Sigma Financial Group Privacy Policy
Company Structure and Overview
Sigma Connected is a diverse business that provides customer lifecycle outsourcing solutions ranging from customer service collections and debt resolution services, across a broad range of vertical sectors through a white label arrangement and under our own brands.
Brands in the Sigma Group are Sigma Connected, Sigma, Sigma Red, Sigma International, Sanclare (UK) Limited, Clanchatton Birmingham Limited, McLaren Credit Services and ReachOut.
Data Controllers and Data Processors
For general enquiries, for our current or former employees and for applicants looking to start a career here, we are a Data Controller. For some of our debt collection activities, we are also a Data Controller. But, if we have made contact with you on behalf of one of our clients, it is most likely that we are a Data Processor.
This document explains how we will collect, store and use your data in compliance with GDPR.
Who we are
McLaren Credit Services, ReachOut, Sigma and Sigma Red are trading styles of Clanchatton Birmingham Limited and we are registered with the Information Commissioner’s Office and you can find us on the UK Data Protection register here. Our registration number is Z5155974.
Sanclare (UK) Limited is registered with the Information Commissioner’s Office: Z8047183
The type of personal information we collect and legal basis for processing
| For employees and applicants, we act as a Data Controller and we collect basic personal information about you such as your name and address and other contact details. Any information you choose submit via our online form may add to the types of personal data we collect and, in order to deal with your enquiry, we will process that data under the legal basis of consent.If you apply for a role with Sigma, we will provide further privacy information and successful applicants receive an employee privacy notice when their employment commences.We will call this Employee Data. | For many of our clients, we process your data on their behalf and that makes us a Data Processor.We still treat your data with the utmost care, but our privacy policy doesn’t really apply to you. You will need to contact the company we are working for or perhaps visit their website.For our ReachOut customers, we act as a Data Processor, but we have agreed with our clients that we will only share any sensitive data collected during the call with your explicit consent. We will call this Client Data. | For direct customers, we are a Data Controller. We collect basic personal information about you such as your name, address and other contact details. We may also have detail about accounts and balances. We process this data under the legal basis of legitimate interest. We will call this Customer Data. |
What do we use this data for
| Employee Data | Client Data | Customer Data |
| This data is used to process your application or enquiry. | This data is used to provide service to you on behalf of our client. | This data is used so that we can make contact with you with a view to recovering outstanding balances. |
| We may also use call recordings for the purposes of training, quality assurance or complaint handling purposes. |
Who we share your data with
We are great at talking to people. But we understand that there are companies out there that are great at things other than talking and so we use them to help us provide a world class service.
Below is a list of organisations we use, the data they process for us and why.
| MaxContact Manchester, M1 2AP | Name, phone number, account number. | MaxContact provide telephone dialling management software to help us dial more efficiently.https://www.maxcontact.com/privacy-policy |
| ORCAHarrogate, HG3 1GY | Name, phone number, account number and balance. | http://www.adtecsoftware.co.uk/privacy-cookies/ |
| Central Mailing Services Limited Birmingham, B24 8TQ | Name, phone number, account number and balance. | We use CMS to send letters via normal mail.https://www.centralmailing.co.uk/privacy-policy/ |
| SimplyShred (Employee data only) Walsall, WS2 8RQ | Name, contact details, DBS checks, proof of identification. | We operate a paperless environment. So if you provide paper records to us, we scan them on to our network and use this supplier to confidentially destroy paper records.https://www.simplyshred.co.uk/privacy-policy/ |
| Twilio Sendgrid London W1D 3QB | Name, phone number, account number and balance. | We use a product called Sendgrid by Twilio to send secure emails to customers.https://www.twilio.com/legal/privacy |
| Complete Communication Services Limited Stoke on Trent, ST1 5TQ | Name, phone number, account number and balance. | We use CMS to send letters via ‘cloud’ mail, i.e. a virtual letter where a link is sent via text message.https://www.completecommunicationsolutions.co.uk/privacy-policy.pdf |
| Essendex Nottingham, NG1 5FW | Name, mobile phone number. | Essendex provide SMS (text message) broadcast services for us.https://www.esendex.co.uk/privacy-policy/ |
| Docebo (employee data only) London, EC3V 0EJ | Name, email address. | Docebo operate our Learning Management System. If you join Sigma, we add your name and work email into here so that we can teach you things and create a training record for you.https://www.docebo.com/docebo-privacy-policy/ |
| Sigma InternationalCape Town, South Africa | Name, contact details, balance. | Sigma International is a fully-fledged member of the Sigma Family based in South Africa. We have nearly 1000, committed, contact centre agents there! |
All of our processors and sub-processors are held to the highest standards in our contracts with them and are required to also adhere to the same, high, GDPR standards we adopt ourselves.
