Privacy Policy
The processing of your personal data with the objective of collecting an outstanding debt is permitted, even if you do not consent to the processing. We only process your personal data if we have a legal ground to do so. Moreover, debt collection is a task of public interest and we have a legitimate interest to process your personal data as your account has been lawfully assigned to us.
In accordance with our legitimate interest we may also undertake a number of other activities, such as tracing untraceable customers, scoring to ensure compliance with good debt collection practices, enriching your data with data obtained from various sources (e.g. Credit Reference Agencies, historical data we hold on you and public registers), verifying that the data we hold is correct and exchanging your data with approved third parties such as other public and private collection agencies and Credit Reference Agencies. Your personal data is always kept safe in compliance with data protection legislation.
In relation to our debt purchase services, we are not obligated to ask for your consent to process your personal data. When we purchase your debt from your original contracting party, we primarily receive anonymized data as part of the purchasing process and use the statistical and financial information we hold to forecast the developments of the portfolios. When the debt has been purchased by your contracting party after this analysis, we will be your new contractual counterparty. When we subsequently collect your debt, we process your personal data in order to fulfill the purchase agreement and on the basis of our legitimate interest.
We also store certain financial information about you in order to assess, among others, your ability to pay (in time), for risk analysis and risk management, make payment plans and for debt surveillance. Which financial data is concerned? Data with regards to your payment behavior, default details, credit history information, information on your debt, income, assets, credit, loans, payment history and credit rating.
Do you inform us about the reason (s) you were unable to pay? We also keep your reasons for non-payment, as it gives us a better understanding of your specific situation and to make a well informed decision on how to handle your case.
We store your data to ensure good debt collection practices e.g. through scoring activities, among others, based on historic information and performance and taping of phone conversations. We record conversations with the intention to train our employees and also to document your rights.
For the safety of our employees and to keep your personal data safeguarded, we also use video surveillance cameras in several locations. Unless we have legal obligations to keep the records, we will delete the recordings after a short period of time.
We have a legal obligation to provide your personal data when we are audited by the authorities and to prevent, monitor and evidence fraud, anti-money laundering and other criminal activities.
We provide access to or share your personal data with Credit Reference Agencies or approved third party suppliers.
The information we have on you may be anonymized and used for developing of our business. However, when necessary to secure your personal data and ensure appropriate test development of and changes in our IT system your personal data may be used as-is.
This sensitive data will not be stored unless otherwise agreed with you, or unless it is necessary for the establishment, exercise or defense of legal claims.
It may however benefit you to notify us of any health condition, disability and/or personal information relating to your private life that may impact your ability to repay your account. This will allow us to take reasonable steps to accommodate your needs or requirements such as allowing sufficient breaks in your payment arrangement, providing breathing space to seek free independent debt advice, or adjusting your payment arrangement.
This information will be used by us to assist you and will be kept as long as it is required for this purpose, or until such time as you notify us that you no longer consent to its processing or it is necessary for the establishment, exercise or defense of legal claims.
However, you may choose to provide us with additional personal data. Such information may even help us handle your case, and it is usually to your benefit. For example, you may have a valid reason for why you have not paid your debt which you may want to share with us, or if we agree to set up a payment plan to help you pay your debt you may want to provide certain details for making the payment plan reasonable and attuned to your specific situation.
Our employees will have access to the personal data. In such a case, access will be granted only if necessary for the purposes described and only if the employee is bound by an obligation of confidentiality.
Generally, your personal data will not be transferred outside of the European Economic Area (EEA). However, in case of international debt collection, your personal data may be transferred to one of our agents working in the relevant country. We also use third-party service providers to store or whom may access your data, which may be located outside of the EEA. We will never transfer your personal data outside of the EEA without ensuring the safety and protection of your personal data. Therefore we make sure that any recipients have signed the EU Standard Model Clauses, to justify the transfer, or that the country guarantee adequate protection under the data protection legislation. We may also rely on the Privacy Shield program, which is a program where US companies can commit to a higher level of privacy protection than is required by US law. We may disclose information outside of these groups to help prevent fraud, or if required to do so by law.
We will retain your data
- as long as required for the lawful purpose for which it was obtained,
- as long as we have legitimate interest to keep it e.g. to ensure good debt collection practises, and
- •until the statue barring period is due to be able to defend ourselves against legal claims.
We are also legally obliged to keep your personal data for a period of time to:
- prevent and detect fraud,
- detect and evidence anti-money laundering, and
- for financial audits.
For statistical purposes we will keep strict anonymized data.
We process your personal data entirely in accordance with the regulations of the GDPR. The law stipulates that you have certain rights regarding this processing. Below, you will find a list of these rights:
| Your rights | What does it mean? |
|---|---|
| Right to access |
You may request information on how we process your personal data, including information on:
All the above information is available in this Privacy Policy. |
| Right to correction | It is important that we have the right information about you and urge you to let us know if any of your personal data is incorrect, e.g. if you have changed your name or moved. |
| Right to be forgotten | If we process your personal data in an unlawful way, for example if we process your personal data longer than necessary or for no reason, you may ask us to delete this information. |
| Right to restriction |
From the time you have requested that we correct your personal data or if you have objected to the processing, you are entitled to restricted processing. This means that we (except for storing the personal data) may process your personal data :
After we have been able to investigate the issue or confirm the accuracy of your personal data and it has been determined that your details are correct or have been adjusted in accordance with your request, your data will be processed again. |
| Right to objection |
If you believe that we do not have the right to process your personal data, or if you want an automated decision to be reconsidered, you may object to our processing. In such cases, we may continue processing only if we can show compelling justifying reasons that out-weigh your interests, rights and freedoms. However, we may always process your personal data if it is required for the determination, exercise or defense of legal claims. You always have the right to object to direct marketing activities. |
| Right to data portability | You may request to have your personal data that you have provided to us for processing based on consent or to fulfil a contract, provided to you in a structured, widely used and machine-readable format. You also have the right to request to transfer that information to another data controller. |
| Withdrawal of consent | Mirus does not base its processing upon consent. However, given that some processing activities should be based on consent, you are in your right to withdraw it and we will consequently stop the processing activities based on this legal ground. |
We will also notify third parties we may have shared your personal data with of your request(s).
If you wish to raise a complaint about how we handle your personal data, including in relation to any of the rights outlined above, you can contact our Data Protection Officer and we will investigate your concerns.
Data protection officer: info@mirus.nl
If you are not satisfied with our response, or believe we are processing your data unfairly or unlawfully, you can complain to the Data Inspectorate. You can find further information about the Data Inspectorate and their complaints procedure here: www.autoriteitpersoonsgegevens.nl.
If you have any further questions on how we process your personal data you may contact us through: info@mirus.nl.