Who are we and what do we do?
Hoist Finance AB (publ) Germany Branch is part of the Hoist Finance AB (publ) group of companies and is responsible for the processing of your personal data. This means that we are the sole point of contact (controller) for questions in connection with the processing of your data at our location in Duisburg.
You can contact us at any time with your data protection questions at the following address:
Hoist Finance AB (publ) Germany Branch
Data Protection Officer
Schifferstr. 80
47059 Duisburg
Datenschutzbeauftragter@hoistfinance.com
What information do we store, for what purposes and for how long?
In our role as the new contact for your receivables transferred to our company, we use your data that was provided to us by the previous creditor in the course of the assignment of the receivable or by the client in the course of our assignment for debt collection (power of attorney for debt collection) or provided by you in the course of processing.
Data processing is carried out primarily for the purpose of debt realization and debt management. The processing of your data is necessary in accordance with Art. 6 (1) b) GDPR for the fulfillment of your obligations and contractual obligation to repay the existing claim(s) or in accordance with Art. 6 (1) f) GDPR to safeguard the legitimate interest of our client in effective legal prosecution with regard to its payment claims arising from the (terminated) credit relationship in question. As the new holder of the claim or the entity commissioned with the recovery, we are therefore authorized to process your personal data in this context in our company.
This also includes related processes such as contacting you by telephone and post, correspondence with debt counseling services, initiating legal action, processing payment transactions, etc.
Our main aim is to be able to better assess your personal situation by processing your data and to reach a mutually acceptable agreement on the repayment of your debts in the course of processing.
Data processing in the context of applicant management
Data processing in the context of applicant management
If you apply for a position at Hoist Finance AB (publ) branch in Germany or another company in the Hoist Group, either directly via our website or indirectly via external recruitment agencies, we will process your personal data for the purposes of applicant management. The purpose of processing your personal data is to manage the applications received, to select suitable candidates for vacancies and to prepare the necessary measures to conclude a contract (works council hearing, employment contract drafting) at Hoist Finance AB (publ) branch in Germany or another company in the Hoist Group. Furthermore, due to legal requirements, further data processing may occur than that mentioned.
Note: In this text, we refrain from using both the female and the male form or various forms of personal designations. The generic masculine addresses all readers and applies to all genders in all cases where this is not explicitly excluded.
To fulfil the aforementioned purposes, we process the following categories of personal data:
| Data category | Reason for processing | Legal basis for processing | Duration of storage |
| Personal master data, such as name, first name, title, gender, date of birth, application photo, communication data, such as address, email address, telephone/mobile number | For the purposes of applicant management, in particular communication with applicants, the organization of job interviews, etc. | Initiation or execution of contractual relationships, in accordance with Art. 88 GDPR in conjunction with Section 26 BDSG and Art. 6 Para. 1 (b) S-GVO | A maximum of 3 months from the date of completion of the applicant selection procedure and in the event of non-commencement of an employment relationship |
| Information from the CV, such as information about previous employers, qualifications, information about school/vocational school qualifications or studies, information about (association) memberships, other qualifications and certificates, etc. | For the purposes of evaluating the suitability of applicants for the vacant position. | Initiation or execution of contractual relationships, in accordance with Art. 88 GDPR in conjunction with Section 26 BDSG and Art. 6 Para. 1 (b) S-GVO | A maximum of 3 months from the date of completion of the applicant selection procedure and in the event of non-commencement of an employment relationship |
If you expressly agree to a longer storage of your personal data (e.g. for the purpose of considering your application documents in a possible further job advertisement), we will store them in accordance with your consent. You can revoke your consent to data processing in accordance with Art. 6 Paragraph 1 (a) GDPR at any time.
Where did we get your personal data from?
In principle, we process personal data that we receive from you when you contact us or submit your application. It may also happen that data is obtained from the following sources:
- From publicly accessible sources such as Xing, LinkedIn, etc.
