Skip to main content
033 – 785 8470
info@breyta.nl
Received a payment request?
Client Login

Data Processing Agreement Breyta Incasso B.V.

Parties

  1. Controller ("Client"): the natural person or legal entity who submits a collection assignment to Breyta as a client and digitally accepts this data processing agreement when entering into the Main Agreement. The identifying details of the Client (name, Chamber of Commerce (KvK) number, registered address and contact details) are recorded in the registration form and the resulting Main Agreement, and form an integral part of this data processing agreement.
  2. Processor ("Breyta"): Breyta Incasso B.V., established in Nijkerk, with offices at Kloosterstraat 6, 3861 AC Nijkerk, registered in the trade register of the Chamber of Commerce (KvK) under number 98944118.

The Client and Breyta are hereinafter jointly referred to as the "Parties" and each separately as a "Party".

Note on digital acceptance: the Client agrees to this data processing agreement by ticking the corresponding checkbox in the registration form when submitting a collection case (or when entering into a Breyta Pro membership). This digital acceptance constitutes legally valid acceptance and replaces a physical signature.

Article 1 – Definitions

In this agreement, the following terms are understood to mean:

  • GDPR (AVG): the General Data Protection Regulation (Regulation (EU) 2016/679).
  • Personal data: all information about an identified or identifiable natural person as referred to in the GDPR.
  • Processing: any operation relating to personal data, as referred to in the GDPR.
  • Data subject: the natural person to whom the personal data relates.
  • Data breach: a breach of security as referred to in Article 4(12) GDPR.
  • Main Agreement: the collection assignment between the Parties on the basis of which Breyta performs collection services, including the applicable terms and conditions of Breyta.
  • Sub-processor: another processor engaged by Breyta in carrying out the Main Agreement.

Article 2 – Subject and duration

  1. This data processing agreement governs the rights and obligations of the Parties with regard to the processing of personal data by Breyta in the context of carrying out collection services for the Client.
  2. This agreement enters into force at the moment of digital acceptance by the Client when submitting a collection case or when entering into a Breyta Pro membership, and applies for the duration of the Main Agreement, unless this agreement is terminated earlier in accordance with Article 15.
  3. The obligations under this agreement remain in force for as long as Breyta processes personal data on the instructions of the Client.

Article 3 – Nature and purpose of the processing

Purposes of the processing

Breyta processes personal data exclusively for the following purposes:

  • Carrying out extrajudicial and judicial collection activities;
  • Conducting correspondence with debtors;
  • Making payment arrangements;
  • Advising the Client on recovery options;
  • Passing data on to bailiffs and/or lawyers if judicial collection is necessary;
  • Carrying out all other actions that are necessary for the collection of claims.

Categories of data subjects

  • Natural persons who are debtors of the Client (private individuals);
  • Contact persons and representatives of legal entities who are debtors of the Client.

Categories of personal data

  • Identification data (name, initials, prefix);
  • Contact details (address, postcode, town/city, telephone number, email address);
  • Date and place of birth;
  • Chamber of Commerce (KvK) number and/or VAT number (if applicable);
  • Financial data (invoice number, invoice amount, payment history, payment arrangements);
  • Correspondence and communication data;
  • Bank account number (IBAN);
  • Other data provided by the Client and necessary for the collection.

Processing activities

  • Collecting, recording and organising personal data;
  • Storing and retaining;
  • Consulting and using;
  • Providing by means of correspondence (post, email, telephone);
  • Passing on to bailiffs and lawyers for judicial collection;
  • Adjusting or amending;
  • Destroying or deleting.

Article 4 – Obligations of Breyta

  1. Breyta processes personal data exclusively:
    • On the basis of documented instructions from the Client, as laid down in this agreement and the Main Agreement;
    • Insofar as this is necessary for carrying out the collection assignment;
    • In accordance with applicable laws and regulations, including the GDPR.
  2. If Breyta is of the opinion that an instruction from the Client is contrary to the GDPR or other applicable legislation, Breyta will inform the Client of this without delay and in writing.
  3. Breyta does not process personal data for its own purposes or for the purposes of third parties.
  4. Breyta will inform the Client without delay if it is unable to fulfil its obligations under this agreement.

