Ladies and gentlemen,
In connection with the new regulations on the protection of individuals with regard to the processing of personal data, we would like to meet our obligation to provide information on how we process your data. Below we explain the most important issues. If you have any questions, please contact us.
• How your personal data is processed;
• How the processing of your data is controlled;
Inkaso Kredytowe Sp. z o.o. puts emphasis not only on legal, but also on the physical security of your personal data. For this reason, there is visual monitoring in our office, adequate document security against unauthorized access, and each person entering our location is required to provide their data for verification.
What is the legal basis for processing your data in the context of recovery?
Sharing personal data with our entity takes place under the provisions of the Act of 29 August 1997 on the protection of personal data and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to processing personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) and may be based on different legal bases. In accordance with art. 23 clause 1 point 5 of the aforementioned Act, the processing of personal data, including their sharing, is admissible if it is necessary to fulfill legally justified purposes pursued by data controllers or data recipients, and the processing does not violate the rights and freedoms of person, the data refers to. Due to the fact that - pursuant to art. 23 clause 4 point 2 of the Act - a legally justified purpose is the pursuit of claims arising from business activity conducted by the data controller, in which case data processing is legally permissible. The administrator of your data - in the light of art. 7 point 4 of the aforementioned Act - is Inkaso Kredytowe Sp. z o.o., deciding on the purposes and means of processing personal data, i.e. the entity at whose disposal the data is located and which has decision-making power over them. The data administrator, including in some cases Inkaso Kredytowe Sp. z o.o., may also entrust their processing to an entity dealing with debt recovery by means of a contract concluded in writing pursuant to art. 31 of the Act on the Protection of Personal Data. The necessary elements of this contract are to determine the purpose for which the entity entrusted with the processing of data may process it and the scope of data entrusted for processing. This entity may process data only to the extent and for the purpose provided for in the contract. Entrusting data processing on the basis of a contract referred to in art. 31 of the Act, for the purpose specified therein, is a legally permissible activity and does not constitute an unauthorized disclosure of data by their administrator to another entity. Also acting through an attorney appointed pursuant to art. 95 of the Act of April 23, 1964 - Civil Code, does not constitute a violation of law. Such an action finds a legal basis in the premise indicated in art. 23 clause 1 point 2 of the Act on the protection of personal data, according to which the processing of data is permissible if it is necessary for the exercise of the right or the obligation under the law. The essence of the power of attorney is the submission by the principal of a declaration of intent, the content of which is the authorization of a specific person to perform legal acts specified in the power of attorney on behalf of and with the legal effect.
In the context of the legality of sharing personal data, Inkaso Kredytowe Sp. z o.o. receivables should also pay attention to the provisions of the Civil Code, and in particular to Article 509 relating to the assignment of claims. This provision stipulates that the creditor may, without the debtor's consent, transfer the claim to a third party (transfer), unless it would be contrary to the law, contractual reservation or liability (§ 1). Along with the purchase of receivables, they pass to the buyer (Inkaso Kredytowe Sp. z o.o.) all related rights, in particular claims for overdue interest (§ 2 of the abovementioned article).
Where do we get your data from?
We have obtained your data:
1. from the entity which concluded with Inkaso Kredytowe Sp. z o.o. contract for the provision of services for the recovery of debt (the entrustment contract used),
2. from the entity which concluded with Inkaso Kredytowe Sp. z o.o. assignment agreement (assignment agreement used),
3. from a third party partner / entity cooperating with Inkaso Kredytowe Sp. z o.o., who provided your personal data based on your consent,
4. from publicly available sources, e.g. from the National Court Register, Central Register and Information on Economic Activity or other similar sources.
Who is the administrator of your data?
It all depends on the type of services provided. In some cases, Inkaso Kredytowe Sp. z o.o. operates only from the processor level of your personal data, e.g. when it provides debt collection services at the request of other creditors. In such cases, the obligation to inform you how your personal data is processed lies with their Administrator. In other cases, it is Inkaso Kredytowe Sp. z o.o. is the Administrator of your data and is obliged to comply with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation).
