Privacy Statement

Personal data refers to any information that can be traced back to an individual. This includes your name, phone number, or email address, but also your computer’s IP address or your license plate number.

Processing is a legal term that includes everything that can be done with data: collecting, recording, organizing, storing, updating, modifying, retrieving, consulting, using, transmitting, distributing, making available, combining, linking, shielding, erasing, and destroying data.

Cannock processes various personal data needed to handle your case. This includes your name, date of birth, address, phone number, and email address. We also store financial data such as payment behavior, credit registrations, and information about debts and income. This helps us assess whether you can (timely) pay, evaluate risks, or offer a suitable payment plan.

We may also process additional data, such as information you’ve provided or data requested from other institutions.

In some cases, we process special categories of data, such as medical or criminal records. These are only processed if you’ve given explicit consent or if it’s necessary to establish, exercise, or defend a legal claim.

We may also record phone calls—to train staff and to better handle complaints or requests concerning your rights.

When you visit Cannock’s website, we may ask for your consent to collect data via cookies. Please refer to our [cookie statement] for more details.

Most data comes from our clients or directly from you during case handling. We may also receive additional data from other institutions, such as the Chamber of Commerce, courts, lawyers, bailiffs, credit bureaus, and other (public) sources.

We may share your data with companies that support or carry out parts of our service, such as printing and mailing services, hosting providers, or telecom companies.
We may also share your data with our clients, lawyers, bailiffs, credit bureaus, regulators, and government agencies to whom we are legally required to provide data.

Cannock employees may access your personal data only if necessary for the stated purposes. All employees are bound by confidentiality.

We process your data to collect outstanding debts. When acting as a Data Controller, we do this based on the legal basis of legitimate interest. We cannot carry out our work without processing your data. Based on this legitimate interest, we may:

• Verify your data

• Enrich data using other sources

• Share your data with the parties mentioned above

• Use credit scores

• Improve or modify our IT systems (only when not possible with anonymized data)

When we act as a Processor, the purpose and legal basis are determined by our client, who directs how we may process the data.

We may use credit scoring during case handling. These profiles help us determine the best approach for handling your case. This is essential for efficient operations and timely case management.
Human judgment is always involved in decision-making; credit scores are used as a tool to support the process.

Cannock only records the personal data that is strictly necessary. We also take appropriate measures to protect your data from loss or unlawful use, including in agreements with (sub)processors such as hosting providers.

Cannock staff and any third parties who may access your data are bound by confidentiality. Only authorized personnel may view or process data, and only if necessary to perform their duties properly.

Cannock does not keep your data longer than necessary for the purposes for which it was collected and processed. We retain your data:

• As long as needed for the original purpose
• As long as we have a legitimate interest in retaining it
• Until the legal limitation period has expired
• As long as legally required

You have the right to request access, correction, restriction, or deletion of the personal data we process about you. You may also object to the processing of your data. If you have given consent for processing, you can withdraw it at any time.

Send your request via email to rechten@cannock.nl, including a copy of a valid ID. Please redact your BSN, passport number, MRZ (machine readable zone), and photo for privacy.
Cannock will respond as soon as possible, and no later than within one month. We will always explain how your request was handled and what the outcome is.

To file a complaint about how Cannock handles your data, email klacht@cannock.nl. We log all complaints and confirm receipt. You will receive a response within 10 working days.

You may also contact the Dutch Data Protection Authority via https://www.autoriteitpersoonsgegevens.nl for more information or to file a complaint.

Cannock has appointed a Data Protection Officer. If you have questions or comments about our privacy policy, contact them via FG@cannock.nl.

Cannock reserves the right to make changes to this privacy statement, for example due to new developments, online services, or to ensure compliance with laws and regulations.
These changes will be announced on our website.