Data Protection Notice of KSV1870 Information GmbH for InfoPasses

Data Protection Notice of KSV1870 Information GmbH for InfoPasses

We are committed to ensuring the responsible and scrupulous handling and protection of your data. The purpose of the data protection notice below is to inform you that your personal data will be processed when you use or order an InfoPass product.

To confirm that the services provided by KSV1870 Information GmbH are in conformity with the law, we hereby issue the following Data Protection Notice for the Product InfoPasses:

Terms used in the General Data Protection Regulation ('GDPR')

In accordance with the GDPR, the terms are defined as follows:

"personal data": any information relating to an identified or identifiable natural person ('data subjects');

"processing": any operation, whether or not performed by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, alignment or combination, restriction, erasure or destruction of data;

"controller": the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data;

"recipient": a natural or legal person, public authority, agency, etc., to which the personal data is disclosed, whether a third party or not;

"third party": a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

"processor": a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Controller's name and contact details:

KSV1870 Information GmbH

Company register number: FN 308571g

Wagenseilgasse 7
1120 Vienna

Under data protection law, KSV1870 Information GmbH is controller of the InfoPass products and responsible for the data processing performed in the process.

Why is data processed for InfoPasses?

KSV1870 Information GmbH (hereunder also referred to as "we" and "us") is a company operating as a credit bureau and in the field of automatic data processing and information technology in accordance with the law. We have business licences in accordance with sec. 151 (list compilers and direct marketing companies), sec. 152 (credit bureaus), and sec. 153 (services in automatic data processing and information technology) of the Industrial Code (GewO) and operate a company in these fields.

As an agency that supplies information on credit relations, our general aim is to protect entrepreneurs against financial loss and promote liquidity (creditor protection). For this purpose, we provide credit reports and create score models. As a credit bureau, we process personal data in order to protect the lending and commercial loan sector against uncollectible accounts receivable. Information on credit standing, payment track records and payment issues, any behaviour in breach of contract, research and access to this information is intended to minimise the risk of default for third parties. The data processed and, if need be, disclosed to third parties serves to assess this default risk.

The purpose of processing credit standing data is thus to protect creditors from having to grapple with uncollectible accounts receivable, to minimise the risk of uncollectible accounts receivables but also to prevent fraud, misuse and money laundering. The purpose of data processing is also to protect the data subjects themselves from becoming over-indebted or from going on a credit binge. This data processing is necessary so that we can carry on the trade of a credit bureau, and also for third-party companies whose services KSV1870 Information GmbH uses, so that effective creditor protection, effective minimisation of the risk arising from uncollectible accounts receivable and the prevention of fraud, misuse and money laundering can be ensured and guaranteed.

InfoPasses are tools that makes it easier for you, as customer and data subject, to present the required documents in concentrated and concise form to the party of your choice.

In connection with the product and/or the database and/or data application, your personal data is processed at your proactive request to use and avail yourself of KSV1870 Information GmbH as a service provider. With InfoPasses, you yourself provide the data and documents on a voluntary basis, and these are then supplemented with appropriate information processed by KSV1870 Information GmbH in its operation as a credit bureau, summarised and made available to you as a comprehensive document.

The InfoPass is issued at your request, intended for voluntary presentation to third parties of your choice and meant to support you in your endeavour.

In total, 4 types of InfoPass products are currently available:

InfoPass for Tenants:

This InfoPass is for presentation to prospective landlords by tenants or prospective tenants and makes it easier to obtain a tenancy agreement.

InfoPass for Authorities:

This InfoPass is for presentation to the authorities in administrative procedures or can be used as proof or support in procedures.

InfoPass for Applicants:

This InfoPass is for presentation to prospective employers or employment agencies by job applicants, making it easier for them to find employment.

InfoPass for Financers:

This InfoPass is for presentation to third parties providing financial support in the form of loans, credit, leasing or other facilities and is intended to help you obtain financing and facilitate the process.

