Privacy Policy

This Privacy Policy sets out how Intrum UK Limited and Intrum UK Finance Limited (together “Intrum”) uses and protects your personal data. Intrum may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25 November 2020.

Why do we have access to and process your personal data?

Under the terms of your original agreement with the lender of credit, your personal data may be passed to a third party in the event that repayments are not made as agreed for the purposes of debt collection.

Intrum UK Finance Limited is a debt purchase company and Intrum UK Limited is regulated by the Financial Conduct Authority (FCA). We are part of the Intrum Group. 

The original creditor has assigned your account and Intrum UK Finance Limited is now the legal owner.

Intrum UK Limited represents Intrum UK Finance Limited as servicer and deals with the day to day management of your account. Intrum UK Finance Limited is the data controller, and Intrum UK Limited is the data processor, unless we are not the owners of your account and act as data processor on the instructions of the data controller (the original creditor). In those circumstances we refer you to the original creditor’s privacy notice .

Following the assignment of your account, the original creditor transferred your personal data to Intrum UK Finance Limited. The data originates from when you first applied for credit and includes limited data collected by the original creditor during the life of your account, such as address updates, payment history and default details. All further information such as statements and copy agreements may be obtained from the original creditor upon request subject to availability.  

Debt collection is of public interest and we have a legitimate interest to process your personal data as your account has been legally assigned to us. The processing of your personal data is necessary to collect the debt and is allowed even if you do not consent to the processing.

In accordance with our legitimate interest we may also undertake activities such as:

  • Tracing;
  • Scoring to ensure compliance with good debt collection practices;
  • Enrichment of the data from different sources e.g. Credit Reference Agencies;
  • Obtain data from suppliers where our legal grounds for processing permits us to do;
  • Review historical cases we hold on you (from previous accounts serviced by us); and
  • Search public registers


We will verify that the data we hold on you is correct and share your data with approved third parties such as other debt collection agencies, process servers, solicitors and Credit Reference Agencies. Your data will be held securely in compliance with data protection legislation.

When we purchase your debt from your original creditor, we mainly receive anonymised data as part of the purchasing process and use the statistical and financial information we hold to predict the forecast of the portfolios we purchase. When the debt is purchased by us, we take on the rights and duties under your original agreement. When we collect the debt we do that to fulfil the terms of the agreement and process your personal data based on our legitimate interest.

Who we share your personal information with 


We may share your personal information with companies within the Intrum Group and the following organisations:

  • Third-party agents and advisers who we use to administer your account, such as approved debt collection agencies, tracing agents, process servers and solicitors.
  • The original creditor to comply with our obligations under the assignment (where we are the data controller).
  • Credit Reference Agencies (CRAs).

Please refer to the CRA's information notice:


In many circumstances, it will be necessary for Intrum to continue processing data, to protect the rights of another natural or legal person, or because it’s an important public interest of the union or member state. As CRA data is required to ensure responsible lending, it may be appropriate to continue processing data whilst a request for restriction is investigated.

  • Ombudsmen, regulators and other authorities. This may include law enforcement agencies and other local and government agencies (including social and welfare organisations).
  • Fraud prevention agencies.
  • Intrum’s independent financial and professional advisors.
  • Consultants or approved parties.
  • Executors of an estate.
  • Print and mail services.
  • Land Registry.
  • Legal advisors, insolvency practitioners and the courts in the event we pursue or defend legal actions in connection with your account.
  • Your nominated Debt Management Company or third party appointed to act on your behalf.
  • Approved subcontractors (suppliers who provide goods and services to us). Where this is necessary we will take all appropriate steps to safeguard your data and relevant rights and freedoms under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
  • Customer survey and research organisations to assist us in measuring your customer experience with Intrum.


We may also share your personal information if the structure of Intrum changes in the future:

  • We may choose to sell, transfer, or merge parts of our business, or our assets. Or we may seek to acquire other businesses or merge with them.
  • During any such process, we may share your data with other parties. We’ll only do this if they agree to keep your data safe and private.
  • If the change to our Group happens, then other parties may use your data in the same way as set out in this notice.

Our employees have been extensively vetted and will have access to your personal data. Access will be granted only if necessary for the purposes described and only where an employee is bound by an obligation of confidentiality.

What categories of personal data are you processing about me and why?

We hold the necessary categories of personal data for the management of your account. To be able to communicate with you and to ensure correct identification, we process your name, date of birth, contact details such as address history, telephone number(s) and e-mail address.

