Information Notice of Personal Data Controller
Information for the client (Master1.pl car sale)
Prime Car Management S.A., based in Gdańsk (80-308) ul. Polanki 4 (“Company”) hereby states that with respect to your personal data acquired by the Company, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/WE (hereinafter accordingly: “personal data” and “GDPR”), the Company has become and remains the controller of such acquired personal data.
The Company has appointed a data protection officer who can be contacted at the following address:
– Data Protection Officer, Prime Car Management S.A. ul. Polanki 4, 80-308 Gdańsk,
– e-mail address: firstname.lastname@example.org.
The Company processes your data (including such data categories as forenames, surname, company name, identification numbers, address details, contact details, and data for telecommunication tools used) in connection with the intention to conclude a contract for a product or service offered by the Company (hereinafter: “Contract”), or the performance of such a contract already concluded.
1. publicly available registers, business and credit information offices or other bases which may be used by the Company pursuant to the provisions of the applicable law or your consent;
2. information about you, including personal data, held by other companies of the capital group of PKO Bank Polski S.A.; the basis for the exchange of data within this Group is your consent, while for risk management – the statutory or legitimate interests of companies subject to the exchange, in connection with the applicable regulations of the common law.
Legal bases for data processing
The personal data obtained from you are processed lawfully, and their processing legal basis may be:
1. pre-contractual requirements – i.e. processing is necessary in order to take steps at your request before the conclusion of the Contract, as specified in Article 6(1)(b) of the GDPR;
2. contractual requirements – i.e. processing is necessary for the performance of the concluded Sale Contract, as specified in Article 6(1)(b) of the GDPR;
3. statutory requirements – i.e. processing is necessary for the Company to comply with its legal obligations under the legal provisions, as specified in Article 6(1)(c) of the GDPR;
4. legitimate interests of the controller – i.e. processing is necessary for the purposes of the legitimate interests pursued by the controller, as specified Article 6(1)(f) of the GDPR.
Purpose of data processing
Based on the above legal bases for data processing, the Company processes your data for the following purposes:
1. for the purpose of analysing the possibility of concluding the Contract to which you will be a party, and for the purpose of forwarding you a request for funding – based on pre-contractual requirements;
2. for the purpose of performing the Contract, once it has been concluded, including the handling of inquiries and complaints, executing your orders, e.g. conclusion of accompanying contracts, e.g. a contract securing the Company’s receivables – based on contractual requirements;
3. for the purpose of complying with anti-money laundering and anti-terrorist financing regulations and obligations imposed on obligated institutions and, in the event of concluding the Contract, also for the purpose of complying with legal regulations, e.g. tax settlements – based on statutory requirements;
4. for the purpose of asserting and defending against claims relating directly or indirectly to the Contract – based on legitimate interests of the controller;
5. for the purpose of substantiating your warranty claims for physical defects of the items sold or for damage liability following from the sale contract concluded, as well as justifying other claims, complaints, applications, and requests,
6. for the purpose of dealing with requests forwarded via the contact form or via other available communication channels, or substantiating your claims, complaints, and applications – based on pre-contractual requirements or based on legitimate interests of the controller, depending on a matter covered by the request,
7. for the purpose of marketing the Company’s products and services (including, in particular, financing services, as well as insurance mediation services), which may be in certain cases preceded by the establishment of your profile and its analysis by the Company – based on legitimate interests of the controller, and – if the contract is not concluded if you have given your consent in this respect;
8. for the purposes of ensuring the effectiveness, legality and security of the business activity carried out by the controller and the processing of personal data, in certain cases related to the building and analysing your profile – based on legitimate interests of the controller.
The period of processing
The period of processing of the collected personal data is related to the purposes indicated above. In view of the above, personal data will be processed for the longer of the following periods:
1. for the period in which data must be stored under legal regulations or
2. for the period of limitation for any claims, the pursuit of which requires data availability.
