Debtors Lists (Ficheros de Morosos) arguably play an important role in reducing unpaid debts by providing motivation for debtors to pay and by providing a means for companies to check out potential clients before entering into a contract with them and allowing them to avoid potentially risky relationships.
However, you need to bear in mind the risk that these lists can pose to the privacy and honour of those clients, even if they are defaulting on their payments. Keep reading to find out how to fulfil the relevant requirements so that you can demonstrate that you have done so before providing personal details to a Debtors List and avoid liability for any subjective and objective damages.
How to claim back money from defaulters:
There are many ways to try to recover the outstanding amounts, from friendly reminder emails to starting judicial action via a ‘monitorio’ procedure. In some cases, you will also have the option to submit the details of the unpaid amount and of the debtor for publication in a so-called “Debtors List” (“Fichero de morosos”) which may be consulted by future companies when deciding who (and who not) to do business with.
In this article, we will outline the obligations and requirements that you must fulfil in order to be able to register the debt of a natural person in these lists.
Written by Abigail Sked
Paralegal
Discover the different ways in which we can help you claim back unpaid debts here.
Requirements for the inclusion of personal data in a debtors list
The key aspect to bear in mind when considering whether to make use of a Debtors’ List is data protection, particularly of natural persons because, in line with the GDPR’s principles of transparency and accuracy, you must make sure that the debtor is sufficiently aware of the possibility of their details being included in such a list, and that those details are correct.
As such, the Spanish Data Protection Agency (AEPD) sets out the following requirements which are necessary if you are to include details of a natural person in this type of financial solvency and creditworthiness operation:
- That the data have been provided by the creditor or by someone acting on his/her behalf or interest.
- Prior existence of a debt that is certain, due, payable and that has not been paid, for an amount exceeding fifty euros.
- That the creditor has informed the affected party in the contract or at the time of requesting payment of the possibility of inclusion in such systems, indicating those in which he participates.
- That the creditor has made a demand for payment to the debtor prior to the communication of his/her data to the Debtors List.
- In addition, the entity that maintains the credit information system must notify the affected party of the inclusion of such data and inform them of the possibility of exercising their rights as established in articles 15 to 22 of Regulation (EU) 2016/679 within thirty days of the notification of the debt to the system, with the data remaining blocked during this period.
- Five years have not elapsed since the date on which the debt was due for payment or the due date of the obligation or of the specific deadline if it is due periodically.
Let's look at a few of these requirements in some more detail.
The debt must be certain, due, payable and not paid.
Firstly, logically, once the debtor has paid some or all of the debt, the information originally submitted about the debt will no longer be accurate. As such, you, as the creditor, must let the data controller of the Debtors List know about any changes to or payment of the debt so that they can proceed to delete or change the relevant data. You have one week to make this notification. The data must also be deleted when five years have elapsed since the payment became due.
In addition, case law has provided clarification with regard to the certainty of the debt. In STS no. 945/2022, de 20 de diciembre, ECLI:ES:TS:2022:4607 it was stated that, at the time of communicating the debt to the Debtors’ List system, there must not be any controversy over the amount owed.
“If the data subject reasonably and legitimately considers that he does not owe what is claimed and has made this known to the creditor, non-payment is not indicative of the data subject's insolvency and therefore the processing of his or her data in one of these lists is not appropriate.”
Similarly, the law demands that the existence or amount of the debt in question:
"has not been the subject of an administrative or judicial claim by the debtor or through a binding alternative dispute resolution procedure between the parties".
(Article 20(1) of the Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales.)
The creditor must make a demand for payment
Although case law has highlighted the essential character of this demand, there is no one “right” way to carry it out.
The Supreme Court stated that “Proof of receipt is not required, since receipt can be deemed to be established by means of presumptions as long as there is reasonable guarantee or record of receipt.” (STS no. 1319/2023 de 27 de septiembre, ECLI:ES:TS:2023:3824)
This means that although you needn’t be able to show irrefutable proof that the communication was received by the correct person, if something happened which put the receipt in doubt, such as the communication being returned because the addressee was unknown at that address, it would be hard to argue that you had reasonable guarantee of receipt. It’s recommendable to do what you can to ensure that you have made the debtor aware of the debt and that you can demonstrate that you have done so.
Who can I share personal data about debts with?
In order to demand the payment of the debt, you may use the data which the client provided you with when signing the contract which led to that debt, because this process is understood as an extension of that very business relationship and the provision of the service they requested. For the same reason, access by debt recovery companies is not considered to be a transfer or communication of data. As such, you don’t need to receive the consent of the data subjects for this data to be accessed, but you will need to have the corresponding provision of services contract in place with that debt recovery company in line with article 28 of the GDPR.
However, if, in the process of trying to recover the money, you find yourself speaking to friends, family or even coworkers of the client during this process, be careful about what information you provide to them. The AEPD explains that:
“With regard to telephone calls to family and friends, including at work, it is considered that these can be made as long as they are not informed of the amount of the debt or of the client’s status as a debtor... However, both family members and friends can exercise their right to object to receiving such calls.”
WHAT IS THE GENERAL DATA PROTECTION REGULATION (GDPR) AND HOW DOES IT AFFECT ME?
Lawyers for recovering unpaid debts:
The Business Payment Behaviour Analysis (El Análisis del Comportamiento de Pago Empresarial) published by Informa in 2023 revealed that 64.33% of the companies contacted suffered at least one non-payment in the last 12 months. Non-payment is an unfortunate reality for many companies in Spain, leading to the breakdown of trust and, in some cases, significant financial difficulties.
But Debtors Lists are playing an important role in the fight against non-payment.
Do you want to check if your potential client has been included in a Debtors List? Do you want to include a client in a Debtors List? Do you have unpaid invoices that you need to recover?
Contact us so that we can help you:
