There may be other examples than the ones listed.
General data
Examples
- Your name and previous names
- Title
- Date of birth
- Client reference number
Purpose
- So we know who you are
- To address you
This is because we have a legitimate interest to provide you with our services.
Examples
- Your personal situation
- Relationships
- Dependents
- Whether you own or rent your home
- Marital status
- Gender
- Nationality
Purpose
- To give you the best advice based on what we know about you
This is because we have a legitimate interest to provide you with our services.
Examples
- Information about your electronic devices. Such as your device and/or browser
- How you came to our website. Such as from a Google search
- How you use our online services. Such as what pages on the website you visit
Purpose
- To make sure our online services work
- To learn how our website visitors use our online services
We may ask you if you agree to us doing this such as through cookies banners or because we may have a legitimate interest to make sure our website works.
Read our Cookies privacy notice to find out more
Examples
- If you are in work
- If you are retired
- When you may retire
Purpose
- To make sure our advice is right for you
- To tailor recommendations
- To manage debt solutions
- To use data for research
This is because we have a legitimate interest to provide you with our services and meet our goals as a charity.
Examples
- Driving licence
- Passport
- Birth certificate
- Proof of address
- Any other official ID
Purpose
- If you have a solution with us we need to check you are who you say you are
- To share information between you and the people you owe money to
- To run regulatory checks we have to make
We do this so we can:
- Offer debt management solutions, which is one of our legitimate interests
- Comply with the law
- Comply with financial best practice
- Manage a contract which you are or will be party to
Communicating with you
Examples
Your:
- Postal address
- Previous addresses
- Phone numbers
- Email addresses
Purpose
This is because we have a legitimate interest to provide you with our services.
There may be times we use your contact details to send you:
- Details of opportunities
- Updates about StepChange
- And other information you may be interested in
We will sometimes do this because:
- We have a legitimate interest to provide you with information and opportunities, or
- You have agreed to be contacted about this
Examples
- Emails
- Letters
- Live web chat
- Social media messages
- Your personal action plan
- Copies of your budget and similar documents
Purpose
To keep a record of:
- Our interactions with you
- The advice we have given you
This is because we have a legitimate interest to provide you with our services and monitor the quality of our services.
We may also need to do this to meet financial regulations and rules.
Examples
- All calls in to us and from us through our main phone lines
Purpose
- To deal with complaints
- To look into conduct issues
- To check the quality of our services
We do the above to meet financial rules.
- Listening to calls for training.
- We may let third parties listen to live calls. These could be journalists or funders. This is to promote our services and raise awareness of our charitable aims
Clear and strict rules are followed at all times to protect your information.
We do this because we have a legitimate interest to promote our services and train our staff.
If you speak to our staff on a video call. Please be aware that this is only available in very limited situations.
Examples
- We may record your image and audio
Purpose
- To deal with complaints
- To look into conduct issues
- To check the quality of our services
We do the above to meet financial rules.
We do this because we have a legitimate interest to train our staff.
Your finances
Examples
- Total amount of debt
- Name and address of the people you owe money to
- Amount of debt for each of the people you owe money to
- Payments made
- Current balance of debt for each of the people you owe money to
- Past and current debt solutions
- Payment defaults
- Any County Court Judgements (CCJs)
- Bankruptcy status or history
Purpose
- To make sure your advice is right for you
- To tailor recommendations
- To manage debt solutions
- To use data for our research
This is because we have a legitimate interest to provide you with our services.
Examples
When making a budget with us:
Purpose
- To make sure your advice is right for you
- To tailor recommendations
- To manage debt solutions
- To use data for our research
This is because we have a legitimate interest to provide you with our services.
These are items of value you own.
Examples
- Savings
- Investments
- Pensions
- Vehicles
- Any other asset that can be used to pay what you owe. Such as settlement offers.
Purpose
- To make sure your advice is right for you
- To tailor recommendations
- To manage debt solutions
- To use data for our research
This is because we have a legitimate interest to provide you with our services.
