Our scope of business is to deliver software solutions for credit risk management including support and maintenance and hosting of these systems. Therefore, if we process any personal data, we are in position of processor according to GDPR and we process the data according to instructions of our clients.
Of course, regarding to our employees and contractors, applicants and others we are in position of controller.
Personal Data We May Collect
Within our software solution, our clients are able to collect various type of personal data which list is hereunder and therefore we may process some of the following:
- Full name
- Date of birth
- Person Code (National ID)
- Passport Number, Passport Issuer (Country)
- Other ID numbers (Driving Licence, Foreign Unique ID, ID Card Number)
- ID copies
- Company registration number
- Business relationship
- Relatives names
- Number of children
- Employment information
- Financial information
- Debt information
- Tax information
- Contacts (phone, e-mail)
- IP address
- Marital status
- Social status
- Used supplies and services
As we are in position of processors of the above stated data, the controllers (our clients) are the ones who are responsible for having all data collected and processed on proper legal bases. We of course always try to make sure, that all the data are processed legally.
Where we are in a position of controller, we always process all personal data under proper legal bases according to GDPR.
Personal Data Security
Information and personal data security is on a first place and is a core issue for us and we approach it as such. We are ISO 27001 standard certified company and we have all necessary security measures implemented regarding either physical and technological point of view.
All the measures are implemented to mitigate any risk regarding information and personal data security.
We never transfer any personal data to third parties unless upon controllers’ request. If we are controllers, we only do so to our processors or in case it is our legal duty or to protect ours or others’ rights, property, or safety.
We may use third parties to help us providing our services properly and as such they might be in a position of sub-processors. We always want our sub-processors to fulfill at least the same security conditions as we do, depending on the service they provide us.
Website Data Collection
We use data collected thru our site in the following ways:
- For the purposes of application process
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, but in this case only where you have consented to be contacted for such purposes.
If you use our application form on our site we will process your data only for the purposes of the job application (and during probation period so we can contact you in case the position becomes vacant again) and based on your consent one year after. Your data related to job application may be disclosed to our Group HR (within the EEA) under our internal application process.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. All these data are anonymized as it is statistical data about our users’ browsing actions and patterns and does not identify any individual.
You can find details about cookies in our cookies policy.
Third Party Disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include website hosting partners and other parties who assist us in operating our website, so long as those parties agree to keep this information confidential.
Website data retention
All the personal data we collect are stored only for necessary time (the time we have a proper purpose for processing) and erased as soon as possible. None of the personal data collected from our website are stored for more than 14 months unless we need them to protect our legal interests, or they are processed on the bases of your still valid consent.
Data Subjects Rights
You have a number of rights in connection with personal data processing and the list of those is underneath. We have processes in place to ensure any of your requests shall be solved immediately. In case you would like to exercise any of your rights, please contact us (see the contacts below). Please note, that if we are in a position of processor, you may contact the controller directly.
Right to access: upon your request we will provide you with information about your personal data we are processing if any
Right to rectification: Please let us know if any of your data change or were filled incomplete and we shall correct it immediately
Right to be forgotten: We will erase all your data when the purpose for processing ceases or in case you withdraw your consent.
Right to restriction: We shall immediately restrict the processing of your personal data if any of the reasons under Art. 18 of the GDPR occurs.
Right to data portability: Please let us know if you want to exercise this right and we will provide you with the necessary output.
Right to object: Your right to object can be exercised if the processing is based on legitimate interest. In such case, we will immediately restrict the processing.
We would also like to inform you about your right to lodge a complaint with a supervisory authority.
Our DPO is: Jakub Burian, e-mail: firstname.lastname@example.org, phone: +420 737 437 308
Effective as of May 25, 2018.