Capquest is part of the Arrow Global Group Plc, who are a leading European credit management services provider focusing on loan purchases and specialist asset management. We purchase customer accounts from a range of businesses, including retail banks, credit card and telecommunications companies.

Where the account is owned by any party in the below list, it is operated by us under a separate Privacy Notice:

• Arrow Global Limited
• AGL Fleetwood Limited
•  Arrow Global Accounts Management Limited
• Arrow Global Europe Limited
• Arrow Global Investment (Holdings) Limited
• Arrow Global Portugal Investments
• Arrow Global Receivables Management Limited
• Capquest Investments Limited

Customer and Account Information Accuracy

We maintain information, including personal data, for the purposes of managing accounts on behalf of the account owner. This could include activities designed to support:

• Making the utmost effort to ensure our customer and account information is accurate. This involves regular data quality reporting, investigating data inaccuracies and making corrections should they arise;
• Arrears Management;
• Assist in processing statutory documents, including Statements, Notice of Sums in Arrears and Notices of Default.

Tracing and debt recovery

We use data from Credit Reference Agencies (CRAs) and other 3rd party data providers to trace people who are not responding using known contact details.

An example of a tracing activity could be when a customer moves home without informing us of their new address. We may then use the data we obtain from CRAs and other 3rd party data providers to inform our analytics to identify the customer’s new address and contact details. We then use our analytics capability to help find missing individuals through updated addresses and contact details.

Credit reporting

We report the status of the accounts we own to the CRAs and any customer confirmed changes to contact details. The CRAs combine this data with that from other lenders to build a credit profile of an individual which in turn may be used to help inform future lending decisions.

An example would be where a customer settles their account with us. This information would be reported back to the CRAs which may be used by other lenders to assess an individual’s creditworthiness.

Statistical analysis, analytics and profiling

We will use and allow the use of personal data for statistical analysis and analytics purposes. Personal data can be used to create scorecards, models and variables in connection with the assessment of credit, fraud, risk or to verify identities. It can also be used to monitor and predict market trends, to allow use by Arrow for refining recovery and trace strategies, and for analysis such as loss and revenue forecasting.

Database activities

We carry out certain processing activities internally which support databases effectiveness and efficiencies. For example:

• Data loading: this is where data is supplied to us and is checked for integrity, validity, consistency, quality and age to help make sure it is fit for purpose. These checks pick up things like irregular dates of birth, names, addresses, account start and default dates, and gaps in status history.
• Data matching: this is where data supplied to us is matched to existing databases to help make sure it’s assigned to the right person, even when there are discrepancies e.g. spelling mistakes or different versions of a person’s name. We use the personal data people give lenders together with data from other sources to create and confirm identities, which they use to underpin the services they provide.
• Data linking: this is where we compile data into its databases and we create links between different pieces of data. For example, people who appear financially associated with each other may be linked together, and addresses where someone has previously lived can be linked to each other and to that person’s current address.
• Systems and product testing: this is where data is used to help support the development and testing of new products and technologies.

Uses as required by or permitted by law

Your personal data will also be used for other purposes where required by law, such as where we are obliged to provide data to the law enforcement community at their request.

We use the following grounds for handling personal data:

• Legitimate interests;
• Compliance with a legal obligation;
• Fulfilment of a contract.

Our primary grounds for handling data are the legitimate interests of our business, supplemented by both the compliance with our legal obligation to manage customers’ accounts and fulfil the terms of such contracts.

The UK’s data protection laws allow the use of personal data where the organisations legitimate interests aren’t outweighed by the interests, fundamental rights or freedoms of data subjects (customers). The law calls this the ’Legitimate Interests’ condition for personal data processing. The below outlines the activities we undertake in relation to your data, the appropriate legal grounds for processing as well as an explanation of what our legitimate interests are when this is our reason for processing.

Our use of this personal data is subject to an extensive framework of safeguards that help make sure that people’s rights are protected. These include the information given to people about how their personal data will be used and how they can exercise their rights to obtain their personal data, have it corrected or restricted, object to it being processed, and complain if they are dissatisfied. These safeguards help sustain a fair and appropriate balance so that our activities don’t override the interests, fundamental rights and freedoms of data subjects.

