GDPR Data Protection Policy and Privacy Notice
1) Definitions
Personal Data – any information relating to an identified or identifiable natural person.
Processing – any operation or set of operations that is performed on Personal Data or on sets of Personal Data.
Data subject – a natural person whose Personal Data is being Processed.
Child – a natural person under 16 years of age.
We/us (either capitalised or not)
This document and references to “Stirling Collections” and “we” and “us” apply equally.
2) Who We Are
Stirling Capital Partners Ltd t/a Stirling Collections. We manage and make decisions about personally identifiable
information we hold, as well as conducting specific activities using data provided by other
companies, on their behalf.
3) What We Do
Stirling Collections collect debts owed to clients on their behalf and perform other services related to these matters. This often involves receiving personal information from our clients so that we can effectively carry out our services, some of which are externally regulated. We also transfer information to other companies that perform specific actions at our request, and
this may involve the transfer of personal data for that purpose.
Stirling Collections is committed to safeguarding your privacy.
Contact us at
Customer.Services@StirlingCollections.com if you have any questions regarding the use of your Personal Data.
By using this site or/and our services, you consent to the Processing of your Personal Data as described in this Privacy Policy.
This Privacy Policy is a part of our Terms and Conditions; by agreeing to Terms and Conditions you also agree to this Policy. In the event of collision of terms used in Terms and Conditions and Privacy Policy, the latter shall prevail.
4) The Law
Stirling Collections is based in England and thus subject to the law applicable in England & Wales. In the case of data protection, the primary legislation in effect from 25th May 2018 is
Regulation EU 216/679 (the General Data Protection Regulation), as well as the Data Protection Act 2018.
5) Data Protection Principles
Stirling Collections follow the following data protection principles:
Processing is lawful, fair, transparent. Our Processing activities have lawful grounds. Wealways consider your rights before Processing Personal Data. We will provide you with information regarding Processing upon request.
Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
Processing is done with minimal data. We only gather and Process the minimal amount of Personal Data required for any purpose.
Processing is limited with a time period. We will not store your personal data for longer than needed.
We will do our best to ensure the accuracy of the data.
We will do our best to ensure the integrity and confidentiality of data.6) Data Subject’s rights
The Data Subject has the following rights:
1. Right to information – meaning you have the right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained and why and by whom it is processed.
2. Right to access – meaning you have the right to access the data collected from/about you.
This includes your right to request and obtain a copy of your Personal Data gathered.
3. Right to rectification – meaning you have the right to request rectification or erasure of your Personal Data that is inaccurate or incomplete.
4. Right to erasure – meaning in certain circumstances you can request for your Personal Data to be erased from our records.
5. Right to restrict processing – meaning where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
6. Right to object to processing – meaning in certain cases you have the right to object to Processing your Personal Data, for example in the case of direct marketing.
7. Right to object to automated Processing – meaning you have the right to object to automated Processing, including profiling; and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
8. Right to data portability – you have the right to obtain your Personal Data in a machine- readable format or if it is feasible, as a direct transfer from one Processor to another.
9. Right to lodge a complaint – if we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
10. Right for the help of supervisory authority – meaning you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
11. Right to withdraw consent – you have the right to withdraw any given consent for the Processing of your Personal Data.
The following forms of ID are accepted when information on your personal data is requested:
• Driving license or passport – Please note, this is essential where requests involve images.
• Utility bill (within the last 3 months of the request being made)
7) Where We Get Your Personal Information
Information about individuals may originate from different sources, including being collected from the person themselves. Stirling Collections will disclose the source of any data held about a person upon their request if there is no overriding legal requirement not to do so. Such requests should be directed to the Data Protection Officer (DPO).
8) The Personal Data We Collect and How We Use It
1. What personal information does Stirling Collections collect when you engage our Services
1. Stirling Collections stores and uses information that could be used to identify a
living person. The information collected will vary depending on the purposes for which that
data is used. The purpose of this storage and use will vary depending on the area of the
business that it pertains to. Where consent is required or used as the basis for storage and
use of personal information, this will be clearly communicated, and the person providing
their consent has the right to withdraw it at any time.2. Human Resources
We Process Personal Data under the legal basis of:
‘Performance of a Contract’ and/or
‘Legal Requirement’ and/or
‘Consent’ and/or
‘Vital Interest’ and/or
‘Legitimate Interest’ and/or
‘Public interest’ for the following purposes:
We store information relating to employees and contractors so that we have adequate
records to be able to contact, manage and pay them, and meet our legal obligations as an
employer.
