This notice sets out the principles upon which we receive and process personal data in relation to insolvency appointments and provides information we are required to disclose pursuant to the General Data Protection Regulation (GDPR).
The name and contact details of our organisation
The Data Controller is Greenfield Recovery Limited of Trinity House, 28-30 Blucher Street, Birmingham B1 1QH.
Where an Insolvency Practitioner is appointed as an officeholder, data may be generated as part of that assignment. The officeholders of our firm are Sajid Sattar, Margaret Carter and Alex Dunton.
The name and contact details of our representative
Any officeholder of this firm (listed above) may be contacted in relation to Data Protection matters arising in relation to formal insolvency appointments. They can be contacted by phone on 0121 201 1720.
The purposes of the processing
The Insolvency Practitioners of this firm are licensed by the Institute of Chartered Accountants in England and Wales to provide advice to companies and individuals regarding their financial circumstances and act as Liquidator, Administrator, Trustee in Bankruptcy, Supervisor of a Voluntary Arrangement or Administrative Receiver.
The officeholders’ duties and responsibilities are governed by statutory and regulatory obligations, primarily the Insolvency Act 1986. The purpose of processing personal data is to enable the officeholders to meet their statutory and regulatory obligations in formal insolvency appointments and, where advice is given outside of a formal insolvency appointment, the purpose of processing data is to possess sufficient information to provide that advice.
The lawful basis for the processing
Due to the varied nature of insolvency assignments, the exact nature and purpose of the processing will be dependent upon the circumstances of the case and the individual involved. The lawful basis of the processing will be one of the following:
- Legal Obligation - A legal obligation to which the Data Controller is subject;
- Public Task - The processing is necessary to perform a task in the public interest or for the Data Controller’s official functions, and the task or function has a clear basis in law.
- Contract - The processing is necessary for a contract the Data Controller has with the individual, or because the individual has asked the Data Controller to take specific steps before entering into a contract.
- Legitimate Interest - The processing is necessary for the Data Controller’s legitimate interests.
The legitimate interests for the processing
When acting as an officeholder, it may be necessary to bring or defend proceedings for the officeholder to comply with their regulatory obligations. Where data is processed as a result of a legitimate interest of the Data Controller, it is anticipated that this will be for the purpose of defending or bringing a legal claim (or any potential future claim).
The categories of personal data obtained
The types of personal data we may hold about an individual will vary depending on the purpose for which the data is collected, however it is likely to consist of one or more of the following:
- Date of Birth
- Email Address
- Phone Number
- Employment Details
- Financial Information
This information will be held as part of the records of an insolvent entity to enable the officeholders of this firm to carry out their statutory and regulatory requirements.
The recipients or categories of recipients of the personal data
Personal data will only be shared with other parties where it will assist with one of the Data Controllers’ lawful basis for processing data.
The data may be shared with the following parties:
- Government organisations including, but not limited to, the Insolvency Service, the Redundancy Payments Service and HM Revenue & Customs;
- Valuation or other Agents;
- Any organisation with which the Data Controller is legally obliged to provide that information.
The details of transfers of the personal data to any third countries or international organisations
Personal data will only be transferred outside of the EU in compliance with the conditions for transfer set out in Chapter V of the GDPR.
The retention periods for the personal data
Officeholders are required to maintain records relating to insolvency appointments for a minimum period as specified in the Insolvency Practitioner Regulations 2005. This specifies that certain records must be maintained until:
(a) the sixth anniversary of the date of the grant to the insolvency practitioner of his release or discharge in that case; or
(b) the sixth anniversary of the date on which any security or caution maintained in that case expires or otherwise ceases to have effect,
whichever is the latest.
Accordingly, personal data created by an officeholder will be maintained for the periods set out above. Certain records may be maintained for a longer period to comply with other legal or regulatory obligations or because it is in the Data Controller’s legitimate interests to do. Records will be maintained no longer than necessary to achieve this purpose.
The rights available to individuals
Individuals have the following rights with respect to personal data processed by Insolvency Practitioners:
- The right to be informed - Individuals have the right to be informed about the collection and use of their personal data;
- The right of access to personal data;
- The right to rectification – individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete;
- The right to erasure, in certain circumstances;
- The right to restrict processing, in certain circumstances;
- The right to data portability, where the lawful basis for the processing of the data is consent, or for the performance of a contract;
- The right to object to the use of personal data, in certain circumstances;
- The right to withdraw consent (where the data is processed on the basis of consent obtained);
- The right to lodge a complaint to the Information Commissioners Office.
Further information about an individual rights in relation to the processing of their personal data is available at the Information Commissioners website at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Books and Records of entities subject to insolvency proceedings
Officeholders have, in most cases, a statutory and regulatory obligation to take control of books and records created by an in insolvent entity. It is anticipated that in the majority of cases, Greenfield Recovery will not be the Data Controller in respect of those records.
Any records obtained by the officeholder will be retained securely. The records will be retained until the expiration of the retention periods set out in section 5.6 of R3’s Technical Bulletin 104. In the case of administrations moving to dissolution or voluntary liquidations, the records can be destroyed at any time after the expiry of a year after the company’s dissolution.
In bankruptcies and compulsory liquidations, the officeholder can, on the authorisation of the Official Receiver, sell, destroy or otherwise dispose of the entity’s records at any time. Authorisation will be sought following the Insolvency Practitioner’s release from office in these cases.
Where there is a specific reason to retain records for a period longer than that set out above, the records will be retained no longer than is necessary.