Menu
FOR DEBTORS

GDPR

Who are we?

 

When pursuing their activities, the entities from BEST Capital Group take special care when processing personal data and act in accordance with the Good Business Practice of the Association of Financial Companies in Poland.

 

As the case may be, controllers or joint controllers of personal data are entities from BEST Capital Group (hereinafter: BEST CG), including:

 

· BEST I Niestandaryzowany Sekurytyzacyjny Fundusz Inwestycyjny Zamknięty, based in Gdynia, entered into the register of investment funds, kept by the District Court in Warsaw, 7th Civil Register Department, under no. 221 (hereinafter: BEST I);

· BEST II Niestandaryzowany Sekurytyzacyjny Fundusz Inwestycyjny Zamknięty, based in Gdynia, entered into the register of investment funds, kept by the District Court in Warsaw, 7th Civil Register Department, under no. 368 (hereinafter: BEST II);

· BEST III Niestandaryzowany Sekurytyzacyjny Fundusz Inwestycyjny Zamknięty, based in Gdynia, entered into the register of investment funds, kept by the District Court in Warsaw, 7th Civil Register Department, under no. 623 (hereinafter: BEST III);

· BEST IV Niestandaryzowany Sekurytyzacyjny Fundusz Inwestycyjny Zamknięty, based in Gdynia, entered into the register of investment funds, kept by the District Court in Warsaw, 7th Civil Register Department, under no. 1485 (hereinafter: BEST IV), (hereinafter jointly referred to as Funds and each separately as Fund), represented by BEST Towarzystwo Funduszy Inwestycyjnych S.A., based in Gdynia, ul. Łużycka 8A, entered in the register of businesses of the National Court Register, maintained by the District Court for Gdańsk-Północ in Gdańsk, 8th Commercial Division of the National Court Register, under KRS number: 0000273731, statistical no. (REGON) 220369522, tax ID (NIP): 9581565693, with its fully paid in share capital amounting to PLN 21,700,000.00 (hereinafter: BEST TFI);

· BEST S.A., based in Gdynia, ul. Łużycka 8A, entered in the register of businesses of the National Court Register, maintained by the District Court for Gdańsk-Północ in Gdańsk, 8th Commercial Division of the National Court Register, under KRS number: 0000017158, tax ID (NIP): 5850011412, tax ID (REGON): 19040034400000, with its fully paid in share capital amounting to PLN 23,014,829.00 (hereinafter: BEST).

 

For the purpose of managing claims, each of the Funds and BEST (hereinafter jointly referred to as Joint Controllers) concluded a joint arrangement under Article 26 GDPR[1], under which it was agreed in particular that:

· BEST is responsible for fulfilling the information obligation;

· BEST is responsible for enabling the exercise of the rights by data subjects. Notwithstanding the above, the data subject can exercise their rights under the GDPR against each of the controllers. In this case, the request of the data subject will be forwarded to BEST, which will fulfil the request.

[1]Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal

data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, p. 1) (hereinafter: GDPR).

 

 

Joint contact point (data protection officer)

 

The Joint Controllers have appointed a single data protection officer, who can be contacted: · by e-mail: iod@best.com.pl,

· by post: BEST S.A., ul. Stoczniowa 2, 82-300 Elbląg, with a note reading “Inspektor ochrony danych”.

 

Other data concerning the data protection officer are available on BEST’s website (www.best.com.pl) in the Contact tab.

 

Source of data

 

If a claim was purchased from the original creditor, personal data was provided to the Joint Controllers by the previous creditor as the debtor’s data. The basis for the transfer of the claim is Article 509 et seqq. of the Civil Code Act of 23 April 1964 (complete text: Journal of Laws of 2018, item 1025, as amended). The fund represented by Best TFI purchased the claims and transferred them to BEST for management based on the concluded agreement for the management of securitised claims and the applicable laws, including Article 45a and Article 193 of the Act of 27 May 2004 on investment funds and the management of alternative investment funds (complete text: Journal of Laws of 2018, item 1355, as amended) (hereinafter: Funds Act). In connection with the conclusion of the debt sale agreement, the Fund purchased the debt and became entitled to claim its repayment.

