Privacy Policy

Last Updated: April 2026

1. Introduction Castle Northwich Recovery ("we," "us," or "our") is committed to protecting the privacy and security of your personal data. This policy outlines how we collect and use data in compliance with UK GDPR and the Data Protection Act 2018.

2. ICO Registration We are registered with the Information Commissioner’s Office (ICO). We act as a Data Controller for our client information and a Data Processor when handling debtor information on behalf of our clients.

3. Legal Basis for Processing For the purposes of debt recovery, we process personal data under the legal basis of Legitimate Interests. It is in the legitimate interest of our clients to recover undisputed business debts, and our processing is necessary to achieve this.

4. Data We Collect

• Client Data: Name, business address, email, and financial details for billing.

• Debtor Data: Name, contact details, outstanding invoice data, and correspondence related to the debt.

5. Data Sharing We do not sell your data. We may share data with legal professionals, courts, or government bodies only when necessary to escalate the recovery process.

6. Data Retention We retain records for 6 years from the date of the last transaction to comply with UK legal and accounting requirements.

7. Your Rights You have the right to request access to your data, rectification of errors, or to object to processing. Please contact us at [Your Email for any inquiries.