Basis for transfer to bailiffs and lawyers

Breyta only passes personal data on to bailiffs and lawyers if the Client instructs judicial follow-up and/or this is necessary for:

  • Carrying out the collection assignment (Article 6(1)(b) GDPR); and/or
  • Establishing or defending a legal claim (Article 9(2)(f) GDPR, if special categories of personal data are involved).

Article 5 – Obligations of the Client

  1. The Client is and remains at all times the controller within the meaning of the GDPR and is responsible for:
    • The lawfulness of providing personal data to Breyta;
    • The accuracy and completeness of the personal data provided;
    • Informing data subjects in accordance with Articles 13 and 14 GDPR;
    • Obtaining any required consent from data subjects;
    • Making notifications to the Dutch Data Protection Authority insofar as required.
  2. The Client indemnifies Breyta against all damage and claims from third parties arising from the Client's failure to fulfil its obligations as controller.

Article 6 – Security of personal data

  1. Breyta takes appropriate technical and organisational measures to secure personal data against loss or against any form of unlawful processing (such as unauthorised access, corruption, alteration or disclosure of the personal data).

Security measures

The security measures include at least:

  • Access security: access to systems exclusively by means of personal login details with strong passwords and multi-factor authentication where possible;
  • Authorisation policy: functional separation and minimal access rights (need-to-know principle);
  • Encryption: encrypted storage and transmission of personal data;
  • Firewalls and antivirus software: up-to-date security software;
  • Back-ups: regular back-ups of data;
  • Physical security: restricted access to office spaces and servers;
  • Logging and monitoring: recording of access and processing activities;
  • Secure destruction: secure destruction of data carriers.
  1. Breyta updates the security measures regularly and adapts them to technological developments and changing risks.
  2. At the Client's request, Breyta provides information about the security measures taken.

Article 7 – Confidentiality

  1. Breyta undertakes to keep confidential all personal data that it processes in the context of this agreement.
  2. Breyta ensures that all persons who have access to the personal data on its instructions have committed themselves to confidentiality in writing or are subject to a statutory duty of confidentiality.
  3. The duty of confidentiality remains in force even after termination of this agreement.

Article 8 – Sub-processors and transfer to third parties

  1. The Client hereby grants Breyta general authorisation to engage sub-processors for the purpose of carrying out the Main Agreement, provided that Breyta complies with the obligations set out in this article.

Sub-processors engaged

Breyta engages at least the following sub-processors, for which the Client grants consent upon acceptance of this agreement:

  • Microsoft Corporation: for email traffic and communication via Microsoft 365;
  • FinChamps: for the collection software system in which personal data is processed and stored.

An up-to-date list of engaged sub-processors is available on request via privacy@breyta.nl.

Transfer to bailiffs and lawyers

When extrajudicial collection does not lead to the desired result, Breyta may pass personal data on to bailiffs and/or lawyers for judicial collection activities. This transfer takes place exclusively:

  • On the basis of an explicit instruction from the Client; or
  • If this is necessary for carrying out the collection assignment and within the limits of the authority granted.

Bailiffs and lawyers act as independent controllers for their own activities. Breyta ensures careful selection and concludes additional processing arrangements where necessary.

Changes to sub-processors

  1. Breyta informs the Client of proposed changes regarding the addition or replacement of sub-processors via a notification on Breyta's website or by email. The Client has the right to object in writing within 14 days of notification to the engagement of a new sub-processor. In the event of a well-founded objection, Breyta will consult with the Client; if no solution is reached, the Client has the right to terminate the Main Agreement.
  2. Breyta imposes the same obligations on sub-processors as are set out in this agreement, by means of a written agreement.
  3. Breyta remains fully liable to the Client for compliance with the obligations by sub-processors.
  4. At the Client's request, Breyta makes available a copy of the sub-processor agreement.

