What data do we mean?
Personal data is information about an identified or identifiable natural person. In the case of the e-KRUK system (hereinafter referred to as the "System"), these are data enabling your identification, in particular such as your first and last name, case number, PESEL number, e-mail address, as necessary to use the functionality of the System.
Personal Data Controller.
The controller of your data is KRUK S.A. with registered office in Wrocław (51-116), ul. Wołowska 8, KRS No. 0000240829.
You may address your query to any of the above-mentioned Controllers by sending it to KRUK S.A., ul. Wołowska 8, 51-116 Wrocław, or to the e-mail address email@example.com.
Data Protection Officer
We have appointed a Data Protection Officer whom you may contact for all matters relating to the processing of your personal data and your pertinent rights. You may write to him at the following address: Data Protection Officer, KRUK S.A. ul. Wołowska 8,
51-116 Wrocław, or contact the following e-mail address: firstname.lastname@example.org.
Why and on what basis do we process your personal data?
Your personal data is processed by us because it is necessary for the performance of the contract for the provision of electronic services, the conclusion of which involves your acceptance of the terms and conditions and use of the System, or to take action at your request prior to the conclusion of the aforementioned contract (Article 6(1)(b) GDPR).
Your personal data may be processed by us on the basis of a legitimate interest pursued by the controller (Article 6(1)(f) GDPR) for the following purposes:
We may also process your data in order to process your complaints, which is our obligation under the law (Article 6(1)(c) GDPR).
How long do we keep your personal data?
The duration of the Controller's processing of your personal data depends on the purpose of the processing. It results from:
In addition, we may retain your personal data to the extent necessary to pursue outstanding debts or in the event that we need to take action in relation to a breach of the rules of the System or generally applicable law.
In the above cases, personal data may also be stored after the deletion of the account in the System, but for no longer than the period of time needed to fulfil the above-mentioned purposes.
To whom may we pass your personal data?
When processing your personal data, we may use subcontractors acting on our behalf in the course of performing activities, in particular entities operating our IT systems providing ICT tools. Our subcontractors will only process data for the purposes we have specified above and only on our instructions. The transfer of data to these entities may take place from the moment you provide such data at the time of registration, and thereafter, for the duration of the time we keep data on your use of the System.
Your personal data may be made available to entities entitled to request them under the law, including in particular the judicial authorities or the President of the Personal Data Protection Office.
Do you have to give us your personal information?
Your provision of personal data is voluntary. To the extent that the processing of your personal data takes place for the purpose of entering into and performing a contract, the consequence of failing to do so will be that it will not be possible to enter into and perform the contract referred to above.
From whom may we receive your data?
In some situations, we obtain your personal data by means other than directly from you. Within the scope of our debt management activities, we most often obtain data from the original creditor on the basis of a debt assignment agreement.
Profiling and automated decision making
Please be informed that in the course of our activities your data will be processed by automated means, including profiling. Profiling means using your personal data to assess your preferences on how and when to contact you about the operation of the System.
Transfer of your personal data outside the European Economic Area (EEA)
We use suppliers and partners outside the EEA and it is therefore possible to transfer personal data to countries outside the EEA. Such transfer of personal data may take place on the basis of a decision stating the appropriate level of protection or subject to appropriate safeguards, Art. 45, 46 GDPR. Information on the EU Commission's adequacy decisions is available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
What rights do you have in relation to your data and how can you exercise them?
In our business, we ensure that you can exercise your rights under the GDPR.
Under the GDPR you have the right to:
You can also request:
Please note that, in accordance with the GDPR, we will not delete your personal data to the extent that its processing is necessary for us to establish, assert or defend our claims. On the other hand, if we restrict the processing of your data at your request, we will still be able to process your data to establish, assert or defend our claims.
If you wish to exercise the above rights, you may submit a request to us by:
You also have the right to lodge a complaint with the data protection supervisory authority, i.e. the President of the Office for Personal Data Protection.