Privacy Notice

This Privacy Notice applies to data processing on this website and provides information regarding the data processing carried out by the following companies, all of which have their registered office at C/ Manuel Guzmán 1, Esc.1, Planta 1, 15008, A Coruña, Spain:

• EOS Spain, S.L. Sociedad Unipersonal, with tax identification number B-64102072, a company registered in the A Coruña Commercial Registry, General Section, Volume 3,407, Page 54, Sheet C-47,145, Entry 1.
• Atram Asset I S.L., with tax identification number B-88455845, a company registered in the A Coruña Commercial Registry, Volume 3,718, Page 196, Sheet C-59547.
• Atram Asset II S.L., with tax identification number B-88644307, a company registered in the A Coruña Commercial Registry, Volume 3,737, Page 40, Sheet C-60257.

(Hereinafter, collectively, the "Controllers", or individually, the "Controller").

We have formally appointed a Data Protection Officer, who can be contacted at the above postal address Street Manuel Guzmán, 1 Esc. 1 planta 1, 15008 A Coruña (please indicate for the attention of the DPO), or at the following e-mail address: dpo@eos-spain.es

The company that determines the purposes for which and the means by which your personal data will be processed, shall be considered as the data controller. 

The Controller has a legal obligation to ensure that personal data is processed securely and lawfully, in compliance with the provisions of EU Regulation 2016/79 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation); and in accordance with Organic Act 3/2018 of 5 December 2018 on the Protection of Personal Data and guarantee of digital rights.

Thus, we can cover the following matters:

• Website users: The company or companies as Controllers will process the personal data related to the processing carried out by virtue of mere access to, use and navigation of the website, in accordance with its capacity as the information society services provider owning the website
• Debtors: Your file, including elements containing personal data, is sent to EOS Spain as part of a contract signed with a Customer (assignor or principal):
  • under an assignment of receivables,
  • or, under a management mandate for services such as receivables or credit management.

The file transmitted to EOS Spain therefore originates from a contract initially concluded between you and assignor/EOS Spain Client.

The processing of personal data carried out by EOS Spain as part of the management of files acquired or entrusted to it may cover services:

• credit management,
• amicable and/or legal debt collection,
• management of over indebtedness or insolvency proceedings,
• collection of insurance premiums and management of policy holder files,
• (hereinafter referred to as "the Activities").

Some services are performed on our own behalf (in our capacity as Controller by the company holding the credit right) and others on behalf of third parties (on behalf of our client).

• Contact / authorised persons: If you are a representative of one of our customers, partners, suppliers or Authorities, you should know that your data will be processed, as Data Controller, by the company with which you maintain relations in your own name or as representative.
• Applicants: If you are a job applicant, your personal data will be processed by the company to which you have applied.

Based on the purpose for which the personal data will be processed, we can find the following categories of interested parties:

• Web users: Visitors to the website https://es.eos-solutions.com (hereinafter the "website").
• Debtors: Individuals or representatives of legal entities that are required to pay debts owed to the Data Controllers.
• Contact / authorised persons: Individuals who are representatives of our customers, partners, suppliers, or Authorities.
• Applicants: job seekers who contact EOS Spain through the job portal on the website.

The processing of personal data by the Controllers is in line with its purposes, linked to the Activities specified above.

The information transmitted by EOS Spain Customers and that collected and processed by EOS Spain is necessary for the management of your file.

Your personal data is processed by EOS Spain on the legal basis of the performance of a contract, as well as on the basis of the legitimate interests of EOS Spain (article 6 paragraphs 1.b and 1.f of the GDPR).

The following categories of personal data may be processed by the controller in connection with your relationship with us:

Website users:

• Personal identification and contact data that you provide through the job or debtor portal, or via the web form necessary for the management of your file and to communicate with you.
• IP addresses and other technical information: When you access our website, the browser used on your device automatically sends information to our website's server. This information is temporarily recorded in a log file. The following information is collected without your intervention and kept until it is automatically deleted after 3 days: 
  • IP address of the accessing computer,
  • date and time of access,
  • name and URL of the extracted file,
  • website from which the access was made (reference URL),
  • website retrieved from our website,
  • your computer's browser and possibly its operating system, as well as the name of your access provider.

The legal basis for data processing is art. 6 paragraph 1.f of the GDPR.

Our legitimate interest derives from the aforementioned purposes of data collection. Under no circumstances do we use the data collected to draw conclusions about you.

Debtors:

• Identifying information such as your name, surname, national ID / foreigner ID number (only in those cases in which you provide it).
• Contact Information: The information you provide so that we can contact you in order to provide you with the service; whether by mail, e-mail or telephone. (address, telephone, e-mail).

