Privacy Policy

Updated: 25 May 2018

This document describes how TDX Group Limited (“TDX Group”) holds and processes personal data for each of its business functions in the UK.

TDX Group’s core activity provides businesses with technology, data and advisory services to improve debt liquidation and the fair treatment of consumers in financial arrears.  

This TDX Group Privacy Notice specifically relates to the TDX Group UK business and it answers the following questions:

  1. Who are we and how can you contact us?

  2. What do we use personal data for?

  3. What are our grounds for handling personal data?

  4. What kinds of personal data do we use, and where do we get it from?

  5. Who do we share personal data with?

  6. Where is personal data stored and sent?

  7. How long is personal data kept for?

  8. Do we make decisions about you or profile you using personal data?

  9. What can I do if I want to see the personal data held about me? Do I have a ‘data portability’ right in connection with my bureau data?

  10. What can I do if my personal data is wrong?

  11. Can I object to the use of my personal data and have it deleted?

  12. Can I restrict what TDX Group does with my personal data?

  13. Who can I complain to if I’m unhappy about the use of my personal data?

You have the right to object to TDX Group using your personal data. Please see Section 12 to find out more.

1. WHO IS TDX GROUP AND HOW CAN I CONTACT THEM?

TDX Group provides the industry with specialist debt recovery businesses working with creditors across financial services, retail, energy, water, telco and media sectors, plus local and central government; providing solutions which support them in managing debt collections, recoveries, debt sale and insolvency.

TDX Group Limited is regulated by the Financial Conduct Authority (“FCA”) and authorised to conduct debt-collection.  

We can be contacted by any of the following methods:

Post: TDX Group Ltd, 8 Fletcher Gate, Nottingham, NG1 2FS
Web Address:  www.tdxgroup.com
Email: info@tdxgroup.com
Phone: 0115 953 1200


Additionally, TDX Group has a dedicated Data Protection Officer who can be contacted as follows: info@tdxgroup.com.

2. WHAT DOES TDX GROUP USE PERSONAL DATA FOR?

(a) DEBT RECOVERIES MANAGEMENT
TDX Group operates a fully managed debt recovery service, designed for large creditor clients who want to optimise the recovery of money owed while improving their customer outcomes and experience.  To perform this service, TDX Group operates as a joint data controller with our client, conforming to all applicable data protection laws.

TDX Group help place and manage debt, through a debt collection agency network, incorporating the following activities:

Customer insight - TDX Group combines client data with the widest combination of insight from demographic, pre-and post- default credit, behavioural and activity data.

Optimised treatment strategies - TDX Group use dynamic models and scores, coupled with ongoing test and learn to help ensure client debt recovery strategies are continually optimised. This includes choosing the right specialist supplier panel from the market, for each of our clients, to deliver the right outcome.

End-to-end purpose built technology - TDX Group use bespoke technology and data processing to capture a view of their client’s customer across the full debt recovery life cycle.

(b) INSOLVENCY MANAGEMENT
TDX Group operates a service for creditor clients, encompassing all aspects of managing their personal customer insolvencies, including bankruptcies and trust deeds, as well as individual voluntary arrangements (IVAs). When performing this service, TDX Group operates as a data processor on behalf of our clients, conforming to all applicable data protection laws.

TDX Group support their client’s insolvency management by providing online proof of debt capture using a web-based data exchange, enabling clients to securely exchange account level proof of debt data.  TDX Group also provides full payment management services for their clients.

(c) DEBT SALE
TDX Group provides an end-to-end asset sale brokerage service to help creditor clients use the right data, processes and oversight to help their sale of debt portfolios. To perform this service, TDX Group operates as a joint data controller with our client, conforming to all applicable data protection laws.

A cleanse and enrich process enables us to select only those accounts that should be sold and ensure the information held on them is as up-to-date as possible. 

We have access to multiple data sources, including data held by our sister company, Equifax Limited and our knowledge of the debt purchase market means we are able to segment accounts for sale to meet purchaser specialisms and appetite. The end result is a fully engaged panel of purchasers who want to buy the debt, and have confidence in what they are bidding for.

