Clarification of terms
personal data – shall be understood as all information about an identifiable natural person, including a natural person running a business,
controller – shall be understood as the entity which determines the purposes and methods of personal data processing,
processor – an entity which processes personal data on behalf of the controller,
the data subject – understood as a natural person identifiable on the basis of personal data provided to the controller,
data processing – shall mean any activity which is performed on personal data, whether or not it is performed by automated means, e.g. collection, storage, recording, organisation, modification, consultation, use, disclosure, restriction, erasure or destruction,
recipient – understood as a natural or legal person, public authorities, individuals or other entities to whom personal data are disclosed.
This policy does not apply to, among others, situations where TC processes your data only as a processor, i.e., for example, in regards to the data of debtors entrusted to TC for processing by their creditors, who are customers of TC, in order for TC to provide debt collection services to their creditors (in these situations, the controllers of the personal data shall be the creditors).
As a processor of personal data, TC informs that it acts as a personal data controller, i.e. as an entity determining the purpose and method of data processing, in relation to:
1) personal data of natural persons within the scope of performance of the agreement concluded with them (the Agreements for the provision of debt collection services, Agreements for the provision of invoice financing services, Agreements, the Agreements for the provision of factoring services or any other contract for the provision of a service by TC to those persons),
2) personal data of natural persons from whom TC purchased the debt as a result of the assignment of the claim,
3) data of natural persons who have given consent to the processing of their data.
Whereas, with regard to personal data of debtors (as part of debt collection services) and contractors (as part of factoring services until the assignment of debts), TC acts as a processor. You shall remain the controller of such personal data. The rules for entrusting the data processing are specified in the General Terms and Conditions for the Provision of Collection Services available on our website (with respect to the data entrusted by you to TC in connection with the ordering of Collection Services) and in the Personal Data Processing Entrustment document (with respect to the data entrusted at the stage preceding the conclusion of the assignment agreement as part of factoring).
Below we indicate the data of TC as a personal data controller:
TRANSCASH.EU Spółka Akcyjna, with its registered office in Wysoka, under the address: ul. Chabrowa 4, 52-200 Wysoka, entered in the register of entrepreneurs of the National Court Register maintained by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under the number: 0000626049, NIP [Tax ID No.]: 8971714717
Purposes and legal bases of the processing of personal data and storage periods by TC
Your personal data may be processed by TC:
- in order to prepare for the conclusion of a debt collection agreement, a factoring services agreement or a debt assignment agreement with you (including the consideration of a debt sale offer made by you) – pursuant to article 6(1)(b) of the GDPR, i.e. when it is necessary to take action at your request before the conclusion of the agreement (the data are stored by TC until the end of these actions or until the conclusion of the contract),
- for the performance by TC of an agreement concluded with you (including a debt collection, factoring or assignment agreement) – pursuant to article 6(1)(b) of the GDPR, i.e. when it is necessary for the performance of the contract concluded with you (the data are stored by TC for the duration of the agreement, settlements after its completion, and then the period of limitation of any claims resulting from it),
- for the possible establishment and defence of claims by or against TC pursuant to Article 6(1)(f) of the GDPR, i.e. where the legal basis for the processing is the legitimate interest of TC to protect its rights (the data are stored by TC until the statute of limitations for TC claims arising from the agreement expires – the statute of limitations shall be laid down by law, in particular by the Civil Code),
- for analytical and statistical purposes, pursuant to Article 6(1)(f) of the GDPR, i.e. where the legal basis for the processing is the legitimate interest of TC, to improve the quality of the service and to adapt it to the needs of customers (the data are stored by TC for a period of 3 years from the date of termination of the contract or from the event necessitating such processing),
- for the purposes of direct marketing, on the basis of Article 6(1)(f) of the GDPR, i.e. where the legal basis for the processing is the legitimate interest of TC in the controller’s right to process personal data for the purposes of direct marketing, as expressed in recital 47 of the GDPR (the data are stored by TC until the data subject effectively objects),
- for the purpose of other marketing, pursuant to Article 6(1)(a) of the GDPR, i.e. on the basis of your consent (the data are stored by TC until the data subject’s consent for further processing of their data for this purpose is withdrawn),
- in order to perform obligations provided for by law (including accounting and tax) – pursuant to Article 6(1)(c) of the GDPR (the data are stored by TC for the period required by law, e.g. ordering the controller to keep the tax books until the expiry of the limitation period for tax liability).
Therefore, your personal data are processed by TC, among others, in connection with the handling of concluded agreements, for the time necessary to perform the services, and for the time during which it is possible to pursue claims in connection with the provided services. Your data may also be stored by TC for the purpose of preventing abuse and fraud, for statistical and archiving purposes for a period of 3 years from the date of termination of the contract or from an event necessitating such processing. If the processing is based on consent, the data shall be used by TC until the consent is withdrawn. For a period of 5 years counted from the date of the withdrawal of the consent for the data processing, TC may store the data on a limited basis to demonstrate the processing of this data compliant with the GDPR, unless the controller—based on other legal bases—has the obligation to process your data for a longer period. At the same time, for the sake of accountability, TC will keep the data for the period for which it is obliged to retain data or documents containing them in order to document the fulfilment of legal obligations, including the possibility to control their performance by public authorities.
Voluntary provision of personal data
Providing personal data for the abovementioned purposes is voluntary, however, if you do not provide it, it may result in TC not being able to conclude an agreement with you (e.g. when it is necessary to fill in a form by entering your data).
Rights of a person whose data are processed by TC as a personal data controller
If TC processes your personal data as a controller, you have the right to:
- have access to your data and receive copies of them,
- rectify (correct) your data,
- delete your data, limit the processing of data,
- object to the processing of data (including profiling),
- transfer the data
- lodge a complaint with the supervisory authority,
- withdraw the consent to the processing of personal data where the processing of such data is based on a consent given by you (Article 6(1)(f) of the GDPR)
Information on the recipients and categories of recipients of the personal data
Your personal data may be disclosed to:
- entities related to TC, i.e. Trans.eu Group S.A. or other companies of the Trans.eu capital group,
- other users of the Trans.eu Platform operated by Trans.eu Group S.A.,
- authorised employees or contractors of TC, including entities providing selected services to TC (accounting, marketing, IT, electronic payment processing services – to the extent necessary for the provision of those services),
- TC business partners (entities supporting our services).
Obtaining the debtor’s (contracting party’s) data in case of purchase of the debt by TC
TC conducts factoring activities under which it purchases debts. As a result of an assignment and debt purchase agreement, TC becomes the controller of the debtor’s data transferred to TC by the assignor (the person selling the debt to TC) in order to enable the effective sale of the debt. These details include the debtor’s contact details as held by CEIDG (Central Registration and Information on Business) and details of the debts from the invoice (invoice number, date of issue, due date, amount). The source of this information is the documentation submitted to TC by the assignor in connection with the assignment agreement (the debt sale offer/request for financing the invoice) and the documentation necessary to prove the existence of the debt sold (the transport order/transport contract, the transport document confirming the performance of the service, and the VAT invoice issued by the assignor to the debtor) In the event of a debt purchase, the debtor is notified of the change of creditor and of the processing of their personal data by TC as the controller.
Automated decision making and profiling
To the extent necessary for the conclusion or performance of the contract with TC, your personal data may be processed by automated means, which may involve automated decision making, including profiling, which may have legal effects on you or otherwise significantly affect your situation. Such cases may occur as part of the offering process in order to determine the possibility of submitting an offer to conclude a factoring services agreement. Automatic analysis may include data provided by you in forms on the websites transfactor.eu and transinkasso.eu, as well as data on the customer’s past history of cooperation with TC, if any, including data on the history of debt collection orders held for/or against you, and, in addition, publicly available data from state registers, data from business intelligence centres and the debt exchange operated by TC. Statistical models are used in the process of evaluating the possibility of submitting a contract offer, as a result of which your ability and credibility to incur liabilities to TC is determined. If TC proves that there is insufficient capacity, if any, or no credibility to incur the obligation, it will refuse to provide you with a contract and service.
II. COOKIES POLICY
This Annex governs the policy applied by Transcash.eu S.A. with its registered office in Chabrowa 4, 52-200 Wysoka, entered in the register of entrepreneurs of the National Court Register maintained by the District Court for Wrocław-Fabryczna in Wrocław, the Commercial Division of the National Court Register, under the number: 0000626049, NIP [Tax ID No.]: 8971714717 (hereinafter: the Controller) and its subcontractors and related entities, in the scope of protection of personal data of Users and information that may constitute a secret of the Users’ enterprise.
This Policy applies to services offered by the Administrator through the following websites https://pl.transinkasso.eu/ i https://transfactor.eu/ and the forms belonging to Transcash.eu, available on the Trans.eu platform (www.trans.eu).
The Controller uses the so-called “cookies” to track the visits of the Users and to record their preferences, such as their language and login data. If you disable cookies on your browser, you may not be able to use all products and services.
Data stored in Google Analytics
The traffic on the Controller’s pages is monitored by Google Analytics, which aims to collect data on the use of websites and their popularity. These data are, for example, the used browser or the IP address. They will never be made available by us to third parties.
In order to use the services and products offered by the Administrator, you must register your account on the Trans.eu platform or use the form available at the Controller’s following websites https://pl.transinkasso.eu/ and https://transfactor.eu/. During registration, the following data should be provided: name, surname, e-mail address, gender, date of birth; the data on professional preferences and qualifications can also be provided. Data are also collected passively, i.e. through the operation of the website (e.g. IP address, resolution, location, browser type).
Use of data
Contact information will only be used for:
- the necessary performance of the contract concluded between the User and the Controller,
- answering the question/complaint,
- enabling contact to be established between the Users in order to start negotiations/conclude an agreement/commission,
- sending you our newsletter about changes in the software, the Terms and Conditions, etc.
- providing product information if the user has shown a sufficient interest.
Sharing the data with other parties
We reserve the right to share your personal data with subsidiaries and affiliates of the Controller as well as with subcontractors to the extent necessary to perform the agreement for the provision of services. The Controller shall exercise due diligence in the transfer of data, applying such measures and safeguards preventing access to the data by unauthorised persons (including SSL, encrypted connections).
Without the user’s consent, personal data will not be made available to other third parties, except for the circumstances in which the transfer takes place as a result of a legally justified request of an authorised entity (e.g. law enforcement or judicial authorities).
Access to data
The user has the right to review, correct or oppose the use of their personal data. After receiving a written request and a document confirming the identity of the User, the Controller will correct or delete the User’s personal data from the database. The Administrator will make every reasonable effort to comply with the requests of users to delete their personal data, unless the data must be retained for applicable law or legitimate business purposes. The Administrator enables the correction of the majority of personal data within the framework of equal functions offered within the Trans Service (e.g. independently by editing the account or through the a consultant).
In order to ensure security, the Administrator shall:
- use SSL encryption,
- allow access to the account only after entering the correct login and password (it is recommended to set passwords consisting of at least 6 characters and containing upper and lower case letters, special characters, and digits), which should be kept secret by the User,
- control the methods of collecting, storing and processing information, including physical security measures, to provide protection against unauthorised access to the system,
- grant access to personal data only to those employees, contractors and, representatives who must have access to them in order to process them for the needs of the Controller. In addition, they are bound by the agreement to maintain strict confidentiality and may suffer consequences if they fail to do so, including the termination of their cooperation.
Transcash.eu S.A. ul. Chabrowa 4, 52-200 Wysoka or email: firstname.lastname@example.org