Privacy Policy

I. Context:

Your file, which includes personal data, is transmitted to EOS France as part of a contract signed with a client (assignor or principal) (hereinafter referred to as "Client"):

• under a debt assignment, or
• under a management mandate for services such as debt or credit management.

This file transmitted to EOS France originates from a contract initially concluded between you and the Client of EOS France.

The processing of personal data carried out by EOS France in the context of managing acquired or entrusted files may cover services such as:

• credit management,
• amicable and/or judicial debt collection,
• management of over-indebtedness or collective proceedings,
• collection of insurance contributions and management of insured parties' files,
• etc. (hereinafter referred to as "the Activities").

The managed files may concern individuals or relate to companies and cover areas such as banking and credit, insurance, as well as energy or telecommunications.

Some services are conducted in EOS France's own name, while others are conducted under a white-label arrangement (in the name of our Client).

II. Purposes and Categories of Data Processed:

The processing of personal data implemented by EOS France aligns with its purposes related to the Activities specified above. The information provided by EOS France's Clients, as well as that collected and processed by EOS France, is necessary for managing your file.

As the holder or potential guarantor of a file processed by EOS France in the context of its Activities, EOS France may process the following categories of data concerning you:

• Your file references (e.g., original references, internal references),
• Your civil status (e.g., title, last name, first name, date and place of birth),
• Your contact details (e.g., postal, telephone, electronic),
• Your personal and family situation (e.g., marital status, number of people in the household, including children),
• Your professional, economic, and financial situation (e.g., occupation/retired, employer, income, assets, housing), and, where applicable, that of household members or, in the event of death, that of your heirs,
• Your banking references and, if applicable, those of relatives participating in the repayment of your file,
• The origin and characteristics of the file (e.g., originator, type of credit or invoice, management stage, date and information related to the initial contract, remaining amount due or payment schedule),
• The management history of your file, including various written exchanges and summaries of telephone conversations,
• Agreed settlement proposals,
• The history of payments and collections.

These data may also be processed to comply with legal or regulatory measures or obligations, such as:

• The transmission of information to EOS France's Clients in the context of the FICP "National File of Incidents of Repayment of Consumer Credits";
• Customer knowledge and the fight against money laundering and terrorist financing;
• Any processing for accounting management and financial control purposes.

Based on EOS France's legitimate interests, your data may also be used for:

• Conducting satisfaction surveys and statistical processing (e.g., estimating processing costs, forecasting collections, evaluations),
• Optimizing our internal processes (e.g., directing the file to a service, choosing a preferred communication channel, reconciling files concerning you). These choices do not have legal effects and do not significantly affect your rights regarding the repayment of your file. Moreover, your manager remains reachable for any requests or wishes related to the management of your file,
• Enabling the establishment, defense, or exercise of EOS France's rights in court,
• Optimizing collection management for updating and improving the quality of contact and civil status data (titles, names, first names, date and place of birth, postal, electronic, and telephone contact details): the contact and civil status data of debtor clients are duplicated and stored in a dedicated database (the "Directory Database") to compare the data of a debtor client whose claim has just been integrated into EOS France's business databases with the data in this Directory Database.

In accordance with Article 21 of the GDPR, you have the right to object at any time to the processing of personal data based on our legitimate interest as a data controller, provided that your interests or fundamental rights and freedoms prevail over our compelling legitimate interests, or for the establishment, exercise, or defense of our rights in court.

In the case of acquiring debt portfolios, EOS France is subrogated to the rights of the assigning client for the management of your file. Consequently, the management of your file is legally based on the contract you originally entered into.

In the case of a service contract (management mandate), EOS France will regularly inform the Client about the management of your file, particularly transmitting information related to your payments.

III. Transfer to another country

Generally, your personal data is processed within the European Union ("EU").

However, there may be specific cases where your personal data is transferred to a third country outside the EU. When this occurs, EOS France ensures the implementation of appropriate protective mechanisms as provided by the GDPR, such as signing Standard Contractual Clauses adopted by the European Commission when the recipient entities do not have an adequate level of personal data protection. Additionally, in the case of a service contract (management mandate), these transfers are only possible with the written consent of the Client of EOS France.

