We aim to make our website as accessible as possible. However if you use a screen reader and require debt advice you may find it easier to phone us instead. Our phone number is 0 8 0 0 1 3 8 1 1 1 1. Freephone (including all mobiles).

Types of data and how we use it

Click on the links below to jump to the sections you want to find out more about.

 Read the full privacy notice

  1. General data
  2. Communications
  3. Finances
  4. Sensitive
  5. Other

There may be other examples than the ones listed.

General data

Examples

  • Your name and previous names
  • Title
  • Date of birth
  • Client reference number

Purpose

  • So we know who you are
  • To address you

This is because we have a legitimate interest to provide you with our services.

Examples

  • Your personal situation
  • Relationships
  • Dependents
  • Whether you own or rent your home
  • Marital status
  • Gender
  • Nationality

Purpose

  • To give you the best advice based on what we know about you

This is because we have a legitimate interest to provide you with our services.

Examples

  • Information about your electronic devices. Such as your device and/or browser
  • How you came to our website. Such as from a Google search
  • How you use our online services. Such as what pages on the website you visit

Purpose

  • To make sure our online services work
  • To learn how our website visitors use our online services

We may ask you if you agree to us doing this such as through cookies banners or because we may have a legitimate interest to make sure our website works.

Read our Cookies privacy notice to find out more

Examples

  • If you are in work
  • If you are retired
  • When you may retire

Purpose

  • To make sure our advice is right for you
  • To tailor recommendations
  • To manage debt solutions
  • To use data for research

This is because we have a legitimate interest to provide you with our services and meet our goals as a charity.

Examples

  • Driving licence
  • Passport
  • Birth certificate
  • Proof of address
  • Any other official ID

Purpose

  • If you have a solution with us we need to check you are who you say you are
  • To share information between you and the people you owe money to
  • To run regulatory checks we have to make

We do this so we can:

  • Offer debt management solutions, which is one of our legitimate interests
  • Comply with the law
  • Comply with financial best practice
  • Manage a contract which you are or will be party to

Communicating with you

Examples

Your:

  • Postal address
  • Previous addresses
  • Phone numbers
  • Email addresses

Purpose

  • To contact you

This is because we have a legitimate interest to provide you with our services.

There may be times we use your contact details to send you:

  • Details of opportunities
  • Updates about StepChange
  • And other information you may be interested in

We will sometimes do this because:

  • We have a legitimate interest to provide you with information and opportunities, or
  • You have agreed to be contacted about this

Examples

  • Emails
  • Letters
  • Live web chat
  • Social media messages
  • Your personal action plan
  • Copies of your budget and similar documents

Purpose

To keep a record of:

  • Our dealings with you
  • The advice we have given

This is because we have a legitimate interest to provide you with our services.

We may also need to do this to meet financial rules.

Examples

  • All calls in to us and from us through our main phone lines

Purpose

  • To deal with complaints
  • To look into conduct issues
  • To check the quality of our services

We do the above to meet financial rules.

  • Listening to calls for training.
  • We may let third parties listen to live calls. These could be journalists or funders. This is to promote our services and raise awareness of our charitable aims

Clear and strict rules are followed at all times to protect your information.

We do this because we have a legitimate interest to promote our services and train our staff.

If you speak to our staff on a video call. Please be aware that this is only available in very limited situations.

Examples

  • We may record your image and audio

Purpose

  • To deal with complaints
  • To look into conduct issues
  • To check the quality of our services

We do the above to meet financial rules.

  • For training

We do this because we have a legitimate interest to train our staff.

Your finances

Examples

  • Number of debts
  • Total amount of debt
  • Name and address of the people you owe money to
  • Amount of debt for each of the people you owe money to
  • Payments made
  • Current balance of debt for each of the people you owe money to
  • Past and current debt solutions
  • Payment defaults
  • Any County Court Judgements (CCJs)
  • Bankruptcy status or history

Purpose

  • To make sure your advice is right for you
  • To tailor recommendations
  • To manage debt solutions
  • To use data for our research

This is because we have a legitimate interest to provide you with our services.

Examples

When making a budget with us:

  • Any income
  • Any spending

Purpose

  • To make sure your advice is right for you
  • To tailor recommendations
  • To manage debt solutions
  • To use data for our research

This is because we have a legitimate interest to provide you with our services.

These are items of value you own.

