Privacy Policy
1. Introduction
This Privacy Policy explains how Debt Collection Registry (“we”, “us”, “our”) collects, uses and protects personal data when you visit or use the website debtcollectionregistry.org (the “Site”).
The Site is an informational registry about debt collection frameworks and professional experts in different jurisdictions. We do not offer user accounts and we currently do not provide interactive forms such as contact or sign-up forms on the Site.
2. Data controller and contact
The data controller responsible for processing personal data in connection with the Site is:
Debt Collection Registry
[Insert company name / legal entity]
[Insert postal address]
Email: [insert-contact-email]
3. Personal data we collect
When you visit the Site, we may process the following categories of personal data that are transmitted automatically by your browser and stored in server logs:
- IP address and approximate location (derived from the IP address)
- Date and time of access
- Requested URL and HTTP status code
- Amount of data transmitted
- Referring URL (if provided by your browser)
- Browser type and version, operating system and device information
This technical information is necessary to deliver the Site, ensure IT security and to investigate incidents.
4. Cookies and similar technologies
The Site may use strictly necessary cookies or similar technologies to ensure basic functionality and security (for example, load balancing or protection against abusive traffic).
We do not use cookies for behavioural advertising or to build marketing profiles. If we introduce analytics or additional cookies in the future, this Policy will be updated and, where required, we will ask for your consent before such cookies are placed.
5. Purposes and legal bases for processing
We process the personal data described above for the following purposes and on the following legal bases:
- Provision of the Site and IT security – processing of technical log data is necessary to provide the Site, to monitor stability and to prevent or investigate misuse or attacks. The legal basis is our legitimate interest in operating a secure and reliable website (Article 6(1)(f) GDPR).
- Basic usage statistics – we may create aggregated, non-identifying statistics about visits to understand which jurisdictions and pages are being accessed. The legal basis is our legitimate interest in improving the content and structure of the Site (Article 6(1)(f) GDPR).
6. Retention periods
Server log data that contains IP addresses is kept only for as long as necessary for the purposes described above, in particular for IT security and incident analysis, and is then deleted or irreversibly anonymised. Aggregated statistics that no longer allow identification of individuals may be retained for a longer period.
7. Sharing of personal data
We do not sell personal data and we do not publish visitors’ personal data on the Site.
We may share personal data with trusted service providers who support us in operating the Site (for example, hosting or security services). These providers act as processors and are contractually required to process data only on our instructions and to implement appropriate security measures.
We may also disclose personal data if required to do so by law or by competent public authorities.
8. International transfers
If personal data is transferred outside the European Economic Area, we will only do so where appropriate safeguards are in place (for example, adequacy decisions or standard contractual clauses) and in accordance with applicable data protection law.
9. Data security
We implement technical and organisational measures to protect personal data against unauthorised access, loss, destruction or alteration, taking into account the state of the art, implementation costs and the nature of the processing.
10. Your data protection rights
Subject to the conditions and exceptions set out in applicable data protection law, you may have the right to:
- Request access to your personal data
- Request rectification of inaccurate personal data
- Request erasure of your personal data
- Request restriction of processing
- Object to processing based on our legitimate interests
- Receive personal data you provided to us in a structured, commonly used and machine-readable format and transmit it to another controller (data portability)
You also have the right to lodge a complaint with a competent supervisory authority if you believe that the processing of your personal data infringes applicable data protection law.
11. Contact
If you have any questions about this Privacy Policy or about how we process personal data, please contact us at:
Email: [insert-contact-email]
[Insert postal address]
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time, for example if we introduce new features on the Site or if legal requirements change. The version published on this page is the current version. We encourage you to review this page periodically.
13. No legal advice
This Privacy Policy is intended to provide transparent information to visitors of the Site. It does not constitute legal advice. We recommend that you consult qualified legal counsel to ensure that all processing activities and disclosures are compliant with the laws applicable to you.