Privacy Policy

Protecting personal information is a top priority for Curo Virtual. We ensure all data is managed privately and securely. We do not share personal information with third parties except as necessary to carry out our business, your requests or as required by law or other legal processes.

We will never sell your personal information to third parties.

This privacy policy explains how Curo Virtual Ltd uses the personal data we collect from you or the personal data you provide us. Please read the following information regarding your rights and our obligations under applicable laws and regulations relating to the privacy and protection of person data.

 

Information about us

Our website https://www.curovirtual.com is operated by Curo Virtual Ltd whose registered address is Suite 3, Building 1, Spiersbridge Business Park, Glasgow, G46 8NG.

 

What this policy covers

This Privacy Policy applies only to the personal data we collect from and/or about you and the use of our website. It does not extend to any other websites that are linked to or from our website (whether we provide those links or whether they are shared by other users). We have no control over how your data is collected, stored, or used by other firms / websites and we advise you to check the privacy policies of any such firms / websites before providing any data to them.

 

Information we may collect from/about you.

We may collect your personal information through various means, including via our website and through email or other electronic correspondence, by telephone, by direct contact, or if you voluntarily submit it, and where we are required by law to collect personal data.

 

Some or all of the following data may be collected about you:

• Names.
• Date of birth.
• Gender.
• Business/company name.
• Job title.
• Profession.
• Contact information such as email addresses and telephone numbers.
• Demographic information such as postcode and preferences.
• Financial information such as bank account details or credit / debit card numbers.
• Personal data collected arising out of the debt collection and enforcement process (some of which may include sensitive data related to the customer or other third parties), such as information on the physical or mental health or condition of the debtor and details of incidents occurring during debt enforcement visits.
• IP address (automatically collected by our website);
• Web browser type and version (automatically collected by our website);
• Operating system (automatically collected by our website);
• A list of URLs starting with a referring website, your activity on our website, and the website you exit to (automatically collected);
• LinkedIn™, Facebook™, Instagram™ or Twitter™ profile names.
• Caller line identification.
• Complainants and other individuals in relation to a judicial service complaint or enquiry.
• People who use our services, e.g., who subscribe to our social media feeds or request a publication from us.
• Information that you provide as a job applicant e.g., name and contact details, curriculum vitae, covering letter, references, equality monitoring information.
• Vehicle registration keeper details; and
• Banking details that you have permitted us to use on your behalf.

The information which we collect and store during normal use of the website is used to monitor and analyse how parts of the website are used. Such use does not result in any personally identifiable data being collected or stored.

You have the option, on certain pages of our website, of entering your details in any fields requested, such as your name, email address, postal address, telephone or mobile number, or reference number, to enable Curo Virtual Ltd to fulfil the service it has been instructed to carry out, and in all cases, we will only request information necessary for this task.

 

Sensitive personal data

GDPR defines certain personal data as ‘sensitive’ such as personal data regarding your ethnic origin, physical health, and mental health. We are required to understand whether the people that we deal with could be regarded as vulnerable and this may involve collecting and using sensitive personal data. We may, for debt recovery purposes, ask you for some sensitive details or you may voluntarily give such personal data to us. We will only use this personal data for debt recovery purposes, and we will obtain your consent to process this data. We may share any of your sensitive personal data with our client to ensure your case is managed appropriately. Any sharing of your sensitive personal data with clients will be based on your explicit consent or if we are required or permitted to do so under the General Data Protection Regulations 2016.

How we use this information We use your personal data to provide the best possible services to you, in our legitimate interests and to fulfil our legal obligations as set out in detail below. This includes:

• providing and managing your access to our website.
• personalising and tailoring your experience on our website according to your interests or to make it more user friendly.
• supplying our services to you on behalf of our clients.
• personalising and tailoring our services for you.
• responding to communications from you, including any complaints.
• enabling payments to be made by debtors on behalf of our clients.
• sharing information about incidents occurring at the doorstep to protect the health and safety of the individuals involved with debt enforcement visits; and
• collecting information (where appropriate) on the vulnerability of individual customers
  who we are collecting or enforcing debts against, to ensure that they are treated fairly.
• Where permitted by law, we may also use your data for marketing purposes which may including contacting you by email, telephone and/or post with information, news and offers on our services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR.
• Calling our office may result in our collection of calling line identification.

 

Who do we share your information with?

We may disclose your personal data to our instructing clients, agents who we use to collect what you owe, and to other parts of Curo Virtual Ltd to fulfil a contract, where we have a legal obligation or where we have a legitimate interest to do so.

