Data privacy

We are pleased to welcome you to the IHD Gesellschaft für Kredit- und Forderungsmanagement mbH website. As your legal service provider and as part of our credit reference agency, we give great importance to data privacy and data security. We have therefore paid special attention to the protection of personal data of all kinds. We would like to take this opportunity to explain a few basic terms of the GDPR in force since 25.05.2018 and to inform you in detail about the type, scope and purposes of the collection and use of personal data by IHD.

Data privacy glossary according to the GDPR

1. Personal data

According to the legal definition of Art 4 No. 1 GDPR, personal data includes all information relating to an identified or identifiable natural person (hereinafter referred to as "concerned person").

Accordingly, legal persons and majorities of persons are not included in the scope of protection of the GDPR. However, if information also refers to their institutions, it is again personal data.

2. Concerned person

This refers to the identified or identifiable person whose personal data is processed by persons responsible or data processing companies.

3. Processing

In contrast to the definition of the individual processing steps laid down in the previous BDSG [Federal Data Protection Act], the processing is to be broadly defined in accordance with Art 4 No. 2 GDPR and comprises every process or series of processes in connection with personal data, such as the recording, collection, adaptation, use, transfer without privileges for order data processing and also every form of provision, carried out automatically or without automatic assistance.

4. Profiling

In accordance with Art. 4 No. 4 GDPR, profiling involves assessment of personal aspects of the concerned person using personal data. According to the standard, these assessed aspects include the economic situation, the present and the past, including forecasts.

5. Responsible person

Responsible person in accordance with Art 4 No. 7 GDPR is any body, which decides alone or together with others on the purposes and means of processing personal data. It is precisely the decision-making power over the purpose, i.e. "why" the processing, which is a decisive criterion for responsibility in addition to the choice of means.

6. Data processing company

This refers to any body that processes personal data on behalf of the company in such a way that the processing is determined by the directives of the person responsible.

7. Recipient

Any body, with the exception of authorities with a specific investigation mandate, to which personal data may be made available as the addressee of the data, irrespective of whether it is a third party.

8. Third party

The third party is neither the concerned person, nor the person responsible, nor the data processing company, but anyone completely outside the position of the person responsible. If personal data is disclosed to the third party on the basis of existing third-party interests, it becomes the person responsible.

9. Consent

The consent legally defined in Art 4 No. 11 GDPR refers to any informed and unambiguous voluntary declaration of consent to the processing of the personal data concerned.

Privacy policy

Scope of validity

This privacy policy informs users about the type, scope and purposes of the collection and use of personal data by IHD Gesellschaft für Kredit- und Forderungsmanagement mbH, Augustinusstr. 11B, 50226 Frechen, service@ihd.de, Tel. 02234 96317-0 on the IHD website (www.ihd.de/...). IHD is responsible for the processing of the data within the meaning of the GDPR.

The legal bases of data protection are the General Data Protection Regulation (EU GDPR), the associated recitals and the BDSG (new) 2017 as well as the German Teleservices Act (TMG).

Contact details of the data protection officer

You can contact our company data protection officer by post at the above-mentioned company address for the attention of the department Data Privacy, via mail at: and by telephone at 02234/963170.

Our Data Privacy department is available for all questions concerning data privacy, but please understand that for reasons of data protection law it is possible to respond to specific individual requests only if they have been made in writing, by post or e-mail.

General collection and processing of personal data

We collect only the personal data that is absolutely necessary.

You do not need to provide any personal data to use the offers on our website. If you use our contact form, the input of personal data is necessary; otherwise the desired offer cannot be used. If you enter personal data on our web pages, this data is provided by users on an expressly voluntary basis. The personal data provided voluntarily (subject, name, address, e-mail address, etc.) shall only be stored, processed and used for the purpose for which the user has provided it or if the user has agreed to another use. Data transmission is encrypted using the HTTPS protocol.

We do not pass on any personal data collected on our website to third parties. Unless this is the express request of the user.

Access data/ server log files

For troubleshooting and anonymous evaluations of the use of our website, we collect data about each access to the offer (so-called server log files). The following information is stored:

  • Name of the accessed website or file
  • Date and time of access
  • The volume of data transferred
  • An indicator as to whether the request was successful
  • Browser type in addition to the version and the user's operating system
  • Referrer URL (this is the page that was visited before)
  • IP address in anonymised, abbreviated form

The IP address is not completely stored; thus, the requesting person cannot be identified.

Use and processing of personal data

Cookies

Cookies are small text files that are stored in the browser and which make it possible, for example, to recognize recurring users on a website.

Our web pages (www.ihd.de/...) do not use any cookies. When embedded third-party content is displayed, cookies may be written when you access the services of these third parties (see third party content).

