Our clients can rightfully expect that we will treat their data with the same high level of security and privacy as we do our own data. This is always in accordance with applicable data, privacy, and compliance legislation.

Debt Register follows a data minimisation approach. We process the names and email addresses of our clients only for the purposes of fulfilling our contractual obligations. We process only the names and email addresses of the debtors that our clients upload to our platform. Client data will only be processed for the purposes for which it was provided, and for no other reason. Access to the data is restricted to pre-defined and tightly controlled groups of employees only.

Client provided personal data is only accepted via secure encrypted transfer protocols.

To meet the requirements of applicable data protection legislation, we have put in place an information security management system (ISMS) and comply with the ISO 27001 standards. Debt Register is working towards ISO27001 certification.

Amazon Web Services (AWS)
Debt Register hosting and backup services are managed by AWS from their secure data centre. A statement of their compliance can be found here:
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/aws-overview.pdf#security-and-compliance

Training
We have a mandatory training program for all our staff who process personal data to ensure a high level of awareness and compliance with requirements of local data protection laws.

Data Retention Policies
Should an individual record or in individual piece of data need to be deleted, this will be deleted permanently from our database. This deletion will include the permanent deletion of any backups stored, and a new back up will be created at the point of deletion.

Data Protection Officer
We have appointed a Data Protection Officer (DPO) – Mr John Sullivan, who is responsible for leading our compliance program on privacy matters, and can be contacted at dpo@debtregister.com. The ICO have been notified of his appointment.