Additionally, Arrow will look for your consent to process personal information in relation to your health. This will only be in circumstances where you choose to share this information with us to help us understand your circumstances and appropriately manage your account. This will be used for no other purposes than managing your account and for training and quality purposes.

We obtain and use information from different sources, so we often hold different information and personal data about each customer. All information we hold about our customers falls into the below categories:

This section describes the types of recipient we share data with and our process for ensuring it is an appropriate organisation.

In some cases, some organisations have the ability to compel us, by law, to disclose certain data for certain purposes.

Members of the credit reference agency data sharing network

We share information with CRAs as part of our obligation to ensure appropriate lending for consumers and help ensure the health of the UK financial services industry.

Each organisation that shares financial data with the CRAs is also entitled to receive similar kinds of financial data contributed by other organisations. These organisations are typically banks, building societies, and other lenders, as well as other credit providers like utilities companies and mobile phone networks.

In the UK we use the following CRAs:

Partners

We may entrust your account for management by one of our Partner companies, who will operate as our agent. We use market leading partners, and we rely on their expertise in their fields to manage your account efficiently on our behalf. We will communicate with you at the time should this outsourcing take place.

Information Technology Processors

We will use other organisations to perform tasks on their own behalf (for example, IT service providers and call centre providers) in order to assist us with running our business. These providers will always act as our agents, should we instruct them to contact you.

Court Service

If proceedings are issued against you or enforcement activity is taken, we will provide information to the relevant Court service.

Payment Processors

If you have chosen to make payments via Debit or Credit Card, Arrow will provide relevant information to payment processing companies to facilitate the transaction. 

Individuals

People are entitled to obtain copies of the personal data the Arrow holds about them. You can find out how to do this in Section 10 below.

Legal and Regulatory

Any law enforcement agency, regulator, court, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.

Debt Purchasers/Sellers

We may share data with any organisation who holds an interest, whether legal or beneficial in nature, who may act as an individual or joint data controller. They may process the data for the purposes of management of your account. Should you wish to obtain further information about it, you can contact us using the methods outlined in section 10 of this notice.

Capquest Debt Recovery is a subsidiary company of Arrow Global Group Plc ("AGG" and / or "Arrow"), headquartered in the UK.

As a result of Brexit, with effect from 1 January 2021, the UK stops being treated as part of the European Union and the European Economic Area ("EEA") and, as a result, your personal data will be protected by UK privacy laws from that date. Looking after your data is very important to us, and Brexit will not change that.

We will only share personal data with others outside the EEA (before 1 January 2021) or outside the UK (from and after 1 January 2021) when we are legally permitted to do so, namely where:

•  the EU Commission or UK government (as relevant) has decided that the relevant country has adequate protective rules in relation to data protection in place (an “adequacy decision”);
•  we have entered into the relevant “standard contractual clauses” with the recipient of your personal data (these are a set of obligations about how your data is protected and used; or
• we can rely on another basis under the law such as that we have to share the personal data because this is necessary for the purpose of a court case, investigation or to protect our legal rights.

In general, we will retain all information held about our customers for as long as they continue to have an active account with us. This will include for as long as funds are owed to us.

Once the account is closed and no funds are owed, we will continue to retain all data for a period typically of six years from closure. The criteria used to determine the storage period will include the legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements and industry standards.

Exceptions to this standard six-year approach are detailed below:

Credit Balances

In the rare situations where customers’ accounts have some form of overpayment, the data is kept for as long as the account remains in credit and for six years from the date these monies are re-payed to the customer.

Voice Recordings

Voice recordings of telephone conversations with customers will be held for three years after the call has taken place.

Archived data

We will hold archived data in both physical and digital formats for business continuity purposes. Where data is retained in archives for longer than the periods described above, it will not be accessible to unauthorised staff and in the case of digital backups data is encrypted. We will take steps to ensure that, if such archives are required to be accessed, we will have all personal information no longer required removed.