If we feel it necessary, Curo Virtual Ltd may also share your personal information with the police and other government agencies for the purposes of crime prevention or detection. If we disclose your information, we ask the organisation to demonstrate that the data will assist in the prevention or detection of crime, or that Curo Virtual Ltd is legally obliged to disclose it, and written authority is required to ensure we comply with the Data Protection Regulations.

 

On what legal basis will we process your information?

We will always process your personal information on lawful grounds and on the grounds set out below: –

 

Legal and Statutory Obligation

• We may use or disclose your personal data to perform a legal and statutory obligation. 
• For example, enforcement of criminal or civil court orders. This information is likely to include your name, contact details, payment details, and details of the court order.
• We may also be re required to disclose your personal data by a law enforcement or taxation agency for the purposes of preventing crime.

 

Performance of a Contract/Service

• We will use your personal information to allow us to provide services you or your organisation have ordered, or to enter into a contract with you.
• This information is likely to include your name, contact details and payment details, information about your business and needs and any additional information we may need to help meet your specific requirements.
• If you do not provide us with the information set out in this paragraph, then we may not be able to provide you with the products and/or services you have ordered/requested.
• For example, we process recruitment data to decide whether to offer an employment contract.

 

Legitimate Interest

• We will process personal information where we have a legitimate interest for example, we may use your data for marketing purposes which may include contacting you by email, telephone and/or post with information our services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR 2016.
• You can ask us to stop doing so at any time.
• We may use some of your personal information for statistical purposes when we evaluate our range of services.
• In the event that we buy or sell any business and/or assets we may disclose your personal data to the prospective buyer or seller of the business and/or assets. Please see 8 below.

The above activities are on the basis that they are in the legitimate interest of developing our business.

 

Consent

• We may ask your consent to share your name and contact details with selected third parties so that they can tell you about their products and services.
• We will always ask you before we do this, and you can withdraw your consent at any
  time.

 

How and where information is stored and how long do we hold it for?

We will keep your personal information on our system for as long as you have an account with us. Once your account is closed, we may keep your data for up to 7 years, we do so for the following reasons: –

To be able respond to any requests, questions, or complaints.
To be able to evidence that we treated you fairly.
To maintain records according to rules that applies to us.

If you have any questions in relation to our retention periods, please contact us at [email protected] or at Suite 3, Building 1, Spiersbridge Business Park, Glasgow, G46 8NG.

1. Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure data collected through our website.

2. Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us via the internet.

 

Disclosure of your information

3. We may sometimes contract with third parties to supply services to you on our behalf. These may include payment processing, correspondence management, and mailing. In some cases, the third parties may require access to some or all your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law. 

4. We may also disclose your personal information to third parties if we expand or reduce all or part of our business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. If Curo Virtual Ltd or substantially all
of its assets are acquired by a third party, personal data held by it about its customers and website users will be one of the transferred assets and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use the data for the purposes for which it was originally collected by us.

5. We may compile statistics about the use of our website including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may, from time to time, share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.

6. In certain circumstances we may be legally required to share certain data held by us, which may include your personal information, for example, for compliance purposes, where we are involved in legal proceedings, where we are complying with the requirements of legislation, a court order, or a governmental, investigative or taxation authority. We do not require any further consent from you to share your data in such circumstances and will comply, as required, with any legally binding request that is made of us.

7. We may share your data in pursuing an interest that corresponds with a public interest or a third party’s legitimate interest. This may include situations where we are required to go beyond its specific legal obligations set in laws and regulations to assist law enforcement or private stakeholders in their efforts to combat illegal activities, such as money laundering, fraud prevention or misuse of services. However, the use of personal data in such circumstances will be restricted to data which is relevant to our services and necessary to identify you.

 

Complaints

On receipt of a complaint, Curo Virtual Ltd staff are instructed to request that the complaint is put in writing to our office at Suite 3, Building 1, Spiersbridge Business Park, Glasgow, G46 8NG for the attention of Mark Fishman. On receipt of a written complaint Curo Virtual Ltd will,

1. Send the complainant a prompt written acknowledgement providing early reassurance that Curo Virtual Ltd have received their complaint and are dealing with it, and

2. Ensure the complainant is kept informed thereafter of the progress of the measures being taken for the complaint’s resolution (if applicable).

Curo Virtual Ltd will, by the end of 30 days after receiving the complaint, send the complainant final response which,

1. Explains why Curo Virtual Ltd are not able to make a final response and indicates when Curo Virtual Ltd expects to be able to provide one; and/or
2. Informs the complainant that they may now refer the complaint to the relevant regulatory authority.

This process has been distributed to all staff at Curo Virtual Ltd.

