1 Introduction
Don’t Fret About Debt is committed to protecting and respecting your privacy and complying with Data Protection Legislation including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA).
This policy describes the personal data we collect from you and the legal basis for processing. It also describes your rights as a data subject.
2 About us
“Don’t Fret About Debt” (and “we”, “us”, or “our”) is a trading name of Campbell Dallas (Debt Solutions) Ltd (Company number SC569126), which is a subsidiary of Baldwins Holdings Ltd (company number 06365189) with registered office at Churchill House, 59 Lichfield Street, Walsall, West Midlands, WS4 2BX. Baldwins Holdings Ltd is the controller of all personal data processed by the group of undertakings in the Baldwins group of companies, including some companies that trade under a trading name, which includes Don’t Fret About Debt.
Campbell Dallas (Debt Solutions) Ltd is authorised and regulated by the Financial Conduct Authority for consumer credit activities. Registered No. 799455.
3 Our Role
When we decide how and why Personal Data is processed, we are a Controller. When we process personal data on the explicit written instruction of our clients, we are a Processor. We conduct both these roles, in accordance with guidance issued by the Information Commissioner’s Office (ICO), the Institute of Chartered Accountants in England and Wales (ICAEW) and the Institute of Chartered Accounts in Scotland (ICAS).
4 Data Protection Officer
Don’t Fret About Debt’s Data Protection Officer is:
Andrew Long
Baldwins Holdings Limited
Churchill House
59 Lichfield Street
WALSALL
West Midlands
WS4 2BX
(t) 01922 611567
(e) DPO@baldwinsgroup.com
5 How we obtain your personal data
We only collect such Personal Data that is necessary for us to perform our services and we ask clients only to share such Personal Data as required for that purpose. Where we identify that a client has provided us with unnecessary Personal Data, we either return that information to its source or destroy it, considering the client’s preference wherever possible.
5.1 Personal data that you provide to us by:
• Communicating with us by our secure portal “CoZone”;
• filling in forms on our website https://www.dontfretaboutdebt.net/, particularly the contact us page https://www.dontfretaboutdebt.net/contact-us/;
• corresponding with us by telephone;
• corresponding with us by email;
• corresponding with us by letter;
• Using the Live Chat facility;
• Personal messaging services such as WhatsApp, Facebook Messenger and SMS (Although we do not recommend using such services);
• If you visit our offices, you may record your details in a visitors’ book or electronic equivalent.
5.2 Personal data that we collect from publicly available sources
• From credit reference agencies;
• from social media such as LinkedIn;
• from our own research activities such as reviewing websites.
5.3 Personal data that we receive from referrals
• We may receive unsolicited personal data in the form of a business-to-business referrals.
6 The personal data that we process about you
If you are a prospective customer, we process the following:
• First name;
• Last name;
• Company name;
• Your nearest Don’t Fret About Debt office;
• Web site address;
• Email address;
• Telephone number;
• Any further personal data that you chose to provide in your initial enquiry;
• Any further personal data that you choose to provide during subsequent discussions whether by phone, email or letter.
If you are a personal or sole trader customer, we also process the following:
• Your name, home address and date of birth;
• Name, home address and date of birth of any family members, advocates or other beneficiaries and connected parties (only if you have involved them with your finances, such as for probate);
• Employment status (insolvency and Campbell Dallas (Debt Solutions) Ltd clients only);
• Debt level (insolvency and Campbell Dallas (Debt Solutions) Ltd clients only).
If you are a business customer, we also process the following:
• Company name, registration number, business type and industry sector;
• Name, home address and date of birth of officers of the company;
• Name, address, job title, email address and telephone number(s) of all employees who engage directly with Don’t Fret About Debt.
If you are a supplier, we process the following:
• Company name;
• Business type and industry sector;
• Company address(es);
• Company registration number;
• company telephone number(s);
• name, address, job title, email address and telephone number(s) of all employees who engage with or will engage with Don’t Fret About Debt.
If you contact us concerning employment whether by letter, email or via our careers page you may provide:
• Your Curriculum Vitae (CV) containing extensive personal data;
• Any further personal data that you may provide in a covering letter.
If a recruitment agency contacts us concerning employment whether by letter, email or via our careers page they may provide:
• Your Curriculum Vitae (CV) containing extensive personal data;
• Any further personal data that you may have provided in a covering letter.
