send us information such as:
- Identifiers (including an individual’s name, date of birth, and current and previous addresses). This helps us to match the information to the other information we hold in our databases.
- The purpose and legal basis, pursuant to which they are requesting information about the individuals.
When we receive that information, we match it against the other information that we hold in order to find and return additional information about an individual.
Depending on the service we are providing, this can include contact data, employment data, data about financial beahviour and data about a property.
It can also include similar kinds of information about people who are associated with an individual.
Our legal grounds for handling data for trace and verification.
The UK’s data protection law allows the use of your personal data where necessary for legitimate purposes provided that this is not outweighed by the impact it has on you. The law calls this the “legitimate interests” condition for processing personal data. We may also rely upon (or third parties may rely upon) other legal bases for processing your data and these will be set out in their privacy notices. Generally, we may also process your data where that is required for us to comply with any legal obligation we are subject to and must comply with, or where we or a third party have a contract with you, and they are using your information in order to carry out the rights and obligations set out in that contract.
A comprehensive range of measures exists in the UK to underpin the balance so that the legitimate interests are not outweighed by the interests, fundamental rights, and freedoms of individuals.
Our use of personal data is subject to appropriate technical and organisational measures that help make sure that your rights are protected. These include the information you are given about how your personal data will be used and how you can exercise your rights to obtain your personal data, have it corrected or restricted, object to it being processed, and complain if you are dissatisfied. We also have to consider the potential harms that could arise from the use of data, and we balance those potential risks against the legitimate interests we identify as being relevant. These safeguards help sustain a fair and appropriate balance so that our activities do not compromise your interests, fundamental rights, and freedoms.
The legitimate interests we are typically pursuing when providing services to our clients are:
Interest: Commercial Interest of Data OD and Contributing Data Sources.
Explanation: We both receive financial incentives based on the volume of data processed. This interest is balanced against the rights of data subjects.
Interest: Supporting tracing and debt collections
Explanation: We provide services that support tracing and collections where there is a legitimate interest in the client conducting activity to find its customer and to recover the debt, or to reunite, or confirm an asset is connected with, the right person. The interests furthered here relate to debtors and relevant proprietors.
Interest: Promoting responsible lending and helping to prevent over-indebtedness.
Explanation: Responsible lending means that lenders should only sell products that are affordable and suitable for the borrowers’ circumstances. We help ensure this by sharing personal data with our Clients about potential borrowers, and their financial history.
Interest: Helping prevent and detect crime and fraud; anti-money laundering; and identity verification
Explanation: We provide identity, anti-fraud, and anti-money laundering services to help clients meet legal and regulatory obligations, and to the benefit of individuals to support identity verification and support the detection and prevention of fraud and money-laundering.
Other legal bases for processing that may apply:
Where “processing is necessary for compliance with a legal obligation to which the controller is subject”:
Any organisation within the chain of processing may be subject to certain legal obligations and it is for each party to determine the extent to which is required to process data for this purpose under the circumstances of the requirement.
Carrying out contractual obligations
Controllers may have contractual relationships (either directly, or indirectly pursuant to the Contracts (Rights of Third Parties) Act 1999) with Data Subjects, and information may be processed by them in line with such duties. Data OD does not have a contractual obligation directly with Data Subjects but may be determined to indirectly grant certain rights to Data Subjects through Data OD’s contracts with its customers relating to processing DSARs for example. Controllers may determine that they are permitted to process data under this basis, such as where the right to enforce a debt or other contractual right has been assigned to a third party other than the original Controller.
This section describes the types of recipients we will share data with.
Users of our services
We share data with the users of our services (i.e. other businesses), limited to the Scope we have told you about.
This might include banks, building societies, credit reference agencies, debt collections agencies, insurance providers, pension providers, providers of consumer credit, law enforcement agencies, utilities, and other service providers who have a legal right to contact an individual, or to otherwise use the information which is processed to verify certain information to prevent fraud and improve the customer overall experience in general or to further their own legitimate interests that they have informed you of.
Other applicable categories of recipients might include:
- Political: Political Party
- Justice: Anti-fraud and theft initiative, Police Authority, Police Commissioner, Police Force, Probation
- Land or property services: Estate agency/letting agency, Financial services and advice, Housing association, Property Management, Housing Association
- Finance, insurance, and credit: Bank and building society, Credit referencing, Debt collection/tracing, Financial Service and advice, Household Utility Provider, Insolvency Practioner, Insurance, Lender, Payment service, Pension,
- Online Technology and Telecoms: Software developer
- Retail and manufacture: Supplier of goods > Catalogue mailorder, Ecommerce (Online retailer), Mail order trader
We sometimes use other organisations such as resellers, distributors, and agents to help provide our services to clients and may provide personal data to them in connection with that purpose, but if we do that then we make sure that data is subject to the same protection it receives when we process it.
