Our company regularly performs credit checks to determine your creditworthiness when concluding contracts and, in certain cases when we have a legitimate interest, for current customers. For this purpose, we cooperate with the following commercial and consumer credit agencies from whom we obtain the required data:
Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss
CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich
Information regarding Creditreform Boniversum GmbH provided pursuant to Art. 14 GDPR
Creditreform Boniversum GmbH is a consumer credit agency. It maintains a database in which creditworthiness information regarding private individuals is stored.
Drawing on this database, Creditreform Boniversum issues creditworthiness information to its clients. These clients include (for example) banks; leasing companies; insurance companies; telecommunications companies; accounts receivable management companies; mail order, wholesale and retail companies; and other companies that supply goods or perform services. Some of the data stored in the agency database are also supplied (within the scope of statutory provisions) to other corporate databases for use in address trading and other purposes.
The data stored in the Creditreform Boniversum database include in particular the name, address, date of birth, email address as relevant, payment history and the holdings of individuals. The purpose of the processing of the stored data is the provision of information regarding the creditworthiness of the person who is the subject of the enquiry. Legal basis for the processing is point (f) of Art. 6 (1) GDPR. Information about these data may consequently be provided solely if and when a client can credibly claim a legitimate interest in obtaining this information.
Insofar as data are stored in countries outside the EU, the storage is based on so-called “standard contractual clauses”; click on the link below
to view these clauses or to request that they be sent to you.
The data are stored as long as knowledge of them is required for achieving the purpose of the storage. As a rule, knowledge of the data is required for a storage period of initially three years. Upon expiration of this period, the data are reviewed to determine whether continued storage is required; otherwise, the data are erased to the day exactly. If a matter has been settled, the data are erased three years to the day exactly after settlement. Pursuant to Section 882e ZPO [Civil Procedure Code], entries in the records of debtors are erased three years to the day exactly after the day of the registration order.
Legitimate interests within the sense of point (f) of Art. 6 (1) GDPR may be a decision about a loan, initiation of a business relationship, holdings, claims, credit checks, insurance policies, information regarding debt execution.
You have a right to obtain information from Creditreform Boniversum GmbH about your personal data that have been stored by this company. Insofar as data stored about you are inaccurate, you have a right to their rectification or erasure. If it is not possible to determine immediately whether the data are inaccurate or correct, you have the right to request restriction of the data processing until clarification. If your data are incomplete, you can request their completion.
Insofar as you have given your consent to the processing of your data stored at Creditreform Boniversum, you have the right to withdraw this consent at any time. The withdrawal of consent is without prejudice to the lawfulness of the processing of your data based on your consent before its withdrawal.
If you have any objections, requests or complaints relating to privacy, you may contact the data protection officer of Creditreform Boniversum at any time. The officer will quickly and confidentially aid you further in all issues relating to privacy. You may also lodge a complaint about Boniversum’s processing of your data with the state data protection officer who is competent for your state [Bundesland].
The data about you that Creditreform Boniversum has stored are obtained from publicly available sources and from debt collection agencies and their clients.
Creditreform Boniversum generates a score value based on your data to describe your creditworthiness. The score value is based on data about your age and sex, address data and, in part, on payment history data. These data are weighted according to various criteria and used to calculate your score value. The Creditreform Boniversum clients use the score values as an aid when making their independent decisions about extending credit.
Right to object:
The processing of the data at Creditreform Boniversum GmbH is based on compelling legitimate interests of creditor and credit protection that generally override your interests, rights and freedoms or serves the establishment, exercise or defence of legal claims. You can object to the processing of data solely on the basis of grounds that relate to your particular situation and that must be verified. If the existence of such particular grounds is verified, the data will no longer be processed. If you object to the processing of your data for advertising and marketing purposes, the data will no longer be processed for these purposes.
The controller within the sense of Art. 4 no. 7 GDPR is Creditreform Boniversum GmbH, Hellersbergstr. 11, 41460 Neuss. Your contact at our company is the Consumer Service, phone: 02131 36845560, fax: 02131 36845570, email: selbstauskunft(at)boniversum.de.
You can reach the competent data protection officer at the following contact data: Creditreform Boniversum GmbH, Data Protection Officer, Hellersbergstr. 11, 41460 Neuss, email: datenschutz(at)boniversum.de.
Information regarding CRIF Bürgel GmbH provided pursuant to Art. 14 GDPR
1. Name and contact data of the controller and of the company data protection officer
CRIF Bürgel GmbH, Radlkoferstrasse 2, 81373 Munich, phone +49 40 89803–0.
The company data protection officer of CRIF Bürgel GmbH can be reached at the above address, Attn.: Data Protection Department, or by email at datenschutz(at)buergel.de.
2. Data processing by CRIF Bürgel GmbH
2.1 Purposes of the data processing and legitimate interests that are pursued by CRIF Bürgel GmbH or a third party
CRIF Bürgel GmbH processes personal data so that it can provide information for the assessment of the creditworthiness of natural and legal entities to legitimate recipients. It also calculates and communicates score values for this purpose. It provides the information solely if a legitimate interest in the information is credibly presented in the specific case and the processing, after weighing of all interests, is lawful. The legitimate interest exists in particular before the conclusion of business transactions with a risk of financial loss. The credit check serves to protect the recipients from losses in credit business and simultaneously offers an opportunity for advising to protect borrowers from excessive indebtedness.
Moreover, the processing serves to prevent fraud, to prevent money laundering, to check identities, to determine addresses, to provide customer care, for direct marketing or for risk management. CRIF Bürgel GmbH will provide information about any changes in the purposes of the data processing in accordance with Art. 14 (4) GDPR.
