Privacy statement and information in the sense of the EU GDPR
The protection of your personal data is an important objective for us. Therefore, we want to use the privacy statement below to provide you (as a visitor to our website) with information on how your data are processed. You will, in particular, find out which data we collect from you, which purpose the processing of such fulfils, on which legal basis such data are processed and which rights you, as the data subject, have. Moreover, with this statement we concurrently also fulfil our information requirements according to the EU General Data Protection Regulation (EU GDPR).
On our website (referred to as “services” below), we provide a portal which you can, for example, use to agree a payment by instalments or which you can use to inform us of a change of address, etc. We point out that, in addition to your visit to this website, the data will also be processed for the purpose of accounts management.
Please note that the disclaimers, (data protection) legal notices and all the other data and information available at de.flow.riverty.com are only legally binding in the respective German version, even if there is a translation provided. This also applies in the case of own translations, e.g. using translation tools. In case of conflicts or discrepancies between the German version and a version in another language, the German version alone shall be binding.
Privacy notice regarding our services
1. Responsible body
Riverty Services GmbH
Gütersloher Str. 123
2. Data protection officer
Riverty Services GmbH
Mr Nils Unverhau
Gütersloher Str. 123
Whenever we refer to "we", "us" or the "company" below, this always refers to Riverty Services GmbH.
B) Purpose and legal basis for the processing of visitor data
1. Purpose of data processing
The data collected in the framework of your using our website are collected for the following purposes:
internal system-specific and statistical purposes
technical administration of the website
presentation & optimisation of the website
If you use a log-in for our services (portal use or portal), we will also, in addition, process your personal data for the following purposes:
answering, executing and implementing your request(s)
contract processing, accounts management and enforcing rights
2. Legal basis for data processing
Your personal data are processed during your use of our website on the basis of legitimate interests within the meaning of art. 6 sub-section 1 sentence 1 lit. f) and, if applicable, your consent within the meaning of art. 6 sub-section 1 sentence 1 lit. a) EU GDPR. The above-mentioned purposes constitute a legitimate interest.
More detailed information on the legal basis for data processing involving the cookies used is provided under section 4) Particularity: Cookies.
C) Scope of data processing use of the services
1. Categories of personal data
During your use of our website, we process the following visitor data:
randomised IP address
date and time
data of the requesting computer
identification data of the browser and operating system type
last page visited
If you log on to our portal using your access data, the following personal data may be processed, in addition:
master data (salutation, name, first name, title, date of birth, PIN)
correspondence contact data
data regarding the account
the IP of the requesting computer
At this point, we would like to point out that, of course, you are not obliged to specify your personal data in our portal. However, we ask for your understanding that, for data protection legislation reasons, some functions cannot be used without the entry of certain personal data.
2. Recipient of personal data
The visitor data processed in the framework of the use of this website are not, in principle, forwarded to third parties. Although we use service providers for hosting and maintaining our website, these service providers are required to comply with the statutory provisions in the framework of a data processing contract.
Upon instruction by the competent authority, we might, in a specific case, be required to provide information on data in as far as this is necessary for the purposes of prosecution or danger prevention.
3. Duration of data retention
The processed visitor data are only stored, in principle, for the duration of your visit. There might be deviations in the retention period for randomised data which are collected in the framework of the cookies used. Details on this are provided under section 4) Particularity: Cookies and in the cookie consent manager.
Apart from this, your personal data are deleted forthwith if the purposes for which they were collected cease to apply, or if the data required for processing are no longer needed to attain the purposes outlined. This does not apply in as far as the data are subject to statutory periods of retention (e.g. section 147 German Fiscal Code, section 257 German Commercial Code) or a retention is necessary to assert, exercise or defend legal claims (e.g. section 195 German Civil Code).
4. Particularity: Cookies
A) General information on cookies
Under the applicable law, we can save cookies on your device if these are absolutely necessary for the operation of this website. However, we need your permission for all other types of cookies. You can change or revoke your consent to the cookie statement on our website at any time.
Our services use different types of cookies. Some cookies which are needed for the above-mentioned purposes are placed by third parties. Information on which cookies or analysis tools are used specifically is provided for the Internet page in the cookie consent manager.
Essential cookies help to make a website usable by enabling basic functions, such as page navigation and access to secure areas of the website. Our services cannot work properly without these cookies.
Statistics cookies help us understand how visitors interact with websites by collecting and reporting anonymous information.
The analysis cookies are set at Matomo whenever you access the services and at least agree to the use of web tracking cookies. In doing so, the cookies remain for a maximum of 13 months, unless you delete them beforehand via the browser settings.
You have the option to update the cookie consent for web tracking at any time.
You can find more information on data processing at Matomo in the data protection declaration: matomo.org
D) Security notice
We have taken all necessary technical and organisational precautions to protect your personal data, in particular, against misuse. Your data are saved in a secure operating environment not accessible to the public. In line with this privacy statement, your information can only be accessed by specifically authorised persons.
