Privacy statement and information in the sense of the EU GDPR

The protection of your personal data is an important objective for us. Therefore, we want to use the privacy statement below to provide you (as a visitor to our website) with information on how your data are processed. You will, in particular, find out which data we collect from you, which purpose the processing of such fulfils, on which legal basis such data processing is based and which rights you as the data subject have. Moreover, with this statement we concurrently also fulfil our information requirements according to the EU General Data Protection Regulation (EU GDPR).  

On our website, we provide a portal which you can, for example, use to agree a payment by instalments or which you can use to inform us of a change of address, etc. We point out that, in addition to your visit to this website, the data will also be processed for the purpose of accounts management. More detailed information on the purposes, the legal basis and the scope of processing of your data, sources and recipients of personal data, as well as the period for which your data are stored in the collection proceedings, is provided here: Data protection information regarding collection proceedings

 

Please note that the disclaimers, (data protection) legal notices and all the other data and information available at www.paigo.com are only legally binding in the respective German version, even if there is a translation provided. This also applies in the case of own translations, e.g. using translation tools. In case of conflicts or discrepancies between the German version and a version in another language, the German version alone shall be binding.

Privacy notice

A) General

1. Responsible body

Paigo GmbH  
Gütersloher Str. 123
33415 Verl

Germany

2. Data protection officer

Paigo GmbH
Mr Nils Unverhau
Gütersloher Str. 123
33415 Verl

Germany
 
@email

Whenever we refer to "we", "us" or the "company" below, this always refers to Paigo GmbH.

B) Purpose and legal basis for the processing of visitor data

1. Purpose of data processing

The data collected in the framework of your visit to our website are collected for the following purposes:

  • internal system-specific and statistical purposes
  • technical administration of the website
  • presentation & optimisation of the website

If you use our portal, we will also, in addition, process your personal data for the following purposes:

  • identification
  • answering, executing and implementing your request(s)
  • contract processing, accounts management and enforcing rights

2. Lagal basis for data processing

Your personal data are processed during your visit to our website on the basis of legitimate interests within the meaning of art. 6 sub-section 1 sentence 1 lit. f) and, if applicable, your consent within the meaning of art. 6 sub-section 1 sentence 1 lit. a) EU GDPR. The above-mentioned purposes constitute a legitimate interest. 
 
More detailed information on the legal basis for data processing involving the cookies used is provided under section 4) Particularity: Cookies.

C) Scope of data processing on this website

1. Categories of personal data

Upon your visit to our website, we process the following visitor data:

  • randomised IP address
  • date and time
  • pages visited
  • user interactions
  • data of the requesting computer
  • identification data of the browser and operating system type
  • last page visited

If you log on to our portal using your access data, the following personal data may be processed, in addition:

  • master data (salutation, name, first name, title, date of birth, PIN)
  • address data
  • communications data
  • bank details
  • correspondence contact data
  • data regarding the account
  • the IP of the requesting computer

At this point, we would like to point out that, of course, you are not obliged to specify your personal data in our portal. However, we ask for your understanding that some functions cannot be used without the entry of certain personal data for data protection legislation reasons. 

2. Recipient of personal data

The visitor data processed in the framework of the use of this website are not, in principle, forwarded to third parties . Although we use service providers for hosting and maintaining our website, these service providers are required to comply with the statutory provisions in the framework of a data processing contract.
 
Upon instruction by the competent authority, we might in a specific case be required to provide information on data in as far as this is required for the purposes of prosecution or danger prevention.

3. Duration of data retention

The processed visitor data are only stored for the duration of your visit in principle. There might be deviations in the retention period for randomised data which are collected in the framework of the cookies used. Details on this are provided under section 4) Particularity: Cookies and in the Cookie Consent Manager.
 
Apart from this, your personal data are deleted forthwith if the purposes for which they were collected cease to apply or if the data required for processing are no longer needed to attain the purposes outlined. This does not apply in as far as the data are subject to statutory periods of retention (e.g. section 147 German Fiscal Code, section 257 German Commercial Code) or a retention is necessary to assert, exercise or defend legal claims (e.g. section 195 German Civil Code).

