Privacy Policy

Sigma Connected Group Ltd Privacy Policy

Company Structure and Overview 

The Sigma Connected Group Ltd is a diverse business that provides customer lifecycle outsourcing solutions ranging from customer acquisitions, customer service, collections and debt resolution services, across a broad range of vertical sectors both through a white label arrangement and under our own brands.

The Sigma Connected Group of companies is part of the Digicall Group and comprises:

Sigma Connected Holdings Limited (“SCHL”) which is authorised and regulated by the Financial Conduct Authority (FCA) in the UK.

Sigma Connected Limited, our UK operations company and a wholly owned subsidiary and Appointed Representative of SCHL.

Sigma Connected (Pty) Limited, Cape Town, is our South Africa based offshore operations company, a wholly owned subsidiary of Digicall and an Appointed Representative of SCHL.

Sigma Connected Proprietary Limited, Brisbane, is our Australian, primary market, operations company and a wholly owned subsidiary of SCHL.

McLaren Credit Services and Reach:Out are both trading styles of Sigma Connected Limited.

Appointed Representatives can carry out regulated activities on behalf of SCHL. Sigma Connected Holdings Limited, as Principal, take full responsibility for ensuring compliance with the FCA’s handbook of rules and guidance.

Territorial Scope

Data collected through this website will primarily be held in the United Kingdom and, as such, we will afford data subjects all the protections provided by the UK General Data Protection Regulation (UKGDPR). Where necessary, such as when an enquiry is intended for one of our businesses outside the UK, we will share that data appropriately and ensure that citizens of those countries are afforded protections that are in line with or superior to the Privacy Legislation in that country.

Data Controllers and Data Processors, Responsible Parties and APP Entities.

For general enquiries, for our current or former employees and for applicants looking to start a career here, Sigma Connected are a Data Controller. For some of our debt collection activities, we are also a Data Controller. But, if we have contacted you, on behalf of one of our clients, it is most likely that we are a Data Processor.

This document explains how we will collect, store and use your data in compliance with GDPR.

If you have applied for a career with us, we will pass your information to the Sigma Connected business in your country who will then become the Data Controller. In South Africa, we call that a Responsible Party and they will look after your data in line with the Protection of Personal Information Act, or POPIA. In Australia, we call the Data Controller an ‘APP Entity’ and we will take care of your personal information in line with The Privacy Act 1988.

Either way, we take a global view of Privacy and Data Protection that guarantees the highest standards for you and your personal information. But for clarity we use UKGDPR Definitions and Key Terms and these are explained at the bottom of this notice.

Who we are

Sigma, McLaren Credit Services, Reach:Out, and Sigma Red are trading styles of Sigma Connected Ltd and we are registered with the Information Commissioner’s Office and you can find us on the UK Data Protection register here. Our registration number is Z5155974.

Sigma Connected Holdings Ltd is registered with the Information Commissioner’s Office: Z8047183

Sigma Connected (Pty) Limited is registered with The Information Regulator in South Africa [number to follow]

The type of personal information we collect and legal basis for processing

For employees and applicants, we act as a Data Controller and we collect basic personal information about you such as your name and address and other contact details. Any information you choose submit via our online form may add to the types of personal data we collect and, in order to deal with your enquiry, we will process that data under the legal basis of consent. If you apply for a role with Sigma, we will provide further privacy information and successful applicants receive an employee privacy notice when their employment commences.   We will call this Employee Data.For many of our clients, we process your data on their behalf and that makes us a Data Processor. We still treat your data with the utmost care, but our privacy policy doesn’t really apply to you. You will need to contact the company we are working for or perhaps visit their website. For our Reach:Out customers, we act as a Data Processor, but we have agreed with our clients that we will only share any sensitive data collected during the call with your explicit consent.  
We will call this Client Data.
For direct customers, we are a Data Controller. We collect basic personal information about you such as your name, address and other contact details. We may also have detail about accounts and balances.  We process this data under the legal basis of legitimate interest.

We will call this Customer Data.
For people using our website to access our insights, content or to make contact with us for business purposes, we will collect your personal information and contact details and will do so under Legitimate Interests. We call this User Data.

