Privacy statement and information in the sense of the EU GDPR

The protection of your personal data is an important objective for us. Therefore, we want to use the privacy statement below to provide you (as a visitor to our website) with information on how your data are processed. You will, in particular, find out which data we collect from you, which purpose the processing of such fulfils, on which legal basis such data are processed and which rights you, as the data subject, have. Moreover, with this statement we concurrently also fulfil our information requirements according to the EU General Data Protection Regulation (EU GDPR).  

On our website and mobile apps (referred to as “services” below), we provide a portal which you can, for example, use to agree a payment by instalments or which you can use to inform us of a change of address, etc. We point out that, in addition to your visit to this website, the data will also be processed for the purpose of accounts management. More detailed information on the purposes, the legal basis and the scope of processing of your data, sources and recipients of personal data, as well as the period for which your data are stored in the collection proceedings, is provided here: Data protection information regarding collection proceedings

Please note that the disclaimers, (data protection) legal notices and all the other data and information available at de.flow.riverty.com are only legally binding in the respective German version, even if there is a translation provided. This also applies in the case of own translations, e.g. using translation tools. In case of conflicts or discrepancies between the German version and a version in another language, the German version alone shall be binding. 

Riverty Services GmbH  
Gütersloher Str. 123
33415 Verl
Germany

Riverty Services GmbH
Mr Nils Unverhau
Gütersloher Str. 123
33415 Verl
Germany
 
@email

The data collected in the framework of your visit to our website are collected for the following purposes:

• internal system-specific and statistical purposes
• technical administration of the website
• presentation & optimisation of the website

If you use a log-in for our services (portal use or portal), we will also, in addition, process your personal data for the following purposes:

• identification
• answering, executing and implementing your request(s)
• contract processing, accounts management and enforcing rights

Your personal data are processed during your use of our services on the basis of legitimate interests within the meaning of art. 6 sub-section 1 sentence 1 lit. f) and, if applicable, your consent within the meaning of art. 6 sub-section 1 sentence 1 lit. a) EU GDPR. The above-mentioned purposes constitute a legitimate interest.
 
More detailed information on the legal basis for data processing involving the cookies used is provided under section 4) Particularity: Cookies.

During your use of our services, we process the following data: 

• randomised IP address
• date and time
• pages visited
• user interactions
• data of the requesting computer
• identification data of the browser and operating system type
• device number / UUID (if mobile apps are used)
• last page visited

If you log on to our portal using your access data, the following personal data may be processed, in addition:

• master data (salutation, name, first name, title, date of birth, PIN)
• address data
• communications data
• bank details
• correspondence contact data
• data regarding the account
• the IP of the requesting computer

At this point, we would like to point out that, of course, you are not obliged to specify your personal data in our portal. However, we ask for your understanding that, for data protection legislation reasons, some functions cannot be used without the entry of certain personal data. 

The visitor data processed in the framework of the use of this website are not, in principle, forwarded to third parties. Although we use service providers for hosting and maintaining our website, these service providers are required to comply with the statutory provisions in the framework of a data processing contract.
 
Upon instruction by the competent authority, we might, in a specific case, be required to provide information on data in as far as this is necessary for the purposes of prosecution or danger prevention.

The processed visitor data are only stored, in principle, for the duration of your visit. There might be deviations in the retention period for randomised data which are collected in the framework of the cookies used. Details on this are provided under section 4) Particularity: Cookies and at Cookies | Riverty.
 
Apart from this, your personal data are deleted forthwith if the purposes for which they were collected cease to apply, or if the data required for processing are no longer needed to attain the purposes outlined. This does not apply in as far as the data are subject to statutory periods of retention (e.g. section 147 German Fiscal Code, section 257 German Commercial Code) or a retention is necessary to assert, exercise or defend legal claims (e.g. section 195 German Civil Code).

Cookies are small text files used by websites to make the user experience more efficient. We use cookies to personalise content and displayed information and to analysis how our website is accessed. Moreover, we forward information on your use of our website to our partner for analyses.
 
Under the applicable law, we can save cookies on your device if these are absolutely necessary for the operation of this website. However, we need your permission for all other types of cookies. You can change or revoke your consent to the cookie statement on our website at any time.

The technical provision as well as the management and use of cookies of the Riverty Domain are under joint controllership of the Riverty companies (Imprint). You can find more information on this in the privacy policy on Riverty.com. Riverty Services is solely responsible for the content of this sub-domain and for the processing of your personal data in the context of Riverty Back in Flow.
 
Our services use different types of cookies. Some cookies which are needed for the above-mentioned purposes are placed by third parties. Information on which cookies are used specifically is provided in the settings of the mobile apps or at Cookies | Riverty.

