Privacy Policy

Azets is committed to respecting the privacy and confidentiality of personal data and complying with protection legislation including the General Data Protection Regulation (GDPR) and, where appropriate, the United Kingdom Data Protection Act 2018 (DPA).

This privacy policy describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy policy or as otherwise stated at the point of collection.

“Azets” (and “we”, “us”, or “our”) refers to Azets Opco Limited, registered in Jersey under registration number FC033952, with registered address at 22 Grenville Street, St Helier, Jersey, JE4 8PX, with United Kingdom establishment registration number BR019040, 16 Great Queen Street, Covent Garden, London, WC2B 5AH and such Azets group companies in Europe and their subsidiaries that:

• is a contracting party for the purposes of providing or receiving services, or
• posted a position for which you are applying, or
• you have a role or relationship with.

Each company in the Azets group of companies is a separate legal entity and a separate controller for personal data. These are show in Appendix A at the end of this policy.

“Don’t Fret About Debt” is a trading name of Azets Debt Solutions Limited  (registration number SC569126). Azets Debt Solutions Limited is authorised and regulated by the Financial Conduct Authority for consumer credit activivities (FCA registered number 779455).

Where we decide how and why personal data is processed, we are a controller. Where we process personal data on the explicit written instruction of a customer, we are a processor. We may conduct either (or both) of these roles depending upon the nature of our engagement with you. If you are a customer this will be defined in your letter of engagement (contract) with us.

Azets’ Data Protection Officer can be contacted at:

The Data Protection Officer
Azets Opco Limited
Regis House
2^nd floor
45 King William Street
London EC4R 9AN
United Kingdom

(t) +44 (0) 20 7403 1877
(e ) DPO@azets.co.uk (in the United Kingdom)
(e ) privacy@azets.com (elsewhere in Europe)

We only collect such personal data that is necessary for us to perform our services and we ask customers only to share such personal data as required for that purpose. Where we identify that a customer has provided us with unnecessary personal data, we either return that information to its source or destroy it, considering the customer’s preference wherever possible.

5.1            personal data that you provide to us by:

• Communicating with us by our secure portal “CoZone”;
• filling in forms on our websites azets.co.uk, www.blickrothenberg.com, www.azets.com, www.dontfretaboutdebt.net, www.idur.se, www.cogidocs.com, www.cogidocs.co.uk, www.azets.no, www.azets.se, www.azets.dk, www.azets.fi or www.azets.ro
• corresponding with us by telephone;
• corresponding with us by email;
• corresponding with us by letter;
• Using the Live Chat facility;
• personal messaging services such as WhatsApp®, Facebook Messenger® and SMS (although we do not recommend using such services);
• If you visit our offices, you may record your details in a visitors’ book or electronic equivalent or we may do that for you.

5.2            personal data that we collect from publicly available sources

• From credit reference agencies and other company information providers;
• From national business administration authorities, such as Companies House in the UK;
• from social media such as LinkedIn®;
• from our own research activities such as reviewing websites.

5.3            personal data that we receive from referrals

• We may receive unsolicited personal data in the form of a business-to-business referrals. We will seek consent before processing such personal data any further.
• We may receive personal data submitted as a referral from one of our own employees. We will seek consent before processing such personal data any further.

If you are a prospective customer, we process the following:

• First name;
• Last name;
• Company name;
• Your nearest Azets office;
• Web site address;
• Email address;
• Telephone number;
• Any further personal data that you chose to provide in your initial enquiry;
• Any further personal data that you choose to provide during subsequent discussions whether by phone, email or letter.

If you are a personal or sole trader customer, we may process the following:

• Your name, home address and date of birth;
• name, home address and date of birth of any family members, advocates or other beneficiaries and connected parties;
• Employment status;
• Financial details such as salary, other income and investments, tax status and debt level.

If you are a business customer, we also process the following:

• Company name and registration number;
• Business type and industry sector;
• Name, home address and date of birth of officers of the company;
• Contact details of beneficial owners;
• Contact details of Persons of Significant Control;
• Name, address, job title, email address and telephone number(s) of all employees who engage with us or will engage with us.

If you are a supplier, we process the following:

• Company name and registration number;
• Business type and industry sector;
• Company address(es);
• company telephone number(s);
• name, address, job title, email address and telephone number(s) of all employees who engage with or will engage with us.

