Personal data policy

Information on how we process your personal data

For us at coeo Perintä Oy, corporate ID number 3527378-9 (from here on ”coeo”), it is important that you feel confident that we process your personal data securely and in conformity with the relevant laws and regulations. coeo is the Personal Data Controller for processing your personal data. All our processing of your personal data is carried out in accordance with the applicable data protection legislation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and national legislation supplementing the General Data Protection Regulation.

This means that we protect your personal data using the necessary protective measures, and that you have the right to contact us at any time to find out what personal data about you we have saved. This Personal Data Policy sets out how we process, save and protect your personal data. We reserve the right to make changes to this information whenever necessary, for example when it has to be adapted to conform with new data protection rules. The current version will always be posted on our website.

What personal data do we process?

Personal data is information which, in one way or another, can be linked to you as an individual either directly or indirectly. Examples of personal data include your name, email address, telephone number, postal address and date of birth.

Personal data as a debtor

In the event that you have a debt to pay, an obligation to fulfil something or have a joint and several liability on behalf of another debtor, we process your data in the form of your forename(s), surname, Finnish personal identity code, customer number and registered address, as well as your telephone number and email address.

In addition to the above, personal data about you as a debtor will be processed if it contains information about the unpaid debt, any agreements and other circumstances which form the basis for the debt, as well as information on any part payments that have been made in the particular case. We will also process data on your financial situation, your personal circumstances and debts and information on ongoing and past distraints. We may also obtain and process your personal credit information from credit information registers maintained by credit information companies operating in Finland.

Personal data as a client, supplier, public authority/agency, customer or collaborating partner

If you are a client/customer of ours, or work at a public authority/agency, such as the Finnish Enforcement Authority, a District Court or the Finnish Tax Administration, we process data about you in the form of your forename(s), surname, telephone number, email address, job title and the name of the company or authority/agency that you work for. This also applies to you if you are a partner or a contact person at one of our customers or are a contact person with a party that we would like to have as a customer, and for contact persons with suppliers or other collaborating partners of ours.

Where personal data concerns crimes/infringements

In exceptional cases, it may be that data on a crime/infringement is being processed. Personal data of this type will only be processed in the event that such data is essential to establish, invoke or defend legal claims, or where the processing is otherwise based on law.

Where personal data concerns special categories of personal data

Where money laundering checks are being carried out, sensitive information may be processed to a certain extent. This information is processed solely to enable us to fulfil our legal obligation to carry out these checks.

How we collect personal data

As a debtor or in the event of joint and several liability

Where your personal data relates to you as a debtor or in the event of joint and several liability, we obtain your personal data primarily from previous debt holders and in carrying out our assignment as a debt collection agency when we collect debts which you have not settled. We also collect your personal data directly from our contact with you by telephone, email or through our website. In addition, we also obtain your personal data from public registers compiled by the Finnish Enforcement Authority, courts and the Finnish Tax Administration and Digital and Population Data Services Agency. We make every effort to ensure that all your personal data is constantly updated and is correct at all times. Accordingly, we regularly update address information against the population information system. We use an external address provider who then has limited access to part of your personal data.

Personal data as a client, supplier, public authority/agency, customer or collaborating partner

In the event that you are a client or work at a public authority/agency, we obtain your personal data primarily from the company you work for, from you yourself or from the authority/agency.

We will never process your personal data for any purpose other than that for which it was obtained.

Why we process your personal data

As a debtor

The primary purpose for which we process your personal data as a debtor is because you have a debt which is overdue for payment and which we are collecting on the instructions of a client or on our own behalf. We take collection action to obtain payment, to determine a claim, to enforce a claim or other performance. “Collection measures” means all actions which we used to achieve a settlement of an unpaid debt. Such measures include, but are not limited to, sending out debt collection demands and other types of collection letters, contacts with the debtor or the debtor's representative, the administration of payment plans and payments, contacts with public authority/agencies and other measures to establish a claim such as court action and processes relating to the enforcement of a claim. Your personal data is processed for the performance of a contract to which you are a party and under which you are obligated to make payments.

