logo

What data do we mean?

Personal data is information about an identified or identifiable natural person. It is therefore primarily about data that identifies you, including your name, place of birth, parents' names, numerical identification data such as: PESEL, NIP, Regon, identity card number and series, address and contact details, e.g. telephone number, e-mail address and, in the case of an electronic signature, biometric data uniquely identifying the natural person necessary for the electronic signature when concluding a settlement with you using a tablet, such as position on the screen, pressure force, time of signing, movements of the pen over the screen. Where we process your data for debt collection purposes, this will also include information about payments made and information about your financial and asset situation that is necessary for this purpose, such as: sources and amount of income, assets, including owned real estate and movable property.

Personal Data Controller.

Your personal data is controlled by individual KRUK Group entities, depending on which of these entities you are indebted to, with which you have entered into an agreement or to which you have given your consent to the processing of your data. These may include:

• KRUK S.A. with its registered office in Wrocław (51-116), ul. Wołowska 8,
• PROKURA Niestandaryzowany Sekurytyzacyjny Fundusz Inwestycyjny Zamknięty with registered office in Wrocław (51-116), ul. Wołowska 8, phone (+48) 71 790 61 61,
• P.R.E.S.C.O. Investment I Niestandaryzowany Sekurytyzacyjny Fundusz Inwestycyjny Zamknięty with its registered office in Wrocław (51-116), ul. Wołowska 8,
• Bison Niestandaryzowany Sekurytyzacyjny Fundusz Inwestycyjny Zamknięty with its registered office in Wrocław (51-116), ul. Wołowska 8,
• Presco Investments S.a.r.l. with its registered office in Luxembourg, 15 Boulevard F.W. Raiffeisen L-2411 Luxembourg,
• SeCapital S.a.r.l. with its registered office in Luxembourg, 1B rue Jean Piret, L-2350 Luxembourg. 

You may address your query to any of the above-mentioned Controllers by sending it to KRUK S.A., ul. Wołowska 8, 51-116 Wrocław, or to the e-mail address info@kruksa.pl.

Data Protection Officer

We have appointed a Data Protection Officer whom you may reach for all matters concerning the processing of your personal data and your rights in this regard. You may write to him at the following address: Data Protection Officer, KRUK S.A. ul. Wołowska 8, 51-116 Wrocław, or contact by e-mail: dpo@kruksa.pl. 

Why and on what basis do we process your personal data?

Your personal data may be processed by us on the basis of a legitimate interest pursued by the controller (Article 6(1)(f) GDPR) for the following purposes:

  • debt recovery, consisting of establishing and enforcing claims amicably and through court and enforcement proceedings;
  • handling your requests and enquiries by receiving and dealing with them; 
  • studying the quality of our services, consisting of an assessment of your satisfaction with our handling of your case and a check on whether the actions we take are carried out correctly;
  • studying your preferences, including through profiling, by tailoring the way in which you are contacted and selecting the optimal offer and debt repayment method for you.
  • • valuation of receivables offered to the administrator for purchase by the seller of receivables (process of valuation of receivables offered for purchase) for the period necessary to achieve the goal.
  • • verifying whether you are a natural person, a natural person conducting business activity, a natural person who is a representative or real beneficiary of a company entered on national and international sanction lists, against whom restrictive measures are applied on the basis of national and international law in connection with the regulations in force at the Controller

We may also process your data for the following purposes: 

  • marketing, in particular for the purpose of making you an offer related to your finances, where you have given us your voluntary consent to do so; the legal basis for the processing is therefore your consent (Article 6(1)(a) GDPR);
  • taking action prior to the conclusion of a contract or when this is necessary for the conclusion and performance of a contract concluded with you, including the use of biometric data that allow us to uniquely identify your electronic signature when concluding a settlement using a tablet (Article 6(1)(b) GDPR);
  • storing information for tax and accounting purposes, which is our obligation under the law (Article 6(1)(c) GDPR); 
  • processing your complaints, which is our obligation under the law (Article 6(1)(c) GDPR);
  • fulfilling our legal obligations under anti-money laundering and counter-terrorist financing legislation (Article 6(1)(c) GDPR).

How long do we keep your personal data?

The duration of the Controller's processing of your personal data depends on the purpose of the processing. In the case of debt recovery, it usually arises from: 

  • the deadline for repayment of the debt in full or termination of debt collection for other reasons, e.g. because the court has validly dismissed our demands for repayment, 
  • the duration of the contract, if any, 
  • the period of limitation for claims relating to the recovery of debts or arising from the concluded contract
  • the requirements of common law (e.g. 5-year obligation to keep accounting documents counting from the closure of the fiscal year).

If you have given your consent to the processing of personal data, e.g. for the purpose of marketing products and services, your personal data will be processed until you withdraw it. 

To whom may we pass your personal data?

Your data is processed by KRUK S.A. with its registered office in Wrocław (51-116), ul. Wołowska 8, which manages the receivables of all KRUK Group entities on the basis of a personal data processing agreement within the meaning of Article 28 GDPR, and by its subcontractors.

Your data may be shared with entities that support the debt recovery process, such as law firms, notary's offices, bailiff's offices, document storage and archiving companies, business information agencies, detective agencies, telephone number offices, telecommunications operators, IT, ICT and cloud service providers, postal and courier service providers, real estate offices, real estate brokers, property managers, municipal and local government offices, tax offices, as well as other authorities and entities, if the obligation to provide data results from legal provisions, such as: General Inspector of Financial Information (GIFI), National Revenue Administration (KAS), Office of the Polish Financial Supervision Authority (UKNF), as well as our consultants or auditors.

