We look after your personal data
100% transparency provides peace of mind
It is important to us that you feel informed and confident about our data processing - that we protect your privacy and that you know your rights. At Collectia, we treat all data confidentially and in accordance with the law. We want to be transparent and inform you what data we process and why. If you want to hear more about how we protect your data, you can contact us at gdpr@collectia.dk.
What is GDPR?
GDPR (The General Data Protection Regulation 2016/679) is an EU / EEA legislation that aims to improve companies' protection of customers, employees and other natural persons' data. Collectia is continuously audited in GDPR (ISAE 3000), which is your assurance that we process personal data securely and take good care of your information.
At Collectia, it is important to us that our clients and customers have confidence in us. In this privacy policy you can read about how we process personal data.
This privacy policy deals with Collectia's activities as a data controller. When Collectia provides invoice services to our customers, Collectia acts as a data processor and is subject to the terms and instructions set out in a data processing agreement entered into with our customer. Collectia's customer is responsible for ensuring that the customer can legally transfer personal data to Collectia and does so in accordance with applicable law and that Collectia can legally process such personal data in order to fulfill its obligations to the customer.
New rules have been introduced in the EU/EEA and Denmark with "Regulation (EU) 2016/679 of the European Parliament and of the Council" for the handling of personal data. In many areas, the rules are a continuation of existing legislation, but in some areas the rules have been tightened significantly.
This personal data policy establishes the framework for the processing of personal data at Collectia A/S, hereinafter referred to as Collectia. Furthermore, the personal data policy ensures ongoing control of compliance with the requirements of applicable legislation.
We are the data controller for the data we process about you. You can find our contact details below:
Collectia A/S
Abildager 11
2605 Brøndby
CVR number: 20015381
E-mail: gdpr@collectia.dk
Phone: 77 30 14 00
Questions about this privacy policy and GDPR in general should be sent to gdpr@collectia.dk.
(Our DPO can be contacted at dpo@sixtus-compliance.dk).
5.1 What types of personal data we process:
We only process general personal data about you. As a starting point, the data we process will relate to the company you are acting on behalf of. In addition, we will process your name, your contact information, your bank account information (for billing purposes) and possibly your address if this information appears in the CVR register and is associated with the company. We expect that your contact details are not private, but belong to your employer/workplace.
5.2 Objective:
Prior to a client agreement, there may be various discussions by email, telephone or chat. Collectia processes your information in this contact and for the assessment of your needs and thus for the assessment of correct product selection. When entering into a cooperation agreement, Collectia processes a wide range of information about you to ensure that a correct service is provided and that all parties and their contact persons are correctly identified. During the cooperation period, your information will be registered, updated and used if and to the extent that they are relevant to the solution of the tasks or for the client relationship in general. Information is also used to ensure the adaptation of communication, for support and for the improvement and development of services. Your information may also be processed in connection with registration for Collectia's newsletter.
5.3 The legal basis for our processing of your personal data follows from:
Our processing of your personal data is primarily based on our cooperation agreement and for the purpose of performing the task for which you have requested our assistance, cf. Article 6(1)(b) of the GDPR.
Our processing of your personal data may also be carried out on the basis of the rules on combating money laundering and terrorist financing and with the support of Article 6(1)(c) and (e) of the General Data Protection Regulation. The same will apply on the basis of other statutory obligations to which we are or may be subject.
Processing of your personal data may also take place on the basis of the balancing of interests rule in Article 6(1)(f) of the General Data Protection Regulation. The legitimate interest justifying the processing will be our interest in being able to identify you uniquely as our client, for example in connection with (but not limited to) the possible recovery of a financial debt or the safeguarding of our own interests in the event of any complaints or compensation cases.
