Swipe left/right to view full table
Privacy and Cookie Policy
Information applies from the 30 March 2026
The information below applies to employees, workers and contractors. It explains how we handle personal data within our organisation.
If you are a customer, please view our Customer Privacy Notice here:
Customer Privacy Notice
If you are a job applicant, please view our Candidate Privacy Notice here:
UK Candidate Privacy Notice
Our Privacy Promise to you:
• We promise to be fair and transparent
• We treat the security of our colleagues, contractors and applicants` data seriously
• We believe in integrity and respect your privacy
What does this mean for you?
Our privacy notice provides you with information about how we use your personal data, which we are required by law to give you. Each section sets out different information – you can use the following list to choose which sections of our Privacy Notice you want to read:
1- Our identity as a data controller and our contact details
2- Types of personal data we collect and how we collect it
3- The legal basis on which, and the purposes for which, we are processing your personal data
4- How long do we keep your personal data for
5- Who we share your personal data with
6- Transferring your personal data outside of the EEA
7- Sharing information to prevent crime or harm
8- How you can manage your personal data
9- How to complain
We set out how your personal data will be used by members of the Cabot Credit Management Group as data controller, as advised below. You can contact our Group Data Protection Officer (DPO) at:
1 Kings Hill Avenue, Kings Hill, Kent ME19 4UA or alternatively by email on:
Occasionally we will need to tell you how we will process specific information you have provided to us, we will do this by providing a notice at the time we receive or obtain personal data.
1. Who are the Cabot Credit Management Group?
For the purpose of this notice where we refer to Cabot Credit Management Group or CCM Group we are referring to the Cabot Credit Management group of companies including its subsidiaries, holding companies and any associated and affiliated companies. When we become the data controller of your personal data, we will let you know which company within the CCM Group you have a relationship with.
To find out more about the CCM Group including who it incorporates, please see our website: www.cabotcm.com/en/discover-ccm/
2. What types of personal data do we collect and how do we collect it?
Types of personal data we collect
The types of personal data that we collect and process are outlined below:
• Personal Data - Personal data is information that can be used to identify you as an individual such as name, address and contact information, IP address,
• In addition we collect: national insurance number, proof of your current address/identity, your work history, qualifications, CCTV images, information gathered through our monitoring of our IT systems
• Financial Data - Financial data is information from your credit checks and payment details for the payment of contractual benefits, pension and tax information
• Details of Emergency contact- information relating to your emergency contact including, name, address, telephone number and their relationship to you.
Special Categories of personal data:
Some categories of personal data are more sensitive, these are known as special categories of personal data for example:
• Racial, Ethnic origin
• Biometric data
• Religious beliefs
• Data concerning heath, sexual orientation
If you ever disclose this type of personal data to us we will only keep this on record if it is necessary for the relationship between parties. Where we do need to keep this data, we will always request your explicit consent. We will only store this data for as long as it is relevant and will check this with you periodically. You have the right to withdraw your consent and if you do, we will delete the special category data from our records, where appropriate.
If you disclose special category personal data to us without us having the opportunity to obtain explicit consent, for example if you send a letter to us detailing your medical situation, where we consider it necessary to record the special category personal data you give to us, we will securely record this information and tell you in writing how we will use it and how you can withdraw your consent.
How do we collect your personal data?
We collect your information in the following ways:
• We obtain data from yourself
• We obtain data from third party data sources including previous employers (references) and providers in relation to pre- employment checks (such as Criminal record checks, credit checks etc)
• We keep records of correspondence between us, which may include: letters, live chat (skype), email, SMS, and any social media communications
• We operate CCTV at our business premises, when you attend one of our offices your image could be captured on CCTV
• Third parties that we appoint may collect personal data from you and pass it on to us, including Health Insurance providers, Pension providers, Big Ears etc
• We collect information concerning your access to buildings, usage of the business emails and website facilities
3. How we use your personal data
We use your personal data:
• To meet our contractual obligations to you
• To manage performance of the contract we have with you
• To assess suitability for positions within our organization
• To manage our operations and improve our service to you
• To manage security, risk and crime prevention (this will include monitoring of employees to protect our customer/employee personal data)
• To meet our regulatory requirements
• To undertake statistical analysis for business improvement
In order to process your personal data, we need to have a justified legal basis, this means that processing your personal data must be necessary for one or more of the following:
• To comply with a legal obligation
• Where we have a legitimate interest
• To perform a contract that you are party to
• When you give us your consent
• To protect your vital interests
The table below sets out the lawful bases that we rely on to process your personal data.