Transfer outside the EEA

If Breyta or an engaged sub-processor transfers personal data to a country outside the European Economic Area, Breyta will take appropriate safeguards in accordance with Chapter V GDPR, such as concluding Standard Contractual Clauses.

Article 9 – Rights of data subjects

  1. Breyta cooperates with the Client in handling requests from data subjects who exercise their rights under the GDPR, including:
    • Right of access (Article 15 GDPR);
    • Right to rectification (Article 16 GDPR);
    • Right to erasure (Article 17 GDPR);
    • Right to restriction of processing (Article 18 GDPR);
    • Right to data portability (Article 20 GDPR);
    • Right to object (Article 21 GDPR).
  2. If a data subject approaches Breyta directly with a request, Breyta forwards this request to the Client without delay.
  3. Breyta only answers requests from data subjects on the instructions of the Client.
  4. The Client is responsible for assessing and answering requests from data subjects within the statutory time limits.

Article 10 – Data breaches

  1. Breyta reports a (suspected) data breach to the Client in writing without delay, but no later than within 24 hours of discovery, via the contact email address known to the Client.

Content of the report

The report contains at least the following information (insofar as available):

  • The nature of the breach;
  • The categories and estimated number of data subjects;
  • The categories and estimated amount of personal data involved;
  • The likely consequences of the breach;
  • The measures taken or proposed to remedy the breach and limit the harmful consequences.

Cooperation and responsibilities

  1. Breyta provides full cooperation to the Client in:
    • Investigating the cause and scope of the data breach;
    • Taking measures to remedy the data breach;
    • Meeting any notification obligations to the Dutch Data Protection Authority;
    • Informing data subjects if required.
  2. The Client decides whether a data breach must be reported to the Dutch Data Protection Authority and/or to data subjects.
  3. Breyta documents all data breaches, even if they are not subject to a notification obligation.

Article 11 – Data protection impact assessment and prior consultation

  1. Breyta cooperates with the Client in carrying out a data protection impact assessment (DPIA) if the nature of the processing so requires.
  2. Breyta provides on request all information necessary for carrying out a DPIA.
  3. Breyta cooperates with the Client in prior consultation of the Dutch Data Protection Authority if a DPIA gives cause to do so.

Article 12 – Audits and inspection

  1. The Client has the right (itself or via an independent third party bound to confidentiality) to carry out audits and inspections to verify whether Breyta complies with the obligations under this agreement.
  2. Breyta cooperates with audits and inspections and provides all relevant information, access to systems and access to its business premises.
  3. Audits are announced with a reasonable period of at least 14 days, unless there is a data breach or other urgent situation.
  4. Audits take place during normal office hours and are carried out in a manner that disrupts Breyta's business operations as little as possible.
  5. The costs of an audit are for the account of the Client, unless the audit shows that Breyta seriously fails to comply with the obligations under this agreement. In that case, the costs are for the account of Breyta.
  6. Instead of an audit, Breyta may provide a current audit statement or certification from an independent third party, provided that this covers the relevant processing operations and obligations.

Article 13 – Retention period and deletion of data

  1. Breyta retains personal data in accordance with the Collection Services Quality Act (Wet kwaliteit incassodienstverlening, WKI) for a period of 24 months after the end of the collection assignment.

Exceptions to the retention period

This retention period applies to all personal data and documentation related to the collection assignment, unless:

  • A longer retention period is legally required (for example on the basis of tax retention obligations or civil-law limitation periods);
  • A court procedure is pending, in which case the data is retained until the final conclusion of the procedure;
  • The Client requests a shorter retention period and this is not contrary to statutory obligations.

After the end of the retention period

After the end of the 24-month retention period:

  • Breyta deletes all personal data permanently and irretrievably, unless a statutory retention obligation applies;
  • The Client receives, on request, written confirmation of deletion.