If you own a business with personal liability, we use your CPR number on the basis of section 11(2)(4) of the Danish Data Protection Act, cf. section 7(1), cf. Article 9(2)(f) of the General Data Protection Regulation, which allows us to process data that you have provided yourself or where the processing is necessary for the establishment, exercise or defense of a legal claim. This is the case, for example, when one of your customers' assets is attached in connection with the processing in the enforcement court for the purpose of registering the attachment.
In addition, we may use your information in connection with your subscription to Collectia's newsletter. The processing is based on your consent and in accordance with Article 4, no. 11, cf. Article 7, and Article 6(1)(a) of the General Data Protection Regulation. You can unsubscribe from the newsletter at any time.
Our processing of your personal data takes place within the framework of the General Data Protection Regulation, the Administration of Justice Act, the Debt Collection Act, the Bookkeeping Act and other legislation that regulates or provides a framework for our performance of the assigned task.
5.4 Where your personal data originates from:
We receive your personal data primarily from you in connection with the conclusion and maintenance of the contractual relationship. This may be in writing, during telephone conversations or in the course of any meetings.
We will collect information on your general basic data such as name and address from publicly available databases on an ongoing basis. In this way, we ensure that the information is up to date and correct.
Where appropriate, we may choose to obtain information about your financial and personal circumstances ourselves from publicly available sources, including from databases and online social media.
In addition, we may collect your information in the following ways:
- when signing up to our newsletter
- via the CVR register
- via the CPR register
- via Statstidende, tinglysning.dk and similar registers
- via data verification agencies
- via social media, advertising and analytics providers and various publicly available databases/registers
- via browser cookies when using the website (read more about our cookie management policy at the following link: https://collectia.dk/infocenter/cookiepolitik/)
5.5 Beneficiaries or categories of beneficiaries:
We may disclose your personal data to the following recipients:
- The counterparty (your current/former customer) or their representative
- Courts and tribunals
- Our regular legal partners, including for any legal proceedings
- Lawyers or others who may appear on our behalf in civil, enforcement or bankruptcy court
- Carrier, locksmith or other craftsmen who may be engaged during the proceedings
- Translators or others whose services are required during the proceedings
- Your customer's landlord, the tax authorities or anyone else who needs to be informed of any attachment
- Auctioneer to be responsible for the forced sale of any seized asset
- Public authorities
- Credit reference agencies
Internally at Collectia, only those of our employees who have a work-related need to see your personal data have access to it.
Transfers to recipients in third countries, including international organizations:
We will not transfer your personal data to recipients outside Denmark, unless you yourself move abroad or it is necessary for the performance of the task.
We only transfer personal data to countries outside the EU and EEA (European Economic Area) if we have a lawful, reasonable and legitimate basis for doing so and we can ensure an adequate level of protection.
5.6 Storage of your personal data
Your personal data will be kept for the duration of the cooperation agreement. Therefore, at this stage, we cannot say how long we will keep your personal data. Most of your personal data will be deleted 12 months after the collaboration has ended. However, personal data covered by, among other things, the Danish Bookkeeping Act will not be deleted until after the current financial year plus 5 subsequent years, as they may have accounting relevance.
6.1 What types of personal data we process:
As a general rule, we only process general personal data about you.
The information we process about you may include (but does not necessarily include) the following:
- Name
- Address, e-mail, telephone and other contact data
- Information relating to the debt relationship
- Economic conditions
- Employment and social conditions
- Civil Registration Number
- Health conditions
- Possible criminal offences
If we process data relating to your health or other special/sensitive personal data, e.g. criminal law, this is done in order to establish the claim or carry out the recovery, or because you have shared the data with us or our client.
Your data will be registered and used in the case if it is relevant for the recovery of the debt.
6.2 Objective:
Collectia A/S collects information about you during the case processing on the basis of a legitimate interest in obtaining payment of the debt. The same applies during any legal proceedings that may arise from a debt collection case. Information is used, among other things, to identify you as the rightful debtor and for ongoing contact with you. During the course of the case, your data will be registered, updated and used if and to the extent that it is relevant for the resolution of the case or for the debt relationship in general.
