Information clause for Partners, Suppliers and their representatives

Basic information on the processing of your personal data by a KRUK Group entity pursuant to Article 13(1) and (2) and Article 14(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th 2016 on the protection of natural persons with regard  to
the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the "GDPR").

What data are we talking about?

Personal data is information about an identified or identifiable natural person. First of all, these are data that allow you to be identified, such as: name and surname; contact details: phone number, email address; official position; data on the conducted business activity.

Personal data administrator

The controller of your personal data is the KRUK Group entity with which you have a legal or factual relationship, including in particular employment with the Partner/Supplier,
serving in the Partner's/Supplier's governing bodies and representing the Partner/Supplier. This entity may be:

• KRUK S.A., with its registered office in Wrocław (53-612), 3 Bolkowska Street,
• PROKURA Non-Standardized Debt Fund Closed-End Investment Fund (formerly: Prokura NS FIZ) with its registered office in Wrocław (53-612), 3 Bolkowska Street,
• Presco Non-standardized Debt Fund Closed-End Investment Fund (formerly: P.R.E.S.C.O. Investment I NS FIZ) with its registered office in Wrocław (53-612), 3 Bolkowska Street,
• Bison Non-Standardized Debt Fund Closed-End Investment Fund (formerly: Bison NS FIZ) with its registered office in Wrocław (53-612), 3 Bolkowska Street,
• KRUK Towarzystwo Funduszy Inwestycyjnych S.A. of Wrocław (53-612), 3 Bolkowska Street,
• Raven P. Krupa Law Firm Limited Partnership with its registered office in Wrocław (53-612), 3 Bolkowska Street.

You  can send an inquiry to each of the Controllers by  sending it to the address indicated above or to the info@kruksa.pl e-mail box, indicating the name of the KRUK Group entity
about which you are contacting.

Data Protection Officer

We have appointed a Data Protection Officer who you can contact in all matters regarding the processing of your personal data and your rights in connection with it. You can contact to him at the following address: Data Protection Officer, 3 Bolkowska Street,
53-612 Wrocław, or contact him by e-mail: dpo@kruksa.pl indicating the name of the KRUK Group entity about which you are contacting.

Why and on what basis do we process your personal data?

Your personal data as a party to the contract and the person performing the contract, representative, proxy or contact person may be processed by us:

• to the extent necessary to conclude and perform the agreement between the Administrator and you as a Partner/Supplier being a party to the agreement (legal basis: Article 6(1)(b) of the GDPR), in other cases between the Administrator and you as a person who represents the Partner/Supplier or you are a contact person (legal basis: Article 6(1)(f) of the GDPR),
• in order to comply with legal obligations incumbent on the Controller (legal basis: Article 6(1)(c) of the GDPR), i.e. in order to counteract money laundering and terrorist financing – this is an obligation that results from the Act on Counteracting Money Laundering
  and Terrorist Financing (AML) and in order to apply the adopted accounting principles – this is an obligation that results from the provisions of the Accounting Act,
• in order to pursue the legitimate interests of the Administrator (legal basis: Article
  6(1)(f) of the GDPR), i.e.:

• preparing statistics and reports for our own needs and within a group of enterprises,
• handling complaints and establishing, pursuing or defending claims,
• ensures the safety of persons and property of the Administrator, including ensuring security within the entrusted tasks, in particular the prevention of abuse,
• verifying whether you are a natural person who is a representative or beneficial owner of a company entered on national and international sanctions lists, against which restrictive measures are applied under national and international law in connection with the regulations in force at the Administrator,

•  to carry out other activities, e.g. when we have your consent to the processing of data (legal basis: Article 6(1)(a) of the GDPR).

How long do we keep your personal data?

The period of processing of your personal data by the Administrator depends on the purpose of processing. In the case of a contract, it usually results from:

• the duration of the agreement,
• the period of limitation of claims arising from the agreement,
• requirements of generally applicable law (e.g.  5-year obligation to store accounting documents, counting from the closing of the tax year),
• the legitimate interests of the Administrator.

Who can we share your personal data with?

Your data may be shared with entities supporting our business, such as
KRUK Group companies, legal and accounting service providers, telecommunications operators, postal and courier service providers, entities supporting our IT infrastructure, our consultants or auditors, law enforcement authorities, and other authorities and entities, if the obligation to provide data arises from the provisions of law, such as: the General Inspector of Financial Information (GIIF), the National Tax Administration (KAS), the Office of the Polish Financial Supervision Authority (UKNF) and the Authority competent for the Central Register of Beneficial Owners.

Do you have to provide us with your personal data?

Providing your personal data is voluntary, but it is a necessary condition for the performance of the contract or taking action before the conclusion of the contract. If you do not provide personal data, it will not be possible to perform the contract or take action before the conclusion of the contract. 

Who can we receive your data from?

In general, we receive your data directly from you as a result of your provision of data
in the relevant contractual provisions. In some situations, we obtain your personal data in a way other than directly from you, e.g. someone else provides you as a contact person, e.g. regarding  the
performance of a contract.

Profiling and automated decision-making

Please be advised that as part of our business, your data will be processed in an automated manner, but not in the form of profiling. We do not make decisions about you by automated means.

Transfer of your personal data outside the European Economic Area (EEA)

We use suppliers and partners outside the EEA and it is therefore possible to transfer personal data to countries outside the EEA. Such transfer of personal data may take place on the basis of an adequacy decision or subject to appropriate safeguards (Articles 45, 46 of the GDPR). Information on the EU Commission's adequacy decisions is available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

What rights do you have in relation to your data and how can you exercise them?

In our business, we guarantee the possibility of exercising the rights resulting from the GDPR.

Under the GDPR, you have the right to:

• receive information about our data processing and a copy thereof (Article 15 of the GDPR),
• rectify data if it is incorrect, e.g. outdated or incomplete (Article 16 of the GDPR),
• delete data ("right to be forgotten"), in situations described in Article 17 of the GDPR,
• restriction of data processing (Article 18 of the GDPR),
• object (Article 21 of the GDPR),
• lodge a complaint with the supervisory authority dealing with the protection of personal data,
  i.e. the President of the Office for Personal Data Protection (Article 77 of the GDPR).

If the basis for the processing of your personal data is consent, you can withdraw it
at any time. However, this will not affect the lawfulness of the use of your data by the KRUK Group entity to which you gave your consent before the consent was withdrawn.

If you want to exercise the above rights, you can submit your request to us via:

• e-mail to the following address: info@kruksa.pl
• by phone by calling the number: 800 700 020
• by post to the following address: KRUK S.A., ul. Bolkowska 3, 53-612 Wrocław, indicating the name of the KRUK Group entity about which you are making contact.