- From third parties, in particular recruiters.
Disclosure of your personal data
We only pass on your personal data within our company to the departments and people who need this data to fulfill contractual and legal obligations or to implement our legitimate interests.
Otherwise, data will only be passed on to recipients outside of our company if legal provisions permit or require this, if the transfer is necessary to fulfill legal obligations or if we have your consent.
Your personal data is generally processed within the EU/EEA or in countries that the European Commission considers to have an adequate level of protection. Your data may leave the EU/EEA to countries that have not received an adequacy decision from the European Commission. This applies to technical support for maintaining our IT infrastructure. The IT service provider we use for these purposes is based in India and therefore your personal data may be processed at the service provider's headquarters in India.
In these cases, we have technical, organizational and contractual protective measures in place to ensure that personal data is processed and stored in accordance with the GDPR and that this data is adequately protected, even when transferred to a third country. Contractually, transfers to countries outside the EU/EEA or to countries without an adequacy decision by the European Commission are based on the standard data protection clauses adopted by the European Commission, a copy of which you can obtain by contacting us using the contact details above.
processing activities when using the online customer portal
In order to give our customers the best overview of their liabilities and easy management of payment orders, installment plans and individual repayments, we offer our own online customer portal with a social login function.
To use the functions of the online customer portal, you must set up an individual user account.
To maintain confidentiality, the personal data used to set up the user account must be properly verified. This takes place in two essential steps, which we would like to inform you about below.
Verification of authorization to use
If you decide to register an individual user account to use the online customer portal, we will first collect the customer number we have issued and assigned to you, your last name and your date of birth. The information you provide will be compared with the personal master data and claim data stored with us and used exclusively to verify your authorization to use.
Setting up a login (registration via social media or email account)
If the first step was completed successfully, you will go to the second step, where you must set up a login to register in our online customer portal. In addition to the usual registration process by providing a valid email address, you have the option of setting up a social login via the social media provider you have selected.
This offers you the advantage of being able to log in to the online customer portal in the future by simply entering the user data of the social media account you prefer and linked to our portal (for example Facebook, Linked in, Google, etc.).
If you decide to set up a social media login, after selecting the social media account to be linked, you will be redirected to the provider's login page by clicking on the respective provider's logo, where you can verify yourself as usual by entering your login data.
If you only want to use your preferred email account, simply enter your email address and the password you want to use to log in to our online customer portal in the input mask provided.
You will then receive a verification email, which you must first confirm. To do this, simply click on the verification link provided.
If your selected social media or email provider is successfully verified, it will send the relevant verification data to us via the authentication routine we use for this purpose, after which the verified social media account or your email address can be used to log in to our online portal.
The data processed exclusively to link your social media or email account with our online portal is transmitted via an encrypted connection (SSL/TLS encryption). It is technically impossible for us to take note of the security-critical login data you use (especially passwords) as part of the linking process.
The authentication solution we use is provided and operated by:
Auth0 Inc., 10900 NE 8th Street, Suite 700, Bellevue, WA 98004 (USA - United States)
The above service provider is obliged by standard contractual clauses (order processing) issued by the European Commission and agreed with us to ensure, through technical and organizational measures, that the processing of personal data carried out for the purpose of the service (authentication of portal users) is carried out in accordance with European data protection law, in particular the General Data Protection Regulation (GDPR).
