This Privacy Notice explains how we collect, use, process and store your personal data, and what are your rights regarding your personal data.
This Privacy Notice applies as of 01.12.2019 and is accessible on our website www.axfina.com. Any future changes to the Privacy Notice will be posted there as well.
- Who is the controller of your personal data
The data controller in respect of your personal data is AxFina Holding SA, Wallnerstrasse 3, A-1010 Vienna. In this Privacy Notice, we will refer to this company as “AxFina”, “we” or “us”. Apart from AxFina, other companies within our group may also process your personal data – see Section 4.2 of this Privacy Notice.
For any questions or concerns regarding your personal data collected and processed by us, or if you wish to use any of your rights in relation to your personal data (we describe these in Section 7 of this Privacy Notice), you may contact our Data Protection Officer at firstname.lastname@example.org.
- Personal data we collect about you and how we obtain them
We obtain your personal data either from you directly or from other sources, as further explained in this Section. We explain why we collect your personal data in Section 3 below.
2.1. Personal data you share with us
You may provide us with your personal data yourself, for example when you contact us in any way, either by telephone, email or by regular mail, and when you talk to our personnel in person or fill in forms intended for us or when you apply for job position. While it will be up to you to decide which exact personal data to share in such case, these will typically be in relation to a contract you have with us or another company within our group, or in relation to a business relationship we have with our clients. Such personal data may be similar as those listed (non-exhaustive) in Section 2.2 below.
2.2. Personal data we receive from other sources
We also receive your personal data from other sources, such as:
- our business partners with whom you had a business relationship in the past and who transferred your personal data (collected under the contract or because you have consented for them to do so for a specific purpose);
- our clients when we are engaged by our clients to perform the services (click here for additional information on our services);
- companies within our group, for example DDM Group AG (based in Switzerland), DDM Invest VII, d.o.o. (based in Slovenia), AXS d.o.o. (based in Slovenia), axs Croatia d.o.o. (based in Croatia), Lombard Leasing and Finalp (based in Hungary), Thea Artemis (based in Greece). These companies provide us with information they obtain, including personal data, while managing specific assets which they own (for example a loan receivable owed by you) or while providing debt collection services and asset management services;
- other third parties, including, for example, courts, regulators and other public authorities, business partners, sub-contractors in technical, payment and delivery services, analytics providers, search information providers, credit reference agencies, and background checking agencies; we may receive your personal data from them as part of the service they perform for us, or for legal reasons;
- publicly available sources such as the court and business register, land register, internet and social media.
Types of personal data we collect about you include:
- your personal details (name, address, date, place of birth, nationality, personal ID, tax number, gender, marital status, education, working position, occupation, employment status, qualifications, information about your previous employment, work experience, qualifications and skills, income, family income, income description, number of children, phone number, email and other contact details, etc.);
- authentication data (for example specimen signature);
- data related to the fulfilment of your contractual obligations and other financial information (for example turnover data in payment transactions and data on your payments under the contract you have with us or with another company within our group or our clients);
- information about your financial status (for example, creditworthiness data, scoring or rating data, etc.);
- data from public registers and courts, for example, data on your real estate ownership from the land register or ownership of shares in companies from the business register or central clearing corporation, data as to whether you are a party in civil, enforcement or insolvency proceedings;
- recordings of business-related telephone conversations;
- information from your electronic communication with us (for example emails, letters, etc.);
- data created by our processing of your personal data listed here.
- Why we collect your personal data and what is the legal basis for doing so
This table summarizes why we collect and process your personal data and what legal basis (reasons) we have to do so. Information in this table applies to personal data collected from you directly as well as to personal data that we obtain from other sources (see Section 2. above).
|Purpose of collection (why we collect)||Legal bases (our reasons)|
|We need your personal data to continue the business relationship you have with us or other companies within our group, to exercise rights under contracts we or other companies within our group have with you and to manage and coordinate our activities in this respect; for example, we need your personal details to contact you to agree on a payment plan, to follow up on your compliance with the plan, or to pursue legal action for debt collection if this is necessary; likewise, we need your financial information and data on asset ownership to develop a payment plan appropriate for your situation and to assess your credit score.||• processing is necessary for performance of a contract you are a party to
• processing is based on our legitimate interest:
– being in the investment business, it is our commercial interest to collect on the claims owned by us or other companies within our group, for which we need to be able to contact you or pursue legal action;
– to do our business efficiently, we need to organize our activities around certain criteria, which will often be based on personal data of debtors.
|· When you discuss with us or engage us to provide our services to you (click here for additional information on our services), we collect your personal data for the purposes of performing and administering our business relationships and maintaining contractual relations with our clients, for accounting, tax, marketing and business development purposes.||• processing is based on our legitimate commercial interest to provide a wide range of services.
|· We collect personal data from individuals whose personal data we obtain in connection with the provision of services to our clients (for example, employees, customers or suppliers of our clients).d||• processing is based on our legitimate commercial interest to provide a wide range of services.
|We collect information from and about candidates in connection with available employment opportunities at AxFina and application process, for the purpose of processing your application, assess qualification and personal experiences and to distribute you information, materials and invitations related to your application.||• processing is based on the candidate explicit consent.
