Privacy Statement Debtors/Debtors Portal My EOS Contentia

EOS Contentia Belgium NV/SA with registered seat at FUTUR X CENTER, Boulevard Industriel 54 K 7700, Mouscron,BELGIUM, Company number/VAT BE 0454.609.009, M.A.E. – 206729 (hereinafter referred to as “EOS Contentia”), is the controller of your Personal Data.  You can reach us via telephone on: +32 56 39 17 11. Our Managing Director is Mrs. Martine T'Jampens.

You are advised to read EOS CONTENTIA BELGIUM SA/NV's Cookie Statement to understand how EOS CONTENTIA BELGIUM SA/NV will via Cookies collect, transfer, disclose, process, and use your Personal Data when using the EOS Contentia website.

EOS Contentia’s Cookie Statement can be found here https://be.eos-solutions.com/en/cookie-statement-contentia . This Cookie Statement complements the Data Protection Statement.

EOS Contentia respects the protection of Personal Data, individual privacy and values the confidence of its customers, debtors, employees, suppliers, contractors, business partners, and the general public.

That is why EOS Contentia strives to collect, use and disclose Personal Data in a manner consistent with the laws of the countries in which it does business.  In particular, we want to protect the data of our customers, debtors, personnel, subcontractors and suppliers, among others, against loss, leaks, errors, unauthorized access or unlawful processing.

We want to inform you about the collection and processing of your Personal Data by means of this Data Protection Statement.

This Data Protection Statement addresses information we collect from debtors for the performance of our debt recovery services. It explains what Personal Data we collect from you and how we use it. EOS Contentia’s Corporate Data Protection Statement can be found here https://be.eos-solutions.com/en/privacy-statement-contentia. This Corporate data Protection Statement complements this Data Protection Statement for debtors.

We ask that you read this Data Protection Statement carefully, as it contains essential information about how your Personal Data are processed and for what purpose. You are not obliged to disclose your Personal Data, but you understand that the provision of certain services, debtors or customer support or other assistance becomes impossible if you do not consent to its collection and processing.

We kindly point out to you that you are responsible for all Personal Data you provide to us and that we rely on its accuracy. If your Personal Data is no longer up to date, please inform us immediately.

This Data Protection Statement was prepared in implementation of the General Data Protection Regulation (""GDPR") more specifically Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data, entered into force from 25/05/2018 as well as the Belgian Personal Data Protection Act (the Act on the Protection of Individuals with regard to the Processing of Personal Data of 30 July 2018).EOS Contentia is committed to being compliant to the EU General Data Protection Regulation and the local data protection legislation in Belgium. For more information about the applicable laws regarding data protection, please consult: https://www.dataprotectionauthority.be/citizen

The management of EOS Contentia recognizes the importance of identifying and protecting the information assets of the organization, avoiding destruction, improper disclosure, improper modification or unauthorized use of any information relating to its customers, debtors, employees, pricing, strategy, management, or other related concepts.

EOS Contentia is therefore committed to developing, implement, maintain and continually improve its information security management system in order to ensure the confidentiality, availability and integrity of Personal Data and information in general.

Error or vulnerability report

Despite the care we take to secure our systems, errors or vulnerabilities may happen. In case you see an error or a vulnerability, please inform us thereof so that we can remediate. You can report a security issue to our data protection officer: privacy@eos-contentia.be

Cookies

Cookie controls are described in our Cookie Statement https://be.eos-solutions.com/en/cookie-statement-contentia .

Definitions:

• Customer/Partner: the companies that either entrust EOS Contentia with a service contract for debt collection or sell a debt portfolio to EOS Contentia.
• Debtor: the debtor of the debt, either to the Customer/Partner in the case of a debt collection service contract or to EOS Contentia in the case of a debt transfer or a consumer credit transfer.
• Commercial guarantee beneficiary: a person being entitled to a commercial guarantee under commercial sale/purchase agreements of goods.

A debt collection company can recover debts according to 2 scenarios:

1° as a service provider for creditors

Our customers or partners, the creditors, entrust the recovery of their outstanding claims against debtors (debtors) to our company. Our firm offers debtors the possibility of paying their debts by means of an amicable settlement, without any legal proceedings. If the debtor fails to do so, legal proceedings can still be initiated for the recovery of the debt.

