DATA PROTECTION POLICY OF JULIANUS INKASSO
1. PURPOSE OF DATA PROTECTION POLICY
The purpose of the data protection policy is to provide people whose personal data Julianus Inkasso OÜ (“Julianus Inkasso”) processes in its everyday activities with information about which personal data, how and for which purpose Julianus Inkasso processes and what the people’s rights concerning their personal data being processed are.
Disclosure of the data protection policy fulfils the notification obligation arising from Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“the General Data Protection Regulation”).
2. CONTROLLER OF PERSONAL DATA
The registry code of Julianus Inkasso as the controller of personal data is 10686553 and its legal address is A. Weizenbergi St 20, 10150 Tallinn. Its telephone number is +372 6814400 and e-mail address is firstname.lastname@example.org.
Julianus Inkasso has appointed Mari Matjus, Attorney-at-Law of Law Office NOVE OÜ, as their data protection specialist. The e-mail address of the data protection specialist is email@example.com.
3. PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA
Providing debt collection service and purchasing debt claims
3.1 Julianus Inkasso has specialised in debt collection service, i.e. provision of the debt claim recovery service to creditors. This means that Julianus Inkasso helps creditors receive their debts, but does not acquire the claim themselves. Julianus Inkasso processes personal data related to debt claims and debtors on the basis of a contract entered into with their client for the performance of such a contract, relying on Article 6(1)(b) of the General Data Protection Regulation. In such a case, Julianus Inkasso acts as a processor and the creditor continues to be the controller of the data as the claim is not assigned.
3.2 Julianus Inkasso also purchases clients’ debt claims, becoming themselves the creditor. In such a case, Julianus Inkasso processes personal data on the basis of an assigned contract for the performance of such a contract, relying on Article 6(1)(b) of the General Data Protection Regulation.
3.3 In the course of these activities, Julianus Inkasso processes the contact details of a client (creditor) who is a natural person, a member of the management board or an employee of a client (creditor) who is a legal person, a debtor who is a natural person and a member of the management board of a debtor who is a legal person, a third party related to the debt proceedings (e.g. the person who pays the debt instead of the debtor), related party and surety as well as data related to the claim being purchased or processed.
3.4 Upon providing the debt claim recovery service and purchasing debt claims, Julianus Inkasso also processes data related to the financial situation and payment behaviour of a debtor who is a natural person. These data originate from the debtor themselves, from the creditor and from public sources, such as the land register and the Ametlikud Teadaanded official publication.
3.5 Julianus Inkasso may disclose the debtor’s payment default data on the wall of shame on the website of Julianus Inkasso at http://www.julianus.ee/debtors and transmit these for disclosure in the taust.ee web (Krediidiregister OÜ) and the creditinfo.ee web (Creditinfo Eesti AS) in the interests of reliability of the transaction turnover and in compliance with the General Data Protection Regulation, the Personal Data Protection Act and the effective guidelines of the Data Protection Inspectorate.
3.6 Julianus Inkasso may transmit data related to debt claims as well as payment default data to companies that belong in the same group and to OÜ Castovanni, which also provides debt collection service, and to OÜ Julianuse Õigusbüroo, which provides the service of representing creditors in judicial and enforcement proceedings. Julianus Inkasso also may transmit their own or their clients’ debt claims for recovery to their cooperation partners who are members of the European Collectors Association in foreign countries, adhering to the requirements necessary to this end and applying security measures. In their everyday work, Julianus Inkasso uses software programmes the providers of which adhere to the agreed measures for ensuring the protection of personal data.
3.7 Julianus Inkasso retains personal data related to the provision of the collection service and acquisition and recovery of debt claims for 13 years, arising from the combined effect of subsection 146 (4) “Limitation period for claim arising from transaction” (ten years) of the General Part of the Civil Code Act and clause 11 (7) 4) (three years) of the Personal Data Protection Act.
Service quality control and improvement
3.8 Julianus Inkasso has the right to collect feedback from both their clients and debtors. Personalised feedback is only retained until necessary according to the circumstances, but for no longer than 10 years of the collection of feedback.
Queries from potential clients
3.9 Julianus Inkasso responds to queries made by potential clients before the start of client relationship for holding pre-contractual negotiations on the basis of Article 6(1)(b) of the General Data Protection Regulation. Julianus Inkasso retains data obtained through queries no more than for ten years of making the query, arising from the limitation period for a possible legal claim.
Communication with suppliers
3.10 Julianus Inkasso may purchase services and products from suppliers. To perform a contract entered into with a supplier on the basis of Article 6(1)(b) of the General Data Protection Regulation, Julianus Inkasso processes contact details of the supplier’s contact person. The details of the supplier’s contact person are retained no longer than for ten years of the delivery of products or provision of services, arising from the limitation period of possible legal claims.
Filling in person’s data protection request
3.11 To fill in a person’s data protection request, Julianus Inkasso processes personal data of the data subject on the basis of Articles 15 and 20 of the General Data Protection Regulation. Personal data are disclosed to the person whose data have been processed and, in the case of a data portability request, also to the third party to whom the transmission of the data is requested. The request and related correspondence are retained for up to ten years of the fulfilment of the data protection requirement or of a justified refusal to do that
Fulfilment of queries from the state
3.12 To fulfil information queries from state authorities and courts, Julianus Inkasso may issue personal data to state authorities (the police, security authorities, prosecutor’s office, etc.) and courts on the basis of a legal act that obliges the issue of data. The query and related correspondence and documents are retained for up to ten years of the fulfilment of the data protection requirement or of justified refusal to do that.
4. DATA PROTECTION RIGHTS OF PEOPLE
4.1 Pursuant to the General Data Protection Regulation, people have the right to access their personal data and receive a copy of their personal data, the right to demand the portability of their personal data to another controller, the right to demand the erasure, rectification or supplementation of their personal data and the restriction of processing their personal data and to object to processing. These data protection rights are not unlimited and Julianus Inkasso must assess in the case of each request whether and to which extent data protection legislation allows the compliance with the submitted request. For example, Julianus Inkasso does not erase data related to debt claims and payment default data because processing such data is necessary for drawing up, filing and defending legal claims. This serves, pursuant to the General Data Protection Regulation, as a basis for a refusal to erase.
4.2 To exercise these rights, Julianus Inkasso asks to notify of such wish by sending an e-mail to firstname.lastname@example.org. It is recommended that the data protection request form prescribed to this end be used.
4.3 If a person is concerned about an alleged breach of the General Data Protection Regulation or another legal act related to personal data in Julianus Inkasso, Julianus Inkasso again asks to send an e-mail to email@example.com. If a person is not satisfied with how Julianus Inkasso resolved their complaint, the person has the right to file a complaint with the Data Protection Inspectorate. The contact details of the Data Protection Inspectorate are as follows: telephone +372 627 4135; e-mail address firstname.lastname@example.org; postal address Väike-Ameerika 19, Tallinn 10129.