We sometimes use third parties who provide services to us, on a very limited basis and strictly following our instructions which will only relate to the Scope we have told you about. This might include address validation and telephone validation or other similar services to ensure the accuracy of information.
These service providers will not be allowed to use your information for any other purpose other than providing the service to Data OD.
Our group companies
In some circumstances, we may share your personal data among the members of the group of companies to which Data OD Ltd belongs. If we do so, then the use of the data by those companies will be governed by this privacy notice and your existing legal rights will not be affected. Data OD Ltd always remains responsible for the other members of its group of companies if this is ever required.
If we sell our business to a third party or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business and they will continue to use it only in accordance with this notice, unless and until they tell you otherwise.
We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.
- LexisNexis Risk Solutions UK Ltd, Global Reach, Dunleavy Drive, Cardiff, CF11 0SN
How we process the data for Marketing.
Data OD Ltd is a data aggregator. This means companies share data with our company and we combine this with other data sources to create a Single Customer View for the Data Subject, you, the individual consumer. This data is then shared with other companies for the purpose of marketing.
We process the data to ensure data accuracy. This processing includes validating address information, removing goneaways (people who have moved property), deceased screening and applying suppression files. We also validate mobile phone numbers and email addresses using third party services such as the Home Location Register (HLR), which is the main database of permanent subscriber information for mobile networks and SIFT Logic, which validates and scores the confidence of email addresses.
The data may also be enhanced and improved with more information by combining data from publicly available databases such as the EPC (Energy Performance Certificate) Database, the Land Registry and property portals which display the addresses of properties which are for sale or have been sold. We may combine this data with other data to confirm the status of an address for a property, currently or previously, identified as on the market. e.g. for sale.
The data may be validated, updated or enhanced by other publicly available databases such as the Edited Electoral Roll, as also known as the ‘Open Register’.
The data may be profiled based on the information we know about the individual and/or the information we know about the property where the individual resides.
The data is shared with other companies for the purpose of marketing by post, email, telephone or text message.
The data may also be processed to for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.
Who do we share data with for Marketing?
We share data with third parties. This section of the Privacy Notice is updated regularly so you should check this page often to refresh your understanding of which companies may be sharing your data for marketing purposes.
The companies with whom we share data may also share your data with other companies for the permitted purposes of processing.
Companies who we share data with for marketing purposes –
Marketing Companies & Agencies
EE Ltd (BT Group companies and BT Group plc)
Your personal data may be combined with property information if your home is for sale. You may be contacted with information by post, email, sms or telephone to introduce products or services which may be of benefit during the process of your property sale and subsequent home move.
The hyperlinks above link to the ‘Contact Us’ pages (or similar) for the companies Data OD Ltd may have shared data with. You may contact the companies to instruct them to restrict the processing of your data or to action any of your Rights under the GDPR.
You can instruct Data OD Ltd to contact the companies to action any requests on your behalf.
We may also share your data with the Categories of Recipients, listed below in the section The categories of recipients of the data.
Right to be informed
|The name and contact details of our organisation.||We are Data OD Ltd. Our registered address is 62-66 Deansgate, Manchester, England, M3 2EN. Our Company number is 10183365. To contact us by telephone our main number is 01134 226 550. To contact us by email for general enquiries it is MyInfo@DatOnDemand.co.uk. All correspondence should be sent to Data OD Ltd, Platform, New Station Street, Leeds, LS1 4JB.|
|The purposes of the processing.||We process your information to share with third parties for marketing.|
|The lawful basis for the processing.||Where you have given explicit consent for marketing, that is the lawful basis for processing. Where there is a legitimate interest for sharing your data, that is the lawful basis for processing.|
|The categories of recipients of the personal data.||
|The details of transfers of the personal data to any third countries or international organisations||The data is not shared for marketing purposes with any Countries outside of the EU.|
|The retention periods for the personal data.||We retain the permission to share the data for the purposes of marketing until we are advised by the Data Subject that they no longer want us to process their data.|
|The right to withdraw consent.||Refer to the section on this page entitled ‘How do you remove your data from our marketing database?’|
|The right to lodge a complaint with a supervisory authority.||You can lodge a complaint with the ICO by emailing email@example.com|
|The source of the personal data.||You can request the information in relation to the source of your personal data by emailing MyInfo@DataOnDemand.co.uk|
|The details of the existence of automated decision-making, including profiling.||Refer to the section on this page entitled ‘How we process the data.’|
Right to access
|The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps individuals to understand how and why you are using their data, and check you are doing it lawfully.||You can contact us at MyInfo@DataOnDemand.co.uk to confirm if we are processing your data or to request a copy of the data that we hold and any supplementary information that you are entitled to. You can also call us directly on 01134 266 550 with the same request|
