Privacy Policy

Sigma Connected Group Ltd Privacy Policy

Company Structure and Overview 

The Sigma Connected Group Ltd is a diverse business that provides customer lifecycle outsourcing solutions ranging from customer service collections and debt resolution services, across a broad range of vertical sectors through a white label arrangement and under our own brands.

The Sigma Connected Group of companies is part of the Digicall Group and comprises:

Sigma Connected Holdings Limited (“SCHL”) which is authorised and regulated by the Financial Conduct Authority (FCA).

Sigma Connected Limited, a wholly owned subsidiary and Appointed Representative of SCHL.

Sigma Connected (Pty) Limited, Cape Town (South Africa), a wholly owned subsidiary of Digicall and an Appointed Representative of SCHL.

Sigma Connected Proprietary Limited, Brisbane (Australia), a wholly owned subsidiary of SCHL.

McLaren Credit Services and Reach:Out are both trading styles of Sigma Connected Limited.

Appointed Representatives can carry out regulated activities on behalf of SCHL.

Sigma Connected Holdings Limited, as Principal, take full responsibility for ensuring compliance with the FCA’s handbook of rules and guidance.

Data Controllers and Data Processors

For general enquiries, for our current or former employees and for applicants looking to start a career here, we are a Data Controller. For some of our debt collection activities, we are also a Data Controller. But, if we have made contact with you on behalf of one of our clients, it is most likely that we are a Data Processor.

This document explains how we will collect, store and use your data in compliance with GDPR.

Who we are

McLaren Credit Services, Reach:Out, Sigma and Sigma Red are trading styles of Sigma Connected Ltd and we are registered with the Information Commissioner’s Office and you can find us on the UK Data Protection register here. Our registration number is Z5155974.

Sigma Connected Holdings Ltd is registered with the Information Commissioner’s Office: Z8047183

The type of personal information we collect and legal basis for processing

For employees and applicants, we act as a Data Controller and we collect basic personal information about you such as your name and address and other contact details. Any information you choose submit via our online form may add to the types of personal data we collect and, in order to deal with your enquiry, we will process that data under the legal basis of consent.If you apply for a role with Sigma, we will provide further privacy information and successful applicants receive an employee privacy notice when their employment commences.We will call this Employee Data.For many of our clients, we process your data on their behalf and that makes us a Data Processor.We still treat your data with the utmost care, but our privacy policy doesn’t really apply to you. You will need to contact the company we are working for or perhaps visit their website.For our Reach:Out customers, we act as a Data Processor, but we have agreed with our clients that we will only share any sensitive data collected during the call with your explicit consent.
We will call this Client Data.
For direct customers, we are a Data Controller. We collect basic personal information about you such as your name, address and other contact details. We may also have detail about accounts and balances. We process this data under the legal basis of legitimate interest.


We will call this Customer Data.

What do we use this data for

Employee DataClient DataCustomer Data
This data is used to process your application or enquiry.This data is used to provide service to you on behalf of our client.This data is used so that we can make contact with you with a view to recovering outstanding balances.
We may also use call recordings for the purposes of training, quality assurance or complaint handling purposes.

Who we share your data with

We are great at talking to people. But we understand that there are companies out there that are great at things other than talking and so we use them to help us provide a world class service.

Below is a list of organisations we use, the data they process for us and why.