Entities to whom data may be disclosed
Personal data obtained may be disclosed in the course of their processing for the purposes indicated above – to entities other than the Company, i.e.:
1. to companies of the PKO Bank Polski S.A. Capital Group, of which the Company is a member; the current list of such entities is available at www.pkobp.pl, in particular to PKO Leasing S.A. based in Łódź, al. Marszałka E. Śmigłego-Rydza 20 or PKO Bank Polski S.A. based in Warsaw at ul. Puławska 15, for the following purposes:
a) administration of human resources as well as conducting analyses and implementing process solutions relevant to the optimisation of the business activity of the capital group, based on terms and conditions established in the agreements concluded between entities within the capital group;
b) execution of legitimate interests of the PKO Bank Polski S.A. Capital Group, resulting from the rights of the entities from this group to exchange information to prevent fraud or effective risk management and financial reporting within the capital group, in connection with the applicable laws;
c) indicated in your consent to the processing of personal data.
As a result of making such data available by the Company, the entity from the capital group receiving these data will become, from the moment of their reception, an independent controller and will process these data for the purposes indicated in this point. With respect to PKO Leasing S.A. and PKO Bank Polski S.A., the principles of data processing and your rights resulting from this fact are described on the websites of PKO Leasing S.A. and PKO Bank Polski S.A. in the tabs dedicated to personal data protection (GDPR).
2. to the the entities of Masterlease Capital Group to which the company belongs, the current list of the entities being found at www.masterlease.pl/grupa, to analyse and implement process solutions relevant for optimising business operations and to pursue legitimate interests in the exchange of information for fraud prevention, effective risk management as well as financial reporting and contract handling.
3. the entities of Masterlease Capital Group to which the company belongs, the current list of the entities being found at www.masterlease.pl/grupa, to analyse and implement process solutions relevant for optimising business operations and to pursue legitimate interests in the exchange of information for fraud prevention, effective risk management as well as financial reporting and contract handling.
4. to entities that prepare the sold item for its handover or repair of its detected defects as part of good trade practice, and to entities that carry out the controller’s duties following from provisions on warranty for sold item physical defects and on damage liability.
5. to entities providing services to the Company which are important for the Company to conduct business activity, e.g. IT or operational service providers, auditors, advisors (including legal advisors), entities dealing with debt collection if there occur delays in payments due to the sale contract, property appraisers, insurance brokers, insurance agents and motor claims adjusters (for the purpose of verifying the terms and conditions of your insurance policy and the settlement of motor claim), in addition to entities that are entitled to obtain information on the basis of legal regulations.
Data processing principles
The processing of your data by the Company is based on a voluntary basis, however, the refusal to provide data may make it impossible to take the actions you have requested.
Your personal data may be processed using analytical models in an automated manner, including profiling, for risk analysis and marketing purposes. As a result, we will be able to apply to you a simplified processing procedure, protect the assets of the Company and its stakeholders or present you with a customized offer of products and services offered by the Company.
Realization of data persons’ rights
In cases and on principles set out in the provisions on the protection of personal data, you have the right to access, rectify or delete your data, restrict the processing of your data, object to the processing of personal data based on a legal basis in the form of legitimate requirements of the controller, as well as transfer of personal data.
If you do not agree with the content of the decision taken by automated means, you have the right to reconsider the subject matter of the analysis, taking into account additional information provided by you and with the participation of a substantively competent representative of the Company.
You can exercise these rights by sending a relevant request by post to the following address:
– ul. Polanki 4, 80-308 Gdańsk or
– by e-mail to: email@example.com.
Right to lodge a complaint
Notwithstanding the foregoing, you have also the right to lodge a complaint with the competent supervisory authority (President of the Office for Personal Data Protection) specified in the currently applicable law regulating the principles of personal data protection if, in your opinion, the processing of your personal data violates the provisions of the GDPR.
Transfer data outside the European Economic Area (EEA)
Please be advised that it may also be necessary to transfer your personal data outside the European Economic Area (EEA), due to the potential possibility of some of our suppliers or auditors being the recipients of the data to operate there.
In any such case, before transferring the data, however, we will ensure that, as part of ensuring data security, our suppliers or auditors guarantee a high level of personal data protection by obliging these entities to use standard contractual clauses adopted by the European Commission and confirming the existence of effective data protection enforcement mechanisms, required by the European Union law.
You have the right to request us to provide you with a copy of the appropriate security measures (protection measures) that we apply in connection with the transfer of your data outside the EEA, by directing your inquiry to the above-mentioned address of the Data Protection Officer.