Privacy and cookie notice
- Introduction – About this privacy and cookies notice
- About Us
- Information we may collect from you
- Special Categories of Personal Data
- How is your personal data collected?
- What we do with your information
- Change of purpose
- Security of Personal Information
- Disclosing your Information
- Transfer of Data outside the United Kingdom and European Economic Area (‘EEA’)
- Data Retention – How long will We use your personal data for?
- Third Party Personal Information
- Your rights
- Third Party Links
- Webserver Logs
- Your Control of Cookies
Introduction – About this privacy and cookie notice
This Privacy and Cookies Notice (the “Notice”) applies when you visit Our website https://www.pragroup.co.uk/ (the “Website”) (regardless of where you visit it from) or contact Us through the Website, by email, letter or telephone. We respect your privacy and so the security and privacy of your personal information are important to Us. We are committed to safeguarding and preserving your privacy when you visit and use the Website or you communicate electronically or otherwise with Us.
If you are also a customer of PRA Group (UK) Limited, you will have also received a copy of Our Data Protection Notice when We first wrote to you when We acquired your account. The Data Protection Notice sets out how We process your personal data to manage your account, while this privacy and cookie notice sets out how We process your personal data when you visit the Website or you communicate with Us.
This Notice, (together with the Website use Terms and Conditions, the Data Protection Notice) sets out the basis upon which any personal information We collect from you, from third parties, or that you provide to Us, shall be processed by Us. It also explains the purposes for which We process your personal data, with whom We may share your personal data and the rights to which you may be entitled.
Please note that where you intend to make a payment using the Website, please ensure you have read the Website Use Terms and Conditions as well as this Notice.
We may decide or may be legally obliged to amend and update this Notice from time to time so please ensure you read this Notice every time you use the Website or communicate with us.
The Website is operated by PRA Group (UK) Limited, Level 11 Riverside House, 2A Southwark Bridge Road, London, SE1 9HA (“PRA”). In this notice, PRA, itself, or together with any member of its group (“PRA Group”) may be referred to as ‘We’ or ‘Us’ or ‘Our’.
PRA is the “data controller” and responsible for your personal data.
We have appointed PRA Group Polska Holding sp. z o.o., a company incorporated in Poland under company registration number 0000537397 with its registered office at Prosta 68, 00-838 Warszawa (Warsaw) to act as Our representative in data protection matters for consumers from the EU / EEA. Contact details for our European Representative are as follows:
Information we may collect from you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you that is provided to Us by you or a third party, authorised to do so on your behalf, when you or they contact Us, and when making a payment, completing forms, responding to surveys, and any other responses to requests for information on the Website or when We communicate with each other.
We have grouped this personal data as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, email address and telephone numbers.
- Financial Data includes bank account and payment card details, information from your credit file, income and expenditure and further information allowing you to manage your account.
- Transaction Data includes details about payments you have made to Us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Website.
- Profile Data includes your username and password, your feedback and survey responses.
- Usage Data includes information about how you use the Website, including, but not limited to, traffic, click tracking, location, weblogs and other such data, and the resources that you access from the Website and Information you provide when you report a problem with the Website.
- Communications Data includes your preferences in receiving marketing communications from Us and Our third parties and your communication preferences.
- Experience Information includes information about your experience with us that you may discuss with us when communicating with us.
Special Categories of Personal Data
Under certain circumstances, We may require you to provide us with or you may volunteer, information about you which is deemed “special categories of personal data” (“Special Category Data”), for example, information about your physical or mental health.
This may be because We think you may be considered vulnerable, and as such, We may need this additional information to comply with Our obligations to manage your account in the most appropriate manner, having regard to your circumstances. We will only use this Special Category Data to exercise forbearance in collecting your debt, and to manage your account and circumstances appropriately.
Where We have no other legal grounds for processing Sensitive Personal Data, We will seek your consent to process your Special Category Data, in accordance with applicable laws. We may share any of your Special Category Data with other members of PRA Group, or relevant third parties for such purposes only. We will only ever share your Special Category Data if We are required or permitted to do so under applicable laws, or if We have obtained your consent.
How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email, SMS, Live Chat or otherwise. This includes personal data you provide when you:
- log into your account on Our websites, speak to an agent on the phone, SMS, or chat
- request marketing to be sent to you.
- complete a form or survey.
- give Us feedback or contact Us.
- Automated technologies or interactions. As you interact with the Website, We will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing Our cookies. Please see our cookie section for further details.
- Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
- Technical Data from the following parties:
(i)analytics providers such as Google based outside the UK;
(ii)advertising networks such as Google outside the UK; and
(iii)Credit Reference Agencies (CRAs) such as Experian, Equifax and TransUnion based inside the UK and sometimes outside the UK.
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Sage Pay (Opao) and Barclays Smartpay based inside the UK.