4. Particularity: Cookies

a) General information on cookies

Cookies are small text files used by websites to make the user experience more efficient. We use coolies to personalise content and displayed information and to analysis how our website is accessed. Moreover, we forward information on your use of our website to our partner for analyses.
 
Under the applicable law, we can save cookies on your device if these are absolutely necessary for the operation of this website. However, we need your permission for all other types of cookies. You can change or revoke your consent to the cookie statement on our webite at any time.
 
This website uses different types of cookies. Some cookies are placed by third parties that appear on our websites. Information on which cookies are used specifically is provided in the Cookie Consent Manager.

  1. Required cookies help to make a website usable by enabling basic functions, such as page navigation and access to secure areas of the website. The website cannot work properly without these cookies.
  2. Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting anonymous information.
  3. Unclassified cookies are new cookies which have been added and not yet been assigned to a category. We only place these cookies if visitors haver agreed to the use of all cookies or if they have expressly agreed to the use of unclassified cookies in the detail settings of the consent manager. We try to provide a classification for new cookies as soon as possible to enable visitors to benefit from the best possible functionality of the website after consent to the use of cookies.
B) Adobe Analytics (Omniture)

This website uses Adobe Analytics. Adobe Analytics are provided by Adobe Systems Software Ireland Limited, 6 Riverwalk, Naas Road, Dublin 24, Ireland (Adobe). Adobe Analytics creates a pseudonynmous usage profile to optimise the website's user friendliness.  
 
Pseudonymity is ensured by removing the last octet from your IP address before the transmission of your data so that conclusions regarding you cannot be drawn. After transmission, the pseudonymous usage profile is analysed to optimise user friendliness. The data are not combined with other Adobe data.  A data processing contract ensures that Adobe only processes data in accordance with the instructions.
 
You can object to the use of Adobe Analytics at any time by changing your browser settings and/or using the following link to download and instal the available browser plug-ins: http://bertelsarvatoprod.d3.sc.omtrdc.net/optout.html.
 
Further information on data processing by Adobe Analytics is provided in the Adobe privacy policy: https://www.adobe.com/de/privacy/policy.html.

C) Matomo
This website uses Matomo software for the statistical evaluation of website visitor traffic. Matomo uses cookies which permit an analysis of your use of our website. The information generated by the cookie regarding your use of this internet offering is saved on the provider’s system in Germany. The IP address is randomised immediately after processing and before it is saved.

At Matomo, analysis cookies are placed whenever you go to the website and, at least, agree to the use of web-tracking cookies. In this case, the cookies remain for a maximum of 13 months, unless you delete them via the browser settings.
 
You can update the cookie consent to web tracking at any time.
 
More information on data processing at Matomo is provided in the privacy statement:
matomo.org
D) Google Analytics

The website uses the Google Analytics service. The provider of Google Analytics is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin. Google Analytics creates a pseudonymous user profile in order to optimise the user-friendliness of the website. The pseudonymity is ensured by shortening the IP address before transmitting your data to Google and making it impossible to draw conclusions about your person. The pseudonymous usage profile is evaluated after transmission for the purpose of optimising user-friendliness. Through the use of Google Analytics, third country transfer takes place (see Data transfer to third countries). By means of a contract for order processing as well as conclusion of further guarantees the company ensures an appropriate level of data protection.

You can find more information on data processing at Google Analytics in the Google privacy policy: https://policies.google.com/privacy?hl=en.

E) Analytical Cookies

These cookies are used to better understand the user behaviour. Analytical cookies enable the collection of usage and recognition possibilities in so-called pseudonymous usage profiles. For example, we use analytical cookies to determine the number of individual website visitors or to analyze user behavior on the basis of anonymous and pseudonymous information. A direct conclusion on a person is not possible. The legal basis for these cookies is Art. 6 1 a) DSGVO.

