Through activities in the area of personal data protection, KRUK S.A. ensures that relations with clients are based on respect for the principles of privacy, thus increasing confidence in the debt market and contributing to building greater public awareness on this subject.

At KRUK, we believe that ensuring transparent and reliable rules for the protection and processing of data of our clients, employees or contractors, as well as creating mechanisms for responding to violations of these rules, is not only our duty, but is an indispensable factor supporting the sustainable development of our company.

We attach great importance to providing clear and understandable terms involving the collection, use, sharing and retention of your personal data, including the transfer to third parties.

Each time we inform you about the purposes, time, scope and principles of processing your personal data, including the transfer of data to third parties, if it is necessary and in accordance with applicable law.

We obtain your personal data trough lawful and transparent means . We process your personal data in accordance with the law and for purposes that are legally permissible and predetermined, and in cases required by law, we always ask for your consent to the processing of personal data.

We always process your data in a manner consistent with the law. We also make sure that the third parties with whom we share personal data comply with the same standards of personal data protection that guide us. We take into account the protection of personal data in the design phase, which means that already at the stage of designing and implementing our services and systems, we take into account the principles of personal data protection and limit the collection, use and storage of data to the extent necessary to achieve the purposes of processing. When designing our services and systems, we use advanced methods and techniques to ensure the privacy and protection of your data.

We have implemented an effective data breach management system in accordance with Articles 33 and 34 of the GDPR. If we identify a breach of personal data security, we will take as fast as possible the necessary steps to minimize the effects of the breach and protect the rights and freedoms of data subjects. In accordance with the requirements of the GDPR, if we identify a high risk to these rights and freedoms, we notify the relevant supervisory authorities of the breach in accordance with the terms indicated in GDPR, and, if it may have a significant impact on the rights and freedoms of natural persons – also those affected by the breach.

We will inform you of any material changes to our privacy policy by posting a notice on our website or, if it concerns you directly, by sending you a notice by e-mail or post.

From 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), referred to as GDPR, shall apply. Therefore, we would like to inform you that you have certain rights related to the processing of your personal data by us.

Information about the processing of your personal data can be found below if you are:

• A customer
• A person submitting a complaint, inquiry or GDPR request
• An attorney, legal guardian or tutor
• A job candidate
• Our employee
• Our former employee
• A business partner, contractor, supplier or employee of a contractor or supplier
• A person buying a property from us, interested in property offers
• An investor receiving our newsletter
• A visitor to our website
• An user of e-kruk.pl
• A person who has submitted a request under Article 15 et al. GDPR or a complaint to President of the Personal Data Protection Office
• A social media user
• A person not included in the above list