• Essential cookies help to make a website usable by enabling basic functions, such as page navigation and access to secure areas of the website. Our services cannot work properly without these cookies.
• Functional cookies help website owners understand how visitors interact with websites by collecting and reporting anonymous information. These cookies are used to better understand the user behaviour. Analytical cookies enable the collection of usage and recognition possibilities in so-called pseudonymous usage profiles. For example, we use analytical cookies to determine the number of individual website visitors or to analyze user behavior on the basis of anonymous and pseudonymous information. A direct conclusion on a person is not possible. The legal basis for these cookies is Art. 6 1 a) DSGVO.
• Marketing cookies are new cookies which have been added and not yet been assigned to a category. We only place these cookies if visitors have agreed to the use of all cookies or if they have expressly agreed to the use of unclassified cookies in the detail settings of the consent manager. We try to provide a classification for new cookies as soon as possible to enable visitors to benefit from the best possible functionality of the website after consent to the use of cookies.

• Face/Touch ID: To facilitate a faster log-in, the user can activate Face ID or Touch ID and authenticate that way. This function is optional. All the information on fingerprints and the face, etc., are saved locally on the device. Data is not transmitted.  
• Push notifications: The user can activate notifications which, e.g. provide information on new due dates or payment receipts. This function is optional and can be changed at any time. To this end, the device ID is saved on the server to specifically address the user device.

Every data subject has the right to information from Riverty Services GmbH in accordance with art. 15 EU GDPR, the right to correction according to art. 16 EU GDPR, the right to deletion according to art. 17 EU GDPR, the right to the restriction of processing according to art. 18 EU GDPR and the right to data portability according to art. 20 EU GDPR.

In addition, you can contact the supervisory authority in charge of Riverty Services GmbH, the State Office for Data Protection and Freedom of Information of North Rhine-Westphalia [Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen], Kavalleriestraße 2 – 4, 40213 Düsseldorf.

Special information on communication and use of the chat function via the "WhatsApp" service

Insofar as you use the communication channel WhatsApp to contact Riverty Services GmbH via chat function, we would like to inform you separately as follows:

We use this external application exclusively as a service channel. We are in no way responsible for the content and data shared, uploaded and processed outside of our own network via WhatsApp. WhatsApp's privacy policy applies to this.

Please read WhatsApp's privacy policy carefully before using WhatsApp. Because by using WhatsApp, you automatically agree to these policies.

Please note the WhatsApp terms of use, over which we have no control: When you install and use WhatsApp on your cell phone, you agree to WhatsApp's terms of use. These include, among other things, that you grant WhatsApp Inc. access to your phone number and the contacts stored on your phone.

You can object to the further use of WhatsApp for communication at any time. Riverty Services GmbH will then immediately stop using this communication channel to communicate with you.

Insofar as you have given your consent to participate in panel surveys for the purpose of quality and product improvement, we process your data on the basis of Art. 6 Para. 1 S.1 lit. a GDPR. For this purpose, we may contact you via different communication channels (e.g. email, app). Your feedback given in the survey will be evaluated by our experts and used to improve the quality and optimisation of the services.

The following data is processed: First name and surname of the data subject, e-mail address, survey results, any information collected and stored as part of app use (Riverty Back in Flow app, e.g.: technical identifiers (IDs), bank and payment information).

The consent given can be revoked at any time at @email. As a result, no further requests for survey participation will be sent to you.

In principle, all data is only processed within the European Union. A transfer to countries in which the GDPR does not apply (so-called third countries) only takes place in exceptional cases. We may transfer the data to third countries pursuant to Article 49 (1) subparagraph 1 e) GDPR if and insofar as this is necessary for the assertion, exercise or defence of legal claims - e.g. because the creditor has its registered office in a third country, the data subject moves to a third country or uses foreign email servers.

Insofar as we carry out data processing in third countries via service providers (e.g. cloud services), these service providers are contractually bound in accordance with the legal requirements of the GDPR.

Every data subject has the right to information from Riverty Services GmbH pursuant to Article 15 of the GDPR, the right to rectification pursuant to Article 16 of the GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR and the right to data portability pursuant to Article 20 GDPR.

In addition, there is the possibility of contacting the supervisory authority responsible for Riverty Services GmbH, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia  [Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen], Kavalleriestraße 2-4, 40213 Düsseldorf.

We have taken all necessary technical and organisational precautions to protect your personal data, in particular, against misuse. Your data are saved in a secure operating environment not accessible to the public. In line with this privacy statement, your information can only be accessed by specifically authorised persons.

Our information system is a secure area. A firewall has been installed to prevent access from other networks connected to the internet. Only employees who need the information to fulfil a special task are granted access to personal information. Our employees have received intensive training regarding data protection and security.
 