The writing of cookies can be prevented by appropriate setting of your browser software, which can only impair the function of the betting game and the automatic filling in of your access data in the member login on our pages.

A cookie is written in the member login (zserv.ihd.de) in order to be able to pre-enter the member number, the user name and the language selection in the registration form during a new visit.

Third party content

If third party content is displayed on our website, data may be forwarded to the respective operator if this content is used. This includes YouTube videos that are displayed within IHD website, and even IHD betting game.

Third party service providers can have different, own regulations in the context of the processing of personal data; therefore, we advise you to read the information in this regard on the indicated web pages of the respective third parties in detail.

IHD betting game

The IHD betting game runs on servers of Kicktipp GmbH. For this purpose, the registration data of each participant (e-mail address and password) as well as other data arising in the game is stored and processed at Kicktipp GmbH. IHD Gesellschaft für Kredit- und Forderungsmanagement mbH has concluded a contract with Kicktipp GmbH for the processing of order data for this purpose (for sample contract, see https://www.kicktipp.de/info/ueberuns/datenschutz/)

After the end of a betting community and notification of the winners, all participants' data will be deleted on Kicktipp.

Kicktipp uses cookies to identify a session (session cookie) to save the language selected by the user and for permanent login. Session cookie is automatically deleted when you close your browser. Other cookies are stored permanently in the browser. You can delete them at any time using the corresponding function of your browser.

Detailed data privacy statement of Kicktipp GmbH:

https://www.kicktipp.de/info/ueberuns/datenschutz

Data protection officer(s) of Kicktipp GmbH:

https://www.kicktipp.de/info/ueberuns/impressum

Youtube

Youtube videos are displayed by us in "extended data protection mode". Cookies are not stored in this way when the website with the embedded video is displayed. If you click on the video player, you use the offer of YouTube. In this case, Youtube triggers further data processing operations (writing cookies), over which we as the site operator have no control.

Operating company of YouTube is YouTube, LLC, 901 Cherry Ave.,San Bruno, CA 94066, USA. YouTube, LLC is an affiliated company of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Further information on YouTube is available under https://www.youtube.com/yt/about/de/.

Technical queries

If you have any technical queries or comments about our website, please contact our webmaster .

Collection and processing of personal data by member companies of IHD

The member companies of IHD Kreditschutzverein have the option of using these web pages in an area protected by a login for the purposes of using the services offered by IHD Gesellschaft für Kredit und Forderungsmanagement mbH, debt collection and receivables management.

  1. In this protected area, our member companies have the option to provide us with debtor data (name, address, contract data, claim data and payment information) in order to enable our debt collection department to process their legal claims. See below
  2. Our member companies also have the option of transmitting personal data of their customers (name, address, e-mail contact, creditworthiness reports based on defined creditworthiness keys) for the purpose of checking deliverability, requesting trading information and for the purpose of creditworthiness checks, also in the form of debtor monitoring. See below
  3. This section of our web pages also provides member companies with the option to purchase products from other credit reference agencies. A distinction must be made here between the option of selecting private information (CRIF Bürgel GmbH, arvato infoscore GmbH) and purely business information (CRIF Bürgel GmbH, Bisnode Deutschland GmbH).

For detailed information on the provisions applicable to the processing of personal data, please refer to the company's own linked websites:

Provisions of our contractual partners

Information in accordance with Art 14 GDPR of IHD Gesellschaft für Kredit- und Forderungsmanagement mbH (IHD) for the business unit Business Information

Name and contact details of the responsible body and the company data protection officer

IHD Gesellschaft für Kredit- und Forderungsmanagement mbH, Augustinusstr. 11 B, 50226 Frechen, Tel.: 02234/96420

The company data protection officer of IHD can be contacted at the above address, for the attention of the Data Privacy department, or by e-mail at .

1. Data processing by IHD

1.1 Purpose of data processing/ justified interest

IHD processes personal data in order to provide the member companies of IHD Kreditschutzverein e.V., if there is a legitimate interest, with information about the accessibility of natural persons who are commercially active and legal persons, and to give information about their creditworthiness. Processing includes converting the creditworthiness data into three classes, which are displayed graphically as traffic lights. The traffic light chart is generated without additional statistical methods or probabilistic formulas and can be called up on request. IHD provides this information only if a justified interest has been substantiated in the individual case and processing is permissible after consideration of all interests. The legitimate interest exists in particular before entering into transactions with financial default risk. This credit analysis serves the purpose of protecting the recipient from economic losses due to default risks by means of a preliminary assessment and at the same time opens up the option of protecting the borrower from excessive debt by providing advice. IHD's data processing and the provision of information based on it also serve to prevent fraud, prevent money laundering, verify identity, provide customer service, determine addresses and control risks in the interest of determining payment methods or conditions.