If you wish to exercise any of these rights, you can contact us at MyData@arrowglobal.net

Scores and ratings

We use the data we hold on the accounts we own along with data from the CRAs and other 3rd party data providers to produce various scores such as risk, fraud, affordability, collection, litigation and/or insolvency scores to profile accounts and customers. The following factors are likely to impact these scores:

• How long the person has lived at their address;
• The number and type of credit agreements and how they use those credit products;
• Whether the person has been late making payments;
• Whether the person has had any court judgments made against them;
•  Whether the person has been bankrupt or had an IVA or other form of debt-related arrangement.

These scores will inform appropriate actions to manage customers’ accounts with us and ensure appropriate steps are taken with respect to personal circumstances. An example would be where we use the insolvency scores and data to place an account with a specialist insolvency practitioner.

Where automated decisions are made with regards to account treatment or placement, customers have the right to appeal.

You have the right to ask us what data we hold about you. This is known as a Subject Access Request (SAR). You have a right to find out what personal data we hold about you. You can do this either by emailing your request to MyData@arrowglobal.net or by writing to us at:

Arrow/Capquest SARS
Capella Building
60 York Street
Glasgow
G2 8JX

New data protection legislation also contains a right to data portability that may give consumers a right in some data processing contexts, to receive their personal data in a portable format when it’s processed on certain grounds, such as consent. This is not a right that will apply to Arrow’s data because this data is processed on the grounds of legitimate interests.

When we receive personal data, we perform a number of checks on it to try and detect any defects or mistakes. Ultimately though, we rely on our suppliers and our customers to provide accurate data to us.

If you think that any personal data we hold about you is wrong or incomplete, you have the right to request this is updated.

If our data does turn out to be incorrect, we will update our records accordingly. If we still believe our data is correct after completing our checks, we will continue to hold and keep it - although you can ask us to add a note to your file indicating that you disagree or providing an explanation of the circumstances. Additionally, we will need to keep a copy of the incorrect record but solely for auditing purposes.

If you’d like to request an update of your data, you should contact us at MyData@arrowglobal.net.

As an individual you have specific rights under the General Data Protection Regulation. You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and ‘right to erasure’, or the ‘right to be forgotten’. 

Section 4 of this notice details what information we process, and why we need this information within our organisation in relation to the activities we undertake. This is why your right to object doesn’t automatically lead to deletion of your information, but we will deal with every request we receive and if we can’t delete your information we shall inform you and explain why we cannot.

In some circumstances, you can ask us to restrict how we use your personal data. This is not an absolute right, and your personal data may still be processed where certain grounds exist. These grounds include:

•  With your consent;
•  For the establishment, exercise, or defence of legal claims;
•  For the protection of the rights of another natural or legal person;
• For reasons of important public interest.

Only one of these grounds needs to be demonstrated to continue data processing. We will consider and respond to requests we receive, including assessing the applicability of these exemptions.

Please note that given the importance of complete and accurate records, for purposes outlined above, it will usually be appropriate to continue processing data. In particular, to ensure appropriate management of your account.

We try to deliver the best customer service levels, but if you’re not happy you should contact us so we can investigate your concerns.

If you are unhappy with how we have investigated your complaint, you have the right to refer it to the Financial Ombudsman Service (Ombudsman) for free. The Ombudsman is an independent public body that aims to resolve disputes between consumers and businesses like us. You can contact them by:

1.     Phone on 0300 123 9 123 (or from outside the UK on +44 20 7964 1000)

2.     Emailing them at: complaint.info@financial-ombudsman.org.uk

3.     Writing to them at: Financial Ombudsman Service, Exchange Tower London E14 9SR

4.     Going to their website at: www.financial-ombudsman.org.uk

You can also refer your concerns to the Information Commissioner’s Office (or ICO), the body that regulates the handling of personal data in the UK. You can contact them by:

• Phone on 0303 123 1113
• Writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
• Going to their website at www.ico.org.uk  

Our data protection officer can be contacted by emailing DPO@arrowglobal.net or by writing to us at 12 Booth Street, Manchester, M2 4AW.