Privacy Policy

This Privacy Policy, together with the Cookie Policy, contains information on the processing of personal data of persons using the Website by Kredyt Direct Debit S.A. on the terms specified in the Terms of Service and is an integral part of it.

The policy defines the legal grounds for processing and the methods of collecting and using personal data as well as the rights of the Website Users. By ensuring data security, we have implemented policies, procedures and training systems that ensure adequate data protection by ensuring their confidentiality, integrity and availability. We regularly check the implemented technical and organizational measures in terms of their adequacy to the observed risk.

I.  DEFINITIONS

GPDR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation),

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing – means an operation or a set of operations performed on personal data or a set of personal data automatically or manually such as collecting, recording, organising, sorting, storing, adapting or modifying, downloading, viewing, using, revealing by sending, spreading or any other way of revealing, adjusting or combining, restricting, deleting or destroying;

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Controller means an entity that alone or jointly with others determines the purposes and means of the processing of personal data.

Cookies – text data collected in the form of files placed on the User’s device.

II.  GENERAL PROVISIONS

  • The administrator of personal data collected via the website www.kredytinkaso.pl is Kredyt Inkaso S.A. with its registered office in 02-676 Warsaw, ul. Postępu 21B, entered into the business register under the NIP number: 922-25-44-099, REGON: 951078572,
  • Please address your doubts and requests regarding the implementation of your rights by e-mail to the following address: kontakt@kredytinkaso.pl or by letter to the address Okrzei 32, 22-400 Zamość.
  • The Controller has appointed a Data Protection Officer, who you can contact in all matters related to personal data atdpo@kredytinkaso.pl.
  • Personal data is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and in accordance with the Act of 10 May 2018 on the protection of personal data.
  • We exercise due diligence to protect the interests of data subjects, and in particular we ensure that the data collected are:

a) processed lawfully, fairly and in a transparent manner for the data subject,

b) collected for specific, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes,

c) adequate, appropriate and limited to what is necessary for the purposes for which they are processed,

d) correct and, if necessary, updated,

e) stored in a form which allows the identification of the data subject, for no longer than it is necessary for the purposes for which the data is processed;,

f) processed in a manner that ensures appropriate security of the personal data.

III.  PURPOSE AND SCOPE OF DATA COLLECTION AND LEGAL BASIS FOR THESE ACTIVITIES

  • Personal data of Website Users are processed on the basis of:

a)  6 it. 1 letter f of the GDPR – because the processing of data is necessary for the implementation of legitimate interests pursued by the Controller:

i. in order to provide services electronically in the scope made available to Users of tools and content collected on the Website,

ii. in order to handle complaints in connection with the provision of services,

iii. for analytical and statistical purposes – consisting in conducting analyses of Users’ activities, as well as their preferences in order to improve the functionalities used and services provided,

iv. in order to determine and pursue possible claims or defend against claims, consisting in the protection of the Administrator’s rights,

v. for marketing purposes – promoting the Administrator’s services in social media and as part of the Website,

vi. to promote their own brand and to build and maintain the brand community.

b)  art. 6 it. 1 letter a of the GDPR – the processing of personal data takes place on the basis of the consent of the User:

i. for the use of Cookies,

  • Users can use the Website without the need to provide their personal data.
  • If you wish to use the tools provided by the Administrator, the User provides data in accordance with the form of the given tool.
  • Providing data in shared tools is voluntary and failure to provide data will result in the inability to use the tool.
  • As part of using the Website, the Administrator processes personal data that is collected using Cookies. The manner, purpose of processing personal data of Website Users by Cookies is described in the Cookie Files Policy.

IV.  STORAGE AND DELETION OF DATA

  • In connection with the performance of the Services, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, entities such as legal entities, audit entities, entities related to the Administrator and entities authorized by law, e.g. supervisory authorities, law enforcement authorities or courts.
  • The period of data processing and storage depends on the type of service provided and the purpose of the processing. As a rule, data are processed for the time of providing the service, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Administrator or until the time required by law, when processing is necessary to fulfill the obligations incumbent on the Administrator.

V.  RIGHT OF USERS

  • The User has the right to request from the Administrator access to their personal data; the right to rectify, delete or limit their processing; the right to object to the processing; the right to transfer data; the right to object, the right to withdraw consent to the processing of personal data, which is available at any time – applies to data processed by the Administrator based on the consent expressed by the User. Withdrawal of the consent shall not affect the lawfulness of the processing which was carried out on the basis of the consent before its withdrawal;
  • The scope of rights as well as situations in which the User may exercise his rights result directly from the provisions of law. The exercise of rights will depend on the legal basis for data processing as well as the purpose for which it processes the Controller’s data.
  • In addition, the User has the right to lodge a complaint with the supervisory authority if he/she considers that the data processed by the Administrator violates the provisions of the GDPR. The supervisory authority in Poland is the Office for Personal Data Protection with its registered office in Warsaw 00-193, Stawki 2.
  • Your personal data is not transferred outside the EEA.
  • In order to implement marketing activities, in some cases the Administrator uses profiling. This means that due to the automatic processing of data, the Administrator evaluates selected factors concerning natural persons in order to analyze their behavior or create a forecast for the future.