Privacy

We are pleased to wel­come you to the IHD Gesell­schaft für Kred­it- und For­der­ungs­man­age­ment mbH web­site. As your leg­al ser­vice pro­vider and as part of our cred­it ref­er­ence agency, we give great im­port­ance to data pri­vacy and data se­cur­ity. We have there­fore paid spe­cial at­ten­tion to the pro­tec­tion of per­son­al data of all kinds. We would like to take this op­por­tun­ity to ex­plain a few ba­sic terms of the GDPR in force since 25.05.2018 and to in­form you in de­tail about the type, scope and pur­poses of the col­lec­tion and use of per­son­al data by IHD.



Data privacy glossary according to the GDPR

1. Personal data

Ac­cord­ing to the leg­al defin­i­tion of Art 4 No. 1 GDPR, per­son­al data in­cludes all in­form­a­tion re­lat­ing to an iden­ti­fied or iden­ti­fi­able nat­ur­al per­son (here­in­after re­ferred to as “con­cerned person”).

Ac­cord­ingly, leg­al per­sons and ma­jor­it­ies of per­sons are not in­cluded in the scope of pro­tec­tion of the GDPR. How­ever, if in­form­a­tion also refers to their in­sti­tu­tions, it is again per­son­al data.

2. Concerned person

This refers to the iden­ti­fied or iden­ti­fi­able per­son whose per­son­al data is pro­cessed by per­sons re­spons­ible or data pro­cessing companies.

3. Processing

In con­trast to the defin­i­tion of the in­di­vidu­al pro­cessing steps laid down in the pre­vi­ous BDSG [Fed­er­al Data Pro­tec­tion Act], the pro­cessing is to be broadly defined in ac­cord­ance with Art 4 No. 2 GDPR and com­prises every pro­cess or series of pro­cesses in con­nec­tion with per­son­al data, such as the re­cord­ing, col­lec­tion, ad­apt­a­tion, use, trans­fer without priv­ileges for or­der data pro­cessing and also every form of pro­vi­sion, car­ried out auto­mat­ic­ally or without auto­mat­ic assistance.

4. Profiling

In ac­cord­ance with Art. 4 No. 4 GDPR, pro­fil­ing in­volves as­sess­ment of per­son­al as­pects of the con­cerned per­son us­ing per­son­al data. Ac­cord­ing to the stand­ard, these as­sessed as­pects in­clude the eco­nom­ic situ­ation, the present and the past, in­clud­ing forecasts.

5. Responsible person

Re­spons­ible per­son in ac­cord­ance with Art 4 No. 7 GDPR is any body, which de­cides alone or to­geth­er with oth­ers on the pur­poses and means of pro­cessing per­son­al data. It is pre­cisely the de­cision-mak­ing power over the pur­pose, i.e. “why” the pro­cessing, which is a de­cis­ive cri­terion for re­spons­ib­il­ity in ad­di­tion to the choice of means.

6. Data processing company

This refers to any body that pro­cesses per­son­al data on be­half of the com­pany in such a way that the pro­cessing is de­term­ined by the dir­ect­ives of the per­son responsible.

7. Recipient

Any body, with the ex­cep­tion of au­thor­it­ies with a spe­cif­ic in­vest­ig­a­tion man­date, to which per­son­al data may be made avail­able as the ad­dress­ee of the data, ir­re­spect­ive of wheth­er it is a third party.

8. Third party

The third party is neither the con­cerned per­son, nor the per­son re­spons­ible, nor the data pro­cessing com­pany, but any­one com­pletely out­side the po­s­i­tion of the per­son re­spons­ible. If per­son­al data is dis­closed to the third party on the basis of ex­ist­ing third-party in­terests, it be­comes the per­son responsible.

9. Consent

The con­sent leg­ally defined in Art 4 No. 11 GDPR refers to any in­formed and un­am­bigu­ous vol­un­tary de­clar­a­tion of con­sent to the pro­cessing of the per­son­al data concerned.