If you contact us in this way, the personal data transmitted via your message will be stored. The legal basis for processing data for the purpose of making contact is art. 6 paragraph 1.f of the GDPR. If contact is made for the purpose of concluding a contract, an additional legal basis for processing is art. 6 paragraph 1.b of the GDPR.

We delete the personal data collected after a reasonable period of time to enable us to process and follow up your request, as long as we have no legal right or obligation to continue processing them.

• Contract data: contract number.
• Voice: Telephone conversations with the departments of EOS Spain may be listened to and/or recorded for the purposes of: 
  • training and upgrading the skills of employees; 
  • checking compliance with legal and ethical frameworks;
  • checking the quality of employees' speech.

This processing is based on the legitimate interests of EOS Spain (article 6 paragraph 1.f of the GDPR). You may object to this recording by indicating this to the person you are speaking to at the start of the telephone conversation.

Only duly authorised persons may access telephone recordings for the purposes specified above. The recording system has a strict authorisation management system.

• Accounts receivable data, payment information, if applicable: details regarding the debtor’s unpaid receivable, or means of payment in those cases where payments are made. (Bank account or credit card number).
• IP addresses and other technical information.

Contact / authorised persons:

• Identifying information such as your name, position, member number if you are a lawyer, ID card or foreign ID card.
• Contact Information: The information that you provide so that we can contact you in order to provide the service. It can be your mailing address, your work address, your phone number, or your email address.

Applicants:

The data collected is processed for the purposes of managing and following up your application, and will be kept for a maximum of 3 years. You may exercise your rights by contacting the EOS Spain DPO.
The following data can be collected:

• Identifying information such as your name, your ID number or foreign ID number, date of birth (as long as you indicate it in your CV).
• Contact Information: The information you indicate in your CV so we can contact you in connection with the selection process. These can be: your mailing address, your phone, your cell phone or your email address.
• Information from your CV: The information you indicate in your CV, such as your professional experience, your academic background.

 ^{*The information in this point 3 is for illustrative purposes only and not necessarily exhaustive}

Below, we explain the reasons why we process your personal data and the purposes of such processing.

Website users:
When you access our website, the browser used on your device automatically sends information to our website's server. This information is temporarily recorded in a log file. The following information is collected without your intervention and kept until it is automatically deleted after 3 days:

• IP address of the accessing computer,
• date and time of access,
• name and URL of the extracted file,
• website from which the access was made (reference URL),
• website retrieved from our website,
• your computer's browser and possibly its operating system, as well as the name of your access provider.

In order to make your visit as comfortable and efficient as possible when accessing and browsing our website and for the operation and performance of the basic functions of the website, we use the necessary cookies. (art. 6.1.f) of the GDPR).

In order to make it easier to you to use our website, we use personalisation cookies; these will automatically recognise that you have visited the site, and the entries and settings you have made will be automatically applied so that you do not have to enter them again.

In the pursuit of providing, you with relevant content based on your interests every time you visit our website, we use marketing cookies.

In order to carry out the processing of data collected through personalisation, statistical and marketing cookies, you must have given your consent in the cookies panel (art. 6.1.a) of the GDPR). You can withdraw or modify your consent at any time in the aforesaid cookies panel.

On the other hand, the personal data you provide through any of the forms on the website will be processed to correctly manage the request you make.

Debtors:
In relation to debt management, your data will be processed for the management of the collection of debts owed to the Data controllers, or to take legal action. This means that the processing of your personal data is necessary for the purpose of the performance of the contract due to your late payment (art. 6.1.b) of the GDPR).

Another purpose related to debt management is to enable the Controllers to perform data-driven monitoring activities of collection measures optimised for you in order to protect their legitimate interests (art. 6.1.f) of the GDPR).

We may also process your data in order to comply with legal obligations. (art. 6.1.c) of the GDPR).

Contact / Authorised persons:

If you are the contact person of one of our suppliers or service providers, the basis of legitimacy of the processing of your personal data will be the performance of the contract (art. 6.1.b) of the GDPR).

If you are an employee of one of our suppliers and it is necessary for us to process your personal data, this will be done in order to safeguard the legitimate interests of the data controllers (art.6.1.f) of the GDPR).

If you are the legal representative of a debtor, for example a lawyer, the basis for legitimising the processing of your personal data by one of the controllers will be the protection of their legitimate interests (art. 6.1.f) of the GDPR).

If you have been authorised by a debtor to manage the debt or to exercise a data protection right, your personal data will be processed based the consent given by both the authorised and the authorising party (art. 6.1.a) of the GDPR).

Applicants: 
If you apply for a job vacancy in one of the Controllers, they may process your personal data to evaluate your application, and by virtue of the consent given by you. (art.6.1.a) of the GDPR).