1.2 Legal basis for data processing

IHD processes personal data on the basis of the General Data Protection Regulation. Processing is based on consents in accordance with Art 6 I a in conjunction with Art 7 GDPR or on the basis of Art 6 I f GDPR, insofar as the processing is necessary to safeguard the legitimate interests of the person responsible or a third party and does not outweigh the interests or fundamental rights and freedoms of the concerned person which require the protection of personal data. IHD provides information to its member companies only if a legitimate interest has been substantiated in individual cases. The legitimate interest exists in particular before entering into transactions with economic risk, which includes every purchase on account.

1.3 Origin of IHD data

The data of IHD originates from generally accessible sources such as public directories and official announcements. In addition, IHD receives information on payment behaviour from the business unit Collection, from the affiliated member companies that use IHD products for the purposes mentioned under 2.1 and from their contractual partners in the area of credit reference agencies.

1.4 Categories of personal data of IHD
  • Personal data (e.g. last name - if necessary also previous last names, which will be disclosed upon separate request, first name, date of birth, address, previous addresses)
  • Information on undisputed, due and repeatedly dunned or entitled claims and their settlement
  • Information from public directories or official announcements (e.g. debtor's list and insolvency announcements)
1.5 Categories of recipients of personal data

The recipients are primarily the member companies of IHD Kreditschutzverein e.V. These are, in particular, companies that bear an economic risk and are predominantly based in the European Economic Area. These are mainly suppliers of goods, energy supply and service companies. In addition, the contractual partners of IHD include attorneys as well as credit reference agencies and contractors in accordance with Art 28 GDPR, such as mail dispatch service providers.

If data is transmitted outside the European Economic Area, this is done in compliance with the requirements of the European Commission. In the absence of a positive adequacy decision by the European Commission under Article 45 GDPR, IHD only transfers data to a third country subject to appropriate guarantees.

1.6 Duration of data storage

IHD saves data in accordance with Art 17 I lit.a) GDPR only as long as is necessary. The testing and deletion periods applied by IHD correspond to a voluntary agreement (code of conduct) of the credit reference agencies affiliated in the "Die Wirtschaftsauskunfteien e.V." association. The content of this voluntary agreement (code of conduct) is available on the Internet under www.ihd.de/datenschutz/codeofconduct.html

Accordingly, the basic storage period of personal data is three years to the day exactly after its completion. Information on requests will also be deleted after three years at the latest.

Deviating from this, the following data is deleted, for example, to realise the deletion claim:

  • Data from the debtor’s list of the central courts competent for execution, to the day after three years, but prematurely if IHD has proven deletion through the central court competent for execution.
  • Information on consumer/ insolvency proceedings or residual debt exemption proceedings to the day exactly three years after the end of the insolvency proceedings or the granting of the residual debt exemption. However, an earlier deletion can take place in specially stored individual cases.
  • Information on the rejection of an insolvency application due to lack of assets, the abolition of security measures or the refusal of the residual debt exemption to the day exactly after three years.
  • Previous addresses remain stored for exactly three years to the day, after which the necessity of continuous storage is checked for a further three years. After that, they are deleted to the day, unless a longer storage period is required for the purpose of identification.

2. Rights of persons concerned

Each concerned person has the right of access to IHD pursuant to Art 15 GDPR, the right of correction pursuant to Art 16 GDPR, the right of deletion pursuant to Art 17 GDPR and the right of limitation of processing pursuant to Art 18 GDPR. In addition, it is possible to contact the supervisory authority responsible for IHD, the North Rhine-Westphalia state official for privacy protection and freedom of information (LDI). Consents may be revoked at any time vis-à-vis the contractual partner concerned. This also applies to consents that were granted before the GDPR came into force. The revocation of consent does not affect the legality of the personal data processed until revocation.

In accordance with Art 21 I GDPR, data processing may be objected for reasons arising from the particular situation of the concerned person. The objection must be addressed to: IHD Gesellschaft für Kredit- und Forderungsmanagement mbH, Data Privacy, Augustinusstr. 11 B, 50226 Frechen.

If you want to know what personal data IHD has stored about you, we will inform you in writing as part of a voluntary disclosure. If you voluntarily enclose a copy of your identity card for clear identification, you will avoid possible queries.

3. Profiling

IHD processes personal data in order to assess the economic situation of companies. These are mainly legal persons and natural persons only if they are active in the business world.

The processing of the data includes the assignment to three classes of creditworthiness, which is displayed in a traffic light chart. This conversion into a traffic light chart is based on the information stored about a person by IHD, which is also shown in the information pursuant to Art 15 GDPR.

The graphical assignment of information serves the purpose of presenting risk probabilities, has been tried and tested in practice for a long time and is not based on statistical formulae and probabilistic values. The following data (see 2.3 and 2.4) is used although not every data type is included in every single chart: Address-related data (disclosure of name in the address, disclosure of address), data from the debtor’s list of the central court competent for execution, data from insolvency notices and data from pre-judicial and judicial debt collection as well as data from the monitoring of collection proceedings and information from the affiliated member companies.

This information merely supports the requesting member companies of IHD Kreditschutzverein e.V. in making decisions on the evaluation of risk assessment of their current or future business partners; IHD itself does not make any decisions.

Information in accordance with Art 14 GDPR of IHD Gesellschaft für Kredit- und Forderungsmanagement mbH (IHD) for the business unit Collection

Name and contact details of the responsible body and the company data protection officer

IHD Gesellschaft für Kredit- und Forderungsmanagement mbH, Augustinusstr. 11 B, 50226 Frechen, Tel.: 02234/96420

The company data protection officer of IHD can be contacted at the above address, for the attention of the Data Privacy department, or by e-mail at .

1. Data processing by IHD’s debt collection department

a. Purpose of data processing/ legal basis

Data is processed in IHD's debt collection department for contract fulfilment and contract execution in accordance with Art 6 I b GDPR and, if the claim is not based on a contract, for prosecution in the interests of the parties in accordance with Art 6 I f GDPR, whereby the legitimate interest exists in connection with the asserted claim.

IHD also transmits data from the collection of receivables in accordance with Art 6 I f, III 3, IV, GDPR under the conditions of § 24 BDSG [Federal Data Protection Act] and in accordance with the requirements of § 31 II p.1, No. 4 BDSG to the internal department of the credit reference agency and external credit reference agencies, where this data can be taken into account when determining probability values (scoring).

This is data on receivables not settled despite their due date in accordance with § 31 II p.1, No.4 BDSG: The transfer therefore takes place only if you have received at least two written reminders after the due date of the claim, the first reminder was issued at least four weeks ago and you have not contested the claim. This personal data is reported to the business unit of IHD for business information and also to CRIF Bürgel GmbH, Radlkoferstr.2, 81373 Munich and Bisnode Deutschland GmbH, Robert-Bosch-Str.11, 64293 Darmstadt.

Detailed information about the credit reference agencies to which we send data is available at: www.ihd.de/datenschutz#vertragspartner

The transmission serves the purpose of assessing the creditworthiness and thus the legitimate interest in maintaining the liquidity of the economy and is compatible with the purpose of debt collection.

b. Data categories and origin

We process the following categories of data in the collection proceedings: Master data, communication data, contract data, receivables data and, if applicable, payment information and procedural data.

The data from the above mentioned categories is transmitted to us by the customers of the collection proceedings or provided to us by our contractual partners, courts and bailiffs or is the result of our legal services in the form of procedural data.

c. Recipient

As part of debt collection, personal data is transferred, if necessary, to the customer of the debt collection, to third-party debtors, courts and bailiffs. In addition, the contractual partners of IHD include attorneys and debt collection companies within and outside the European Economic Area, credit reference agencies and contractors according to Art 28 GDPR, such as mail dispatch service providers and other investigation services.

In the case of data transmission outside the EU, this is done in compliance with the requirements of the GDPR. In the absence of a positive adequacy decision by the European Commission under Article 45 GDPR, IHD transfers data to a third country subject to suitable guarantees or, in rare cases, for the purpose of contract fulfilment or for the purpose of asserting legal claims under the exceptions set out in Article 49 I 1 b, e in conjugation with Art 6 I b or f GDPR, ensuring the existence of standard data protection clauses.

d. Duration of data storage

After payment of the collection claim or further termination of the collection proceedings, IHD checks exactly to the day after the expiry of three years whether there is still a further legitimate interest in storing the personal data; if this is not the case, it is deleted. If there are conflicting legal storage obligations, only the data required for fulfilment will subsequently be stored in a log file held for this purpose only.

2. Rights of persons concerned

Subject to the conditions, every person is entitled to the rights according to Art. 15-22 GDPR.

Each concerned person has the right of access to IHD pursuant to Art 15 GDPR, the right of correction pursuant to Art 16 GDPR, the right of deletion pursuant to Art 17 GDPR and the right of limitation of processing pursuant to Art 18 GDPR. However, in accordance with Article 21 GDPR, the right of the concerned person to object can only relate to processing operations carried out on the legal basis of Article 6 I f GDPR.

In addition, it is possible to contact the supervisory authority responsible for IHD, the North Rhine-Westphalia state official for privacy protection and freedom of information (LDI NRW).

IHD Sales Force

Contact your local IHD sales representative!

or
Thank You for Your Recommendation!

Twitter   Ihren XING-Kontakten zeigen   Facebook   LinkedIn   Delicious   LinkedIn