logo

What data do we mean?

Personal data is information about an identified or identifiable natural person. In the case of the e-KRUK system (hereinafter referred to as the "System"), these are data enabling your identification, in particular such as your first and last name, case number, PESEL number, e-mail address, as necessary to use the functionality of the System.

Personal Data Controller.

The controller of your data is KRUK S.A. with registered office in Wrocław (51-116), ul. Wołowska 8, KRS No. 0000240829. 

You may address your query to any of the above-mentioned Controllers by sending it to KRUK S.A., ul. Wołowska 8, 51-116 Wrocław, or to the e-mail address info@kruksa.pl.

Data Protection Officer

We have appointed a Data Protection Officer whom you may contact for all matters relating to the processing of your personal data and your pertinent rights. You may write to him at the following address: Data Protection Officer, KRUK S.A. ul. Wołowska 8,
51-116 Wrocław, or contact the following e-mail address: dpo@kruksa.pl.

Why and on what basis do we process your personal data?

Your personal data is processed by us because it is necessary for the performance of the contract for the provision of electronic services, the conclusion of which involves your acceptance of the terms and conditions and use of the System, or to take action at your request prior to the conclusion of the aforementioned contract (Article 6(1)(b) GDPR).

Your personal data may be processed by us on the basis of a legitimate interest pursued by the controller (Article 6(1)(f) GDPR) for the following purposes:

  • Handling your requests and enquiries by receiving and dealing with them;
  • Studying the quality of our services, consisting of an assessment of your satisfaction with our handling of your case and a check on whether the actions we take are carried out correctly;
  • Researching your preferences, including through profiling, by tailoring the way you are contacted;
  • Handling competitions.

We may also process your data in order to process your complaints, which is our obligation under the law (Article 6(1)(c) GDPR).

How long do we keep your personal data?

The duration of the Controller's processing of your personal data depends on the purpose of the processing. It results from:

  • The period of time required to maintain an account in the System.
  • Service provision period.
  • Complaint handling period.
  • Competition service period.
  • Relevant legislation.

In addition, we may retain your personal data to the extent necessary to pursue outstanding debts or in the event that we need to take action in relation to a breach of the rules of the System or generally applicable law.

In the above cases, personal data may also be stored after the deletion of the account in the System, but for no longer than the period of time needed to fulfil the above-mentioned purposes.
 

To whom may we pass your personal data?

When processing your personal data, we may use subcontractors acting on our behalf in the course of performing activities, in particular entities operating our IT systems providing ICT tools. Our subcontractors will only process data for the purposes we have specified above and only on our instructions. The transfer of data to these entities may take place from the moment you provide such data at the time of registration, and thereafter, for the duration of the time we keep data on your use of the System.

Your personal data may be made available to entities entitled to request them under the law, including in particular the judicial authorities or the President of the Personal Data Protection Office.

Do you have to give us your personal information?

Your provision of personal data is voluntary. To the extent that the processing of your personal data takes place for the purpose of entering into and performing a contract, the consequence of failing to do so will be that it will not be possible to enter into and perform the contract referred to above.

From whom may we receive your data?

In some situations, we obtain your personal data by means other than directly from you. Within the scope of our debt management activities, we most often obtain data from the original creditor on the basis of a debt assignment agreement.

Profiling and automated decision making

Please be informed that in the course of our activities your data will be processed by automated means, including profiling. Profiling means using your personal data to assess your preferences on how and when to contact you about the operation of the System.

Transfer of your personal data outside the European Economic Area (EEA)

We use suppliers and partners outside the EEA and it is therefore possible to transfer personal data to countries outside the EEA. Such transfer of personal data may take place on the basis of a decision stating the appropriate level of protection or subject to appropriate safeguards, Art. 45, 46 GDPR. Information on the EU Commission's adequacy decisions is available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

What rights do you have in relation to your data and how can you exercise them?

In our business, we ensure that you can exercise your rights under the GDPR.

Under the GDPR you have the right to:

  • Receive information about our processing of your personal data and a copy of it,
  • Transfer the personal data provided by you in connection with the conclusion of a contract or processed by us on the basis of your consent,
  • Object to the processing of your personal data (request to stop processing your personal data), in particular on grounds relating to your particular situation. Exercising the right to object generally prevents the processing of your data. Please note, however, that this effect will not occur where we demonstrate that there are valid, legitimate grounds for their processing overriding the grounds for objection, or we demonstrate that there are grounds for establishing, asserting or defending our claims that we have against you.

You can also request:

  • Correction of your data if we have incorrect data, e.g. outdated or incomplete data,
  • Erasure of your data ("right to be forgotten") when: the data are no longer necessary for the purposes for which they were collected or otherwise processed; the data will be unlawfully processed; the obligation to erase your data arises from the provisions of the law; you object to the processing of your data; you withdraw your consent to the processing of your data.
  • Restriction of the processing of your personal data, i.e. mark your stored personal data to limit future processing, where: you question the accuracy of your personal data - for a period of time to allow us to check the accuracy of the data; the processing is unlawful but you do not want it deleted; you no longer need the data but need it to defend or assert your claims; you object to the processing of your data - until it is determined whether the legitimate grounds for processing override the reasons for the objection.

Please note that, in accordance with the GDPR, we will not delete your personal data to the extent that its processing is necessary for us to establish, assert or defend our claims. On the other hand, if we restrict the processing of your data at your request, we will still be able to process your data to establish, assert or defend our claims.

If you wish to exercise the above rights, you may submit a request to us by:

  • e-mail to: info@kruksa.pl
  • telephone by calling: 800 700 020
  • post to the following address: KRUK S.A., ul. Wołowska 8, 51-116 Wrocław
  • in person, when contacting our advisor or at KRUK S.A.'s registered office in Wrocław at ul. Wołowska 8.

You also have the right to lodge a complaint with the data protection supervisory authority, i.e. the President of the Office for Personal Data Protection.

Back to top