Privacy Policy

Effective 28th August 2019.

The Credit Protection Association Limited takes data privacy seriously and we make every effort to ensure we process Personal Information appropriately, sensitively and securely. This privacy policy explains who we are, how we collect and use personal information and how you can exercise your privacy rights.

For ease of reference, this policy is divided into sections that are specifically applicable to Members and Parties associated with Members of The Credit Protection Association Limited (Section 2), Supporters of PayonTime (Section 3) and Visitors (Section 4). Sections 1 and 5 are applicable to all.

Section 1 – Introduction

About Us
Established in 1914, The Credit Protection Association Limited provides Business Owners and Credit Managers with a complete solution for all their overdue account recovery, credit management and cash flow control needs (“CPA”, “we”, “us”, “our”).

Our aim is to be recognised for ethical, effective, efficient and economic debt recovery for both large and small organisations throughout the UK.

Key Terms
“Member” – any person or entity registered with us to use the services that we provide.
“Parties associated with Members” – any person or entity that may be indebted to a Member, for example a Customer.
“Supporter” – any entity or person registered as a Supporter and/or created a User account at www.payontime.co.uk.
“Visitor” – any person, regardless of whether they are a Member, a Party associated with a Member or Supporter, who visits any of our websites.
“Websites” – all websites we own and operate, for example https://cpa.co.uk.
“Related Entities” – any entity that is wholly or partially owned by CPA or by the owners of CPA.
“Personal Information” – any information that identifies or potentially identifies a Member, a Party associated with a Member, Supporter or Visitor. Examples of Personal Information include but are not limited to, first and last name, birthdate, gender, email address and occupation.
“you / your” – depending on the context means either a Member, Supporter or Visitor.

Section 2 – Privacy for Members and Parties associated with Members

This section applies to the Personal Information we collect from Members or potential Members of CPA in providing our overdue account recovery and credit management services.

For the purposes of data protection, we are considered to be a data controller, although we primarily process on instruction from our Members.

Personal Information We Collect
The Personal Information we may collect or receive broadly falls into two categories:

In the course of becoming a Member:
• Your name and job title or those of other persons within your organisation.
• Contact information including email address and phone number.
• Demographic information such as postcode.

In the course of using our services:
• Name, address, contact details and value of overdue accounts owed to you. Specifically this information may include details for non-incorporated entities.
• Product usage data whenever you interact with our online portal, which may include dates and times of access, reports and services used.

We only collect the minimum amount of information needed to communicate with you and parties associated with you in order to provide a quality business service.

Use of Personal Information
We require this information to understand your needs and provide you with a better service and in particular for the following reasons:

• Internal record keeping and billing.
• Communications with parties associated with you regarding overdue accounts as instructed by you.
• Communications with you in providing our service, for example Monitoring Alerts.
• Communications with legal advisors/representatives on your behalf in providing our service, for example when instructing Litigation.
• Communications about your Membership or in providing Membership support.
• Providing secure access to our Members’ only website.
• To ensure compliance with our Membership Terms and Conditions, applicable law and to protect our rights, those of our Members and third parties.
• Improving our products and services.
• We may periodically send promotional material about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
• We may periodically send relevant industry news in the form of Newsletters using the email address which you have provided.
• From time to time, we may contact you for market research purposes by email, phone, fax or mail.

Sharing of Personal Information
Third Parties – we may share Personal Information with other data processors as part of our overdue account recovery process if a Member chooses to pursue matters further through legal action. CPA use third party legal firms that have all been vetted for GDPR compliance.

Related Entities – CPA may share relevant information with Related Entities to carry out their respective services or to improve their services to you

Data Protection Rights
We are committed to the rights enshrined in the General Data Protection Regulations namely:

• Right to access: the right to request copies of your personal information from us.
• Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete.
• Right to erase or restrict our use of Personal Information: insofar as it does not conflict with our legal basis for processing Personal Information, the right to request that we remove your personal information from our systems or restrict or limit our use of your information.
• Right to data portability: the right to request that we move, copy or transfer your personal information.
• Right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling to inform our market research and customer demographics.

