Information on the personal data processing (Article 13 of the GDPR)

General information
 

Pursuant to Sections 19 and 20 of Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts (hereinafter referred to as the "PDA"), as well as pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation) (hereinafter referred to as the "GDPR"), we hereby inform you about the processed personal data.

Interpretation of some terms


Data Subject – any natural person whose personal data are processed;

Personal Data – means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;


Information system – is any organized set of personal data that is accessible according to specified criteria, regardless of whether the system is centralised, decentralised or distributed on a functional or geographical basis;


Controller – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; w

Processor – means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;


Consent of the data subject – means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

The Company reserves the right to verify persons at the beginning of a telephone conversation to ensure the correct identification of the person with whom the telephone conversation takes place, in order to prevent any disclosure of personal data to unauthorized persons.

Identification of the Controller:

EOS KSI Slovensko, s.r.o., Prievozská 2, 821 09 Bratislava, ID No.: 35 72 48 03

Contacts for the Data protection officer: +421 2 323 00 200 or email: ochranadat@eos-ksi.sk.

Purposes of processing:

Personal data is processed for the purpose of:

1. Preparation of contracts and related acts before concluding a contract
2. Conclusion of the contract and the exercise of rights and obligations arising from the contract
3. Performing activities related to the registration of receivables in the information system
4. Management of receivables for the purpose of their payment
5. Communication with the data subject who acts as the debtor of the receivable in relation to the Controller (telephone, postal and electronic communication)
6. Recording of telephone conversations in order to protect the interests of the creditor
7. CCTV monitoring for the purpose of protecting property and natural persons
8. Handling requests, complaints and claims
9. Improving services and communication with data subjects
10. Reporting and improving receivables management and improving service quality
11. Processing of payments and payments related to receivables
12. Provision of loans by the Controller
13. Compliance with obligations under AML legislation
14. Processes relating to Compliance Obligations
15. Protection of the legitimate interests of the Controller or a third party for whose benefit it performs the management of receivables
16. Application or defending legal claims, including litigation or non-contentious agenda or judicial, enforcement, bankruptcy, inheritance and criminal proceedings (hereinafter referred to as proving, exercising or defending legal claims)
17. Data and documentation archiving

Another purpose of personal data processing is the management of receivables in accordance with Section 13 (1) (f) of the PDA, Article 6 (1) (f) of the GDPR, which also includes the control of measures related to the collection of personal data optimized for you and the application and protection of the rights of the Controller. The processing of personal data is therefore necessary to protect our legitimate interests or to protect the legitimate interests of third parties.

Legal basis for processing:

The lawful processing of personal data for the above purposes is

(1) where the data subject has consented to the processing of his or her personal data for one or more specific purposes;

(2) the processing is necessary for the performance of a contract to which the data subject is a party, or for measures to be taken at the request of the data subject prior to the conclusion of the contract – pre-contractual relationships;

(3) the processing is necessary for compliance with a legal obligation of the Controller;

(4) the processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

In specific cases, special categories of personal data are also processed, in particular in cases where we request your consent pursuant to Article 9(2)(a) of the GDPR or in cases of processing that is necessary for the prooving, application or defence of legal claims, or at any time when courts exercise their jurisdiction pursuant to Article 9(2)(f) of the GDPR. In such cases, the processing of personal data is subject to increased protection of personal data and the Controller takes care to minimize this data and minimize the storage of this data.

If the legal basis is a legal obligation of the Controller, this obligation is based on the following legal regulations:

• Regulation (EU) 2016/679 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
• Act No. 233/1995 Coll. Act of the National Council of the Slovak Republic on Court Bailiffs and Enforcement Activities (Enforcement Code) and on Amendments to Other Acts
• Act No. 40/1964 Coll. Civil Code
• Act No. 129/2010 Coll. Act on Consumer Credits and on Other Credits and Loans for Consumers
• Act No. 160/2015 Coll. Code of Civil Procedure
• Act No. 161/2015 Coll. Civil Non-Contentious Code
• Act No. 513/1991 Coll. Commercial Code
• Act No. 297/2008 Coll. Act on the Protection against Money Laundering and on the Protection against the Financing of Terrorism and on the Amendment of Certain Acts (AML)
• Act No. 301/2005 Coll. Code of Criminal Procedure
• Act No. 595/2003 Coll. Income Tax Act
• Act No. 222/2004 Coll. Value Added Tax Act
• Act No. 452/2021 Coll. Act on Electronic Communications
• Act No. 431/2002 Coll. Accounting Act
• Act No. 395/2002 Coll. Act on Archives and Registries and on Amendments to Certain Acts

