Data Processing Agreement

This Data Processing Agreement (DPA) forms part of the terms and governs the processing of personal data by CM Debt Recovery on behalf of its clients.

Purpose: The DPA ensures data is processed in accordance with GDPR and the Data Protection Act 2018.

Processing Details: CM Debt Recovery processes personal data as necessary to provide debt recovery services. Data may include names, contact details, account references, and payment history.

Security Measures: CM Debt Recovery implements appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage.

Confidentiality: All personnel authorised to process personal data are subject to confidentiality obligations.

Sub-processors: CM Debt Recovery will not engage sub-processors without written consent from the client and will ensure all sub-processors are contractually bound to adhere to data protection obligations.

Data Subject Rights: CM Debt Recovery assists clients in responding to data subject requests, including access, rectification, deletion, and portability.

Data Breaches: In the event of a data breach, CM Debt Recovery will notify the client without undue delay, providing sufficient information to meet any obligations to report or inform data subjects.

Return or Deletion of Data: Upon termination of services, CM Debt Recovery will return or securely delete all personal data held on behalf of the client, unless otherwise required by law.

Audit Rights: Clients have the right to audit CM Debt Recovery’s data processing activities to ensure compliance with the DPA.