(d) OTHER DATA PROCESSING
To facilitate the processing detailed in this Section, TDX Group also performs the following:

Database activities
TDX Group carries out certain processing activities internally which support databases effectiveness and efficiencies.  For example:

  • Data loading: where data supplied to TDX Group is checked for integrity, validity, consistency, quality and age help make sure it’s fit for purpose. These checks pick up things like irregular dates of birth, names, addresses, account start and default dates, and gaps in status history.
  • Data matching: where data supplied to TDX Group is matched to their existing databases to help make sure it’s assigned to the right person, even when there are discrepancies like spelling mistakes or different versions of a person’s name. Where permitted TDX Group use the personal data people give its clients together with data from other sources to create and confirm identities, which they we to underpin the services we provide.
  • Data linking: as TDX Group compiles data into its databases, we create links between different pieces of data. For example, people who appear financially associated with each other may be linked together, and addresses where someone has previously lived can be linked to each other and to that person’s current address.
  • Systems and product testing: Data may be used to help support the development and testing of new products and technologies.
  • Other uses with your permission: From time to time TDX Group may use the personal data we hold or receive about you for other purposes where you’ve given your consent.
  • Uses as required by or permitted by law: Your personal data may also be used for other purposes where required or permitted by law.
  • Marketing activities: Through our marketing and support activities, we may communicate with you where you have consented for us to do so using the information you provide to us through this website by sending you bulletins updates and invites which may be relevant and useful to you. You have the opportunity to opt-in to and opt-out of these communications.

3. WHAT ARE TDX GROUP LEGAL GROUNDS FOR HANDLING PERSONAL DATA?

Legitimate interests
The UK’s data protection law allows the use of personal data where its purpose is legitimate and isn’t outweighed by the interests, fundamental rights or freedoms of data subjects.
The UK’s data protection law calls this the Legitimate Interests condition for personal data processing.
Where TDX Group operates its debt recoveries management service, the Legitimate Interests being pursued here include:

  • Supporting debtor tracing and debt collections

Where TDX Group operates its debt sale service, the Legitimate Interests being pursued here include:

  • Supporting the commercial acquisition process of debt purchase

TDX Group use of this personal data is subject to an extensive framework of safeguards that help make sure that people’s rights are protected. These include the information given to people about how their personal data will be used and how they can exercise their rights to obtain their personal data, have it corrected or restricted, object to it being processed, and complain if they’re dissatisfied. These safeguards help sustain a fair and appropriate balance to ensure TDX Group debt recoveries activities don’t override the interests, fundamental rights and freedoms of data subjects.

Consent
The UK’s data protection law allows the use of personal data where an individual has given consent to the processing of his or her personal data for one or more specific purposes.
Where TDX Group use your contact data to support our marketing and/or customer management activities, processing is based on your consent. Where TDX Group rely on your consent you have the right to withdraw it anytime by contacting us. See Section 4(b) for more information.

4. WHAT KINDS OF PERSONAL DATA DOES TDX GROUP USE AND WHERE DO THEY GET IT FROM?

(a) DEBT RECOVERIES MANAGEMENT

Information type

Description

Source

Debt Account

Information from creation of accounts for line of credit or other financial accounts. Examples of accounts may include utility bills, telecom bills, and others. Information collected includes account information such as name, data of birth (DOB), address history, outstanding debt balance, and payment history.

Creditor clients

Credit Reference Agency

Information we obtain from Credit Reference Agencies to assist in the recoveries management process. See the Credit Reference Agency Information Notice (CRAIN) for full details.

Equifax Limited, Callcredit Limited

Other Data Providers

Information we obtain from other data providers to assist in the recoveries management process. Examples may include: name, phone numbers, DOB, gender, and address.

GB Group plc, Direct Data Services (DDS) Limited, UK Insolvency Service

 
(b) INSOLVENCY MANAGEMENT

Information type

Description

Source

Individual Voluntary Arrangements (IVAs)

Information we obtain from Insolvency Practitioners that is included in the IVAs, such as name, DOB, address, marital status, occupation, reasons for financial difficulty, debt balance, and payment history.

Insolvency Practitioner

Debt Account Verification

Information we obtain from clients related to the debt referenced in the IVA. Examples may include name, address history, outstanding debt balance, and payment history.

Creditor clients

Other Data Providers

Information we obtain from other data providers to assist in the insolvency management process. Examples may include: name, DOB, gender, and address.

UK Insolvency Service

 
(c) DEBT SALE

Information type

Description

Source

Debt Account

Information from creation of accounts for line of credit or other financial accounts. Examples of accounts may include: utility bills, telecom bills, and others. Information collected includes account information such as name, DOB, address history, outstanding debt balance, and payment history.