In order to evaluate your ability to repay we process financial information such as your payment history, default details, credit history information, information on your debt, income, assets, credit agreements, loans and credit rating. This is processed in order to undertake risk analysis and risk management, to agree repayment plans, to assess affordability and your current circumstances. 

To understand your circumstances and to make an informed decision on how to manage your account, we also process your reasons for non-payment subject to information you provide to us e.g. individual or family circumstances, work situation and/or any health conditions (see special categories of data) that may affect your ability to repay.

The personal data we hold is also required to enable us to pursue legal action and/or to obtain enforcement. Legal action is, however, used as a last resort having first exhausted all other available options to agree repayment. We also use your personal data to ensure good debt collection practices such as through scoring activities based on historic and performance-based information; by recording telephone conversations to train our employees and to document communications received from you. For our employees’ security and to keep your personal data safeguarded we also use closed-circuit television surveillance cameras within our place of business.

We have a legal obligation to provide your personal data when we are audited by regulatory authorities to prevent, monitor and evidence any fraud, money laundering and other criminal activities.

As part of our corporate responsibility we also provide anonymised statistics, scorecards and analysis where your data may be used to assist in the accurate pricing of portfolios, or to assist in the identification of new customer contact strategies to enable us to ensure fair customer outcomes.

The information we hold on you may be anonymised and used for developing our business. However, where necessary to secure your personal data and to ensure appropriate development of and changes in our IT system, your personal data may be used on an “as is” basis.  

Unless otherwise agreed with you or there is a legal requirement, we will not include special categories of personal information (see below).  

Are you processing any sensitive data (special categories of data) on me?

Unless otherwise agreed with you or where there is a legal requirement, or Intrum believes it is in your ‘vital interests’, we will not process special categories of personal information on you (often known as ‘sensitive personal data’ such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life). 

It may however benefit you to notify us of any health condition, disability and/or personal information relating to your private life that may impact on your ability to repay your account. This will allow us to take reasonable steps to accommodate your needs or requirements such as allowing sufficient breaks in your payment arrangement, providing breathing space (suitable time) to seek free independent debt advice, or adjusting your payment arrangement.

This information will be used by us to assist you and will be kept as long as it is required for this purpose, or until such time as you notify us that you no longer consent to its processing or it is unnecessary for the establishment, exercise or defence of legal claims. This is not a blanket right and Intrum will review your request to ensure its compatibility with Intrum's legal grounds for processing. 

When collecting any special categories of data disclosed by you in helping us understand your circumstances, we will obtain your specific and informed consent to process the data. We will also inform you at the point of capturing this data to whom the data will be disclosed. In most cases, this information may be disclosed to the original creditor as part of their ongoing auditing or as part of a dispute that you may raise that necessitates Intrum sharing this data accordingly.

Withdrawal of consent   

You have the right to withdraw your consent where Intrum is processing your data using consent as the legal basis. In the context of administering your account, this legal basis is only likely to apply, where you have disclosed ‘special categories’ of personal data to Intrum or where we are conducting a customer survey to obtain feedback from you in relation to a recent interaction with you.  We will (where our legitimate interest does not override this right) consequently stop processing the data.

Intrum reserves the right to continue processing the data, where we believe that it would not be in your ‘vital interests’. For example, where Intrum believes that to stop processing the data may result in significant harm to your well-being.

Do I have to provide you with my personal data?

Most (if not all) personal data that we process about you comes from another source other than yourself, such as the original client, Credit Reference Agencies and approved data suppliers.

You may choose to provide us with additional personal data or special categories of personal data. Such information helps us to manage your account with due care and diligence for your benefit. 

Will my personal data be transferred to another country?

As we are part of the Intrum Group, we may transfer your data to another country outside of the UK and European Economic Area (EEA). If we do so, we will ensure there are suitable safeguards in place to comply with the GDPR and the Data Protection Act 2018.

Generally your personal data will not be transferred outside of the UK and EEA. However, in cases of international debt collection, your personal data may be transferred to one of our representatives working in the relevant country.

We also use third party service providers to store or who may access your data, which may be located outside of the UK and EEA. These transfers are subject to special rules under European and UK data protection law. This means we can only transfer your personal data to a country or international organisation outside the UK/EEA where:

  • the European Commission has issued an ‘adequacy decision’ in relation to that country or international organisation; or
  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
  • a specific exception applies under data protection law

These are explained below.