This information may be sent to another company working on our behalf, where the
relationship is defined by a contract, and they are not permitted to use the information in
any way we have not explicitly asked them to. Only certain authorised personnel within the
company have access to this information. This information may include name, dob, billing
address, home address, e-mail address, telephone, company name, financial and other
information
Under the legal basis of vital interests, we process your Personal Data for the following
purposes:
We collect data concerning health relating to employees, so we can make any necessary
adjustments for their benefit and so that we may pass relevant information on to
emergency services and healthcare professionals in the event of an illness or accident at
work in order to protect their vital interests. This information may include name, dob, billing
address, home address, e-mail address, telephone, medical, financial, and other i
nformation.
3. Sales
We Process your Personal Data under the legal basis of
‘Performance of a Contract’ and/or
‘Consent’ for the following purposes:
Whenever we sell products and services, we collect and store information about the
person or people we have dealt with in the course of the sale, including prior to any sale
taking place, in order to serve the mutual interests of our own and our clients’ or
prospective clients’ companies. This is used for the purpose of completing the sale,
managing service delivery, and marketing further products and services in the future. This
information may include name, dob, billing address, postal address, e-mail address,
telephone, financial and other information.
4. Marketing
We Process Personal Data under the legal basis of
‘Performance of a Contract’ and/or
‘Consent’ for the following purposes:
We conduct direct marketing activities in order to obtain new and repeat business, and
sometimes this requires that we store and use names and business contact details of
specific people whom we know or believe to be the most appropriate recipient of our
marketing communications.
This work is also performed by other companies on our behalf. Since we obtain published
or offered contact details for people in their business role and take steps to ensure that we
and our suppliers are compliant with legal requirements such as the provision of a means
of opting out of further marketing communications, we believe recipients’ privacy rights
are balanced with our business interests. This information may include name, dob, billing
address, postal address, e-mail address, telephone, financial and other information.5. Purchasing
We Process your Personal Data under the legal basis of
‘Performance of a Contract’ and/or
‘Legal Requirement’ and/or
‘Vital Interest’ for the following purposes:
From time to time we may store names and business contact details of individual people
working for our suppliers’ business. This is necessary to ensure we can contact the
relevant people and maintain a relationship to the benefit of both our and their business.
This information may include name, dob, billing address, postal address, e-mail address,
telephone, financial and other information.
6. Service Delivery
We Process Personal Data under the legal basis of
‘Performance of a Contract’ and/or
‘Legal Requirement’ and/or
‘Vital Interest’ and/or
‘Legitimate Interest’ and/or
‘Public interest’ for the following purposes:
To deliver services to our clients, we collect, store, and use personally identifiable
information including names, addresses, telephone numbers, email addresses and
demographic information, as far as it is necessary for the provision of that service.
7. Publicly Available Information
We might gather information about you that is publicly available.
8. Other Information
We reserve the right to anonymise Personal Data gathered and to use any such data. We
will use data outside the scope of this Policy only when it is anonymised.
We might process your Personal Data for additional purposes that are not mentioned here
but are compatible with the original purpose for which the data was gathered. To do this,
we will ensure that:
the link between purposes, context and nature of Personal Data is suitable for
further Processing.
further Processing would not harm your interests and
there would be an appropriate safeguard for Processing.
9. Automated Decision Making
Stirling Collections does not currently utilise automated decision-making functions
within its business. A Data Protection Impact Assessment (DPIA) would be carried out
before any Automated Processing (including profiling) activities were to be undertaken.
10. Data Retention
Except where a legal obligation to retain data exists, Stirling Collecitons does not
store personal information for any longer than is necessary for its defined purpose.
Wherever an individual has expressed that they no longer wish to have the information we
hold about them used for the purpose under which we hold it, we may need to continue
storing certain identifiers to ensure that person’s information does not re-enter our
systems at a later date. This data is stored apart from data that is in current use, is clearly
labelled and access to it is restricted.
Data we hold on behalf of our clients will be held for up to 2 years unless it is needed for
longer to complete the delivery of the service we have agreed to provide.
When data is no longer to be retained, its removal, deletion or erasure will be performed
according to processes suitable for the medium, for example, the secure shredding of
paper documents, deletion from internal systems, or overwriting (wiping) of hard disks.11. Data Storage and Security
We do our best to store information relating to our business on computer systems rather
than paper files, although it is often necessary to print or write upon certain documents,
especially where legal documents are concerned. While these and similar items are
ordinarily transferred quickly in sealed envelopes or given directly to the recipient, storage
of them is managed by authorised staff who ensure that unauthorised persons do not have
direct access. Paper files transported by agents operating in approved vehicles will be l
locked in a mobile safe according to our policy on data in transit.
Most information is however stored in computer systems. We apply an information security
management system in accordance with the requirements of ISO 27001. Critical systems
such as those relating to finance and service delivery are regularly backed up and/or
continuously mirrored to protect against data loss and are physically located in secure
premises.
