PERSONAL DATA PROTECTION – PRIVACY NOTICE REGARDING PERSONAL DATA PROCESSING
While conducting its business, B2 Kapital Czech Republic (“B2”),headquartered in Prague – Old Town, Rybná 682/14 , ZIP 110 00, Registration no 04191536, a receivables purchasing and debt collection entity, processes personal data that concern you.
What is personal data?
Data is personal data if it refers to an identified or at least identifiable person; a person can be identified if additional information can be obtained without excessive effort to identify it.
Who owns the personal data we process?
B2 processes the personal data of the persons having a contractual relationship with us (e.g. based on Assignment agreement, that based on B2 became new creditor) / or are about to be in a contractual relationship with us, as well as the data of those persons who visit the B2 website or our locations or communicate with us via call center. These categories of people can include debtors, buyers, bidders, external suppliers and employees. B2 also processes personal data regarding the legal and / or conventional representatives of the persons with whom they are or/are about to enter into a contractual relationship Individuals whose personal data are processed are „Data subjects”. By way of exception, B2 may also process information relating to persons whose personal data are provided by persons we are in a contractual relationship with, and in this case, the steps to inform those concerned about the content of this notice regarding processing of personal data, must be made by the person who provided the information.
How we collect your personal data?
By fully complying with the applicable legislation, B2 may collect your data from:
- FinancialFinancial-banking institutions with which you signed loan agreements, and which are assigning their claim rights to B2.
- Directly from you, or in certain cases from other persons justifying a legitimate interest in connection to the agreement related to which we conduct the debt collecting activity.
- Persons empowered to communicate with us in your behalf.
- Public institutions and authorities or other persons or entities which perform a service of public interest (such as: public notary)..
- Publications and databases that are publicly available or based on a contractual relationship (external sources), in order to ensure the permanent updating of the data we hold about you, or for being able to perform the assess the reimbursement of the claim. By external sources we understand: public institutions and authorities, public registers, electronic databases, information available in social media and the internet, or authorized third-party possessing such information.
- When you access the B2 website, there are automatically created records of your visit. These records usually include the IP address, the number of hits, the web page from which you are logged in, and other data. For more information, please consult the “cookie” policy: http://www.b2kapital.cz
When we collect information about you from other sources, we collect them from sources that are publicly available (social media sites, public registers) or made available by third parties. Even in these cases, we take your rights into account. Here are some of these situations:
- We cannot reach you and we need to update your data, so to ensure the accuracy of your personal data;
- We need these data for fraud prevention and anti-money laundering purposes, or there are legal requirements to collect certain data.
What personal data we process?
Your personal data that we are processing may include:
- Identification data such as: name, birthday, nationality, personal identification number (CNP/TIN), data registered within ID documents, place of birth, domicile address, residence.
- Contact data such as: correspondence address; phone number; email address.
- Data regarding your financial and/or professional status, such as: job/profession; the nature of your own activity; the public function held; employer name; income; nature of income; source / sources of income; bank account; data on real estate and other assets you own; information regarding existing debts (e.g., type of debit, value, interest, lender, currency, costs); information on the debt collection situation (e.g. payment plan, costs, records of balances).
- Data resulting from the video recording if you visit the B2 locations, to the extent of the applicable legal provisions;
- Data regarding other data subjects who are party(s) of the agreement representing the source of the claim managed by B2 (e.g. guarantors / heirs / spouse or husband)
- Data on administrative or judicial proceedings in which you are involved, to the extent that they are related to the claims owned or managed by B2 and/or may influence the recovery conditions of such claims (e.g. enforcement, judicial liquidation, bankruptcy, reorganization, other judicial procedures, the establishment or defence of our rights in court); such data may include: official information regarding fraudulent/potentially fraudulent activity, official data regarding criminal charges and/or criminal convictions related to, for example, corruption, bribery, financial crime, other frauds, money laundering and terrorism financing.
- Information that is the subject of the evidence of all interactions between you and B2 through correspondence or communications between you and us, so that we can fulfil the legal obligation set forth in our duty by Emergency Ordinance 52/2016 on credit agreements offered to consumers for real estate properties (based on which we are authorized by the National Authority for Consumer Protection).