Privacy policy

Scope of validity

This pri­vacy policy in­forms users about the type, scope and pur­poses of the col­lec­tion and use of per­son­al data by IHD Gesell­schaft für Kred­it- und For­der­ungs­man­age­ment mbH, Au­gustinusstr. 11B, 50226 Frechen, service@ihd.de, Tel. 02234 96317–0 on the IHD web­site (www.ihd.de/…). IHD is re­spons­ible for the pro­cessing of the data with­in the mean­ing of the GDPR.

The leg­al bases of data pro­tec­tion are the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (EU GDPR), the as­so­ci­ated re­cit­als and the BDSG (new) 2017 as well as the Ger­man Teleser­vices Act (TMG).

Contact details of the data protection officer

You can con­tact our com­pany data pro­tec­tion of­ficer by post at the above-men­tioned com­pany ad­dress for the at­ten­tion of the de­part­ment Data Pri­vacy, via mail at: datenschutz@ihd.de and by tele­phone at 02234/963170.

Our Data Pri­vacy de­part­ment is avail­able for all ques­tions con­cern­ing data pri­vacy, but please un­der­stand that for reas­ons of data pro­tec­tion law it is pos­sible to re­spond to spe­cif­ic in­di­vidu­al re­quests only if they have been made in writ­ing, by post or e‑mail.

General collection and processing of personal data

We col­lect only the per­son­al data that is ab­so­lutely necessary.

You do not need to provide any per­son­al data to use the of­fers on our web­site. If you use our con­tact form, the in­put of per­son­al data is ne­ces­sary; oth­er­wise the de­sired of­fer can­not be used. If you enter per­son­al data on our web pages, this data is provided by users on an ex­pressly vol­un­tary basis. The per­son­al data provided vol­un­tar­ily (sub­ject, name, ad­dress, e‑mail ad­dress, etc.) shall only be stored, pro­cessed and used for the pur­pose for which the user has provided it or if the user has agreed to an­oth­er use. Data trans­mis­sion is en­cryp­ted us­ing the HTTPS protocol.

We do not pass on any per­son­al data col­lec­ted on our web­site to third parties. Un­less this is the ex­press re­quest of the user.

Access data/ server log files

For troubleshoot­ing and an­onym­ous eval­u­ations of the use of our web­site, we col­lect data about each ac­cess to the of­fer (so-called serv­er log files). The fol­low­ing in­form­a­tion is stored:

  • Name of the ac­cessed web­site or file
  • Date and time of access
  • The volume of data transferred
  • An in­dic­at­or as to wheth­er the re­quest was successful
  • Browser type in ad­di­tion to the ver­sion and the user’s op­er­at­ing system
  • Re­fer­rer URL (this is the page that was vis­ited before)
  • IP ad­dress in an­onymised, ab­bre­vi­ated form

The IP ad­dress is not com­pletely stored; thus, the re­quest­ing per­son can­not be identified.

Use and processing of personal data

COOKIES

Cook­ies are small text files that are stored in the browser and which make it pos­sible, for ex­ample, to re­cog­nize re­cur­ring users on a website.

Our web pages (www.ihd.de/…) do not use any cook­ies. When em­bed­ded third-party con­tent is dis­played, cook­ies may be writ­ten when you ac­cess the ser­vices of these third parties (see third party content).

The writ­ing of cook­ies can be pre­ven­ted by ap­pro­pri­ate set­ting of your browser soft­ware, which can only im­pair the func­tion of the bet­ting game and the auto­mat­ic filling in of your ac­cess data in the mem­ber lo­gin on our pages.

A cook­ie is writ­ten in the mem­ber lo­gin (zserv.ihd.de) in or­der to be able to pre-enter the mem­ber num­ber, the user name and the lan­guage se­lec­tion in the re­gis­tra­tion form dur­ing a new visit.

THIRD PARTY CONTENT

If third party con­tent is dis­played on our web­site, data may be for­war­ded to the re­spect­ive op­er­at­or if this con­tent is used. This in­cludes You­Tube videos that are dis­played with­in IHD web­site, and even IHD bet­ting game.

Third party ser­vice pro­viders can have dif­fer­ent, own reg­u­la­tions in the con­text of the pro­cessing of per­son­al data; there­fore, we ad­vise you to read the in­form­a­tion in this re­gard on the in­dic­ated web pages of the re­spect­ive third parties in detail.