If you contact us concerning employment whether by letter, email or via our careers pages you may provide:

• Your Curriculum Vitae (CV) containing extensive personal data;
• Any further personal data that you may provide in a covering letter.

If a recruitment agency contacts us concerning employment whether by letter, email or via our careers pages they may provide:

• Your Curriculum Vitae (CV) containing extensive personal data;
• Any further personal data that you may have provided in a covering letter.

If you visit one of our websites, we collect information about your computer:

• IP address (where available);
• Geographic location (if you allow this when prompted by your browser);
• Operating system;
• Browser type;
• To enable our systems to recognise your device and to provide features to you, we use cookies. For more information about cookies and how we use them, please read our Cookie Policy.

If you receive emails from us and interact with them, we collect:

• Time you received the email;
• Time you opened the email;
• Device you used to open the email;
• Geographical location when you opened the email;
• Which parts of the email you interacted with.

If you use social media accounts which are registered using the same email address you have provided to us elsewhere our systems enable us to link your social media accounts to your email address and so we process:

• Links to any social media accounts that you use.

We do not normally collect special category personal data such as health, race or ethnic origin. However, for certain services or activities, and when required by law or with an individual’s consent this may be necessary. We always seek to minimise our processing of special category personal data.

Azets processes personal data for many different purposes:

8.1            Complying with any requirement of law, regulation or a professional body of which we are a member

As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We keep certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data. This processing is necessary for us to comply with a legal obligation; for example, when conducting customer due diligence checks to comply with anti-money laundering regulations we carry out searches to identify politically exposed persons and heightened risk individuals and organisations, and to check that there are no issues that would prevent us from working with a particular customer, such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues. Where we do not have a legal obligation, we have a legitimate interest in processing personal data as necessary to meet our regulatory or professional obligations.

If you wish to become our customer (and annually thereafter), we have a legal obligation to verify your identity. We do not need to obtain your consent to do this because it is a legal obligation imposed upon us. However, we are obliged to inform you that this will take place. We may achieve this by:

• performing a search with a credit reference agency. This will leave a footprint on your credit file as evidence that the check has taken place. This footprint is not the same as a credit check footprint and has no impact at all on your credit rating. It just leaves a footprint that proves we have satisfied the legal obligation to verify your identity. Even when these identity checks are performed annually their repetition has no impact on your credit rating;
• or by evaluation of traditional ID-check documents (passport, drivers’ licence etc) and the use of an electronic signature complying with the European Union Trusted Lists (EUTL).

8.2            Administering, managing and developing our businesses and services

We process personal data to run our business. This processing is necessary for the purposes of the legitimate interests pursued by us to administer, manage and develop our business and services. Such processing includes:

• managing our relationship with customers;
• developing our businesses and services (such as identifying customer needs and improvements in service delivery);
• maintaining and using IT systems;
• hosting or facilitating the hosting of events; and
• administering and managing our websites, systems and applications.

8.3            Recruitment

The legal basis for processing personal data for the purpose of recruitment is our legitimate interest to develop our business.

When an applicant becomes an employee, their personal data is processed subject to Azets’ Internal Privacy Policy.

Personal data collected from unsuccessful employment applicants is retained for 12 months after which it is securely destroyed.

8.4            Business Development

The initial legal basis for processing personal data for the purpose of business development is our legitimate interest to develop our business by undertaking sales and marketing activities.

When we first contact an individual or organisation, we will seek consent to process personal data before we proceed any further. We retain evidence of the consent which has been provided.

When sending electronic marketing messages to existing customers concerning similar products or services to those already purchased, we rely on the “soft opt-in” approved by the UK’s Information Commissioner’s Office, and similar mechanisms in other European countries.

The legal basis for sending electronic marketing messages to named individuals is consent. We retain evidence of the consent which has been provided.

We retain personal data collected through our business development processes for as long as we believe our products and services may be of interest to prospective customers. Individuals and organisations can ask to be removed from our business development system at any time.

8.5            Provision of services to our customers

We provide a wide range of business services. Most of these services require us to process personal data to provide advice and deliverables. For example, we will review payroll data as part of an audit and we use personal data to advise customers on global mobility, tax and pensions.

