WHO IS THE CONTROLLER?
In accordance with current legislation, the interested party is informed that the data provided will be processed by "HOIST FINANCE SPAIN, S.L.", hereinafter Hoist Finance, whose contact details are as follows:
- NIF: B87547659
- Registered address: Avda. Manoteras, 44, 1º. 28050. Madrid,
- E-mail of the Data Protection Delegate: email@example.com
HOIST FINANCE SPAIN, S.L. is part of the Group of companies Hoist Finance AB (publ).
FOR WHAT PURPOSE WILL YOUR PERSONAL DATA BE PROCESSED AND FOR HOW LONG?
- When users provide their data directly through Hoist Finance's means, which are linked to their credit, their data will be processed for the purpose of managing the request, as well as monitoring the user's credit recovery. To this end, your personal data will be kept for the time necessary to manage the recovery and for a period of 10 years from the last payment due.
- When users provide their personal data through the form relating to direct payment, their data will be processed for the purpose of managing the collection of the user's debt. To this end, your data will be kept for a period of 10 years from the last payment due.
- When the user's data is provided by a third party, being the same, the previous creditor of his debt, as a consequence of the acquisition of his overdue credit, his data will be treated for the management of the debt collection, including all the actions related to the pursuit of the collection of the same. To this end, your data will be kept for the time necessary to manage the recovery and for a period of 10 years from the last payment due.
WHAT IS THE LEGITIMACY OF THE DATA PROCESSING?
In cases where the user's data is provided through the website's contact form, their data will be processed on the basis of their consent, which they may withdraw at any time. However, if you withdraw your consent, this will not affect the lawfulness of the processing carried out previously.
For all other cases, your data will be processed on the basis of the execution of the contract between Hoist Finance and the users on whom the credits were acquired.
WHAT ARE THE CATEGORIES OF PERSONAL DATA THAT WILL BE PROCESSED?
Hoist Finance may process the following categories of personal data:
- Identification data: name, surname, ID card,
- Contact details: telephone number, postal address, e-mail address.
- Data on personal and social characteristics: date of birth, sex, nationality.
- Economic and banking data: bank account, bank card number, tax data, economic situation, etc.
- Claim data: Balance, characteristics of the collection, qualifications, settlements.
As well as any other personal data that users provide to Hoist Finance through the established communication channels.
COMPLIANCE WITH LAWS AND REGULATIONS
Hoist Finance complies with the obligations imposed by the applicable regulations, including sectoral recommendations, laws and regulations of third countries that may be affected in order to comply with the purposes set out above, for the prevention of money laundering, financing of terrorism and other financial crimes, and
Therefore, Hoist Finance may process your personal data that are necessary for the management of the recovery of the credit of the users, being able to check the lists of sanctions, credit executions, and to answer the requests coming from public and governmental authorities, such as supervisory bodies, fiscal authorities and investigation agencies, including public and governmental authorities of a country different from your country of residence
Hoist Finance has implemented the necessary technical and organisational measures to guarantee the security of your data and to avoid its alteration, loss, treatment or unauthorised access, taking into account the state of technology, the nature of the data stored and the risks to which it is exposed.
WHO ARE THE RECIPIENTS OF THE DATA OF THE PERSON CONCERNED?
Your personal data may be communicated to the following entities:
- To entities within the Hoist Finance AB Group (publ).
- In accordance with article 28 of the RPGD, to providers of Hoist Finance necessary for the proper fulfilment of legal obligations and/or the purposes indicated above, relating to data hosting services, web development and maintenance, legal services, as well as printing.
- Banks and financial institutions for the fulfilment of the execution of the relationship between you and Hoist Finance.
- When you make a payment through
Hoist Finance will make every effort to ensure that all third parties comply with applicable data protection legislation. To the extent that personal data may be processed by third parties on behalf of Hoist Finance and on our instructions, we guarantee that technical, organisational and contractual measures have been taken to ensure that your personal data is processed solely for the purposes mentioned in this Privacy Statement.
By contract, transfers outside the EU/EEA to countries without a decision on adequacy by the European Commission will be based on standard data protection clauses adopted by the European Commission, a copy of which can be obtained by contacting us. Transfers to the USA may be based on the EU/EEA Privacy Shield framework or on standard data protection clauses.
WHAT RIGHTS DOES THE DATA SUBJECT HAVE?
The data subject has the right to:
- To obtain confirmation as to whether or not personal data concerning him/her is being processed at Hoist Finance.
- Access to your personal data.
- Rectify inaccurate or incomplete data.
- Request the cancellation of your data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
- To oppose or limit the processing of your personal data under the cases contemplated in current legislation
- To the portability of your data
- To revoke the consent given
Without prejudice to the above, the interested party may contact the Hoist Finance data protection delegate at the postal address, Avenida de Manoteras 44, 1st floor 28050, Madrid, or by email at firstname.lastname@example.org.
Likewise, when the interested party considers that the exercise of their rights has not been effective, they may file a complaint with the Spanish Data Protection Agency.