Youtube

You­tube videos are dis­played by us in “ex­ten­ded data pro­tec­tion mode”. Cook­ies are not stored in this way when the web­site with the em­bed­ded video is dis­played. If you click on the video play­er, you use the of­fer of You­Tube. In this case, You­tube trig­gers fur­ther data pro­cessing op­er­a­tions (writ­ing cook­ies), over which we as the site op­er­at­or have no control.

Op­er­at­ing com­pany of You­Tube is You­Tube, LLC, 901 Cherry Ave.,San Bruno, CA 94066, USA. You­Tube, LLC is an af­fil­i­ated com­pany of Google Inc., 1600 Am­phi­theatre Pkwy, Moun­tain View, CA 94043–1351, USA.

Fur­ther in­form­a­tion on You­Tube is avail­able un­der httpss://www.youtube.com/yt/about/de/.

Technical queries

If you have any tech­nic­al quer­ies or com­ments about our web­site, please con­tact our web­mas­ter webmaster@ihd.de.

Collection and processing of personal data by member companies of IHD

The mem­ber com­pan­ies of IHD Kred­its­chutzver­ein have the op­tion of us­ing these web pages in an area pro­tec­ted by a lo­gin for the pur­poses of us­ing the ser­vices offered by IHD Gesell­schaft für Kred­it und For­der­ungs­man­age­ment mbH, debt col­lec­tion and re­ceiv­ables management.

  1. In this pro­tec­ted area, our mem­ber com­pan­ies have the op­tion to provide us with debt­or data (name, ad­dress, con­tract data, claim data and pay­ment in­form­a­tion) in or­der to en­able our debt col­lec­tion de­part­ment to pro­cess their leg­al claims. See be­low
  2. Our mem­ber com­pan­ies also have the op­tion of trans­mit­ting per­son­al data of their cus­tom­ers (name, ad­dress, e‑mail con­tact, cred­it­wor­thi­ness re­ports based on defined cred­it­wor­thi­ness keys) for the pur­pose of check­ing de­liv­er­ab­il­ity, re­quest­ing trad­ing in­form­a­tion and for the pur­pose of cred­it­wor­thi­ness checks, also in the form of debt­or mon­it­or­ing. See be­low
  3. This sec­tion of our web pages also provides mem­ber com­pan­ies with the op­tion to pur­chase products from oth­er cred­it ref­er­ence agen­cies. A dis­tinc­tion must be made here between the op­tion of se­lect­ing private in­form­a­tion (CRIF Bürgel GmbH, in­foscore Con­sumer Data GmbH) and purely busi­ness in­form­a­tion (CRIF Bürgel GmbH, Bis­node Deutsch­land GmbH, SCHUFA Hold­ing AG).

For de­tailed in­form­a­tion on the pro­vi­sions ap­plic­able to the pro­cessing of per­son­al data, please refer to the company’s own linked websites:

PROVISIONS OF OUR CONTRACTUAL PARTNERS

Information in accordance with Art 14 GDPR of IHD Gesellschaft für Kredit- und Forderungsmanagement mbH (IHD) for the business unit Business Information

Name and contact details of the responsible body and the company data protection officer

IHD Gesell­schaft für Kred­it- und For­der­ungs­man­age­ment mbH, Au­gustinusstr. 11 B, 50226 Frechen, Tel.: 02234/96420

The com­pany data pro­tec­tion of­ficer of IHD can be con­tac­ted at the above ad­dress, for the at­ten­tion of the Data Pri­vacy de­part­ment, or by e‑mail at datenschutz@ihd.de.