The legal basis for processing personal data for the purpose of providing services to our customers depends upon the context. We use one or more of the following legal bases for processing:

• The performance of a contract with our customers, or steps taken to enter into a contract with our customers;
• To address our legitimate interests which include maintaining accurate records relating to accounting and finance and monitoring the quality of our services;
• To satisfy a legal obligation (such as a statutory audit).

In the absence of specific legal, regulatory or contractual requirements, our standard retention period for records and other documentary evidence created in the provision of services is 7 years. The exceptions to the general 7-year retention period are records (except audit files) relating to trusts, estates, wills, pension schemes, taxation and financial services which we may retain for periods up to 30 years.

Our standard email retention period is 7 years.

Other records, which are not required to be retained as part of our professional services, are kept for a period of time depending on:

• The type, amount and categories of personal data we have collected;
• The requirements of our business and the services we provide;
• The purposes for which we originally collected the personal data;
• The lawful basis upon which we base our processing;
• Any relevant legal or regulatory obligations;
• Whether the purpose of the processing could be reasonably fulfilled by other means.

8.6            Procurement of services from suppliers

The legal basis for processing personal data for the purpose of procurement is our legitimate interest to maintain efficient and effective procurement processes.

We retain the personal data we collect from our suppliers for seven years after the contract ends unless some different retention period is warranted and documented in our procurement contract.

We only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place as appropriate to protect personal data and to comply with our data protection, confidentiality and security standards.

We are part of a global network of firms and in common with other professional service providers, we use third parties located in other countries to help us run our business. As a result, personal data may be transferred outside the countries where we and our customers are located. This includes to countries outside the United Kingdom and the European Union and to countries that do not have laws that provide specific protection for personal data. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the UK and EU are performed lawfully. Where we transfer personal data outside of the UK and EU to a country not determined by the European Commission or the UK government as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.

Personal data held by us may be transferred to, or disclosed to, other companies in the Azets group of companies (see Appendix A) and our parent company. We may share personal data with other Azets companies where necessary for administrative purposes and to provide professional services to our customers (e.g. when providing services involving advice from Azets companies in different territories). All companies in the Azets group of companies are bound by a Data Sharing Agreement which commits them to share personal data in a secure and lawful manner that respects the rights and freedoms of data subjects.

Azets may share data with the following organisation types and for the lawful reasons shown.

9.1            Processors

Azets uses specialist organisations to provide certain services, such as data hosting. These organisations (processors) are bound by a written contract which defines their tasks and responsibilities. Azets only employs processors that comply with data protection legislation and processors are subject to audit or certification review to ensure continuing compliance.

The following processors or categories of processors are used by Azets in the UK:

Azets does not perform any profiling based on personal data that has a legal or significant effect upon data subjects.

Azets does not perform any automated decision-making involving personal data.

We will neither transfer nor process personal data outside the country in which a customer has contracted, nor will we permit personal data to be so transferred or processed by a third party, unless it is under one or more of the following conditions:

• the territory into which the data are being transferred is one approved by the relevant country’s Supervisory Authority for data protection;
• the territory into which the data are being transferred is within the European Economic Area or the United Kingdom;
• the territory into which the data are being transferred has an adequacy decision issued by the European Commission or the United Kingdom government;
• the transfer is to the United States of America and the recipient is registered under the EU/US Privacy Shield scheme (or any replacement scheme post July 2020);
• the transfer is made under the unaltered terms of the standard contractual clauses issued by the European Commission for such purposes;
• the transfer is made under the provision of binding corporate rules which have been approved and certified by the European Commission;
• the transfer is made in accordance with one of the exemptions set out in Data protection legislation.

In the UK the following applies:

Certain Azets staff taking insolvency appointments are licensed in the United Kingdom by the Institute of Chartered Accountants in England and Wales, the Institute of Chartered Accountants of Scotland or the Insolvency Practitioners Association to act as insolvency practitioners.

Work undertaken under insolvency appointments is subject to insolvency law and regulation (primarily the Bankruptcy (Scotland) Act 2016, Insolvency Act 1986, the Insolvency Rules 1986, The Insolvency Regulations 1994 , The Insolvency Practitioners Regulations 2005), court practice notes, Statements of Insolvency Practice in England and Wales and Statements of Insolvency Practice in Scotland.

