PRIVACY NOTICE
In the framework of our regular business operations, we typically process the personal data of clients, business partners and third parties, payment data and other information regarding personal and professional relationships as far as it is relevant to operate a functional website or for the performance of our services.
Because of our activities‘ nature, we often cannot work with anonymized or pseudonymised data. Statutory requirements, e.g., Anti-Money Laundering Act, obligate us to process certain data of our clients and third parties to evidence compliance with the professional requirements arising from the rules of professional conduct as a debt collection agency. Some data is not provided by you but obtained from publicly available sources, such as public telephone directories, address directories, business directories, public notices, publicly accessible registers, and the Internet, if the data is freely accessible there.
1. Data processing controller
International Receivables Management GmbH,
represented by Dr Peter Lemke (hereinafter referred to as: „we“).
Ericusspitze 2
20457 Hamburg
Germany
Phone: +49 (0)40 – 60 53 17 300
E-mail: privacy@irm-hamburg.com
2. Purposes and legal bases of data processing
We process personal data, on the one hand, in the context of our general business activity, on the other hand, as part of handling engagements.
a. Performance of services, compliance with legal obligations (Article 6 (1) sentence 1 lit. c, f GDPR)
We store and use personal data communicated to us to perform the agreed service, including communication with you and all other entities with which such communication is necessary to handle the engagement. Under these provisions, we are obliged to ensure proper documentation and archiving of our correspondence and work results in IT systems and, if necessary, in paper form.
b. Performance of a contract (Article 6 (1) sentence 1 lit. b, GDPR)
We process personal data for the implementation or initiation of contracts to which the data subject is the contracting party. In this case, the nature and extent of the processing arise from the respective agreement and the associated terms and conditions.
c. Protection of legitimate interests (Article 6 (1) sentence 1 lit. f, GDPR)
The underlying legitimate interests include maintaining business operations and providing the contractually agreed service to our clients. We only process personal data as far as necessary to provide our services.
3. Collection of general information when using our website
General information is collected automatically when you visit our website without registering or explicitly providing information in any other way. This information, the so-called server log files, contains, for instance, the type of your browser, the operating system you are using, the domain name of your internet service provider, your IP address, Browser type/version/language, Date and time of the request, Website from which the request was made, Request contents. These server log files are processed with the aim of doing the following:
- ensure a smooth connection build-up of the website,
- ensure trouble-free use of our website,
- analyse the system security,
- fulfil further administrative purposes.
We do not use your data to draw conclusions regarding you as an individual. We statistically analyse this information to optimise our internet presence and the technology behind it for further use.
This way of processing data complies with article 6, paragraph 1 (f) of the GDPR based on our legitimate interest in improving the stability and functionality of our website. Where appropriate, recipients of this data are technical service providers in charge of operating and servicing our website in their quality as processors.
The data is deleted as soon as it is no longer necessary for the purpose of collection. This is generally true for the data used for the website delivery as soon as each session is over.
The provision of personal data is not legally or contractually mandated. However, our website’s service and operational capability cannot be ensured without your IP address. In addition, certain services may become unavailable or limited. For this reason, the objection is not possible.
4. Cookies
We use cookies on our website to ensure a user-friendly experience. Cookies are small files managed by the user’s web browser and are directly stored on the respective device (Laptop, Tablet, Smartphone etc.) whenever you visit our website. Cookies are stored as long as you do not delete them. This process allows us to recognise your browser on your next visit.
If you do not wish to use cookies, you can change the settings in your browser accordingly. You will then be notified whenever your browser attempts to create a cookie, and you can decide whether you want to allow the cookie. However, please note that the deactivation of cookies may result in a limited user experience, and you may not be able to use every function of our website.
The legal basis for cookies that are absolutely necessary to provide you with the expressly requested service is § 25 para. 2 no. 2 TTDSG. Any use of cookies that is not absolutely technically necessary for this purpose constitutes data processing that is only permitted with your express and active consent under Section 25 (1) TTDSG in conjunction with Article 6 (1) sentence 1 lit. a DS-GVO. This applies in particular to the use of performance, advertising, targeting or sharing cookies. Furthermore, we will only pass on your personal data processed by cookies to third parties if you have given your express consent to do so by Art. 6 para. 1 sentence 1 lit. a DS-GVO.
