Privacy policy
Our privacy promise
Sheriffs High Court Enforcement Limited t/a The Sheriffs Office respects your privacy rights and is committed to protecting your personal data.
What does this mean for you?
Our privacy notice provides you with information about how we, Sheriffs High Court Enforcement Limited t/a The Sheriffs Office, use your personal data for delivering our services, which include the enforcement of writs and warrants of control and possession, Compulsory Purchase Orders, instructions at common law to recover possession of land and premises, tracing services and general debt collection for our clients.
Sheriffs High Court Enforcement Limited t/a The Sheriffs Office will, when delivering these services, collect and use personal information only which is relevant to the work that we are undertaking and which will be controlled, stored and processed in accordance with the General Data Protection Regulations (GDPR), howsoever it is collected, recorded and used; whether it be on paper, in electronic media form (e.g. in a computer system), or recorded by other means.
We consider the lawful and correct treatment of personal information by the company as critical in maintaining the confidence of our clients; we therefore manage and process personal information lawfully and correctly.
You can contact the Group Data Protection Officer (DPO) at: 2 Marine Road, Colwyn Bay, Conwy, Wales, LL29 8PH, or alternatively by email on: datacontroller@hcegroup.co.uk
If you would like to contact Sheriffs High Court Enforcement Limited t/a The Sheriffs Office directly regarding your data, please write to: The Data Protection Officer, 2 Marine Road, Colwyn Bay, Conwy, Wales, LL29 8PH, or alternatively email: datacontroller@hcegroup.co.uk
1. Who are Sheriffs High Court Enforcement Limited t/a The Sheriffs Office?
Sheriffs High Court Enforcement Limited t/a The Sheriffs Office is a data controller of your personal data. We are regulated by the Ministry of Justice. As a data controller we are registered on the Information Commissioner’s Office (ICO) website.
2. What types of personal data do we collect and how do we collect it?
We adhere to the Principles of Data Protection, as set out in the Data Protection Act 2018 and the General Data Protection Regulations (GDPR), which came into force in May 2018.
Specifically, these Principles require that personal information:
- Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met
- Shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
- Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
- Shall be accurate and, where necessary, kept up to date
- Shall not be kept for longer than is necessary for that purpose or those purposes
- Shall be processed in accordance with the rights of data subjects under the Act
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
- Shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data
We will, through appropriate management and by the strict application of criteria and controls:
- Observe fully the conditions regarding the fair collection and use of information
- Meet our legal obligations to specify the purposes for which information is used
- Collect and process appropriate information and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements
- Ensure that the quality and accuracy of information used is adequate and is maintained
- Apply strict checks to determine the length of time information is held and that it is stored for no longer than is necessary
- Ensure that the rights of people about whom information is held are able to be fully exercised under the Act and Regulations
- Take appropriate technical and organisational security measures to safeguard personal information
- Ensure that personal information is not transferred abroad to countries to which transfers are not permitted under the GDPR
We receive basic personal data from our clients, HM Courts and Tribunals Service and other statutory authorities when Court orders or instructions are issued to us for enforcement or collection relating to:
- Claimants/creditors - information that can be used to identify you as an individual such as name, address and contact information
- Defendants/debtors - information that can be used to identify you as an individual such as name, address and contact information
The personal information which is obtained consists of name, address(es) and details of the judgment, warrant or order made or issued by the Court or statutory authority, which consist of the details of monies due, the premises or land to which a judgment or order refers or specific actions defined in the judgment, warrant or order; for example the delivery of specific items to specific persons.
Occasionally, we will be provided with information concerning potential vulnerability, generally by the data subject, or by persons or agencies acting on his or her behalf. This information may, therefore, relate to the data subjects’ health.
Special categories of personal data
UK Data Protection legislation defines certain personal data as special category data such as data regarding your ethnic origin, physical health, and mental health.
If you ever disclose this type of personal data to us we will only need to keep this on record if it is necessary for the services we are providing. Where we do need to keep this data we will always request your explicit consent. We will only store this data for as long as it is relevant. You have the right to withdraw your consent at which point we will delete the special category data from our records.