- Personal data that you have provided us so that we can provide you with debt repayment solutions that take into account your individual circumstances, your interests and rights and your ability to repay debt.
- Other personal data mentioned or included in the initial contract or in the documentation related to debt or guarantee that is the subject of the receivables we manage (such as the documentation in the legal enforcement file, documentation from the credit file provided by the assignor).
- Any other information derived from the processing of personal data by B2 which are necessary to conduct the business for the purposes mentioned below, such as for example the segmentation of the managed claims portfolio; the unique identifier assigned at B2 level for each individual debtor.
Why (for what purposes) are we processing your personal data?
B2 is processing your data only to the extent that this data is related and/or may influence the claim recovery process and in connection to the establishment, exercise or defend of B2’s claims in court or the rights of the creditors that we represent. In this context, the purposes for the personal data processing mainly cover the debt collection and recovery including the following:
- Analysing your financial status and the income sources, so to be able to identify repayment conditions for the debts fitting your individual situation.
- Conducting communication with you and proper identification of the data subjects
- Conducting the necessary legal and judicial procedures for the debts recovery (e.g. legal enforcement, judicial liquidation, bankruptcy, reorganization, intervention in other judicial proceedings, establishment or defence of our rights in court), as well as identifying the favourable solutions for all involved parties leading to close of outstanding debts;
- Processing and answering to your questions, complaints and requests.
- Assessment of the opportunity to enter into a contractual relationship or to close a transaction (e.g. analysing the exposure to the risk involved when concluding a sale or purchase agreement, an assignment agreement or participation to an auction), including checks to identify, prevent and combat the money laundering, terrorism financing and fraud.
- Statistical analysis to assess the company’s activity and the managed claim portfolios, as well as the necessity to improve the collection and recovery methodology.
- Answering the requests of public authorities or fulfilling legal requirements applicable to B2;
- Legal reporting purposes to competent authorities, according to regulatory provisions, as well as financial & accounting purposes, economical/financial and administrative purposes within B2.
Which is the legal ground for your personal data processing?
- Meeting the legal obligations applicable to B2 or public interest (e.g. consumer protection legislation, civil law, tax and accounting laws, legislation on prevention and combating money laundering and terrorism financing).
- Performance of the agreement in which you are a signatory, which is the source of the claim Bin respect of which B2 holds the status of creditor or representative of the creditor.
- Make the necessary steps and diligence, at your request, with a view to concluding a sale or purchase contract with B2.
- The legitimate interest of B2, its affiliated companies or of the creditors on behalf of which B2 provides debt collection or recovery services, which may concern:
- Professional assistance in managing the company’s activity in terms of efficiency, profitability and safety for all interested parties and assessing the opportunity to enter a contractual relationship; for example: centralizing operations of acquisition of portfolios by maintaining a database, performing statistical analysis on the portfolio of receivables and on the efficiency of the activity, analyzing and mitigating the risks to which the company may be exposed – financial risks and / or reputation risk, planning and development of business strategy, development and improvement of collection methodologies.
- Fraud prevention and asset protection, as well as ensuring a high level of information and physical security.
- Establishing and/or exercising or defending company rights in court.
- Your consent, in some situations when it has been granted to us.
How we use (process) your personal data?
Personal data processing means performing operations such as: collecting, registering, organizing, structuring, storing, modifying / updating, retrieving, consulting, using, transmitting, aligning, disclosing, sharing, restricting, deleting, destroying, archiving personal data. In order to fulfil the above-mentioned purposes:
- We use tools that are not fully automated (human intervention is required) to establish the reimbursement profile / evaluation / forecast. This profiling is based on the information you provided us directly or provided to us by the initial creditor as well as on the information obtained from free public sources (Internet / social networking / public databases / publications and official public information issued by public authorities / official databases on entities and persons that are subject to international sanctions). Thanks to these profiles, we can decide the optimal way for both parties to recover the debt, especially if it is necessary to initiate legal enforcement procedures or to assess the opportunity for the company to conclude a sale or assigning contract.
- We comply with legal obligations, including the reporting ones, arising from national and European regulations (e.g. prevention of money laundering and terrorist financing, obligations deriving from tax or accounting legislation). The provision of personal data for these purposes is mandatory.