Overview of the data categories processed for registration in the online customer portal
If a link to your social media account is set up for the purpose of social login, we process the following additional data categories exclusively for the technical processing of your registration on our online customer portal:
| Data categories | Reason for processing | Legal basis for processing | Duration of storage |
| Public profile data, such as name, first name, profile name, profile URL, gender, age) | To verify whether you are a customer of ours and therefore eligible to use the online customer portal. | Consent pursuant to Art. 6 Para. 1 (a) GDPR | Until the online customer account is closed or the consent given is revoked |
| Communication data, such as email address, hub IP, Auth0 ID, social media provider (e.g. Facebook), user logs (registration date, access date) | To provide you with the opportunity to verify yourself by setting up your own username and password or using your Facebook, LinkedIn, Microsoft, Google or other social media account | Consent pursuant to Art. 6 Para. 1 (a) GDPR | Until the online customer account is closed or the consent given is revoked |
| Technical data, such as information on the operating system (version), browser type (version) and language settings | To give you access to our online customer portal. | Consent pursuant to Art. 6 Para. 1 (a) GDPR | Until the online customer account is closed or the consent given is revoked |
Please note that the aforementioned data cannot be viewed during the processing of the claim. This is only used to provide the technical support for the social login function, which makes it easier for you to log into our online customer portal.
You are of course free to deactivate the Auth0 application's access to your social media account in the settings there. However, please note that by doing so you will also lose the option of logging into our online customer portal with these.
Overview of the personal data collected and processed when using the online customer portal
In the online customer portal you have the option of creating and managing repayment plans and making payments. If you decide to use the online customer portal, certain categories of personal data will be processed within the customer portal in order to offer you the aforementioned options. Our company also uses the email address or mobile number you provided for registration purposes to update the information we have about you and to contact you generally regarding the respective claim matter. The following categories of personal data are collected when using the online customer portal
| Categories | Reason for processing | Legal basis for processing | Duration of storage |
| Contact details, claim data as well as payment information and account details, such as name, first name, claim number, balance, telephone/mobile number, email address, payment history, etc.) | For debt management purposes, to give you an overview of your debts and to enable you to create and manage your repayment plan. | Mainly fulfillment of a contract, according to Art. 6 para. 1 (b) GDPR and on the basis of a legitimate interest | Some information until the customer account is closed and further information up to 10 years after the claim has been settled. |
| Contact details, claim data as well as payment information and account details, such as IBAN, BIC, account holder, etc. | For the purposes of tracking and allocating incoming payments. | Mainly performance of a contract, according to Art. 6 para. 1 (b) GDPR | Up to 10 years after the claim has been settled. |
| Communication data, such as email address and mobile number | For the purpose of updating your contact details with us and for general contact regarding the claim in question | Consent, according to Art. 6 para. 1 (a) GDPR | Until the online customer account is closed or the consent given is revoked |
Where did we get your personal data from?
The information processed to give you access to the online customer portal and use the portal's services is generally provided to us by you yourself as part of the registration process or when entering information in the online customer portal.
Disclosure of your personal data
Your personal data will generally not be disclosed, except in the situations described below:
Your personal data may be disclosed within the Hoist Finance group of companies to which we belong. For example, as part of the centrally managed IT infrastructure at group level. This helps to keep our systems functional and secure so that we can offer you the best possible service. Any disclosure is subject to security and data protection requirements.
We also pass on your personal data to carefully verified organizations for the following purposes:
- With our service provider for authentication solutions, which enables you to authenticate yourself for the purposes of accessing the online customer portal:
Auth0 Inc., 10900 NE 8th Street, Suite 700, Bellevue, WA 98004 (USA - United States)
The aforementioned service provider is obliged by the standard contractual clauses (order processing) issued by the European Commission and agreed with us to ensure, through technical and organizational measures, that the processing of personal data carried out for the purpose of the service (authentication of portal users) is in accordance with European data protection law, in particular the General Data Protection Regulation (GDPR).
