What data do we mean?
Personal data is information about an identified or identifiable natural person. It is therefore primarily about data that identifies you, including your name, place of birth, parents' names, numerical identification data such as: PESEL, NIP, Regon, identity card number and series, address and contact details, e.g. telephone number, e-mail address and, in the case of an electronic signature, biometric data uniquely identifying the natural person necessary for the electronic signature when concluding a settlement with you using a tablet, such as position on the screen, pressure force, time of signing, movements of the pen over the screen. Where we process your data for debt collection purposes, this will also include information about payments made and information about your financial and asset situation that is necessary for this purpose, such as: sources and amount of income, assets, including owned real estate and movable property.
Personal Data Controller.
Your personal data is controlled by individual KRUK Group entities, depending on which of these entities you are indebted to, with which you have entered into an agreement or to which you have given your consent to the processing of your data. These may include:
• KRUK S.A. with its registered office in Wrocław (51-116), ul. Wołowska 8,
• PROKURA Niestandaryzowany Sekurytyzacyjny Fundusz Inwestycyjny Zamknięty with registered office in Wrocław (51-116), ul. Wołowska 8, phone (+48) 71 790 61 61,
• P.R.E.S.C.O. Investment I Niestandaryzowany Sekurytyzacyjny Fundusz Inwestycyjny Zamknięty with its registered office in Wrocław (51-116), ul. Wołowska 8,
• Bison Niestandaryzowany Sekurytyzacyjny Fundusz Inwestycyjny Zamknięty with its registered office in Wrocław (51-116), ul. Wołowska 8,
• Presco Investments S.a.r.l. with its registered office in Luxembourg, 15 Boulevard F.W. Raiffeisen L-2411 Luxembourg,
• SeCapital S.a.r.l. with its registered office in Luxembourg, 1B rue Jean Piret, L-2350 Luxembourg.
You may address your query to any of the above-mentioned Controllers by sending it to KRUK S.A., ul. Wołowska 8, 51-116 Wrocław, or to the e-mail address info@kruksa.pl.
Data Protection Officer
We have appointed a Data Protection Officer whom you may reach for all matters concerning the processing of your personal data and your rights in this regard. You may write to him at the following address: Data Protection Officer, KRUK S.A. ul. Wołowska 8, 51-116 Wrocław, or contact by e-mail: dpo@kruksa.pl.
Why and on what basis do we process your personal data?
Your personal data may be processed by us on the basis of a legitimate interest pursued by the controller (Article 6(1)(f) GDPR) for the following purposes:
We may also process your data for the following purposes:
How long do we keep your personal data?
The duration of the Controller's processing of your personal data depends on the purpose of the processing. In the case of debt recovery, it usually arises from:
If you have given your consent to the processing of personal data, e.g. for the purpose of marketing products and services, your personal data will be processed until you withdraw it.
To whom may we pass your personal data?
Your data is processed by KRUK S.A. with its registered office in Wrocław (51-116), ul. Wołowska 8, which manages the receivables of all KRUK Group entities on the basis of a personal data processing agreement within the meaning of Article 28 GDPR, and by its subcontractors.
Your data may be shared with entities that support the debt recovery process, such as law firms, notary's offices, bailiff's offices, document storage and archiving companies, business information agencies, detective agencies, telephone number offices, telecommunications operators, IT, ICT and cloud service providers, postal and courier service providers, real estate offices, real estate brokers, property managers, municipal and local government offices, tax offices, as well as other authorities and entities, if the obligation to provide data results from legal provisions, such as: General Inspector of Financial Information (GIFI), National Revenue Administration (KAS), Office of the Polish Financial Supervision Authority (UKNF), as well as our consultants or auditors.
KRUK S.A. may transfer your personal data to other KRUK Group entities to the extent that it is authorised or obliged to do so by law, including in particular anti-money laundering and counter-terrorist financing regulations.
Do you have to give us your personal information?
Your provision of personal data is voluntary. To the extent that the processing of your personal data takes place for the purpose of entering into and performing a contract, the consequence of failing to do so will be that it will not be possible to enter into and perform the contract.