Right to rectification
|Under Article 16 of the GDPR individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data||You can contact us at MyInfo@DataOnDemand.co.uk to request to have inaccurate data rectified or to have incomplete data completed. You can also call us directly on 01134 266 550 with the same request.|
Right to erasure
|Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’.||You can contact us at MyInfo@DataOnDemand.co.uk to request to have your data deleted. You can also call us directly on 01134 266 550 with the same request.|
Right to restrict processing
|Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of their data.||You can contact us at MyInfo@DataOnDemand.co.uk to request to have your added to our suppression list if you wish to withdraw consent. You can also call us directly on 01134 266 550 with the same request.|
Right to data portability
|The right to data portability gives individuals the right to receive personal data they have provided to a controller in a structured, commonly used and machine-readable format. It also gives them the right to request that a controller transmits this data directly to another controller.||You can contact us at MyInfo@DataOnDemand.co.uk to request to a copy of the information we hold to be provided to you or another controller. This is supplied in an Excel (.CSV) format and can be sent by email or by post. You can also call us directly on 01134 266 550 with the same request.|
Right to object
|Article 21 of the GDPR gives individuals the right to object to the processing of their personal data. This effectively allows individuals to ask you to stop processing their personal data. The right to object only applies in certain circumstances. Whether it applies depends on your purposes for processing and your lawful basis for processing.||You can contact us at MyInfo@DataOnDemand.co.uk to request that we stop processing your data for marketing purposes. You may also call us directly on 01134 266 550 with the same request.
Rights related to automated decision-making including profiling
|Article 22 of the GDPR has additional rules to protect individuals if you are carrying out solely automated decision-making that has legal or similarly significant effects on them.||You can contact us at MyInfo@DataOnDemand.co.uk to request that do not use your personal data to create the models outlined in the section of this page entitled ‘How do we process your data’. You can also call us directly on 01134 266 550 with the same request.|
How to Contact Us.
Other useful information.
You can control how your data is processed by registering with services that help restrict the processing and by updating your privacy settings on your devices and on services you use such as email, social media and internet browsers.
The Edited Electoral Roll or ‘Open Register – The open register, also called the edited register, contains the same information as the full register but is not used for elections or referendums. It is updated and published every month and can be sold to any person, organisation or company for a wide range of purposes. It is used by businesses and charities for checking names and address details; users of the register include direct marketing firms and also online directory firms.
You can choose whether or not to have your personal details included in the open version of the register; however, they will be included unless you ask for them to be removed. Removing your details from the open register will not affect your right to vote.
To op-out of receiving marketing communication as a result of your being data shared on the Open Register you should visit https://www.gov.uk/get-on-electoral-register and update your preferences.
Postal Marketing – You can opt out of postal marketing by registering with the Mail Preference Service (MPS) at https://www.mpsonline.org.uk/. This is an industry wide service that is administered by the Direct Marketing Association and recognised by the Information Commissioner.
Telephone Marketing – You can opt out of all telemarketing activity by registering their details with the Telephone Preference Service (TPS) at https://www.tpsonline.org.uk/tps/index.html. The TPS is similar to the MPS but is administered by the Information Commissioner.
Email Marketing – Unlike Postal or Telephone channels, there is no industry-wide service to opt out of email marketing. Therefore, consumers should always review privacy policies and marketing opt-in check boxes when registering for services or purchasing products online. Where unwanted email marketing is received, consumers should unsubscribe or use spam filters to prevent future communications. You can visit https://www.tmps.online/ a service provided by Data OD Ltd to manage your marketing consent.
Online Advertising – Marketing data is widely used to inform the advertising that is displayed when browsing online. Whilst digital marketers generally do not know the identity of the individual viewing a page, they are able to understand their likely characteristics based on their browsing behaviour or location in order to display a more relevant advert. If you would prefer not to receive targeted advertising in this way you can refer to the device or service instructions to restrict the processing.
Cookies – are small files used by websites to recognise returning visitors and tailor content or advertising more effectively. Declining cookies when visiting websites will prevent those sites from displaying targeted advertising, whilst all modern browsers have a setting to clear cookies, which will delete all cookie data stored from previous website visits.
Mobile devices – cookies used for advertising do not generally work on mobile devices, however, advertisers can still recognise returning visitors both when browsing online and when using apps through the use of an ‘Advertising ID’. The Advertising ID is created by the mobile device, but can be reset at any time, thereby deleting all data held against it. Instructions on resetting Advertising ID’s will vary by device but can be found here for Apple devices, or here for Android devices.