Section 3 – Privacy for Supporters

About us
Payontime.co.uk is a UK website dedicated to providing a resource of information to support businesses get paid on time and to provide a community for businesses that support prompt payment to be able to engage with each other.
The Data Controller for this website is CPA and since August 2008, the site is no longer run, funded or endorsed by the Government, therefore, no details will be forwarded to any Government Department or Agency.

Personal Information We Collect
The Personal Information we may collect depends on whether you register as a site User or Payontime Supporter. Supporter accounts are typically created for registered or incorporated entities though there may be accounts for sole traders or non-incorporated entities which in some instances may be considered as Personal Information.

User Registration requires your:
• Name.
• Email address.

Additionally, Payontime Supporter Registration requires your:

Mandatory:
Company name
Full business address including postcode
Number of Employees
Business Turnover
Days to pay suppliers
Business Sector/Industry

Optional:
Job Title
Phone Number
Website URL
Facebook Account URL
Twitter Account URL
LinkedIn URL
Google+ URL

Information collected in the course of using the website
• Forum – any information posted in an article or comment in the Forum may be read, collected, and used by anyone. If Personal Information appears on the Forum and you want it removed, contact us as shown under Notifications and Contacts in Section 5. If we are unable to remove the information, we will tell you why.
• Logging data when you are logged in and interacting with the website, which may include dates and times of access, reports and services used.

We only collect the minimum amount of information needed to communicate with you and to properly display your support (in accordance with your preferences) for getting paid on time.

Use of the Personal Information you provide
The information collected through the website may be used for a number of reasons including:

• To provide, manage, maintain and secure the site.
• To send information for marketing purposes in accordance with your contact preferences.
• To respond to online enquiries and requests.
• To provide information on services that you have requested from us.
• To compile aggregated statistics about site usage.
• To carry out research and development to improve our products and services.

Any information you provide will be held securely and in accordance with the General Data Protection Regulations May 2016 and the Data Protection Bill May 2018.

Data Protection Rights
We are committed to the rights enshrined in the General Data Protection Regulations namely:

• Right to access: the right to request copies of your personal information from us;
• Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete;
• Right to erase: the right to request that we delete or remove your personal information from our systems;
• Right to restrict our use of your information: the right to ‘block’ us from using your personal information or limit the way in which we can use it;
• Right to data portability: the right to request that we move, copy or transfer your personal information;
• Right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling to inform our market research and customer demographics.

We are also committed to the principles of “data minimisation”. If your account has not been used within a period of 12 months, it will be deleted. We may send you a notice of pending deletion three weeks prior to give you the opportunity to take appropriate action if your account is still required.

Cookies and Other Technology
Cookies:
The website uses cookies to better understand visitors experiences while visiting the site. Cookies are small pieces of data created when you visit a site that contain a unique, anonymous number and are stored on your hard drive. Cookies are not used to collect any identifiable personal information about you.
Please click here to view the Payontime Cookie Policy.

Google Analytics:
We use “Google Analytics” to generate statistical information about the use of our websites so that we can improve our services and how our websites function. Google may store this anonymous data on servers in various worldwide locations. Click here to find more detail about the information they collect and to view their privacy policy.

Facebook Pixel and Web Beacons:
The Facebook pixel is an analytics tools that helps us to measure the effectiveness of our advertising by understanding the actions taken by visitors on our website. Pixel data is used to:
• Make sure our ads are being shown to the right people.
• Build advertising audiences.
• Unlock other Facebook advertising tools.
• This data aggregated and held by Facebook. No Personal Information is held on a CPA site.
A web beacon is a means of tracking certain behaviour when sending promotional emails, such as whether an email was delivered, opened or links therein clicked. This information is used to measure the performance of our promotions.

Section 4 – Privacy for Visitors

This section sets out how we use and protect any information that you give us when you use our websites, request one of our free guides or subscribe to our newsletter.

CPA is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our websites, then you can be assured that it will only be used in accordance with this privacy policy.

Personal Information We Collect
We may collect the following information:
• Name and job title
• Contact information including email address
• Demographic information such as postcode, preferences, and interests
• Other information relevant to customer surveys and/or offers

Use of the Personal Information
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
• Internal record keeping.
• We may use the information to improve our products and services.
• We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
• From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.

Links to third-party websites
Our websites include links to other websites whose privacy practices may differ from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies so we encourage you to carefully read the privacy policy of any website you visit.