Examples
- Your account number
- Your sort code
- Debit card and credit card details
- Direct debit details and history
- Standing orders
- One-off payment details and history
Purpose
We have a legitimate interest to provide you with our services and our solutions.
- In some cases we may need this data to manage a contract which you are, or will be, party to
- To comply with banking and financial rules. This is a legal requirement
For clients on our solutions only
Examples
- Payment history
- Disbursement history
Purpose
- To set up and manage solutions
- To share information between you and the people you owe money to
- To use data for our research
We have a legitimate interest to provide you with our services and our solutions.
- In some cases we may need this data to manage a contract which you are, or will be, party to
- To comply with banking and financial rules. This is a legal requirement
For equity release and mortgage advice only
Examples
Existing insurance, such as:
- Life
- Health
- Buildings
- Contents
Purpose
- This is because we have a legitimate interest to provide you with our services
For equity release and mortgage advice only
Examples
- Mortgage provider
- Amount owed
- Mortgage term
- Property details
- Property value
Purpose
- To make sure your advice is right for you
- To tailor recommendations
- To manage solutions
- To use data for our research
This is because we have a legitimate interest to provide you with our services.
In some cases we may need this data to manage a contract which you are, or will be, party to.
Sensitive information about you
Where we need this to give you debt advice and manage solutions
Examples
- Mental or physical health details where this may impact your ability to repay what you owe
- Donations to religious (e.g. a place of worship), political (e.g. a political party), or philosophical organisations (e.g. a charity which reflects your beliefs). Although we generally will not record specific details (unless you volunteer this information).
- Fees or donations to trade unions
Purpose
- To make sure your advice is right for you
- To tailor recommendations
- To manage debt solutions
- To use data for our research
This is because we have a legitimate interest to provide you with our services.
We process this type of sensitive data where we need to so we can:
- Provide confidential debt advice and credit counselling service. This is a substantial public interest.
- To use sensitive data for research in the public interest
There may be times when we need to ask you if you agree to the use of specific sensitive personal data for these or other purposes.
Where used to provide additional support to you
Examples
This could be information about:
- Your mental or physical health
- Another person’s mental or physical health if this impacts your ability to repay what you owe
- Any reason why you need additional support from us
This could have been shared with us by:
- You
- Somebody you know
- A family member
- A person who you owe money to
Purpose
This is because we have a legitimate interest to provide you with additional support.
We process this type of sensitive data where we need to so we can:
- Provide confidential debt advice and credit counselling services. This is a substantial public interest.
- Safeguard the financial wellbeing of those who need additional support. This is a substantial public interest.
There may be times when we need to ask you if you agree to the use of specific sensitive personal data for these or other purposes.
Where we need this to give you debt advice and manage solutions
Examples
Relevant details of:
- Criminal activity
- Criminal allegations
- Criminal investigations
- Criminal proceedings
- Criminal offences (and absence of offences)
- Criminal penalties
- Criminal convictions
Purpose
- To make sure your advice is right for you
- To tailor recommendations
- To manage solutions
- To let you know which solutions you will not be able to apply for due to this information you have told us about
This is because we have a legitimate interest to provide you with our services.
We process this type of sensitive data where we need to:
- Provide confidential debt advice and credit counselling services. This is a substantial public interest
- To use sensitive data for research in the public interest
There may be times when we need to ask you if you agree to the use of specific sensitive personal data for these or other purposes.
From other sources or from our own investigations
Examples
Relevant details of:
- Criminal activity
- Criminal allegations
- Criminal investigations
- Criminal proceedings
- Criminal offences (and absence of offences)
- Criminal penalties
- Criminal convictions
These include:
- Suspected fraudulent activity
- Money laundering
- Other financial crime matters
Purpose
- To prevent crime
- To detect crime
- To report crime
This includes sharing your data with relevant law enforcement agencies and authorised bodies. Such as the HM Revenue & Customs (HMRC) or the police. We may share information when asked to, or when we think there is a good reason to do so.
