1. Registrar
OK Incure OÜ
registry code 11542046
Mustamäe tee 16, 10617 Tallinn
2. Additional information
OK Incure OÜ
registry code 11542046
Mustamäe tee 16, 10617 Tallinn
mail@okincure.ee
3. Name of the register
OK Incure OÜ – recovery register
4. Legal basis and purpose for processing data
Legal basis for processing personal data pursuant to the General Data Protection Regulation (GDPR 2016/679) of the EU is the performance of the contract by the processor and its legitimate interest. The company conducts a debt recovery process and based on the aforementioned, the processing of personal data is legal.
The recovery of debt serves as the purpose for processing personal data.
5. Registered group
A register group consists of customers/debtors.
Other personal data directly related to the claim may also be recorded in the recovery register. Data on the customer, civil servants and the court involved in the process.
The company processes personal data related to the debt claim and to the debtor based on a contract concluded with the customer with the purpose of performing its contractual obligations and based on legitimate interest, relying on Article 6 (1) (b) and (f) of the GDPR. In this case, the company acts as an authorised processor and the creditor still remains the responsible processor, since the claim is not waived.
OK Incure OÜ also purchases debt claims of customers, in this case the creditor is replaced. In such cases the company processes personal data based on the waived contract and for the purpose of the performance of the contractual obligations, relying on Article 6 (1) (b) of GDPR.
During these processes, the company processes the contact data of a physical person (creditor), a member of the board or an employee of a legal person (creditor), a physical debtor and a member of the board of a legal debtor, a third person related to the debt procedure (e.g., a person who pays the debt for the debtor), an associated person and a guarantor and the data related to the claim that is purchased or pending.
Also, the company processes data related to the financial condition and payment behaviour of a physical debtor when providing a debt recovery service and purchasing debts. Such data comes from the debtor itself, from the creditor and public sources, such as the Land Register and the electronic state journal Ametlikud Teadaanded.
6. Information sources
Customers/creditors
Information available in public registers
Courts
Bailiffs
Credit Register (Creditinfo Eesti AS)
Tax and Customs Board
Population register
Information registers
Police and Border Guard Board
7. Collected data
Name
Personal identification code
Address
E-mail address
Information needed for the performance of tasks
Information available in public registers
Information about judgements
Information related to the procedure
Other information needed for the performance of the contract
8. Deletion of data
Personal data will be preserved for as long as it is necessary for the performance of debt recovery tasks and will be deleted after that according to the procedure rules established by the company.
9. Regular data transmission
Data is transmitted based on all the applicable laws and legal acts to:
customers/creditors
customers/debtors
courts
bailiffs, insolvency practitioners
Police and Border Guard Board
Creditinfo Eesti AS
Additionally, an authorised processor may use a subcontractor or a software provider for processing personal data. The authorised person is also responsible for the lawfulness of the processing.
In order to respond to the information inquiries of state authorities and courts, the company may issue personal data to state authorities (the police, security agencies, the prosecutor’s office, etc.) based on the legal act requiring the issue. The inquiry and the related correspondence and documents will be preserved for 10 years since the completion of the data protection requirement or justified refusal.
10. Description of technical and organisational security measures
The database is protected by firewall, usernames and passwords. The data in the register can only be processed by persons who are justified to do that due to their work tasks. The processors of personal data undertake to comply with the confidentiality requirement. The equipment and data communication are properly secured.
11. Data protection rights
According to the GDPR, a data subject is entitled to get acquainted with his/her personal data and obtain a copy of them, to require the transfer of his/her personal data to another authorised processor, to require the deletion, correction or amendment or limitation of processing of his/her personal data and to submit an objection for processing his/her personal data. These data protection rights are not unlimited and in each case, the company must assess whether and in which extend the legal acts related to data protection allow the fulfilment of such requests. For instance, the company will not delete data related to a debt claim and payment disorder data because processing such data is necessary for preparing, submitting and protecting legal claims. Based on the GDPR, this is the basis for refusing to delete the data.
For using one’s rights, please send us an e-mail to mail@okincure.ee. The data subject is entitled to submit an appeal to the Estonian Data Protection Inspectorate against the offered solution. The contact data of the Data Protection Inspectorate: telephone +372 627 4135; e-mail info@aki.ee; address Väike-Ameerika 19, Tallinn 10129.
