(Article 13 of the REGULATION (EU) 2016/… OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
1. Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:
(a) the identity and the contact details of the controller and, where applicable, of the controller's representative;
(b) the contact details of the data protection officer, where applicable;
(c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
(d) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
(e) the recipients or categories of recipients of the personal data, if any;
(f) where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
2. In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing:
(a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
(b) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
(c) where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
(d) the right to lodge a complaint with a supervisory authority;
(e) whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
(f) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
3. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.
4. Paragraphs 1, 2 and 3 shall not apply where and insofar as the data subject already has the information.
(Article 14 of the REGULATION (EU) 2016/… OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
1. Where personal data have not been obtained from the data subject, the controller shall provide the data subject with the following information:
(a) the identity and the contact details of the controller and, if any, of the controller's representative;
(b) the contact details of the data protection officer, where applicable;
(c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
(d) the categories of personal data concerned;
(e) the recipients or categories of recipients of the personal data, where applicable;
(f) where applicable, that the controller intends to transfer personal data to a recipient in a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means to obtain a copy of them or where they have been made available.
2. In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following information necessary to ensure fair and transparent processing in respect of the data subject:
(a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
(b) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
(c) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability;
(d) where processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
(e) the right to lodge a complaint with a supervisory authority;
(f) from which source the personal data originate, and if applicable, whether it came from publicly accessible sources;
(g) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
3. The controller shall provide the information referred to in paragraphs 1 and 2:
(a) within a reasonable period after obtaining the personal data, but at the latest within one month, having regard to the specific circumstances in which the personal data are processed;
(b) if the personal data are to be used for communication with the data subject, at the latest at the time of the first communication to that data subject; or
(c) if a disclosure to another recipient is envisaged, at the latest when the personal data are first disclosed.
4. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were obtained, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.
5. Paragraphs 1 to 4 shall not apply where and insofar as:
(a) the data subject already has the information;
Pursuant to Art. 6 Para. 1 Letter f) GDPR, we check information about your address data (if applicable, first name, surname, address, e-mail address, telephone number) and your creditworthiness to protect legitimate interests. For this purpose, we cooperate with credit agencies, e.g. Regis24 GmbH, from which we obtain data for these purposes or transmit it to them. In accordance with Art. 14 GDPR information on data processing at credit agencies can be found under the links provided.
We transmit personal data collected within the scope of this contractual relationship concerning the application, the execution and the termination of this business relationship as well as data concerning non-contractual or fraudulent behavior to CRIF GmbH, Leopoldstraße 244, 80807 Munich.
The legal basis for this transfer is Article 6 (1) sentence 1 letter b and letter f of the General Data Protection Regulation (DSGVO).
CRIF GmbH processes the data received and also uses it for the purpose of profiling (scoring) in order to provide its contractual partners in the European Economic Area and Switzerland and, where applicable, other third countries (insofar as an adequacy decision of the European Commission exists in respect of these) with information on, among other things, the assessment of the creditworthiness of natural persons. Further information on the activities of CRIF GmbH can be found in its information sheet or online at www.crif.de/datenschutz.
Contact Details of Regis24 GmbH
Regis24 GmbH
Wallstr. 28
10179 Berlin
www.regis24.de/informationen
Contact Details of CRIF GmbH
CRIF GmbH
Leopoldstr. 244
8087 Berlin
https://www.crif.de/
Data Protection Declaration
The Controller within the meaning of Art. 4 No 7 GDPR is:
HFG Inkasso GmbH
Zirkusweg 1
20359 Hamburg
T 040 – 41 30 95 71
F 040 – 41 30 93 00
E hfg[at]hfg.de
Our Data Protection Officer is:
Wodianka privacy legal GmbH
RA Dr. Volker Wodianka, LL.M. (IT&T)
Dockenhudener Straße 12a
22587 Hamburg
E-Mail: volker.wodianka[at]privacy-legal.de
The protection of your personal data during all data processing processes (e.g. collection, processing and transmission) is an important concern for us. Your data is protected as part of statutory regulations, in particular the GDPR. This comprehensive protection is ensured by technical and organisational measures including TSL encryption.
The following statement gives you an overview of which data is collected during your visit to the HFG Inkasso GmbH website, how this data is used and transmitted, what security measures we take to protect your data and how you receive information about the information provided to us.
