Privacy Policy – Debt advice and personal clients


Data we collect
How we use your personal data and legal basis for processing
Sharing and disclosing your personal data
How long we keep your data

Data we collect

We collect personal data about our clients (and associated individuals e.g. family members and creditors) which is necessary to effectively deploy our services as agreed with our clients. We ask our clients to provide the necessary information to other associated data subjects regarding their personal data use whilst performing our services.

The types of data we collect, and process can vary, it may include:

Contact Information
Anti-Money Laundering Identification information (i.e. as driver’s license and passport copies which include biographical and contact information)
Employee information
Financial Information

On occasion, for some of our services and when required under a legal obligation, we may also process sensitive data (such as race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and, criminal records) about you, which we ensure is processed securely and within the strict legal parameters.

We collect data;

  • Directly when you initially contact us
  • Indirectly through subsequent interactions with you, from a third party acting on your instructions, or from other third parties (including publicly available information)

How we use your personal data and legal basis for processing

We process your personal data for various purposes including:

  • To enable us to contact and meet with you to gather or provide information
  • To perform other tasks as necessary to provide our services
  • To perform AML assessments
  • To administer, support, improve and develop our services generally
  • To enforce our legal rights
  • To comply with any requirement of law, regulation or a professional body of which we are a member

We have a legitimate interest in using your information for these purposes, as it helps us to manage our relationship with you and helps us run our business and to safeguard our rights as a business.

The processing is necessary for compliance with our obligation under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulation 2017

We do this to comply with our legal, regulatory and professional obligations
Any personal data received as part of our AML process from a personal client will be processed only for the purposes of preventing money laundering and terrorist financing, unless:

  • Use of the data is permitted by or under and enactment other than the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017; or
  • Dunedin Advisory has obtained the express consent of the data subject to the proposed use of the data

Furthermore, in a restructuring appointment, once we are appointed, all our processing of your personal data is necessary to comply with our legal obligation under the Bankruptcy (Scotland) Act 2016. If you have any questions in this regard, please contact us.

Sharing and disclosing your personal data

We do not share or disclose any of your personal data without your consent, other than for the purposes specified in this notice or where there is a legal requirement. When we share data with others, we ensure contractual arrangements and security mechanisms are in place to protect the data and to comply with our data protection, confidentiality and security standards.

Your personal data may be shared with:

  • Third parties involved in restructuring proceedings, including but not limited to the courts, government offices, banking institutions, creditors, and other third parties involved
  • Third party organisations that provide identification checking services
  • Third party organisations that provide applications/functionality, data processing or IT services to us
  • Our trade associations, professional bodies and business associates e.g. agents, solicitors, accountants etc.

Occasionally, we may also need to disclose your personal data in the following circumstances:

  • Based on our legitimate interests, to third parties if we choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • To law enforcement officials, law courts and government and regulatory authorities: (a) if we believe disclosure is required by any applicable law, regulation or legal process; or (b) to protect and defend our rights, or the rights or safety of third parties, including to defend against legal claims based on our legitimate interests.
  • In exceptional circumstances, to third parties to protect your vital interests if you fell ill or suffered an injury at one of our events or on our premises.

How long we keep your data

We only ever retain personal data for as long as is necessary for the purposes for which it was collected, and we have strict review and retention policies in place to meet these obligations. We keep personal data in accordance with our internal retention policies, which are determined in accordance with our regulatory obligations and good practice.