2.2 Legal basis for the data processing
CRIF Bürgel GmbH processes personal data on the basis of the provisions of the General Data Protection Regulation. The data are processed on the basis of consent and on the basis of point (f) of Art. 6 (1) GDPR insofar as the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The legitimate interest exists in particular before the conclusion of business transactions with a risk of financial loss.
Any consent that has been given may be withdrawn at any time by notification of the relevant contract party. The above provision applies as well to consent that was granted before the entry into force of the GDPR. The withdrawal of the consent is without prejudice to the lawfulness of the processing of the personal data prior to the withdrawal.
2.3 Origin of the data
CRIF Bürgel receives its data from your contract partners. These are companies located in the European Economic Area or in Switzerland from the sectors retail trade, services, rental and leasing services, energy utilities, telecommunications, insurance or debt collection as well as banks, financial and payment service providers and other contract partners who use the CRIF Bürgel products for the purposes specified under Section 2.1. Moreover, CRIF Bürgel GmbH processes information from generally accessible sources such as public registries and official announcements (Commercial Register, records of debtors, bankruptcy announcements).
2.4 Categories of personal data that are processed
- Personal data (e.g. surname (including any previous surnames, for which information is provided upon separate request), first name, date and place of birth, address, previous addresses)
- Information regarding undisputed, due claims for which multiple dunning notices have been issued or which are legally enforceable and their settlement
- References to dishonest or other fraudulent behaviour and misrepresentations of identity or creditworthiness in relation to contracts for telecommunications services or contracts with banks or financial services providers (loan or investment agreements, giro accounts)
- Information from public registries and official announcements
- Probability values
2.5 Categories of recipients of personal data
Recipients are contract partners from the sectors designated in Section 2.3. Any transfer of data to countries outside of the European Economic Area is carried out in compliance with the requirements of the European Commission. Other recipients may be processors engaged by CRIF Bürgel GmbH in accordance with Art. 28 GDPR.
2.6 Duration of the data storage
CRIF Bürgel GmbH stores information about persons solely for a specific time period. The decisive criterion for the definition of this time period is necessity. Details about the storage periods have been set forth in a code of conduct of the association “Die Wirtschaftsauskunfteien e.V.” that can be viewed on the internet at the address www.crifbuergel.de/de/datenschutz. According to this code, the general storage period of personal data is always three years to the day exactly after completion of the purpose for which they are required. In derogation therefrom, certain data will be erased (non-exhaustive list):
- Data from the records of debtors at the central debt execution courts after three years to the day exactly, but earlier if CRIF Bürgel GmbH receives verification of an erasure by the central debt execution court.
- Information about consumer/bankruptcy proceedings or residual debt discharge proceedings three years to the day exactly after conclusion of the bankruptcy proceedings or issue of the residual debt discharge. Data may also be erased earlier if there are special circumstances in specific cases.
- Information about the dismissal of a bankruptcy petition due to lack of assets, the cancellation of security measures or the failure of the residual debt discharge after three years to the day exactly.
- Previous addresses remain stored for three years to the day exactly; at that time, they are reviewed to determine any necessity for continued storage for another three years. They are subsequently erased to the day exactly unless continuation of the storage for a longer period is required for identification purposes.
3. Data subject rights
Every data subject has with respect to CRIF Bürgel GmbH the right to access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR and the right to restriction of the processing pursuant to Art. 18 GDPR. Furthermore, it is possible to lodge a complaint with the supervisory authority competent for CRIF Bürgel GmbH, the Bayerische Landesamt für Datenschutzaufsicht. Any consent that has been given may be withdrawn at any time by notification of the relevant contract party. Pursuant to Art. 21 (1) GDPR, objection may be raised to data processing for reasons relating to the particular situation of the data subject. The objection may be raised without regard to form and is to be submitted to CRIF Bürgel GmbH, Data Protection, Radlkoferstrasse 2, 81373 Munich.
4. Profiling (scoring)
Before entering a business transaction involving commercial risk, business partners always like to be able to assess as clearly as possible whether their partners will be able to comply with the payment obligations they have assumed. CRIF Bürgel GmbH supports companies in making these decisions by providing information and by the use of so-called probability values; in doing so, it fosters the rapid processing of everyday credit transactions (for goods). During this process, the collected information and experience from the past are used as a basis for a forecast of future events. CRIF Bürgel GmbH calculates the probability values primarily on the basis of the information about a data subject stored at CRIF Bürgel GmbH, which is also disclosed in the information pursuant to Art. 15 GDPR. Address data are used as well. Based on the entries and other data stored about them, the subjects are classified in statistical groups of persons whose past payment histories are similar. The processed used here is known as “logistic regression” and is an established, mathematical-statistical method long proven in actual practice for the forecast of risk probabilities.
CRIF Bürgel GmbH uses the following data for score calculation, although not every type of data is used in every single score calculation: date of birth, sex, shopping cart value, address data and length of residence, previous payment irregularities, public negative features such as non-submission of information about assets, satisfaction of creditors precluded, satisfaction of creditors not verified, debt collection and debt collection monitoring proceedings.
CRIF Bürgel GmbH does not itself make any decisions; it merely supports the parties contracting its services with its information during their decision-making processes. The assessment of risk and decision about creditworthiness is strictly the concern of the direct business partner because only this party has access to substantial additional information. This is also the case, however, if and when the business partner relies solely on the information and probability values from CRIF Bürgel GmbH.