Data Protection Notice
Your details and the information concerning the incident(s) that you were involved in, as set out in the correspondence sent you, (“the data”) has been passed to us by our Client.
Our Client is the Data Controller of the data.
Retail Loss Prevention Ltd (“RLP”) is a Data Processor of the data.
The Data Controller has passed “the data” to us to enable us to exercise on their behalf a legitimate interest that they have; namely their legal right to pursue a civil claim against for damages for the loss that you caused as a result of the incident(s) that we have written to you about.
Any information given by you, or a third party on your behalf, (“additional data”), will be shared with our Client, as necessary.
We shall not share “the data” or “additional data” with any third party said to be contacting us on your behalf unless we have received your specific instructions to do so.
“The data” and “additional data” will be passed by us to third parties as necessary for the pursuance of the claim against you. Those third parties will include external solicitors, enquiry agents and debt recovery specialists, as is appropriate, to enable us to undertake our Client’s instructions.
We shall retain “the data” and the “additional data” for a period not exceeding the time limit as prescribed by the relevant legislation in the jurisdiction in which the claim would be brought; unless we are instructed to delete the date before that date by our Client. In England, Wales, Northern Ireland and the Republic of Ireland that period is 6 years; therefore we may retain “the data” and “additional data” for 6 years from the date of the incident(s) that we have written to you about. In Scotland the period of time is 5 years, therefore we may retain “the data” and “additional data” for 5 years from the date of the incident(s) that we have written to you about.
All “the data” and “additional data” will be kept in strict compliance with applicable Data Protection Laws. In England, Wales, Scotland and Northern Ireland this includes the General Data Protection Regulation EU 2016/679, (“GDPR”); the Data Protection Act 1998 and upon enactment the Data Protection Act 2017. In the Republic of Ireland, (“ROI”), this includes the GDPR and the Data Protection Acts 1988 to 2018.
The Data Protection Laws provide individuals with certain rights in relation to their data. Those rights include:
• The right to access- the right to ask what data an organisation holds about you;
• The right to rectification-the right to ask for the data to be amended;
• The right to erasure-the right to ask that the data be deleted;
• The right to restrict processing-the right to ask that your data is not processed;
• The right to object to processing-a further right to ask that your data is not processed.
Except for the right to access the above rights are rights that you have against the Data Controller, namely our Client and not ourselves.
Should you wish to exercise one of the rights then you need to contact the Data Protection Officer at our Client and not ourselves.
If you wish to ask us what data we hold about you your request should be made to the Data Protection Officer for “RLP” whose contact details are set out below. Please be advised that we shall require identification evidence (“ID”) from you before we can provide the information. The ID must either be a copy of a document showing an up to date photograph of you, such as a copy of your passport, driving licence, or if you do not have ID that has a photograph on it you can provide other ID provided the document is certified by a solicitor or similar professional.
Further information concerning your rights, to include the right to complain about how your data has been handled by us, then we recommend that you take advice from a suitably qualified advisor and/or consult the information provided by the Information Commissioner Office (“the ICO”). The Head Office address for the ICO is Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF and their web site can be found at www.ico.org.uk. There are additional offices in Scotland, Wales and Northern Ireland and the relevant addresses can be found on the web site for the ICO. In ROI the contact is the Data Protection Commissioner. The address is Canal House, Station Road, Portarlington, R32 AP23, Co. Laois and their web site can be found at www.dataprotection.ie.
The Data Protection Officer for RLP Ltd can be contacted at:
Data Protection Officer
Retail Loss Prevention Ltd
PO Box 5413