For consumers: Information under EU GDPR

1. Name and contact details of the data controller and the relevant Data Protection Officer

The entity with responsibility under the EU GDPR article 4 (7) is Creditreform Boniversum GmbH, Hellersbergstrasse 11, 41460 Neuss, Germany, phone: +49 (0)2131 109 501. You can contact our Data Protection Officer at the above address or by email, at datenschutz(at)boniversum.de.

2. Data processing by Creditreform Boniversum GmbH

Purposes of data processing and legitimate interests pursued by Creditreform Boniversum GmbH or a third party.

Creditreform Boniversum GmbH is a consumer credit agency. It runs a database storing credit information about private individuals. The database of Creditreform Boniversum stores primarily names, addresses, dates of birth, email addresses (if applicable), payment histories and ownership structures. The purpose of processing data stored in this way is to provide information about individuals on whom creditworthiness information is requested. The legal basis for such processing is EU GDPR article 6 (1f).

Under this provision, information about such data may only be provided if a client can prove convincingly that he or she has a legitimate interest in obtaining the information. If data are sent to non-EU countries, this is done on the basis of so-called “standard contractual clauses”, which you can view under the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32001D0497&from=en You can also request this information to be sent to you.

Legal basis for data processing

Creditreform Boniversum GmbH processes personal data on the basis of the General Data Protection Regulation. Processing takes place on the basis of consent and also GDPR article 6 (1f), in cases where processing is required in order to safeguard the legitimate interests of the data controller or a third party, provided that those interests are not overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of those data. Consent may be revoked towards the relevant contractual party at any time. This also applies to consent given before GDPR entered into force.

Revocation of consent does not impact the legitimacy of data processing prior to revocation. The following are examples of legitimate interests within the meaning of the EU GDPR article 6 (1f): loan decisions, initiation of business, ownership structures, receivables, creditworthiness checks, insurance agreements, enforcement information.

Origin of data

Creditreform Boniversum GmbH runs a database storing credit information about private individuals.

On this basis, Creditreform Boniversum provides its clients with information on the creditworthiness of their customers. Clients include, for instance, banks, leasing companies, insurance companies, telecommunications companies, receivables management companies, as well as shipping, wholesale and retail companies and other companies supplying goods and services. Data stored about you by Creditreform Boniversum come from publicly accessible sources as well as from debt collection companies and their clients.

Categories of personal data undergoing processing

The database of Creditreform Boniversum stores primarily names, addresses, dates of birth, email addresses (if applicable), payment histories and ownership structures.

Categories of recipients of personal data

Recipients are exclusively contractual partners of Creditreform Boniversum GmbH. They are largely mail-order or e-commerce companies, telecommunications and insurance companies, energy utilities and service companies as well as banks and financial service providers. Other recipients are billing agencies and solicitors.

Duration of data retention

Data are stored for as long as knowledge of those data is required to realise the purpose of storage. Such knowledge is usually required for an initial storage period of three years. After the expiry of this period, a review is conducted whether storage continues to be necessary; otherwise the data are deleted on the precise expiry date.

If the facts of a matter cease to be relevant, the data are erased on the precise date three years after cessation.

Entries in the debtors’ list are deleted on the precise date three years after an official order for entry was presented, in compliance with the German Code of Civil Procedure (ZPO), section 882e.

Further details can be obtained from the German association of credit reference agencies, Die Wirtschaftsauskunfteien e.V., which has published “Rules of Conduct Concerning Verification and Erasure Periods of Personal Data for German Credit Reference Agencies”.

3. Rights of data subjects and right to object

You have a right to obtain information about the data stored by Creditreform Boniversum GmbH about yourself as a person. If those data are incorrect, you are entitled to rectification or erasure. If it is not possible to determine immediately whether the data are correct or incorrect, you are entitled to the blocking of the relevant data until your entitlement has been clarified. If your data are incomplete, you can demand their completion.

If you have given your consent for the processing of data stored by Creditreform Boniversum, you may revoke this consent at any time. Revocation will not impact the legitimacy of any processing of your data that may have taken place on the basis of your consent prior to revocation.

If you have any objections, requests or complaints concerning data protection, you may contact the Data Protection Officer of Creditreform Boniversum at any time. He or she will assist speedily and confidentially on all issues of data protection. You can of course also lodge a complaint about Boniversum’s data processing with the State Data Protection Officer (Landesbeauftragte für Datenschutz) of the German federal state that is relevant to you.

The processing of data stored by Creditreform Boniversum takes place on compelling legitimate grounds for the protection of creditors and loans, where processing regularly overrides their interests, rights and freedoms or where it serves the establishment, exercise or defence of legal claims. You can only object to Creditreform Boniversum about the processing of your data if you have grounds relating to your particular situation and if you can substantiate those reasons. If such special reasons are verifiably available, your data will cease to be processed there.

If you have any queries, please contact our Consumer Service, phone: +49 (0)2131 – 36845560, email: selbstauskunft(at)boniversum.de. You can also informally contact the same entity to lodge an objection to data processing on grounds relating to your particular situation as a data subject (EU GDPR article 21 (1)).

4. Profiling/scoring

To determine your creditworthiness, Creditreform Boniversum assigns a score to your data. The data underlying this score include your age, gender, address details and some of your payment experience data. The various data form part of the score calculations with different weights. Creditreform Boniversum clients use such scores to help them reach decisions about granting loans.

Your contact persons

Your contact point within our company is the

Boniversum Consumer Service
Phone: +49(0)2131 36845560,
Fax: +49(0)2131 36845570
Email: selbstauskunft(at)boniversum.de

Our Data Protection Officer has the following contact details:

Creditreform Boniversum GmbH
Data Protection Officer
Hellersbergstr. 11
41460 Neuss
Email: datenschutz(at)boniversum.de

Boniversum - EU-DSGVO - BDSG neu

New German Data Protection Act (BDSG neu) section 31

Click here to read the wording of the new German Federal Data Protection Act (BDSG), section 31, regulating the “protection of commerce in customer scoring and credit checks”.

Wording of BDSG (new), section 31