We may also process your personal data if it is necessary for legal proceedings, to comply with a court order or a legal mandate (art. 6.1.c) of the GDPR).

In the context of the collection procedure, we have transferred and/or will transfer your data, if necessary, to the following categories of recipients:

• Credit services companies
• Service providers
• Third parties
• Courts
• Judicial agents
• Attorneys
• Debt management companies
• Creditworthiness files

We only pass on your personal data to other companies in the EOS Group or other recipients if: 

• you have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR or 
• the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary to safeguard our legitimate interests or those of a third party and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data or 
• there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c GDPR or
• this is necessary for the initiation or fulfillment of contractual relationships with you in accordance with Art. 6 para. 1 lit. b GDPR or
• we have the data processed on our behalf in compliance with Art. 28 GDPR.

Generally, your personal data is processed in the European Union ("EU"). However, in certain specific cases, your personal data may be transferred to a third country outside the EU. When this is the case, EOS Spain ensures that the appropriate protection mechanisms provided for by the GDPR are put in place, such as the signature of Standard Data Protection Contractual Clauses adopted by the European Commission when the recipient entities do not have an adequate level of personal data protection. Furthermore, in the case of a contract for the provision of services (management mandate), these transfers are only possible with the written agreement of the Client of EOS Spain.

a. Exchanges with the EOS Group 
EOS Spain is the Spanish subsidiary of the international EOS group. As such, EOS Spain may transfer information to its shareholder (based in Hamburg, Germany) for the purposes of monitoring and controlling activities. 

This information is generally aggregated or anonymized and does not contain any personal data. EOS Spain may also send pseudonymised data to the EOS Group for statistical modelling by its departments.

We will only disclose your personal data to other EOS Group companies or other third parties (recipients) if:

• You have provided explicit consent for one or more specific purposes (art. 6.1.a) of the GDPR).
• If it is necessary for the exercise or defence of legal claims and there is no reason to assume that you have an interest deserving primary protection not to have your data disclosed (art. 6.1.f) of the GDPR).
• There is a legal obligation to do so (art. 6.1.c) of the GDPR).
• It is legally permissible and necessary to fulfil contractual obligations (art. 6.1.b) of the GDPR).
• We process personal data as data processors on behalf of a third-party data controller (art. 28 of the GDPR).
• There will be no transmission of your personal data for purposes other than those listed above.
• Any transfer to a service provider located outside the EU is systematically contractually regulated and provides for the implementation of appropriate protection mechanisms. In addition, under a contract for the provision of services (management mandate), they are only carried out with the written agreement of the Client of EOS Spain. 

At the date of this update, non-EU service providers who may receive your personal data are located in the following countries: 

• countries with an adequate level of personal data protection: Andorra, Israel, Liechtenstein, United Kingdom, Switzerland. 
• recipient countries whose subsidiary or local partner has signed the Standard Contractual Clauses with the EOS Group: Algeria / Bosnia-Herzegovina / Canada / China / Hong Kong / Macedonia / Morocco / Russia / Serbia / Tunisia / United States.
   

Once the outstanding payment has been paid in full or the collection procedure has been completed, the data relating to the management of your file(s) is kept for the length of time required by EOS Spain to carry out its tasks and/or to enable EOS Spain to comply with its regulatory obligations.

Access to the archived data is limited to certain employees or authorised departments (accounting, statistics, customer relations, legal, etc.), for accounting, statistical purposes or to defend the interests of EOS Spain

Right to information: as data controllers we must always identify ourselves, inform you what your data are used for and also tell you:

• The reason why your data are needed,
• How long we will keep them,
• The legal basis for the processing,
• If we are going to transfer them to third parties or transfer them to other countries.
• If we are going to use them for profiling purposes, you have the right to object if automated decisions are made that affect you legally or in a similar way.

Right of access to know what type of data we are processing and the characteristics of the processing we are carrying out.

Rectification right: Allows you to correct or complete your data if they are inaccurate or incomplete. To do so, you must tell us what they are.

Erasure: You can request the deletion of your personal data when:

• They are no longer required for the purposes for which they were collected.
• You withdraw the consent you gave, provided that there is no other cause that legitimises the processing.
• Your data have been processed unlawfully.
• You have objected to the processing and the legitimate interest does not prevail, or if the purpose of the processing is direct marketing.
• They must be deleted in to comply with a legal obligation.
• They were obtained when a minor in connection with information society services.
• Right to object: You can object to the processing of your data:
• For personal reasons unless we can demonstrate a legitimate interest.
• When the purpose of the processing is direct marketing.
• Right to restriction of processing: Allows you to request the suspension of the processing of your data when:
• You challenge their accuracy, during the period in which they are checked.
• You object to the processing, while it is being verified whether the legitimate interest of the data controller prevails.
• The processing is unlawful, but you object to its deletion and instead request that it be restricted.
• When you need them for the formulation, exercise, or defence of claims.
• Right to data portability: When the processing is based on your consent or the performance of a contract, and is carried out by automated means, you can receive your data in a format that allows it to be transmitted to another data controller

Please refer to our Cookie Policy for information on this: https://es.eos-solutions.com/cookies-policy

You can revoke any consent you have given via the cookie settings banner.