Third Party Processors

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:

1) Digital Marketing Service Providers

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. No personal data collected from our clients would be shared with our digital marketing agents. We only use marketing data obtained from GDPR compliant marketing data providers. Our appointed data processors include:

Prospect Global Ltd (trading as SoPro) Reg. UK Co. 09648733. You can contact SoPro and view their privacy policy here: http://sopro.io. SoPro are registered with the ICO Reg: Z123456 their Data Protection Officer can be emailed at: dpo@sopro.io.

Cookies and Other Technology
Cookies:
The website uses cookies to better understand visitors experiences while using the site. Cookies are small pieces of data created when you visit a site that contain a unique, anonymous number and are stored on your hard drive. Cookies are not used to collect any identifiable personal information about you.
Please click here to view the CPA Cookie Policy.

Use of our sites is subject to the terms of this Privacy Policy. If you do not agree to these terms, please refrain from using our websites.

Section 5 – General Information

Legal Basis for Processing Personal Information
• Legitimate Interest – processing of personal data in the course of carrying out our duties as debt collection agents.
• Consent – you have granted consent by completing a form on our website to subscribe to or request a download or other information about our services.
• Agreement – processing is necessary for the execution of an agreement to which you are a party. This applies when the processing is necessary for the execution of a contract, for example an employment contract or a membership/sales contract.
• Legal Obligation – data processing is necessary to fulfil a legal obligation.

Security and Retention of Data
We are committed to ensuring that your information is secure by taking appropriate and reasonable technical and organisational measures to protect Personal Information from loss, misuse, unauthorised access, disclosure, alteration, destruction. In this regard we will not hold your personal information for any longer than is reasonable. Specifically:

• For non-member enquiries we will keep your information on our system until you request for it to be removed. If you do not respond to our communications within a 12-month period we will assume that you no longer require our services and we will delete you from our database.
• We retain Personal Information where we have an ongoing legitimate business or legal need to do so. Our retention periods will vary depending on the type of data involved, but, generally, we’ll refer to these criteria in order to determine retention period. For active Members, we will keep the minimal amount of personal information required by us to provide you with a quality service. For inactive Members, we keep the accounting records for a period of seven years in accordance with HMRC guidelines, after which your details will be either anonymised or removed from our systems and all paper records destroyed by an authorised agent.

We will never knowingly share or transfer your information to a third party without having your explicit consent.

Making a data subject access request
CPA recognise the right of access provisions under the GDPR which allow you to request a copy of any personal information that we maybe processing which is relevant to you. We have provided a template for you to use which will help us to respond to your request. Whilst use of the template is optional, the same details are still required for us to locate your information effectively.

All applications must be in writing to the Data Privacy Manager at the postal or email address shown below.

There is no fee for this service but please allow one month from the date of receipt for us to reply. If the request is more complex or involves a greater degree of difficulty, we will inform you if extra time is required. Please note we reserve the right to limit requests from the same individual or group so we can adequately service existing claims.

What to provide when making a request:
We require proof of identification before any information is released. This can be done by attending our head office in person with an appropriate photo id (e.g. driver licence) and proof of address (e.g. utility bill). If you are unable to attend our office, we will accept copies of these documents by mail or email using the details above.

Download Subject Access Request template

Your Preferences
Visitors who have opted into our promotional or marketing emails can opt out of receiving such emails from us at any time by clicking the “unsubscribe” link at the bottom of our marketing messages. Such opt-out requests can also be made in writing as shown in the Notifications and Contact section below.

Changes to the Privacy Policy
We may update this policy at any time and from time to time by posting a revised version. We may also bring it to the attention of Members by posting a notice on the Members Notice Board. We recommend that you occasionally review this page to check for any amendments.

Notifications and Contact
If we suffer a data breach or information is disclosed to an unauthorised organisation or individual we will notify you and the relevant authorities within a 72-hour period.

To make enquiries or exercise any of your rights as set out in this Privacy Policy, please contact our Data Privacy Manager by email to dpm@cpa.co.uk or in writing to:

Data Privacy Manager
The Credit Protection Association Limited
CPA House
350 Kings Street
London W6 0RX.

In all correspondence please stipulate the nature your enquiry.