Our information system is a secure area. A firewall has been installed to prevent access from other networks connected to the internet. Only employees who need the information to fulfil a special task are granted access to personal information. Our employees have received intensive training regarding data protection and security and are obliged to comply with the instructions.
Your personal data are encrypted via the so-called Secure Socket Layer Technology (SSL) in transmission. This means that the communication between your computer and the servers used here is ensured using an approved encryption procedure, as long as your browser supports SSL.
E) Your rights
If the legal preconditions are fulfilled, the data subject has the following rights according to art. 15 to 22 EU GDPR: A right to information, correction, deletion, restriction of processing and data portability.
Moreover, according to art. 14 section 2 c) in conjunction with art. 21 EU GDPR, the data subject has a right to object to processing based on art. 6 section 1 f) EU GDPR.
In accordance with art. 77 EU GDPR, data subjects have the right to lodge a complaint with a data protection supervisory authority if they are of the opinion that processing of personal data was not lawful. The supervisory authority having competence for our company is:
The State Officer for Data Protection and Freedom of Information
Kavalleriestraße 2 – 4
In addition, however, they can also contact the supervisory authority having competence at the place of their residence to lodge a complaint.
Data protection notice regarding debt collection proceedings
Who are we? – Identity of the responsible body
Riverty Services GmbH
Gütersloher Str. 123
Who is responsible for our data protection? – Contact data of the data protection officer
Riverty Services GmbH
Data Protection Officer: Nils Unverhau
Gütersloher Str. 123, 33415 Verl, Germany
Are we allowed to process data? – Purpose of processing and legal bases
Your data are processed for the purposes of contract processing, accounts management and the pursuit of rights. If the following legal bases are fulfilled, the data subject does not have to consent to data processing:
Of course, we are only allowed to process data if there is a legal basis for such. Processing by us is lawful if, at least, one of the conditions under article 6 EU GDPR is fulfilled. In principle, your data have to be processed to ensure the fulfilment of a contract with our client (art. 6 section. 1 sentence 1 lit. b EU GDPR). In addition, data processing according to art. 6 section 1 f) EU GDPR is required to preserve our legitimate interests, or the legitimate interests of a third party. Our legitimate interests comprise the enforcement of the outstanding account. Moreover, processing can also be carried out to comply with legal requirements (art. 6 section 1 sentence 1 lit. c EU GDPR) comprising, in particular, compliance with retention requirements.
Which data do we have from whom? – Data categories and sources
We process the following data categories: address data, banking data, credit rating information, claims data, communication data, master data, process data, contract data and, if required, payment data.
We are primarily provided with the data by our client. Further possible data sources can comprise credit agencies, field services, custodians, authorised recipients, service providers, third-party debtors, registration offices, legal representatives, trade offices, correctional facilities, publicly accessible information sources, lawyers, original creditors, our clients’ lawyers and the data subject himself/herself.
Who do we forward the data to? – The recipients
In the framework of the collection proceedings, your data are transferred to our client and, if applicable, to the following categories of recipients (should this be required and permitted): field teams, custodians, authorised representatives, service providers, third-party debtors, residents' registration offices, courts of law, bailiffs, legal representatives, trade offices, correctional facilities and lawyers.
Are data transferred to other countries? – Data transfer to third countries
In principle, all data are only processed in Germany. We only transfer data to countries in which EU GDPR does not apply (so-called third countries) in exceptional cases. We may only transfer data to third countries in accordance with art. 49 section 1 sub-section 1 lit. e EU GDPR if, and in as far as this is required, to assert, exercise or defend legal claims - e.g. because the creditor is based in a third country, has moved to a third country or uses foreign e-mail servers.
In as far as we process data in third countries via service providers (e.g. cloud services), these service providers are bound by contract to comply with the legal requirements under the EU GDPR.
For how long are data saved? – Term of data retention
Personal data are processed until the above-mentioned purposes have been fulfilled. This also includes the statutory retention requirements under the German Fiscal Code (AO), the Commercial Code (HGB) and the Sales Tax Act (UstG). After the purpose has been fulfilled, the data will be deleted.
Even after the matter has been concluded, we have to save the data for up to ten years in accordance with the laws referred to above. However, processing of your data is restricted in accordance with art. 18 EU GDPR. At that point, the data are subject to access restrictions (“blocked”).
Rights of the data subject
If the statutory preconditions are fulfilled, you have the following rights under art. 15 to 20 EU GDPR: A right to information, correction, deletion, restriction of processing and to data portability.
Moreover, according to art. 14 section 2 c) in conjunction with art. 21 EU GDPR, you have the right to object to data processing based on art. 6 sub-section 1 f) EU GDPR.
According to art. 77 EU GDPR, you have the right to lodge a complaint with a supervisory authority if you think that processing of your personal data is unlawful. The supervisory authority having competence regarding our company is: The State Office for Data Protection and Freedom of Information of North Rhine-Westphalia [Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen], Kavalleriestraße 2 – 4, 40213 Düsseldorf, Germany.