2° as principal or assignee in the context of a contract, in particular for the management and collection of debts (including consumer credit debts) when EOS Contentia has taken over a portfolio of debts from a creditor.

The processing of debtors' Personal Data is carried out based on:

• • If recovery is amicable: the activity of debt recovery as permitted and regulated by the law of 20 December 2002 on the amicable recovery of consumer debts;
  • If recovery does not take place amicably (for example based on a judgment, a court order or a notarial deed): EOS Contentia's legitimate interest in recovering the debt entrusted to it by the creditor or sold to it by the creditor. The creditor has a legitimate interest in recovering the debt from the debtor. It respects the interests of both parties.
  • Reporting and analysis:
    • Performance of contractual obligation towards creditor
    • the justified importance of EOS Contentia in optimizing recovery procedures and evaluating the outstanding debt(s) in the context of a debt transfer.
  • • Audit and control:
      • By the customer: performance of a contractual obligation towards the creditor;
      • By public authorities: legal obligation

• • For all other processing operations: the justified interest of EOS Contentia, which consists of
    • improve recovery procedures,
    • increase the security of offices and systems,
    • organizing debt recovery faster, more efficiently and more cheaply
    • monitoring and processing of the optimal functioning and security of all software and IT systems.

3° as principal or assignee in the context of a commercial sale/purchase contract taken over by EOS Contentia under which the purchaser is entitled to a commercial warranty on the purchased goods which is still active.

The processing of beneficiary' Personal Data is carried out based on:

• • Performance of a contractual obligation: based on the sale/purchase contract acquired by EOS Contentia and the commercial warranty provisions in such contract;
  • For all other processing operations: the justified interest of EOS Contentia, which consists of
    • improve warranty management procedures,
    • increase the security of offices and systems,
    • organizing warranty management faster, more efficiently and more cheaply
    • monitoring and processing of the optimal functioning and security of all software and IT systems.

EOS Contentia processes the following Personal Data of debtors provided and transferred by the creditor in the context of a service contract for debt collection or a transfer of a debt portfolio:

• Your identity and contact details (name, title, address, e-mail address, telephone and mobile number);
• Date of birth, age
• Gender
• Bank account number and bank information
• Information on outstanding debts, contracts, payments made and not made, correspondence conducted with the debtor
• Additional information provided directly by the debtor to our services, to the extent relevant for the recovery procedure (for evaluation and considered handling of your file: reasons for non-payment based on information provided by you, such as individual or family circumstances, work related circumstances...).
• Financial information for risk analysis: payment history, information on your debts, income, solvency, visit reports

For debtors of consumer credits which are not yet fully reimbursed we may also process:

• Identification and Contact details (full name, address, telephone number, e-mail address…)
• National number (for the recovery of consumer and mortgage credits): registrations with the Central Individual Credit Register (CCR).
• Financial data related to credit file
• Debt and outstanding debt
• Transaction data, payment history, payment behavior
• Bank account number and bank information
• Information on the civil status (married, divorced), the family situation
• Credit contract
• AML information, PEP status, AML scoring
• Information about the debtor being under guardianship

For debtors of unpaid purchases under a sale/purchase agreement transferred to EOS Contentia and for beneficiaries of a commercial warranty under a sale/purchase agreement of goods, we may also process:

• Purchase contract
• Invoices and outstanding invoices
• Debt and outstanding debt
• Transaction data, payment history, payment behavior
• Bank account number and bank information
• Warranty information and status of warranty to be provided

We kindly remind you that you are responsible for all data you provide to us and that we rely on its accuracy. If your data is no longer up to date, please inform us immediately. If you fail to do so (e.g. do not update your contact details (such as a new address, email or telephone number)), we will request these details from third parties or the public services authorised to provide them.

EOS Contentia is thus able to process new data relating to debtors through the contacts it has with them (correspondence, telephone, text messages, chat, personal conversations, etc.). You are not obliged to provide any additional Personal Data, but you understand that solving your debt file becomes more difficult or even impossible if you do not consent to its collection and processing.

