Privacy Statement

Privacy Statement

The Société  Anonyme under the name “Intrum Hellas S.A for the servicing of receivables from loans and credits”, that has its registered seat at 109-111 Mesogeion Ave, Athens, P.C. 11526, Greece VAT No.: 801215902 Tax Office: Athens Tax Office for Commercial Companies (FAEE), General Commercial Registry (GEMI) No: 151946501000, hereinafter referred to as “Intrum” which  has been legally established and has been licensed by the Bank of Greece  pursuant to the provisions of Law 4354/2015, as in force, as a dedicated activity company in its capacity as the Controller of Personal Data, in the context of the General Data Protection Regulation (EU) 2016/679 which entered into force on 25/05/2018, hereinafter referred to as the “GDPR”, as currently applicable and in the context of Law 4624/2019 “on the implementation measures of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 for the protection of natural persons with regard to the processing of personal data and the transposition into national law of the Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016’’ hereinafter referred to as “the Law” and under the applicable legislation from time to time, shall hereby provide the following update on the processing of your personal data and on your rights as the data subject. GDPR and the Law shall replace the existing legal framework on the protection of individuals from the processing of personal data. As of the aforementioned date, any reference in the provisions of Law 2472/1997 shall refer to the provisions of the “GDPR” and  of the new ''Law''.

This notice is addressed to individuals, who perform any transaction with Intrum, including but not limited to: negotiations relating to debts that are included in the receivables portfolios assigned to Intrum for servicing pursuant to the respective Servicing Agreements, settlement agreements, payment arrangements, restructuring plans, all relating to claims under the servicing of Intrum, transactions relating  to respective collateralized real estate properties, to the individuals' respective legal representatives, as well as to their special or universal successors, to representatives of legal persons and to any natural person who has business relations with Intrum.

Personal data processing is the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission, restriction or erasure of personal data which was or will be brought to the attention of  Intrum, either as part of your business relations with it or as part of any update which is received by Intrum  from any third party, a natural or legal person or public sector body, while exercising a legal right of their own or of Intrum’s.

In compliance with the current legislative framework, Intrum has taken all steps required, by implementing all appropriate technical and organizational measures for the lawful adherence, processing and safe retention of personal data files, and is committed to ensure and protect in every way the processing of your personal data against any loss or leakage, alteration, transfer or any other unlawful processing.

A. Which personal data we process and where we collect them from

Intrum processes your personal data, transferred to Intrum by virtue of the aforementioned Servicing Agreements, which you or your legal representatives have submitted  or will submit to Intrum, which are necessary for the commencement, continuation and execution of your business relations with Intrum, either existing or future ones, depending on the service provided and on the current applicable procedures and policies of Intrum. The personal data you provide Intrum with/submit to Intrum must be complete and accurate and shall be diligently and immediately updated by you, in case they were altered or whenever deemed necessary by Intrum in order to preserve your business relations or to fulfil any of its obligations pursuant to the law and to the respective applicable regulatory provisions.

Intrum shall also process your personal data which were received or brought to its attention by any third party, a natural or legal person or public sector body, and which are necessary either to achieve Intrum’s or any third party’s legitimate interests, or to perform Intrum’s tasks which are carried out in the public interest (e.g., Tiresias S.A. interbanking system, tax and insurance bodies).

Aiming at protecting commercial credit and transactions, assessing your credit rating and any assumed credit risks and limiting fraud, Intrum has access to your data which may be included in the files kept by the societe anonyme under the company name BANK INFORMATION SYSTEMS S.A., and the distinctive title TIRESIAS S.A. Tiresias S.A. keeps the following records: a) Default Financial Obligation System (DFO) & Mortgages and Prenotations to Mortgages System (MPS); b) Credit Consolidation System (CCS); c) Lost or stolen Identity Card and Passport System (IPS); d) Credit Rating System. Access to these files is possible without your prior consent, if deemed necessary for the establishment or continuation of your business relations with Intrum (e.g. assessment of any settlement/restructuring request, credit limit review). Detailed information regarding the aforementioned files, the data they contain, their origin, their time of retention by Tiresias S.A. per file or as a whole, as well as the exercise of your rights against Tiresias S.A. pursuant to the GDPR shall be provided directly by Tiresias S.A. (Data Controller), with registered head office in Maroussi, 2 Alamanas Str., 15125 (tel. +30 210-36.76.700) or at http://www.tiresias.gr.

