2. Data processing by Creditreform Boniversum GmbH
Purposes of data processing and legitimate interests pursued by Creditreform Boniversum GmbH or a third party.
Creditreform Boniversum GmbH is a consumer credit agency. It runs a database storing credit information about private individuals. The database of Creditreform Boniversum stores primarily names, addresses, dates of birth, email addresses (if applicable), payment histories and ownership structures. The purpose of processing data stored in this way is to provide information about individuals on whom creditworthiness information is requested. The legal basis for such processing is EU GDPR article 6 (1f).
Under this provision, information about such data may only be provided if a client can prove convincingly that he or she has a legitimate interest in obtaining the information. If data are sent to non-EU countries, this is done on the basis of so-called “standard contractual clauses”, which you can view under the following link: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32001D0497&from=en You can also request this information to be sent to you.
Legal basis for data processing
Creditreform Boniversum GmbH processes personal data on the basis of the General Data Protection Regulation. Processing takes place on the basis of consent and also GDPR article 6 (1f), in cases where processing is required in order to safeguard the legitimate interests of the data controller or a third party, provided that those interests are not overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of those data. Consent may be revoked towards the relevant contractual party at any time. This also applies to consent given before GDPR entered into force.
Revocation of consent does not impact the legitimacy of data processing prior to revocation. The following are examples of legitimate interests within the meaning of the EU GDPR article 6 (1f): loan decisions, initiation of business, ownership structures, receivables, creditworthiness checks, insurance agreements, enforcement information.
Origin of data
Creditreform Boniversum GmbH runs a database storing credit information about private individuals.
On this basis, Creditreform Boniversum provides its clients with information on the creditworthiness of their customers. Clients include, for instance, banks, leasing companies, insurance companies, telecommunications companies, receivables management companies, as well as shipping, wholesale and retail companies and other companies supplying goods and services. Data stored about you by Creditreform Boniversum come from publicly accessible sources as well as from debt collection companies and their clients.
Categories of personal data undergoing processing
The database of Creditreform Boniversum stores primarily names, addresses, dates of birth, email addresses (if applicable), payment histories and ownership structures.
Categories of recipients of personal data
Recipients are exclusively contractual partners of Creditreform Boniversum GmbH. They are largely mail-order or e-commerce companies, telecommunications and insurance companies, energy utilities and service companies as well as banks and financial service providers. Other recipients are billing agencies and solicitors.
Duration of data retention
Data are stored for as long as knowledge of those data is required to realise the purpose of storage. Such knowledge is usually required for an initial storage period of three years. After the expiry of this period, a review is conducted whether storage continues to be necessary; otherwise the data are deleted on the precise expiry date.
If the facts of a matter cease to be relevant, the data are erased on the precise date three years after cessation.
Entries in the debtors’ list are deleted on the precise date three years after an official order for entry was presented, in compliance with the German Code of Civil Procedure (ZPO), section 882e.
Further details can be obtained from the German association of credit reference agencies, Die Wirtschaftsauskunfteien e.V., which has published “Rules of Conduct Concerning Verification and Erasure Periods of Personal Data for German Credit Reference Agencies”.