Examples

  • Savings
  • Investments
  • Pensions
  • Vehicles
  • Any other asset that can be used to pay what you owe. Such as settlement offers.

Purpose

  • To make sure your advice is right for you
  • To tailor recommendations
  • To manage debt solutions
  • To use data for our research

This is because we have a legitimate interest to provide you with our services.

Examples

  • Your account number
  • Your sort code
  • Debit card and credit card details
  • Direct debit details and history
  • Standing orders
  • One-off payment details and history

Purpose

We have a legitimate interest to provide you with our services and our solutions.

  • In some cases we may need this data to manage a contract which you are, or will be, party to
  • To comply with banking and financial rules. This is a legal requirement

For clients on our solutions only

Examples

  • Payment history
  • Disbursement history

Purpose

  • To set up and manage solutions
  • To share information between you and the people you owe money to
  • To use data for our research

We have a legitimate interest to provide you with our services and our solutions.

  • In some cases we may need this data to manage a contract which you are, or will be, party to
  • To comply with banking and financial rules. This is a legal requirement

For equity release and mortgage advice only

Examples

Existing insurance, such as:

  • Life
  • Health
  • Buildings
  • Contents

Purpose

  • This is because we have a legitimate interest to provide you with our services

For equity release and mortgage advice only

Examples

  • Mortgage provider
  • Amount owed
  • Mortgage term
  • Property details
  • Property value

Purpose

  • To make sure your advice is right for you
  • To tailor recommendations
  • To manage solutions
  • To use data for our research

This is because we have a legitimate interest to provide you with our services.

In some cases we may need this data to manage a contract which you are, or will be, party to.

Sensitive information about you

Where we need this to give you debt advice and manage solutions

Examples

  • Mental or physical health details where this may impact your ability to repay what you owe
  • Donations to religious (e.g. a place of worship), political (e.g. a political party), or philosophical organisations (e.g. a charity which reflects your beliefs). Although we generally will not record specific details (unless you volunteer this information).
  • Fees or donations to trade unions

Purpose

  • To make sure your advice is right for you
  • To tailor recommendations
  • To manage debt solutions
  • To use data for our research

This is because we have a legitimate interest to provide you with our services.

We process this type of sensitive data where we need to so we can:

  • Provide confidential debt advice and credit counselling service. This is a substantial public interest.
  • To use sensitive data for research in the public interest

There may be times when we need to ask you if you agree to the use of specific sensitive personal data for these or other purposes.

Where used to provide additional support to you

Examples

This could be information about:

  • Your mental or physical health
  • Another person’s mental or physical health if this impacts your ability to repay what you owe
  • Any reason why you need additional support from us

This could have been shared with us by:

  • You
  • Somebody you know
  • A family member
  • A person who you owe money to

Purpose

This is because we have a legitimate interest to provide you with additional support.

We process this type of sensitive data where we need to so we can:

  • Provide confidential debt advice and credit counselling services. This is a substantial public interest.
  • Safeguard the financial wellbeing of those who need additional support. This is a substantial public interest.

There may be times when we need to ask you if you agree to the use of specific sensitive personal data for these or other purposes.

Where we need this to give you debt advice and manage solutions

Examples

Relevant details of:

  • Criminal activity
  • Criminal allegations
  • Criminal investigations
  • Criminal proceedings
  • Criminal offences (and absence of offences)
  • Criminal penalties
  • Criminal convictions

Purpose

  • To make sure your advice is right for you
  • To tailor recommendations
  • To manage solutions
  • To let you know which solutions you will not be able to apply for due to this information you have told us about

This is because we have a legitimate interest to provide you with our services.

We process this type of sensitive data where we need to:

  • Provide confidential debt advice and credit counselling services. This is a substantial public interest
  • To use sensitive data for research in the public interest

There may be times when we need to ask you if you agree to the use of specific sensitive personal data for these or other purposes.

From other sources or from our own investigations

Examples

Relevant details of:

  • Criminal activity
  • Criminal allegations
  • Criminal investigations
  • Criminal proceedings
  • Criminal offences (and absence of offences)
  • Criminal penalties
  • Criminal convictions

These include:

  • Suspected fraudulent activity
  • Money laundering
  • Other financial crime matters

Purpose

  • To prevent crime
  • To detect crime
  • To report crime

This includes sharing your data with relevant law enforcement agencies and authorised bodies. Such as the HM Revenue & Customs (HMRC) or the police. We may share information when asked to, or when we think there is a good reason to do so.