KRUK S.A. may transfer your personal data to other KRUK Group entities to the extent that it is authorised or obliged to do so by law, including in particular anti-money laundering and counter-terrorist financing regulations.

Do you have to give us your personal information?

Your provision of personal data is voluntary. To the extent that the processing of your personal data takes place for the purpose of entering into and performing a contract, the consequence of failing to do so will be that it will not be possible to enter into and perform the contract.

From whom may we receive your data?

In some situations, we obtain your personal data by means other than directly from you. Within the scope of our debt management activities, we most often obtain data from the original creditor on the basis of a debt assignment agreement. 

Your personal data may be provided to us by the seller of receivables in the process of valuation of receivables offered for purchase.

As we are obliged to keep your data up-to-date, it may be updated on the basis of information obtained from publicly available databases, such as the KRS, CEiDG, GUS, CRBP, land and mortgage registers, telephone number offices, publicly available websites, the Centre for Personalisation of Documents of the Ministry of Internal Affairs and Administration (MSWiA) - upon demonstration of a legal interest, and on the basis of findings made by our advisers, e.g. as a result of field visits to your place of residence or findings made by detective agencies in the event that they are commissioned with such a service.  
In the event that enforcement proceedings for your debt have been initiated or are pending, we may also obtain or update your data on the basis of information received from bailiffs in connection with the enforcement proceedings. There are cases where we receive your data from people who were given as contact persons in the original creditor. 

In the above cases, we generally obtain the following categories of your personal data: name, address and contact details, numerical identification data (such as: PESEL, NIP, Regon, identity card number and series), information on the debt (such as the amount, components and title of the debt), information on the course of debt collection (including agreements concluded, complaints lodged, court and enforcement proceedings), information on payments made, information on securities for debt repayment, information on the financial and asset situation (such as sources and amount of income, assets, including real estate and movable property owned).

Profiling and automated decision making

Please be informed that in the course of our activities your data will be processed by automated means, including profiling. Profiling means using your personal data to assess your preferences as to how and when you would like to be contacted regarding repayment of your debt, e.g. whether you would like to be contacted by telephone (and at what times), in person or only by letter, to tailor an optimal repayment offer for you, e.g. whether and how much you would be interested in repaying your debt in instalments, and to analyse how to pursue repayment of your debt, i.e. amicably or through court and enforcement proceedings.

Decisions about the spreading of your debt into instalments made also be made by automated means. Such decisions will be made in this way after obtaining your consent and on the basis of the number and amount of instalments declared by you and the date of payment of the first instalment. Based on this information and the conditions set out in the IT system under which, in our assessment, your debt can be spread into instalments, a decision is made to offer or refuse to offer a settlement or other instalment product. 

Remember, however, that in such a situation you have the right to obtain an intervention and to notify us of your position on the decision concerning the instalment of the debt. You can therefore disagree with the automatic decision made in your case by submitting a complaint, which will be reviewed by our decision maker. 

Transfer of your personal data outside the European Economic Area (EEA)

We use suppliers and partners outside the EEA and it is therefore possible to transfer personal data to countries outside the EEA. Such transfer of personal data may take place on the basis of a decision stating the appropriate level of protection or subject to appropriate safeguards, Art. 45, 46 GDPR. Information on the EU Commission's adequacy decisions is available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

What rights do you have in relation to your data and how can you exercise them?

In our business, we ensure that you can exercise your rights under the GDPR. 
Under the GDPR you have the right to:

  • Receive information about our processing of your personal data and a copy of it,  
  • Transfer the personal data provided by you in connection with the conclusion of a contract or processed by us on the basis of your consent, 
  • Object to the processing of your personal data (request to stop processing your personal data), in particular on grounds relating to your particular situation. Exercising the right to object generally prevents the processing of your data. Please note, however, that this effect will not occur where we demonstrate that there are valid, legitimate grounds for their processing overriding the grounds for objection, or we demonstrate that there are grounds for establishing, asserting or defending our claims that we have against you.

You can also request: 

  • Correction of your data if we have incorrect data, e.g. outdated or incomplete data,
  • Erasure of your data ("right to be forgotten") when: the data are no longer necessary for the purposes for which they were collected or otherwise processed; the data will be unlawfully processed; the obligation to erase your data arises from the provisions of the law; you object to the processing of your data; you withdraw your consent to the processing of your data.
  • Restriction of the processing of your personal data, i.e. mark your stored personal data to limit future processing, where: you question the accuracy of your personal data - for a period of time to allow us to check the accuracy of the data; the processing is unlawful but you do not want it deleted; you no longer need the data but need it to defend or assert your claims; you object to the processing of your data - until it is determined whether the legitimate grounds for processing override the reasons for the objection. 

Please note that, in accordance with the GDPR, we will not delete your personal data to the extent that its processing is necessary for us to establish, assert or defend our claims, e.g. a request for payment of a debt, or we have a legal obligation to process it, e.g. an obligation to keep accounting documents. If, on the other hand, we restrict the processing of your data at your request, we will still be able to process your data to establish, assert or defend our claims. 

Where your consent is the basis for the processing of your personal data, you may withdraw it at any time. However, this will not affect the lawfulness of the Company's use of your data prior to the withdrawal of such consent.

If you wish to exercise the above rights, you may submit a request to us by: 

   • e-mail to: info@kruksa.pl
   • by telephone by calling: 800 700 020
   • by post to the following address: KRUK S.A., ul. Wołowska 8, 51-116 Wrocław
   • in person, when contacting our advisor or at KRUK S.A.'s registered office in Wrocław at ul. Wołowska 8.

You also have the right to lodge a complaint with the data protection supervisory authority, i.e. the President of the Office for Personal Data Protection. 

 

Back to top