5. Request by e-mail, phone, or fax
If you contact us by e-mail or another form of an electronic message, telephone or fax, your request, including all resulting personal data (name, request), will be stored, and processed by us to process the request. We do not pass these data on without your consent. We will delete your personal data after completing your inquiry.
The processing of these data is based on Art. 6 para. 1 lit. b GDPR, if you request the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Article 6 (1) a GDPR) and/or our legitimate interests (Article 6 (1) (f) GDPR) since we have a legitimate interest effective processing of requests addressed to us.
The data sent by you to us via contact requests remain with us until you request us to delete or revoke your consent to the storage or the purpose for the data storage lapses after the completion of your request). Mandatory statutory provisions – in particular, statutory retention periods – remain unaffected.
6. Web-Analysis
We do not perform any web analysis on our website and do not use any web analysis tools. The previously mentioned user and visitor data will not be evaluated or analysed.
7. Data transfer
As far as necessary for fulfilling our contract with you, your personal data can be transferred to third parties, including authorities, courts, and other public bodies. These may also be located outside the European Economic Area (EEA), i.e., in third countries. Such processing takes place exclusively for the fulfilment of contractual and business obligations and for the maintenance of your business relationship with us (legal basis is Art. 6 para. 1 lit b or lit f in each case in conjunction with Art. 44 et seq. DS-GVO). We will inform you about the respective details of the transfer in the relevant places below.
To ensure legitimate interests and check your contact data and creditworthiness, your personal data may also be revealed to other specialist service providers. These providers shall act on our instructions and are contractually obliged to comply with the data protection provisions under Art. 28 DS-GVO.
8. Data safety
To protect the safety of your data during transfer, we use SSL encryption technology (HTTPS). If a page on our website was/is being transmitted encrypted, it is shown by the lock symbol in your browser’s address bar. Our servers are secured by means of Firewall and virus protection. Furthermore, we use appropriate technical and organizational security measures to protect your data from accidental or intentional manipulation, partial or complete loss, destruction, or to prevent unauthorized access by third parties. Our security measures are continuously upgraded according to the latest technological developments.
9. Your rights as an affected person
You can execute the following rights using the contact details below:
- You have the right to request information about any of the personal data we process. In particular, you have the right to request information about the purpose of the processing, the categories of personal data, the categories of recipients who will have access or were disclosed with your data, the duration periods for saving the personal data, whether there is a right to adjust/correct, erase, restrict or object, the transmission of data, the source of your data if not collected through us. We do not intend to use any personal data collected from you for any automated decision-making process (including profiling).
- You have the right to revoke a previously granted consent to use your personal data at any time. If you wish to exercise the right to revoke, contact us via the provided contact details. Should you exercise your right of revocation, we shall not further process your personal data unless we are able to provide compelling legitimate grounds for doing so which override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defence of legal claims.
- If You believe that the processing of your personal data is inconsistent or contradicts the applicable data protection laws, you can complain to the Data Protection Authority of the City of Hamburg. You will find a list of authorities for data protection (for the non-public sector) along with the addresses under https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
10. Data storage period
We store personal data for as long as we need it to perform the respective task. As far as data is subject to statutory retention obligations, we store it for the duration of the retention period. Moreover, we also store personal data if another legitimate interest according to Article 6 (1) sentence 1 lit. f GDPR exists. Data will be stored until the contractual and/or statutory retention periods are met. Your data is only stored on servers in Germany, subject to a possible transfer by the regulations in (7).
11. Amendment of our privacy notice
By using this website, you consent to the collection and use of your data by IRM, as described in this Privacy Policy. If we change our privacy policy, we will announce the change on this website.
Should you have any questions concerning privacy protection, please write to us at: privacy@irm-hamburg.com