Creditor clients

Credit Reference Agency

Information we obtain from Credit Reference Agencies to assist in the recoveries management process. See the Credit Reference Agency Information Notice (CRAIN) for full details.

Equifax Limited

Other Data Providers

Information we obtain from other data providers to assist in the insolvency management process. Examples may include name, DOB, gender, and address.

UK Insolvency Service

 
(d) MARKETING ACTIVITIES

  • Personal and Business Contact information, such as your first name, last name, email address, telephone number, job title, and employer name;

  • Feedback and correspondence, such as customer support or otherwise correspond with us; 

  • Usage information, such as information about how you use the Website and interact with us;

  • Marketing information, such as your preferences for receiving marketing communications and details about how you engage with us.

How to withdraw Marketing Consent(s)/Unsubscribe from Marketing Activity
You may withdraw your consent for your personal data to be used for further marketing activity at any time.

TDX Group Contact Details:
Post: TDX Group Ltd, 8 Fletcher Gate, Nottingham, NG1 2FS
Web Address:  www.tdxgroup.com
Email: info@tdxgroup.com
Phone: 0115 953 1200


When you contact TDX Group, we will immediately delete the relevant personal data from our Marketing database.

5. WHO DOES TDX GROUP SHARE PERSONAL DATA WITH?

This section describes the types of recipient TDX Group share data with. We operate our own access control processes.  For example, before we share data with any another organisation, we check that organisation’s identity and, where applicable, to confirm where it is registered with regulators.

The details of organisations who TDX Group currently share personal with can be found here:

  • Credit Reference Agencies and other data providers: TDX Group shares debt account information with Credit References Agencies and other data providers to validate and append additional information related to an individual’s debt account.

  • Creditor Clients: TDX Group works with creditors in order to validate outstanding debt to ensure the debt amount owed is proper.

  • Insolvency Practitioners and Trustees: TDX Group receives requests from Insolvency Practitioners and Trustees to assist consumers in managing debt. Through your authorization, TDX Group works with these entities to help consumers eliminate debt.

  • Debt purchasers: TDX Group helps clients understand how to best manage debt portfolios and facilitates the sale of these portfolios.

Public bodies, law enforcement and regulators
The police and other law enforcement agencies, as well as public bodies like local and central authorities and TDX Group’s regulators, can sometimes request us to supply them with personal data. This can be for a range of purposes such as preventing or detecting crime, fraud, apprehending or prosecuting offenders, assessing or collecting tax, investigating complaints or assessing how well a particular industry sector is working.

Processors
TDX Group uses other organisations to perform tasks on its behalf (for example, IT service providers and call centre providers).  Many of these services are provided by companies within the Equifax group of companies, of which TDX Group is a part.. Examples include:

  • Debt Collection Agencies (DCAs): TDX Group works with other agencies in order to engage consumers and facilitate the repayment of debt. All these agencies operate and retain data within the UK.

TDX Group uses other trusted organisations to perform tasks on its behalf for the following services:

Service Category

Country(s) of Operation
(See section 6. for more information on TDX Group overseas processing)

IT  infrastructure and operations software support

UK & India

IT back office business process software support

India

IT back office helpdesk service support

India

IT service management support

US

Telephone support services

UK

Printing and mailing house services

UK

Marketing communication services

UK

Confidential Waste Services

UK

 
Many of these services are provided by companies within the Equifax group of companies: 

Equifax Group Company Details

Country(s) of Operation
(See section 6. for more information on TDX Group overseas processing)

Description of Service

Equifax Inc.

US

Administrative support, IT and Security back office software support, software development and cloud disaster recovery

 
In addition to the above, Equifax has service arrangements in place with auditors, consulting and professional service providers. A full list of these parties is available on request.

Individuals
People are entitled to obtain copies of the personal data TDX Group holds about them. You can find out how to do this in Section 9 below.

6. WHERE IS PERSONAL DATA STORED AND SENT?

TDX Group is based in the UK, and keep their main databases there. All information and personal data held by TDX Group is stored on encrypted services at a secure physical location. TDX Group also has internal policies and controls in place to ensure that personal data is kept secure as well as to minimise the risk of any personal data being lost, misused, disclosed or accidently destroyed.

TDX Group also has operations elsewhere inside and outside the European Economic Area, and personal data may be accessed by or transferred to TDX Group companies or service providers. In both cases, the personal data use in those locations is protected by European data protection standards.