1. Data processing by IHD

1.1 PURPOSE OF DATA PROCESSING/ JUSTIFIED INTEREST

IHD pro­cesses per­son­al data in or­der to provide the mem­ber com­pan­ies of IHD Kred­its­chutzver­ein e.V., if there is a le­git­im­ate in­terest, with in­form­a­tion about the ac­cess­ib­il­ity of nat­ur­al per­sons who are com­mer­cially act­ive and leg­al per­sons, and to give in­form­a­tion about their cred­it­wor­thi­ness. Pro­cessing in­cludes con­vert­ing the cred­it­wor­thi­ness data in­to three classes, which are dis­played graph­ic­ally as traffic lights. The traffic light chart is gen­er­ated without ad­di­tion­al stat­ist­ic­al meth­ods or prob­ab­il­ist­ic for­mu­las and can be called up on re­quest. IHD provides this in­form­a­tion only if a jus­ti­fied in­terest has been sub­stan­ti­ated in the in­di­vidu­al case and pro­cessing is per­miss­ible after con­sid­er­a­tion of all in­terests. The le­git­im­ate in­terest ex­ists in par­tic­u­lar be­fore en­ter­ing in­to trans­ac­tions with fin­an­cial de­fault risk. This cred­it ana­lys­is serves the pur­pose of pro­tect­ing the re­cip­i­ent from eco­nom­ic losses due to de­fault risks by means of a pre­lim­in­ary as­sess­ment and at the same time opens up the op­tion of pro­tect­ing the bor­row­er from ex­cess­ive debt by provid­ing ad­vice. IHD’s data pro­cessing and the pro­vi­sion of in­form­a­tion based on it also serve to pre­vent fraud, pre­vent money laun­der­ing, veri­fy iden­tity, provide cus­tom­er ser­vice, de­term­ine ad­dresses and con­trol risks in the in­terest of de­term­in­ing pay­ment meth­ods or conditions.

1.2 LEGAL BASIS FOR DATA PROCESSING

IHD pro­cesses per­son­al data on the basis of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion. Pro­cessing is based on con­sents in ac­cord­ance with Art 6 I a in con­junc­tion with Art 7 GDPR or on the basis of Art 6 I f GDPR, in­so­far as the pro­cessing is ne­ces­sary to safe­guard the le­git­im­ate in­terests of the per­son re­spons­ible or a third party and does not out­weigh the in­terests or fun­da­ment­al rights and freedoms of the con­cerned per­son which re­quire the pro­tec­tion of per­son­al data. IHD provides in­form­a­tion to its mem­ber com­pan­ies only if a le­git­im­ate in­terest has been sub­stan­ti­ated in in­di­vidu­al cases. The le­git­im­ate in­terest ex­ists in par­tic­u­lar be­fore en­ter­ing in­to trans­ac­tions with eco­nom­ic risk, which in­cludes every pur­chase on account.

1.3 ORIGIN OF IHD DATA

The data of IHD ori­gin­ates from gen­er­ally ac­cess­ible sources such as pub­lic dir­ect­or­ies and of­fi­cial an­nounce­ments. In ad­di­tion, IHD re­ceives in­form­a­tion on pay­ment be­ha­viour from the busi­ness unit Col­lec­tion, from the af­fil­i­ated mem­ber com­pan­ies that use IHD products for the pur­poses men­tioned un­der 2.1 and from their con­trac­tu­al part­ners in the area of cred­it ref­er­ence agencies.

1.4 CATEGORIES OF PERSONAL DATA OF IHD
  • Per­son­al data (e.g. last name – if ne­ces­sary also pre­vi­ous last names, which will be dis­closed upon sep­ar­ate re­quest, first name, date of birth, ad­dress, pre­vi­ous addresses)
  • In­form­a­tion on un­dis­puted, due and re­peatedly dunned or en­titled claims and their settlement
  • In­form­a­tion from pub­lic dir­ect­or­ies or of­fi­cial an­nounce­ments (e.g. debtor’s list and in­solv­ency announcements)
1.5 CATEGORIES OF RECIPIENTS OF PERSONAL DATA

The re­cip­i­ents are primar­ily the mem­ber com­pan­ies of IHD Kred­its­chutzver­ein e.V. These are, in par­tic­u­lar, com­pan­ies that bear an eco­nom­ic risk and are pre­dom­in­antly based in the European Eco­nom­ic Area. These are mainly sup­pli­ers of goods, en­ergy sup­ply and ser­vice com­pan­ies. In ad­di­tion, the con­trac­tu­al part­ners of IHD in­clude at­tor­neys as well as cred­it ref­er­ence agen­cies and con­tract­ors in ac­cord­ance with Art 28 GDPR, such as mail dis­patch ser­vice providers.