- With our service provider for payment processing, which offers you various payment options (SOFORT, Klarna, Apple/Google Pay, etc.):
Adyen B.V., Simon Carmiggelstraat 6-50, 1011 DJ Amsterdam (Netherlands)
processing activities for the purposes of debt collection
In order to properly fulfil the aforementioned purposes and to act appropriately and fairly, we process the following types of personal data, always in compliance with data protection requirements and applying appropriate controls, such as encryption, internal access rights and regular audits, to protect your data securely and accordingly.
| Data category | Reason for processing | Legal basis for processing | Duration of storage |
| Personal master data, such as name, first name, gender, address, place of residence | Required for contacting you in the context of debt processing, in particular to ensure your identity. | The legal basis for data processing is Art. 6 Para. 1 (b) General Data Protection Regulation (GDPR). In accordance with the aforementioned legal basis, our company is entitled to process your personal data for the purposes of processing the fulfillment claim from the original loan agreement (processing of a contract). After the respective claim(s) have been fully settled, we will also process your personal data to comply with statutory retention periods, in accordance with Art. 6 Para. 1 (c) GDPR. | Up to 10 years from the date of settlement of the claim (settlement, waiver, etc.) |
| Communication data, such as address, email address, telephone number, mobile number, fax number | Required for contacting you in the context of debt collection. | Up to 10 years from the date of settlement of the claim (settlement, waiver, etc.) | |
| Claim data, such as claim balance, termination date, data concerning payment agreements, titles and settlements | Required for claims processing in general, especially for tracking claims development, documenting claims-related correspondence, etc. | Up to 10 years from the date of settlement of the claim (settlement, waiver, etc.) | |
| Contract data, such as information on the creditor, the loan disbursement, the type of contract (leasing, consumer loans, building financing, etc.) Company data, such as company name, legal form | Required for the proper alignment of claims processing. | Up to 10 years from the date of settlement of the claim (settlement, waiver, etc.) | |
| Payment information, such as statements of claims, account overviews, payment/booking historyAccount details, such as IBAN, BIC, account holderEconomic data, such as information on income, insolvency data, employer, maintenance obligations, expenses, information on other liabilities and creditworthiness data | Necessary for the proper tracking of receivables developments and for making appropriate recovery proposals. | Up to 10 years from the date of settlement of the claim (settlement, waiver, etc.) | |
| Special data, such as information on care and health data in the form of classifications | Necessary for the proper and fair organisation of claims processing, in particular communication and the submission of recovery proposals appropriate to the situation. | Up to 10 years from the date of settlement of the claim (settlement, waiver, etc.) |
Where did we obtain your personal data from?
Your personal data was originally transferred to us by the respective creditor as part of the assignment of the claim or by the claim holder as part of our assignment to collect the claim.
Further information is usually collected directly from you as part of the claim processing; for example, by means of correspondence and telephone conversations between you and our employees.
We also collect data if necessary by commissioning processors or third parties who provide us with current information about you such as telephone numbers or address details.
Information is also collected from other sources such as public registers and information from other organizations involved in the claim processing such as debt advisors, courts, lawyers, land registries, etc.We may also retain records of your access to, and use of our website to enhance your experience. Please see the cookies page for further information.
Disclosure of your personal data
The protection of your personal data is an important concern of our company. For this reason, your data will only be processed for the purposes stated above and only passed on to third parties within the framework of the statutory provisions, provided that this is necessary for the proper processing of the claim.
As part of the realization of claims and claims management, we may transmit your personal data to the following categories of recipients, and only if this is necessary for the proper processing of the claim to which we are entitled or to comply with legal obligations:
Address service providers, credit agencies, supervisors, service providers, third-party debtors, residents' registration offices, investigative authorities, courts, bailiffs, insolvency administrators, lawyers, other authorized representatives, other bodies authorized to transmit data (in particular authorities).
Like all larger companies, we commission various service companies to maintain our business operations and other company-specific services such as telephony and office management, which may also have access to personal data within the framework of such service contracts (contract processors).
We have extensive contractual agreements with the aforementioned companies, which are to be qualified as data processors in the sense of data protection law, in accordance with Art. 28 of the General Data Protection Regulation (GDPR), which guarantee the protection of your personal data.
In individual cases, your personal data may be processed in a third country, i.e. in a country outside the European Union or the European Economic Area.