If you disclose special category personal data to us without us having the opportunity to obtain explicit consent, for example if you send a letter to us detailing your medical situation, you will thus have given your consent for us to process that data.
Where we consider it necessary to record the special category personal data you give to us, we will securely record this information.
How do we collect your personal data?
We collect your information in the following ways:
- We obtain data from our client and any appointed agent of our client and from HM Courts and Tribunals Service or other statutory authorities
- We keep records of correspondence between us, including letters, email and SMS
- We record phone calls between you and our staff for training and monitoring purposes and to improve and enhance the service we offer you
- We operate CCTV systems at our business premises, if you were to visit our office your image could be captured on CCTV
- Our Enforcement Agents use Body Worn Video Cameras (BWVC) and when you are visited your image and voice will be captured
- We access third party data sources and combine and process data from those sources with your personal data. Examples of such third party data sources include the Land Registry, Credit Reference Agencies (CRAs), registers of court judgments, bankruptcy searches, postcode lookup databases and telephone number verification databases
- Third parties that we appoint may collect personal data from you and pass it on to us
- When you use our website, we collect information concerning your usage of the website, behavioural patterns, which pages you viewed, traffic data and the originating domain name of your internet service provider
3. How do we use your personal data?
The data which we obtain, store and process is necessary and is used to enable us to enforce the instruction, writ, warrant or order and thereby comply with the directions contained in the instruction, writ, warrant or order, and with any order subsequently made relating to the enforcement of that instruction, writ, warrant or order.
Administrative staff and Enforcement Agents are employed by us act to enforce the instruction, writ, warrant or order. We also enforce such instructions or other orders as may be directed to us and which are made by any person or entity authorised by the laws of England and Wales to issue such order or instruction.
When we are required to obtain health information where it is relevant to issues of vulnerability, as provided under regulations 10 and 23 of Part 2 of The Taking Control of Goods Regulations 2013, governing the enforcement of such orders, the information obtained is used by administration staff and Enforcement Agents to alert creditors where they have identified such debtors. Enforcement Agents and relevant staff are trained to recognise and to manage interactions with vulnerable debtors, and when to withdraw from such situations.
The information thus obtained will be used to contact the defendant(s)/debtor(s) in the enforcement action, by email, telephone or SMS text message or by means of an attendance by an Enforcement Agent.
We confirm that no part of our enquiry will be sub-contracted to any other person or company without prior client approval or by order of the Court. No information concerning the data subject given to us by our clients or obtained during the course of our enforcement actions will be used for any other purpose. At all stages of the enforcement process we act as a data controller and as such we will fully comply with the GDPR and with the Data Protection Act and its guiding principles.
We also use your personal data to manage our operations and improve our services to you and our clients, manage security, risk and crime prevention, meet our regulatory requirements and to undertake statistical analysis for business improvement.
For us to process your personal data we need to have a justified legal basis, this means that processing your personal data must be necessary. The table sets out the lawful basis that we rely upon in order to lawfully process your personal data.
Business process
- Enforcement action, as instructed by our clients
Our lawful reason for processing
- Performance of a contract
- Compliance with a Court Order or a legal obligation
How do we use your data
- As a business our operations are the enforcement of Court Orders on behalf of our clients. As part of the enforcement process we may be asked by our client to undertake trace activities; validate your identity, contact you in writing, by email, by SMS and telephone, agree payment arrangements, process payments and take litigation.
Business process
Management of your account
Our lawful reason for processing
- Compliance with a legal obligation
- Legitimate interests
- Performance of a contract
How do we use your data
- As a business, we have an obligation to manage your account on behalf of our client. We have a legitimate interest in understanding your ability to repay the outstanding balance as well as how best to communicate with you; in order to do this at times we will use statistical analysis and automated processes to make decisions about how best to engage with you.
Business process
- Training, monitoring and improving our service
Our lawful reason for processing
- Compliance with a legal obligation
- Legitimate interest
How do we use your data
- In order to ensure we provide the best service we can, we use recordings of telephone calls and Body Worn Videos which will contain personal data of our customers, to train staff.
