UK Tracing (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.

UK Tracing is a trading style of STA International Ltd registered office is at 3rd Floor, Colman House, King Street, Maidstone ME14 1DN registered in England and Wales under company number 2893487. We are registered on the Information Commissioner’s Office Register, registration number Z7268646. UK Tracing acts as a data controller when clients’ data. If you would like to request your rights to access your personal data, you can contact our Compliance department at compliance@staonline.com
UK Tracing processes your personal information to meet our legal, statutory and contractual obligations. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.

The personal data that we collect from our clients (data controllers) is: – Name Date of Birth Home Address Personal Email Business Email Home Telephone Number Mobile Telephone Number Financial Information Special Category Data (eg. health/medical information)

How We Use Your Personal Data

UK Tracing takes your privacy very seriously and will never disclose your data without your consent (when required) or without the data controller’s instructions in accordance with the lawful basis stated in this notice; unless required to do so by law. We may act as data controller or data processor depending on our contractual obligations.

We only retain your data while being processed for the purpose(s) specified in this notice. We detail the purposes and reasons for processing your personal data below: –

We collect and process your personal data for debt collection services and in accordance with the lawful basis of the performance of our client’s contract.

We securely archive data after your account closure in accordance with the legal basis of legitimate interest and recognise that is in our interest to identify and manage risks to our and our clients’ organization.

We also process your information to fulfil our obligations under all laws and regulations based on laws which apply to our business activities.


Sharing and Disclosing Your Personal Information

We do not disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. UK Tracing uses third-parties to provide its daily business functions; however, all suppliers acting on our behalf only process data in accordance with instructions from us, as agreed with our clients, and comply fully with this privacy notice, the data protection laws, and any other appropriate confidentiality and security measures.

Daily Business Functions Processors:

IT providers:

Redinet Ltd (1 Stanley Rd, Bromley BR2 9JE – 020 8249 7000 https://redinet.co.uk)

Microsoft (Microsoft Campus, Thames Valley Park, Reading, RG6 1WG – 0344 8002400 – https://www.microsoft.com/en-gb)

Mimecast Services Limited (6th Floor, Citypoint, One Ropemaker Street, London, United Kingdom, EC2Y 9AW – 020 7847 8700 – www.mimecast.com/)

Tracing partners:

We use data from Credit Reference Agencies (CRAs) to identify people, who are not responding using known contact details, current whereabouts.

We then use the data to get in touch with you.

Experian Ltd (Accounts Receivable, Talbot House, Nottingham, NG80 1TH – https://www.experian.co.uk/)

GBG Plc (GB House, Kingsfield Court, Chester Business Park, Chester, Cheshire CH4 9GB – https://www.gbgplc.com/)

Tremark Associates Limited (Joshua Chambers, 332 York Road, Leeds, LS9 9DN – https://www.tremark.co.uk)

Payment providers

Elavon Digital Europe Limited, trading as Opayo (Second Floor, Q16, Quorum Business Park, Benton Lane, Newcastle upon Tyne, NE12 8BX – https://www.opayo.co.uk)

WorldPay (UK) Limited (The Walbrook Building, 25 Walbrook, London EC4N 8AF – https://online.worldpay.com)

Ecwid, Inc (687 South Coast Highway 101, Suite 239, Encinitas, California 92024 USA – www.ecwid.com)


How Long We Keep Your Data

UK Tracing only ever retains personal information for as long as we are obliged, under relevant legislation and regulation, or where no such rules apply, for no longer than it is necessary for our lawful purposes. This will be no longer than 6 years after closure of your account after which time it will be anonymized for statistical purposes.

Archived accounts data is securely stored in the company in house application within a highly secure cloud environment and data centre. This data is not actively processed and information related to all closed files is accessed by a few Senior Managers and only if and when necessary.

 

Special Categories Data

Owing to the services that we provide, UK Tracing sometimes needs to process sensitive personal information (known as special category data) about you, only with your consent, to assist you in meeting your contractual obligations. Where we collect such information, we will only request and process the minimum necessary for the specified purpose.

Where we rely on your consent for processing special category data, we will obtain your explicit consent through a telephone conversation or in writing. You can withdraw consent at any time, which we will act on immediately unless there is a legitimate or legal reason for not doing so.

You have the right to access any personal information that UK Tracing processes about you, they are:

Right to be informed

You have a right to receive clear and easy to understand information on what personal information we have, why and who we share it with – we do this in our privacy notices.

Right of access

You have the right of access to your personal information. If you wish to receive a copy of the personal information we hold on you, you may make a data subject access request (DSAR). You can download a copy of the DSAR form in either Microsoft Word or printable PDF format. Details on where to return the completed form can be found at the end of the document.

Right to withdraw consent

If you have given us your consent, you can withdraw that consent at any time. Please contact us if you want to do so. If you withdraw your consent, we may not be able to provide certain services to you. If this is the case, we will tell you.

Right to rectification

If your personal information is inaccurate or incomplete, you can request that it is corrected.

Right to erasure

This is also known as “the right to be forgotten” and this means that you can ask us to delete your personal data where it is no longer necessary for us to use it, you have withdrawn consent (where applicable), or where we have no lawful basis for keeping it or

otherwise using it. There are limited exceptions, for example where we need to use the information to bring or defend a legal claim.

Right to restrict processing

You can ask that we block or suppress the processing of your personal information for certain reasons. This means that we are still permitted to keep your information – but only to ensure we don’t use it in the future for those reasons you have restricted.

Right to data portability

You can ask us to provide you or a third party with some of the personal data that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred. This is limited to personal data you have provided.

Right to object

You may object to our processing of your personal data by us, where this processing is based on our legitimate interests or for direct marketing. We will assess whether our interest in continuing to process your personal data overrides your rights and freedoms. If not, we will stop processing your personal data. Either way, we will inform you of the outcome.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

UK Tracing takes privacy seriously and takes every reasonable measure and precaution to protect and secure our clients and subjects personal data. Maintenance of our network and systems’ controls lies with our hosting company that is ISO 27001 certified.  We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: –

SFTP, encryptions, restricted access, IT authentication, firewalls, anti-virus/malware

The majority of your information is processed in the UK and European Economic Area (EEA), where personal data is protected by the General Data Protection Regulation (GDPR). However, some of your information may be processed by us or the third parties we work with outside of the EEA.

Where your information is being processed outside of the EEA, we take additional steps to ensure that your information is protected to at least an equivalent level as would be applied by UK / EEA data privacy laws e.g. we will put in place legal agreements with our third party suppliers and do regular checks to ensure they meet these obligations.

UK Tracing only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to complain to the supervisory authority.

 

STA International Ltd t/a UK Tracing

Complaints
3rd Floor, Colman House, King Street, Maidstone ME14 1DN
Telephone: 01622 600 900
compliance@staonline.com

 

Information Commissioner Office (ICO)

Wycliffe House, Water Ln, Wilmslow SK9 5AF
Telephone: 0303 123 1113
Website: https://ico.org.uk/concerns/