Privacy Policy (Debtors)

1. What is a privacy policy?

1.1 In our privacy policy we explain who is responsible for the personal data processing that takes place in our organisation. We also describe which personal data about you is processed when we receive data about you or when you provide data to us in various situations, how we process the personal data, why we do it and on what legal basis we justify the processing. We also explain which external parties may be processing personal data about you. You also receive information about your rights when it comes to our processing of your personal data and about how you can proceed to exercise your rights.

1.2 We will only process the personal data about you that is necessary for the purposes set out in this privacy policy. We have procedures describing how we store and anonymise personal data in order to make sure on an ongoing basis that your personal data will always be correct and relevant. You can read more below about how processing takes place and which data is processed.

2. Important terms

2.1 Here are explanations of some important terms that can be useful to know in order to understand our privacy policy:

a. “Personal data” means any data that relates to a natural person who can be directly or indirectly identified with the aid of this data; for example a name, an ID number such as a personal ID number, location data, an online identifier such as an IP address or one or more factors that are specific to the natural person’s identity.

b. “Processing” means a measure or a combination of measures carried out with personal data; for example collection, registration, organisation, structuring, storage, processing or modification, production, reading, use, disclosure through transfer, dissemination or provision in another way, adjustment or merging, restriction, erasure or destruction.

c. “Controller” is the party that either solely or in conjunction with another party determines the purpose and means of the processing of personal data and is responsible for ensuring that the processing takes place in accordance with applicable data protection regulations.

d. “Data protection regulations” GDPR stands for the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) and is a European data protection regulation that became directly applicable on 25 May 2018 for all Member States, but also for those countries that in any way process personal data belonging to a natural person in the EU/EEA. The purpose of GDPR is to protect the personal data of natural persons. In addition to the aforementioned regulation, Sweden has also enacted supplementary legislation (Swedish Act (2018:218) with Supplementing Provisions to the EU’s General Data Protection Regulation). When we mention “the data protection regulations” in this privacy policy, we refer to both of the above regulations.

3. Who is responsible for the processing and do you guarantee that personal data is handled securely?

3.1 Axactor Sweden AB, corporate ID number 556717-2597, is the controller for the processing of your personal data in certain cases, in communication and in relation to those who are any of the following data subjects:

a. Representative of a potential, existing or former customer, business partner or supplier;

b. Representative of a government agency;

c. Job applicant; or

d. Anyone else, e.g. a visitor to our website, the representative of a debtor or a close relative of an employee of ours.

In this text, Axactor Sweden AB is referred to as “we” and those who are any of the data subjects described above as “you”.

3.2 We are obliged to carry out appropriate technical and organisational measures in order to guarantee and be able to show that our processing takes place in accordance with the data protection regulations. We have carried out many appropriate measures in order to guarantee that unauthorised parties do not gain access to your personal data.

4. Source of your personal data

We gain access to your personal data primarily directly from you or from the company or the organisation you represent. Either if you are in contact with us on behalf of your company or your organisation, or if you are designated by your employer as a representative of the company or organisation that you represent. We also have access to your personal data from companies that are part of the Axactor Group. If we believe that you are representing a potential customer, we may also obtain your personal data from the Internet, public registers or social media. If you interact with us via our website, personal data may be obtained from there.

5. Purpose and intention of personal data collection

We process your personal data in order to effectively carry out our assignment and other activities. We process personal data about you in order to handle and make decisions in debt collection and/or monitoring cases in relation to you for the purpose of collecting the debt you owe us or our client. We may process your personal data in connection with legal disputes and complaint handling. We process personal data about you in order to fulfill our accounting obligations, anti-money laundering obligations, data protection obligations, and other legal obligations incumbent upon us. We process your personal data in order to develop our business and thereby streamline the debt collection process. We may process your personal data in order to maintain and ensure the quality of the assignments we perform and to ensure the functioning of our IT environment. We process your personal data in order to administer incoming payments and to conduct our business in general. We may also process some of your personal data to evaluate a claim if we are considering purchasing it. The above description is therefore the purpose and aim of our processing of your personal data.