 

Ensuring the accuracy of your information

If you believe that any information, we are holding on you is incorrect or incomplete, please contact us as soon as possible using the ‘Contact Us’ page. We will promptly correct or remove any information that is incorrect.

If you request a change of details and/ or account closure, we may retain residual information about you in our backup and/or archival copies of our database. This will be deleted in accordance with our data retention policy.

 

Protecting your information

We will use all reasonable efforts to safeguard your personal data. We have put in place strict physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

You should note that when using the website and our related services, your information may travel through third party infrastructures that are not under our control. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Unfortunately, the internet is never a completely secure environment. Therefore, we cannot guarantee that hackers or unauthorised personnel will not gain access to your personal information despite our best efforts.

 

Your rights

 

Your right to withhold information.

You may access certain areas of our website without providing any data at all. However, to use all features and functions available on our website you may be required to submit or allow for the collection of certain data.

You may restrict your internet browser’s use of Cookies.

 

Your right to access information.

You have the legal right to request details of any personal information we hold about you under the General Data Protection Regulations 2016. There are some exemptions, which means you may not always receive all the personal information we hold, however where this is the case, we will clearly explain it to you.

If you would like a copy of the information held on you, please write to the Data Protection Officer, Curo Virtual Ltd, Suite 3, Building 1, Spiersbridge Business Park, Glasgow, G46 8NG.

 

You have the right to ask us at any time: –

• to confirm whether we hold any of your personal data.
• to send you a copy of any personal data that we hold about you – see 12. 1 above.
• to correct any inaccuracies in your personal data and to add relevant details where the personal data we hold is incomplete.
• to delete (to the extent possible) any of your personal data, where we are required by law to do so.
• to stop or restrict processing your personal data, where we are required by law to do so.
• to let you have a portable copy of the personal data we hold about you, where we are required by law to do so.
• to stop processing any of your personal data that we process based on our legitimate interests; and
• to stop sending you marketing material. However please note that we may continue to send you service related (i.e., non-marketing) communications, such as emails relating to the services we provide.
• Where we have reached a decision that affects you by processing your personal  data automatically then you have the right to speak to someone to discuss that decision.
• We do not use your personal data for the purpose of profiling.
• Where we process your personal data on the basis that you have given us your consent to do so then you may contact us at any time to withdraw your consent

If you wish to exercise any of these rights or wish to object to our use of your personal information, please e-mail us directly for the attention of the data protection officer: [email protected] or write to us at the address given below.

Data Protection Officer
Curo Virtual Ltd
Suite 3, Building 1,
Spiersbridge Business Park
Glasgow G46 8NG.

The Independent Commissioners office provides the following example as to when an individual’s interests may not override our interests.

 

Example

A finance company is unable to locate a customer who has stopped making payments under a hire purchase agreement. The customer has moved house without notifying the finance company of their new address. The finance company wants to engage a debt collection agency to find the customer and seek repayment of the debt. It wants to disclose the customer’s personal data to the agency for this purpose.

The finance company has a legitimate interest in recovering the debt it is owed and to achieve this purpose it is necessary for them to use a debt collection agency to track down the customer for payment owed. 

The finance company considers the balancing test and concludes that it is reasonable for its customers to expect that they will take steps to seek payment of outstanding debts. The interests of the customer are likely to differ from those of the finance company in this situation, as it may suit the customer to evade paying their
outstanding debt. 

However, the legitimate interest in passing the personal data to a debt collection agency in these circumstances would not be overridden by the interests of the customer. The balance would be in favour of
the finance company.

 

Cookies

You’re accessing this website may result in “cookies” being stored by your computer’s hard drive and our servers, or those operated for us, will keep a record of your visit to the site.

Cookies are small text files that websites place on your device as you are browsing. They are processed and stored by your web browser. In and of themselves, cookies are harmless and serve crucial functions for websites. Cookies can also generally be easily viewed, deleted and or blocked. Cookies will not normally contain any personal information about you. In addition, we do not collect any information about you from visitors to this website.

You can deactivate them on your computer; however, this may result in you being unable to access some
content on some websites.
Changes to our Privacy Policy
We may change this Privacy Policy as we may deem necessary from time to time, or as may be required by
law. We recommend that you check our web page regularly to keep up to date with any changes. This Policy was last updated in June 2022.

 

Who can I contact if I have queries about this privacy notice?

You can contact us directly if you have any questions about our privacy notice or information, we hold about you. Please write to us at the address below.

Data Protection Officer
Curo Virtual Ltd
Suite 3, Building 1,
Spiersbridge Business Park
Glasgow G46 8NG.

If you are dissatisfied with our handling of any complaint, you also have the right to raise concerns with The UK Information Commissioner: https://ico.org.uk