- Identity and Contact Data from data brokers or aggregators such as Lexis Nexis and GB Group based inside the UK.
- Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.
- Information from the previous account holders.
- When your account is transferred to us, as part of the new contractual agreement, we receive information from your creditor to create your account. This allows you to manage your account online and continue to make payments towards your debt. Data includes: Your Identity, Contact and Account Information including outstanding balance, payment history and detail of defaults and missed payments.
What we do with your information
We use information We collect about you in the following ways:
- To collect your debt and to assist you in managing your account, including setting up of an affordable payment plan and assessing the affordability of such plan
- To ensure that content from the Website is presented in the most effective manner for you and for your computer
- To provide you with information, products, or services that you request from Us or which We feel may interest you, and where you have consented to be contacted for such purposes
- To allow you to participate in interactive features of Our service, when you choose to do so
- To notify you about changes to Our service
- To allow you to make payments safely and securely on the payments page of the Website
- For research and analysis purposes, including assessment of your likelihood to make payments to your account
- To prevent fraud, money laundering and any other criminal activity
- To discuss your experience of PRA as a result of feedback you have provided
- For other purposes as set out in Our Data Protection Notice
Where you have requested that We contact you, and you provide Us with your name, together with your address, telephone numbers or e-mail address for this purpose, you agree to being contacted by these methods, for these purposes. Where you have contacted Us to discuss and provide feedback on your experience of PRA, you may reasonably predict that you can be contacted by the contact information provided to Us for these purposes.
If you try to login to the payment area of the Website using your mobile phone number, and you are unsuccessful, We will get in touch with you on that number, to help you to log in successfully, and make a payment. By inputting your mobile number, you may reasonably predict that we can get in touch with you, where your login attempt failed.
Change of purpose
We will only use your personal data for the purposes for which We collected it, unless We reasonably consider that We need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please Contact Us.
If We need to use your personal data for an unrelated purpose, We will notify you and We will explain the legal basis which allows Us to do so.
Please note that We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Security of your Personal Information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on Our instructions, and they are subject to a duty of confidentiality.
You should be aware that the transmission of information via the internet is not completely secure and therefore We cannot guarantee the security of any information you send to Us electronically, and transmission of such information is therefore entirely at your own risk.
Where We have given you (or where you have chosen) login details, including a password so that you can access certain parts of the Website, you are responsible for keeping these login details confidential. We will accept no liability for unauthorized use of your login details on the Website.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where We are legally required to do so.
Disclosing your Information
We may disclose your personal information to any member of PRA Group. This includes, where applicable, Our subsidiaries, Our holding companies and their other subsidiaries (if any).
We may also disclose your personal information:
- To prospective purchasers of any or all of our business and/or our business assets and their advisors
- To relevant authorities, where We are under a legal obligation to disclose your information, and to prevent fraud and money laundering
- To any third party who provide services to Us as a data processor
- To payment services providers, to facilitate payments made by you via the payments page of the Website
- In order to protect and enforce Our rights
- Where We are entitled to by law
- To third parties to facilitate credit risk reduction
- To other third parties as set out in the Data Protection Notice
Transfer of Data outside the United Kingdom and European Economic Area (‘EEA’)
We or some of Our third party service providers (including but not limited to merchant services suppliers) may transfer personal information We or they collect outside the United Kingdom and / or the European Economic Area (“EEA”) for processing, storing and related purpose. We will only transfer your personal information outside the United Kingdom and / or the EEA, where We can ensure there will be in place, adequate levels of protection for your personal information. We shall ensure a substantially similar degree of protection is afforded to your personal information to that within the United Kingdom and / or the EEA, and that such levels of protection comply with applicable laws.
Data Retention – How long will We use your personal data?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes We collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if We reasonably believe there is a prospect of litigation in respect to Our relationship with you.
To determine the appropriate retention period for personal data, We consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which We process your personal data and whether We can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask Us to delete your data: see your legal rights below for further information.
In some circumstances We will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case We may use this information indefinitely without further notice to you.
Third Party Personal Information
If you provide Us with personal information about another person, you confirm that they have appointed you to act for them, and that you have informed them of Our identity and the purposes for which their personal information will be processed as set out in this Notice.
Under data protection laws you have certain rights in relation to your personal data. Please note that many of these rights are not absolute and We may have grounds to not fully comply with your request (for example where We are required by law to process your personal data in a way that is incompatible with your request or be able to rely on exemptions under data protection law which entitle Us to process your personal data in a way that is incompatible with your request). Where such circumstances exist, We will inform you at the time you make a request to exercise your rights.
- Right to access your personal data – You have the right to ask for a copy of the personal data We hold about you.
- Right to rectification of your personal data – If you believe that any of the personal data We hold for you is incorrect, it is important that you make Us aware as soon as possible, so that We can rectify Our records.