On termination of the Main Agreement

On termination of the Main Agreement before the end of the 24 months:

  • Breyta continues to retain the personal data for the remaining duration of the 24-month period, unless the Client requests deletion or return in writing;
  • If the Client requests deletion, Breyta points out to the Client the statutory retention obligation of 24 months under the WKI;
  • The Client may opt for return of the data, after which the Client itself is responsible for the statutory retention period.
  1. Breyta deletes or destroys personal data in such a way that it is irretrievable.

Article 14 – Liability

  1. Each Party is liable for damage suffered by the other Party as a result of failure to fulfil the obligations under this agreement and/or the GDPR.
  2. Breyta is not liable for damage resulting from:
    • Incorrect or incomplete instructions from the Client;
    • Incorrect or incomplete personal data provided by the Client;
    • Action by the Client contrary to the GDPR;
    • Unlawful processing by the Client prior to providing the data to Breyta.
  3. Breyta's liability is limited to the amount paid out under Breyta's liability insurance, increased by the excess.
  4. In the absence of insurance cover, Breyta's liability is limited to the amount paid by the Client in the year preceding the event under the Main Agreement, with a maximum of € 10,000.
  5. Breyta is never liable for indirect damage, consequential damage, lost profits, missed savings or damage due to business stagnation.
  6. The limitations of liability set out in this article do not apply in the event of intent or wilful recklessness on the part of Breyta or its managers.

Article 15 – Duration and termination

  1. This agreement is entered into for an indefinite period and ends automatically upon termination of the Main Agreement.
  2. The Parties may terminate this agreement in writing, observing a notice period of one month.
  3. The Client may terminate this agreement in writing with immediate effect if Breyta fails to fulfil its obligations under this agreement and remains in default after written notice of default with a reasonable period of at least 14 days to nevertheless comply.
  4. Upon termination of this agreement, the articles on confidentiality, deletion of data and liability remain in force.

Article 16 – Amendments

  1. Breyta reserves the right to amend this agreement unilaterally if this is necessary because of:
    • Changes in applicable laws and regulations;
    • Binding rulings of supervisory authorities or judicial bodies;
    • Technical or organisational developments that are necessary for adequate security.
  2. Breyta informs the Client at least 30 days before the entry into force of the amendment via a notification on Breyta's website or by email.
  3. If the Client does not agree to the amendment, it has the right to terminate the Main Agreement with effect from the date on which the amendment enters into force.

Article 17 – Final provisions and acceptance

  1. This agreement is governed by Dutch law.
  2. All disputes arising from or in connection with this agreement are submitted to the competent court in the district of Midden-Nederland (district court of Lelystad, Zwolle location).
  3. If any provision of this agreement is null and void or is annulled, the remaining provisions remain in full force. The Parties will consult in order to agree on a replacement provision.
  4. This agreement is drawn up in the Dutch language. In the event of translation, the Dutch text prevails.

Acceptance

This data processing agreement is accepted by the Client by ticking the corresponding checkbox ("I agree to the data processing agreement") when submitting a collection case or entering into a Breyta Pro membership via Breyta's website. This digital acceptance constitutes legally valid consent and replaces a handwritten signature. Breyta records the moment of acceptance (date, time and the identifying details associated with the Client from the registration form) in its administration. The Client receives, on request, a copy of the accepted version of this agreement.

Contact

Questions about this data processing agreement or about the processing of personal data by Breyta?

Breyta Incasso B.V.
Kloosterstraat 6, 3861 AC Nijkerk
KvK: 98944118
Email: info@breyta.nl

Version 1.0 – 08-05-2026. The most recent version of this data processing agreement can always be consulted on Breyta's website.

Want to discuss your debt collection case?

Feel free to call us if you need a bailiff at 033-7858470.

  • Connected in 1 minute, no automated menu
  • Let's discuss your case
  • Exclusively for businesses
  • Weekdays from 8 AM to 8 PM
Call Breyta

Share this article