Privacy policy

Who are we and what do we do?

At Hoist Finance, part of the group Hoist Finance AB (publ), we help you find a feasible solution to settle your debts. We are currently your only point of contact regarding the contract that was assigned to us.

What information do we have, why do we process it, and for how long do we keep it?

We use your information only for debt collection and related processes. Our activities may be outsourced to third parties, who continue to manage it on our behalf.

To reach the goals above in an appropriate and fair way, we always process the following types of information under strict control, such as encryption, internal access rights and audits to secure your information.

Contact information

Type of information

  • For example, account details such as your name, address and details of previous communication with our services, including phone call recordings, emails and letters.

Goal of processing this information

  • To be able to contact you. To archive previous conversations or correspondence and to keep a complete and up to date history of your situation and your transactions with our services. This is necessary to process every case fairly and in your best interest.

Legal base for processing

  • The legal base for processing this information is the assignment agreement, by which Hoist Finance AB has acquired the debt obligation and has been appointed responsible for processing. As soon as the debt obligation has been settled, we preserve your data to comply with legal provisions such as money laundering regulations, litigation procedures, etc.

Duration of the data storage

  • These data are stored for six years, starting from the day the file is closed. After this period, the information will be deleted (excluding random phone call recordings that were deleted after 12 months starting from the date of the recording).

Payment information

Type of information

  • For example your bank account number, to set up a direct debit or to process your payments.

Goal of processing this information

  • To process payments and payment requests.

Legal base for processing

  • The legal base for processing this information is the assignment agreement, by which Hoist Finance AB has acquired the debt obligation and has been appointed responsible for processing. As soon as the debt obligation has been settled, we preserve your data to comply with legal provisions such as money laundering regulations, litigation procedures, etc.

Duration of the data storage

  • Only when the payment agreement is active and until the date on which it will be deleted.

Information about disputes

Type of information

  • For example judicial information, specific results and specific costs

Goal of processing this information

  • As part of our recovery strategy, we may decide to take measures against you. You will be informed before we take any action. If necessary however, we keep the relevant information about action and results up to date, to be able to act as fairly as possible.

Legal base for processing

  • The legal base for processing this information is the assignment agreement, by which Hoist Finance AB has acquired the debt obligation and has been appointed responsible for processing. As soon as the debt obligation has been settled, we preserve your data to comply with legal provisions such as money laundering regulations, litigation procedures, etc.

Duration of the data storage

  • The information will be deleted exactly six years after the file is closed.

Information about the origins of the credit

Type of information

  • For example previous addresses, credit application data and information about credit acquisition.

Goal of processing this information

  • We need this information to make sure that we have a complete background of your situation and to make the information we already have more accurate.

Legal base for processing

  • The legal base for processing this information is the assignment agreement, by which Hoist Finance AB has acquired the debt obligation and has been appointed responsible for processing. As soon as the debt obligation has been settled, we preserve your data to comply with legal provisions such as money laundering regulations, litigation procedures, etc.

Duration of the data storage

  • The information will be deleted exactly six years after the file is closed.

So-called sensitive information

Type of information

  • For example information about your health or any other potential factor that could have an impact on your ability to interact with us.

Goal of processing this information

  • This information can be necessary to guarantee that we process all our clients fairly and appropriately, according to their specific situation. The processing of sensitive information can be crucial to protect our clients’ interests.

Legal base for processing

  • Your consent

Duration of the data storage

  • Until you withdraw your consent, or for six years starting from the closing of the file.

Where do we get the information?

We initially get the information of the original creditor as part of the debt assignment.

However, we also receive information directly from you, for example when you talk to one of your advisors or you send us a letter, an email or a text message with your new address, payment details or other information.

Finally, we can also get information from third parties to make the information we have more accurate and/or to better understand your situation. These third parties are credit reference agencies, public archives and other organisations that deliver services to improve the quality of the data we have about you.

We may also track when you access and how you use our website to improve your experience. Please see our cookie policy page for more information.

Disclosure of your information

We don’t disclose any of your personal information, except in the following circumstances:

We may share your personal information within the Hoist Finance group, of which we are part. For example, our IT infrastructure is being managed at group level. This allows us to keep our systems operational and secure, giving you the best possible service. All information sharing happens according to security and confidentiality requirements.