 

5. Special feature: Mobile apps

  • Face/Touch ID: To facilitate a faster log-in, the user can activate Face ID or Touch ID and authenticate that way. This function is optional. All the information on fingerprints and the face, etc., are saved locally on the device. Data is not transmitted.  
  • Push notifications: The user can activate notifications which, e.g. provide information on new due dates or payment receipts. This function is optional and can be changed at any time. To this end, the device ID is saved on the server to specifically address the user device.

6. Finance overview

Special data protection notes regarding data processing by Paigo GmbH for the use of the “finance overview” function

The following data are processed: First name and name of the data subject, banking details and accounting transactions relating to the account.

Art. 6 section 1 S. 1 lit. a) EU GDPR forms the legal basis for data processing.

The data are processed for the purpose of creating a budget and to check options for settling outstanding liabilities.

Paigo GmbH saves the aggregated account information (budget account) for a period of 6 months, and automatically deletes the information after the end of this period.
 
informa Solutions GmbH, Rheinstraße 99, 76532 Baden-Baden, which has been commissioned for order processing according to art. 28 EU GDPR, is the recipient of the data.
 
In principle, all the data are exclusively processed in Germany. Data are only transferred to countries in which the EU GDPR does not apply (so-called third countries) in exceptional cases. According to art. 49 section 1 sub-section 1 e) EU GDPR, we can transfer data to third countries if, and in as far as this is required, to assert, exercise or defend legal claims, e.g. because the creditor is based in a third country, the data subject moves to a third country or uses foreign e-mail servers.
 
In as far as we carry out data processing in third countries via service providers (e.g. cloud services), these service providers are bound by contract in accordance with the legal requirements of the EU GDPR.
 
Every data subject has the right to information from Paigo GmbH in accordance with art. 15 EU GDPR, the right to correction according to art. 16 EU GDPR, the right to deletion according to art. 17 EU GDPR, the right to the restriction of processing according to art. 18 EU GDPR and the right to data portability according to art. 20 EU GDPR.


In addition, you can contact the supervisory authority in charge of Paigo GmbH, the State Office for Data Protection and Freedom of Information of North Rhine-Westphalia [Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen], Kavalleriestraße 2 – 4, 40213 Düsseldorf.

7. Chat communication channel

Special data protection notes regarding data processing by Paigo GmbH for the chat function

Paigo GmbH offers you the option of contacting us via the chat function.
 
Chat communication is available both automatically through a smart bot, and via our customer service team - which also addresses your specific requirements.

The following data are processed: Name and first name of the data subject, e-mail address, phone number and the entire customer service correspondence.

In as far as a service provider processes data in third countries in the framework of the chat function (e.g. cloud use), the service provider is required by contract to comply with the legal requirements under EU GDPR.

Art. 6 section 1 sentence 1 lit. a) EU GDPR (Consent) forms the legal basis for data processing in using the chat function.

You can revoke your consent to processing by Paigo GmbH in the framework of the chat function described above with effect for the future at any time. 
 

Every data subject has the right to information from Paigo GmbH in accordance with art. 15 EU GDPR, the right to correction according to art. 16 EU GDPR, the right to deletion according to art. 17 EU GDPR, the right to the restriction of processing according to art. 18 EU GDPR and the right to data portability according to art. 20 EU GDPR.

In addition, you can contact the supervisory authority in charge of Paigo GmbH, the State Office for Data Protection and Freedom of Information of North Rhine-Westphalia [Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen], Kavalleriestraße 2 – 4, 40213 Düsseldorf.

D) Security notice

We have taken all necessary technical  and organisational precautions to protect your personal data, in particular, against misuse. Your data are saved in a secure operasting environment not accessible to the public. In line with this privacy statement, your information can only be accessed by specifically authorised persons.
 
Our information system is a secure area. A firewall has been installed to prevent access from other networks connected to the internet. Only employees who need the information to fulfil a special task are granted access to personal information. Our employees have received intensive training regarding data protection and security.
 