If data is trans­mit­ted out­side the European Eco­nom­ic Area, this is done in com­pli­ance with the re­quire­ments of the European Com­mis­sion. In the ab­sence of a pos­it­ive ad­equacy de­cision by the European Com­mis­sion un­der Art­icle 45 GDPR, IHD only trans­fers data to a third coun­try sub­ject to ap­pro­pri­ate guarantees.

1.6 DURATION OF DATA STORAGE

IHD saves data in ac­cord­ance with Art 17 I lit.a) GDPR only as long as is ne­ces­sary. The test­ing and de­le­tion peri­ods ap­plied by IHD cor­res­pond to a vol­un­tary agree­ment (code of con­duct) of the cred­it ref­er­ence agen­cies af­fil­i­ated in the “Die Wirtschaft­sauskun­fteien e.V.” as­so­ci­ation. The con­tent of this vol­un­tary agree­ment (code of con­duct) is here avail­able.

Ac­cord­ingly, the ba­sic stor­age peri­od of per­son­al data is three years to the day ex­actly after its com­ple­tion. In­form­a­tion on re­quests will also be de­leted after three years at the latest.

De­vi­at­ing from this, the fol­low­ing data is de­leted, for ex­ample, to real­ise the de­le­tion claim:

  • Data from the debtor’s list of the cent­ral courts com­pet­ent for ex­e­cu­tion, to the day after three years, but pre­ma­turely if IHD has proven de­le­tion through the cent­ral court com­pet­ent for execution.
  • In­form­a­tion on consumer/ in­solv­ency pro­ceed­ings or re­sid­ual debt ex­emp­tion pro­ceed­ings to the day ex­actly three years after the end of the in­solv­ency pro­ceed­ings or the grant­ing of the re­sid­ual debt ex­emp­tion. How­ever, an earli­er de­le­tion can take place in spe­cially stored in­di­vidu­al cases.
  • In­form­a­tion on the re­jec­tion of an in­solv­ency ap­plic­a­tion due to lack of as­sets, the ab­ol­i­tion of se­cur­ity meas­ures or the re­fus­al of the re­sid­ual debt ex­emp­tion to the day ex­actly after three years.
  • Pre­vi­ous ad­dresses re­main stored for ex­actly three years to the day, after which the ne­ces­sity of con­tinu­ous stor­age is checked for a fur­ther three years. After that, they are de­leted to the day, un­less a longer stor­age peri­od is re­quired for the pur­pose of identification.

2. Rights of persons concerned

Each con­cerned per­son has the right of ac­cess to IHD pur­su­ant to Art 15 GDPR, the right of cor­rec­tion pur­su­ant to Art 16 GDPR, the right of de­le­tion pur­su­ant to Art 17 GDPR and the right of lim­it­a­tion of pro­cessing pur­su­ant to Art 18 GDPR. In ad­di­tion, it is pos­sible to con­tact the su­per­vis­ory au­thor­ity re­spons­ible for IHD, the North Rhine-West­phalia state of­fi­cial for pri­vacy pro­tec­tion and free­dom of in­form­a­tion (LDI). Con­sents may be re­voked at any time vis-à-vis the con­trac­tu­al part­ner con­cerned. This also ap­plies to con­sents that were gran­ted be­fore the GDPR came in­to force. The re­voc­a­tion of con­sent does not af­fect the leg­al­ity of the per­son­al data pro­cessed un­til revocation.

In ac­cord­ance with Art 21 I GDPR, data pro­cessing may be ob­jec­ted for reas­ons arising from the par­tic­u­lar situ­ation of the con­cerned per­son. The ob­jec­tion must be ad­dressed to: IHD Gesell­schaft für Kred­it- und For­der­ungs­man­age­ment mbH, Data Pri­vacy, Au­gustinusstr. 11 B, 50226 Frechen.

