2. Personal data controller
The personal data controller is Julianus Inkasso, registry code 10686553, legal address A. Weizenbergi 20, 10150 Tallinn. Julianus Inkasso can be contacted by phone at +372 681 4400 or by e-mail at firstname.lastname@example.org.
Julianus Inkasso’s data protection specialist can be reached by e-mail at email@example.com.
3. Purposes of and legal bases for the processing of personal data
Provision of debt collection services and purchasing of debt claims
3.1. Julianus Inkasso specialises in the provision of debt collection services to creditors. This means that Julianus Inkasso helps creditors to recover the money owed to them without acquiring the claims for itself. Julianus Inkasso processes personal data relating to debt claims and debtors under an agreement with the client for the purpose of the performance of that agreement on the basis of point (b) of Article 6(1) of the GDPR. In such cases, Julianus Inkasso acts as a data processor, while the creditor remains the data controller, as the claim is not transferred to Julianus Inkasso.
3.2. Julianus Inkasso also buys debt claims from clients, in which case Julianus Inkasso becomes the creditor. In such cases, Julianus Inkasso processes personal data under the agreement transferred to Julianus Inkasso for the purpose of the performance of that agreement on the basis of point (b) of Article 6(1) of the GDPR.
3.3. In the course of these activities, Julianus Inkasso processes the contact details of clients (creditors) who are natural persons, board members or employees of clients (creditors) who are legal persons, debtors who are natural persons, board members of debtors who are legal persons, third parties involved in the debt proceedings (e.g., persons who make debt payments on behalf of the debtor), related persons, and guarantors, as well as data relating to the purchased or processed claim.
3.4. In the provision of debt collection services and purchasing of debt claims, Julianus Inkasso also processes data relating to the financial situation and payment behaviour of debtors who are natural persons. This information may be collected from the debtor, the creditor, or public sources, such as the Estonian Land Register and the official state publication ‘Ametlikud Teadaanded’.
3.5 Julianus Inkasso may publish information about debtors’ payment defaults on the Wall of Shame on Julianus Inkasso’s website (https://www.julianus.ee/debtors) as well as submit such information for publication on the websites taust.ee (owned by Krediidiregister OÜ) and creditinfo.ee (owned by Creditinfo Eesti AS) in the interests of transaction reliability and in accordance with the GDPR, the Personal Data Protection Act of the Republic of Estonia, and the current guidelines of the Data Protection Inspectorate.
3.6. Julianus Inkasso may transmit data related to debt claims and payment defaults to other members of its group of companies, as well as the enterprise Julianuse Õigusbüroo OÜ, who is a provider of creditor representation services in judicial and enforcement proceedings. In addition, Julianus Inkasso may submit its own debt claims and those of its clients’ for collection to its partners belonging to the European Collectors Association, subject to the applicable requirements and security measures. Julianus Inkasso’s daily operations involve the use of software applications whose providers are required to implement agreed measures for the protection of personal data.
3.7. Julianus Inkasso retains personal data relating to the provision of collection services and the acquisition of debt claims and collection of debts for 15 years pursuant to the combined effect of subsection (4) (ten years) of § 146 ‘Limitation period for claim arising from transaction’ of the General Part of the Civil Code Act and clause 10 (2) 5) (five years) of the Personal Data Protection Act.
Inspection, protection and verification
3.8 Julianus Inkasso has the right to collect feedback from both their clients and debtors. Julianus Inkasso does record incoming and outgoing telephone calls and e-mails for quality assurances, to identify possible data privacy violations, to solve complaints, to submit and/or defend any entitlement claims. Personalised feedback is only retained until necessary according to the circumstances, but for no longer than 10 years from the date of the collection of feedback.
Enquiries from potential clients
3.9 Julianus Inkasso responds to enquiries from potential clients prior to the start of the client relationship for the purpose of pre-contractual negotiations on the basis of point (b) of Article 6(1) of the GDPR. Data collected through such enquiries shall be retained for no more than 10 years from the submission of the enquiry, as per the limitation period for potential legal claims.
Communication with suppliers
3.10 Julianus Inkasso may purchase services and products from suppliers. In order to perform the agreement entered into with the supplier, Julianus Inkasso processes the contact details of the supplier’s contact person on the basis of point (b) of Article 6(1) of the GDPR. The supplier’s contact details shall be retained for no more than 10 years from the delivery of the products or the provision of the service, as per the limitation period for potential legal claims.
Execution of individuals’ data protection requests
3.11 For the purpose of the execution of an individual’s data protection requests, Julianus Inkasso processes the personal data of the data subject on the basis of Articles 15 and 20 of the GDPR. Personal data shall be disclosed to the person whose data have been processed and, in the case of a request for data transmission, also to the third party to whom the data has been requested to be transmitted. Such requests and the related correspondence shall be retained for up to 10 years from the execution of the data protection request or the reasoned refusal to execute the request.
Responding to enquiries from state authorities
3.12 Julianus Inkasso may disclose personal data to state agencies (the police, security agencies, the prosecutor’s office, etc.) and courts in order to respond to their enquiries. Such enquiries and the related correspondence and documents shall be retained for up to 10 years from the execution of the data protection request or the reasoned refusal to execute the request.
4. Data protection rights of individuals
4.1 Under the GDPR, individuals have the right to access their personal data and receive a copy thereof, the right to request that their personal data be transmitted to another data controller, the right to request that their personal data be erased, rectified, or supplemented, the right to request restriction of the processing of their personal data, and the right to object to the processing of their personal data. These data protection rights are not unlimited, and for each request, Julianus Inkasso must assess whether and to what extent data protection legislation allows the request to be fulfilled. For example, Julianus Inkasso will not erase data related to debt claims and payment defaults, because the processing of these data is necessary for the establishment, exercise, and defence of legal claims. Pursuant to the GDPR, this is a valid ground for refusal to erase the data.
4.2 Individuals who wish to exercise their data protection rights should notify Julianus Inkasso by e-mail at firstname.lastname@example.org. To do so, we recommend using the data protection request form provided for this purpose.
4.3 If you believe that Julianus Inkasso has violated the GDPR or other personal data legislation, please contact us by e-mail at email@example.com. If you are unhappy with the way Julianus Inkasso has handled your complaint, you have the right to file a complaint with the Data Protection Inspectorate. The Data Protection Inspectorate can be contacted as follows: by phone at +372 627 4135; by e-mail at firstname.lastname@example.org; by mail at Tatari 39, Tallinn 10134.