We use an external service provider whose headquarters are in India to maintain, remotely maintain and administer our company's systems and IT infrastructure. The service provider mentioned acts as our company's data processor in accordance with Art. 28 of the GDPR. In any situation in which a transfer to a third country takes place, we have implemented and established appropriate technical, organizational and contractual protective measures in order to be able to guarantee an appropriate level of protection of the processed data at all times. Contractually, the transfer is based on the so-called standard contractual clauses on data protection of the European Union. We can provide you with a copy of these standard contractual clauses on request.
Recording of incoming (telephone) conversations
When making contact by telephone, we record incoming telephone calls based on the consent you gave at the beginning of the conversation, in accordance with Art. 6 Paragraph 1 (a) GDPR. The recording of telephone calls serves to ensure and improve the quality of customer service and is used for training purposes with our employees.
Any technical information acquired in connection with a recording (see the data categories processed below) is used for the systematic storage and allocation or retrieval of the recordings.
When recording the telephone call and to achieve the aforementioned purposes, the following data categories are recorded by our company
| Data category | Reason for processing | Legal basis for processing | Duration of storage |
| Information provided as part of the recording regarding the respective claim. This includes:Personal master data (name, first name, address, place of residence)Communication data (address, email address, telephone number, mobile number)Claim data (balance, termination date, payment agreements, titling, settlements)Contract data (prior creditor, loan disbursement, type of contract (leasing, consumer loan, building finance, etc.))Payment information (claim statement, account overview, payment/booking history)Account data (IBAN, BIC, account holder)Economic data (income, insolvency data, employer, maintenance obligations, expenses, other liabilities, creditworthiness)Company data (company name, legal form)Special data (care, health data (classified)) | Quality assurance and improvement in customer service and for training purposes. | Your consent to recording given at the beginning of the conversation, in accordance with Art. 6 Para. 1 (a) GDPR. | Up to 6 months after the end of the telephone call. |
| Technical information, such as duration of the call, time of the call, etc. | Processing for the purposes of statistical surveys relating to the volume of telephone calls, etc. | Legitimate interest, according to Art. 6 para. 1 (f) GDPR | Up to 6 months after the end of the telephone call. |
According to Art. 7 GDPR, you have the right to revoke your consent to the processing of your personal data for the purpose of recording a telephone call at any time. Please note that the revocation only takes effect for the future.
Processing that took place before the revocation is not affected. Please also note that we may need to store certain data for the purpose of fulfilling legal requirements.
Where did we get your personal data from?
When recording telephone calls, we process your personal data exclusively on the basis of your prior consent for the purposes of quality assurance and quality improvement.
For these purposes, we only process data that you send to us yourself as part of the recorded telephone call or that we request from you.
Disclosure of your personal data
We only pass on your personal data within our company to the departments and people who need this data to evaluate your evaluation of our services.
Data is not passed on to recipients outside our company.
Your personal data is generally processed within the EU/EEA or in countries that the European Commission considers to have an adequate level of protection.
In individual cases, your data may be processed in countries that have not received an adequacy decision from the European Commission. This applies in particular to technical support for maintaining our IT infrastructure. The IT service provider we use for these purposes is based in India and therefore your personal data may be processed at the service provider's headquarters in India.
In these cases, we have technical, organizational and contractual protective measures in place to ensure that personal data is processed and stored in accordance with the GDPR and that this data is adequately protected even when transferred to a third country. Contractually, transfers to countries outside the EU/EEA or to countries without an adequacy decision from the European Commission are based on the standard data protection clauses adopted by the European Commission, a copy of which you can obtain by contacting us using the contact details above.
Use of the chatbot
If you decide to use our chatbot to clarify general questions about your claim, the customer portal or other topics, we usually collect general information from you, which we use to identify you. In particular, if you want to use our chatbot to ask for your customer number or your outstanding claim balance, we collect information about your name, address, date of birth and, if applicable, your customer number to verify your identity.