If you want to know what per­son­al data IHD has stored about you, we will in­form you in writ­ing as part of a vol­un­tary dis­clos­ure. If you vol­un­tar­ily en­close a copy of your iden­tity card for clear iden­ti­fic­a­tion, you will avoid pos­sible queries.

3. Profiling

IHD pro­cesses per­son­al data in or­der to as­sess the eco­nom­ic situ­ation of com­pan­ies. These are mainly leg­al per­sons and nat­ur­al per­sons only if they are act­ive in the busi­ness world.

The pro­cessing of the data in­cludes the as­sign­ment to three classes of cred­it­wor­thi­ness, which is dis­played in a traffic light chart. This con­ver­sion in­to a traffic light chart is based on the in­form­a­tion stored about a per­son by IHD, which is also shown in the in­form­a­tion pur­su­ant to Art 15 GDPR.

The graph­ic­al as­sign­ment of in­form­a­tion serves the pur­pose of present­ing risk prob­ab­il­it­ies, has been tried and tested in prac­tice for a long time and is not based on stat­ist­ic­al for­mu­lae and prob­ab­il­ist­ic val­ues. The fol­low­ing data (see 2.3 and 2.4) is used al­though not every data type is in­cluded in every single chart: Ad­dress-re­lated data (dis­clos­ure of name in the ad­dress, dis­clos­ure of ad­dress), data from the debtor’s list of the cent­ral court com­pet­ent for ex­e­cu­tion, data from in­solv­ency no­tices and data from pre-ju­di­cial and ju­di­cial debt col­lec­tion as well as data from the mon­it­or­ing of col­lec­tion pro­ceed­ings and in­form­a­tion from the af­fil­i­ated mem­ber companies.

This in­form­a­tion merely sup­ports the re­quest­ing mem­ber com­pan­ies of IHD Kred­its­chutzver­ein e.V. in mak­ing de­cisions on the eval­u­ation of risk as­sess­ment of their cur­rent or fu­ture busi­ness part­ners; IHD it­self does not make any decisions.

Information in accordance with Art 14 GDPR of IHD Gesellschaft für Kredit- und Forderungsmanagement mbH (IHD) for the business unit Collection

Name and contact details of the responsible body and the company data protection officer

IHD Gesell­schaft für Kred­it- und For­der­ungs­man­age­ment mbH, Au­gustinusstr. 11 B, 50226 Frechen, Tel.: 02234/96420

The com­pany data pro­tec­tion of­ficer of IHD can be con­tac­ted at the above ad­dress, for the at­ten­tion of the Data Pri­vacy de­part­ment, or by e‑mail at datenschutz@ihd.de.

1. Data processing by IHD’s debt collection department

A. PURPOSE OF DATA PROCESSING/ LEGAL BASIS

Data is pro­cessed in IHD’s debt col­lec­tion de­part­ment for con­tract ful­fil­ment and con­tract ex­e­cu­tion in ac­cord­ance with Art 6 I b GDPR and, if the claim is not based on a con­tract, for pro­sec­u­tion in the in­terests of the parties in ac­cord­ance with Art 6 I f GDPR, whereby the le­git­im­ate in­terest ex­ists in con­nec­tion with the as­ser­ted claim.

IHD also trans­mits data from the col­lec­tion of re­ceiv­ables in ac­cord­ance with Art 6 I f, III 3, IV, GDPR un­der the con­di­tions of § 24 BDSG [Fed­er­al Data Pro­tec­tion Act] and in ac­cord­ance with the re­quire­ments of § 31 II p.1, No. 4 BDSG to the in­tern­al de­part­ment of the cred­it ref­er­ence agency and ex­tern­al cred­it ref­er­ence agen­cies, where this data can be taken in­to ac­count when de­term­in­ing prob­ab­il­ity val­ues (scor­ing).

This is data on re­ceiv­ables not settled des­pite their due date in ac­cord­ance with § 31 II p.1, No.4 BDSG: The trans­fer there­fore takes place only if you have re­ceived at least two writ­ten re­mind­ers after the due date of the claim, the first re­mind­er was is­sued at least four weeks ago and you have not con­tested the claim. This per­son­al data is re­por­ted to the busi­ness unit of IHD for busi­ness in­form­a­tion and also to CRIF Bürgel GmbH, Radlkoferstr.2, 81373 Mu­nich and Bis­node Deutsch­land GmbH, Robert-Bosch-Str.11, 64293 Darmstadt.

