Privacy Notice for Monthly Invoice

The protection of your privacy is of the utmost importance to us. This Notice explains what personal information we collect and process from you when you use Monthly Invoice and become a customer with us. It also informs you about your data protection rights and explains how you can exercise them.

We, Riverty GmbH, Gütersloher Str. 123, 33415 Verl (hereinafter: "Riverty", "we", "us"), are responsible for the storage and processing of your personal information that we collect from you or otherwise process as part of your use of Monthly Invoice once you have not paid our Monthly Invoice when due (in which case Amazon’s claim against you will be assigned to us). As the data controller within the meaning of EU Regulation 2016/679 (the "GDPR"), we ensure that our processing activities are in compliance with the law.

3.1 Information you share with us

You provide us with personal information when you use Monthly Invoice or contact us, including but not limited to the following information:

• Contact details and personal information such as name, email address, postal address, date of birth, phone number, ID number
• Payment information such as invoice information, bank account number

 

3.2 Data processed by us when you use Monthly Invoice

When you use Monthly Invoice or contact us as part of the payment process, we process the following information about you which are already stored with us or are provided to us directly from you or via third parties such as credit reference agencies or Amazon:

• Information on goods/services such as details of the items you have ordered (e.g. order value, product group, value of goods).
• Financial information such as credit scores or negative payment remarks provided by credit reference agencies
• Historical information such as your order history, payment history and credit acceptance history in relation to your use of Monthly Invoice or other payment methods offered by us.
• Information about the interaction between you and us such as the nature of your use of the Monthly Invoice, including details of outstanding and past debts and your (re)payment history with us, personal preferences, your interaction with our customer services
• Information about interactions between you and Amazon such as your communications with Amazon e.g. whether goods have been delivered

The information you share with us, as well as the information we collect about goods/services, the Historical Information, your financial information and the information about the interactions between you and Amazon are, inter alia, needed to provide you with the opportunity to use Monthly Invoice. The other information we collect, such as the information about the interactions between you and us, is required for the purposes listed below.

As part of the ordering process on Amazon’s website, your contact details, information about goods/services, financial information and, if available, historical information and Information about the interaction between you and us will be used in the interests of effective fraud prevention  and credit worthiness checks  (decision as to whether Monthly Invoice will be offered to the respective user) as follows:

Once you have selected Monthly Invoice as part of the ordering process on Amazon’s website, Amazon sends us your contact details (name, address, date of birth (if necessary), email address) and information about goods/services so that it can be decided whether you can use Monthly Invoice as a payment method.

For this purpose, we send your name, address and, if necessary, your date of birth for the credit check to be carried out by

• Germany: infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden, Germany
• Austria: Credify Informationsdienstleistungen GmbH, Gumpendorfer Straße 21, 1060 Wien, Austria
• Switzerland: CRIF AG, Hagenholzstrasse 81, 8050 Zürich, Switzerland
• Sweden: Bisnode Kredit AB, Rosenborgsgatan 4-6, Solna, Sweden
• Norway: Bisnode Norway AS, Langkaia 1, 0150 Oslo, Norway
• Denmark: Experian A/S, 2100 København Ø, Denmark
• Finland: Bisnode Finland Oy, Kumpulantie 3, 00520 Helsinki, Finland
• Netherlands: Experian Nederland B.V.,Verheeskade25, 2521 BP Den Haag, Netherlands

(each a “Credit Referencing Agency”) for the creditworthiness check to be carried out. Taking into account, among other things, address data and past payment experiences, the relevant Credit Referencing Agency produces a forecast of payment probabilities (score), in particular, on the basis of mathematical-statistical processes (in particular logical regression and comparisons with groups of persons with similar attributes and a known  historical payment behaviour), and provides this score to us. Based on the information about goods/services, the score provided by the relevant Credit Referencing Agency, your contact details (name, address and, if applicable, date of birth) and the information we have about your previous payment behaviour, a balanced decision will be made as to whether you can use Monthly Invoice. The legal bases for these investigations are Article 6 Paragraph 1 b) and Article 6 Paragraph 1 f) GDPR. Before offering Monthly Invoice, which involves a payment  risk, the legitimate interest is to assess as accurately as possible whether you will meet the payment commitments resulting from your use of Monthly Invoice.

