Log in
Sign up

Privacy Policy

Effective Date: Nov 2025

Introduction

We at Oddcoll AB (“Oddcoll,” “we,” or “us”) value your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you (i) visit our website www.oddcoll.com, (ii) create an account with us, or (iii) otherwise interact with our services.

Data Controller

Oddcoll AB (Company Registration No. 559047-7336), located at Stampgatan 15, 41664 Göteborg, Sweden, is the data controller for the personal data described in this policy, except where we act as a data processor on behalf of our corporate customers under a Data Processing Agreement (DPA).

Roles in Our Debt Collection Services
Customer (the Company) acts as the data controller for the personal data it uploads to the platform (for example information about its debtors and contacts).
For the case-related processing operations described in our DPA, Oddcoll acts as the Customer’s data processor within the meaning of Article 28 GDPR.
Local Debt Collection Agencies engaged through the platform act as sub-processors to Oddcoll for the processing they carry out on behalf of the Customer via Oddcoll. They process debtor data only on documented instructions communicated through Oddcoll and are bound by written sub-processor agreements.
In certain situations, for example where a Debt Collection Agency or Oddcoll must retain data to comply with local accounting, debt collection or other legal obligations, they may act as independent data controllers for that limited processing in accordance with their own legal obligations and privacy notices.

What Personal Data We Process

Contact Details: Name, email, phone, and address of corporate representatives.
Billing Information: Invoicing details, payment history, etc.
Debtor Data: Name, address, debt amount, and any other relevant data provided by the customer in a debt collection case.
Technical Data: IP address, device info, cookies, and logs from our website.

Purposes and Legal Basis

Providing the Service: To manage debt collection through local agencies and administer customer accounts. Legal basis: Contract (Art. 6(1)(b) GDPR).
Support & Communication: To handle inquiries and provide customer support. Legal basis: Contract or Legitimate Interest (Art. 6(1)(f)).
Billing & Accounting: To comply with bookkeeping and accounting obligations. Legal basis: Legal obligation (Art. 6(1)(c)).
Marketing (limited): To send newsletters or promotional info to company representatives, where permitted. Legal basis: Legitimate Interest (Art. 6(1)(f)) or Consent if required by law.

Retention Period

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy or as required by law.

Case-related personal data (for example debtor and case information) is normally stored for the duration of the case and for up to ten (10) years after the case has been closed, to reflect applicable limitation periods and potential legal claims in cross-border B2B debt collection, unless a shorter or longer period is required by the Customer or by applicable law.

Customer and billing records are typically stored for the period required under applicable accounting and bookkeeping rules (usually up to seven (7) years).

In exceptional cases, certain data may be retained for a longer period where necessary for the establishment, exercise or defence of legal claims. In such cases, the data will be restricted and only accessed for that purpose.

Sharing of Personal Data

Local Debt Collection Agencies: Independent debt collection agencies that receive debtor data through the platform as sub-processors to Oddcoll for the purpose of pursuing claims on behalf of the Customer. They are bound by written sub-processor agreements and appropriate data protection obligations.

IT Providers: For example hosting providers, CRM systems, email delivery services and analytics vendors that process personal data on our behalf. All are bound by data processing agreements ensuring

GDPR compliance.
Authorities: If required by law or a binding court/administrative order.

International Transfers

If personal data is transferred outside the EU/EEA (e.g., to a debt collection agency in a non-adequate country), we ensure adequate safeguards, such as the European Commission’s Standard Contractual Clauses, and, where necessary, additional technical and organisational measures.

Your Rights

You have the right to:
Access, rectification, erasure, restriction, and data portability.
Object to certain processing based on legitimate interest.
Withdraw consent where processing is based on consent (without affecting the lawfulness of processing based on consent before its withdrawal).

To exercise your rights, contact us at info@oddcoll.com. We may need to verify your identity before fulfilling your request.

Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or destruction, taking into account the nature of the data and the risks involved.

Changes to this Policy
We may update this policy as needed. The latest version will always be available on our website. If we make material changes, we will notify you through the website or by other appropriate means.

Contact

For questions or concerns about our data handling:

Email: info@oddcoll.com
Address: Stampgatan 15, 41664 Göteborg, Sweden
Phone: +46 31-360 80 96

Get free consultation