DATA PROTECTION
1. PROCESSING OF PERSONAL DATA
Confirmación de Solicitudes de Crédito Verifica, S.A.U.’s (“VERIFICA”) primary business is Debt Collection. In this regard, it is necessary to process personal data, which protection is essential, and we pay close attention to the fulfilment of our obligations under the General Data Protection Regulation (“GDPR”) and the Spanish Organic Law of Data Protection and Guarantee of Digital Rights (LOPDGDD).
VERIFICA acts as the controller or co-controller of the processing in those cases where it has the ownership of the debt files or occupies the position of the current creditor. In this case, the obligations present in this Privacy Policy could be addressed to both co-responsible parties:
- Confirmación de Solicitudes de Crédito Verifica, S.A.U. trade register no.: A84727809; contact details: Calle Eucalipto 33, 28016, Madrid.
- Ultimo Portfolio Investment S.A. trade register no.: LU 209 703 19; contact details: 9, rue Joseph Junck, L-1839 Luxembourg.
- Data Protection Officer: contact details: Data Protection Officer form ( https://www.verifica-sa.com/en/data-protection ).
We want to help you understand how we collect, use, store, share, and process your personal information based on this privacy policy; additionally, what personal information we process and why we process them.
2. HOW WE COLLECT YOUR PERSONAL DATA FROM:
- From the assignment agreement whereby, we acquire the position of the creditor on your receivable;
- Persons authorized to communicate with us on your behalf (e.g., lawyers, debt counsellors, etc.);
- Public institutions and government bodies, etc., which perform a service of general interest;
- Databases that are publicly available or based on a contractual relationship (external sources) ensure that the information we have about you is kept up to date. By external sources is meant public institutions, public registers, electronic databases;
- Directly from you or in some cases from others - primarily related to the collection of claims and repayment of any overpayments.
3. WE PROCESS THE FOLLOWING CATEGORIES OF PERSONAL INFORMATION:
- Personal identification: first and last name, identification number, date of birth, domicile address, e-mail, phone numbers, recording of your voice.
- Financial information: receivable’s value and interests, economic situation.
- Sensitive information: health data provided by you and when it is required by law.
- Internet communicators ID, WhatsApp ID.
- Asset information: identification of the assets registered to secure the receivable.
- Any other relevant information gathered during the amicable collection process or legal proceeding.
4. VERFICA PROCESSES YOUR PERSONAL INFORMATION ONLY TO THE EXTENT THIS INFORMATION IS NECESSARY FOR AND BASED ON THE FOLLOWING LEGAL BASIS:
PURPOSES | LEGAL BASIS |
Providing the debt collection process |
|
Reporting and checking your financial situation published on the creditworthiness files |
|
Analysis of your financial situation and source of income so that we can assess your repayment ability, as well as find a solution that is appropriate for your individual situation |
|
Communication and correct identification |
|
Implementing legal procedures for the collection of claims and finding favourable solutions for all parties |
|
Processing and answering your inquiries |
|
Accomplishing the scope of the internal and external audits |
|
Conducting surveys on the quality of our collection management |
|
The valuation of new non-performing loan portfolios |
|
Responding to requests from government agencies or other public authorities |
|
Optimization of the debt collection process, including profiling |
|
Including your personal data (contact details and financial information) in the creditworthiness files ASNEF – EQUIFAX and EXPERIAN. |
|
Managing of third-party payments |
|
Self-service debt platform |
|
Whistleblowing Channel |
|
5. TRANSFER OF DATA TO THIRD COUNTRIES
During the processing, personal data could be transferred outside the European Economic Area (EEA) to the third countries, which are not subject to the European Commission adequacy decision. Additionally, under certain conditions, processors acting on behalf of VERFICA may transfer personal data outside the EEA, as well. In such cases, the personal data will be transferred in compliance with the General Data Protection Regulation articles 46, 47, or 49(1), especially, Standard Contractual Clauses with further security measures applied. The information about the transfers can be obtained through contact on the following form: https://www.verifica-sa.com/es/proteccion-de-datos.
6. PROFILING
Regarding the GDPR art. 6(1)f, on the legal base of the legitimate interest to the extent necessary to effectively perform debt recovery, gathered personal data described in the notice, including liability, economic situation, history of repayments, contacts related to the debt settlement, behavioural information created in the debt collection process, can be used for the profiling based on statistical models and expert rules. As a result, the decision on the method of the debt collection may be made, in particular, what form the communication process will be taken, what settlement offers will be selected, and what amicable and judicial measures will be applied.
Be also informed that you have the right to object to the profiling on grounds relating to your particular situation. In that case, please provide the information on the following form: https://www.verifica-sa.com/es/proteccion-de-datos .
7. WHO IS THE RECIPIENT OF YOUR PERSONAL DATA
During the debt collection process execution, it may be necessary to transfer your personal data to business partners, like IT providers, B2Holding Group companies to which VERIFICA belongs, law firms, bailiffs, public bodies such as courts or address registers, debt registers, which support the process. In addition, we may also disclose personal information when we are legally obliged to do so or if permitted by law.
Here are a few examples:
- lawyers or other legal representatives;
- public bodies such as the courts and supervisory authorities;
- debt registers such as ASNEF-EQUIFAX and EXPERIAN.
- financial, Information technology and legal providers that help us improve our services or develop, implement or manage business systems or operational processes;
- auction house; and
- others engaged in the debt collection process.
8. RETENTION PERIOD
The personal data will be processed for a period of six (6) years from the day the debt collection process is closed, according to Commercial Code regulation. However, if particular circumstances are justified, the period could be extended up to fifteen (15) years. Additionally, the personal data could also be processed as long as required to secure the legitimate interest of VERIFICA in case of any litigation.
9. DATA SUBJECTS RIGHTS
As the data subject, you are protected by the following rights under the GDPR:
- Right of access to your personal data: you may request information about the personal data we process;
- Right to rectification: you may request the modification of data that is inaccurate or incomplete;
- Right to object: you may request the termination of the processing of your data under the legally established requirements. You may also revoke the consent previously given at any time.
- Right to restriction of processing: you may request that measures be applied to the data in order, among other things, to prevent their modification or, where appropriate, their erasure or deletion.
- Right to erasure: you may revoke the consent given and request the erasure of your personal data; and
- Right to data portability: you may request that your information be provided in a clear and structured format to another data controller.
To execute the rights, please contact on the following form: https://www.verifica-sa.com/es/proteccion-de-datos . You can also contact by regular mail to Calle Eucalipto 33, 28016, Madrid.
Additionally, each data subject in a case related to personal data processing has the right to file a complaint to the Spanish Data Protection Agency - https://www.aepd.es/es , or Luxemburgish Data Protection Agency - https://cnpd.public.lu , in case of joint-controlling.