Your personal data are encrypted via the so-called Secure Socket Layer Technology (SSL) in transmission. This means that the communication between your computer and the servers used here is ensured using an approved encryption procedure, if your browser supports SSL.

E) Your rights

If the legal preconditions are fulfilled, the data subject has the following rights according to art. 15 to 22 EU GDPR: A right to information, correction, deletion, restriction of processing and data portability.
 
Moreover, according to art. 14 section 2 c) in conjunction with art. 21 EU GDPR, the data subject has a right to object to processing based on art. 6 section 1 f) EU GDPR.
 
In accordance with art. 77 EU GDPR, the data subjects have the right to lodge a complaint with a data protection supervisory authority if they are of the opinion that processing of personal data was not lawful. The supervisory authority having competence for our company is:
 
The State Officer for Data Protection and Freedom of Information  
North Rhine-Westphalia
Kavalleriestraße 2 – 4
40213 Düsseldorf

In addition, however, you can also contact the supervisory authority having competence at the place of your residence to lodge a complaint.

Data protection notice regarding debt collection proceedings

Identity of the responsible body

Paigo GmbH
Gütersloher Str. 123
33415 Verl

Germany

Contact data of the data protection officer

Nils Unverhau
Gütersloher Str. 123
33415 Verl

Germany

Purpose of processing and legal basis

Your data are processed for the purposes of contract processing, accounts management and the pursuit of rights. 

According to art. 6 section 1 b) EU GDPR, your data have to be processed to ensure the fulfilment of a contract with our client. In addition, data processing according to art. 6 section 1 f) EU GDPR is required to preserve our legitimate interests, or the legitimate interests of a third party. Our legitimate interests comprise the enforcement of the outstanding account.

Data categories and data sources

We process the following data categories: address data, banking data, credit rating information, claims data, communication data, master data, process data, contract data and, if required, payment data.

We are primarily provided with the data by our client. Further possible data sources can comprise credit agencies, field services, custodians, authorised recipients, service providers, third-party debtors, registration offices, courts, bailiffs, legal representatives, trade offices, correctional facilities, publicly accessible information sources and lawyers.   

In accordance with art. 6 section 1 f) EU GDPR, we receive recurrent credit rating information for the purpose of the respective accounts management from infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden.

Recipient

In the framework of the collection proceedings, your data are transferred to our client and, if applicable, to the following categories of recipients (should this be required): field teams, custodians, authorised representatives, service providers, third-party debtors, residents' registration offices, courts of law, bailiffs, legal representatives, trade offices, correctional facilities and lawyers.

Data transfer to third countries

We transfer your data to third countries in accordance with art. 49 section 1 sub-section 1 lit. e EU GDPR if, and in as far as this is required, to assert, exercise or defend legal claims - e.g. because the creditor is based in a third country, has moved to a third countries or uses foreign e-mail servers.

Term of data retention

After the open account has been settled or the collection proceedings have been finally concluded for other reasons, your data will be deleted as of the end of the respective year upon expiry of the legal retention period of ten years.

In deviation from this, the following is deleted (as of the end of the year):

  • commercial letters (except receipts) after 6 years
  • communications and contact data (except information for support and on lawyers retained by you) after 3 years 
  • creditworthiness data obtained from rating agencies 3 years after the relevant date
  • insolvency-related creditworthiness data 6 years after the relevant date

Rights of the data subject

If the statutory preconditions are fulfilled, you have the following rights under art. 15 to 22 EU GDPR: A right to information, correction, deletion, restriction of processing and to data portability.  
 
Moreover, according to art. 14 section 2 c) in conjunction with art. 21 EU GDPR, you have the right to object to data processing based on art. 6 sub-section 1 f) EU GDPR.
 
According to art. 77 EU GDPR you have the right to lodge a complaint with a supervisory authority if you think that these legal regulations have been violated. The supervisory authority having competence regarding our company is:  The State Office for Data Protection and Freedom of Information of North Rhine-Westphalia [Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen], Kavalleriestraße 2 – 4, 40213 Düsseldorf.