In addition, insolvency practitioners are subject to the ICAEW’s Code of Ethics D or, for members of those bodies, the equivalent codes set by the Insolvency Practitioners Association or Institute of Chartered Accountants of Scotland. All insolvency practitioners are also expected to comply with the Joint Insolvency Code of Ethics.

When a company undergoes Insolvency, one or more Azets insolvency practitioners may be appointed to manage the company’s affairs, business and property.

In the case when an individual is subject to an insolvency, one or more Azets insolvency practitioners may be appointed to manage the individual’s affairs, business and property. Initial advice and the administration of Debt Arrangement Schemes is provided by Azets Debt Solutions Limited which is regulated by the Financial Conduct Authority registration 799455.

Should the individual wish to proceed with a Trust Deed or Sequestration, Azets Debt Solutions Limited will refer the individual and pass their details to Azets Holdings Ltd. The administration of formal insolvency appointments will be administered by Azets Holdings Ltd.

12.1            Use of personal data in our insolvency and restructuring practice

We process personal data to enable us to carry out our work as insolvency practitioners which includes processing data that was held by companies and individuals before our appointment, together with data collected during an insolvency procedure or a fixed charge receivership. Our legal obligation to process personal data arises from work we are required to carry out under insolvency and other related legislation.

As appointees of a court, licensed insolvency practitioners are defined in data protection legislation as controllers of personal data. Azets Holdings Limited functions as an agent acting on the explicit instructions from such licensed insolvency practitioners about personal data in relation to an insolvency procedure or fixed charge receivership.

Personal data are kept secure and processed only for matters relating to the insolvency procedure being dealt with.

12.2            Personal data processed in the insolvency and restructuring practice

The personal data Licensed Insolvency Practitioners processes are usually basic details that may identify an individual and are typically sufficient to allow us to carry out our work as insolvency practitioners. For example, dealing with the claims of individuals who are owed monies by the companies or individuals over whom we have been appointed.

However, insolvency practitioners may be appointed over entities that process personal data that is considered more sensitive (special category personal data), for example health records and this special category personal data has usually been created before our appointment. Although we take appropriate steps to safeguard special category personal data (or to destroy it where it is appropriate to do so), subject to limited exceptions, for example, where we identify previous conduct and/or action that requires further investigation, we do not process special category personal data.

The company or individual subject to insolvency and the Azets insolvency practitioners process personal data for the purposes of complying with the following legal obligations and/or legitimate interests:

• the provision of references or reports to financial institutions, regulatory authorities, appropriate bodies in connection with the holding of public office;
• analysis for management purposes and statutory returns;
• the provision of business services including the realisation of assets, agreement of claims and the payment of dividends;
• the reasonable and lawful provision of information to interested parties;
• the calculation and analysis of payroll, billing, credit control and other data relating to the company’s finances and the transfer of such data for use by financial personnel and other appropriate independent third parties;
• maintaining security of the company, any personnel and data;
• the prevention and detection of crime or fraud;
• quality and risk management purposes;
• compliance with any request from regulatory authorities or other relevant public authorities or agencies;
• legal proceedings (including prospective legal proceedings);
• obtaining legal advice;
• establishing, exercising or defending legal rights;
• compliance with certain legal obligations to which the company or individual may be subject;
• processing for personal purposes of employees in accordance with the law and the company’s and/or individual’s policies and rules.

The Azets insolvency practitioners may collate, process and disseminate statistics based on an aggregation of data held by them, the company and/or individual provided that any individual is not identifiable from the resulting analysis and the collation, processing and dissemination of such information is permitted by law.

12.3            Personal data retention in the insolvency and restructuring practice

Personal data is retained by Azets insolvency practitioners for as long as any legal or regulatory requirement requires it. Typically, this is seven years after the matter has been concluded, after which it is securely destroyed.

If you would like to exercise any of these rights, please contact the Data Protection Officer by post, telephone or by using one of the email addresses at the top of this notice .

If you are not satisfied with the response you receive, you have the right to lodge a complaint with the relevant supervisory authority for the territory in which you are contracted as shown in the table below.

Companies in the Azets Group of companies

This Privacy Policy is version 20200907 and was published 7^th September 2020