• processing is based on our legitimate interest to process and manage job applications
|Sometimes we or other companies within our group need to process (in particular transmit and store) personal data to act in accordance with the law; this may for example be necessary under anti-money laundering rules or consumer credit regulation.||• processing is based on our legitimate purpose to fulfil all of our legal obligations.|
|We or other companies within our group need to analyse personal data to prevent debtor fraud and to implement fraud prevention; for example, we may obtain personal data from a background checking agency to verify whether our existing information is correct.||• processing is based on our legitimate interest to safeguard against fraud.|
- Who we share your personal data with
Within AxFina, your personal data is processed mainly by our departments and employees responsible for managing contractual relationships and ensuring we comply with the law, for example case handlers in charge of your case, credit boards and committees, business analysists, accounting department, legal department, compliance department and internal auditors.
When and only to the extent this is needed for purposes we described in Section 3 of this Privacy Notice, we share your personal data outside of AxFina, with other companies in our group or with third parties. In any case, we only share personal data with companies or third parties based in European Union / European Economic Area or Switzerland (see also Section 5 below). Here, we list (non-exhaustive) with whom we share your personal data in this way:
- companies within our group, for example for example DDM Group AG (based in Switzerland), DDM Invest VII, d.o.o. (based in Slovenia), AXS d.o.o. (based in Slovenia), axs Croatia d.o.o. (based in Croatia), Lombard Leasing and Finalp (based in Hungary), Thea Artemis (based in Greece);
- our service providers, agents, subcontractors and other companies whose activities are connected to the provision of debt collection services, real estate appraisals, facility managers and other advisory services;
- employment agencies;
- courts, regulatory agencies and any other public authorities;
- fraud prevention agencies;
- cloud storage and IT service providers;
- banking and financial services providers that help us finance our business;
- credit reference agencies for assessing your credit score;
- generally, all companies and organizations from whom we obtain your personal data, as listed in Section 2.2 of this Privacy Notice; among these, we only share personal data with companies and organizations based in European Union / European Economic Area or Switzerland (see also Section 5 below);
In addition, we may, from time to time, provide third parties with data that has been aggregated or anonymized. This means that your personal data that could be used to identify you have been removed from such aggregated or anonymized data. Data provided to third parties in this way is not personal data.
- Where we store your personal data and where do we transfer it
We store and process your personal data on locations inside European Union / European Economic Area (“EEA”) or Switzerland.
European Commission has recognized Switzerland as a country with adequate level of protection of personal data, and issued so called adequacy decision in this respect.
You can take a look at the adequacy decision on this link:
or learn more on adequacy decisions on this link:
At the moment, information on this topic is generally available on the website of the European Commission (https://ec.europa.eu/info/index_en) under “Policies, information and services” tab, in the “Law / Law by topic / Data protection / Data transfers outside the EU” sub-section. Please note that the European Commission may change the online location of these information in the future.
- How long will we keep your personal data
Due to the nature of our business and contractual relationships we or other companies from our group have with you, or our clients, we cannot state precisely for how long we will keep your personal data. This period will be dependent on several factors, such as the duration of the contract concluded with you, or our clients, statutory or contractual limitation period in respect of certain rights and obligation stipulated in the contract with you or our clients and compliance and regulatory requirements imposed to us by law. However, in any case we retain your personal data only for as long as is necessary for the purpose for which we obtained them. We list some examples of how we decide on how long to keep your personal data below.
6.1. Personal data used to perform a contract
In relation to your personal data used to perform any contractual rights and/or obligations with you or our clients, we may retain that personal data whilst the contract remains in force and until you or we (or another company from our group) completely fulfil their obligations, allowing for reasonable time after that for updating of our records.
6.2. Personal data needed for legal proceedings
In relation to any personal data where we reasonably believe it will be necessary to defend, prosecute and/or make a claim against you, our clients or a third party, we may retain that personal data for as long as the claim could be pursued under the applicable law or otherwise needed in such legal proceedings.
6.3. Personal data used for compliance requirements
In relation to any personal data used to comply with anti-money laundering, anti-terrorism financing, tax, audit or similar data retention requirements, we shall not store and use such personal data longer than we are required to do so under the specific retention requirement.