- Right to erasure (right to be forgotten) – You have the right to request that We delete data relating to you.
- Right to restriction of processing – You have the right to request restriction of processing of your personal data.
- Right to data portability – You have the right to receive the personal data you have provided to Us in a structured, commonly used and machine-readable format and the right to have that personal data transmitted to another data controller.
- Right to object to processing – You have the right to object to particular ways We are using your personal data. You also have the right to object where We are processing your personal data for direct marketing purposes.
- Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you – As noted above We may use the personal data We hold about you to conduct profiling and make decisions solely by automated means (for example, to predict how likely you are to be able to pay your debt, or how best to manage Our relationship with you). However, We do not believe that this processing has either a legal effect or similarly significant impact on you.
- Right to withdraw consent – Where processing of your personal data is based on consent given to Us for one or more specific purposes, you may withdraw your consent at any time providing it will not affect the lawfulness of processing based on consent before its withdrawal.
- Right to complain – You have the right to complain if you consider that the processing of your personal data by Us infringes your rights or applicable data protection laws. Contact details for complaints to Us are as follows:
Head of Customer Services UK
PRA Group (UK) Limited
Halo Enterprise & Innovation Centre
You also have the right to complain to a competent supervisory authority. If you believe that the processing of your personal data is unlawful, you have the right to make a complaint to the competent supervisory authority. The name and address of the relevant competent supervisory authority is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. You can also complain using their website at https://ico.org.uk.
In the event that you wish to exercise any of these rights you may do so (i) by contacting Us using any medium you wish, including in writing, by telephone, by SMS or electronically or (ii) through a third party whom you have authorised for this purpose. However, please note that as part of security measures, to protect your personal information, We may need to request further information from you to verify and confirm your identity.
Third Party Links
We may gather certain information automatically and store it in log files for statistical purposes. These log files contain standard information collected by web servers, such as client IP addresses, browser type, internet service provider (ISP), operating system, etc. This information is only used by PRA and PRA Group. This information is not distributed or sold to a third party. We use this information to analyse trends, to administer the Website and to gather demographic information about the Website users as a whole.
Webtrekk is a web analysis and statistics service from Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, Germany, which collects data to understand how visitors interact with our website in an anonymous form whilst complying to data protection regulations (GDPR).
The processing carried out by Webtrekk serves to guarantee the integrity and security of the website, which is in the mutual interest of the website operator and the website visitor. The processing is therefore carried out on the legal basis of our legitimate interest in accordance with Article 6 Paragraph 1.
The processing includes in detail:
- information on the user’s end device, operating system and browser used; the IP address shortened by the last octet
- geo-information up to the city level;
- the URL accessed with the associated page title and optional information on the page content;
- the website from which the individual page visited was accessed (referrer site including assignment to search engines and social media sites and reading of campaign parameters);
- the subsequent pages (only on our website – no external pages) that were visited from the accessed website within a single website in the session; the length of stay on the website;
- other interactions (clicks) on the website such as buttons, videos viewed, FAQs, log ins, registrations and payment completions
Below you will find the e-mail address of the data protection officer of the processing company.
Cookies are small text files that are placed on your computer by websites that you visit. These cookies are stored on the hard drive of your computer. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the website.
PRA Group uses a cookie management tool to allow customers to ‘opt in’ and consent to non-essential cookie (those that are not essential for the safe and secure operation of the website).
If you ‘opt in’ and accept using Google Analytics cookies with our cookie banner, we use Google Analytics cookies and Google Analytics to collect general and anonymised statistical data to help us understand how our visitors use and interact with our website.
Google Analytics stores information about: page visits, actions on site, length of time spent on site, how, how you got to the site, clicks during visit, information on browser and device using anonymised IP.
This and other settings in Google Analytics ensure that the masked IP address collected from your browser is not merged with any other Google data products outside of Google Analytics. Google may transfer and process data on its servers in the US.
More details about how Google Analytics collects and processes data are available at www.google.com/policies/privacy/partners.
Your Control of Cookies
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. You can also change the settings on your internet browser to accept all cookies, to notify you when a cookie is set, or not to receive cookies at any time. However, doing any of these may prevent you from taking full advantage of the Website, and you may lose some of the functionality of the Website as a result. If you want to delete any cookies that are already on your computer, please refer to the instructions for your file management software to locate the file or directory that stores cookies.
For help in deleting our cookies please refer to the relevant link below:
Microsoft Internet Explorer: https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
Safari on Mac: https://support.apple.com/kb/PH21411?locale=en_US
Safari on Mobile: https://support.apple.com/en-us/HT201265
For further information about cookies and how to disable them please go to: www.aboutcookies.org.
PRA Group (UK) Limited
Level 11, Riverside House,
2A Southwark Bridge Road,
0808 196 5550