Paragon Credit Management | UK Debt Recovery Specialists

GET STARTED
PAY NOW

Privacy Policy

Privacy Policy – Paragon Credit Management

Last updated: [04/06/2026]

Paragon Credit Management (“we”, “us”, “our”) is a UK‑based commercial debt recovery agency providing credit management and debt collection services to businesses. We are committed to protecting your personal data and ensuring transparency in how we process information.

This Privacy Policy explains how we collect, use, store, and protect personal data when you visit www.paragoncm.co.uk or when we contact you as part of our debt recovery activities.

1. Data Controller

Paragon Credit Management, email: info@paragoncm.co.uk

We are the Data Controller for the personal data we process in connection with our debt recovery services.

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

A. Data provided by our clients (creditors)

  • Name and contact details of debtor representatives
  • Business addresses
  • Email addresses and phone numbers
  • Account references
  • Outstanding balance and payment history
  • Contractual documents
  • Correspondence and notes relating to the debt

B. Data we collect directly from you

  • Information provided via phone, email, web forms, or post
  • Payment information (we do not store full card details)
  • Any documents you send to us

C. Website data

  • IP address
  • Browser type and device information
  • Cookies and analytics data
  • Pages visited and interaction data

D. Special category data

We do not intentionally collect special category data. If you voluntarily disclose such information (e.g., health‑related circumstances), we will process it only with your explicit consent or where legally required.

3. Lawful Bases for Processing

We process personal data under the following lawful bases:

A. Legitimate Interests (UK GDPR Art. 6(1)(f))

This is our primary lawful basis. We process data to:

  • Recover outstanding commercial debts on behalf of our clients
  • Communicate with debtor representatives
  • Trace businesses or individuals connected to a commercial debt
  • Maintain accurate records
  • Prevent fraud and misuse

We conduct Legitimate Interest Assessments to ensure fairness.

B. Legal Obligation (Art. 6(1)(c))

We may process data to comply with:

  • Court orders
  • HMRC requirements
  • Statutory record‑keeping obligations

C. Contract (Art. 6(1)(b))

Where processing is necessary to fulfil a contract between our client and the debtor.

D. Consent (Art. 6(1)(a))

Used only for:

  • Optional communications
  • Special category data
  • Non‑essential cookies

You may withdraw consent at any time.

4. How We Use Your Data

We use personal data to:

  • Contact debtor representatives regarding outstanding balances
  • Verify identity and confirm business relationships
  • Arrange and manage payment plans
  • Provide updates to our clients
  • Trace businesses or individuals where contact details are outdated
  • Comply with legal obligations
  • Improve our website and services
  • Respond to enquiries submitted via our website

We do not use your data for marketing.

5. Who We Share Your Data With

We may share your data with:

  • The client who instructed us
  • Tracing agents
  • Credit reference agencies (for commercial purposes)
  • Payment service providers
  • Solicitors and legal representatives
  • Courts and enforcement agents
  • IT and hosting providers
  • Professional advisers (auditors, accountants)

We ensure all third parties comply with UK GDPR.

6. International Data Transfers

Some service providers (e.g., hosting, email, analytics) may store data outside the UK.

Where this occurs, we ensure appropriate safeguards, such as:

  • UK Addendum to Standard Contractual Clauses
  • Adequacy regulations
  • Binding corporate rules

7. Data Retention

We retain personal data only as long as necessary.

Typical retention periods:

  • Debt recovery records: 6 years after case closure
  • Call recordings: up to 12 months
  • Website logs: up to 12 months
  • Contact form submissions: up to 24 months
  • Cookies: see cookie section

We may retain data longer where legally required.

8. Your Rights Under UK GDPR

You have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request erasure (in certain circumstances)
  • Restrict processing
  • Object to processing based on legitimate interests
  • Data portability
  • Withdraw consent
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

ICO website: https://ico.org.uk

9. Automated Decision‑Making and Profiling

We do not make automated decisions that have legal or significant effects on you.

We may use automated tools for:

  • Spam detection
  • Fraud prevention
  • Tracing support

These tools do not make final decisions without human involvement.

10. Security Measures

We implement appropriate technical and organisational measures, including:

  • Encrypted data storage
  • Secure access controls
  • Staff training
  • Regular audits
  • Secure data transfer protocols
  • Data minimisation practices

11. Cookies

Our website uses cookies for:

  • Essential site functionality
  • Security
  • Analytics (if enabled)
  • User preferences

You can manage cookie preferences via your browser or our cookie banner.

12. Children’s Data

Our services are not intended for individuals under 18, and we do not knowingly process children’s data.

13. Contact Us

If you have any questions about this Privacy Policy or your data rights, please contact us at:

Email: info@paragoncm.co.uk