Privacy policy

Basis and Purpose of Processing Personal Data

The processing of personal data at Kredinor Oy in connection with carrying out assignments is based on the agreement between the customer and Kredinor Oy. We process customer register information for the purpose of managing, maintaining, developing the customer relationship and for customer communication. Data may also be processed to comply with anti‑money laundering or other statutory obligations. The customer has the right to refuse marketing communications at any time.

In activities related to invoicing and debt collection, the processing of personal data at Kredinor Oy is always based on law. Processing personal data may be necessary for fulfilling the agreement between our customer and their contractual partner (the subject of collection), for complying with our statutory obligations, or for pursuing the legitimate interests of our contractual partner and/or ourselves, as well as for presenting possible legal claims. Kredinor Oy may also have purchased the registered person’s debt from their contractual partner, in which case Kredinor Oy becomes the contractual partner of the data subject. The collection of such receivables is based on fulfilling the agreement between the data subject and Kredinor Oy.

We process data of potential customers for informing and marketing our operations, based on our legitimate interest. We process data of visitors on our website based on our legitimate interest to ensure site functionality and to develop the website.

We process job applicants’ data for recruitment decisions, based on our legitimate interest. The legitimate interest arises from the need to process personal data for recruitment purposes and for preparing an employment contract.

We do not use personal data for automated decision‑making.

Processed Personal Data

We process only personal data necessary for the purposes described above.

For our customers, we process the following information: the name, personal identity number, job title and contact details of the customer’s representative, such as name, address, phone number and email address. We may require copies of the customer representatives’ passports to comply with statutory obligations related to anti‑money laundering.

For persons who are the subject of debt collection, we process their personal identity number, bank account numbers and contact details such as name, address, phone number and email address, as well as possibly information about assets, debts, payment history and credit rating. We may also process other personal data related to debt collection assignments, such as information concerning guardianship and the personal data of authorised representatives.

For job applicants, we process the following information: name, address, email address, phone number, employment history, education, skills, language proficiency, any necessary official statements, references, and credit information.

For both customers and potential customers, we process recorded phone calls, participant information for events and meetings, and any consents or prohibitions.

Regular Sources of Information

We primarily receive personal data of individuals subject to debt collection from our contractual partners (clients), from the individuals themselves, from credit information companies, public registers, and authorities.

We primarily obtain job applicant data from the applicant themselves. Credit information is checked from a service provider with the applicant’s consent.

We obtain information about our contractual partners from clients and service providers such as Fonecta. We obtain data about our customers and potential customers when they participate in marketing events or competitions, contact us, or through other communication. We also obtain personal data from visits to our website and through third‑party web tracking tools.

Disclosure and Transfer of Personal Data

We disclose personal data to service providers assisting us, such as providers of mailing, telephone and messaging services, legal services, and to clients based on cooperation agreements. As a rule, we do not disclose personal data to other third parties. We disclose information when required by law or an authority. We assess the legality of each disclosure on a case‑by‑case basis.

Our service providers process personal data appropriately on our behalf and in accordance with our mutual agreements.

As a rule, personal data is not transferred outside the EU or the EEA. However, service providers offering tools for our website may be located outside the EU or EEA, such as Google Analytics. An adequate level of data protection is ensured by applying safeguards required by data protection regulations.

Protection of Personal Data

The confidentiality of data is of primary importance to us. We protect personal data using technical and organisational safeguards. Access to our systems is restricted through role‑based permissions. All users have personal usernames and passwords. Persons processing personal data are bound by confidentiality obligations.

Retention Period of Personal Data

Personal data is retained for as long as necessary to fulfil the purposes defined in this notice and to comply with statutory obligations.

Rights of the Data Subject

The data subject has the right to know what personal data we process about them and how it is processed, to have inaccurate or incorrect data rectified, or to receive confirmation that we do not process their data. In certain cases, the data subject has the right to be forgotten, the right to restrict processing, or to object to the processing of personal data. If a data subject presents any of these requests, we examine the request and always act in accordance with legal requirements while safeguarding the data subject’s rights.

Under certain conditions, the data subject has the right to transfer personal data they have provided to another controller, as well as the right to object to or restrict processing.

The data subject has the right to lodge a complaint with a supervisory authority if they believe their personal data has been processed unlawfully. In Finland, the competent authority is the Office of the Data Protection Ombudsman.

The data subject may exercise their rights by contacting us in writing with sufficient detail to fulfil the request and verify their identity.

Automated Decision-Making or Profiling

We may use automated decision‑making and profiling to determine the most appropriate collection action from the customer’s perspective. The purpose of automated decision‑making and profiling is also to ensure efficient and timely handling of matters. For example, we may assess the customer’s payment ability and aim to identify situations where legal collection would not be appropriate. The goal of automated decision‑making is to avoid actions that would result in unnecessary costs for the customer.

In our view, automated processing does not cause significant consequences for the customer and does not affect the customer’s rights.

For more information about processing personal data, contact: tietosuoja@kredinor.fi

Privacy policy updated 12/2022