When acquiring an InfoPass, you enter into an agreement for the provision of services to you as data subject involving automatic data processing and information technology (carrying on a trade in accordance with sec. 153 Industrial Code [GewO]) and thus also for the purpose of supporting you as data subject in accomplishing the relevant objective from the list above.

However, data is also processed for the aforementioned purposes of a credit bureau operation due to the fact that access to information on credit relations is given to you as data subject and indirectly to third parties when you use the InfoPass product and present it to them. Accordingly, data is also processed for the aforementioned purpose of minimising the risk from uncollectible accounts receivable, creditor protection, the prevention of fraud, misuse and money laundering and of protecting you against becoming over-indebted.

Which personal data categories do we process for the InfoPass product?

Academic degree (applicants), current employer with from data (applicants, financers), type of address (e.g. lease, ownership, etc.) (financers), number of children (applicants), number of dependent children (financer), date of ID issue, ID number, specific data from the Business Database and the CommercialCreditRecords (ComCR), specific data obtained from the ConsumerCreditRecords (ConCR), specific data from the warning list, letters of reference (applicants), former employer with data from-to date (applicants, financers), own funds (financers), marital status (applicants, financers), financing total (financers), financing purpose (financers), company name / names of persons, former addresses, date of birth, salary expectations in EUR (applicants), sex, land owner (financers), marriage certificate, highest level of education completed (applicants), KSV1870 number, copy of ID, LinkedIn profile URL (applicants), confirmation of registration, monthly income (financers), monthly fixed costs (financers, name, personal telephone and fax numbers and other information required for addressing resulting from modern means of communication, collateral (financers), social insurance extract (applicants, financers, criminal record certificate (applicants), title and form of address, university diplomas (applicants), available from date (applicants), salary group according to the collective bargaining agreement (applicants), salary group years according to the collective bargaining agreement (applicants), home address, preferred maturity (financers), preferred monthly instalment (financers), XING profile URL (applicants)

 

Where does the data processed by us come from?

Notice in accordance with Article 13 GDPR:

We collect the data processed for the production of an InfoPass directly from you. For performance of the contract and for production and transmission of an InfoPass, you yourself as data subject under data protection law make personal data available to us. Therefore, this personal data originates from you.

You provide us with your personal data primarily when submitting a request on our website to order an InfoPass. We may also obtain your personal data from you in the course of a telephone call or e-mail correspondence, provided this is necessary for the aforementioned purposes.

Notice in accordance with Article 14 GDPR:

However, in addition to this data, we as a credit bureau may in some circumstances already be processing personal data about you. Any such data that is already available may be processed by us for the purpose of carrying on the trade of an agency that supplies information about credit relations without your consent. For more information and details about which personal data and credit information this applies to or may apply to, please see our special data protection notice issued in our capacity as credit bureau ( https://www.ksv.at/datenschutzerklaerung-ksv1870-information-gmbh-dsgvo ) .

In performing our contract and with your consent, we also process some of the data already available in the Business Database and the CommercialCreditRecords (ComCR) of KSV1870 Information GmbH for the production of an InfoPass and use this data in the InfoPass product.

Upon your express consent, order placement and release from banking secrecy, we also obtain bank-sourced loan and credit data (specific data from the ConsumerCreditRecords, specific data from the warning lists kept by the banks) from Kreditschutzverband von 1870. Therefore, such data comes from Kreditschutzverband von 1870. We use and process this loan and credit data collected for contract performance of the InfoPass only for such contract performance.

Lawful basis of data processing for the InfoPass product

The following provisions of the GDPR form the lawful basis for such data processing:

Article 6(1)(a) and Article 9(2)(a) GDPR (consent)
Article 6´(1)(b) GDPR (necessary for performance of the contract)

Once the purpose of the contract has been fulfilled or you withdraw your consent, data processing may continue pursuant to Article 6(1)(f) GDPR (legitimate interest). Such legitimate interest exists when compliance with retention periods under statutory, tax and warranty law needs to be ensured and to defend against any liability claims. In any case, data is also processed as proof that the InfoPass has been provided as a contractual service and for the entitlement to collect and retain the agreed fee.

