Personal data

On the basis of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: ” GDPR”), we inform you that:

1. The Controller of your personal data (hereinafter „the Controller”) is Kredyt Inkaso S.A. with its registered office in Warsaw, address: ul. Postępu 21B, 02-676 Warszawa.

2. The Controller has appointed a Data Protection Officer whom you can contact in all matters relating to your personal data at the following e-mail address: dpo@kredytinkaso.pl. The details of the Data Protection Officer are available on the website: https://enrelacjeinvestorskie.kredytinkaso.pl in the contact tab.

3. Your personal data will be processed for the following purposes:

a) execution of the Agreement (art. 6 para. 1 (b) of the GDPR – processing is necessary to perform the agreement or to take action before its conclusion),

b) keeping documentation of cooperation (art. 6 para. 1 (c) of the GDPR, in connection with the Act of 15 January 2015 on bonds – processing is necessary to fulfill the legal obligation incumbent on the Controller),

c) the possible determination, assertion or defence of claims (Art. 6 para. 1 (f) of the GDPR – implementation of the Controller’s legitimate interest).

4. The processing period of your personal data is related to the purposes of their processing indicated above. In view of the above, the personal data will be processed for the period in which the Controller of personal data is obliged by law to keep the data or for the period of limitation of potential claims, the assertion of which requires the disposal of the data, but not longer than 10 years from the date of termination of cooperation.

5. The recipients of your personal data may be:

a) entities, including companies from the capital group to which the Controller belongs, including Kredyt Inkaso IT Solution Sp. z o.o. providing IT services to other entities in the Kredyt Inkaso S.A. group,

b) entities providing office services to the Controller (including document destruction).

6. Your personal data will be subject to transfer to a third country due to the Controller’s use of Microsoft 365 tools, then the entrustment of processing activities will be carried out on the basis of standard contractual clauses provided by the EU, ensuring sufficient security guarantees referred to in the GDPR.

7. You have the right of access to the content of your data and the right to rectification, erasure, restriction of processing, data transfer and the right to object to the processing of your data on the basis of legitimate interest, for reasons related to your particular situation. In this case, the processing of your data for these purposes will be discontinued unless the Controller can demonstrate that there are compelling legitimate grounds for the Controller to do so which override your interests, rights and freedoms, or the data are necessary for the Controller to possibly establish, assert or defend claims.

8. You have the right to bring a complaint to the President of the Personal Data Protection Office, if you consider that the processing of personal data related to you infringes the GDPR regulations. The President of the Personal Data Protection Office ul. Stawki 2, 00-193 Warszawa, phone: 22 531 03 00, kancelaria@uodo.gov.pl.

9. Your personal data are not subject to automated decision making within the meaning of the GDPR, including profiling related to automated decision making.

10. Providing personal data by you is a condition for the conclusion of the agreement. Refusal to provide this personal data may result in an inability to conclude the agreement with us.