 

The data of the previous creditor, current creditor and information on the contract under which the debtor is obliged to repay the debt have been provided in the welcome letter notifying the debtor of the purchase of the claim. The above information can be found by logging on to the BEST Online portal (www.online.best.com.pl). If you have any doubts, please contact us.

 

We would like to inform you that the Joint Controllers are required to update personal data. In such a case, we update and supplement personal data based on information obtained directly from the customer as well as state authorities and publicly available sources, such as in particular: KRS (National Court Register), CEiDG (Central Business Register and Information Office), GUS (Statistics Poland), land and mortgage registers, telephone number bureaus, publicly available websites, and based on findings made by detective agencies who have been commissioned to perform such a service. In the vent that debt enforcement proceedings have been initiated or are pending, the Joint Controllers may also obtain or update data based on information received from the court enforcement authorities in connection with the pending enforcement proceedings.

 

 

Which data do we process?

 

Personal data is any information on an identified or identifiable natural person. As the case may be, we process the following categories of data:

· basic identifying data (given name and surname, date of birth);

· identifying data assigned by public authorities (including numbers such as PESEL, NIP and REGON, number and series of a document of identity);

· financial data (in particular: the basis for the debt, principal amount, interest and costs, date when the debt was incurred, maturity, number of claims in the system, security for the claims, information on assets, sources and amounts of income);

· details of family, legal and property relationship (e.g. information on family or household members);

· information on judgements, including judicial and enforcement actions;

· residential data (including address);

· communication data (including data on the pursued communication);

· audio and visual data (including recordings of conversations or image for security and evidence purposes);

· data available publicly or received from third parties;

· electronic identifying data.

 

On what basis do we process personal data?

 

Please be advised that personal data may be processed by the Joint Controllers and BEST CG companies for the following purposes and based on the following provisions regulations:

 

a) for the purposes of the legitimate interests pursued by the Joint Controllers based on Article 6(1)(f) GDPR, i.e.:

· managing claims, including determining the pursuing claims amicably, before court and as part of enforcement proceedings, measuring and trading in claims – for the purposes of the legitimate interests under Article 6(1)(f) GDPR, in connection with Article 193 of the Funds Act;

· receiving and processing queries, complaints and requests, and clarifying all circumstances related to any issues, responding queries or taking action necessary to resolve an issue – for the purposes of the legitimate interests;

· establishing and pursuing claims of any BEST CG company or defending claims against any BEST CG company before law enforcement authorities, adjudicating bodies, including common courts, administrative courts, the Supreme Court, and in administrative proceedings;

· for archiving (evidence) purposes to secure information in the event that proof must be provided;

· surveying Customer satisfaction and evaluating service quality;

· for the purpose of offering products and services provided by companies from BEST CG (direct marketing), and matching them to your needs and preferences, including through profiling (as explained below);

· directly marketing services and products of other entities (marketing third-party products and services);

· for the internal administrative, analytical and statistical purposes of BEST CG companies, including portfolio analysis, statistics and internal reporting as part of BEST CG;

· transferring personal data within the capital group;

· transferring personal data within a group of companies for internal administrative purposes;

· using internal control systems;

· for the purpose of verification and deduplication of personal data of data subjects who have submitted reasonable requests for data erasure – for the purposes of the legitimate interests pursued by the Joint Controllers and the requesting data subject. The Joint Controllers periodically update their databases and obtain personal data from new sources. Consequently, to be able to effectively exercise the right to object, they must each time check whether the data of the data subjects that has been erased from the Joint Controllers’ product databases is re-uploaded. To this end, the Joint Controllers constantly process the data of data subjects erased from the product databases, and based on that they ensure that, once deleted, the data is not re-entered in the product database;

· ensuring information security, in particular by ensuring integrity of back-up copies;

· storing information for tax and accounting purposes, i.e. for compliance with a legal obligation – Article 6(1)(c) GDPR;

· for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract – Article 6(1)(b) GDPR;

· compliance by BEST CG companies with their legal obligations under the laws on preventing money laundering and terrorism financing – Article 6(1)(c) GDPR, in connection with Article 2(1)(7) of the Act of 01 March 2018 on preventing money laundering and terrorism financing (Journal of Laws of 2018, item 723);

· where applicable, fulfilment of tasks by BEST CG companies based on consent – Article 6(1)(a) GDPR.