We may also share your personal data with carefully checked organisations that have to comply with our strict security and confidentiality requirements and follow our guidelines. We may share the data for the following purposes:

  • To help you manage your account and/or keep the information we have about you up to date and accurate. An example would be the report of the credit reference agency.
  • To provide specialised services to manage the services of our company. An example would be the printing company that sends out our letters via mail, or when we use a third party to collect or manage a debt in our name.

Finally, we may also disclose your personal information to third parties:

  • If we sell or buy a company or assets. Here, we can disclose your personal information to the seller or the potential buyer of the company or assets.
  • If we are under the obligation to disclose or share your personal data to comply with any legal obligation, to enforce or apply our terms and conditions, or to protect our rights, property or safety. This includes the exchange of information with other companies and organisations in order to prevent fraud and reduce credit risk, with the tax authorities, or to fight money laundering.

 

Your information will generally be stored in the EU/EEA or in countries where the European Commission has determined that they have an adequate level of protection. The data can only temporarily be transferred to other countries and for limited purposes. For this, we need 24/7 technical support to maintain our IT infrastructure, as well as support teams of our service suppliers who are situated outside of the EU/EEA.

 

However, our technical, organisational, and contractual protection ensures the security of all information and an adequate level of protection in all cases.

Contractually, any transfers to countries outside the EU/EEA that are not deemed adequate by the European Commission will be based on the European Commission's standard data protection clauses. You can contact us to get a copy of these clauses. Transfers to the United States are based on the EU-U.S. Privacy Shield Framework or on standard data protection clauses.

Your statutory data protection rights  

Right of access: You have the right to request a copy of all or part of the information we have about you. Please contact us to obtain this information. We will reply to your request within one month.

Right of rectification: We want to assure you that your personal information is correct and up to date. You can ask us to correct or delete any information that is inaccurate in your opinion. We may ask you to provide reasonable proof to verify your request.

Right to put processing on hold: If you believe that the personal information we have about you is inaccurate or illegal, or that we do not have a legitimate reason to process them, you can request that we put all processing on hold until this has been corrected.

Right to object to processing: You have the right to object to the processing of your information, when your particular situation is of such nature that we no longer have to process your information to perform a duty in the interest of the public or that we do not have a legitimate reason to do so.

Right of data transfer: This right allows you to obtain the personal data you provided us in a structured and commonly used format and to reuse the information for personal purposes and to transfer this directly to different services. This applies only to the information we use with your consent or on a contractual basis.

Rights related to automated decision-making and profiling: You have the right of protection against potentially harmful decisions, taken without human intervention. This right applies when a decision is based solely on an automated processing and has a legal effect or a similar legal effect. If this is the case, we need to make sure that you are able to get human intervention, express your point of view and have the opportunity to challenge it. We will also explain the logic behind this decision.

Profiling is defined as every form of automated processing that is intended to assess certain personal aspects of an individual to analyse or predict aspects of his personal situation, behaviour or abilities. Processing has to be fair and transparent, use appropriate mathematical procedures or statistics, use appropriate controls to minimise inaccuracies and secure personal data.

We don’t use any automated individual decision.

Right of removal (“right to be forgotten”): You can ask us to delete the information we have about you, when it no longer serves the purpose for which it was collected. You can also withdraw every consent you gave us for processing, or object against our processing (see above). In such cases, it is illegal for us to continue processing your information. Please note, however, that we are also subject to certain legal obligations that may prevent us from immediately deleting all your information. For example, we are legally required to keep certain data for at least five years to fight money laundering. However, all data that we cannot delete will be blocked and erased as soon as it is no longer required to store them.

Right to file a complaint: You have the right to file a complaint with the French data protection supervisory authority CNIL: www.cnil.fr

Changes to this confidentiality policy

We regularly review this confidentiality policy. The Company has the possibility to change all or part of the current General Conditions. In this case, the User will be notified by a pop-up window that appears on the platform. The changes in the General Conditions are considered accepted by the User when he continues to use the Platform without expressing any objection.

This confidentiality policy was last updated: 21/12/2018.

How to contact us

Please contact us if you have any questions about our privacy policy, about the information we store about you, or about the information we use as a basis to process that information: Hoist Finance, personal data protection officer, Antoine SUEUR.

You can also contact our personal data protection officer directly:

Hoist Finance, Personal Data Protection Officer
TSA 63102
59031 Lille Cedex
France_DPO@hoistfinance.com