Details of the main processors TDX Group use and where they operate can be found above in Section 5.
While countries in the European Economic Area all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection when it comes to personal data. As a result, when TDX Group does send personal data overseas we will make sure suitable safeguards are in place in accordance with European data protection requirements, to protect the data. To do this TDX Group:

  • ensures third parties have entered into contractual duty of confidentiality with TDX Group;

  • third parties are obliged to implement appropriate technical and organisational measures to ensure the security of personal data;

  • put in place a contract with the recipient containing mandatory terms approved by the European Commission  as providing a suitable level of protection for personal data. These are commonly referred to as Standard Contractual Clauses or ‘EU Model Clauses’.

7. FOR HOW LONG DOES TDX GROUP RETAIN PERSONAL DATA?

Identifiers
Identification data like names and addresses are kept while there’s a continuing need to keep it. This need will be assessed on a regular basis, and data that’s no longer needed for any purpose will be disposed of.

Debt accounts and repayment data
Data about live and settled debt accounts is kept due to multiple factors such as regulatory requirements under the FCA, agreed upon data retention periods with clients, and to perform services for clients related to debt collection and recording repayment of debt.

Derived or created data
TDX Group also creates data, and links and matches between data. For example, TDX Group keep address links and aliases for as long as they’re considered relevant for debt collection purposes.

Marketing data
TDX Group will retain your marketing permissions for the period of time we believe appropriate to the type of permission you originally provided and the channel for the marketing activity.

For permissions linked to electronic marketing 24 months from when permission was given.

If you wish to receive marketing communications, we will keep the information necessary to send you these communications following the end of our customer or consumer relationship or following their collection, if you are a prospective customer unless you withdraw your consent to receive such communications.

Archived data
TDX Group holds data in an archived form for longer than the periods described above, for things like research and development, analytics and analysis, (including refining lending and fraud strategies, scorecard development and other analysis such as loss forecasting), for audit purposes, and as appropriate for establishment, exercise or defence or legal claims. The criteria used to determine the storage period will include the legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements and industry standards.

8. DOES TDX GROUP MAKE DECISIONS ABOUT ME OR PROFILE ME?

Scores/Profiling
TDX Group uses automated scoring and profiling to better understand you as a consumer, your circumstances, and your financial position, including what might impact your ability to pay off debt.

Scoring and profiling is based on a multitude of factors including your payment history, location, any barriers to debt repayment, and reasons why your account is in default.

Debt collecting decisions
In relation to scoring and profiling, automated decisions will be made in consultation with our clients regarding how best to engage with you. These decisions inform which agency would be the best fit for you, if any, based on your current situation. We also consider the best method of communication with you, what type of contact should be made, and how frequently.

To submit a request for more information on our scoring and profiling or debt collection decisions, please contact us at DSAR@tdxgroup.com.

9. WHAT CAN I DO IF I WANT TO SEE THE PERSONAL DATA HELD BY TDX GROUP ABOUT ME? DO I HAVE A ‘PORTABILITY RIGHT’ IN CONNECTION WITH MY TDX GROUP DATA?

Data access right
You are entitled to see the personal data TDX Group hold on you free of charge.  In instances where you request a copy of your information from us, if we are processing on behalf of a client we will identify the affected organisation(s) and will forward the request to them on your behalf.
To submit a subject access request on personal data we hold on you when we are the data controller, please contact us at DSAR@tdxgroup.com.

It may take us up to one month to collate and provide you with this information.
If you require a copy of your personal data in a format such as braille or audio, please use one of the contact channels detailed in Section 1 above to make your request.

Data portability right
New data protection legislation also contains a right to data portability that may give consumers a right in some data processing contexts, to receive their personal data in a portable format when it’s processed on certain grounds, such as consent. This is not a right that will apply to TDX Group data because this data is processed on the grounds of Legitimate Interests. To find out more about Legitimate Interests please go to Section 3 above.

10. WHAT CAN I DO IF MY PERSONAL DATA IS WRONG?

When TDX Group receives personal data, we perform lots of checks on it to try and detect any defects or mistakes. Ultimately, though, we can often only rely on our suppliers to provide accurate data.