- If we cannot contact you, in order to comply with the principle of data accuracy, we will do our best to permanently update your personal data on the basis of information obtained from official sources (e.g. trade registry, court portal; official information of public interest issued by public authorities) or from free or private public sources (internet / social networks / public databases / databases provided by contractual partners of the company);
- We use your data to carry out functional activities to perform asset recovery related to the properties ensuring our claims.
- We also use your data to carry out internal statistical analysis to evaluate the efficiency and improvement of debt collection methodologies.
- We process and analyze your complaints, requests for exercising your privacy rights and any other requests you address to us.
- We inform you about the situation of your debts, the status of the legal proceedings in progress that are related to your debts, as well as about any data and information of interest to you regarding the debt collection process.
- We identify opportunities to improve our services, so that we can provide you with better services and solutions to meet your individual needs and situation.
Are your data safe at B2KPM?
B2 believes that the security of your personal data is very important and, in this regard, ensures the adoption and periodic review of organizational and technical security measures designed to protect your data against unauthorized access, modification, disclosure or destruction. Access to your personal data is only allowed to persons authorized by B2, following an appropriate assessment and who have previously accepted their confidentiality obligations.
Who are the recipients of your personal data?
In the normal course of business, B2 may transfer your data to other individuals or entities to achieve the purposes for which we process the personal data you have directly transmitted to us or were obtained from other sources. B2 can also use or disclose personal data when it has a legal obligation or is permitted by law to do so.
Here are several examples of situations when B2 may transfer your personal data:
- We can provide data to the to the creditors from whom B2 has acquired claims.
- In the B2 Impact Group, of which B2 is a part, we can transfer your personal data to other subsidiaries or companies in countries that are part of the European Economic Area. Your personal data may also be transferred to a country which is not a member of the European Economic Area, in the absence of an adequacy decision from the European Commission, including to: Serbia and Bosnia and Herzegovina. Risks related to transferring your personal data to a country not ensuring an adequate level of protection are mitigated by the Company, by implementing appropriate safeguards in the form of executing Data transfer agreement with standard contractual clauses for the transfer of personal data from the Community to third countries, of which you may obtain a copy after contacting the Data Protection Officer, in accordance with the details presented below.
- Our contractual partners – we can transfer your personal data to our partners with the aim to improve the debt collection services.
- Underwriters of claim rights – We may transfer your personal data to other natural or legal persons to whom the B2 assigning their claims.
- Supervisory authorities – if required by a mandate, or for the application of a national or European law, we can communicate details of your personal data or transactions without the need to inform you.
- Other public authorities – we may provide your personal data to respond certain legal requirements or to third parties justifying a legitimate interest (e.g. public notary, courts of law).
- Transferring to your request – there may be situations in which you require us to transfer your data to a Representative or Empowered acting in your name and on your account (for example, financial consultants, lawyers, mediators).
- Transferring to other third parties – we may transfer your personal data to other entities outside our Group, that are not public entities, such as:
- Providers that help us improve our services, or develop, implement or manage our business systems, infrastructure, or operational processes (for example, auditors, consultants, analysts, accounting service providers, etc.)
- Suppliers that provide us with maintenance and support, so to be able to operate for you the recovery services in optimal and safe conditions. For example: vendors who develop / implement or manage IT applications and infrastructure, archiving companies, courier / postal service providers delivering various notifications, companies that manage the security systems implemented to ensure confidentiality / integrity and availability of your data, etc.
- Suppliers who provide us with assistance in carrying out legal procedures for the legal enforcement, insolvency or other debt recovery procedures (e.g. lawyers, appraisal experts, consultancy firms, cadastral experts, accountants, real estate agencies, sites that ensure the promotion of the real estate to optimize the value of the collateral related to the managed receivables).
How long we process and store your personal data?
Your personal data will be processed by B2 for the time strictly necessary for the purposes of processing, which may vary depending on the purpose of the data being used. Thus, B2 will process your data throughout the claim collection process and store it for a period of five years from the time the debt is transferred to another creditor and / or after the full recovery of the claim, unless the law stipulates otherwise. When the claim is settled after the conducting enforcement proceeding, personal data will be stored for time period of at least 10 years, unless the law stipulates otherwise. In the case of data processed for accounting purposes, your data will be stored for a minimum time period of 11 years, respectively, in accordance with statutory accounting regulations. The retention period of the data resulting from the video recording if you visit the B2 locations and records of telephone call from call centre, is maximum of 2 years.