The legal basis for these transfers is Article 6 Paragraph 1 b) and Article 6 Paragraph 1 f) of the GDPR. The legitimate interest is to be able to assess as well as possible whether you will meet the payment obligations entered into before granting you the payment with Monthly Invoice, which entails a payment risk.

Furthermore, in order to avoid any incorrect deliveries and payment defaults, the address data that you have specified shall be verified by means of an address check based on Article 6 Paragraph 1 f) GDPR and sent to the relevant Credit Referencing Agency for this purpose. The data required for credit and address checking and for payment method control shall be sent via a secure interface.

Furthermore, your name, address and date of birth will be transmitted to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, for identity verification purposes on the basis of Article 6 Paragraph 1 f) GDPR. On the basis of the match rate transmitted to us by SCHUFA and, if applicable, the information that an ID-based legitimation check has already been carried out on your person at SCHUFA or another SCHUFA business partner, we can check whether you are stored in the SCHUFA database at the address given on the Amazon website. Further information on the activities of SCHUFA within the meaning of Art. 14 GDPR can be found at www.schufa.de/datenschutz.

In accordance with Article 21 Paragraph 1 GDPR, you are entitled to object to the processing of your data with future effect for reasons arising from your specific situation; this also applies for any profiling carried out for the purposes specified above. Please bear in mind, however, that, in this case, you will no longer be able to use of Monthly Invoice as part of your ordering process on Amazon’s website.

You can find more detailed information about the relevant Credit Referencing Agency as defined by Article 14 of the GDPR, i.e. information about the business purpose, about the purpose of data storage, on the data recipients, on the right to find out what details are held about you, a right to erasure or rectification, etc. by clicking on the following link:

• Germany: https://finance.arvato.com/icdinfoblatt
• Austria: https://www.credify.at/art-14-dsgvo-info
• Switzerland: https://www.crif.ch/dsgvo
• Sweden: https://www.dnb.com/sv-se/amnen/gdpr
• Norway: https://www.dnb.com/nn-no/personvern-og-datasikkerhet/personvern-leverandorer
• Denmark: https://www.experian.dk/gyldige/forretningsvilkaar/brug-af-personlige-oplysninger
• Finland: https://www.dnb.com/fi-fi/tietosuojaselosteet
• Netherlands: https://www.experian.nl/consumenten-informatie/privacyverklaring-consumenten

 

4.2 Customer communication

Your contact details may be used for customer communication (not advertising). For this purpose, you may, for example, be contacted in connection with customer service or our services, e.g. by sending invoices or reminders by e-mail or notifications about Monthly Invoice.

4.3 To meet legal requirements

We are subject to various legal requirements (e.g. Money Laundering Act, Banking Act, tax laws) as well as regulatory requirements (e.g. of the Federal Financial Supervisory Authority) and therefore process personal data for the purposes of creditworthiness checks, identity and age checks, fraud and money laundering prevention, combating the financing of terrorism as well as for the purposes of fulfilling tax control and reporting obligations.

Neither the decision on whether to grant you the payment with Monthly Invoice in the ordering process (payment method control) nor the review of the fraud potential of possible orders involves an automated individual decision-making pursuant to Article 22 GDPR. If your request to pay with Monthly Invoice will be denied, you can still use other payment methods (e.g. credit card) to complete your order. This means that our decision neither produces legal effects to you nor similarly significantly affects you.

Within the framework of the decision to allow you the use of Monthly Invoice, information from the externally used credit agencies as well as any payment data we may already have is used (see 4.1.). On the basis of mathematical-statistical methods (in particular methods of logistic regression or other statistical, partially automated optimisation models), a forecast is created, in particular about payment probabilities and, if applicable, risks of fraud and abuse, using our existing payment information, both through comparisons with groups of people who have similar attributes and a known historical payment behaviour and through historical analyses of fraud patterns (in particular through extrapolation to our target groups).

If your request to pay with Monthly Invoice will be denied due to insufficient creditworthiness or due to a significant suspicion of fraud, Monthly Invoice will not be offered to you, but you can use other payment methods (e.g. credit card) to complete your order.