If you visit our website https://www.dontfretaboutdebt.net/ we collect information about your computer:
• IP address (where available);
• Geographic location (if you allow this when prompted by your browser);
• Operating system;
• Browser type;
• To enable our systems to recognise your device and to provide features to you, we use cookies. For more information about cookies and how we use them, please read our Cookie Policy.
If you receive emails from us and interact with them, we collect:
• Time you received the email;
• Time you opened the email;
• Device you used to open the email;
• Geographical location when you opened the email;
• Which parts of the email you interacted with.
If you use social media accounts which are registered using the same email address you have provided to us elsewhere our systems enable us to link your social media accounts to your account and so we process:
• Links to any social media accounts that you use.
7 Special Category Person Data
We do not normally collect Special Category Personal Data such as health, race or ethnic origin. However, for certain services or activities, and when required by law or with an individual’s consent this may be necessary. We always seek to minimise our processing of Special Category Personal Data.
8 Purpose for the processing and the legal basis for the processing
Don’t Fret About Debt processes personal data for many different purposes:
8.1 Recruitment
The legal basis for processing personal data for the purpose of recruitment is our legitimate interest to develop our business.
When an applicant becomes an employee, their personal data is processed subject to Don’t Fret About Debt’s internal Privacy Policy.
Personal data collected from unsuccessful applicants is retained for 24 months after which it is securely destroyed.
8.2 Business Development
The legal basis for processing personal data for the purpose of business development is our legitimate interest to develop our business by undertaking sales and marketing activities.
When sending electronic marketing messages to existing clients concerning similar products or services to those already purchased, we rely on the “soft opt-in” approved by the Information Commissioner’s Office.
The legal basis for sending electronic marketing messages to named individuals is consent. We retain evidence of the details of consent which has been provided.
We retain personal data collected through our business development processes for as long as we believe our products and services may be of interest to prospective customers. Individuals and organisations can ask to be removed from our business development system at any time.
8.3 Provision of services to our customers
The legal basis for processing personal data for the purpose of providing services to our customers depends upon the context, we use one or more of the following legal bases for processing:
• To perform our contract with our customers;
• To address our legitimate interests which include maintaining accurate records relating to accounting and finance and monitoring the quality of our services;
• To satisfy a legal obligation.
In the absence of specific legal, regulatory or contractual requirements, our standard retention period for records and other documentary evidence created in the provision of services is 7 years. The exceptions to the general 7-year retention period are records (except audit files) relating to trusts, estates, wills, pension schemes, taxation and financial services which we retain for periods up to 30 years.
Our standard email retention period is 7 years.
Other records, which are not required to be retained as part of our professional services, are kept for a period of time depending on:
• The type, amount and categories of Personal Data we have collected;
• The requirements of our business and the services we provide;
• The purposes for which we originally collected the Personal Data;
• The lawful basis upon which we based our processing;
• Any relevant legal or regulatory obligations;
• Whether the purpose of the processing could be reasonably fulfilled by other means.
8.4 Procurement of services from suppliers
The legal basis for processing personal data for the purpose of procurement is our legitimate interest to maintain efficient and effective procurement processes.
We retain the personal data we collect from our suppliers for seven years after the contract ends unless some different retention period is warranted and documented in our procurement contract.
9 With Reference to our insolvency practice
The initial advice and the administration of Debt Arrangement Schemes is provided by Campbell Dallas (Debt Solutions) Ltd which is regulated by the Financial Conduct Authority registration 799455.
Should you wish to proceed with a Trust Deed or Sequestration we will refer you and pass your details to our parent company, Baldwins Holdings Ltd. The administration of formal insolvency appointments will be administered by Baldwins Holdings Ltd.
Staff taking insolvency appointments are licensed in the United Kingdom by the Institute of Chartered Accountants in England and Wales, the Institute of Chartered Accountants of Scotland or the Insolvency Practitioners Association to act as insolvency practitioners.
Work undertaken under insolvency appointments is subject to insolvency law and regulation (primarily the Bankruptcy (Scotland) Act 2016, Insolvency Act 1986, the Insolvency Rules 1986, The Insolvency Regulations 1994 and The Insolvency Practitioners Regulations 2005), court practice notes and the Statements of Insolvency Practice.