6. Special categories of personal data

6.1 Special personal data means personal data that reveals race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic data, biometric data to clearly identify a natural person or data about health or about a natural person’s sex life or sexual orientation.

6.2 Unless otherwise agreed with you or if the processing is necessary for the establishment, exercising or defence of legal claims, we will not process special personal data about you.

6.3 If you are applying for a job at Axactor we may under certain circumstances process special personal data, such as data about ethnic origin or information about gender, to help us make sure that we have a diverse group of candidates and employees.

6.4 If you attend an Axactor event we may ask you to tell us about allergies or similar issues that are relevant for your well-being when you attend.

7. How long do we store your personal data?

7.1 We process your personal data for as long as it is necessary to fulfil the above purposes in order to process the information. This does not apply, however, if storage is required by law for longer than the purpose requires.

7.2 Other items of personal data that are not necessary in order to fulfil the above purposes but that you voluntarily disclose to us and for which you have given us consent to use will be processed for as long as the data is required for its purpose, although never beyond the time when you withdraw your consent.

7.3 The processing of anonymised data, i.e. data that cannot be linked directly or indirectly to a natural person, is not covered by the limitations described in this privacy policy.

8. To whom may your personal data be disclosed?

8.1 The personal data about you that we process will be processed primarily within Axactor and companies in the same Group as us, although it may also be passed on to external recipients. These recipients only have access to your personal data in order to carry out their assignment and to meet their commitments to us. Nor do these recipients have the right to use the personal data for any other purposes than those described in this privacy policy. If we use a processor to process your personal data for us, we make sure that we have concluded what is referred to as a data protection agreement with them so that we can guarantee that your personal data will be processed correctly and securely. Your personal data is shared with, among others, the following recipients:

a. We share your personal data with our suppliers such as, for example, our agents, lawyers, consultants who have committed to help us with, for example, our business processes, and other suppliers in areas such as printing and postal services. If you are a job applicant, these suppliers may also be our recruitment agencies or suppliers that provide services in the area of competence and personality testing.

b. We share your personal data with our IT suppliers in order to have an effective IT structure and to manage data storage services.

c. Government agencies so that we can fulfil, for example, our legal obligations by such means as combating money-laundering or other criminal activities.

8.2 If you would like to find out more about how and why your personal data is shared with these recipients, you can contact us via the contact details provided under “Feel free to contact us”.

9. Where is your personal data stored?

9.1 As we are part of the Axactor Group, we may transfer your personal data to another country. Your personal data is stored primarily in IT infrastructure on our premises or provided by one of our processors. In cases where your personal data is transferred to another country, we make sure that there are appropriate protective measures in order to comply with the data protection regulations.

9.2 The personal data will as a rule be handled and stored within the EU/EEA. In the event that we need to handle legal claims in a country outside the EU/EEA, the data may, however, be transferred to this country. We also use third-party suppliers outside the EU/EEA that may access your data, including but not limited to the USA. We will never transfer your personal data outside the EU/EEA without guaranteeing the security and protection of your personal data. We therefore make sure that all recipients have signed the EU’s standard clauses in order to justify the transfer and to make sure that the country in question guarantees satisfactory protection in accordance with the data protection regulations. We may also transfer your personal data if it is required by law.

10. Are you the subject of profiling or automated decisions?

10.1 Profiling means the automatic processing of personal data that is used to assess certain personal properties in a natural person, in particular in order to analyse or predict, for example, this person’s financial situation, personal preferences, interests and location.

10.2 If you are defined as a data subject in this privacy policy, you will not be the subject of profiling or automated decisions as described in the data protection regulations.