In principle we prefer not to process special categories of Personal Data (data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of data concerning your health). You are free to decide whether to provide us with personal information relating to your health, disability and/or private life when this affects your ability to pay your debts. Based on this information, we may, if necessary, tailor the collection to your situation and take this into account for a repayment plan. In this case, this information will only be used for the duration of the assessment of your personal situation or until you no longer authorize us to process it or for as long as it is necessary for filing, exercising, or defending legal files.

We collect Personal Data in variety of ways directly from you:

• When you communicate your Personal Data verbally or in writing to us;
• When you visit our website;
• When you use our chatbot/voicebot;
• When you create a debtors account and use this service, directly or indirectly;
• When you contact us via a webform;
• When you contact us via e-mail, chat(bot), social media or telephone;
• When you are in contact with third party services providers such as call centers or bailiffs appointed by us;

We collect thus Personal Data both when you give it to us verbally, when you send us documents and when you do it digitally, as well as when we look for it through public channels (such as the Belgian Official Gazette, Crossroads Bank for Enterprises, National Bank, etc.) and professional social media (such as Linkedin).

EOS Contentia may also collect other information through your interaction with us and non-EOS Contentia websites, which do not reveal your specific identity or do not directly relate to an individual. Other information may include, but is not limited to, browser and device information, data collected through automated electronic interactions, application usage data, demographic information, geographic or geo-location information, statistical and aggregated information.

Statistical or aggregated information does not directly identify a specific person, but it may be derived from Personal Data.

We process your Personal Data in different ways and for various purposes. When processing them, only Personal Data are processed which are necessary for the intended purposes. The purposes for which we process data may vary depending on the person from whom and about whom we process Personal Data. 

• • Debt recovery management
    • Processing of debtors' data and outstanding debts
    • Execution of recovery activities
    • Contacts via correspondence, telephone, sms, chat
    • Contacts via the debtor’s portal (online My Eos Contentia)
  • Recovery activities
    • Formatting, printing and sending letters to debtors.
    • Organizing and carrying out home visits to debtors to provide explanations and conduct negotiations to speed up and facilitate recovery.
  • Warranty management
    • Receive and analyze your warranty request under a sale/purchase agreement for goods.
    • Direct you to the manufacturer of the goods to obtain execution of the warranty.
    • Follow up on your warranty request and give feedback.
    • Give information about the rights under the warranty.
  • Opening of court case
    • Involving a lawyer for recovery if this will have to be done by court order. In this case, a lawyer will have access to the complete debtor file.
  • Cross-border/international files
    • Processing debtors' data and outstanding debts.
    • Execution of recovery activities.
    • Involving a foreign debt collection company for collection. In this case, this collection company will have access to the complete debtor file.
  • Information to the creditor
    • Reporting on the status and progress of debt recovery for each debtor.
  • Preservation, storage, and processing via special software
    • The management of debtor’s files is done in specific management software (application, database and backups).
  • Business analytics
    • The use of the debtor database for analysis, reporting, statistics and forecasts whose output is anonymous.
    • The use of the debtor database for internal reporting and management as well as for reporting to creditors, based on a contractual reporting obligation.
  • Audit and control
    • Legal obligation to communicate debtors' Personal Data for the purposes of public control (accounting, tax, legislation on the prevention, monitoring and detection of fraud, money laundering and other criminal activities).
  • Deletion and destruction of Personal Data after the retention period applicable to the specific processing.
  • Transmission to the Central Individual Credit Register
    • For bank or credit claims, Personal Data are processed within the framework of our statutory obligation to notify the Central Individual Credit Register based on the Royal Decree of 23 March 2017 regulating the Central Individual Credit Register.
  • Improving our debt recovery procedures
    • search activities in the debtor database.
    • evaluations concerning payment behavior.
    • recording and analysis of recorded telephone calls from our agents to accounts receivable for coaching and training purposes.
  • Development of our debt collection activities
    • The de-identification of debtor’s data in order to develop activities.
  • Securing our debt collection activities
    • Use of debtors' Personal Data to secure them and to develop and adapt appropriate tests of our IT system.
  • IT management
    • storage, backup, deletion of data, ...