Your personal data are encrypted via the so-called Secure Socket Layer Technology (SSL) in transmission. This means that the communication between your computer and the servers used here is ensured using an approved encryption procedure, as long as your browser supports SSL.

If the legal preconditions are fulfilled, the data subject has the following rights according to art. 15 to 22 EU GDPR: A right to information, correction, deletion, restriction of processing and data portability.

Moreover, according to art. 14 section 2 c) in conjunction with art. 21 EU GDPR, the data subject has a right to object to processing based on art. 6 section 1 f) EU GDPR.
 
In accordance with art. 77 EU GDPR, data subjects have the right to lodge a complaint with a data protection supervisory authority if they are of the opinion that processing of personal data was not lawful. The supervisory authority having competence for our company is:

 
The State Officer for Data Protection and Freedom of Information  
North Rhine-Westphalia
Kavalleriestraße 2 – 4
40213 Düsseldorf

In addition, however, you can also contact the supervisory authority having competence at the place of your residence to lodge a complaint.

Riverty Services GmbH
Gütersloher Str. 123
33415 Verl
Germany

Riverty Services GmbH
Data Protection Officer: Nils Unverhau
Gütersloher Str. 123, 33415 Verl
Germany
E-mail: @email

Your data are processed for the purposes of contract processing, accounts management and the pursuit of rights. If the following legal bases are fulfilled, the data subject does not have to consent to data processing:  

Of course, we are only allowed to process data if there is a legal basis for such. Processing by us is lawful if, at least, one of the conditions under article 6 EU GDPR is fulfilled. In principle, your data have to be processed to ensure the fulfilment of a contract with our client (art. 6 section. 1 sentence 1 lit. b EU GDPR). In addition, data processing according to art. 6 section 1 f) EU GDPR is required to preserve our legitimate interests, or the legitimate interests of a third party. Our legitimate interests comprise the enforcement of the outstanding account. Moreover, processing can also be carried out to comply with legal requirements (art. 6 section 1 sentence 1 lit. c EU GDPR) comprising, in particular, compliance with retention requirements.

We process the following data categories: address data, banking data, credit rating information, claims data, communication data, master data, process data, contract data and, if required, payment data.

We are primarily provided with the data by our client. Further possible data sources can comprise credit agencies, field services, custodians, authorised recipients, service providers, third-party debtors, registration offices, courts, bailiffs, legal representatives, trade offices, correctional facilities, publicly accessible information sources, lawyers, original creditors, our clients’ lawyers and the data subject himself/herself.

In accordance with art. 6 section 1 sentence 1 lit. f) EU GDPR, we receive recurring credit rating information for the purpose of the respective accounts management from infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden.

In the framework of the collection proceedings, your data are transferred to our client and, if applicable, to the following categories of recipients (should this be required and permitted): field teams, custodians, authorised representatives, service providers, third-party debtors, residents' registration offices, courts of law, bailiffs, legal representatives, trade offices, correctional facilities and lawyers.

In principle, all data are only processed in Germany. We only transfer data to countries in which EU GDPR does not apply (so-called third countries) in exceptional cases. We may only transfer data to third countries in accordance with art. 49 section 1 sub-section 1 lit. e EU GDPR if, and in as far as this is required, to assert, exercise or defend legal claims - e.g. because the creditor is based in a third country, has moved to a third country or uses foreign e-mail servers.

In as far as we process data in third countries via service providers (e.g. cloud services), these service providers are bound by contract to comply with the legal requirements under the EU GDPR.

Personal data are processed until the above-mentioned purposes have been fulfilled. This also includes the statutory retention requirements under the German Fiscal Code (AO), the Commercial Code (HGB) and the Sales Tax Act (UstG). After the purpose has been fulfilled, the data will be deleted.

Please note:

Even after the matter has been concluded, we have to save the data for up to ten years in accordance with the laws referred to above. However, processing of your data is restricted in accordance with art. 18 EU GDPR. At that point, the data are subject to access restrictions (“blocked”).

If the statutory preconditions are fulfilled, you have the following rights under art. 15 to 20 EU GDPR: A right to information, correction, deletion, restriction of processing and to data portability.

Moreover, according to art. 14 section 2 c) in conjunction with art. 21 EU GDPR, you have the right to object to data processing based on art. 6 sub-section 1 f) EU GDPR.

According to art. 77 EU GDPR, you have the right to lodge a complaint with a supervisory authority if you think that processing of your personal data is unlawful. The supervisory authority having competence regarding our company is:  The State Office for Data Protection and Freedom of Information of North Rhine-Westphalia [Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen], Kavalleriestraße 2 – 4, 40213 Düsseldorf.