- Your rights
Below is the summary of rights that you have under the law, and what AxFina does to protect those rights. You may contact our Data Protection Officer at email@example.com if you wish to know more or to use any of these rights.
7.1. The right to access your personal data
You have the right to
- obtain from AxFina confirmation as to whether or not personal data concerning you are being processed; and
- access your personal data by receiving a copy thereof.
Please contact our Data Protection Officer at firstname.lastname@example.org if you wish to access your personal data held by AxFina.
7.2. The right to correction (rectification)
If the personal data AxFina holds about you is inaccurate or not complete, you have the right to ask us to correct them. If that personal data has been passed to a third party, we will ask them to correct the data, unless this is impossible or requires disproportionate effort on our part. We will tell you to which third parties your personal data has been passed if you ask us to. We may need to verify the accuracy of the new data you provide to us. Please contact our Data Protection Officer at email@example.com.
7.3. The right to erasure
This is sometimes called ‘the right to be forgotten’. You can ask us to erase all your personal data held by us and we will do so in these cases:
- your personal data are no longer necessary for the purposes we processed or collected them for;
- if you withdraw your consent to process your personal data – but only in cases where we have no other legal basis to do so apart from your consent;
- if you object to the processing of your personal data and there are no overriding legitimate grounds for the processing (see right to object in Section 7.6 of this Privacy Notice);
- it turns out your personal data have been unlawfully processed;
- your personal data must be erased because the law requires us to.
Note that we may not erase your personal data even if you request us to in some cases, in particular when their processing is necessary for us to comply with the law (e.g. where we are legally required to keep the data) and for establishment, exercise and defence of legal claims. Please contact our Data Protection Officer at firstname.lastname@example.org.
7.4. The right to restrict processing
You have the right to ask AxFina to restrict how we process your personal data. This means that we are permitted to store your personal data but not further process it. We will restrict processing of your personal data in the following cases:
- if you want us to establish the data’s accuracy; we will restrict processing for the time needed to establish accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it (see Section 7.6 of this Privacy Notice on your right to object); we will restrict processing for the time needed for such verification;
When we restrict processing only temporarily (first and last case above), we will let you know when the restriction is lifted. Note that we are permitted to process your personal data in certain cases even if the processing is restricted, for example for establishment, exercise or defence of legal claims, protection of rights of other persons or for reasons of important public interest. If you want to request us to restrict processing of your personal data, please contact our Data Protection Officer at email@example.com.
7.5. The right to data portability
You can ask us to send you your personal data which you have provided to us yourself (see Section 2.1 of this Privacy Notice) in structured, commonly used and machine-readable format (this means that the data can be easily understood by a computer). You have the right to transfer such personal data to a different company (data controller), or ask us to do so directly. We will send you such personal data in case:
- we have been processing your personal data because you gave us your consent to do so or to perform a contract you have with AxFina or another company within our group; and
- we process your personal data by automated means (this means for example that we cannot give you your personal data in this form if we only have it in paper files).
For any additional questions, please contact our Data Protection Officer at firstname.lastname@example.org.
7.6. The right to object
When the legal basis for us to process your personal data is our legitimate interest, and you feel that because of your particular situation you no longer wish us to do so, you can at any time object to further processing of your personal data. In this case, we will stop processing your personal data. Note however that we are still allowed to continue to process your personal data even if you object, if our legitimate interests in a particular case outweigh your interests, rights and freedoms (meaning that your rights are not affected disproportionally, while it is important to us if we can continue processing), as well as for the establishment, exercise or defence of legal claims.
If you object to the processing of your personal data, please contact our Data Protection Officer at email@example.com.
7.7. The right to withdraw consent
If we process your personal data on the basis of your consent but you change your mind later, you have the right to withdraw your consent at any time, and AxFina will stop processing your personal data. If you withdraw your consent, our processing prior to your withdrawal will remain lawful. If you want to withdraw your consent, please contact our Data Protection Officer at firstname.lastname@example.org.
7.8. The right to complain to a supervisory authority
You have the right to complain to a personal data protection supervisory authority if you believe our processing of your personal data may be against the law. You may complain either to a supervisory authority in the place of your habitual residence (where you live most of the time), in the place where you work or in the place where you believe infringement may have happened. Depending on your choice, these supervisory authorities may be relevant to you if you wish to complain:
- Swiss Federal Data Protection and Information Commissioner (FDPIC); you can find their contact details at https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html
- Croatian Personal Data Protection Agency (AZOP); you can find their contact details at https://azop.hr/
- Slovenian Information Commissioner; you can find their contact details at https://www.ip-rs.si/
- Hungarian National Authority for Data Protection and Freedom of Information (NAIH); you can find their contact details at https://www.naih.hu/
- Hellenic Data Protection Authority (HDPA); you can find their contact details at https://www.dpa.gr/