Furthermore, communication with the chatbot or in the event of forwarding to a human chat partner is always recorded. The recordings made are irretrievably anonymized after a period of 60 minutes after the end of the chat. This means that all personal data from the chat history is permanently anonymized so that no personal reference can be made.
In order to properly fulfill the aforementioned purposes, the following categories of data are processed by our company:
| Data category | Reason for processing | Legal basis for processing | Duration of storage |
| personal master data (name, first name, address, place of residence) | Mainly to identify you as a customer of our company | Consent given by you, in accordance with Art. 6 Para. 1 (a) GDPR. | Up to 60 minutes after the chat ends. |
| communication data, such as address | |||
| Claim data, such as claim/customer number | |||
| Chat history, recording of communication between user and chatbot as well as user and human chat partner | To process and follow up on the respective request | Consent given by you, in accordance with Art. 6 Para. 1 (a) GDPR. | Up to 60 minutes after the chat ends. |
| Technical information such as browser version, browser type, etc. | Processing for the purposes of statistical surveys relating to the use of the chatbot, etc. | Legitimate interest, according to Art. 6 para. 1 (f) GDPR | Up to 60 minutes after the chat ends. |
Where did we get your personal data from?
We only process personal data that you provide to us as part of the survey.
Disclosure of your personal data
We only pass on your personal data within our company to those departments and people who need this data to evaluate your assessment of our services.
Data is not passed on to recipients outside our company.
Your personal data is generally processed within the EU/EEA or in countries that the European Commission considers to have an adequate level of protection.
In individual cases, your data may be processed in countries that have not received an adequacy decision from the European Commission. This applies in particular to technical support for maintaining our IT infrastructure. The IT service provider we use for these purposes is based in India and therefore your personal data may be processed at the service provider's headquarters in India. In these cases, we have technical, organizational and contractual protective measures in place to ensure that personal data is processed and stored in accordance with the GDPR and that this data is adequately protected, even when transferred to a third country. Contractually, transfers to countries outside the EU/EEA or to countries without an adequacy decision by the European Commission are based on the standard data protection clauses adopted by the European Commission, a copy of which you can obtain by contacting us using the contact details above.
Data protection information for invitations to and participation in satisfaction surveys
We may also process your data for the purpose of the satisfaction survey by telephone or to send you invitations to participate in online surveys by email or SMS. The processing of your personal data for this purpose is based exclusively on your consent to do so, in accordance with Art. 6 Para. 1 (a) GDPR.
The following categories of personal data are processed as part of such satisfaction surveys:
| Data category | Reason for processing | Legal basis for processing | Duration of storage |
| Communication data, such as email address, telephone/mobile number. | Processing for the purposes of sending invitations to such surveys and, if you decide to participate non-anonymously, for evaluating the answers and, if necessary, for subsequent communication with you (e.g. in the event of queries) | Consent, according to Art. 6 para. 1 (a) GDPR | Maximum of 3 months after participating in a survey |
You can object to the use of your personal data for the purposes of the satisfaction survey and to send invitations to online surveys at any time without giving reasons. Please contact the data protection officer to do so.
Participation in such a survey is entirely voluntary and also completely anonymous. However, after completing the survey, you have the option of providing us with one or more contact options (email address or telephone/mobile number) through which we can contact you with specific questions about your assessment of our services.
Any processing of personal data as part of participation in such a survey is based exclusively on your separate consent for these purposes, which you can revoke at any time without giving reasons.
Where did we get your personal data from?
We only process personal data that you provide to us yourself as part of the survey.
Disclosure of your personal data
We only pass on your personal data within our company to the departments and people who need this data to evaluate your assessment of our services.
Data is not passed on to recipients outside our company.
Your personal data is generally processed within the EU/EEA or in countries that the European Commission considers to have an adequate level of protection.