We confirm that the processing of Personal Data does not include profiling and that you are not subject to fully automated decisions.

When you contact EOS Contentia by telephone, this telephone call may be recorded. We record these telephone calls for educational, quality and security reasons. Only a limited number of employees in the customer service department have access to the recordings. Telephone recordings are automatically deleted after 30 days.

EOS Contentia may pass on Personal Data of debtors to:

• For the debt collection itself
  • the creditor
  • collection staff
  • courts
  • bailiffs
  • lawyers
  • social assistant/public center for social welfare (OCWM/CPAS) (in the case of collective debt settlement)
  • other service providers involved in the debt recovery process
  • to third party service providers offering supporting services in debt recovery, credit recovery or warranty management such as service providers or bailiffs
• IT systems
  • IT service providers for hosting and back up
  • IT service providers for development, maintenance, and updates of IT systems
• foreign debt collection companies or debt collection services
• EOS Contentia group companies (within the European Economic Area)
• For audits and controls
  • the creditor
  • the competent authority
• Judicial authorities
  • for judicial debt recovery
  • combating fraud
  • declaration of offences
  • legal obligation
• Central Office for Credits to Private Individuals

statutory notification obligation to the Central Individual Credit Register on the basis of the Royal Decree of 23 March 2017

Personal Data collected by EOS Contentia may be stored and processed in the European Union  (specifically in Belgium, France and Germany) or in any other country where EOS Contentia or its affiliates, subsidiaries, outsourcing partners or service providers maintain facilities. We take steps to ensure that the data we collect under this Data Protection Statement is processed according to the provisions of this statement and the requirements of applicable law wherever the data is located. In the context of international debt recovery, processing may be carried out by debt recovery service providers outside the European Economic Area (EEA).When we transfer Personal Data from the European Economic Area to other countries, we use a variety of legal mechanisms, including contracts (EU Standard Contractual Clauses), to help ensure your rights and protections travel with your Personal Data.

We will retain your Personal Data:

• as long as they are necessary for the legitimate purpose for which they were obtained,

for instance to ensure good recovery practices or to defend ourselves against legal claims.

• as long as this is necessary within the framework of a legal obligation to keep your Personal Data for a certain period of time in order to prevent fraud and to detect and prove anti-money laundering practices, and for financial audits.

All the debtor's Personal Data shall be retained for a maximum of ten years from the end of the year in which one of the following events occurs:

• the cancellation of the debt; or
• end of the recovery file (by payment of the debt or end of the recovery mandate). This period corresponds to the limitation period under general law (Article 2262bis of the Civil Code) as well as anti-money laundering legislation.

For statistical, analytical, and business intelligence purposes, we will only retain anonymised or pseudonymised data after this retention period.

We take steps to ensure that the Personal Data we collect under this Data Protection Statement is processed in accordance with the provisions of this Data Protection Statement and the requirements of applicable law wherever the Personal Data is located. We take appropriate technical and organisational security measures to protect your Personal Data against accidental or deliberate manipulation, partial or complete loss, destruction, or access by unauthorised third parties. Our security measures are constantly being improved in line with technological developments.We take the necessary technical and organisational measures to process your Personal Data with an adequate level of security and to protect them against destruction, loss, falsification, alteration, unauthorised access or accidental disclosure to third parties, as well as any other unauthorised processing of these Personal Data.

The be.eos-solutions.com website uses SSL (secure socket layer) in combination with the highest level of encryption supported by your browser. This is generally 256-bit encryption. If your browser does not support 256-bit encryption, 128-bit v3 technology will take its place. You will see that an individual web page on the Internet is transmitted encrypted by the closed key or padlock icon in the lower status bar of your browser.

EOS Contentia is committed to protecting the security of your Personal Data. We use a variety of security technologies and procedures to protect your personal information from unauthorised access, use or disclosure.

EOS Contentia is also committed to reducing the risks of human error, theft, fraud, and misuse of EOS Contentia facilities. EOS Contentia's efforts include making staff aware of security policies and training them to implement them. EOS Contentia employees are required to maintain data confidentiality. Employee obligations include written confidentiality agreements, regular training on information protection and compliance with company policies regarding the protection of confidential information.

