Privacy Policy

1. Who we are and how to contact us

London Debt Collectors is the data controller responsible for personal data processed in connection with our debt-recovery and credit-control services. Registered office: 45 Dundee Wharf, London, England, E14 8AX. We are registered with the Information Commissioner's Office (ICO). For any privacy enquiry, contact us at info@ldcollectors.com or 0208 108 0393.

2. Categories of personal data we process

• Identification and contact data — name, trading name, job title, postal address, email address, telephone numbers.
• Financial and account data — debt balances, invoices, statements, payment history, bank or card details where you make payment, credit-reference information lawfully obtained for tracing or affordability purposes.
• Case correspondence — letters, emails, SMS, portal messages and recorded telephone calls relating to your matter, retained for training, regulatory and dispute-resolution purposes.
• Special category data — only where strictly necessary, for example evidence of vulnerability, health information disclosed to support a forbearance assessment, or information protected by the Equality Act 2010. We process this under UK GDPR Article 9(2)(g) (substantial public interest, debt and statutory functions) with appropriate safeguards.
• Technical data — IP address, device, browser, referrer, pages visited and cookie identifiers when you use ldcollectors.com.

3. Sources of personal data

We obtain personal data directly from you, from our clients (the original creditor instructing us), from publicly available sources (Companies House, the Land Registry, the electoral roll, court registries), and from regulated credit-reference and trace agencies. Where data is provided by a client, that client is responsible for ensuring it had a lawful basis to share it with us under UK GDPR Article 14.

4. Purposes and lawful bases

We process personal data only where one of the following lawful bases under UK GDPR Article 6 applies:

• Legitimate interests (Article 6(1)(f)) — to recover lawfully owed debts on behalf of our clients, manage our business, prevent fraud, secure our systems and maintain accurate records. A balancing test is documented for each processing activity.
• Contract (Article 6(1)(b)) — to take steps at your request and to perform our agreement with you, including processing repayment arrangements.
• Legal obligation (Article 6(1)(c)) — to comply with the Financial Conduct Authority (FCA) Consumer Credit sourcebook (CONC), the Money Laundering, Terrorist Financing and Transfer of Funds Regulations 2017, the Companies Act 2006, HMRC rules and our duty as a regulated firm to maintain complete records.
• Consent (Article 6(1)(a)) — where required for non-essential cookies or optional marketing communications. Consent can be withdrawn at any time without affecting prior lawful processing.

5. How we use your data

• Manage, investigate and resolve cases referred to us by our clients.
• Communicate with you about your matter, including issuing notices required by law.
• Assess affordability, vulnerability and the appropriateness of repayment plans.
• Trace current contact details where mail is returned or contact has been lost.
• Comply with anti-money-laundering, sanctions, accounting and tax obligations.
• Detect, investigate and prevent fraud, financial crime and misuse of our services.
• Train staff, monitor service quality and handle complaints in line with FCA DISP rules and the CSA Code of Practice.
• Improve the performance, security and accessibility of this website.

6. Recipients and sharing

We share personal data only where necessary and under appropriate written safeguards with:

• The client who instructed us on your matter.
• Regulators and law-enforcement bodies where we are required to do so (including the FCA, ICO, HMRC and the police).
• Professional advisers, auditors and insurers, bound by confidentiality.
• Vetted IT, hosting, secure-print, telephony and email providers acting as processors under Article 28 contracts.
• Credit-reference, identity-verification and trace agencies acting under their own controller arrangements.
• Solicitors, certificated enforcement agents and, where authorised, the County Court Bulk Centre, only where pre-legal recovery has not been successful and the client instructs litigation.

We do not sell personal data and we do not transfer personal data for cross-context behavioural advertising.

7. International transfers

Personal data is processed within the United Kingdom and the European Economic Area wherever practicable. Where data is transferred to a third country, we rely on UK adequacy regulations or the International Data Transfer Agreement (IDTA) / UK Addendum to the EU Standard Contractual Clauses, supported by a transfer risk assessment.

8. Retention

We retain case data for six years after the case is closed in order to satisfy our regulatory, accounting and limitation-period obligations, after which records are securely destroyed or anonymised. Call recordings are retained for 12 months for training and dispute-resolution purposes, except where a complaint, investigation or litigation requires longer retention. Website analytics data is retained for a maximum of 14 months.

9. Your rights

Under UK GDPR you have the right to: be informed; access your data; have inaccurate data rectified; have data erased where the relevant grounds apply; restrict or object to processing; data portability; and not to be subject to a decision based solely on automated processing (we do not carry out solely automated decision-making with legal or similarly significant effects). To exercise any of these rights, contact info@ldcollectors.com. We will respond within one calendar month and may verify your identity before disclosing personal data.

10. Marketing

We do not send unsolicited marketing to consumers. Business-to-business updates are sent on the basis of legitimate interests and you can unsubscribe at any time via the link in any communication.

11. Security

We maintain technical and organisational measures appropriate to the risk, including encryption in transit and at rest, role-based access controls, multi-factor authentication, vetted personnel under Disclosure and Barring Service checks where appropriate, secure destruction of physical records and documented incident-response procedures aligned with ICO breach-notification timeframes.

12. Cookies

Our use of cookies and similar technologies is described in our Cookie Notice.

13. Complaints to the ICO

You have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk or on 0303 123 1113. We would, however, appreciate the opportunity to address your concerns directly before you contact the regulator.

14. Changes to this policy

We review this policy at least annually and whenever our processing materially changes. The latest version is always published on this page with the effective date shown above.