Reventus Ltd understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website, www.reventus.co.uk (“Our Site”) and will only collect and use personal data in ways that are described here, and in a manner that is consistent with Our obligations and your rights under the law.
1. Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
|“Account”||means an account required to access and/or use certain areas and features of Our Site;|
|“Cookie Law”||means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;|
|“personal data”||means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and|
|“We/Us/Our”||means Reventus, a limited company registered in England under company number 4714602, whose registered address is Suites 3 & 4 63-67 Athenaeum Place, Muswell Hill, London, England, N10 3HL, and whose main trading address is Four Rivers House, Fentiman Walk, Hertford, SG14 1DB.|
2. Information About Us
2.1 Our Site is owned and operated by Reventus a limited company registered in England under company number 4714602, whose registered address is Suites 3 & 4 63-67 Athenaeum Place, Muswell Hill, London, England, N10 3HL, and whose main trading address is Four Rivers House, Fentiman Walk, Hertford, SG14 1DB.
2.2 Our VAT number is 836 0655 24.
2.3 Our Data Protection Officer is Sara Quinn, and can be contacted by email at email@example.com, by telephone on 0344 800 3303/01992 538148, or by post at Reventus Limited, Four Rivers House, Fentiman Walk, Hertford, SG14 1DB.
2.4 We are a member of The Civil Enforcement Association (CIVEA).
3. What Does This Policy Cover?
4. Your Rights
4.1 We are processing your data under public task and therefore do not need your consent. As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:
4.1.1 The right to be informed about Our collection and use of personal data;
4.1.2 The right of access to the personal data We hold about you (see section 13)
4.1.3 The right to rectification if any personal data We hold about you is inaccurate or incomplete (please contact Us using the details in section 14);
4.1.4 The right to restrict (i.e. prevent) the processing of your personal data;
4.1.5 Rights with respect to automated decision making and profiling.
4.2 You do not have the following rights under public task:
4.2.1 The right to be forgotten – i.e. the right to ask Us to delete any personal data We hold about you;
4.2.2 The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);
4.2.3 The right to object to Us using your personal data for particular purposes; and
4.3 If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided in section 14 and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
4.4 For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
5. Lawful, Fair, and Transparent Data Processing
5.1 The GDPR seeks to ensure that personal data is processed lawfully, fairly, and transparently, without adversely affecting the rights of the data subject. The GDPR states that processing of personal data shall be lawful if the following applies:
5.1.1 The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller;
5.2 We will be given personal data by our clients and other relevant sources in order to fulfil our role in the collection of local authority revenue under the Tribunals, Courts and Enforcement Act 2007 and other relevant legislation.
5.3 As some of the personal data in question is “special category data” (also known as “sensitive personal data”) (for example, data concerning the data subject’s race, ethnicity, politics, religion, trade union membership, genetics, biometrics (if used for ID purposes), health, sex life, or sexual orientation), the following conditions must be met:
5.3.1 The processing is necessary for substantial public interest reasons, on the basis of EU or EU Member State law which shall be proportionate to the aim pursued, shall respect the essence of the right to data protection, and shall provide for suitable and specific measures to safeguard the fundamental rights and interests of the data subject;
6. What Data Do We Collect?
We may collect some or all of the following personal data and sensitive personal data:
6.2 Date of birth;
6.4 Telephone number;
6.5 email address;
6.6 Bank details;
6.7 Credit history;
6.8 Medical information;
6.9 Employment data;
6.10 Benefit award information;
6.11 Criminal convictions;
7. How Do We Use Your Data?
7.1 We will be given personal data by our clients and provided by other relevant sources in order to fulfil our role in the collection of local authority revenue under the Tribunals, Courts and Enforcement Act 2007 and other relevant legislation. This is being processed by Us under the General Data Protection Regulation (GDPR) (EU) 2016/679, Article 6(1)(e) lawful basis of public task.
7.2 All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under GDPR at all times. For more details on security see section 8, below.
7.3 We will use the personal data provided to us in order to get in contact with data subjects either via email, SMS, telephone, WhatsApp, in person or the post.
7.4 Personal data collected through this website or given to us by our clients or provided by other relevant sources will be carried out under the lawful basis of public task. Specifically, We may use your data for the following purposes:
7.4.1 Replying to emails from you;
7.4.2 In the recovery of local authority revenue
7.5 We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Data will therefore be retained for the following periods (or its retention will be determined on the following bases):
7.5.1 Information we hold on you that is given to us in the pursuit of local authority revenue will be retained in accordance with our clients’ policies;
8. How and Where Do We Store Your Data?
8.1 We only keep your personal data for as long as We need to in order to use it as described above in section 6.
8.2 Your data will only be stored within the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein).
8.3 Data security is very important to Us, and to protect your data We have taken suitable measures to safeguard and secure data collected through Our Site.
9. Do We Share Your Data?
9.1 In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal obligations, a court order, or a governmental authority.
9.2 The third party data processors used by Us and listed below are within the EEA and under the GDPR including:
9.2.1 For storing your data we use secure cloud based systems called DebtRecovery and AgentVisit. These systems are owned and provided by OneStep Solutions LLPwho are certified compliant to ISO 9001, ISO 14001, ISO 22301 & ISO 27001. All data transmissions are via HTTPS for office access (this includes SMS transmission), SFTP for reporting/data transfers and where data is retained on remote worker devices, this is stored in an encrypted format. All of their systems are protected by industry standard security policies and practices.
9.2.2 For processing payments we use Worldpay whose payment processing systems are compliant with PCI DSS industry security standards.
10. What Happens If Our Business Changes Hands?
10.2 In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.
11. How Can You Control Your Data?
11.1 You have the right to amend your data under the GDPR, set out in section 4.
12. Your Right to Withhold Information
12.1 You may access Our Site without providing any data at all.
13. How Can You Access Your Data?
You have the right to ask for a copy of any of your personal data held by Us (where such data is held). Under the GDPR, no fee is payable and We will provide any and all information in response to your request free of charge within 30 days. Please contact Us for more details at firstname.lastname@example.org, or using the contact details below in section 14.
14. Contacting Us