In individual cases, your data may be processed in countries that have not received an adequacy decision from the European Commission. This applies in particular to technical support for maintaining our IT infrastructure. The IT service provider we use for these purposes is based in India and therefore your personal data may be processed at the service provider's headquarters in India. In these cases, we have technical, organizational and contractual protective measures in place to ensure that personal data is processed and stored in accordance with the GDPR and that this data is adequately protected, even when transferred to a third country. Contractually, transfers to countries outside the EU/EEA or to countries without an adequacy decision from the European Commission are based on the standard data protection clauses adopted by the European Commission, a copy of which you can obtain by contacting us using the contact details above.
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used without authorization or accessed, altered or disclosed in an unauthorized way. In addition, we restrict access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our specific instructions and are bound by a duty of confidentiality.
In particular, we have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a suspected breach where this is appropriate and required by law.
Your rights as a data subject
Right of information:
In accordance with Art. 15 GDPR, you have the right to request information about your personal data processed by our company. Please send any requests for information in writing to
Hoist Finance AB (publ) Germany branch
Data Protection Officer
Schifferstr. 80
47059 Duisburg
datenschutzbeauftragter@hoistfinance.com
to be addressed to.
Right to rectification:
Furthermore, you have the right to request the rectification or completion of the data concerned if it is determined that your data processed by our company is incorrect or incomplete in accordance with Art. 16 GDPR. You are welcome to notify us of this in a personal telephone conversation with the person responsible for you. However, we may have to ask you to provide suitable evidence of the changes you have requested.
Right to restriction of processing:
If you are of the opinion that the personal data stored by us is incorrect or is being processed unlawfully or that we have no legitimate interest in processing this data, you can request that processing be restricted until the matter has been clarified.
Right to object to processing:
If applicable, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, unless the processing is carried out in accordance with Art. 21 (1) GDPR on compelling legitimate grounds that outweigh the interests, rights and freedoms of the data subject or the processing serves to assert, exercise or defend legal claims.
If you wish to exercise this right, please send your objection by post and address it to the data protection officer (see above).
Please note that the aforementioned rights are subject to further restrictions, such as those set out in Sections 34 and 35 of the German Federal Data Protection Act (BDSG).
Right to data portability:
This right enables you to receive the information you have provided to us in a structured, commonly used and machine-readable format so that you can reuse it for your own purposes and forward it directly to other services. This only applies to data that we use on the basis of consent given or for the purposes of fulfilling a contract.
Rights in relation to automated decision-making and profiling:
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In such cases, we would be obliged to give you the opportunity to obtain human intervention, express your point of view and contest the decision. In such cases, we would also explain the logic and procedures behind the automated decision-making.
Profiling is defined as any form of automated processing designed to evaluate certain personal aspects of an individual in order to analyse or predict aspects of that individual's personal circumstances, behaviour or capabilities. The processing must be fair and transparent, use appropriate mathematical or statistical procedures, implement appropriate controls to minimise inaccuracies and protect personal data.
We do not use such automated individual decision-making.
Right to erasure (“right to be forgotten”):
You have the right to have the data stored about you erased if it is
- no longer necessary for the purpose for which it was originally collected,
- if you withdraw your consent to the processing,
-or if the processing is unlawful.
However, please note that we are also subject to certain legal obligations that prevent us from erasing all your data immediately after the original purpose of processing no longer applies. For example, we are legally obliged to continue to retain certain data for the purposes of complying with statutory retention obligations, which arise, among other things, from the Banking Act (KWG) Section 25a, the Fiscal Code (AO) Section 147 and the Commercial Code (HGB) Section 257. However, all data that we are prohibited from deleting will be blocked and, as soon as we are no longer obliged to retain it, deleted or anonymized.
Supervisory complaint:
According to Art. 77 GDPR, you have the right to complain to the responsible supervisory authority if you believe that the processing of personal data concerning you is not lawful. The complaint should be addressed to the
State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
https://www.ldi.nrw.de/
Changes or adjustments to the privacy policy
We regularly review and update this privacy policy. Significant updates or adjustments, which in particular affect the way in which your data is processed (e.g. changes of purpose), will be shown to you in advance. Minor changes to the privacy policy will be made without additional notification.