What if we don’t collect your data?

In most circumstances, the only reason we would collect your data here is because you want to work with us, work for us, or you have a question about a service we have already provided to you. In order to make any of those things happen, we need to collect your data and we guarantee only to use your data for that purpose. If we don’t collect your information, unfortunately we cannot help.

In relation to our content and insights, you will not be able to access and download white papers or restricted content without sharing your name and contact details with us.

What do we use this data for

Data TypePrimary UseOther Uses
Employee DataThis data is used to process your application or enquiry.
Client DataThis data is used to provide service to you on behalf of our client.We may also use call recordings for the purposes of training, quality assurance or complaint handling purposes.
Customer DataThis data is used so that we can make contact with you with a view to recovering outstanding balances.
User DataThis data is used for us to communicate with you about our products or services and other information we believe may interest you. You can opt out at any time here 

Who we share your data with

We are great at talking to people. But we understand that there are companies out there that are great at things other than talking and so we use them to help us provide a world class service.

Below is a list of organisations we use, the data they process for us and why.

MaxContact
Manchester, M1 2AP.
United Kingdom
Name, phone number, account number.MaxContact provide telephone dialling management software to help us dial more efficiently.
https://www.maxcontact.com/privacy-policy
ORCA
Harrogate, HG3 1GY.
United Kingdom.
Name, phone number, account number and balance.Orca is a CRM for managing and monitoring customer and client accounts.
http://www.adtecsoftware.co.uk/privacy-cookies/
Central Mailing
Services Limited
Birmingham, B24 8TQ.
United Kingdom.
Name, phone number, account number and balance.We use CMS to send letters via normal mail.
https://www.centralmailing.co.uk/privacy-policy/
SimplyShred
(Employee data only)
Walsall, WS2 8RQ.
United Kingdom.
Name, contact details, DBS checks, proof of identification.We operate a paperless environment. So if you provide paper records to us, we scan them on to our network and use this supplier to confidentially destroy paper records.
https://www.simplyshred.co.uk/privacy-policy/
Twilio Sendgrid
London W1D 3QB.
United Kingdom.
Name, phone number, account number and balance.We use a product called Sendgrid by Twilio to send secure emails to customers.
https://www.twilio.com/legal/privacy
Complete Communication Services Limited
Stoke on Trent, ST1 5TQ.
United Kingdom.
Name, phone number, account number and balance.We use CMS to send letters via ‘cloud’ mail, i.e. a virtual letter where a link is sent via text message.
https://www.completecommunicationsolutions.co.uk/privacy-policy.pdf
Essendex
Nottingham, NG1 5FW.
United Kingdom.
Name, mobile phone number.Essendex provide SMS (text message) broadcast services for us.
https://www.esendex.co.uk/privacy-policy/
Docebo
(employee data only)
London, EC3V 0EJ.
United Kingdom.
Name, email address.Docebo operate our Learning Management System. If you join Sigma, we add your name and work email into here so that we can teach you things and create a training record for you.
https://www.docebo.com/docebo-privacy-policy/
Sigma Connected (Pty) Ltd Cape Town, South AfricaName, contact details, balance.Sigma Connected (Pty) Ltd is a fully-fledged member of the Sigma Family based in South Africa. We have nearly 1000, committed, contact centre agents there!
Sigma Connected Proprietary Ltd 
Brisbane.
Australia.
Name, contact details, balance.Sigma Connected (Pty) Ltd is a fully-fledged member of the Sigma Family based in South Africa. We have nearly 1000, committed, contact centre agents there!
Geotargeting WPIP address, locationLocation-based interactions

This Application may collect, use, and share User location Data in order to provide location-based services.
Most browsers and devices provide tools to opt out from this feature by default. If explicit authorization has been provided, the User’s location data may be tracked by this Application.
The geographic location of the User is determined in a manner that isn’t continuous, either at the specific request of the User or when the User doesn’t point out its current location in the appropriate field and allows the application to detect the position automatically.
Personal Data processed: geographic position.
Category of personal information collected: geolocation data.

All of our processors and sub-processors are held to the highest standards in our contracts with them and are required to also adhere to the same, high, GDPR standards we adopt ourselves.