11. Your rights

11.1 You have certain rights in respect of the processing of your personal data; these are described in more detail below. To exercise your rights or submit any questions you might have about your rights, you are welcome to contact us via the contact details provided under “Feel free to contact us”.

a. Access. You have the right to receive a confirmation of whether we are processing your personal data, and if we are doing so you also have the right to receive information about how we are processing this and to receive a copy of your personal data. To be more specific, this means that you have the right to receive information about why we are processing your personal data and how we performed a possible balancing of interests in order to process your personal data, which categories of personal data we are processing, which parties we are sharing your personal data with, how long we store your personal data and criteria for performing the assessment of the storage time, what rights you have, from which parties we receive your personal data (if we did not receive it from you) and whether the processing of your personal data includes any automated decision-making, so-called profiling, and whether your personal data has been transferred to a country outside the EEA, and in such cases how we guarantee the satisfactory security of your personal data. For any additional copies over and above those that you have the right to receive free of charge, we will make an administrative charge corresponding to the costs we incur in sending the additional copies to you.

b. Rectification. You have the right to the rectification of any incorrect personal data relating to you and to ask us to supplement any incomplete personal data.

c. Erasure (the right to be forgotten). In certain circumstances you have the right to request the erasure of your personal data. Such circumstances exist, for example, if the personal data is no longer necessary for the purposes for which it was collected or processed, or if you withdraw your consent on which the processing was based and there is no other legal basis for the processing activity.

d. Restriction. You also have the right to request that we restrict our processing of your personal data. Such circumstances exist, for example, if you are contesting the correctness of the data or if the processing is illegal and you object to the personal data being erased but instead request a restriction in the use of the personal data.

e. Data portability. You have the right to ask us to transfer some of your personal data that we hold about you to another company or your organisation in a structured, commonly used and machine-readable format (data portability). The right to data portability applies for personal data that you have submitted to us and where processing is based on your consent and is automated. You also have the right to transfer the personal data directly from us to another controller if this is technically possible.

f. Objection. You have the right at any time to object to the processing of your personal data that is based on a balancing of interests and specifically to our processing your personal data for marketing purposes. Find out more about what a balancing of interests means above. In certain cases, however, you do not have the right to object to processing on the basis of a balancing of interests (e.g. because we must store your personal data). This is the case if we can present binding, legitimate reasons that outweigh your interests, rights and freedoms, or if it is taking place in order to establish, exercise or defend legal claims.

g. Withdraw consent. You have the right to withdraw all or part of consent given for the processing of your personal data. The withdrawal of your consent takes effect once the withdrawal has taken place.

h. Submit complaints. You also have the right to submit complaints in respect of our processing of your personal data; see more about this under “Your right to submit a complaint”.

12. Your right to submit a complaint

12.1 Axactor Sweden AB, corporate ID number 556717-2597, takes privacy seriously. We therefore take very great care to ensure that your personal data will always be processed in a correct, secure way. If you have any questions about our processing of personal data, please feel free to contact us.

12.2 If you believe that our processing of personal data is incorrect, you have the right to submit a complaint to the Swedish Data Protection Authority, which is the supervisory authority in Sweden. More information is available at www.datainspektionen.se.

13. Feel free to contact us

13.1 If you would like to exercise your rights as described above or have any other questions about how we process your personal data, please make contact with us (Axactor Sweden AB, corporate ID number 556717-2597) as follows:

a. Post. Axactor Sweden AB, Att: Dataskydd, Nordstadstorget 6, SE-411 05 Göteborg.

b. Phone. Customer service can be contacted on tel. +46 (0)31-383 38 10.

c. Email. Customer service may be contacted at kundservice@axactor.com and our data protection officer at dataskydd@axactor.com

13.2 Bear in mind that email can be the subject of unauthorised eavesdropping, unauthorised additions and amendments, computer viruses or other kinds of manipulation. Before you send any confidential information to us, you should carefully consider the risks associated with sending sensitive information by email.

14. Changes to this privacy policy

14.1 We are constantly developing our services. We may therefore need to update our privacy policy from time to time. All changes to this privacy policy will be made available on our website, www.axactor.se.

This privacy policy was adopted by Axactor on 11/07/2019