 

 

The data storage period depends on the purpose. As the case may be, personal data is stored:

· until the repayment or expiry of a liability;

· for the period necessary to receive and process a query, complaint or request and clarify all circumstances related to an issue, respond to a query or take action necessary to resolve an issue;

· for the period necessary to pursue claims by any BEST CG company in connection with the conducted activity, or to defend claims against any BEST CG company, based on universally applicable laws, taking into account the limitation periods for claims specified in such laws;

· for the duration of a concluded contract;

· for a period prescribed by the universally applicable laws (e.g. the obligation to keep accounting documents).

 

If the data subject has given consent to the processing of personal data, the data will be processed until such consent is withdrawn.

 

Please send any queries about the storage periods of personal data to the data protection officer.

 

Information on profiling and automated decision making

 

Personal data may be processed automatically (this includes profiling) for the purpose of drafting a personalised product offer or a settlement, evaluating the customer's preferred method and time of contact with regard to the repayment of debt, and analysing the method of pursuing the repayment of the debt. The terms of the settlement providing for partial debt cancellation are drafted automatically with the use of profiling, based on the analysis of debt data and the history of relations with BEST CG. We offer better repayment terms to reliable debtors who meet their declarations and do not avoid contact.

 

 

To whom do we disclose personal data?

 

Personal data may be disclosed to:

· organisations and authorities to which BEST CG companies are obliged or authorised to disclose personal data based on the universally applicable laws;

· entities which BEST CG companies commissioned with specific activities to be performed for the companies, such as: legal, advisory, accounting, IT, archiving, scanning and document shredding, packing, updating and supplementing personal databases, and on-site debt collection services;

· authorised employees and associates of BEST CG companies;

· economic information bureaus acting based on the Act of 9 April 2010 on the provision and exchange of economic data and information (complete text: Journal of Laws of 2018, item 470, as amended), and the universally applicable laws;

· the competent court and court enforcement officer, if the creditor decides to take legal action, and then initiates enforcement proceedings;

· if you decide to voluntarily repay your debt and obtain its partial cancellation, we will forward your personal data to the competent tax office using the PIT-8C form;

· entities with regard to whom consent has been given for disclosure and processing of personal data;

· entities acting as part of BEST CG.

 

We do not transfer your personal data to third countries, i.e. outside the European Economic Area.

 

 

What are your rights in connection with the processing of personal data?

 

Depending on the case and to the extent specified in the relevant provisions of the GDPR, you have the right to:

· access your personal data;

· have your personal data rectified;

· have your personal data erased (right to be forgotten);

· demand restriction of the processing of your personal data;

· object to the processing of your personal data;

· lodge a complaint with the President of the Personal Data Protection Office (Urząd Ochrony Danych Osobowych) if you believe that the processing of your personal data violates the GDPR. Address: Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa.

 

If you request complete erasure of your personal data from all electronic databases and records, this request will be fulfilled only once all purposes of personal data processing have been fulfilled and all possible mutual claims have expired, and there is no legal obligation to further process your data.

 

Announcement of the President of the Personal Data Protection Office on the processing of personal data by debt collection companies

 

We would like to inform you that, in the announcement of 20 November 2019, the President of the Personal Data Protection Office once again explained that creditors may process the personal data of their debtors for the purpose of pursuing claims or the repayment of debt by themselves, or using debt collection companies for this purpose. The original creditor (e.g. a bank) can sell a debt to another entity. Therefore, the processing of personal data for the purpose of pursuing a claim is allowed by the law, and no consent of the data subject is required for this. Any attempt by the debtor to withdraw consent will be null and void. The basis on which the controller processes the debtor’s data is not the debtor’s consent, but the legitimate interests pursued by the controller, as per Article 6(1)(f) GDPR. Neither does the right to be forgotten referred to in Article 17 GDPR (demand to erase the data) apply to the debtor.

Furthermore, the announcement stresses that the President of the Personal Data Protection Office is not competent to adjudicate any claims or legal disputes concerning the sale of claims. The right to adjudicate such legal disputes rests with the competent common courts, while the President of the Personal Data Protection Office is competent to verify whether data has been disclosed lawfully.

The full announcement of the Personal Data Protection Office is available here: Processing of personal data by debt collection companies