We do our best to keep your Personal Data safe. We use safe protocols for communication
and transferring data (such as HTTPS). We use anonymising and pseudonymising where
suitable. We monitor our systems for possible vulnerabilities and attacks.
It is our policy that data stored electronically be protected from unauthorised access,
accidental deletion, and malicious hacking attempts. In addition to internal processes, we
employ third-party service providers to manage elements of this.
Even though we try our best we cannot guarantee the security of information. However, we
promise to notify suitable authorities of data breaches. We will also notify you if there is a
threat to your rights or interests. We will do everything we reasonably can to prevent
security breaches and to assist authorities should any breaches occur.
12. Who Else can Access your Personal Data
In some cases, Personal Data about you is shared with our trusted partners to ensure we
can provide our service to you as a client, or fulfil legal obligations or enhance your
customer experience. We only work with Processing partners who can ensure an adequate
level of protection to your Personal Data. We disclose your Personal Data to third parties
or public officials when we are legally obliged to do so. We might disclose your Personal
Data to third parties if you have consented to it or if there are other legal grounds for it
such as tracing within High Court Enforcement or Debt Recovery processes.
13. Data Transfers
Stirling Collections currently don’t but may make transfers of personal data outside
the United Kingdom, including out of the European Economic Area. Such cases may be
due to the physical location of a digital service provider that is storing data on our behalf,
whose services are regulated by terms compatible with this policy and our compliance
with applicable law. Stirling Collections has, where local data protection
regulations so require, put in place security measures for the export of personal data from
its jurisdiction. Where local data protection regulations so require, Stirling Collecitons has made arrangements with entities receiving your personal data such that they shall ensure that security measures are in place and that your personal data is processed only in accordance with EU Data Protection laws.
The safeguards we have taken include implementing the European Commission’s
Standard Contractual Clauses for transfers of personal information to our non-EEA
members operating under Stirling Collections, which requires our non-EEA
members to protect personal information they process from the EEA in accordance with
European Union data protection laws.14. Privacy by Design and Data Protection Impact Assessment (DPIA)
We are required to implement Privacy by Design measures when Processing Personal
Data by implementing appropriate technical and organisational measures (like
Pseudonymisation) in an effective manner, to ensure compliance with data privacy
principles.
We will assess what Privacy by Design measures can be implemented on all programs/
systems/processes that Process Personal Data by considering the following:
(a) the state of the art.
(b) the cost of implementation
(c) the nature, scope, context, and purposes of Processing; and
(d) the risks of varying likelihood and severity for rights and freedoms of Data
Subjects posed by the Processing.
Furthermore, Stirling Collections will also conduct DPIAs with respect to high-risk
Processing.
We will always conduct a DPIA (and discuss the findings with the DPO) when
implementing major system or business change programs involving the Processing of
Personal Data including:
(e) use of new technologies (programs, systems, or processes), or changing
technologies (programs, systems, or processes).
(f) Automated Processing including profiling and Automated decision making.
(g) large scale Processing of Sensitive Data; and
(h) large scale, systematic monitoring of a publicly accessible area.
(k) an assessment of the risk to individuals; and
(l) the risk mitigation measures in place and demonstration of compliance.
15. Training and Audit
It is our policy to ensure that all Stirling Collections Company Personnel has
undergone adequate training to enable them to comply with data privacy laws. We must
also regularly test our systems and processes to assess compliance. Company Personnel
will undergo all mandatory data privacy related training. Stirling Collections
regularly review all the systems and processes under our control to ensure that we comply
with this Privacy Notice and check that adequate governance controls and resources are
in place to ensure proper use and protection of Personal Data.
16. Minors
We do not intend to collect or knowingly collect information from children. We do not
target children with our services.
17. How to Contact Us
Stirling Collections Data Protection Officer (DPO) is the main contact for anyone
who wants to discuss matters covered under this policy or the law, including any person
whose personal data we have come into contact with and used or stored, whether for our
own purposes or on behalf of another company.
You can email enquiries@StirlingCollecitons.com 18. Complaints
If you have any concerns about how your data is being processed by us or any of our third
parties, please contact us in the first instance and we will attempt to resolve any issues.
We are governed by the Office of the Information Commissioner (ICO) in the United
Kingdom. In the event that you wish to make a complaint about how your personal data is
being processed by us or any of our third parties, or how your complaint has been
handled, you may contact the supervisory authority:
The Information Commissioners Office (The ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
19. Changes to this Privacy Policy
We reserve the right to make changes to this Privacy Notice at any time, for any reason.
However, Stirling Collecitons will review and update this Privacy Notice periodically.
or from time to time in response to legal, technical, or business developments. If material
changes to this Notice are made, they will be updated via the business website.
Last reviewed 6th January 2026