6.3 The legal basis for our processing of your personal data
We are not obliged to obtain your consent for the processing of your personal data for the purposes listed above.
Our processing of your personal data is based on the balancing of interests rule in Article 6(1)(f) of the General Data Protection Regulation. The legitimate interest justifying the processing will be our interest in being able to uniquely identify you as a debtor, for example in connection with (but not limited to) the recovery of a financial claim between you and our client or the safeguarding of our own interests in the event of any complaints or compensation proceedings.
We process your CPR number on the basis of section 11(2)(4) of the Danish Data Protection Act, cf. section 7(1), cf. Article 9(2)(f) of the General Data Protection Regulation, which allows us to process data that you have provided yourself or where the processing is necessary for the establishment, exercise or defense of a legal claim.
The processing of any health data relating to you is based on Article 9(2)(e) and (f) of the GDPR, which allows us to process sensitive data that you have provided yourself or where the processing is necessary for the establishment, exercise or defense of legal claims.
The basis for us processing any personal data relating to criminal convictions and offenses is Article 10 of the General Data Protection Regulation and Section 8(3) of the Danish Data Protection Act. The legitimate interest justifying the processing is our client's interest in obtaining payment of its claim.
Our processing of your personal data also takes place within the framework of, among other things, the Danish Data Protection Act, the Danish Debt Collection Act, the Danish Interest Act, the Danish Credit Agreement Act, the Danish Bookkeeping Act and the Danish Administration of Justice Act. Therefore, our processing of personal data about you may be based on Article 6(1)(c) of the General Data Protection Regulation, because the processing of personal data about you is necessary to comply with our legal obligations.
6.4 Where your personal data originates from:
First of all, we receive your personal data from our client to whom you are indebted.
Your personal data may also come from you in the course of the proceedings. This may be in writing, during telephone conversations or at hearings in civil or enforcement proceedings.
We will regularly collect information on your general master data such as name, address, telephone number and any property data from publicly available databases. In this way, we ensure that the information is up to date and correct.
We also obtain information about your financial situation from credit reference agencies.
In addition, we may collect your information in the following ways:
- via the CPR register
- via the CVR register
- via Statstidende, tinglysning.dk and similar registers
- via data verification agencies
- via social media and various publicly available databases/registers
- via browser cookies when using the website (read more about our cookie management policy at the following link: https://collectia.dk/infocenter/cookiepolitik/)
6.5 Beneficiaries or categories of beneficiaries:
In the course of the processing of the case, we may disclose your personal data to the following recipients:
- The counterparty (our client to whom you owe money)
- Courts and tribunals
- Our regular legal partners, including for any legal proceedings
- Lawyers or others who may appear on our behalf in civil, enforcement or bankruptcy court
- Carrier, locksmith or other craftsmen who may be engaged during the proceedings
- Translators or others whose services are required during the proceedings
- Your landlord, SKAT or anyone else who needs to be informed of any attachment
- Auctioneer to be responsible for the forced sale of any seized asset
- Public authorities
- Credit reference agencies
Internally at Collectia, only those of our employees who have a work-related need to see your personal data have access to it.
Transfers to recipients in third countries, including international organizations:
We will not transfer your personal data to recipients outside Denmark, unless you yourself move abroad or it is necessary for the performance of the task.
We only transfer personal data to countries outside the EU and EEA (European Economic Area) if we have a lawful, reasonable and legitimate basis for doing so and we can ensure an adequate level of protection.
6.6 Storage of your personal data
Your personal data will be stored as long as the case is active. After the case is closed, personal data covered by, among other things, the Danish Bookkeeping Act will not be deleted until after the current financial year plus 5 subsequent years, as they may have accounting relevance. Therefore, at this stage, we cannot say how long we will keep your personal data. Your personal data will be hidden in the system 18 months after the case is closed, so that only a few employees with a work-related need have access to it. The hiding is ongoing and does not necessarily take place on the 18-month anniversary. The final and permanent deletion of the personal data registered on the case will take place after the current financial year plus 5 subsequent years, starting from the closure of the case.