If you wish to exercise your rights, you may do so by sending a written request with the reference "Data Protection":

• to our e-mail address protecciondatos@eos-spain.es, or
• by post to the following address, depending on the data controller you want to contact:

EOS Spain, S.L., Sociedad Unipersonal
C/ Manuel Guzmán, 1, Esc. 1, Planta 1
15008 A Coruña (A CORUÑA)

Atram Asset I S.L.
C/ Manuel Guzmán, 1, Esc. 1, Planta 1
15008 A Coruña (A CORUÑA)

Atram Asset II S.L.
C/ Manuel Guzmán, 1, Esc. 1, Planta 1
15008 A Coruña (A CORUÑA)

Please note that the written request, addressed to the relevant Controller, must include:

• photocopy of your ID card or passport or another valid document that identifies you. You can also use the electronic signature instead of the ID card.

If the right is exercised through an expressly designated representative, it must include:

1. the document conferring the representation signed by both.
2. a copy of both sides of your ID card or equivalent document.
3. a copy of both sides of the ID card or equivalent document of your representative.

• petition specifying the request (access, rectification, deletion, limitation, opposition, or portability...).
• address for notification purposes, date, and signature. If you do not provide an address, we will respond by the same means by which we received the request.
• documents supporting the petition you make, if necessary.

However, there are several cases, in which we may reject your request:

• If the application is submitted by a legal entity.
• If the applicant is not you or your representative.
• If you do not indicate the file or files in respect of which the rights are exercised.
• If the request is manifestly unfounded or excessive because it is repetitive.
• In the case of generic requests.

The data controllers have a Data Protection Officer with whom you can communicate, via e-mail dpo@eos-spain.es, on all matters relating to the processing of your personal data and the exercise of your rights under the GDPR.

We advise you that you have the right to file a complaint with the Spanish Data Protection Agency if you believe a breach of data protection legislation has been committed with respect to the processing of your personal data (www.aepd.es).

The tracking measures used enable us to ensure a needs-based design and continuous optimization of our website. We also use tracking measures to statistically record and evaluate the use of our website in order to optimize our offering. 

The purposes of data processing and the corresponding categories of data are indicated in the tracking tools in this section. 

 The legal basis for this data processing is your consent in accordance with Art. 6.1.a a GDPR.

Siteimprove Analytics

This website uses Siteimprove Analytics for the purposes described under the category "Analysis/Statistics". Siteimprove Analytics is a web analytics service provided by Siteimprove GmbH. The information is stored and processed by Siteimprove on servers in Denmark. IP addresses are anonymized before the data collected can be viewed by EOS via the Siteimprove Suite.
 It is not possible to reverse the anonymization of IP addresses or to assign IP addresses to collected data.

a. Shariff solution 

We use Shariff buttons from the social networks Facebook, Twitter, LinkedIn and Xing on our website. The buttons are simple HTML links. With the Shariff solution, a script retrieves how often, for example, the share button on a page has been clicked: To do this, the script contacts the social network via the programming interfaces and retrieves the figures. 

Your personal data is not transmitted in this process. Instead of your IP address, only our server address is transmitted to Facebook and Twitter. You are only in direct contact with Facebook or Twitter when you become active. Before that, the social networks cannot collect any data about you. As long as you do not click on a link to share content, you remain invisible to the networks. If you click on the link, the obligation to provide information about data collection and processing no longer lies with us, but with the operator of the social network. 

b.YouTube 

Links to videos from the provider YouTube (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) are integrated on our website. When you access a page on our website that contains such a video, a direct connection is established between your browser and the YouTube server after you have activated the video. YouTube then receives the information that you have visited our website with your IP address. If you click on the link to the video, your IP address will be forwarded to YouTube. We would like to point out that, as the provider of our website, we have no knowledge of the content of the transmitted data or its use by YouTube. Further information on this can be found in YouTube's privacy policy (https://www.youtube.com).
 

We use the common SSL (Secure Socket Layer) method on this website in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual website of our Internet presence is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. 

This Privacy Notice is currently valid and was last updated in June 2024.

It may be necessary to amend this Privacy Notice bacause of improvements to our website and to offers via our website or as a result of changes to legal or official requirements.