Who are we and what do we do?
We are Hoist Finance AB (publ). We purchased a debt you owe and are the new claim holder.
We are part of the Hoist Finance AB (publ) group of companies.
What information do we hold, why do we process it, & how long do we keep it for?
We use your information only for the purposes of debt collection and associated processes. We have outsourced our activities to third parties, who pursue the claim on our behalf.
In order to pursue the above purposes and to act appropriately and fairly, we process the following types of information, always under strict controls, such as encryption, internal access rights, and audits to keep your information safe.
|Type of information||Reason for processing||Legal basis for processing||How long we keep your information for|
|Contact and account information, such as your name, address, and details of previous communication with us, for example emails, and letters.||To be able to contact you, keep records of any previous conversations or correspondence, and in general keep a full and up to date picture of your circumstances and your dealings with us. This is necessary to handle your case fairly and in your best interests.||The legal basis for processing this information is the original credit agreement.
Once your claim has been satisfied, we will hold your data to satisfy relevant regulations such as, Anti Money Laundering, Dispute Resolution Rules etc.
|7 years from when the account is closed, at which point it will be deleted.|
|Payment information, such as your bank account number, to process your payments.||To be able to process payments and payment requests.||7 years from when the account is closed, at which point it will be deleted.|
|Litigation information, such as court information and the specific outcomes and costs.||As part of our collection strategy, we may decide to take litigation action against you. You will be notified prior to any action being taken, but in the event we need to, we will hold up to date and relevant information on all actions and outcomes in order to be able to act in the fairest way possible.||7 years from when the account is closed, at which point it will be deleted.|
|Sensitive Information, such as regarding your personal financial situation. Information regarding your health or any other sensitive factor that may have an impact on your dealings with us, is only kept with your express consent.||We are required to understand the financial circumstances of our customers so we can provide the most appropriate and fair outcomes, especially in cases of vulnerability. Therefore, in the act of debt collection, the processing of sensitive information can be crucial to ensure customers are treated fairly and appropriately.||The legal basis for processing this information is the original credit agreement.
When you have given your consent to process certain information, you have the right to withdraw this consent at any time.
|7 years from when the account is closed, at which point it will be deleted, except when consent is removed for certain sensitive information.|
Where do we get the information from?
We initially receive the information from the previous owner of the claim as part of its sale and transfer to us.
However, we also get information directly from you, such as when you talk to one of our agents or send us a letter, email or text providing us with your new address, payment details, or any other information. Finally, we may also obtain information from third parties in order to increase the accuracy of the information we hold and/or to gain a better understanding of your circumstances. These third parties are credit reference agencies, public government records, and other organisations which provide services to improve the quality of the data we hold about you.
Disclosure of your information
We do not disclose your information except in the following limited circumstances:
We may share your personal information within the Hoist Finance group of companies, to which we belong. For example, our IT infrastructure is managed at group level. This helps to keep our systems operational and secure allowing us to provide the best services to you that we can. Any sharing is subject to security and privacy requirements.
We may also share your personal data with carefully vetted organisations, who must comply with our strict security and privacy requirements and follow our guidelines, for the following purposes:
- To assist us in managing your account and/or maintaining accuracy of the information we hold about you. An example of this would be credit reference agency reporting.
- To provide us with specialised services to run our business. An example would be the printing company that sends out our physical letters to you, or where we use a third party to collect or manage a debt on our behalf.
Finally, we may also disclose your personal information to third parties:
- In the event we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
Your information will generally be kept within the EU/EEA or to countries deemed by the European Commission to have an adequate level of protection. Your data may data leave the EU/EEA to countries that have not received an adequacy decision by the European Commission. This is in particular where we need 24/7 technical support to maintain our IT infrastructure and IT services. Our IT outsourcing partner for these purposes will be processing some of your data in India where their headquarters lies.
In all cases, however, we have technical, organisational, and contractual protections in place to keep the information safe and to ensure an adequate level of protection. Contractually, transfers outside the EU/EEA to countries without an adequacy decision by the European Commission will be based on standard data protection clauses adopted by the European Commission, a copy of which may be obtained by contacting us. For transfers to the USA and other third country transfers we rely solely on standard contractual clauses, SCC’s.
Your statutory data protection rights
Right to access: You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please contact us. We will respond to your request within one month.
Right to rectification: We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. We may ask that you provide reasonable proof to verify your request.
Right to restrict processing: If you believe the personal information we hold is inaccurate, unlawful, or that we do not have a legitimate interest to process it, you can request that we restrict any processing until this is rectified.
Right to object to processing: Where your particular situation merits that we no longer process your information for the performance of a task carried out in the public interest or based on our legitimate interest, you have the right to object to the processing.
Right to data portability: This right allows you to obtain in a structured, commonly used format, and to reuse the information you have provided to us for your own purpose and have it transmitted directly to different services. This applies only to information we use based on your consent or on a contractual basis.
Rights related to automated decision making and profiling: You have the right to safeguards against the risk of potentially damaging decisions being taken without human intervention. This right applies where a decision is based solely on automated processing and produces a legal effect or similar significant effect. If this is the case we must ensure you are able to obtain human intervention, to express your point of view, and to have the opportunity to challenge it. We will also explain the logic behind the decision.
Profiling is defined as any form of automated processing intended to evaluate certain personal aspects of an individual in order to analyse or predict aspects of their personal circumstances, behaviours or abilities. Processing must be fair and transparent, use appropriate mathematical or statistical procedures, use appropriate controls to minimise inaccuracies and secure personal data.
We do not use any automated individual decision making.
Right to erasure (“right to be forgotten”): You may ask us to delete the information we hold on you where it is no longer necessary for the purpose for which it was collected; where you withdraw any consent you provided for its processing; where you object to our processing of it (see above); or where our processing is unlawful. Please note, however, that we are also subject to certain legal obligations that prevent us from immediately deleting all of your information. However, any data we are prohibited from deleting will be blocked and, when we are no longer obliged to keep it, erased.
Right to lodge a complaint: You have the right to lodge a complaint with the Dutch data protection supervisory authority, the Autoriteit Persoonsgegevens, https://www.autoriteitpersoonsgegevens.nl/.
How to contact us
Hoist Finance AB (publ), Dutch branch
Amstelveenseweg 760, 1081 JK Amsterdam, the Netherlands