Intrum may also process your data which has collected from other third parties, such as publicly accessible sources (e.g., Land Registries/National Cadastre, Commercial Registries, Internet), provided that said data are necessary for the purposes of the processing.

In order to establish and continue your business relationship with Intrum, Intrum shall collect and process at least the following personal data: full name, father’s name, details of identity card/passport or any other official identification document, permanent residence, home address, correspondence address, business details and business address, financial data (e.g. income tax assessment), tax residence, tax identification number, telephone number (fixed and/or mobile). Where appropriate, you may be requested to submit additional details (e.g., professional card or student identity card), provided that these data are considered as prerequisite for the commencement or continuation of a specific business relationship.

Depending on the service provided by Intrum as part of the evaluation of your financial capacity with the purpose of settling/restructuring your debts, Intrum may collect and process additional data, including but not limited to the following: financial details (e.g., tax returns, income tax assessments, Unified Property Ownership Tax-ENFIA, sole proprietorship financial details) or other income sources, property asset valuation, data of the financed or mortgaged property, insurance policies (e.g., coverage against Fire/Earthquakes).

The collection and processing of your aforementioned personal data by Intrum is necessary for the establishment, maintenance and continuation of any business relationship between us. If you object to the provision or processing of your personal data, it may be impossible to establish or continue your relationship with Intrum and  therefore your debt as well as any associated collaterals are at risk.

Β.  Processing of special categories of personal data

Intrum shall not process any personal data of yours which are related to your racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic or biometric data, which confirm your identification as the data subject, as well as data concerning your health or sex life or sexual orientation, unless: a) you have given your explicit consent for a specific purpose, b) these data have been provided to Intrum by you or any third party, either natural or legal person, as part of the documentation and safeguard of your and/or of Intrum’s legitimate interests, in its capacity as the data controller (e.g., information on subjects who have been placed under judicial guardianship), c) the data have been manifestly made public by you, d) processing is necessary for the establishment, exercise or defence of both your legal claims and of Intrum’s, in its capacity as the data controller (e.g., incapacity to perform legal acts), e) processing is necessary for reasons of substantial public interest (investigation of any persecuted act under the laws on the prevention and control of money laundering and terrorist financing). In any case, Intrum has taken all necessary technical and organizational measures to securely keep and process your personal data belonging to the special categories above.

C. Children-related data

The personal data of minors shall be processed subject to the prior consent of their parents or of the persons who have undertaken their parental responsibility, unless otherwise specified by law. For the purposes hereof, minors are persons who have not attained the age of 18 years.

D. Lawfulness of processing

Intrum shall legally process personal data, provided that processing:

Is necessary for servicing, supporting and monitoring your business transactions with  Intrum and for the proper execution of any agreements between you and Intrum.

Is necessary in order for Intrum to comply with any legal obligations or for the purposes of the legitimate interests pursued by Intrum, which arise from your business transactions with Intrum, or other Intrum's  legal rights.

Is necessary for the performance of a task carried out in the public interest, in the context of the current legislative and regulatory framework.

Is based on your prior explicit consent, if processing is not based on any of the aforementioned legal processing bases.

Ε. Withdrawal of consent

You have the right to withdraw your consent, whenever required, at any time without such withdrawal affecting the lawfulness of processing based on consent prior to its withdrawal. 

F. Purposes of processing

The processing of your personal data is related to:

Debts servicing under the Service Agreement, supporting and monitoring your business transactions with Intrum, the proper execution of any agreements between you and Intrum and any other transaction within the  statutory scope, the performance of  Intrum’s obligations, in its capacity as data controller or data processor, and the exercise of its legal and contractual rights.

The service and your facilitation, by providing you with the ability to communicate with an authorized representative, by means of live image broadcast (video conference in the context of your business transactions with Intrum, subject to your explicit consent.

The conduct of any audits, as provided for by the current legislative and regulatory framework, the protection of commercial credit and financial transactions, transmission of your data related to your financial behaviour, the assessment of your solvency and search for financial behaviour data (e.g., from the interbanking records of Tiresias S.A.).

The registration, recording and archiving of all types of your communication with  Intrum which have been made in writing, by electronic means or by telephone, in order to conclude transactions and for the protection of transactions.

The upgrading and promotion of Intrum’s services and of its affiliated companies, subject to your prior consent.