This data protection declaration applies to the entire website, but not to sites of other providers to which the website links.
1. Collection, use and storage of personal data
In connection with your access to our website, data is stored for security purposes which may allow you to be identified (e.g. date, time and pages viewed, IP address of the requesting computer, data identifying the browser and operating system used and the referrer page). The temporary storage (7 days) of this data is for exclusively internal system-related and statistical purposes (e.g. to guarantee the trouble-free establishment of a connection, to evaluate system security). The legal basis is Art. 6(1)(f) GDPR in accordance to Art. 32 GDPR. No personal processing of these data takes place.
In order to answer your questions, process your requests or provide you with support, it is necessary to ask you for your personal data (contact information, date of birth and, if applicable, your HFG-file reference). The data you enter when using the contact forms will be used and stored only to answer your questions, process your requests, or support you. The legal basis is Art. 6(1)(f) GDPR. If contact is established for the purposes of potentially concluding a contract, an additional legal basis is Art. 6(1)(b).
It is up to you to decide to what extent you use our website and forms and provide your data.
You may revoke any consent you have given to data processing at any time with future effect, in which case we will refrain from processing the data in the future, unless a statutory authority or obligation exists to process data.
2. Transmission of data
We only pass on your personal data from the use of our email contact or contact form to other companies of the HFG Group or other third parties (recipients) if the requirements of Art. 6(1)(a-c), Art. 28 GDPR are fulfilled. There will be no transmission for purposes other than those mentioned above.
3. Cookies
We currently do not use cookies on our website.
4. Privacy Policy for the use of Google Web Fonts
We use Google Web Fonts on our website. Fonts are loaded from Google servers that are used to improve the appearance of the website. The data processing is carried out on the basis of a balance of interests, whereby our interest consists in an appealing design for our website.
The fonts in question are loaded from Google servers (Google Ireland Limited), which are usually located in the european union (EU). It can not be ruled out, that Google Ireland Limited transmits personal data to her parent company in the US. In those cases the transmission is carried out, according to Google, on the basis of the EU standard contractual clauses, that shall guarantee an appropriate data protection level.
Learn more about Google's privacy policy
5. Information on the use of social networks (Instagram, Twitter, LinkedIn, XING)
We maintain company profiles and/or accounts on various social networks. For the purposes of data protection law, the providers of the social networks are primarily responsible for data processing in these social networks.
Insofar as there is a joint responsibility within the meaning of Art. 26 GDPR, we ensure that a corresponding agreement is made.
The main content of the agreement will then be made available by the social networks themselves on their website.
At present, the only such agreement is for LinkedIn, which you can access here.
Our data privacy statement also applies.
6. Rights of affected persons
If the legal requirements are met, you have the following rights under Articles 15 to 22 GDPR: the right to information (Article 15 GDPR), rectification (Article 16 GDPR), deletion (Article 17 GDPR), restriction of processing (Article 18), and portability (Article 20 GDPR).
You have a right to object to the processing of your personal data as part of the stipulations of Art. 21(1) and 21(2) GDPR.
In accordance with Article 77 GDPR, you have the right to complain to the competent supervisory authority if you believe that the processing of your personal data is not lawful.
7. Safety information
HFG has taken all necessary technical and organisational security measures to protect your personal data from loss and misuse. Your data is stored in a secure operating environment that is not accessible to the public. In accordance with this privacy policy, access to your information is only possible for specially authorised persons.
Our information system is a secure area. A firewall is installed to prevent access from other networks connected to the internet. Only employees who need the information for performing a specific task receive access to personal data. Our employees are trained in security and data protection practices.
Your personal data is encrypted during transmission using transport layer security (TLS) technology. This means that communication is performed using a recognised encryption method if your browser supports TLS.
We would like to point out that the confidentiality of the transmitted information is not guaranteed when communicating over email. The content of emails can be intercepted by third parties.
8. Questions regarding data protection
For questions regarding data protection, please contact us at privacy-policy[at]hfg.de or by post at the address given in the site notice.
Our Data Protection Officer is:Wodianka privacy legal GmbH
RA Dr. Volker Wodianka, LL.M. (IT&T)
Dockenhudener Straße 12a
22587 Hamburg
E-Mail: volker.wodianka[at]privacy-legal.de
Updated: Januar 2021