Debt Collection  Solutions. 

Our 
 Privacy Policy 

At Turner Clifford Ltd, we take your privacy seriously and are committed to handling personal data in a lawful, fair, and transparent manner. This Privacy Policy explains how we collect, use, share, and protect your personal information whenever you interact with us, whether through our website, by email, by post, over the phone, via video call, in person, or in any way throughout the course of our debt recovery and related services.

It also explains the legal rights you have under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws, as well as how you can exercise them. We encourage you to read this Privacy Policy in full to understand our practices and how we safeguard your personal information.

1.    Introduction
 

Turner Clifford Ltd (“we,” “us,” “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you interact with us - whether you are a client, a debtor, a supplier, or a website visitor.
 

It also sets out your rights under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and any other applicable laws.

.

2.    Data Controller and Processor Roles

Turner Clifford Ltd usually acts as the Data Controller for the personal data we collect and process independently. We may also act as a Data Processor on behalf of our clients, where we handle personal data strictly in accordance with their instructions and our obligations under our contract with them. In those cases, our client remains the Data Controller.
​
Company details:

Registered in England & Wales: 13913455

Registered Office: Unit 3, Suite 3, Melton Enterprise Park, North Ferriby, HU14 3RS

ICO Reference: ZB409804

3.    How We May Collect Personal Data

We may collect personal data from:
 

• Direct interactions – including emails, phone calls, text messages, instant messaging platforms, video calls, post, and in-person meetings.

• Documents and information provided by our clients or any third parties - such as contracts, invoices, statements, correspondence, and case evidence.

• Publicly available sources - including Companies House, court records, credit reference agencies, trade directories, online search engines, and social media profiles.

• Our website, online forms, and digital tools - including enquiry forms, account portals, or subscription sign-ups.

• Technology systems and secure third-party service providers - including, but not limited to, cloud storage platforms, CRM systems, communication tools, sales platforms, document processing services, analytics platforms, and any other software or technology solutions (whether hosted locally or online) used to store, process, transmit, or analyse personal data on our behalf.

• Automatic data collection - such as IP addresses, device information, and usage data when you access our website, emails, or other digital services.

• Call recordings, video recordings, and meeting notes - where necessary for our services, debt collection purposes, training, or other compliance purposes.

• Tracing and investigative activities - where we use lawful means to locate individuals or verify information in connection with debt recovery or fraud prevention.

​

We may also collect personal data by any other lawful means where necessary for the purposes set out in this Privacy Policy.

​

4.    Types of Personal Data We Process

Depending on the relationship and purpose, we may process:
 

• Contact details – such as name, address, email addresses, telephone numbers, and other contact information.

• Identification data – such as date of birth, ID documents, photographs, and signatures.

• Financial information – such as bank details, invoices, payment records, account statements, and transaction history.

• Communications – such as emails, letters, text or instant messages, and call or video recordings.

• Case-related documents – such as contracts, legal correspondence, evidence, and supporting documentation provided by clients, third parties, or obtained through lawful tracing and investigative work.

• Technical and usage data – such as IP address, browser type, device identifiers, website analytics, and interaction history with our emails or online services.

• Marketing and prospect information – such as business details, publicly available contact information, and information provided in response to our marketing or networking activities.

• Publicly available or client-provided background information – relevant to debt recovery, fraud prevention, or contract delivery and enforcement.

​

We may also process special category data only where necessary and lawful (e.g., health information relevant to debt recovery disputes, where provided voluntarily or as required by law).

We may process any other personal data lawfully obtained where necessary for the purposes set out in this Privacy Policy.

​

5.    Purposes of Processing

We may process personal data for purposes including, but not limited to:

• Debt recovery services – locating debtors, tracing assets, communicating, negotiating repayment, and enforcing debts, including through court proceedings and enforcement agents.

• Contract performance – fulfilling obligations to our clients and suppliers, and taking steps at their request before entering into a contract.

• Fraud prevention and protection of rights – identifying, investigating, and reporting suspected fraudulent activity, misconduct, or criminal behaviour, and protecting our legal rights or those of others.

• Legal and regulatory compliance – meeting obligations under applicable laws and regulations, including tax reporting, anti-money laundering (AML), counter-terrorist financing (CTF), sanctions checks, and responding to lawful requests from authorities or banks.