We process the following categories of personal data:

Identification data: in particular name, surname, title, date of birth, place of birth, birth number, identity card number, passport number, name of the statutory representative or Proxy, name, surname and position of the sales representative, name or first name of the legal representative, name and surname of the legal representative;

Contact details: in particular contact address, email, telephone number;

Contractual data: in particular the contract number, variable symbol, information on the verification of the debtor's creditworthiness;

Data relating to receivables: in particular the name or title of the original creditor, data relating to co-debtors, guarantors, claimants of pledged creditors, the amount of the loan, the total cost of the loan, the amount and number of payments, the amount of the instalment, interest and data linked to the preferential interest rate, the account number for granting the loan, information on the assigned unpaid receivable, but also data obtained from available registers or publicly available registers or sources;

Payment information: in particular the amount of payment, the number of payments, the instalments of accessories, the information provided by the data subject when paying the instalment;

Data archiving and retention: Personal data  which are part of documentation that was provided by the original creditor or client and which are archived.

Recipients:

In connection with the debt collection process, we will provide your personal data to these entities and, if necessary for the recovery of the claim, to other entities, in particular:

• The assignor of the receivable and the clients on whose behalf we administer the receivable,
• Credit Register,
• Delivery service providers,
• Court,
• Arbitration court,
• Court clerks,
• A representative law firm,
• A bailiff,
• Law enforcement authorities,
• Notary,
• Insolvency administrators,
• Auction companies,
• Financial Intelligence Unit;
• Tax Office,
• The Office for Personal Data Protection,
• National Bank of Slovakia(NBS),
• Municipalities and registry offices,
• Banks when verifying creditworthiness,
• the Ministry of Defence of the Slovak Republic in the legal verification activities of those interested in the service,
• the Ministry of the Interior of the Slovak Republic in the statutory verification activities of those interested in the service,
• To the contractual partner PORT, s.r.o.,
• IRON MOUNTAIN SLOVAKIA, s.r.o.,
• CRIF – Slovak Credit Bureau, s.r.o.

The Controller does not transfer personal data processed in connection with the above purposes to third countries and the processing is carried out in the Slovak Republic, within the European Union and the European Economic Area.

Storage period:

After the payment of the receivable, or after the end of the receivable recovery process, we check whether we still need your data and whether further storage is not in conflict with the statutory deadlines governing the retention period of personal data in order to maintain the principle of minimization of processing and minimization of data retention after the expiry of the three-year period.

However, the maximum length of data retention and archiving can be determined differently.

• If your personal data are processed as part of the fulfilment of the Controller's legal obligations, the relevant legal regulations specify the period during which the Controller is obliged to store your personal data and related documentation. We have already mentioned this legislation above.
• If your personal data is processed on the basis of the consent granted, the Controller will store personal data after the withdrawal of consent or after the expiry of the consent period only for the period necessary to prove, exercise or defend the Controller's legal claims.
• The same applies in the case of processing based on a contract or a legitimate interest. After the end of the purpose of processing, the part of the purpose of processing entitled: Archiving of data and documentation for the purposes of protecting the rights of the Controller and proving, exercising or defending legal claims as well as providing cooperation to the competent authorities takes place. The legal basis for the processing on the basis of which the relevant personal data was collected remains even in such a case.

The maximum retention period for data related to the performance of receivables management is 10 years from the date of obtaining the data, or from the termination of the contractual relationship, or from the termination of the case.

Rights of the data subject:

In the event that the conditions laid down by law are met, in accordance with § 19 et seq. of the ZOOU or Articles 15 to 22 of the GDPR

The following rights:

• the right to information as to whether and how the Controller processes personal data
• Right of access to personal data
• Right to rectification
• Right to erasure
• Right to restriction of processing
• the right to personal data portability, if the processing is based on consent or a contract and at the same time if it is carried out by automated means
• the right to withdraw the consent granted

At the same time, you have the right to object to processing that is carried out on the basis of Article 6(1)(f) of the GDPR.

Right to lodge a complaint with a supervisory authority:

If there are reasons for assuming that the processing of personal data is contrary to the law, you have the right to lodge a complaint with the Office for Personal Data Protection of the Slovak Republic in accordance with Section 100 et seq. of the PDA or Article 77 of the GDPR.

For the sake of completeness, we would like to state that EOS KSI Slovensko, s.r.o., as the Controller, carefully ensures that all persons who come into contact with personal data and their processing are knowledgeable and trained to comply with the Local Regulation, the Personal Data Protection Act and related regulations, while the company also takes care that there are no unauthorized interference with the rights and legally protected interests of clients.

Last update 26.11.2024