          1. Exchanges with the EOS Group

EOS France is the French subsidiary of the international EOS Group. As such, EOS France may transfer information to its shareholder (based in Hamburg, Germany) for the purpose of monitoring and controlling activities. This typically involves aggregated or anonymized information that does not contain personal data. EOS France may also transmit pseudonymized data to the EOS Group for statistical modeling purposes. Finally, in cases of necessity (fraud, legal obligations, or Group directives), EOS France may need to communicate personal data on a case-by-case basis. In this context, it would take all necessary precautions to secure such communications.

          2. Possible Transfers in the Context of Operational Management of Your File

               a. Transfer to EOS France's Mauritian Subsidiary

EOS France has a subsidiary in Mauritius, EOS Mascarenes. Some files may be processed by teams based at this location. It is important to note that personal data remains stored on servers located within the European Union. In the case of a service contract (management mandate), these transfers are only possible with the written consent of our partner client. EOS France ensures that EOS Mascarenes adheres to personal data protection regulations, having signed Standard Contractual Clauses for data protection adopted by the European Commission (clauses provided by supervisory authorities for transfers outside the European Union).

               b. Occasional Transfer to a Provider Located Outside the EU

EOS France may occasionally engage certain providers located outside the European Union for specific services. In particular, the EOS Group has a dedicated exchange platform for international debt collection. If the individual concerned no longer resides in France, EOS France may proceed with transfers to a subsidiary or partner of the EOS Group located in the country of residence. Any transfer to a provider located outside the EU is systematically governed by contractual agreements and includes the implementation of appropriate protective mechanisms. Moreover, in the context of a service contract (management mandate), these transfers are only made after the written consent of the Client of EOS France.

As of the date of this update, the providers outside the EU that may receive your personal data are located in the following countries:

• Countries with an adequate level of personal data protection: Andorra, Israel, Liechtenstein, United Kingdom, Switzerland.
• Recipient countries whose local subsidiary or partner has signed Standard Contractual Clauses with the EOS Group: Algeria, Bosnia and Herzegovina, Canada, China, United States, Hong Kong, Macedonia, Morocco, Russia, Serbia, Tunisia.

IV. Recipients

To carry out its missions, EOS France may need to:

• Update your contact details to reach out to you; it may then transmit some of your data:
  • To a data enrichment provider.
  • Or to a duly authorized private investigation agency (in accordance with the Internal Security Code).
• Transmit your file(s) to one of its partner bailiffs for amicable and/or judicial recovery.
• Communicate with the Banque de France regarding cases of over-indebtedness.
• If the individual concerned no longer resides in France, request assistance from a subsidiary or partner of the EOS Group.
• Send updated information concerning you to the Client of EOS France.

V. Security

EOS France is committed to the confidentiality of the personal data it processes. Appropriate technical and organizational security measures are implemented to protect your data from accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved based on technological advancements.

These measures aim, in particular, to control:

• Access to the premises and facilities where data is processed,
• Access to computer systems and software platforms used, limited to authorized individuals based on the relevant processing, relying on authorization mechanisms, access rights, control, and recording of access,
• Risks of unauthorized disclosure of personal data by securing all exchanges,
• Traceability of events related to the entry of personal data,
• Availability of personal data through security and backup measures to guard against accidental destruction or loss of data.

VI. Retention Periods:

Your personal data is stored in EOS France's databases only for the duration necessary to fulfill the purpose for which it was collected and/or for the time required for EOS France to comply with its legal and regulatory obligations or to defend its interests.

The personal data used in the management of your file will be retained for a maximum of 5 years after the balance or final closure of the file. For the purposes of updating and ensuring data quality, your contact and civil status data (titles, names, first names, date and place of birth, postal address, electronic address, and telephone contact details) will be retained for 10 years after the balance or final closure of the file, unless you object.

Additionally, your personal data may be retained for the following cases:

• For the management of satisfaction surveys: 2 years from the date of the survey,
• For the management of complaints and exercise of rights: 5 years from their closure,
• For accounting management and financial control: 10 years from the end of the accounting period,
• For the purposes of combating corruption, fraud, and the financing of terrorism: 5 years from the end of the business relationship or the date of suspicion declaration.