• Dispute resolution – defending, bringing, or managing legal claims, and handling complaints or regulatory investigations.

• Client services – onboarding, verifying client information, managing accounts, providing updates, and communicating about our services.

• Marketing and business development – contacting prospective or existing clients, conducting market research, sending relevant service updates or offers (where permitted by law), and measuring campaign effectiveness.

• Operational and administrative purposes – managing our business operations, maintaining records, conducting audits, risk management, training staff, and improving service delivery.

• Use of Technology in Processing Personal Data – using secure third-party providers, subscription services, or technology platforms to store, process, review, extract, analyse, or otherwise handle documents, communications, recordings, case files, and other relevant information. This may involve tools for the review, extraction, analysis, or processing of case-related information, whether carried out manually, automatically, or through a combination of both.

• Security and monitoring – protecting our systems and information from unauthorised access, loss, misuse, or damage (for example, access controls, network monitoring, anti-malware protection, audit logs, and CCTV where applicable).

• Any other purpose required or permitted by law - including any purpose for which we have obtained your consent or which is otherwise lawful under applicable data protection legislation.

6.    Lawful Bases for Processing

We rely on one or more of the following lawful bases under UK GDPR and other applicable data protection laws:

​

• Legitimate interests – where the processing is necessary for our own business purposes or those of a third party, provided these interests are not overridden by the individual’s rights and freedoms. This may include, for example, debt recovery activities, fraud prevention, tracing and verification, client management, service improvement, marketing to business contacts, and the use of secure technology systems to process and analyse information. We conduct legitimate interests assessments (LIAs) where required to ensure that our interests are balanced against individuals’ rights.

• Performance of a contract – where the processing is necessary to fulfil our obligations under a contract to which the individual is a party, or to take steps at their request before entering into such a contract. This basis will generally apply to our relationships with clients, suppliers, and service providers, rather than debtors. Examples include managing accounts, communicating about contracted services, and processing payments or instructions.

• Legal obligation – where the processing is necessary to comply with a legal or regulatory obligation to which we are subject. This may include tax reporting, anti-money laundering (AML) and counter-terrorist financing (CTF) requirements, sanctions checks, compliance with court orders, or responding to lawful requests from public authorities or banks.

• Consent – where we have obtained your clear, informed, and freely given consent for a specific purpose (for example, certain types of marketing communications or optional services). Consent can be withdrawn at any time without affecting the lawfulness of processing before withdrawal.

​

​We may rely on other lawful bases where permitted under data protection laws, as relevant to the processing activity

​

7.    Legitimate Interests Assessment

Where we rely on legitimate interests, we have carried out a documented Legitimate Interests Assessment (LIA) to ensure that our interests are not overridden by the rights and freedoms of the individuals concerned. Our assessment considers the nature of the data, the reasonable expectations of the individual, the potential impact of the processing, and the safeguards we have in place. The LIA is reviewed periodically and whenever there is a material change to the way we process personal data. A copy is kept on file and is available to the Information Commissioner’s Office (ICO) upon request.

8.    Data Sharing

We may share personal data with the following categories of recipients, where necessary and lawful, and only for the purposes set out in this Privacy Policy:

• Clients – including but not limited to those for whom we act in debt recovery or related services, to provide updates, evidence, and communications relevant to the case.

• Service providers and suppliers – including but not limited to secure technology providers, cloud storage and hosting services, email and communication platforms, payment processors, IT support, CRM platforms, document management systems, and providers of data, document, and communication analysis or review services, as well as professional advisers such as accountants, auditors, and consultants.

• Legal and investigative partners – including but not limited to solicitors, barristers, process servers, enforcement agents, investigators, and tracing agents.

• Credit reference agencies – to verify identity, trace individuals, assess creditworthiness, and confirm address or contact details.

• Law enforcement, regulators, courts, banks and public authorities – where disclosure is required by law, court order, regulatory request, or to exercise or defend legal claims.

• Other third parties – where necessary to protect our legal rights, prevent or detect fraud, secure assets, or ensure the safety of individuals.

​

Some recipients may be located outside the UK. Where we transfer personal data internationally, we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement, standard contractual clauses, or equivalent lawful mechanisms.

