Register description as required by section 10 of the Personal Data Act (523/1999)
Ropo Capital Oy and its Finnish subsidiaries and branches
Business ID: 2495037-7
P.O. BOX 25, FI-70101 Kuopio
tel. +358 30 688 6600
2. Purpose of the processing of personal data
The personal data in the register are processed for the purpose of payment control, including the monitoring and maintenance of accounts receivable, and information on accounting and payment transactions. In addition, the data is used for professional debt recovery in both voluntary and judicial collection in cases concerning civil actions or criminal proceedings, bankruptcy, debt arrangement, corporate debt restructuring and applications, as well as in other recovery-related tasks and situations pertaining to reporting, monitoring, supervision, training, service development, service event authentication, consulting or customer relationship management.
Registered data are also used to carry out any obligations provided by law for a professional debt collector, and for statistical purposes, in which case the data are processed so that they cannot be identified to concern a certain person.
The register is also intended to enable the debt collector to store credit data derived from credit information registers, to convey such information to its contractual customers as per the provisions of the Credit Information Act, and to use the data when deciding on the possible debt collection measures.
The register will only contain data necessary for performing the above purposes.
The processing of personal data is based on a principal’s authorisation.
3. Description of the group of data subjects and data categories in the file
The register contains data on principals and their invoice/debt recovery customers. Data categories include customer identification number, name, personal/business ID number or date of birth, address, telephone number, e-mail address, names and contact details of contact persons or guardians, bank details, and other information on the principals or the customers necessary for carrying out the assignment.
In addition, data entered in the file may include the following:
- Invoicing and accounts receivable data
- Outstanding account, its amount and basis, and the settlement thereof
- Assignment number and progress-related information
- Recovery measures and the progress thereof
- Data submitted by the invoice/debt recovery customers themselves
- Data collected from authorities and public records necessary for the completion of the assignment, including public credit status information, regulatory decisions and implementation data
- Data submitted by the principal necessary for the completion of the invoicing and/or debt recovery assignment
- Owner and holder data of a vehicle
- Other data necessary for the completion of the assignment
- Telephone conversations with Customer Service. The recordings are used for improving customer service and for tracking customer interactions.
4. Regular data sources
Principals (assignments, customers, outstanding accounts)
Invoice/data recovery customers (personal data, outstanding accounts, settlements of debt)
Controller (Invoicing / debt recovery data)
Population Register Centre (address, personal data, guardianship data)
Legal Register Centre (bankruptcies, corporate debt restructuring, debt arrangements)
Credit information registers maintained by Bisnode Finland Oy and Suomen Asiakastieto Oy (public bad credit records)
Business Information System (business and organisation data)
Tax authorities (public tax data)
Finnish Patent and Registration Office (personal identification information)
Telephone number, address and contact information providers (phone numbers and addresses)
Local register offices (guardianship data)
Finnish Transport Safety Agency Trafi (owner and holder data of a vehicle)
In addition, information is obtained from courts of law, preliminary investigation authorities, recovery authorities and employment authorities.
5. Regular disclosure and transfer of data outside the EU or the EEA
Data may be transferred and disclosed from the register as permitted and obligated by the assignment agreements and the present legislation to, inter alia, the following:
- Invoice and/or debt recovery customers and their representatives
- Courts of law
- Recovery authorities
- Police authorities
- Credit information companies
- Telephone number, address and contact information providers for the purpose of data verification
The data will not be transferred or disclosed outside the EU or the EEA.
Data collected by credit information companies and retrieved from their credit information registers may be disclosed to contractual customers. The data will not be transferred or disclosed outside the EU or the EEA.
6. Principles for the protection of the data file
A. Manual data
Manual data are stored inside the controller’s premises in locked facilities protected by modern security systems, and will only be accessed by authorised staff members. The facilities are secured by an access control system and the employees are under a formal obligation of secrecy.
B. Electronic data
The register is used by staff members in charge of debt collection and other assignments. User authorisations have been defined separately for each person depending on their job description, and the personnel has been familiarised with relevant legislation. Register users are bound by an obligation to observe secrecy that will survive the termination of the access right. Register users are identified, use monitored and the user rights reviewed at regular intervals.
IT system is secured from outsiders and the servers protected with firewalls. File transfers are conducted over SSL and SSH encrypted connections. Logins and interfaces require authentication. User passwords are encrypted and login requires a user name, a password and a random verification code.
7. Right of access
A data subject has the right to access the data in their personal data file as per section 26 of the Personal Data Act. Written access requests with personal identification number and personal signature are to be submitted to:
Ropo Capital Oy
P.O. Box 25
The request must be submitted with a copy of an identity card containing the data subject’s signature.
The data subject has the right to require the controller to rectify erroneous data contained in a personal data file. Requests for rectification are submitted in writing to the address above. The request must specify the necessary corrections and the reasons why these are warranted and necessary.
Dispute resolution between a trader and a consumer in contractual matters
Disputes between a trader and a consumer are resolved through a judicial procedure or by a Consumer Disputes Board (www.kuluttajariita.fi)where the consumer can take the matter after contacting the consumer rights advisers at a Local Register Office (www.kuluttajaneuvonta.fi). The primary method of settling disputes is through negotiations between the trader and the consumer.