- We monitor your website usage, collecting info to improve our service, business efficiencies and, statistical and analytical activities
Business process
- Complying with Legal and regulatory requirements
Our lawful reason for processing
- Legitimate interests
- Performance of a contract
- Compliance with a legal obligation
How do we use your data
- At times we share data with other third parties where we have a legal or regulatory requirement to do, for example His Majesty’s Courts and Tribunal Service, the Enforcement Conduct Board.
4. How long do we keep your personal data?
Once enforcement has been completed, we are required to retain the detailed information recording the enforcement of the writ, warrant or order for 6 years in accordance with the Limitation Act 1980. Because we are required by statute and regulation to enforce instructions directed to us, we are not able to delete personal data stored for the purpose of enforcing such instructions or orders. At no stage will we divulge to a third party any personal data unless specifically ordered to do so by the Court.
5. Who do we share your personal data with?
We may at some point during the enforcement process need to share your personal data with other organisations:
- HM Courts and Tribunals Service
- Solicitors where they are acting on our behalf
- Other companies that may help us to validate that the data we hold is accurate or to obtain new information – for example a new telephone number
- The original creditor
- Any person or company that you instruct us to liaise with – for example, a friend, family member, representative or a Debt Management Company.
Whenever we engage with a third party we ensure that the third party has a similar level of safeguards and controls in place before sharing your personal data with them.
6. Transferring your personal data outside of the United Kingdom
We may transfer your personal data to organisations that operate outside of the United Kingdom but only to specific and authorised organised organisations within the European Economic Area for the purpose actioning an Order from a European Court.
Where we do transfer your personal data outside of the United Kingdom, we will ensure that your data is protected and any suppliers are part of the privacy shield, and/or that the appropriate contractual requirements are in place.
7. Sharing information to prevent crime or harm
We have systems that protect our customers and ourselves against fraud and other crime, including money laundering. Customer information can be used to prevent crime and trace those responsible.
As part of our ongoing monitoring of your account and to service your account, we have legal obligations that require us to obtain certain personal details to validate your identity. If false or inaccurate information is provided by you, or if fraud or another financial crime is identified or suspected, we will obtain publicly available information, such as media reports or regulator publications, which may contain personal details about you such as any criminal convictions. If fraud or another financial crime is identified or suspected, we will be required to pass your personal data to fraud prevention agencies or other authorities for the prevention and/or detection of financial crime. We have legal obligations to pass this data to fraud prevention agencies and this is our legal basis for sharing personal data in this way.
The agencies we may share your personal data with are:
- The National Crime Agency
- Action Fraud
- The Police Service
- HM Revenue and Customs
- HM Courts and Tribunals Service
If we have reason to believe that you are in prison, we will obtain publicly available information, which may contain some of your personal data such as the name of the Prison you are in and the length of your sentence, to update the information we hold about you and to manage your account in the most appropriate way.
If we have reason to believe that you are in immediate danger, we will pass your personal data, including any details we have about your physical or mental health, to the Police and other emergency services in order to protect your vital interests.
8. How can you manage your data?
Managing your account
As a client of Sheriffs High Court Enforcement Limited t/a The Sheriffs Office you are able to access much of the data we hold that allows us to provide our services to you. You can do this via our website that can be access on https://clients.thesheriffsoffice.com/login
Your rights
Object to processing
You have the right to object to us processing your data if the processing itself is an unwarranted interference with your interests or rights. You can find out more about how and why we process your personal data in section 3 ‘How we use your personal data?’
If you still believe that you have a valid and justifiable reason to exercise this right you can contact us on the details below.
Restrict processing
If you believe we are processing your personal data unlawfully or you believe that we no longer need your personal data you have the right to request that we restrict the processing of your personal data.
Right to be forgotten
Under data protection legislation you have the right to request that we delete your personal data if you believe we no longer have a lawful basis to process it. If you feel that we should not be processing your personal data you can submit a request on the below details.