Information on your financial status as a debtor, your personal circumstances and your distraint history is processed to enable us to judge which collection action should be taken and which demands should be sent. The data is also processed to determine whether legal action should be taken and, if so what type of action, such as an application for a payment order, initiating procedures in court or submitting an application for enforcement. We may obtain and process your personal credit information from credit information registers to plan debt collection activities and assess the most appropriate collection measures in accordance with the Finnish Credit Information Act (527/2007). The processing is based on our legitimate interest to verify accuracy of the personal data and to determine the most appropriate debt collection action in each case.

We process personal data for profiling to facilitate the above-mentioned collection planning. In practice, the profiling is based on customer history data, payment behaviour and debts, which is used to predict future payment behaviour and choose the most appropriate collection measures for your financial situation. We do not employ automated decision-making, that have no human involvement, and the profiling does not have a legal effect on you. The profiling is based on our legitimate interest, and you have the right to object to profiling, on grounds relating to your particular situation. More information on your privacy rights can be found at the end of this Personal Data Policy.

As a client, collaborating partner, contact person, customer, supplier and public authority/agency

As a client, collaborating partner, contact person, customer or supplier to us, we process your personal data based on our legitimate interest to the extent required to administer and process our contractual and/or commercial relationship with you or the company you represent. Examples of such processing include performance of contract with a client or collaboration partner, invoicing, or for the assessment of financial capacity or generally for reasons of security and economy.

If you are acting in the capacity of representative, we process your personal data for the purpose of communicating with you in respect of matters which affect the person whom you represent and to enable the collection of a debt which the person you represent has not settled, on the basis of the contract with the debtor and a power of attorney.

To a certain extent, we process personal data relating to personnel at a public authority/agency in the course of our collection operation. Alongside the collection operation, personal data of personnel of public authorities/agencies is also processed to enable us to fulfil our obligations under company law, tax law and labour law. This occurs when we communicate, for example, with employees of the Finnish Tax Administration and the Finnish Patent and Registration Office. Moreover, the data is used to ensure that measures necessary, for example, for debt restructuring, dispute resolution and enforcement are taken.

Other purposes of processing

The processing of your personal data is also necessary to comply with our legal obligations. Examples of such processing include accounting purposes under the Accounting Act (1336/1997), identification of customers and the prevention of money laundering under the Act on Preventing Money Laundering and Terrorist Financing (444/2017), compliance with good debt collection practices and other obligations set out in the Act on the Registration of Debt Collectors (411/2018) and the Debt Collection Act (513/1999) and in general, responding to official queries by competent authorities.

Records of calls with our customer service are stored to ensure the quality control of our customer service, good debt collection practices, and for training purposes. This processing is based on our legitimate interest.

In addition to the above, the data is also used for the development of our operation, including risk management, methodology development, operational planning, statistics and follow-up, as well as business development. This is done for the purpose of analysing and developing our operation based on our legitimate interest.

For how long is your personal data stored?

We weed your personal data as debtor, representative or officer of a public authority/agency as soon as the data is no longer regarded as necessary for the purpose for which it was collected.

Personal data related to debt collection activity is stored at least for five (5) years after the end of the debt collection activity based on the Act on the Registration of Debt Collectors (411/2018). The retention period for accounting data is six (6) or ten (10) years, depending on the material, based on the Accounting Act (1336/1997),

If you are a client, we process your personal data throughout the period of our business relationship and for one year thereafter. We process the personal data which emerges from a supplier agreement for 10 years after the purpose has ceased, and data collected in connection with money laundering checks is stored for five (5) years from the execution of the transaction in accordance with the Act on Preventing Money Laundering and Terrorist Financing (444/2017).

Who is permitted to access your personal data?

We will share your personal data within our Group or with one or more of our suppliers if we judge that this is necessary to enable us to carry on our operation. Before we share any data, we will have taken action to ensure that our suppliers have an obligation to process the data securely, correctly and confidentially. A supplier will never be permitted to use your data for any purpose other than that the purpose we have specified.