In addition, insolvency practitioners are subject to the ICAEW’s Code of Ethics D or, for members of those bodies, the equivalent codes set by the Insolvency Practitioners Association or Institute of Chartered Accountants of Scotland. All insolvency practitioners are also expected to comply with the Joint Insolvency Code of Ethics.
9.1 Use of personal data
We process personal data to enable us to carry out our work as insolvency practitioners which includes processing data that was held by companies/individuals before our appointment together with data collected during an insolvency procedure or a fixed charge receivership. Our legal obligation to process personal data arises from work we are required to carry out under insolvency and other related legislation.
Insolvency practitioners are controllers of personal data in so far as defined by Data Protection Legislation. We act as a processor acting on the explicit instructions from such insolvency practitioners about personal data in relation to an insolvency procedure or fixed charge receivership.
Personal data are kept secure and processed only for matters relating to the insolvency procedure being dealt with.
9.2 The personal data we process in the insolvency practice
The personal data insolvency practitioners process in most cases are basic details that may identify an individual and are typically sufficient to allow us to carry out our work as insolvency practitioners, for example, dealing with the claims of individuals who are owed monies by the companies/individuals over whom we have been appointed.
However, insolvency practitioners may be appointed over entities that process personal data that is considered more sensitive (Special Category Personal Data), for example health records and this Special Category Personal Data has usually been created before our appointment. Although we take appropriate steps to safeguard Special Category Personal Data (or to destroy it where it is appropriate to do so), subject to limited exceptions, for example, where we identify previous conduct and/or action that requires further investigation, we do not process Special Category Personal Data.
9.3 How long do we hold personal data in the insolvency practice?
Personal data is retained for as long as any legislative or regulatory requirement requires us to hold it. Typically, this is seven years after the matter has been concluded, after which it is securely destroyed.
10 Data Sharing
As with any provider of professional services, we are subject to legal, regulatory and professional obligations. We process Personal Data as necessary to comply with those obligations. One example of such processing includes anti-money laundering activities such as carrying out searches (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations, and to check that there are no issues that would prevent us from working with a particular client (such as sanctions, criminal convictions (including in respect of company directors), conduct or other reputational issues).
We are also obliged to keep certain records to demonstrate that our services are provided in compliance with our legal, regulatory and professional obligations.
Don’t Fret About Debt may share data with the following organisations and for the lawful reasons shown.
| Organisation or category of organisation | Legal basis for data sharing |
| Suppliers (references) | It is our legitimate interest to obtain references before appointing a new supplier to ensure that we only appoint reputable organisations as suppliers. |
| Banks and other financial institutions | Legal obligation (anti-fraud and anti-money laundering) Legitimate interest when working on behalf of a client |
| Investors and other types of lenders | Performance of a contract |
| Mortgage companies/Building Societies | Legal obligation (anti-fraud and anti-money laundering) |
| Independent Financial Advisers (IFAs) | Legal obligation (anti-fraud and anti-money laundering) |
| Other accountants | Legal obligation (anti-fraud and anti-money laundering) |
| Specialist accountancy advisors | Legitimate Interest (advice upon complex accountancy matters) |
| Targets e.g. for Corporate Finance purposes | Legitimate interest |
| Introducers e.g. for Corporate Finance purposes | Legitimate interest |
| HMRC | Legal obligation |
| Shareholders and Directors | Performance of a contract |
| Owner managers | Performance of a contract |
| Lawyers and barristers e.g. Forensics, Divorce, Family, Criminal | Performance of a contract or legal obligation |
| Police e.g. criminal cases | Legal obligation |
| CPS – criminal cases | Legal obligation |
| National Crime Agency | Legal obligation (anti-fraud and anti-money laundering) |
| Government bodies e.g. research or statistical offices, European bodies where we act for MEPs | Legal obligation |
| Grant Aid bodies | Performance of a contract |
| Social Services | Legal obligation |
| Pension Providers | Legal obligation |
| Payroll Companies and Intermediaries | Performance of a contract |
| Department of Work & Pensions | Legal obligation |
| Child Maintenance Services | Legal obligation |
| The Pensions Regulator | Legal obligation |
| Specialist HR companies (who advise on debt and submit cases to the Insolvency Service and The Accountant In Bankruptcy) | Legitimate Interest |
| The Insolvency Service and The Accountant in Bankruptcy | Legal obligation |
| Charities for the purpose of Give As You Earn | Legal obligation |
| Trade Unions | Consent |
| Regulators FCA, ICAEW, ICAS, ACCA, FRC, IPA, the Pensions Regulator | Legal obligation |
| Companies House | Legal obligation |
| Cogital (our parent company) | Legitimate Interest |
| Fidelius (joint venture) | Legitimate interest |
| Premium Credit | If and only if you wish to avail yourself of credit facilities for our fees, we will share your contact details with your consent. |
| Legal advisors | Legitimate Interest |
10.1 Sub-contract Processing
Don’t Fret About Debt uses specialist sub-contact organisations to process personal data under a written contract which defines that they must comply with Data Protection legislation. Don’t Fret About Debt only employs organisations that comply with Data Protection Legislation. These organisations are audited to ensure compliance.
