Privacy Policy

The purpose of this Privacy Policy is to describe how Creditinfo CEE a.s., reg. no. 27600297, with its registered office at Rohanské nábřeží 19, 186 00 Prague, Czechia (hereafter as “We”). processes personal data and what measures are implemented for the purpose of the Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation – “GDPR”), and also to demonstrate transparency of personal data processing.

Our Position

Our scope of business is to deliver software solutions for credit risk management including support and maintenance and hosting of these systems. Therefore, if we process any personal data, we are in position of processor according to GDPR and we process the data according to instructions of our clients.

Of course, regarding to our employees and contractors, applicants and others we are in position of controller.

Personal Data We May Collect

Within our software solution, our clients are able to collect various type of personal data which list is hereunder and therefore we may process some of the following:

  • Full name
  • Date of birth
  • Person Code (National ID)
  • Passport Number, Passport Issuer (Country)
  • Other ID numbers (Driving Licence, Foreign Unique ID, ID Card Number)
  • ID copies
  • Address
  • Company registration number
  • Business relationship
  • Relatives names
  • Number of children
  • Employment information
  • Financial information
  • Debt information
  • Tax information
  • Insurance
  • Citizenship
  • Nationality
  • Contacts (phone, e-mail)
  • IP address
  • Gender
  • Marital status
  • Social status
  • Education
  • Used supplies and services
  • Property
  • IBAN
  • E-mail

Legal Bases

As we are in position of processors of the above stated data, the controllers (our clients) are the ones who are responsible for having all data collected and processed on proper legal bases. We of course always try to make sure, that all the data are processed legally.

Where we are in a position of controller, we always process all personal data under proper legal bases according to GDPR.

Personal Data Security

Information and personal data security is on a first place and is a core issue for us and we approach it as such. We are ISO 27001 standard certified company and we have all necessary security measures implemented regarding either physical and technological point of view.

All the measures are implemented to mitigate any risk regarding information and personal data security.

We never transfer any personal data to third parties unless upon controllers’ request. If we are controllers, we only do so to our processors or in case it is our legal duty or to protect ours or others’ rights, property, or safety.

Sub-processors

We may use third parties to help us providing our services properly and as such they might be in a position of sub-processors. We always want our sub-processors to fulfill at least the same security conditions as we do, depending on the service they provide us.

Website Data Collection

We use data collected thru our site in the following ways:

  • For the purposes of application process
  • To ensure that content from our site is presented in the most effective manner for you and for your computer.
  • To provide you with information, products or services that you request from us or which we feel may interest you, but in this case only where you have consented to be contacted for such purposes.

Application form

If you use our application form on our site we will process your data only for the purposes of the job application (and during probation period so we can contact you in case the position becomes vacant again) and based on your consent one year after. Your data related to job application may be disclosed to our Group HR (within the EEA) under our internal application process.

IP Addresses

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. All these data are anonymized as it is statistical data about our users’ browsing actions and patterns and does not identify any individual.

Cookies

You can find details about cookies in our cookies policy.

Third Party Disclosure

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include website hosting partners and other parties who assist us in operating our website, so long as those parties agree to keep this information confidential.

Website data retention

All the personal data we collect are stored only for necessary time (the time we have a proper purpose for processing) and erased as soon as possible. None of the personal data collected from our website are stored for more than 14 months unless we need them to protect our legal interests, or they are processed on the bases of your still valid consent.

Data Subjects Rights

You have a number of rights in connection with personal data processing and the list of those is underneath. We have processes in place to ensure any of your requests shall be solved immediately. In case you would like to exercise any of your rights, please contact us (see the contacts below). Please note, that if we are in a position of processor, you may contact the controller directly.

Right to access: upon your request we will provide you with information about your personal data we are processing if any

Right to rectification: Please let us know if any of your data change or were filled incomplete and we shall correct it immediately

Right to be forgotten: We will erase all your data when the purpose for processing ceases or in case you withdraw your consent.

Right to restriction: We shall immediately restrict the processing of your personal data if any of the reasons under Art. 18 of the GDPR occurs.

Right to data portability: Please let us know if you want to exercise this right and we will provide you with the necessary output.

Right to object: Your right to object can be exercised if the processing is based on legitimate interest. In such case, we will immediately restrict the processing.

We would also like to inform you about your right to lodge a complaint with a supervisory authority.

Changes to Our Privacy Policy

Any changes we may make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email.

Contact

Questions, comments and requests regarding this Privacy Policy are welcomed and should be addressed to Creditinfo CEE a.s., reg. no. 27600297, with its registered office at Rohanské nábřeží 19, 186 00 Prague, Czechia or directly to our DPO.

Our DPO

Our DPO is: Jakub Burian, e-mail: dpociscz@creditinfo.com, phone: +420 737 437 308

Effective as of May 25, 2018.