Very occasionally we speak to people who appear to be in great distress. Where we think it is appropriate, we may refer those details on to the emergency services or welfare services. We would always try to get permission first, but data protection laws allow us to do this where we believe someone is at risk.
How we store your personal information.
Your information is securely stored in UK datacentres. We have some very clever people in our IT team who continually check to ensure that we have the latest firewalls, the most up to date security and the best equipment. We train our staff regularly on data protection and information security and we are proud to hold both the ISO27001 Information Security Standard and the ISO9001 Quality Standard.
You are important to us. Your data is important to us.
How long we will store your data
| Employee Data | Client Data | Customer Data |
| Employee – We keep employee data for 6 years after the date your employment ends. Applicant – We keep information on people who have applied for a job for 12 months, we then seek permission to keep it for a further 12 months. If permission is not granted we permanently delete all your data. | When we process your data on behalf of one of our clients, we do so as a data processor and therefore we do so on the clear instructions given to us. Each client has their own privacy policy which you can usually find on their website. Whatever rules for deletion they provide there is what we will do. | ReachOut – We keep call recordings for 12 months, then they are permanently deleted. We keep any information about you in our database for 12 months from the last contact we had with you, then we permanently delete that too. McLaren Credit Services – To meet our regulatory requirements, we keep this data for 6 years after we have finished processing your account. |
Processing outside of the UK.
All of your data is stored in the UK. But to make our service as efficient and effective as possible, some processing does occur outside of the UK. When we do this, we make absolutely sure that we can hold them to the same high standards we insist on for ourselves. All overseas processing is carried out under appropriate safeguards and for that we use something called the Standard Contractual Clauses. These set the expectations we have, they give clear instructions for the processing to be carried out and they provide all the necessary protections for you and your data.
Your data protection rights
Here in the UK, our data protection laws give you lots of rights in relation to your data. These are really important for your privacy and to make sure that you have full control over any information that exists about you.
This is a list of your rights and how you can exercise them if you feel you need to.
- You have the right of access – if you want to know what information any data controller holds about you, you have the right to ask for copies of your personal information. You can do this by any communication method and we will not charge you for doing so.
- You have the right to rectification – if you think any information that we hold about you is incomplete or inaccurate, tell us. We are required to rectify that information.
- You have the right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- You have the right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- You have the right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
- You have the right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
All of these rights are free to you from us or any other organisation holding your data. If you make a request, we have one month to respond to you.
You can contact us on the details at the top of this notice to make a request in relation to your rights, or if you have a question about them.
How to complain
If you are worried in any way about our use of your personal information, you can talk to us about it using any of the contact methods in this document. If you are so worried you wish to make a complaint, please contact our Data Protection Officer at:
Peter Hopgood-Gravett, The McLaren Building, Birmingham, B4 7LR, UK.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
What now?
That’s everything we think you might want to know about how we collect, use and store your data. If you have any questions, please drop us a line.
Other than that, we thank you for reaching out and look forward to speaking with you.
Website cookies
Click here to view the list of cookies we have on our website