The following processors or categories of processors are used by Don’t Fret About Debt:
| Processor or category of processor | Sub-contract service provided |
| Amazon Web Services | Data hosting |
| Salesforce UK Ltd | Data Hosting and email sending |
| Mail Chimp | Data hosting and email sending |
| Azets Insight AB | Data Hosting of CoZone |
| Ideagen Plc | Data Hosting of Pentana |
| Hubsolv Ltd | Data Hosting, email and text message sending |
| BACS providers | Payment processing |
| Croner Taxwise Ltd | Tax Investigation insurance |
| Book-keeping service providers | Assistance with book-keeping services |
| Off-site storage providers and secure destruction providers | Secure storage and destruction of paper documents |
| Specialist debt collectors | Debt collection |
| Specialist market research companies | Surveys, market research, customer satisfaction analysis |
| Event management companies | Facilitating events including catering for dietary requirements |
11 Profiling and automated decision-making
Don’t Fret About Debt does not perform any profiling based on personal data that has a legal or significant effect.
Don’t Fret About Debt does not perform any automated decision-making involving personal data.
12 International Transfers
We neither transfer nor process personal data outside the United Kingdom, nor do we permit personal data to be transferred or processed outside the United Kingdom, unless it is under one or more of the following conditions:
• the territory into which the data are being transferred is one approved by the UK’s Information Commissioner;
• the territory into which the data are being transferred is within the European Economic Area;
• the territory into which the data are being transferred has an adequacy decision issued by the European Commission;
• the transfer is to the United States of America and the recipient is registered under the EU/US Privacy Shield scheme;
• the transfer is made under the unaltered terms of the standard contractual clauses issued by the European Commission for such purposes;
• the transfer is made under the provision of binding corporate rules which have been approved and certified by the European Commission;
• the transfer is made in accordance with one of the exceptions set out in Data Protection Legislation.
13 Your Rights
You have the following rights concerning your personal data:
| Right of access | You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to that personal data. |
| Right to rectification | You have the right to oblige us to rectify inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed by providing a supplementary statement. |
| Right to erasure (right to be forgotten) | You have the right (under certain circumstances, but not all) to oblige us to erase personal data concerning you. |
| Right to restriction of processing | You have the right (under certain circumstances, but not all) to oblige us to restrict processing of your personal data. For example, you may request this if you are contesting the accuracy of personal data held about you. |
| Right to data portability | You have the right (under certain circumstances, but not all) to oblige us to provide you with the personal data about you which you have provided in a structured, commonly used and machine-readable format. You also have the right to oblige us to transmit those data to another controller. |
| Right to withdraw consent | If the lawful basis for processing is consent, you have the right to withdraw that consent. |
| Right to object to direct marketing | Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for marketing, which includes profiling to the extent that it is related to such direct marketing. |
| Rights in relation to automated decision making and profiling | We do not perform any automated decision-making based on personal data that produces legal effects or similarly significantly affects you. |
14 Your right to lodge a complaint with a supervisory authority
If you wish to exercise any of your rights concerning your personal data, you should contact our Data Protection Office at the address shown above. If you are not satisfied with the response you receive, you have the right to lodge a complaint with the supervisory authority. In the United Kingdom this is:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
(t) 0303 123 1113
(e) casework@ico.org.uk
This Privacy Policy is version 20020220 and was published 20th February 2020.