European Commission adequacy decision

The European Commission has the power to determine whether a country provides an adequate level of protection for personal information and, if it does, to issue an ‘adequacy decision’. The effect of such a decision is that personal information can flow from the UK/EEA to that country without any further safeguards being necessary.

Transfers with appropriate safeguards

We may transfer your data to a third country on this ground where we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects.

The safeguards will usually include using standard data protection contract clauses approved by the European Commission. We will undertake a case by case assessment which will include reviewing the third party’s data protection laws and the terms of the data transfer to ensure it complies with EU law.

Transfers under an exception

In the absence of an adequacy decision or appropriate safeguards, we may transfer personal information to a third country where an exception applies under relevant data protection law, e.g.:

  • you have explicitly consented to the proposed transfer after having been informed of the possible risks;
  • the transfer is necessary for the performance of a contract between us or to take pre-contract measures at your request;
  • the transfer is necessary for a contract in your interests, between us and another person; or
  • the transfer is necessary to establish, exercise or defend legal claims


We may also transfer information for the purpose of our compelling legitimate interests, so long as those interests are not overridden by your interests, rights and freedoms. Specific conditions apply to such transfers and we will provide relevant information if and when we seek to transfer your personal information on this ground.

We may also disclose information to help prevent fraud, or if required to do so by law.

How long do you store my personal data?

We will retain your data as long as required for the lawful purpose for which it was obtained, as long as we have a legitimate interest to keep it e.g. to ensure good debt collection practices and to be able to defend ourselves against legal claims. We are also legally obliged to keep your personal data for a period of time to prevent and detect fraud, detect and evidence money laundering and for financial audits. For statistical purposes we will keep pseudonymised and anonymised data.

Where a debt is due and payable, this data will be retained until such time the debt is either extinguished (Scotland), paid (settled) or closed.

Data will be maintained in accordance with the following retention timescales:

  • Customer data (including correspondence) will be retained for six years following account closure to allow for the defence of legal claims;
  • Customer call recordings will be retained for a period of six months from the date of the call (this may be extended where a complaint or legal case necessitates the holding of the call recording for a longer period);
  • Intrum will process data for statistical purposes to help improve its debt collection practices. Where this is undertaken, personal details will be anonymised and retained for up to nine years;
  • We will also delete your data in our backups, but only when the backup tape comes up for destruction, according to our backup policy. Data on backups will be retained for a period of five years.

Will I be subject to automated decision-making?

You have the right to ask for a human to review an automated decision or profiling action where:

  1. There has not already been a human intervention;
  2. The decision or profiling is based solely on automated activity; and 
  3. The outcome of the profiling or decision making produces legal effects concerning you or similarly significantly affects you. 

Customers of Intrum do not currently have this right as the above conditions are not met. Intrum has reviewed its profiling activities and these do not have a significant impact upon data subjects until legal action is considered. Where legal action is considered a human review occurs. No automated decisions have a significant or legal impact on the individual. Intrum will however review new methods of processing data to identify whether this right would apply. This will be achieved through our privacy by design process.

What rights do I have?

It is important you understand that it is your personal data that we process and that we want you to be comfortable with us doing so. Even if we do not need your permission to process your personal data, you have certain rights in relation to the processing of your personal data.

Your rights - what does it mean?

Right to be informed:

You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the GDPR and Data Protection Act 2018. Intrum’s Privacy Policy provides you with information including: our purposes for processing the personal data, retention periods for that personal data, and who it will be shared with.

You can also refer to our Legitimate Interests Assessment (LIA) which provides our balancing test in relation to our legal grounds for processing your data. Our LIA can be found here

Right to access:

You may request information on how we process your personal data, including information on:

  • Why we process your personal data.
  • What categories of personal data we process.
  • Who we share your personal data with.
  • How long we store your personal data or the criteria for determining this period.
  • What rights you have.
  • From where we have received your personal data (if we have not received it from you).
  • If the processing includes automatic decision making (also known as profiling).
  • If your personal data has been transferred to a country outside of the UK and EEA, how we ensure the protection of your personal data.

All the above information is available in this Privacy Policy.

You may also request a copy of the personal data we process about you. This is known as your Right to Access. Additional copies where considered manifestly unfounded may be combined with a fee or rejected where deemed appropriate.

Right to rectification:

It is important that we have the right information about you and we encourage you to let us know if any of your personal data is incorrect, e.g. if you have changed your name or moved address.

Right to erasure (to be forgotten):

If we process your personal data in an unlawful manner, you may ask us to delete this information. It is however unlikely that we will delete your data unless you have settled the account or it is closed.