This privacy policy was last updated: on 08.10.2024.
Contact
Please contact us if you have any concerns, complaints or questions about our privacy policy, the data stored about you or the basis on which we process this data:
Hoist Finance AB (publ) German branch
Data protection officer
Schifferstr. 80
47059 Duisburg
Datenschutzbeauftragter@hoistfinance.com
Consumer information
Legal information
Content:
Content of the online offer
References and links
Copyright and trademark law
Dispute resolution procedure for consumers
Complaints
Legal validity Disclaimer
1. Content of the online offer
We assume no liability for the topicality, correctness, completeness or quality of the information provided. Liability claims against Hoist Finance AB Germany branch, which relate to damages of a material or immaterial nature caused by the use or non-use of the information provided or by the use of incorrect and incomplete information, are fundamentally excluded, unless Hoist Finance AB Germany branch can be proven to have acted intentionally or with gross negligence.
All offers are non-binding and subject to change. Hoist Finance AB Germany branch expressly reserves the right to change, add to or delete parts of the pages or the entire offer without separate notice, or to temporarily or permanently stop publication.
2. References and links
In the case of direct or indirect references to external websites (“hyperlinks”) that are outside the area of ​​responsibility of Hoist Finance AB Branch Germany, a liability obligation would only come into force if Hoist Finance AB Branch Germany had knowledge of the content and it would be technically possible and reasonable for it to prevent use in the event of illegal content. Hoist Finance AB Branch Germany hereby expressly declares that at the time the link was created, no illegal content was recognizable on the pages to be linked.
Hoist Finance AB Branch Germany has no influence on the current and future design, content or authorship of the linked/connected pages. Therefore, it hereby expressly distances itself from all content of all linked/connected pages that were changed after the link was created.
This statement applies to all links and references set within the company's own Internet offering as well as to third-party entries in guest books, discussion forums, link directories, mailing lists and in all other forms of databases set up by Hoist Finance AB, Germany branch, and in all other forms of databases whose content can be accessed externally.
The provider of the page to which reference was made is solely liable for illegal, incorrect or incomplete content and in particular for damages resulting from the use or non-use of such information, not the person who merely refers to the respective publication via links.
3. Copyright and trademark law
Hoist Finance AB, Germany branch, endeavors to observe the copyrights of the images, graphics, audio documents, video sequences and texts used in all publications, and to use images, graphics, audio documents, video sequences and texts created by itself or to use license-free graphics, audio documents, video sequences and texts.
All brands and trademarks mentioned on the website and possibly protected by third parties are subject without restriction to the provisions of the applicable trademark law and the ownership rights of the respective registered owners. The mere mention of a trademark does not imply that it is not protected by third-party rights!
The copyright for published objects created by Hoist Finance AB Germany Branch itself remains solely with the author of the pages. Reproduction or use of such graphics, audio documents, video sequences and texts in other electronic or printed publications is not permitted without the express consent of Hoist Finance AB Germany Branch.
4. Dispute resolution procedure
In accordance with Section 36 of the Consumer Dispute Resolution Act (VSBG), we would like to point out that our company is neither legally obliged nor willing on a voluntary basis to participate in an out-of-court dispute resolution procedure before a consumer arbitration board.
5. Complaints
You can submit your request or a complaint either by telephone, email or post to
Email: Complaint-Management@hoistfinance.com
Address: Schifferstr. 80, 47059 Duisburg
If desired, please send written submissions to the attention of the complaints manager. Our aim is to resolve your concerns or complaints as quickly as possible and to send you an answer within 14 days.
6. Legal validity of this disclaimer
This disclaimer is to be regarded as part of the internet offer from which reference was made to this page. If parts or individual formulations of this text do not, no longer or not completely correspond to the applicable legal situation, the remaining parts of the document remain unaffected in their content and validity.
