English

Information on Data Protection Law

 

Dear Sir or Madam,

 

Below, we would like to inform you pursuant to Articles 13 and 14 of the General Data Protection Regulation (GDPR) about the processing of the personal data attributable to you and/or your employees – where applicable – within our company.

As a precaution, we would like to point out that our company only processes business contact data obtained from public sources or provided by you.

Business contact data is generally not considered personal data, but may in some cases have a reference to natural persons. This may particularly be the case when contact details of contact persons, case handlers, legal representatives, etc. are provided or arise from correspondence.

Controller responsible for data processing

Hoist Finance AB (publ)
P.O. Box 7848
SE-103 99 Stockholm

Contact details of the Data Protection Officer

Hoist Finance AB (publ)
– Data Protection Officer –
Schifferstraße 80
47059 Duisburg

or via email: datenschutzbeauftragter@hoistfinance.com

Purposes of Processing and Legal Basis

Data is processed exclusively for the purpose of conducting correspondence and related purposes, such as debt realisation, claims management, legal defence/enforcement, payment processing, invoicing, as well as handling your request or that of your client/principal.
The processing of your data is necessary pursuant to Art. 6 (1) b) GDPR for the handling of the respective claims matter and/or according to Art. 6 (1) f) GDPR for the protection of our legitimate interest in orderly and efficient correspondence with you.

Categories of Data

We may process the following categories of data: personal master data, communication data, payment information, account information, company data, as well as special data (e.g. legal guardianship).

Source of Data

Data from the aforementioned categories – where applicable – has been taken from public sources such as business websites, industry directories, public registers, etc., and stored. If necessary, correspondence between you and our company was used to complete your data or identify a direct contact person.

Storage Period

After the conclusion of the matter at hand, we review after three years whether we still require your data and whether statutory retention obligations prevent deletion.

Immediate deletion is usually not possible due to legal retention obligations that must be observed. These retention periods, as anchored for example in the German Fiscal Code (AO) §147 and the German Commercial Code (HGB) §257, range from 6 to 10 years after the completion of the respective matter.

Categories of Recipients

In the context of correspondence, we may transfer personal data to the following categories of recipients, where necessary for proper handling:
Address service providers, credit agencies, guardians, service providers, third-party debtors, residents’ registration offices, investigative authorities, courts, bailiffs, insolvency administrators, lawyers, other authorised representatives, other entities legally permitted to receive such data.

Data Transfers to Third Countries

As a rule, your personal data is processed exclusively within the EU or EEA or in countries deemed by the European Commission to provide an adequate level of data protection.

However, your data may also be processed outside the EU/EEA in countries whose data protection level does not yet meet the standards of the GDPR.
In all cases where data is transferred to a third country, our company has implemented technical, organisational, and contractual safeguards to ensure the security and adequate protection of your data at all times.

Transfers to countries without an adequacy decision or outside the EU/EEA are governed by the Standard Contractual Clauses adopted by the European Commission.
A copy of these clauses can be provided to you upon request.

General Rights of Data Subjects

Access:
Pursuant to Art. 15 GDPR, you have the right to request information on the personal data concerning you that is processed by us. Please address such requests to the Data Protection Officer (see above).

Rectification:
If you identify any inaccuracies or incompleteness in your data, you have the right to request rectification or completion pursuant to Art. 16 GDPR.

Erasure & Restriction of Processing:
Under the conditions of Art. 17 and Art. 18 GDPR, you have the right to request the erasure or restriction of processing of your personal data.

Data Portability:
You also have the right to data portability.

Objection:
In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data, unless the processing is carried out pursuant to Art. 21 (1) GDPR for compelling legitimate reasons overriding your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.

Automated Decision-Making Including Profiling

Our company currently does not use any automated decision-making processes, including profiling, within the meaning of Art. 22 GDPR.

Supervisory Authority Complaints

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data is unlawful.
The supervisory authorities responsible for our company are:

The State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf

or

Integritetsskyddsmyndigheten (IMY)
Box 8114
SE – Sweden – 104 20 Stockholm

or

Supervision under the
Legal Services Act (RDG)

Federal Office of Justice
Department VII 5 (RDG)
Adenauerallee 99-103
53113 Bonn
Email: rdg@bfj.bund.de

A complaint may also be lodged with any other data protection authority, for example the authority responsible for your federal state (if different).

If you have any further questions, we are happy to assist you.

Oh no...Your browser is not supported...