Right to rectification
If you believe that any of the personal data we hold for you is incorrect, it is important that you make us aware as soon as possible, for example if you have a new phone number, email address or have moved address.
Automated profiling and decision-making
At times, we use the personal data we hold on you to conduct profiling and automated decisions, for example, how best to engage with you.
The new data protection legislation changes stipulate that where profiling or automated decision making produces a legal effect or similarly significantly affects you, we need to make you aware of your right to object. We do not believe that the profiling and decision-making that we conduct has either a legal effect or similarly significant impact on you but we will keep such processes and controls under review and update this notice accordingly.
Your right to portability
You have the right to request that we transfer personal data that you have provided to us either to yourself or another data controller. You can exercise the right to data portability by contacting us on the below details (please use “Right to Portability” as the subject of your communication):
Write: The data controller, Sheriffs High Court Enforcement Limited t/a The Sheriffs Office, 2 Marine Road, Colwyn Bay, Conwy, Wales, LL29 8PH
Email: datacontroller@hcegroup.co.uk
Accessing your data
You have the right to see the personal data relating to you that we hold. As a data controller we will also ensure that we provide any additional personal data that any of our data processors may hold about you.
We take the protection of your personal data seriously, because of this we reserve the right to request proof of identity before supplying any information.
Once we have validated your identify we will aim where possible to respond to your request within a calendar month. We typically will send your personal data by Royal Mail Recorded Delivery, if however you wish to receive it in a different format, for example on an encrypted disk, then please let us know.
In order to make this request please contact us on the below details (please use “Subject Access Request” as the subject of your communication):
Write: The data controller, Sheriffs High Court Enforcement Limited t/a The Sheriffs Office, 2 Marine Road, Colwyn Bay, Conwy, Wales, LL29 8PH
Email: datacontroller@hcegroup.co.uk
9. Cookies
Our website does operate cookies. We will always ask you on the homepage whether you want us to place a cookie on your computer. The vast majority of web browsers accept cookies, however you can manually change your browser settings so that cookies are not accepted. If you do this, you may lose some of the functionality of our website. Any cookies placed by us will not store or collect any personally identifiable information.
We use cookies and similar technologies for several purposes, including:
- Storing your preferences and settings. Settings that enable our products to operate correctly or that maintain your preferences over time may be stored on your device. For example, if you enter your city or postcode to get information on our website, we may store that data in a cookie so that you will see the relevant local information when you return to the site. We also save preferences, such as language, browser and multimedia player settings, so those do not have to be reset each time you return to the site.
- Sign-in and authentication. When you sign into a website using your account credentials, we store a unique ID number, and the time you signed in, in an encrypted cookie on your device. This cookie allows you to move from page to page within the site without having to sign in again on each page. You can also save your sign-in information so you do not have to sign in each time you return to the site.
- Security. We use cookies to detect fraud and abuse of our websites and services.
- Storing information you provide to a website. When you provide information on our websites, we store the data in a cookie to remember the information you have added.
- Social media. Some of our websites include social media cookies, including those that enable users who are logged in to the social media service to share content via that service.
- Feedback. We may use cookies to enable you to provide feedback on a website.
- Analytics. In order to provide our products, we may use cookies and other identifiers to gather usage and performance data. For example, we use cookies to count the number of unique visitors to a web page or service and to develop other statistics about the operations of our services. This includes cookies from us and from third-party analytics providers.
- Performance. We use cookies for load balancing to ensure that websites remain up and running.
For more information about cookies and how to disable them please go to: www.aboutcookies.org.
10. How to complain
If you would like to make a complaint or have a query about how we use your personal data, you can contact us on the below details:
Write: The data controller,Sheriffs High Court Enforcement Limited t/a The Sheriffs Office, 2 Marine Road, Colwyn Bay, Conwy, Wales, LL29 8PH
Email: datacontroller@hcegroup.co.uk
If you are unhappy about how we have handled your complaint you have the right to complain to the Information Commissioner’s Office:
Website: https://ico.org.uk/concerns/
Call: 0303 123 1113
Updated 21st March 2023