Why have we access to and process your data?
The processing of your company’s personal data is necessary for us to enter into and/or to fulfill the agreement we have with your company. We may also process personal data about visitors to our website(s) or physical locations, depending on how you choose to interact with us.
We will only process your personal data if we have legal grounds to do so. This means that the processing must be necessary for the performance of a contract to which you or the company you represent is party to, or is necessary to comply with your requests prior to entering into a contract with your company.
We have a legitimate interest to process your data in order to form and manage client and business relationships, for marketing purposes, client surveys, and to ensure the safety of Intrum employees and assets. In accordance with our legitimate interests, we may also use your data to provide you with information about our services, performance updates, events and training which is likely to be of interest to you or to execute necessary or desired tasks expected by the business relationship you represent.
We have a legal obligation to provide your personal data when we are audited by the authorities and to prevent, monitor and evidence fraud, anti-money laundering and other criminal activities in order to comply with statutory legislation.
Your data will be held securely in compliance with data protection law.
What personal data are you processing about me and why?
We hold only the necessary information for the management of the contractual or business relationship. To be able to communicate with you we need your name, job title and contact details such as address, land line telephone number, mobile number and email address.
To be able to comply with our legal obligations related to e.g. anti-money laundering we may in certain circumstances require a copy of your passport or similar identification and related information.
For our employees’ security and to keep your personal data safeguarded we also use closed-circuit television surveillance cameras in several locations within our place of business. Unless we have legal obligations to keep the records we will delete them after a short period of time.
Depending on the nature of the assignment and the relevant country, we may ask a screening expert to determine whether there are any circumstances which would disqualify you or the company you represent from that assignment.
Unless otherwise agreed with you or is necessary for the establishment, exercise or defense of legal claims, we will not include special categories of personal information (often known as ‘sensitive personal data’ such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, biometric data and the processing of data concerning health or sex life).
Will you share my personal data with others?
We may share your personal data with our suppliers that facilitate and/or provide parts of our services, e.g. print and mail services, legal representatives. We may also share your personal data with our clients if you are representing a vendor which is part of the services we provide to them and regulatory / governmental authorities.
Our employees will have access to the personal data. In such a case, access will be granted only if necessary for the purposes described and only if the employee is bound by an obligation of confidentiality.
Will my personal data be transferred to another country?
As we are part of the Intrum group, we may transfer your data to another country outside of the European Economic Area (EEA). If we do so, we will ensure there are suitable safeguards in place to comply with EU General Data Protection Regulation (GDPR). Generally, your personal data will not be transferred outside of the European Economic Area (EEA). However, in cases of international debt collection, your personal data may be transferred to one of our representatives working in the relevant country. We also use third-party service providers to store or who may access your data, which may be located outside of the EEA, including, but not limited to the United States. We will never transfer your personal data outside of the EEA without ensuring the safety and protection of your personal data. Therefore, we make sure that any recipients have signed the EU Standard Model Clauses, to justify the transfer, or that the country can guarantee adequate protection under data protection law. We may disclose information outside of these groups to help prevent fraud, or if required to do so by law.
How long do you store my personal data?
We will retain your data as long as required for the lawful purpose for which it was obtained, as long as we have legitimate interest to keep it e.g. until termination of our agreement and to be able to defend ourselves against legal claims. We are also legally obliged to keep your personal data for a period of time to prevent and detect fraud, detect and evidence anti-money laundering and for financial audits.
As far as our backups are concerned, we will also delete your data in our backups, but only when the backup tape comes up for destruction, according to our backup policy. When the backup comes up for deletion as per our back up policy, we will fully delete your data.
Will I be subject to automated decision-making?
We will not use your personal data for automated decision-making and/or profiling.
What rights do I have?
It is important you understand that it is your personal data that we process and that we want you to be comfortable with us doing so.
Right to access
You may request information on how we process your personal data, including information on:
All the above information is available in this Privacy Policy.
You may also request a copy of the personal data we process about you. However, additional copies will be combined with a fee.
Right to correction
It is important that we have the right information about you and we encourage you to let us know if any of your personal data is incorrect, e.g. if you or the company you represent have changed name or moved address.
Right to be forgotten
If we process your personal data in an unlawful way, you may ask us to delete this information. Given the context of our agreement, it is however unlikely that we will delete your data.
Right to restriction
From the time you have requested we correct your personal data or if you have objected to the processing and until we have been able to investigate the issue or confirm the accuracy of your personal data (or changed it in accordance with your instructions), you are entitled to the restriction of processing. This means that we (except for storing the personal data) may process your personal data only in accordance with your consent, if necessary with reference to legal claims, to protect someone else's rights or if there is an important public interest in the processing.
You may also request that we restrict the processing of your personal data if the processing is unlawful but you do not want us to delete the personal data.
Given the context of our agreement, it is however unlikely that we will be able to comply with this right.
Right to objection
If you believe that we do not have the right to process your personal data, you may object to our processing. In such cases, we may continue processing only if we can show compelling justifying reasons that out-weigh your interests, rights and freedoms. However, we may always process your personal data if it is required for the determination, exercise or defense of legal claims. (Note that this only provides you with the right to raise your objections, not a blanket right to have any and all processing ceased). Given the context of our agreement, it is however unlikely that we will be able to comply with this right.
Withdrawal of consent
Intrum does not base its processing upon consent. However, given that some processing activities may be based on consent, you are in your right to withdraw it and we will (where our legitimate interest does not override this right) consequently stop the processing.
We will also notify others we may have shared your personal data with of your request(s).
How to complain about the use of your data or exercise my rights?
If you wish to raise a complaint about how we handle your personal data, including in relation to any of the rights outlined above, you can contact our
Data protection officer: GDPO@intrum.com
If you are not satisfied with our response, or believe we are processing your data unfairly or unlawfully, you can complain to the Data Inspectorate. You can find further information about the Data Inspectorate and their complaints procedure here: Swedish Authority for Privacy Protection | IMY