We use the cloud service "Microsoft Azure" from the provider Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter: "Microsoft"); i.e. the data is processed in data centres at our processor Microsoft. In doing so, access to their data from a third country cannot be ruled out. With the exception of Microsoft, we do not currently transfer your data to countries outside the EU / EEA. If we do transfer your data to companies outside the EU / EEA, we will ensure that your data is adequately protected and that appropriate safeguards are in place (e.g. EU standard contractual clauses and, where applicable, further measures based on the so-called Schrems2 ruling of the ECJ). You can request a copy of the protective measures we have implemented from our data protection officer at datenschutz_monatsabrechnung@riverty.com.

Access: You can request a written copy of the information that we hold about you.

Rectification: We want to make sure that your personal information is accurate and up to date. You may ask us to rectify or remove information you think is inaccurate.

Erasure: You can request that we erase your information. We may not be able to erase your information straight away, for example if we still need it for providing you with our services. We are not permitted to erase information about you that the law requires us to keep.

Objection: You have the right to object to the processing of your information pursuant to Article 21 GDPR.

Restriction of processing: You have the right to restrict the processing of your data in accordance with Article 14 of the GDPR.

Withdrawing consent: Where the processing of your information is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on your consent before its withdrawal.

Data portability: If your personal data is processed by automated means for the fulfilment of our contractual relationship, you have the right to request that we provide you with personal data on a machine-readable format for transmission to another data controller.

Complaints: You can file a complaint with us or your local data protection authority at any time: Die Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Postfach 20 04 44, 40102 Düsseldorf (Tel.: 0211/38424-0, Fax: 0211/38424-10, E-Mail: post-stelle@ldi.nrw.de).

If you have a request send us an e-mail to datenschutz_monatsabrechnung@riverty.com

We may share your data with other companies in our group (i.e. across countries) for the purposes set out in this statement to enable us to provide you with the best possible service. If necessary, we also engage a third party as a service provider (order processor, e.g. data centres) within the scope of the purposes stated in this declaration. Service providers will only have access to your data to the extent and for the period necessary to provide the relevant service. We may provide Amazon  with the information they need to appropriately fulfil and manage your order. This information is subject to the privacy policy of Amazon.

We may disclose your information to credit reference agencies and companies that carry out identity checks to verify your creditworthiness or to carry out a risk assessment if you wish to use Monthly Invoice, and to verify your identity and address details. Where we are legally obliged to do so, we disclose the necessary information to authorities such as the police or tax authorities. A statutory disclosure obligation exists, for example, in the case of measures against money laundering and terrorist financing. However, we only disclose to the competent authorities the data required on the basis of the current legal situation.

Should we disclose your data to these selected third parties, we will make all reasonably expected efforts in legal, technical and organisational terms to ensure that, when transferred or disclosed to said third parties, your data will be treated confidentially and adequately protected. We would like to expressly point out that we do not sell your personal data to third parties. Furthermore, we do not disclose your data to third parties for the purpose of direct advertising or other forms of direct marketing, opinion polls or market studies, unless you have given your consent.

When selecting Monthly Invoice as a payment method on Amazon’s website you must provide those personal data that are necessary in order to make a decision on approving your use of Monthly Invoice or such data which have to be collected by law. Without these data, it is normally not possible to approve your use of Monthly Invoice.

We use the latest technology to keep your data secure. This means that we use all necessary technical and administrative security measures to protect your data against unauthorised access, transfer, erasure or any other unauthorised processing. These security measures include state-of-the-art firewalls, encryption, use of secure IT areas, proper access control, providing instruction to personnel involved in the processing of your data, and the careful selection of sub-contractors. In addition, the right to access your data is restricted to personnel who need to access your information as part of their work.

We are constantly working on the further development of our services and therefore adapt this privacy note accordingly in the event of changes to the services. Changes may also result from a change in the applicable law.

You have the right, upon request and within a reasonable time, to request information about your data, to correct any inaccurate data relating to you or to inform us that you withdraw your consent to the storage of your personal data. We have a dedicated team of data protection specialists. If you have any questions about this privacy statement or data protection, please contact the Riverty Data Protection Officer at datenschutz_monatsabrechnung@riverty.com