| Business Process | Our lawful basis for processing | How do we use your data? |
| Recruitment | • Legitimate interests • Compliance with a legal obligation |
We collect personal details about you as an individual, your career and competence history and qualifications. As part of this process we would need to perform identity, career history and financial verification activities. |
| Management of your Contract | • Compliance with a legal obligation • Legitimate interests • Performance of a contract |
As a business, we have an obligation to manage your contract in accordance with our agreement, we have a legal obligation to provide you with statutory communications and payments, and to comply with health and safety requirements in association with your contract, and therefore have a legitimate interest in ensuring your safety and wellbeing at work and therefore process information about your medical history at work and affecting performance in role. |
| Training, monitoring and improving our service | • Compliance with a legal obligation • Legitimate interest |
In order to ensure we provide the best service we can, and meet our values of a business offering diversity and inclusion we use recordings of transactions and refer to competence and career development history to train staff, and monitor diversity. We may choose to ask another company to contact you to request feedback enabling us to review the service you’ve received and to make improvements where necessary. We monitor your website usage, collecting info to improve our business efficiencies and, statistical and analytical activities. |
| Complying with Legal and regulatory requirements | • Legitimate interests • Performance of a contract • Compliance with a legal obligation |
At times we share data with other third parties where we have a legal or regulatory requirement to do, for example HMRC. |
4. How long we keep your personal data
We will keep your personal data for as long as you are an employee or contractor of Cabot.
We will keep your personal data for 6 years and 2 months from when our relationship with you comes to an end, in order to respond to any complaints or queries, comply with legal and regulatory obligations to keep certain records. Please refer to the table below which refers to the relevant data retention periods for categories of data:
| Record type | Retention period | |||||
| Deleted within 12 months of process end | Deleted 12 months post process finish | Deleted at leaving agreement termination date | Deleted 6 years (plus 2 months) post termination date | Retained indefinitely | Retained for 7 years (payroll purposes) | |
| Unsuccessful or ad hoc applications | Y | |||||
| Unsuccessful application post interview | Y | |||||
| Successful applicant CV, Interview notes | Y | |||||
| Employment screening documents | Y | |||||
| Eligibility to work documents | Y | |||||
| National insurance | Y | |||||
| Identity | Y | |||||
| Demographic information | Y | |||||
| ID photos | Y | |||||
| Marketing/ business activity photos and videos | Y | |||||
| Next of Kin | Y | |||||
| Contract related (offers, agreements and resignations) | Y | |||||
| Benefits or reward | Y | |||||
| Medical details | Y | |||||
| Performance and training | Y | |||||
| Holiday | Y | |||||
| Flexible working and personal family details | Y | |||||
| Exit interview | Y | |||||
5. Who we share your personal data with
At times we will need to share your personal data with other companies:
• Other companies within the CCM/Encore Group - for example we could instruct another company within CCM to act on our behalf or perform administrative duties
• Solicitor firms where they are acting on our behalf to protect the Companies’ legal rights and interests
• Other companies that may help us to validate that the data we hold is accurate or to obtain new information - for example a Criminal record check
• Suppliers and service providers - for example companies that provide us with an IT, infrastructure, Payroll and benefits facilitation and mailing service
• Your personal bank for the payment of processing payment to you in accordance with the contract
• Any person or company that you instruct us to liaise with - for example, a friend, family member, representative
• Suppliers and IT companies that provide a service, for example, Workday
• Legal Disclosures: We may need to share your data when we believe it’s required by law or to protect your and our rights and security.
It is possible that we will need to disclose information about you when required by law, or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Service; or (5) exercise or protect the rights and safety of colleagues, contractors, or others.
We may share your data when our business is sold to others, but it must continue to be used in accordance with this Privacy notice.
We can also share your personal data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys us or part of our business will have the right to continue to use your data.
6. Transferring your personal data outside of the EEA
Where we can, we will process and host your personal data within the UK/EU. At times, we may need to transfer your personal data to organisations that operate outside of the European Economic Area (EEA) enabling us to work with suppliers who help us to process your data, for example, our system of record for employee personal data is Workday, this is currently hosted in the U.S.