EOS Contentia quickly evaluates and responds to incidents that cause suspicion of unauthorized processing of Personal Data. If EOS Contentia determines that your Personal Data has been misused (including by an EOS Contentia employee) or otherwise wrongfully obtained by a third party, EOS Contentia will immediately report such misuse or data breach to you.

EOS Contentia will conduct compliance audits on an annual basis. Any employee caught by EOS Contentia not complying with the data protection policy is in violation of the Data Protection Statement and will be subject to disciplinary action up to and including termination of employment. Any third party who violates this Data Protection Statement will be required by all agreements with EOS Contentia to indemnify and hold EOS Contentia harmless for claims relating to such violations.

We take the necessary technical and organizational measures to process your Personal Data to an adequate level of security and to protect them against destruction, loss, falsification, alteration, unauthorized access, or accidental notification to third parties, as well as any other unauthorized processing of these data.

Under no circumstances shall however EOS Contentia be held liable for any direct or indirect damage resulting from the incorrect or unlawful use of Personal Data by a third party.

In accordance with and subject to the conditions of the General Data Protection Regulation Implementation Act and the provisions of the General Data Protection Regulation, we inform you that you have the following rights:

• Right of access and inspection: you have the right to inspect, free of charge, the data that we hold about you and to check what it is used for.
• Right of rectification: you have the right to obtain rectification (correction) of your incorrect Personal Data, as well as to complete incomplete Personal Data.
• Right of deletion or limitation: you have the right to request us to delete or limit the processing of your Personal Data in the circumstances and under the conditions laid down by the General Data Protection Regulation. We may refuse the deletion or restriction of any Personal Data which is necessary for us to fulfil a legal obligation, the performance of the contract or our legitimate interest, and this for as long as these data are necessary for the purposes for which they were collected.
• Right to transferability of data: You have the right to obtain the Personal Data you have provided to us in a structured, common and machine-readable form. You have the right to transfer this data to another data controller.
• Right of objection: you have the right to object to the processing of your Personal Data for serious and legitimate reasons. Please note, however, that you cannot object to the processing of Personal Data which is necessary for us to fulfil a legal obligation, the performance of the contract or our legitimate interest, and this for as long as these data are necessary for the purposes for which they were collected.
• Right of withdrawal of consent: If the processing of Personal Data is based on prior consent, you have the right to revoke this consent. This Personal Data will then only be processed if we have another legal basis for doing so.
• Automatic decisions and profiling: You may object to profiling and fully automated decisions.

You can exercise the rights by contacting EOS Contentia via privacy@eos-contentia.be

If you have a privacy concern or a question for the Data Protection Officer of EOS Contentia, please contact us by using the following E-mail: privacy@eos-contentia.be. We will respond to questions or concerns within 30 days:

We make every effort to handle your Personal Data in a careful and legitimate manner in accordance with the applicable regulations. Nevertheless, if you believe that your rights have been violated and if you do not find an answer to your concerns within our company, you are free to lodge a complaint with the Belgian Data Protection Authority:

Data Protection Authority

Drukpersstraat 35, 1000 Brussel

Tel +32 (0)2 274 48 00

Fax +32 (0)2 274 48 35

email: contact@apd-gba.be

https://www.dataprotectionauthority.be/citizen

You may additionally address a court if you believe that you would suffer damage because of the processing of your Personal Data.

You can contact the EOS Contentia at any time if you have any queries or if you are in need of help (see the “Legal Information” panel on the EOS Contentia website). To improve our services, telephone conversations may be recorded or monitored by another member of the team.

We will do everything possible to resolve the problem as soon as possible.

We will update this Data Protection Statement when necessary to reflect customer feedback and changes in our services. When we post changes to this Data Protection Statement, we will revise the “last updated” date at the top of the Data Protection Statement. If there are material changes to the Data Protection Statement or in how EOS Contentia will use your Personal Data, we will notify you either by prominently posting a notice of such changes before they take effect or by directly sending you a notification. We encourage you to periodically review this Data Protection Statement to learn how EOS Contentia is protecting your information.