To enable us to achieve the purpose of the processing, your data may be shared with our IT and systems suppliers, our clients, external suppliers such as postal companies, legal consultants, authorised process servers and others to participate in the delivery of our services. Your data may also be shared with credit information companies for the purpose of obtaining credit information from credit information registers. In addition, your data may be shared with the Finnish Enforcement Authority, the Finnish Tax Administration and the Office of the Data Protection Ombudsman. Your data may, for example, be shared if you have paid interest which must be reported to the Finnish Tax Administration, executive action is being taken via the Finnish District Courts or the Finnish Enforcement Authority, or the Office of the Data Protection Ombudsman is carrying out an inspection.

If you are a debtor and move to another country, as part of the collection process on a debt, we may engage a collection agency in the country in which you currently are. In that event, personal data on the collection case will be shared with the collection agency that we engage.

How we protect your personal data

We make every effort to ensure that your personal data is processed securely, which is why we have taken appropriate security measures to protect your personal data against unauthorised access, alteration and erasure, and to ensure that processing is carried out in accordance with the applicable data protection legislation. The actions we have taken to protect your personal data include regular risk assessment, ongoing training of personnel, limiting access to personal data, generating backups, implementing firewalls and antivirus programs and encrypting our website. coeo is very careful to ensure that the distribution of personal data internally is limited so that only those members of staff who need access to personal data for the performance of their duties have such access.

Whenever we need to transfer personal data to a party outside our operation, we ensure that we use a secure method of transfer.

In the event of hacking which could affect you or your personal data, we will provide you with the information necessary for you to mitigate the potential negative effects of the infringement.

Transfer of personal data to a third country

As a general rule, both we and our suppliers process your data only within the EU/EEA. In the event that your personal data is being processed outside the EU/EEA, we have ensured that an adequate level of protection is in place, for example by entering into Standard Contractual Clauses, as required by the General Data Protection Regulation.

Use of cookies

We use cookies on our website. The use of cookies may involve processing personal data. For further information on the use of cookies, please see our Cookie Policy.

Your rights

As Personal Data Controller, we are responsible for ensuring that your personal data is processed in accordance with the applicable data protection legislation and that you are given the opportunity to exercise your rights. You may contact us at any time if you wish to exercise your rights under the General Data Protection Regulation.

We will then answer your questions about exercising your rights within one month of the date on which we receive your request except in exceptional circumstances. If we are unable to take the action that you have requested within one month, we will inform you of this and explain the cause of the delay.

The right to withdraw your consent

You have the right at any time to withdraw all or part of the consent you have already given. This will take effect from and including the date on which you withdrew consent. We will then cease to process that part of your personal data which is based on your consent.

The right to information and access

You have the right to request information on the personal data that we process about you, and how that data is processed. You also have the right to obtain a copy of the personal data that we process about you.

The right to rectification

You have the right to have inaccurate data rectified without undue delay or to have incomplete personal data completed.

The right to erasure and restriction

You have the right at any time to request to have your data erased if the processing is no longer relevant for the purpose for which the data was collected.

You can also request that the processing of your personal data be restricted in certain cases, such as when you consider that the data is inaccurate and you have requested rectification. In that event, you also have the right to request that the processing of your personal data be restricted during the period in which the accuracy of the data is being investigated.

The right to data portability

If you have given your consent or if we are basing the processing on a contract with you, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit that data to another Personal Data Controller when this is technically possible.

The right to object

You have the right to object to our processing of your personal data which is based on a balance of interests. If you object to the processing in such cases, we may only continue to process your personal data if it is possible to demonstrate that there is a decisive legitimate reason that the data must be processed which outweighs your interests, rights and freedoms, or if the processing is carried out to establish, exercise or defend legal claims.

The right to lodge a complaint

If you have any complaints about our processing of your personal data, you may contact our Data Protection Officer through the contact information below, and you can also lodge a complaint with the Office of the Data Protection Ombudsman. Their contact information is below:

The Office of the Data Protection Ombudsman

Postal address: Lintulahdenkuja 4, 00530 Helsinki

E-mail: tietosuoja@om.fi

Website: www.tietosuoja.fi

Contact information

If you want to exercise your rights or if you have a general question about how your personal data is processed by us, you are welcome to contact our Data Protection Officer by email to dpo@coeo.fi or through the contact information below:

coeo Perintä Oy (Business ID 3527378-9)

Postal address: Eteläesplanadi 2, 00130 Helsinki

E-mail: dpo@coeo.fi