9.    International Transfers

We may transfer personal data to countries outside the United Kingdom (“UK”) and the European Economic Area (“EEA”) where necessary for the purposes set out in this Privacy Policy. This may include transfers to service providers, business partners, or other recipients located in jurisdictions that have different data protection laws.

Whenever we transfer personal data internationally, we take steps to ensure it is protected in accordance with applicable data protection laws. These measures may include:

​

• Relying on an adequacy decision issued by the UK government or European Commission;

• Implementing the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs) approved by the European Commission or UK authorities;

• Using other appropriate safeguards recognised under applicable data protection legislation; and/or

• Ensuring contractual obligations and technical measures are in place to protect the security and confidentiality of the personal data.

​

We regularly review the legal frameworks and safeguards we use for international transfers to ensure ongoing compliance.

​

10.    Data Retention

​

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to:

​

• Carry out ongoing debt recovery activities;

• Comply with legal, regulatory, and contractual obligations;

• Respond to future questions or investigations from banks, auditors, clients, or regulators;

• Defend or pursue potential future legal claims;

• Maintain accurate business and financial records; and

• Ensure business continuity and operational requirements.

​

The retention period for personal data depends on factors such as the nature of the data, the purposes of processing, applicable legal requirements, and any contractual obligations. 

When personal data is no longer required, we take appropriate steps to securely delete, anonymise, or archive it in accordance with applicable laws and our data security procedures.

​

11.    Your Rights

Under data protection laws, you have certain rights in relation to your personal data. These rights are not absolute and may be subject to legal exemptions or limitations. We will respond to all valid requests within the time limits set by law.
 

You have the right to:

​

• Be informed – to receive clear and transparent information about how we process your personal data.

• Access your personal data – to obtain a copy of the personal data we hold about you, together with certain related information.

• Rectification – to request correction of inaccurate or incomplete personal data.

• Erasure – to request deletion of your personal data where lawful. For example, we may refuse deletion if the data is required for ongoing debt recovery, to comply with legal or regulatory obligations, to establish, exercise, or defend legal claims, or to fulfil contractual commitments.

• Restriction of processing – to request that we limit the processing of your personal data in certain circumstances (for example, where you contest its accuracy or object to our use of it).

• Object to processing – to object to the processing of your personal data based on our legitimate interests. We will consider all objections, but may continue processing if we can demonstrate compelling legitimate grounds which override your interests, rights, and freedoms. For example, where processing is necessary for debt recovery, fraud prevention, compliance with any legal, contractual or regulatory obligations, protecting our legal rights, or the establishment, exercise, or defence of legal claims.

• Withdraw consent – where we process personal data based on your consent, you have the right to withdraw that consent (this will not affect the lawfulness of any processing carried out before consent was withdrawn).

• Data portability – to receive certain personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit it to another controller, where applicable.

• Rights related to automated decision-making – to not be subject to solely automated decisions, including profiling, which have legal or similarly significant effects on you, unless permitted by law.

​

To exercise any of your rights, please contact us using the details provided in the “Contact” section of this Privacy Policy.

​

12.    Security Measures

​

We use a combination of technical and organisational measures to protect personal data, including encryption, access controls, secure storage, regular audits, and staff training.

​

13.    Use of Technology in Processing Personal Data

We may use secure third-party providers, platforms, and systems to store, process, review, or analyse documents, communications, recordings, financial records, and other relevant information. This may involve the use of current and future technologies, including both human-led review and automated tools, or a combination of the two. Examples include, but are not limited to, document review platforms, email chain analysis tools, voice-to-text transcription services, and analytics software. All such providers act only on our instructions and are bound by contractual and legal obligations, including confidentiality and data security requirements. Where required, we conduct data protection impact assessments (DPIAs) before introducing or significantly changing technology-assisted processing activities.

​

14.    Marketing Communications

We may process personal data of potential clients for marketing purposes under legitimate interests or consent, depending on the circumstances. You can opt out of marketing communications at any time.

​

​15.    Contact

For questions about this policy or your personal data, contact:

info@turnerclifford.com

 

16.    Changes to This Policy
 

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors.

The latest version will always be available on our website at https://www.turnerclifford.com/privacypolicy.
 

Any printed or downloaded copies may not be the most current version, and we recommend checking the online version to ensure you are viewing the latest policy.