The execution of any requests towards Intrum or the investigation of your complaints regarding any products and services offered by Intrum.

The compliance with Intrum’s legal obligations according to the current legislative and regulatory framework (e.g., legislation on the prevention and control of money laundering and against terrorism, tax and social security provisions).

The protection of Intrum’s legitimate interests in relation, among others, to the following: a) any Intrum’s legal claims, which are raised before the competent judicial or extrajudicial/alternative dispute resolution bodies; b) the prevention of fraud and other criminal acts; c) the assessment and optimization of security procedures and IT systems; d) the management of Intrum’s operational and credit risks; e) physical security and the protection of persons and property (e.g., video surveillance).

G. Automated decision making and profiling

Intrum shall not make any decisions exclusively based on automated personal data processing procedures which produces legal effects concerning or similarly significantly affect data subjects. However, it may legally make such decisions, including profiling, for monitoring purposes and for the prevention of fraud and tax evasion at your expense or at Intrum's expense or any third party’s (e.g., malware protection), as well as for the provision of ensured and reliable services by Intrum or if the processing is necessary for the conclusion or execution of an agreement (e.g., credit scoring, which shall be based on personal data received directly by you or after a search in the financial behaviour database of Tiresias S.A., and which uses as criteria the subject’s income, financial obligations, profession, and the compliance with its contractual obligations as part of the subject’s previous financing, which the subject has received from any financial institution, in order to assess your credit rating with Intrum’s  statutory scope).

H. Processing of personal data and profiling for direct marketing purposes

After Intrum has first obtained your consent, it may process your personal data in order to inform you on services provided, which might interest you. For this purpose, Intrum processes information regarding services you use and/or any standard transactions you perform, in order to present you products, services or offers which shall better serve your needs.

In any case, you are entitled to object to the processing of your personal data for the above purposes of direct marketing of Intrum’s services, including any profiling.

I. Data retention period

Intrum shall retain your personal data for as long as it is provided for in each case, pursuant to the current applicable legal and regulatory framework, and in any case for a period of twenty (20) years after the last calendar day of the year when your respective business relationship with Intrum ended, following the general limitation period to exercise legal actions, pursuant to the Civil Code. In case any request on your cooperation with Intrum is not accepted and the conclusion of the agreement is not completed, the data will be retained for a period of five (5) years. In case of litigation, any personal data related to you shall be retained by all means until the end of the litigation, even if the above period of twenty (20) years has lapsed. Finally, any recorded telephone communication for the purposes of informing the debtors about their overdue debts (article 8 para. 2 Law 3758/2009, as in force), shall be stored for one (1) year.

J. Who are the recipients of personal data

Access to your personal data shall be awarded to Intrum’s business and operational units’ employees, within the range of their responsibilities, as well as to the Group companies as part of the proper performance and execution of their contractual, legal and regulatory obligations, and to the respective statutory auditors of Intrum.

Intrum shall not transmit or disclose your personal data to third parties, except in case of:

Undertakings (domestic and foreign), to which Intrum has partly or wholly assigned the processing of your personal data on its behalf, and which have assumed a confidentiality obligation towards Intrum either (a) as part of the contractual relations between them, determining the subject, purpose, and duration of processing, the nature of personal data processed and the rights of Intrum, or b) as part of their regulatory obligations to respect the principle of confidentiality, such as:

• i. Debtor notification companies according to Law 3758/2009, as currently in force, which have been registered in the relevant registry, in order to further inform you, as Debtor and/or Guarantor, and to negotiate the time, method and other terms for the repayment of your overdue debt. The details of any company cooperating with the Intrum shall be available on Intrum’s website (www.intrum.gr), in the section Regulatory Framework).
• ii. Payment service and payment acquiring/processing/settlement companies/organizations/schemes (e.g. DIAS system, VISA, Mastercard).
• iii. Credit Institutions, Payment Institutions.
• iv. Loans and Credits Servicing Companies, according to the provisions of Law 4354/2015, as currently in force.
• v. Transfer of data which is imperative for the establishment of a business relationship or the execution of an agreement, or for your debts collection  in case of failure to comply with any obligations you assumed by means of an agreement (e.g. transfer to cooperating lawyers, law firms and court bailiffs, notaries, engineers and evaluators, auditors, accountants and insurance companies).
• vi. Companies engaged in the digitization and management (storage, destruction) of physical files.
• vii. Companies issuing and dispatching statements.
• viii. Companies engaged in the submission of property rights statements relating to property  that was provided or  that  will be provided as collateral to secure liabilities arising from claims under servicing in regions which have been or shall be included in the National Cadastre.
• ix. Companies cooperating with Intrum for the participation in loyalty programs or for the promotion of Intrum’s services.
• x. Supporting, processing and cloud storage Systems and website design, creation and  support companies.