Right to restrict processing:

From the time you have requested we correct your personal data or if you have objected to the processing, and until we have been able to investigate the issue or confirm the accuracy of your personal data (or changed it in accordance with your instructions), you may be entitled to the restriction of processing. This means that we (except for storing the personal data) may process your personal data only in accordance with your consent, if necessary with reference to legal claims, to protect someone else's rights or if there is an important public interest in the processing.

In many circumstances, it will be necessary for Intrum to continue processing data, to protect the rights of another natural or legal person, or because it’s an important public interest of the union or member state. As CRA data is required to ensure responsible lending, it may be appropriate to continue processing data whilst a request for restriction is investigated.

Please note that once we believe that we have resolved the dispute or validated the accuracy of the data we hold, we will continue to process your data in accordance with our overriding legitimate interest.

Right to object:

If you believe that we do not have the right to process your personal data, you may object to our processing. In such cases, we may continue processing only if we can show our overriding legal grounds for processing out-weigh your rights and freedoms under the GDPR and the Data Protection Act 2018. However, we will process your personal data if it is required for the determination, exercise or defence of legal claims (note that this right only provides you with the ability to raise your objections, not a blanket right to have any and all processing ceased).

Rights in relation to automated decision making and profiling: 

Intrum does not make decisions based solely by automated means without human involvement. Intrum does undertake profiling as detailed within this Privacy Policy, however, all accounts are subjected to a manual review and Intrum does not carrying out solely automated decision-making that has legal or similarly significant effect.

Right to data portability:

Where processing is based on your consent or for the performance of a contract and where the processing is carried out by automated means, you have the right to data portability. As outlined within this Privacy Policy, Intrum will in most circumstances process your data under its legitimate interest to do so. As your account will be subjected to a manual review at periodic points throughout its lifecycle, our processing is not solely carried out by automated means. Whilst it is unlikely that this right will apply in the context of our processing, Intrum will consider requests where you feel this right applies. 

If you wish to forward a request regarding any of your privacy rights, you can view our guidance on how to do this electronically here Data subject rights | Intrum UK. You can also submit your request in writing to Intrum UK Limited, The Omnibus Building, Lesbourne Road, Reigate, Surrey RH2 7JP.

How to complain about the use of your data or exercise my rights? 

If you wish to raise a complaint about how we handle your personal data, including in relation to any of the rights outlined above, you can contact our Data Protection Officer at or write to Data Protection Officer, Intrum UK Limited, The Omnibus Building, Lesbourne Road, Reigate, Surrey, RH2 7JP and we will investigate your concerns.

If you are not satisfied with our response, or believe we are processing your data unfairly or unlawfully, you can complain to the Information Commissioner’s Office (ICO). You can find further information about the ICO and their complaints procedure here


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to our customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website experience by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

How do I disable cookies?

If you want to disable cookies you need to change your website browser settings to reject cookies. How to do this will depend on the browser you use and we provide further detail below on how to disable cookies for the most popular browsers:-

For Microsoft Internet Explorer:

  1. Choose the menu “tools” then “Internet Options”
  2. Click on the “privacy” tab
  3. Select the appropriate setting

For Google Chrome:

Click the Chrome menu on the browser toolbar (Three vertical dots)

  1. Select Settings
  2. Click on Advanced to show advanced settings
  3. In the "Privacy" section, click the Content settings button
  4. In the "Cookies" section, you can change to your preferred setting

For Mozilla firefox:

  1. Choose the menu “tools” then “Options”
  2. Click on the icon “privacy”
  3. Find the menu “cookie” and select the relevant options


What happens if I disable cookies?

This depends on which cookies you disable, but in general the site may not operate properly if cookies are switched off. If you only disable 3rd party cookies you will not be prevented from properly using this site. If you disable all cookies you may not be unable to use dynamic areas of this site.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and look at the Privacy Policy applicable to the website in question.

Accessing your personal information

You may request details of personal information which we hold about you under the General Data Protection Regulation and Data Protection Act 2018. Whilst Intrum will not charge you to access the information you have requested, we reserve the right, where additional copies are requested and are considered manifestly unfounded, to charge a fee or reject the request where deemed appropriate.

If you would like to request a copy of the information held on you please visit our contact us page or complete a form here and send to

If you believe that any information we are holding on you is incorrect or incomplete, please contact us as soon as possible. We will promptly correct any information found to be incorrect.