Contact in case of Administered data by Inkaso Kredytowe Sp. z o.o .:
Inkaso Kredytowe Sp. z o.o. with its registered office in Warsaw at Aleje Jerozolimskie 123A, 02-017.
Przedsiębiorstwo Inkaso Kredytowe Sp. z o.o. appointed the Data Protection Inspector: Ms. Dominika Stachura.
Contact address for correspondence:
Personal Data Protection Inspector P. Dominika Stachura, Aleje Jerozolimskie 123A, 02-017 Warsaw.
E-mail address: firstname.lastname@example.org
What data do we process?
Your personal data is processed only in the scope of the implementation of a contractual relationship or business relationship management. These data are necessary to securely and properly identify you, and thus directly communicate with you. The period of processing your data results directly from the activities carried out and is limited by their duration. Inkaso Kredytowe Sp. z o.o. reserves the right to process special categories of personal data only if it is required to bring or defend legal claims.
What will we use your personal data for?
Inkaso Kredytowe Sp. z o.o. processes and protects your data in accordance with the provisions of the GDPR and applicable law. The processing of your data results from the need to perform a contract to which you or your company is a party, or to take action before the conclusion of the contract, at the request of you or the company you represent.
Who can we pass your data to?
Inkaso Kredytowe Sp. z o.o. is obliged each time to disclose your personal data to authorized public authorities in cases of counteracting, documenting as well as monitoring cases of fraud and crime as well as for the purposes of conducted activity - debt collection.
Inkaso Kredytowe Sp. z o.o. may transfer your personal data to enterprise service providers such as: government bodies, fiscal control and bailiffs. All these entities must have the right to come into possession of this data. The company also makes data available to legal representatives and companies providing postal services. Sharing this data is possible only through formal commercial relations with these entities.
We use the services of further processing entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects.
Employees and associates of Inkaso Kredytowe Sp. z o.o. also have access to your data. However, they have a formal, written confidentiality obligation. The scope of this data is closely matched and justified by the obligations performed by employees and associates.
Until when will we store your data?
Your personal data will be stored as long as it is necessary to perform the contract between you and Inkaso Kredytowe Sp. z o.o. or an agreement concluded by another entity on your behalf, and after that time for a period corresponding to the period of limitation of claims that may be raised by Inkaso Kredytowe Sp. z o.o. and which may be raised against Inkaso Kredytowe Sp. z o.o. If your personal data will be processed in order to fulfill the legal obligation incumbent on the administrator, personal data will be stored for the time necessary to fulfill this obligation. We will process data processed on the basis of consent until you withdraw this consent. If your personal data will be processed on the basis of the legitimate interest of the administrator, when the basis for this processing is the performance of the contract concluded with Inkaso Kredytowe Sp. z o.o. for your benefit, the data will be processed until the legitimate interest on which this processing is based has been fulfilled. If your personal data will be processed on the basis of the legitimate interest of the administrator, when the basis for this processing is direct marketing of your products and services, your personal data will be processed until you object. To secure business continuity and service of your debt, we back up data according to formalized policies, so your personal data may also be passively processed in backups.
Will I be included in the automatic decision-making process?
We will not use your personal data to automatically make decisions. Inkaso Kredytowe Sp. z o.o. as the Administrator of your personal data, it makes every effort to provide all means of physical, technical and organizational protection of personal data against their accidental or intentional destruction, accidental loss, alteration, unauthorized disclosure, use or access, in accordance with all applicable regulations.
For this specific purpose, Inkaso Kredytowe Sp. z o.o. engaged specialists in the field of GDPR and ISO 27001: 2015 to cooperate and made a full adjustment to the above-mentioned sets of standards for the processing of personal data.
Ladies and gentlemen,