Potential recipients of personal data processed by us:

Data transmitted to us in connection with the production of the InfoPass for the purpose of contract performance, and with your consent, will not be passed on or transmitted to any third party and therefore not to any third country or international organisation.

However, in so far as personal data available to us - and not transmitted by you - is used to produce the InfoPass product on your behalf, such data may form part of access reports provided to third parties (in accordance with sec. 152 Industrial Code [GewO] Credit bureaus).

However, to achieve the purpose and ensure contract performance we use the services of the following processors:

Österreichische Post Aktiengesellschaft for postal services
KSV1870 Holding AG for IT services
Atos-IT Solutions and Services GmbH for IT services

Information on the storage period

We retain your data as long as necessary for performance of the contract and fulfilment of the aforementioned processing purposes. This notwithstanding, the data is also retained as long as required to ensure compliance with retention periods under statutory, tax and warranty law and to defend against any liability claims. Data processing will continue as long as the fee for the contractual InfoPass service has not been paid.

No automated decision-making and profiling

The production of an InfoPass does not involve any automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR.

Your rights ("data subject rights")

Withdrawal of your consent

For the InfoPass, personal data is processed with your consent as well. You have the right to withdraw this consent. However, any such withdrawal will not affect the lawfulness of any processing performed before the withdrawal.

Please note that your data may nevertheless be subject to further processing on the legal grounds of contract performance or the existence of overriding legitimate interests.

Right of access in accordance with Article 15 GDPR

The fair and transparent processing of data is important to us. In accordance with Article 15(1) GDPR, you have the right to request a confirmation on whether or not personal data about you is being processed, and you have the right to access such information.

Rectification

In addition to the right of access provided by Article 15 GDPR, Article 16 GDPR gives you the right to request rectification of inaccurate processed data about you and the right to have incomplete personal data completed, while giving due consideration to the purposes of such processing. Proof to this end must be provided in writing so as to ensure transparent handling and documentation.

Objection and erasure requests

Furthermore, Article 21 GDPR gives you the right to object to the processing of personal data concerning you based on Article 6(1)(e) or (f) GDPR at any time on grounds relating to your particular situation.

Furthermore, you have the right to erasure of processed personal data concerning you on the basis of Article 17 GDPR.

Restrictions of processing

Furthermore, you have the right, according to Article 18 GDPR, to obtain restriction of processing where one of the following applies:

● you contest the accuracy of the personal data, for a period required by the controller to verify the accuracy of the personal data,

● the processing is unlawful, and you oppose erasure of the personal data and request the restriction of their use instead;

● the controller no longer needs the personal data for the processing purposes, but you require the data for the establishment, exercise or defence of legal claims, or

● you have objected to processing pursuant to Article 21(1) pending verification whether the legitimate grounds of the controller override those of the data subject.

However, where processing has been restricted in accordance with the above, such personal data may still be processed and used — but not stored — for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.

Receipt of personal data in a structured, established and machine-readable form:

If your personal data has been processed using an automated procedure and on the basis of your consent or a contract signed with you, you have the right pursuant to Article 20 GDPR to receive this processed personal data in a structured, established and machine-readable format.

You may submit such requests to us:

If you wish to exercise your right, please let us know. Our contact details are: KSV1870 Information GmbH, company register no. 308571g, 1120 Vienna, Wagenseilgasse 7.

Option to file a complaint with the Data Protection Authority

If you believe that your data is being processed in breach of data protection law or your rights under data protection law have been otherwise infringed, you also have the right to file a complaint with the Data Protection Authority of the Republic of Austria with the address, 1030 Vienna, Barichgasse 40-42.

Contact details of the data protection officer:
KSV1870 Information GmbH has appointed a data protection officer. To contact him/her, please write to ksv1870.datenschutzbeauftragter@ksv.at