De­tailed in­form­a­tion about the cred­it ref­er­ence agen­cies to which we send data is here avail­able.

The trans­mis­sion serves the pur­pose of as­sess­ing the cred­it­wor­thi­ness and thus the le­git­im­ate in­terest in main­tain­ing the li­quid­ity of the eco­nomy and is com­pat­ible with the pur­pose of debt collection.

B. DATA CATEGORIES AND ORIGIN

We pro­cess the fol­low­ing cat­egor­ies of data in the col­lec­tion pro­ceed­ings: Mas­ter data, com­mu­nic­a­tion data, con­tract data, re­ceiv­ables data and, if ap­plic­able, pay­ment in­form­a­tion and pro­ced­ur­al data.

The data from the above men­tioned cat­egor­ies is trans­mit­ted to us by the cus­tom­ers of the col­lec­tion pro­ceed­ings or provided to us by our con­trac­tu­al part­ners, courts and bailiffs or is the res­ult of our leg­al ser­vices in the form of pro­ced­ur­al data.

C. RECIPIENT

As part of debt col­lec­tion, per­son­al data is trans­ferred, if ne­ces­sary, to the cus­tom­er of the debt col­lec­tion, to third-party debt­ors, courts and bailiffs. In ad­di­tion, the con­trac­tu­al part­ners of IHD in­clude at­tor­neys and debt col­lec­tion com­pan­ies with­in and out­side the European Eco­nom­ic Area, cred­it ref­er­ence agen­cies and con­tract­ors ac­cord­ing to Art 28 GDPR, such as mail dis­patch ser­vice pro­viders and oth­er in­vest­ig­a­tion services.

In the case of data trans­mis­sion out­side the EU, this is done in com­pli­ance with the re­quire­ments of the GDPR. In the ab­sence of a pos­it­ive ad­equacy de­cision by the European Com­mis­sion un­der Art­icle 45 GDPR, IHD trans­fers data to a third coun­try sub­ject to suit­able guar­an­tees or, in rare cases, for the pur­pose of con­tract ful­fil­ment or for the pur­pose of as­sert­ing leg­al claims un­der the ex­cep­tions set out in Art­icle 49 I 1 b, e in con­jug­a­tion with Art 6 I b or f GDPR, en­sur­ing the ex­ist­ence of stand­ard data pro­tec­tion clauses.

D. DURATION OF DATA STORAGE

After pay­ment of the col­lec­tion claim or fur­ther ter­min­a­tion of the col­lec­tion pro­ceed­ings, IHD checks ex­actly to the day after the ex­piry of three years wheth­er there is still a fur­ther le­git­im­ate in­terest in stor­ing the per­son­al data; if this is not the case, it is de­leted. If there are con­flict­ing leg­al stor­age ob­lig­a­tions, only the data re­quired for ful­fil­ment will sub­sequently be stored in a log file held for this pur­pose only.

2. Rights of persons concerned

Sub­ject to the con­di­tions, every per­son is en­titled to the rights ac­cord­ing to Art. 15–22 GDPR.

Each con­cerned per­son has the right of ac­cess to IHD pur­su­ant to Art 15 GDPR, the right of cor­rec­tion pur­su­ant to Art 16 GDPR, the right of de­le­tion pur­su­ant to Art 17 GDPR and the right of lim­it­a­tion of pro­cessing pur­su­ant to Art 18 GDPR. How­ever, in ac­cord­ance with Art­icle 21 GDPR, the right of the con­cerned per­son to ob­ject can only re­late to pro­cessing op­er­a­tions car­ried out on the leg­al basis of Art­icle 6 I f GDPR.

In ad­di­tion, it is pos­sible to con­tact the su­per­vis­ory au­thor­ity re­spons­ible for IHD, the North Rhine-West­phalia state of­fi­cial for pri­vacy pro­tec­tion and free­dom of in­form­a­tion (LDI NRW).