MaxContact
Manchester, M1 2AP
Name, phone number, account number.MaxContact provide telephone dialling management software to help us dial more efficiently.https://www.maxcontact.com/privacy-policy
ORCAHarrogate, HG3 1GYName, phone number, account number and balance.Orca is a CRM for managing and monitoring customer and client accounts.http://www.adtecsoftware.co.uk/privacy-cookies/
Central Mailing
Services Limited
Birmingham, B24 8TQ
Name, phone number, account number and balance.We use CMS to send letters via normal mail.https://www.centralmailing.co.uk/privacy-policy/
SimplyShred
(Employee data only)
Walsall, WS2 8RQ
Name, contact details, DBS checks, proof of identification.We operate a paperless environment. So if you provide paper records to us, we scan them on to our network and use this supplier to confidentially destroy paper records.https://www.simplyshred.co.uk/privacy-policy/
Twilio Sendgrid
London W1D 3QB
Name, phone number, account number and balance.We use a product called Sendgrid by Twilio to send secure emails to customers.https://www.twilio.com/legal/privacy
Complete Communication Services Limited
Stoke on Trent, ST1 5TQ
Name, phone number, account number and balance.We use CMS to send letters via ‘cloud’ mail, i.e. a virtual letter where a link is sent via text message.https://www.completecommunicationsolutions.co.uk/privacy-policy.pdf
Essendex
Nottingham, NG1 5FW
Name, mobile phone number.Essendex provide SMS (text message) broadcast services for us.https://www.esendex.co.uk/privacy-policy/
Docebo
(employee data only)
London, EC3V 0EJ
Name, email address.Docebo operate our Learning Management System. If you join Sigma, we add your name and work email into here so that we can teach you things and create a training record for you.https://www.docebo.com/docebo-privacy-policy/
Sigma Connected (Pty) Ltd Cape Town, South AfricaName, contact details, balance.Sigma Connected (Pty) Ltd is a fully-fledged member of the Sigma Family based in South Africa. We have nearly 1000, committed, contact centre agents there!

All of our processors and sub-processors are held to the highest standards in our contracts with them and are required to also adhere to the same, high, GDPR standards we adopt ourselves.

Very occasionally we speak to people who appear to be in great distress. Where we think it is appropriate, we may refer those details on to the emergency services or welfare services. We would always try to get permission first, but data protection laws allow us to do this where we believe someone is at risk.

How we store your personal information.

Your information is securely stored in UK datacentres. We have some very clever people in our IT team who continually check to ensure that we have the latest firewalls, the most up to date security and the best equipment. We train our staff regularly on data protection and information security and we are proud to hold both the ISO27001 Information Security Standard and the ISO9001 Quality Standard.

You are important to us. Your data is important to us.

How long we will store your data

Employee DataClient DataCustomer Data
Employee
We keep employee data for 6 years after the date your employment ends. Applicant We keep information on people who have applied for a job for 12 months, we then seek permission to keep it for a further 12 months. If we don’t get it… we permanently delete all your data.
When we process your data on behalf of one of our clients, we do so as a data processor and therefore we do so on the clear instructions given to us.Each client has their own privacy policy which you can usually find on their website. Whatever rules for deletion they provide there is what we will do,Reach:Out
We keep call recordings for 12 months, then they are permanently deleted.
We keep any information about you in our database for 12 months from the last contact we had with you, then we permanently delete that too.
McLaren Credit Services
To meet our regulatory requirements, we keep this data for 6 years after we have finished processing your account.

Processing outside of the UK.

All of your data is stored in the UK. But to make our service as efficient and effective as possible, some processing does occur outside of the UK. When we do this, we make absolutely sure that we can hold them to the same high standards we insist on for ourselves. All overseas processing is carried out under appropriate safeguards and for that we use something called the Standard Contractual Clauses. These set the expectations we have, they give clear instructions for the processing to be carried out and they provide all the necessary protections for you and your data.

Your data protection rights

Here in the UK, our data protection laws give you lots of rights in relation to your data. These are really important for your privacy and to make sure that you have full control over any information that exists about you.

This is a list of your rights and how you can exercise them if you feel you need to.

  • You have the right of access – if you want to know what information any data controller holds about you, you have the right to ask for copies of your personal information. You can do this by any communication method and we will not charge you for doing so.
  • You have the right to rectification – if you think any information that we hold about you is incomplete or inaccurate, tell us. We are required to rectify that information.
  • You have the right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • You have the right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • You have the right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
  • You have the right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

All of these rights are free to you from us or any other organisation holding your data. If you make a request, we have one month to respond to you.

You can contact us on the details at the top of this notice to make a request in relation to your rights, or if you have a question about them.

How to complain

If you are worried in any way about our use of your personal information, you can talk to us about it using any of the contact methods in this document. If you are so worried you wish to make a complaint, please contact our Data Protection Officer at:

DPO@sigfin.co.uk

Peter Hopgood-Gravett, Reach:Out, Grosvenor House, Prospect Hill, Redditch, B97 4DL.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

What now?

That’s everything we think you might want to know about how we collect, use and store your data. If you have any questions, please drop us a line.

Other than that, we thank you for reaching out and look forward to speaking with you.