To comply with the law. Specifically:

  • Preventing unlawful acts
  • Detecting unlawful acts
  • Regulatory requirements in relation to unlawful acts and dishonesty
  • Preventing fraud
  • Suspicion of terrorist financing
  • Suspicion of money laundering

Examples

Relevant details of:

  • Your race
  • Your ethnicity
  • Other protected characteristics you may have

Purpose

  • To make sure we treat all clients fairly
  • To make sure we are representative of all the communities we want to support
  • To use data for our research

This is because we have a legitimate interest to:

  • Monitor our clients’ diversity
  • Improve representation

We process this sensitive data where we need to so we can:

  • Identify the quality of opportunity or treatment across different groups based on their protected characteristics to prevent against discrimination. This is a substantial public interest
  • We do not use this information to make decisions about you or your circumstances

There may be times when we need to ask you if you agree to the use of specific sensitive personal data for these or other purposes.

Examples

There may be times when you share details which allow us to know sensitive information about you. Such as that you are in a same sex relationship.

Purpose

We do not use or make decisions about you or your circumstances based on this information. However, if relevant to your circumstances, it may be used to provide confidential debt advice and credit counselling services. This is a substantial public interest.

There may be times when we need to ask you if you agree to the use of specific sensitive personal data for these or other purposes.

Other reasons

Examples

  • A photo of you
  • A video of you
  • A sound recording of you
  • Testimonials you have given
  • Your story

Purpose

Publicity and marketing activity. To promote our brand and services.

We can do this by:

  • Asking you if you agree to this
  • Where we have entered in to a contract with you
  • Where we have a legitimate interest to promote our services

We will provide you with guidance on how we will use your information at the time we ask you for it.

Examples

Your:

  • Testimonials
  • Stories
  • Feedback
  • Opinions
  • Experiences

This may include sensitive information about something you are dealing with. Such as a health condition.

Purpose

For research, such as:

  • User experience
  • Satisfaction surveys
  • Specific research about problem debt and related issues
  • To understand which groups of society are using our services so that we can make efforts to cater to under represented groups

This is in line with our legitimate interests to:

  • Conduct policy research
  • Conduct market research
  • Review the quality of our services
  • Assess the outcomes of our services
  • Understand who is using our services

We process sensitive data for research that is in the public interest.

There may be times when we need to ask you if you agree to the use of specific sensitive personal data for these or other purposes.

You can opt out of receiving invites for these research activities at any time by emailing DPO@stepchange.org.

Examples

We may know some things about you based on:

  • Your name on social media
  • Other details you have shared on social media
  • Your profile image
  • Your likes, shares and comments
  • Your conversations with us. These could be direct messages
  • Any other information we may be able to infer from your social media profile and conversations or interactions with us

Purpose

We may learn or infer information through social media.

This is in line with our legitimate interest to:

  • Promote our services
  • Achieve our goals as a charity
  • Conduct social media campaigns, conversations, and events

Examples

  • Information shared as part of legal proceedings involving us and you
  • This could be sensitive information. It may relate to you and your situation

Purpose

  • Establishing, exercising or defending legal proceedings
  • Where we are subject to a court order

Examples

Information about any complaint, rights request, or other legal request which you may have submitted. This can include:

  • Details of the request
  • Our investigations, and
  • How we have responded

Information about you where required to investigate any issues that we have discovered. Such as if your data is involved in a data breach which we may have suffered.

This could be:

  • Sensitive information
  • Related to you and your situation

Purpose

  • To maintain records as required by law or because our regulators tell us to do so
  • Where we have a legitimate interest to maintain records about our compliance with the law
  • To fully investigate any complaints or answer any information request you may have

Examples

  • System monitoring: Such as, making sure our electronic systems run as expected
  • System testing: Such as, making sure our new or updated electronic systems will work as expected

We will remove information that can directly identify you if we are able to do so.

Purpose

  • To ensure our electronic systems are fit for purpose, work as expected, and to ensure systems remain secure

This is in line with our legitimate interests to maintain electronic systems.

We only use live personal data for final stage testing purposes – and only if absolutely necessary. We will have run a number of system tests using fake data before then. We do this so we know your personal data will remain safe if and when we need to update our systems.

Published July 2023. (Version 5)