From whom may we receive your data?
In some situations, we obtain your personal data by means other than directly from you. Within the scope of our debt management activities, we most often obtain data from the original creditor on the basis of a debt assignment agreement.
Your personal data may be provided to us by the seller of receivables in the process of valuation of receivables offered for purchase.
As we are obliged to keep your data up-to-date, it may be updated on the basis of information obtained from publicly available databases, such as the KRS, CEiDG, GUS, CRBP, land and mortgage registers, telephone number offices, publicly available websites, the Centre for Personalisation of Documents of the Ministry of Internal Affairs and Administration (MSWiA) - upon demonstration of a legal interest, and on the basis of findings made by our advisers, e.g. as a result of field visits to your place of residence or findings made by detective agencies in the event that they are commissioned with such a service.
In the event that enforcement proceedings for your debt have been initiated or are pending, we may also obtain or update your data on the basis of information received from bailiffs in connection with the enforcement proceedings. There are cases where we receive your data from people who were given as contact persons in the original creditor.
In the above cases, we generally obtain the following categories of your personal data: name, address and contact details, numerical identification data (such as: PESEL, NIP, Regon, identity card number and series), information on the debt (such as the amount, components and title of the debt), information on the course of debt collection (including agreements concluded, complaints lodged, court and enforcement proceedings), information on payments made, information on securities for debt repayment, information on the financial and asset situation (such as sources and amount of income, assets, including real estate and movable property owned).
Profiling and automated decision making
Please be informed that in the course of our activities your data will be processed by automated means, including profiling. Profiling means using your personal data to assess your preferences as to how and when you would like to be contacted regarding repayment of your debt, e.g. whether you would like to be contacted by telephone (and at what times), in person or only by letter, to tailor an optimal repayment offer for you, e.g. whether and how much you would be interested in repaying your debt in instalments, and to analyse how to pursue repayment of your debt, i.e. amicably or through court and enforcement proceedings.
Decisions about the spreading of your debt into instalments made also be made by automated means. Such decisions will be made in this way after obtaining your consent and on the basis of the number and amount of instalments declared by you and the date of payment of the first instalment. Based on this information and the conditions set out in the IT system under which, in our assessment, your debt can be spread into instalments, a decision is made to offer or refuse to offer a settlement or other instalment product.
Remember, however, that in such a situation you have the right to obtain an intervention and to notify us of your position on the decision concerning the instalment of the debt. You can therefore disagree with the automatic decision made in your case by submitting a complaint, which will be reviewed by our decision maker.
Transfer of your personal data outside the European Economic Area (EEA)
We use suppliers and partners outside the EEA and it is therefore possible to transfer personal data to countries outside the EEA. Such transfer of personal data may take place on the basis of a decision stating the appropriate level of protection or subject to appropriate safeguards, Art. 45, 46 GDPR. Information on the EU Commission's adequacy decisions is available here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
What rights do you have in relation to your data and how can you exercise them?
In our business, we ensure that you can exercise your rights under the GDPR.
Under the GDPR you have the right to:
You can also request:
Please note that, in accordance with the GDPR, we will not delete your personal data to the extent that its processing is necessary for us to establish, assert or defend our claims, e.g. a request for payment of a debt, or we have a legal obligation to process it, e.g. an obligation to keep accounting documents. If, on the other hand, we restrict the processing of your data at your request, we will still be able to process your data to establish, assert or defend our claims.
Where your consent is the basis for the processing of your personal data, you may withdraw it at any time. However, this will not affect the lawfulness of the Company's use of your data prior to the withdrawal of such consent.
If you wish to exercise the above rights, you may submit a request to us by:
• e-mail to: info@kruksa.pl
• by telephone by calling: 800 700 020
• by post to the following address: KRUK S.A., ul. Wołowska 8, 51-116 Wrocław
• in person, when contacting our advisor or at KRUK S.A.'s registered office in Wrocław at ul. Wołowska 8.
You also have the right to lodge a complaint with the data protection supervisory authority, i.e. the President of the Office for Personal Data Protection.