Privacy statement

Controller

CreditVisor Oy 

Business ID 3126049-7 
Laivakatu 3, 00150 Helsinki
E-mail: tietosuoja@creditvisor.fi

Privacy statement updated on 31 May 2020

Purpose and lawful basis of processing personal data

We process personal data in order to provide invoicing and debt collection services and for marketing purposes. The processing of personal data is always based on either the consent of the data subject, an assignment, the law or a justified benefit. Data is saved only to the extent and for as long as necessary in view of the purpose of processing or for meeting our statutory obligations.

Our customer register contains the information of clients’ and client companies’ contact persons that we need for fulfilling and delivering on our contracts and identifying the customers. We receive the data from the data subjects themselves, the employers of data subjects or from public sources, such as the Finnish Trade Register.

We process the personal data of customers (the object of debt collection) in order to carry out our invoicing or debt collection assignments and meet our statutory obligations.

Situations in which personal data is processed in order to carry out invoicing and debt collection assignments:

  • identifying the customer
  • delivering invoices, payment reminders, payment demands and payment schedule information
  • customer service, including the handling of contacts and feedback and the saving of information related to the contacts
  • solvency assessment
  • accurate allocation and timing of debt collection measures and effectiveness monitoring
  • managing legal proceedings and recovery proceedings
  • contacts with authorities and courts
  • payment handling
  • accounts and reporting to clients
  • returning excess payments to customers
  • meeting the statutory data retention times and other obligations
  • developing and testing services, business and systems.

1. Content of the data file

  1. We process personal data as necessary for the situation in question. Our data file can include the customer’s personal identity number or business ID, address and other contact information, native language, representative’s information, description of the invoice and debt, credit information, solvency information and assessments, court rulings and recovery proceedings, and information about contacting, customer service transactions, invoices, debt collection and payments.

We do not process special groups of personal data (so-called sensitive data), unless this has been agreed upon with you or unless necessary for presenting or defending legal claims. It might be in your best interests to notify us of matters that affect your ability to pay, such as an illness or disability. In this case, we can agree on, for example, an extended payment schedule or breaks or other changes in the payment arrangements. This information is only used with your express and documented consent.

2. Storage and protection of personal data

We protect the personal data we process against misuse, loss and other unlawful access with up-to-date, appropriate organisational and technical protection means. Examples of technical data protection means include access right management, firewalls, and the use of various encryption methods and protected networks in our daily operations. Our hardware and premises are also safe from the point of view of the processing of personal data. Our data centre has round-the-clock video surveillance.

In our organisation, we restrict access to your personal data through access right control and access management. Your personal data is only processed by employees whose role includes processing and who are justified to process personal data because of their duties. All our personnel have signed non-disclosure agreements.

3. Personal data retention period

We store personal data only for as long as necessary for the purpose of the processing. For example, for as long as the customer relationship continues. Shorter or longer retention periods can be specified in legislation. For instance, information related to debt collection must be stored for five years after the end of the collection activities, regardless of the specific purpose of the information.

4. Disclosure and transfer of personal data

We may disclose personal data to our service providers whose right to process the data is only limited to the extent of the services they provide. These service providers include mail carrier, communications and advocacy services. We also disclose personal data to credit rating operators (such as Asiakastieto Oy and Bisnode Finland Oy) and to authorities, when permitted by legislation.

If you move abroad, your data can be disclosed to local debt collection operators in order to carry our the collection activities. In this case, only the necessary personal data is disclosed to the foreign country. In general, personal data is not disclosed outside the European Economic Area.

Personal data may be disclosed to third parties also if you have given your consent to the disclosure.

5. Automated decision-making

We may use automated decision-making to avoid unnecessary costs and select the best debt collection method. As part of automated decision-making, we can use scoring to decide the further processing of your case.

According to our understanding, the automated decision-making used for debt collection does not have notable consequences for the customer, such as legal consequences. The decision-making does not affect your existing contract or your contractual obligations and rights.

You have the right to request human participation in the processing or your data and a re-assessment of your scoring, if you feel that your case was not handled fairly.

6. Rights of the data subject

You have the right to know how your personal data is processed. This applies, for example, to the following:

  • Why we process your personal data
  • Who we disclose your personal data to
  • How long do we store your personal data
  • Where did we receive your personal data from

7. Changes to the privacy statement

We reserve the right to change this statement in connection with the development of our operations, changes to the processing or personal data or legislative amendments, ensuring that our privacy always complies with legislation.