Intrum has lawfully ensured that any processors acting on its behalf shall meet all requirements and provide sufficient assurance regarding the implementation of the appropriate technical and organizational measures, so that the processing of your personal data occurs in a way that the protection of your data is ensured.

• Undertakings/companies affiliated to Intrum, within the meaning of Article 32 and Annex A of Law 4308/2014.
• Tiresias S.A. for the protection of credit, the consolidation of transactions and the restriction of fraud, as well as the estimation of the Customer’s creditworthiness regarding claims under service.
• Any transfer or disclosure, as required by the current statutory, legal and regulatory framework in general or by a court judgement (transfer to judicial authorities, tax authorities, supervisory bodies, intermediaries) in compliance with the provisions on banking secrecy.
• Receivables acquisition companies according to Law 4354/2015, as currently in force and special purpose vehicles for receivables securitization purposes, and corporations of the financial sector in case of assignment of claims under service.
• Judicial and Public authorities within the exercise of their duties.
• The Bank of Greece, any other national central Banks of the Eurosystem and the European Central Bank or any other supervisory or audit bodies within their legal duties.

Intrum shall not directly transfer your personal data to third countries or international organizations, unless said transfer is required pursuant to the current regulatory or legislative framework. By way of illustration and through the respective national authorities, Intrum may transmit your personal data within the scope of the legislation on the Common Reference Model which was developed by the Organization for Economic Cooperation and Development (OECD), or pursuant to the act on tax compliance of foreign accounts by US citizens or US residents holding foreign accounts (FATCA – Foreign Account Tax Compliance Act).

K. Data subject rights

As personal data subject, you have the following rights:

• i. Right of access to the personal data concerning yourself, provided that they are being processed by Intrum, in its capacity as the data controller, to the purposes of said processing, to the categories of data and to the recipients or categories of recipients (Article 15 GDPR).
• ii. Right to rectify inaccurate data and complete any incomplete data (Article 16 GDPR).
• iii. Right to erase your personal data subject to the Intrum's obligations and legal rights to retain them, pursuant to the current applicable laws and regulations (Article 17 GDPR).
• iv. Right to restrict the processing of your personal data if either the accuracy of said data is contested or the processing is unlawful or the purpose of the processing was eliminated, and provided that there is no legitimate reason to retain them (Article 18 GDPR).
• v. Right to the portability of your personal data to another controller, provided that the processing is based on your consent and is carried out by automated means. This right shall be exercised subject to Intrum’s legal rights and obligations to retain the data and to perform a task which is carried out in the public interest (Article 20 GDPR).
• vi. Right to object on grounds relating to your particular situation, in case your personal data is processed to perform a task carried out for reasons of public interest or in the exercise of official authority vested in  Intrum or for the purpose of legitimate interests which are pursued by Intrum or any third party.

L. How to exercise your rights and submit complaints

All requests regarding your personal data and the exercise of your rights shall be dispatched in writing to: Intrum Hellas. The full details of the Data Protection Officer (DPO) are posted on Intrum’s website, in section Contact. A special form for the exercise of the right of access shall be available at all Intrum offices.

Any refusal of  Intrum or any unjustified delay in responding to your requests following the exercise of your rights, shall give you the right to recourse to the Hellenic Data Protection Authority as the competent supervisory authority for the application of the GDPR.

In any case, you reserve the right to submit a complaint to the competent supervisory authority, if you consider that your personal data processing infringes the current applicable legislation. For more information please visit www.dpa.gr.

Please be advised that  Intrum uses “cookies” on its website in order to improve your online experience. For more details on cookies, you may be informed by the Cookie Policy.

Based on the respective applicable policy on data protection and in the context of the current legislative and regulatory framework, Intrum may review or amend this notice, which shall always be up to date and available, in the Privacy Policy section.

Note:

This is a translation of the original Greek text. This translation is provided for information purposes only. The original Greek text shall prevail in case of any discrepancy between the Greek Text and the translation in English.