We safeguard data subjects' rights by, among other things, processing their personal data in an open and informed manner. This means informing you that we are processing your personal data and how, so that you have the opportunity to exercise your rights.
Under the General Data Protection Regulation, you have a number of rights in relation to our processing of your data.
- Right of access
You have the right to access the data we process about you. - Right of rectification
If inaccurate information has been registered about you, you can have this information corrected. - Right to erasure
In special cases, you have the right to have data concerning you erased earlier than our normal deletion deadlines. - Right to restriction
The General Data Protection Regulation gives you the right to restrict the processing of your data in certain cases. As we only process relevant and reasonable personal data, and in accordance with our legal basis in Article 6(1)(f) of the General Data Protection Regulation and other legislation on debt collection, our processing of data cannot, as a rule, be further restricted. - Right to object
The General Data Protection Regulation gives you the right to object to our processing of your data. We will then assess whether the objection itself is justified. - Right to data portability
The conditions for this are not met in relation to your data at Collectia A/S.
If you want to exercise your rights, you should contact us. You are welcome to call us, but we encourage you to write to us as this will better ensure that there are no misunderstandings between us. We endeavor to reply to all enquiries within 1 month of receipt. Please note that for security reasons, you will need to verify your identity before your request can be processed.
You can read more about your rights in the Danish Data Protection Agency's guide on data subjects' rights, available at www.datatilsynet.dk.
Where we take decisions that significantly affect the data subject, we ensure that such a decision is not excluded, made by automated processing or profiling.
If we have disclosed personal data to companies outside Collectia, we ensure that the companies are informed of any rectification, erasure or restriction measures taken.
Collectia has chosen to appoint an internal GDPR Group, which has been given responsibility for ensuring that Collectia is aware of and complies with the applicable data protection rules at all times. The GDPR Group also has the overall responsibility for ensuring that the necessary policies, procedures and guidelines are prepared, implemented, updated and communicated in Collectia.
Employees who have any doubts about the content of this privacy policy or the guidelines on how to process personal data, how to respect the rights of data subjects or similar, should contact the GDPR Group at any time.
Contact details of the GDPR Group:
E-mail: gdpr@collectia.dk
Telephone number: 77 30 14 00
Collectia is not obliged to appoint a data protection officer under the applicable rules. As we take our responsibility in relation to the processing of personal data very seriously, we have voluntarily chosen to appoint an external data protection officer who helps Collectia and the GDPR Group to comply with the applicable rules in this area.
Contact details of the Data Protection Officer:
Name: Sixtus Compliance ApS
E-mail: dpo@sixtus-compliance.dk
If the Data Inspectorate should conduct an inspection or contact Collectia, the GDPR Group, together with the top management level, ensures that the Data Inspectorate receives the requested information.
Furthermore, we ensure that we always comply with the deadlines that the Danish Data Protection Agency may set in connection with an inspection or an inquiry.
10.1 Where can you complain?
If you are not satisfied with the way we process your personal data, you are encouraged to contact us in the first instance so that we can find a solution together.
If, after talking to us, you are still not satisfied with our processing of your personal data, you have the right to lodge a complaint with the Danish Data Protection Agency. You can read more about how to complain to the Danish Data Protection Agency here: https://www.datatilsynet.dk/borger/klage/-saadan-klager-du
Contact details of the Data Protection Authority
Carl Jacobsens Vej 35
2500 Valby
Tel: 33 19 32 00
Secure e-mail: dt@datatilsynet.dk
www.datatilsynet.dk
We will review this policy at least once a year and, if necessary, make updates if there are changes to the matters set out in the policy.
The policy was last reviewed on July 31, 2023.