If you think that any personal data TDX Group holds about you is wrong or incomplete, you have the right to challenge it. Please note, when acting as a data processor TDX Group won’t have the right to change the data without permission from the organisation that supplied it, so we will need to take reasonable steps to check the data first, such as asking the organisation that supplied it to check and confirm its accuracy.

If you’d like to do this, please use one of the contact channels detailed in Section 1 above.

11. CAN I OBJECT TO TDX GROUP USE OF MY PERSONAL DATA AND HAVE IT DELETED?

(a) DEBT RECOVERIES MANAGEMENT/DEBT SALE
This section helps you understand how to use your data protection rights to object to your personal data being used and how to ask for it to be deleted, in connection with the above activities. To understand these rights and how they apply to the processing of personal data, it’s important to know that the TDX Group holds and process personal information for the above activities under the Legitimate Interests ground for processing (see Section 3 above for more information about this), and doesn’t rely on consent for this processing.

You have the right to submit an objection about the processing of your personal data to TDX Group where it is a data controller. If you want to do this, please use one of the contact channels detailed in Section 1 above.

Whilst you have complete freedom to contact TDX Group with your objection at any time, please note that under the General Data Protection Regulation (“GDPR”), your right to object doesn’t automatically lead to a requirement for processing to stop, or for personal data to be deleted, in all cases.

(b) MARKETING ACTIVITIES
You have the right at any time to stop TDX Group using your personal information in relation to such marketing activities. 

You also have the right at any time to unsubscribe from any direct marketing activity undertaken by TDX Group.

How to withdraw Marketing Consent(s)/Unsubscribe from Marketing Activity

TDX Group Contact Details:
Post: TDX Group Ltd, 8 Fletcher Gate, Nottingham, NG1 2FS
Web Address:  www.tdxgroup.com
Email: info@tdxgroup.com
Phone: 0115 953 1200

12. CAN I RESTRICT WHAT TDX GROUP DOES WITH MY PERSONAL DATA?

In some circumstances, you can ask TDX Group to restrict how they use your personal data. Your rights are set out at Article 18 of the GDPR. You can find the contact details for TDX Group in section 1 above.
This is not an absolute right, and your personal data may still be processed where certain grounds exist. This is:

  • With your consent;

  • For the establishment, exercise, or defence of legal claims;

  • For the protection of the rights of another natural or legal person;

  • For reasons of important public interest.

Only one of these grounds needs to be demonstrated to continue data processing.
TDX Group will consider and respond to requests we receive, including assessing the applicability of these exemptions.
 

13. WHO CAN I COMPLAIN TO IF I’M UNHAPPY ABOUT THE USE OF MY PERSONAL DATA?

TDX Group tries to ensure they deliver the best customer service levels but if you’re not happy you should contact us so they can investigate your concerns.

TDX Group contact details for consumer complaints:
Post: TDX Group Ltd, 8 Fletcher Gate, Nottingham, NG1 2FS
Web Address:  www.tdxgroup.com
Email: consumercomplaints@tdxgroup.com
Phone:  0115 953 1200


If you’re unhappy with how TDX Group has investigated your complaint, you have the right to refer it to the Financial Ombudsman Service (Ombudsman) for free. The Ombudsman is an independent public body that aims to resolve disputes between consumers and businesses like TDX Group. You can contact them by:

  1. Phone on 0300 123 9123 (or from outside the UK on +44 20 7964 1000) or 0800 023 4567

  2. Email on complaint.info@financial-ombudsman.org.uk

  3. Writing to Financial Ombudsman Service, Exchange Tower London E14 9SR

  4. Going to their website at www.financial-ombudsman.org.uk

You can also refer your concerns to the Information Commissioner’s Office (or ICO), the body that regulates the handling of personal data in the UK. You can contact them by:

  1. Phone on 0303 123 1113

  2. Email at casework@ico.org.uk (you need to add a subject line of 'Report a Concern')

  3. Writing to them at First Contact Team, Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

  4. Going to their  website at www.ico.org.uk

 

Looking for a new challenge? Join us at TDX Group

View Jobs
TDX @TDXComms

RT @letstalknlearn: #ready for today's workshops @TDXComms pic.twitter.com/pHE0VNwHH4

RT @LawyerMonthly: Stricter regulation needed as personal insolvencies set to rise by 17% in 2018. Richard Haymes, Head of Financial Diffi…

We're all ready to get stuck in to our third annual Learning Week 🤓 We've got loads of great sessions and workshops… https://t.co/5veC5TINM3