Very occasionally we speak to people who appear to be in great distress. Where we think it is appropriate, we may refer those details on to the emergency services or welfare services. We would always try to get permission first, but data protection laws allow us to do this where we believe someone is at risk.

How we store your personal information.

Your information is securely stored in UK datacentres. We have some very clever people in our IT team who continually check to ensure that we have the latest firewalls, the most up to date security and the best equipment. We train our staff regularly on data protection and information security and we are proud to hold both the ISO27001 Information Security Standard and the ISO9001 Quality Standard.

You are important to us. Your data is important to us.

How long we will store your data

Employee DataClient DataCustomer Data
Employee Data
We keep employee data for 6 years after the date your employment ends. Applicant Data
We keep information on people who have applied for a job for 12 months, we then seek permission to keep it for a further 12 months. If we don’t get it… we permanently delete all of your data.
When we process your data on behalf of one of our clients, we do so as a data processor and therefore we do so on the clear instructions given to us. Each client has their own privacy policy which you can usually find on their website. Whatever rules for deletion they provide there is what we will do,Reach:Out
We keep call recordings for 12 months, then they are permanently deleted.
We keep any information about you in our database for 12 months from the last contact we had with you, then we permanently delete that too. McLaren Credit Services
To meet our regulatory requirements, we keep this data for 6 years after we have finished processing your account.
User DataWe will store your data for 12 months after the last interaction we have with you. If you opt out, this will be the last interaction. If we send you information, this will count as the last interaction but we will always include an option for you to opt out.

Processing outside of the UK or your country of residence.

All data is stored in the UK. But to make our service as efficient and effective as possible, some processing does occur outside of the UK. When we do this, we make absolutely sure that we can hold them to the same high standards we insist on for ourselves. All overseas processing is carried out under appropriate safeguards and for that we use something called the Standard Contractual Clauses. These set the expectations we have, they give clear instructions for the processing to be carried out and they provide all the necessary protections for you and your data. We have these in place between all our international companies too, so even when sharing data between our own group, you know you are protected.

For employees, we store data in the local company and once the data has been passed, we delete our records in the UK and manage the data locally under local legislation.

Your data protection rights

Here in the UK, our data protection laws give you lots of rights in relation to your data. These are really important for your privacy and to make sure that you have full control over any information that exists about you.

This is a list of your rights and how you can exercise them if you feel you need to.

  • You have the right of access – if you want to know what information any data controller holds about you, you have the right to ask for copies of your personal information. You can do this by any communication method and we will not charge you for doing so.
  • You have the right to rectification – if you think any information that we hold about you is incomplete or inaccurate, tell us. We are required to rectify that information.
  • You have the right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • You have the right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • You have the right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
  • You have the right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

All of these rights are free to you from us or any other organisation holding your data. If you make a request, we have one month to respond to you.

You can contact us on the details at the top of this notice to make a request in relation to your rights, or if you have a question about them.

And in case you were wondering, we extend these rights to anyone using this website, just to be safe.

How to complain

If you are worried in any way about our use of your personal information, you can talk to us about it using any of the contact methods in this document. If you are so worried you wish to make a complaint, please contact our Data Protection Officer at:

DPO@sigfin.co.uk

Peter Hopgood-Gravett, Sigma Connected, Grosvenor House, Prospect Hill, Redditch, B97 4DL.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

What now?

That’s everything we think you might want to know about how we collect, use and store your data. If you have any questions, please drop us a line.

Other than that, we thank you for reaching out and look forward to speaking with you. 

Definitions and Key Terms

United Kingdom and the EUWhat is this?South AfricaAustralia
UKGDPR, United Kingdom General Data Protection Regulation –This is the relevant Privacy / Data Protection Law.Protection of Personal Information Act, or POPIAThe Privacy Act 1988 & the APPs (Australian Privacy Principles)
Data ControllerThe organisation responsible for looking after your data.Responsible PartyAPP Entity.
Data ProcessorThis is a separate organisation that processes data on behalf of a Data Controller.OperatorAPP Entity. There are no processors under Australian law.