What are your rights and how can you exercise them?
You can exercise at any time the following rights, within the limits and with the observance of the conditions provided by the applicable legislation in the field of personal data protection:
- Right to be informed – You benefit from the right to information and therefore you may request at any time information and details on how we process your personal data, which we will provide you verbally or in writing through the channels requested by you.
- Right of access to your data – You may at any time request the access to your personal data held by B2 through by which we will inform you on the processing of your personal data, i.e. the confirmation that your personal data is processed or not by B2, the purposes, the grounds and the conditions of the processing.
- Right to the data rectification – You can ask us anytime to correct your personal data, including by filling in a complementary statement, so that we can ensure that, at all times, your data is actual, accurate and precise.
- Right to object to data processing – For reasons related to your particular situation, you may object to the processing of your personal data based on the legitimate interest of the B2 to the processing carried out in the public interest.
- Right to data restriction – You have the right to request the restriction of processing in the following situations: (i) you have challenged the accuracy of your personal data that we process, so that, for the period necessary to verify their accuracy, your data will be restricted from processing;(ii) the processing of your personal data was considered illegitimate and you opposed the deletion of the data, requesting instead the restriction of the processing; (iii) you oppose the processing of your personal data, so that during the verification of the validity of the processing grounds, your data will be restricted; (iv) although the data retention period has expired, you have expressly requested us to retain your data for establishing, exercising or defending a right in court. In the case of restriction, your personal data may be processed by storage. Other processing operations will be possible only for: (i) establishing, exercising or defending a right of the B2 in court; (ii) to protect the rights of another natural or legal person; (iii) based on your express consent or (iv) to protect a public interest. If your request for data restriction has been complied with, we will inform you accordingly, before removing the processing restriction.
- Right to data erasure (“right to be forgotten”) – You may ask us to delete your personal data that we process, and we will do all the necessary steps to do so if: (i) it is no longer necessary to meet the purposes for which it was collected; (ii) you withdraw your consent and the processing was done on the basis of this consent, and there is no other legal basis for continuing the processing; (iii) you opposed the processing of the data and there are no legitimate reasons for further processing; (iv) your personal data has been processed without a valid legal basis for doing so. We also inform you that personal data for which you exercised the right to erase, may still be processed in the following situations: (i) for the fulfilment of legal obligations stipulating the processing, (ii) as well as for establishing, exercising or defending a right in court.
- Right to data portability – In the case of your personal data that we are processing by automatic means, on the ground of your express consent or for the performance of a contract between you and B2, you may request us to provide you such data in a structured, and automatically readable format, which you may send to another data controller, or you may request us to send the data directly to that data controller (concerned to the extent that this is technically possible).
- Right to withdraw your consent – in cases where processing is based on your consent, it can be withdrawn at any time. Withdrawal of your consent will have effects only for the future processing. The processing performed before the withdrawal of consent, remains valid.
All these rights can be exercised by submitting to us a written request in this regard, to the contact details listed below and we will respond you within 30 calendar days or, if the request requires a more complex analysis, this deadline may be extended by another 60 calendar days, in which case we will inform you accordingly, also by providing you the reasons for the extension. If you are addressing your request electronically, we will also provide you with the information in electronic format, if possible, or through another format or channel requested by you. B2 may request additional information to confirm your identity before we can share your personal data or act in connection with the exercise of the above rights. We also inform you that, in justified cases, the law allows us to refuse to act according to your requests, for example if the purposes for which we process your data have not been fulfilled, and the processing is not based on your express consent, or where your claims are excessive, by their repetitive or obviously unfounded character. Even in this case, we will give you a written explanation of such a refusal.
If you are convinced that your personal data is being processed incorrectly and does not comply with the legal requirements, you may file a complaint with The Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Praha 7,Czech Republic, Tel: +420 234 665 111;
Contact details of B2KPM regarding personal data
If you have any questions or requests regarding your rights described above, please contact us:
- Address: B2 Kapital Czech Republic s.r.o., Burzovní palác, Rybná 682/14, 110 00 Prague 1, Czech Republic
- Data Protection Officer: