.jpg?width=300&name=Namnl%C3%B6s%20design%20(56).jpg)
Personal data policy
For us at coeo Inkasso Sverige AB, corporate ID number 559374-0847 (from here on ”coeo”), it is important that you feel confident that we process your personal data securely and in conformity with the relevant laws and regulations.
coeo is the Personal Data Controller for processing your personal data. All our processing of your personal data is carried out in accordance with the applicable data protection legislation, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
This means that we protect your personal data using the necessary protective measures, and that you have the right to contact us at any time to find out what personal data about you we have saved. This Personal Data Policy sets out how we process, save and protect your personal data. We reserve the right to make changes to this information whenever necessary, for example when it has to be adapted to conform with new data protection rules. The current version will always be posted on our website.
What personal data do we process?
Personal data is information which, in one way or another, can be linked to you as an individual either directly or indirectly. Examples of personal data include your name, email address, telephone number, postal address and date of birth.
Personal data as a debtor
In the event that you have a debt to pay, an obligation to fulfil something or have a joint and several liability on behalf of another debtor, we process your data in the form of your forename(s), surname, Swedish civil registration number, customer number and registered address, as well as your telephone number and email address.
In addition to the above, personal data about you as a debtor will be processed if it contains information about the unpaid debt, any agreements and other circumstances which form the basis for the debt, as well as information on any part payments that have been made in the particular case. We will also process data on your financial situation, your personal circumstances and debts and information on ongoing and past distraints.
Personal data as a client, supplier, public authority/agency, customer or collaborating partner
If you are a client/customer of ours, or work at a public authority/agency, such as Kronofogden [the Swedish Enforcement Authority], a court or Skatteverket [the Swedish Tax Agency], we process data about you in the form of your forename(s), surname, telephone number, email address, job title and the name of the company or authority/agency that you work for. This also applies to you if you are a partner or a contact person at one of our customers or are a contact person with a party that we would like to have as a customer, and for contact persons with suppliers or other collaborating partners of ours.
Where personal data concerns crimes/infringements
Specifically about personal dataIn exceptional cases, it may be that data on a crime/infringement is being processed. Personal data of this type will only be processed in the event that such data is essential to establish, invoke or defend legal claims, or where we have obtained and received consent for it to be processed.
How we collect personal data
As a debtor or in the event of joint and several liability
Where your personal data relates to you as a debtor or in the event of joint and several liability, we obtain your personal data primarily from previous debt holders and in carrying out our assignment as a debt collection agency when we collect debts which you have not settled. We also collect your personal data directly from our contact with you by telephone, email or through our website. In addition, we also obtain your personal data from public registers compiled by the Swedish Enforcement Authority, courts and the Swedish Tax Agency. We make every effort to ensure that all your personal data is constantly updated and is correct at all times. Accordingly, we regularly update address information against the population register. We use an external address provider who then has limited access to part of your personal data.
Personal data as a client, supplier, public authority/agency, customer or collaborating partner
In the event that you are a client or work at a public authority/agency, we obtain your personal data primarily from the company you work for, from you yourself or from the authority/agency.
We will never process your personal data for any purpose other than that for which it was obtained.
Why we process your personal data
As a debtor
The primary purpose for which we process your personal data as a debtor is because you have a debt which is overdue for payment and which we are collecting on the instructions of a client or on our own behalf. We take collection action to obtain payment, to determine a claim, to enforce a claim or other performance. “Collection measures” means all actions which we used to achieve a settlement of an unpaid debt. Such measures include, but are not limited to, sending out debt collection demands and other types of collection letters, contacts with the debtor or the debtor's representative, the administration of payment plans and payments, contacts with public authority/agencies and other measures to establish a claim such as court action and processes relating to the enforcement of a claim. The collection of debts is judged to be information of public interest and, accordingly, we have the right to process your personal data for collection purposes.
Information on your financial status as a debtor, your personal circumstances and your distraint history is processed to enable us to judge which collection action should be taken and which demands should be sent. The data is also processed to determine whether legal action should be taken and, if so what type of action, such as an application for a payment order, initiating procedures in court or submitting an application for enforcement.
As a client, collaborating partner, contact person, customer, supplier and public authority/agency
As a client, collaborating partner, contact person, customer or supplier to us, we process your personal data based on our legitimate interest and legal obligation to the extent required to administer and process our contractual and/or commercial relationship with you or the company you represent. Examples of such processing include invoicing and accounting purposes, marketing in the event that money laundering checks are required or for the assessment of financial capacity or generally for reasons of security and economy. Where money laundering checks are being carried out, sensitive information may be processed to a certain extent. This information is processed solely to enable us to fulfil our legal obligation under money laundering legislation.
If you are acting in the capacity of representative, we process your personal data for the purpose of communicating with you in respect of matters which affect the person whom you represent and to enable the collection of a debt which the person you represent has not settled, on the basis that we are carrying out an assignment of public interest.
To a certain extent, we process personal data relating to personnel at a public authority/agency in the course of our collection operation. Alongside the collection operation, personal data of personnel of public authorities/agencies is also processed to enable us to fulfil our obligations under company law, tax law and labour law. This occurs when we communicate, for example, with employees of the Swedish Tax Agency and Bolagsverket [the Swedish Companies Registration Office].Moreover, the data is used to ensure that measures necessary, for example, for debt restructuring, dispute resolution and enforcement are taken.
In addition to the above, the data is also used for the development of our operation, including risk management, methodology development, operational planning, statistics and follow-up, as well as business development. This is done for the purpose of analysing and developing our operation based on our legitimate interest.
For how long is your personal data stored?
We weed your personal data as debtor, representative or officer of a public authority/agency as soon as the data is no longer regarded as necessary for the purpose for which it was collected. The data is never saved for longer than 36 months after the case has been concluded.
If you are a client, we process your personal data throughout the period of our business relationship and for one year thereafter. We process the personal data which emerges from a supplier agreement for 10 years after the purpose has ceased, and data collected in connection with money laundering checks is stored for 5 years unless there is reason to preserve the documents for a longer period, in which case the documents may be preserved for 10 years.
Who is permitted to access your personal data?
We will share your personal data within our Group or with one or more of our suppliers if we judge that this is necessary to enable us to carry on our operation. Before we share any data, we will have taken action to ensure that our suppliers have an obligation to process the data securely, correctly and confidentially. A supplier will never be permitted to use your data for any purpose other than that the purpose we have specified.
To enable us to achieve the purpose of the processing, your data may be shared with our IT and systems suppliers, our clients, external suppliers such as postal companies, legal consultants, authorised process servers and others to participate in the delivery of our services. In addition, your data may be shared with the Swedish Enforcement Authority, the Swedish Tax Agency and Integritetsskyddsmyndigheten [the Swedish Authority for Privacy Protection]. Your data may, for example, be shared if you have paid interest which must be reported to the Swedish Tax Agency, executive action is being taken via the Swedish Enforcement Authority or the Swedish Authority for Privacy Protection is carrying out an inspection.
If you are a debtor and move to another country, as part of the collection process on a debt, we may engage a collection agency in the country in which you currently are. In that event, personal data on the collection case will be shared with the collection agency that we engage.
How we protect your personal data
We make every effort to ensure that your personal data is processed securely, which is why we have taken appropriate security measures to protect your personal data against unauthorised access, alteration and erasure, and to ensure that processing is carried out in accordance with the applicable data protection legislation. The actions we have taken to protect your personal data include regular risk assessment, ongoing training of personnel, limiting access to personal data, generating backups, implementing firewalls and antivirus programs and encrypting our website. Coeo is very careful to ensure that the distribution of personal data internally is limited so that only those members of staff who need access to personal data for the performance of their duties have such access.
Whenever we need to transfer personal data to a party outside our operation, we ensure that we use a secure method of transfer.
In the event of hacking which could affect you or your personal data, we will provide you with the information necessary for you to mitigate the potential negative effects of the infringement.
Transfer of personal data to a third country
As a general rule, both we and our suppliers process your data only within the EU/EEA. In the event that your personal data is being processed outside the EU/EEA, we have ensured that an adequate level of protection is in place as prescribed by the European Commission, or that appropriate security measures have been taken to protect your rights in accordance with data protection legislation.
Use of cookies
We use cookies on our website. The use of cookies may involve processing personal data. For further information on the use of cookies, please see our Cookie Policy.
Your rights
As Personal Data Controller, we are responsible for ensuring that your personal data is processed in accordance with the applicable data protection legislation and that you are given the opportunity to exercise your rights. You may contact us at any time if you wish to exercise your rights under the General Data Protection Regulation.
We will then answer your questions about exercising your rights within one month of the date on which we receive your request except in exceptional circumstances. If we are unable to take the action that you have requested within one month, we will inform you of this and explain the cause of the delay.
The right to withdraw your consent
You have the right at any time to withdraw all or part of the consent you have already given. This will take effect from and including the date on which you withdrew consent. We will then cease to process that part of your personal data which is based on your consent.
The right to information and access
You have the right to request information on the personal data that we process about you, and how that data is processed. You also have the right to obtain a copy of the personal data that we process about you.
The right to rectification
You have the right to have inaccurate data rectified without undue delay or to have incomplete personal data completed.
The right to erasure and restriction
You have the right at any time to request to have your data erased if the processing is no longer relevant for the purpose for which the data was collected.
You can also request that the processing of your personal data be restricted in certain cases, such as when you consider that the data is inaccurate and you have requested rectification. In that event, you also have the right to request that the processing of your personal data be restricted during the period in which the accuracy of the data is being investigated.
The right to data portability
If you have given your consent or if we are basing the processing on a contract with you, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit that data to another Personal Data Controller when this is technically possible.
The right to object
You have the right to object to our processing of your personal data which is based on a balance of interests. If you object to the processing in such cases, we may only continue to process your personal data if it is possible to demonstrate that there is a decisive legitimate reason that the data must be processed which outweighs your interests, rights and freedoms, or if the processing is carried out to establish, exercise or defend legal claims.
The right to lodge a complaint
If you have any complaints about our processing of your personal data, you may contact our Data Protection Officer through the contact information below, and you can also lodge a complaint with the Swedish Authority for Privacy Protection. Their contact information is Integritetsskyddsmyndigheten, Box 8114, 104 20 Stockholm.
Contact information
If you want to exercise your rights or if you have a general question about how your personal data is processed by us, you are welcome to contact our Data Protection Officer through the contact information below:
Coeo Inkasso Sverige AB
Corporate ID number: 559374-0847
Postal address: Mårten Krakowgatan 2, 411 04 Göteborg
Telephone: +46 (0)10-14 68 740
Email: kontakt@coeo-inkasso.se