To comply with the law. Specifically:
- Preventing unlawful acts
- Detecting unlawful acts
- Regulatory requirements in relation to unlawful acts and dishonesty
- Preventing fraud
- Suspicion of terrorist financing
- Suspicion of money laundering
Examples
Relevant details of:
- Your race
- Your ethnicity
- Other protected characteristics you may have
Purpose
- To make sure we treat all clients fairly
- To make sure we are representative of all the communities we want to support
- To use data for our research
This is because we have a legitimate interest to:
- Monitor our clients’ diversity
- Improve representation
We process this sensitive data where we need to so we can:
- Identify the quality of opportunity or treatment across different groups based on their protected characteristics to prevent against discrimination. This is a substantial public interest
- We do not use this information to make decisions about you or your circumstances
There may be times when we need to ask you if you agree to the use of specific sensitive personal data for these or other purposes.
Examples
There may be times when you share details which allow us to know sensitive information about you. Such as that you are in a same sex relationship.
Purpose
We do not use or make decisions about you or your circumstances based on this information. However, if relevant to your circumstances, it may be used to provide confidential debt advice and credit counselling services. This is a substantial public interest.
There may be times when we need to ask you if you agree to the use of specific sensitive personal data for these or other purposes.
Other reasons
Examples
- A photo of you
- A video of you
- A sound recording of you
- Testimonials you have given
- Your story
Purpose
Publicity and marketing activity. To promote our brand and services.
We can do this by:
- Asking you if you agree to this
- Where we have entered in to a contract with you
- Where we have a legitimate interest to promote our services
We will provide you with guidance on how we will use your information at the time we ask you for it.
Examples
Your:
- Testimonials
- Stories
- Feedback
- Opinions
- Experiences
This may include sensitive information about something you are dealing with. Such as a health condition.
Purpose
For research, such as:
- User experience
- Satisfaction surveys
- Specific research about problem debt and related issues
- To understand which groups of society are using our services so that we can make efforts to cater to under represented groups
This is in line with our legitimate interests to:
- Conduct policy research
- Conduct market research
- Review the quality of our services
- Assess the outcomes of our services
- Understand who is using our services
We process sensitive data for research that is in the public interest.
There may be times when we need to ask you if you agree to the use of specific sensitive personal data for these or other purposes.
You can opt out of receiving invites for these research activities at any time by emailing DPO@stepchange.org.
Examples
We may know some things about you based on:
- Your name on social media
- Other details you have shared on social media
- Your profile image
- Your likes, shares and comments
- Your conversations with us. These could be direct messages
- Any other information we may be able to infer from your social media profile and conversations or interactions with us
Purpose
We may learn or infer information through social media.
This is in line with our legitimate interest to:
- Promote our services
- Achieve our goals as a charity
- Conduct social media campaigns, conversations, and events
Examples
Information about any complaint, rights request, or other legal request which you may have submitted. This can include:
- Details of the request
- Our investigations, and
- How we have responded
Information about you where required to investigate any issues that we have discovered. Such as if your data is involved in a data breach which we may have suffered.
This could be:
- Sensitive information
- Related to you and your situation
Purpose
- To maintain records as required by law or because our regulators tell us to do so
- Where we have a legitimate interest to maintain records about our compliance with the law
- To fully investigate any complaints or answer any information request you may have
Examples
- System monitoring: Such as, making sure our electronic systems run as expected
- System testing: Such as, making sure our new or updated electronic systems will work as expected
We will remove information that can directly identify you if we are able to do so.
Purpose
- To ensure our electronic systems are fit for purpose, work as expected, and to ensure systems remain secure
This is in line with our legitimate interests to maintain electronic systems.
We only use live personal data for final stage testing purposes – and only if absolutely necessary. We will have run a number of system tests using fake data before then. We do this so we know your personal data will remain safe if and when we need to update our systems.
Published November 2024. (Version 5.3)