Privacy Policy

Updated April 2024

This Privacy Notice relates to the processing of personal information by TRACE Debt Recovery UK Ltd & TRACE Enforcement Services (otherwise stated “we”, “us” or “our”) and relates to personal information belonging to debtors and people with whom we interact in our debt collection and enforcement activities. This notice also tells you about your privacy rights and how the law protects you.

We are part of the APN Group of companies. More information on APN Group can be found at www.apn.co.uk.

Providing our debt collection and enforcement services requires us to process personal information belonging to, our employees, clients, debtors, professional advisors, suppliers and other third parties that we interact with. This Privacy Notice explains how we collect your personal information, what we do with it and also tells you about your privacy rights and how the law protects you.

If you have a question on this Privacy Notice or how we use your personal information, please see the ‘How to contact us’ section below for details of how to get in touch.

Data Protection Principles

We are the data controller of the personal information that we process, i.e. the organisation which determines how your personal information is processed and for what purposes. This means that we are legally responsible for ensuring that we comply with the UK General Data Protection Regulation and Data Protection Act 2018 (“UK Data Protection Law”), which states that any personal information we hold about you must be:

kept securely;
kept only as long as necessary for the purposes we have told you about;
accurate and kept up to date;
relevant to the processing purposes we have told you about and limited only to those purposes;
collected only for valid purposes and not used in any way that is incompatible with those purposes; and
used lawfully, fairly and in a transparent way.

Categories of personal information that may be processed

The personal information relating to you that we collect and receive from yourself (or an authorised representative) and from third parties may include but not be limited to any or all the following:

Data Type	What It May Include
Identification information	your name, date of birth, residency and/or property address and ownership and vehicle registration number
Contact details	your name, postal address, telephone number and email address(es)
Vulnerability information	information relating to any health conditions or other special category information if you claim to be a vulnerable person.
Records of your contact with us	this includes audio and video recordings of encounters with our staff and any comments during calls or correspondence you have provided
Circumstantial Information	this includes details of how the debt was incurred

We may combine personal information relating to you that we receive from third party sources with personal information you give to us and personal information we otherwise collect about you.

Where your personal information is collected from

In order to provide our debt collection and enforcement services, we need to collect and process your personal information from a number of different sources, including:

Information you give to us:

when you talk to us on the phone;
in emails and letters; and
when you use our website.

Information from third parties, such as:

our client, the creditor;
other companies within the APN Group;
the Driver and Vehicle Licensing Agency (DVLA) under a KADOE Keeper of Vehicle at the Date of an Event (KADOE) contract; and
other third parties for example, data analytics and cleansing companies.

The lawful basis on which we may process your personal information

We will only process your personal information where we are permitted to do so by law. This is called our ‘lawful basis’ for processing.

There are six main ways that we are permitted to use your personal information, but we only need one of these bases to apply in order to lawfully process data:

you have provided us with your consent to use your personal information, e.g. creating an online account on our customer portal (Article 6(1)(a) UK GDPR);
it is necessary for the performance of a contract between you and one of our clients (GDPR Art 6(1)(b) UK GDPR);
to meet our legal obligations (GDPR Art 6(1)(c) UK GDPR).
the performance of a task carried out in the public interest or in the exercise of official authority vested in us and our client (GDPR Art 6(1)(e) UK GDPR);
the legitimate interests of both our client and us to recover an outstanding debt (GDPR Art 6(1)(f) UK GDPR); and
the establishment, exercise, or defence of legal claims (GDPR Art 9(2)(f) UK GDPR).

Many of these uses are mandatory – in other words, where we need to use your personal information to meet our contractual or legal obligations. We have provided more information in the ‘How we may use your personal information’ section below on what personal information we use, why and which of the above categories we are relying on for each purpose. We may use your personal information for more than one purpose, depending on the circumstances.

How we may use your personal information

All personal information that we receive is processed in accordance with this Privacy Notice.

We may process the personal information relating to you which we receive from you, our clients and/or other sources for one or more of the following reasons, as appropriate:

Purpose/ Activity

Type of data

Lawful basis

To recover debts owed by the debtors of our clients, which may include any or any of the following:

processing of private parking charge appeals on our clients’ behalf;
recovery of unpaid parking charges on our clients’ behalf; and
recovery of unpaid council tax, or other such local authority debts on our clients’ behalf.

Identification information

Contact details

Vulnerability information

Records of your contact with us

Circumstantial Information

It is necessary for the performance of a contract between you and one of our clients (GDPR Art 6(1)(b) UK GDPR).

The performance of a task carried out in the public interest or in the exercise of official authority vested in us and our client (GDPR Art 6(1)(e) UK GDPR).

The legitimate interests of both our client and us to recover an outstanding debt (GDPR Art 6(1)(f) UK GDPR).

The establishment, exercise, or defence of legal claims (GDPR Art 9(2)(f) UK GDPR).

To process contact details provided (address, email, and phone) to enable you to have access to your payment account and to verify or contact you on matters relating to this account.

Contact details

Your devices and location

You have provided us with your consent to use your personal information, e.g. creating an online account on our customer portal (Article 6(1)(a) UK GDPR)

The legitimate interests of both our client and us to recover an outstanding debt (GDPR Art 6(1)(f) UK GDPR).

To carry out our obligations to our clients which wishes to use the service we offer in line with the terms and conditions of:

any original parking charge;
any original council tax or similar charge; or
any original agreement that they had with you.

Identification information

Contact details

Vulnerability information

Records of your contact with us

Circumstantial Information

You have provided us with your consent to use your personal information, e.g. creating an online account on our customer portal (Article 6(1)(a) UK GDPR)

It is necessary for the performance of a contract between you and one of our clients (GDPR Art 6(1)(b) UK GDPR).

To meet our legal obligations (GDPR Art 6(1)(c) UK GDPR).

The performance of a task carried out in the public interest or in the exercise of official authority vested in us and our client (GDPR Art 6(1)(e) UK GDPR).

The legitimate interests of both our client and us to recover an outstanding debt (GDPR Art 6(1)(f) UK GDPR).

The establishment, exercise, or defence of legal claims (GDPR Art 9(2)(f) UK GDPR).

To keep a record of correspondence and agreements made with you

Identification information

Contact details

Vulnerability information

Records of your contact with us

You have provided us with your consent to use your personal information, e.g. creating an online account on our customer portal (Article 6(1)(a) UK GDPR)

It is necessary for the performance of a contract between you and one of our clients (GDPR Art 6(1)(b) UK GDPR).

To meet our legal obligations (GDPR Art 6(1)(c) UK GDPR).

the legitimate interests of both our client and us to recover an outstanding debt (GDPR Art 6(1)(f) UK GDPR).

To process and keep a record of all payments made by you.

Identification information

Contact details

You have provided us with your consent to use your personal information, e.g. creating an online account on our customer portal (Article 6(1)(a) UK GDPR)

It is necessary for the performance of a contract between you and one of our clients (GDPR Art 6(1)(b) UK GDPR).

The legitimate interests of both our client and us to recover an outstanding debt (GDPR Art 6(1)(f) UK GDPR).

To assess a debtor’s ability to pay and to consider a debtors’ vulnerability to ensure they are treated with an appropriate degree of sensitivity.

Identification information

Contact details

Vulnerability information

Records of your contact with us

You have provided us with your consent to use your personal information, e.g. creating an online account on our customer portal (Article 6(1)(a) UK GDPR)

To meet our legal obligations (GDPR Art 6(1)(c) UK GDPR).

The legitimate interests of both our client and us to recover an outstanding debt (GDPR Art 6(1)(f) UK GDPR).

To process the personal information we collect from the use of Body Worn Video cameras (BWV) and the recording of telephone calls with you to:

ensure compliance with applicable laws and be able to respond adequately and fairly if complaints are made against such processing.
monitor the performance of our employees and agents.
provide evidence to investigate and prosecute any violence against the enforcement agent.

Records of your contact with us

Circumstantial Information

The performance of a task carried out in the public interest or in the exercise of official authority vested in us and our client (GDPR Art 6(1)(e) UK GDPR).

The legitimate interests of both our client and us to recover an outstanding debt (GDPR Art 6(1)(f) UK GDPR).

The establishment, exercise, or defence of legal claims (GDPR Art 9(2)(f) UK GDPR).

Who we may share your personal information with

We will not share your information with third parties outside of APN Group or our client except where:

We have a legal or contractual requirement to do so – for example, meeting our statutory obligations to report to central government.
We are required to provide additional information to a client who appointed us to collect the outstanding debt.
The Independent Appeals Service (IAS) or The Parking on Private Land Appeals (POPLA) Service or require your information for the purpose of assessing any appeals.
It is required for us to provide it to any duly authorised sub-contractors with whom we are in contract.
With print and mail service providers for the purpose of contacting you by post.
Your information is required by email service providers for the purpose of responding to you once you have consented by email.
We may pass your information to our third-party service providers for the purposes of completing tasks and providing services on our behalf for our clients. When we use third party service providers (which may include court advocates, counsel, bailiffs, or high court or county court enforcement agents), we will disclose only the personal information that is necessary for them to deliver the service. We will first have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Where necessary, we may also disclose personal information to third party tracing agencies to assist it in locating debtors and may receive further personal information from such agencies and from the debtors themselves.
It is necessary to share your personal information with the following organisations, including but not limited to: The Civil Enforcement Association (CIVEA), The Traffic Enforcement Centre (TEC), The High Court Enforcement Officers Association (HCEOA),The Information Commissioner’s Office (ICO), The Credit Services Association (CSA) and The Local Government Ombudsman (LGO) for the purpose of complaint investigation and resolution.

We do not send or process any personal information outside of the UK and EU.

We never share your personal information with external companies for the purposes of their marketing.

How long we keep your personal information for

Your personal information is retained by us in accordance with applicable law and regulation. Our data retention periods vary depending on the nature and context of the personal information that we have in our care, and are calculated taking into account the following factors:

potential claims or litigation;
guidance from official bodies such as relevant data protection supervisory authorities and professional regulatory bodies;
how long we need to keep the data to fulfil the original purpose for which it was collected;
the nature and sensitivity of personal data; and
legal obligations to which we are subject.

We will not retain your information for longer than is reasonably necessary for the purposes outlined in this Privacy Notice but may retain any personal information for up to 6 years, unless there are specific circumstances compelling us to retain the client files for a longer period e.g., an ongoing legal dispute.

How we protect your personal information

We always seek to protect the privacy of your information. Any personal information that you choose to send to us or is sent to us from third parties in the process of providing our legal services, will be sent and processed in a safe and secure manner.

In addition, we limit access to our buildings to those that we believe are entitled to be there. Access controls to our information technology are in place and appropriate procedures and technical security measures are in place to safeguard your information across all our computer systems, networks, website, mobile applications, and video cameras.

Special Category / Sensitive personal information

You may voluntarily give such Special Category / Sensitive personal information to us by, including but not limited to, telephone calls, letters, or emails. We will only use such personal information for debt collection purposes and process such personal information for this purpose.

We only process Special Category personal information relating to health for the sole purpose of advising our clients on the carrying out of their obligations and exercising their specific rights in any particular case. In this process, we pay especial regard to safeguarding the fundamental rights and interests of customers, including equality of opportunity or treatment. As applies to all data processing, we must have a lawful basis for the processing of Special Category personal information.

We would only share such data with our respective clients who need to be aware of such information for debt collection purposes only.

Your data subject rights under the UK Data Protection Law

Under the UK Data Protection Law, data subjects have several rights in relation to their personal information. Subject to certain exemptions, these rights can be exercised in relation to your personal information. These rights include:

The right to be informed: You have the right to be informed. We will inform you of the reason for processing your data when we first contact you.

The right of access: You have the right to access the personal information that we hold about you in certain circumstances. This is sometimes called a ‘Subject Access Request’.

The right to rectification: If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.

The right to object: You have the right to object the processing of your personal information where we are relying on a legitimate interest and there is something

about your situation, which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. A right to object may be extinguished where, we can demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.

The right to erasure: This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal information to comply with the law. Please be advised that we may not always be able to comply with your erasure request for specific legal reasons.

The right to restrict processing: This enables you to ask us to suspend the processing of your personal information in the following scenarios: (i) if our use of the information is unlawful but you do not want us to erase it; (ii) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it; or (iii) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims.

The right to data portability: You have the right to ask for your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information in this format to other organisations if this is technically feasible.

The right to complain to a supervisory authority: You have the right to make a complaint about how your personal information is processed by us to the relevant supervisory authority. In the UK, the relevant supervisory authority is the Information Commissioner’s Office (ICO). For more information on your rights and how to make a complaint, please refer to the ICO website at ico.org.uk.

How to contact us

If you wish to exercise any of your rights listed above or have any questions in relation to the content of this Privacy Notice please get in contact by:

Emailing our appointed Data Protection Officer at [email protected]. (subject heading: Data Subject Rights – Your Name); or
Writing to us at Trace Debt Recovery UK Limited is registered with the ICO with reference, PO Box 1448, Northampton, NN2 1DW (attention of: Data Protection Officer).

TRACE Debt Recovery UK Limited is registered with the ICO with reference

ZA181609.

TRACE Enforcement Services is registered with the ICO with reference ZB110287.

Please note that guidance published on the Information Commissioner’s (ICO) website advises that you give us the opportunity to respond to you in writing via letter or email prior to you formally raising your concern with them.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_JYLG2R0NJP	2 years	This cookie is installed by Google Analytics.