Where we do transfer your personal data outside of the EEA we will ensure that your data is protected and that we have appropriate safeguards in place, for example, standard contractual clauses, international data transfer agreements, which require any supplier to sign up to a comparable standard of protection.
7. Sharing information to prevent crime or harm
We have systems that protect our customers and ourselves against fraud and other crime, including money laundering. Colleague information can be used to prevent crime and trace those responsible.
8. How can you manage your data?
Managing your personal details with us
You are able to access and update some of the personal data we hold that allows us to administer communications to you. You can do this via our self- service HR system – MyPlace.
Once you have activated your online account you can edit and update your personal data, let us know how you prefer to be contacted and opt into and out of alerts and newsletters that are designed to provide you with support.
Your rights
Object to processing
You have the right to object to us processing your data if the processing itself is an unwarranted interference with your interests or rights. You can find out more about how and why we process your personal data by contacting the HR shared services team.
If you still believe that you have a valid and justifiable reason to exercise this right you can contact us on the details below.
Restrict Processing
If you believe we are processing your personal data unlawfully or you believe that we no longer need your personal data you have the right to request that we restrict the processing of your personal data.
Right to be forgotten
Under data protection legislation you have the right to request that we delete your personal data if you believe we no longer have a lawful basis to process it. If you feel that we should not be processing your personal data you can submit a request on the below details.
Right to rectification
Upon obtaining personal data we conduct checks to validate that it is accurate as we are reliant on you and other third parties to provide us with correct information. If you believe that any of the personal data we hold for you is incorrect, it is important that you make us aware as soon as possible, for example if you have a new phone number or have moved address.
Automated profiling and decision-making
The data protection legislation stipulate that where profiling or automated decision making produces a legal effect or similarly significantly affects you, we need to make you aware of your right to object. We do not believe that the profiling and decision-making that we conduct has either a legal effect or similarly significant impact on you but we will keep such processes and controls under review and update this notice accordingly.
If you have any further questions regarding any of the above information please contact our
HR shared services team.
Your right to portability
You have the right to request that we transfer personal data you have provided to us either to yourself or to another data controller. You can exercise the right to data portability by contacting us on the below details:
Email: [email protected]
Writing: HR Shared Service Cabot Financial PO BOX 241 West Malling Kent ME19 4NA
Accessing your data
You have the right to see the personal data relating to you that we hold. As a data controller we will also ensure that we provide any additional personal data that any of our data processors may hold about you.
We take the protection of your personal data seriously, so we reserve the right to request proof of your identity before supplying any personal data as appropriate.
Once we have validated your identity, we will respond to your request within one calendar month. We typically provide personal data via encrypted, password protected email. If you would prefer to receive your data in a different format, please let us know and we will accommodate this where feasible.
In order to make this request please contact us on the below details:
Writing: HR Shared Service, Cabot Financial PO BOX 241 West Malling Kent ME19 4NA
Email: [email protected]
9. Cookies
Our website operates and collects cookies. A cookie is a small file that is placed on your computer’s hard disk which may be placed for several reasons, for example:
• Google analytics, such as analysing the traffic to the website and to speed up access to the website.
• Targeted communications that help us to guide you back to specific pages within our website, or reach you via third party websites
We will always ask you on the homepage whether you want us to place a cookie on your computer. The vast majority of web browsers accept cookies, however you can manually change your browser settings so that cookies are not accepted. If you do this, you may lose some of the functionality of our website. For more information about cookies and how to disable them please go to:www.aboutcookies.org
We can confirm that any cookies placed by us shall not store or collect any personally identifiable information.
10. How to complain
If you would like to make a complaint or have a query about how we use your personal data, you can contact either the data protection officer or HR on the below details:
Email: [email protected]
In writing: Data Protection Officer, 1 Kings Hill Avenue, Kings Hill, Kent ME19 4UA.
Email: [email protected]
In writing: HRShared Service, 1 Kings Hill Avenue, Kings Hill, Kent ME19 4UA
If you are unhappy about how we have handled your complaint you have the right to complain to the Information Commissioners Office:
Website: https://ico.org.uk/concerns/
Call: 0303 123 1113
This notice was last updated in March 2026.