Data Confidentiality and Privacy Protection

The confidentiality of data and the protection of our Clients’ privacy are of paramount importance to us. Therefore, in order to ensure the security of your personal data, Julianus Inkasso Sp. z o.o., with its registered office in Warsaw at ul. Postępu 18B, 02-676 Warsaw, has established a policy defining the principles governing the processing of personal data.

Your personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter GDPR).

Personal Data Controller

The controller of your personal data within the meaning of Article 4(7) GDPR may be:

  • Julianus Inkasso Sp. z o.o., with its registered office in Warsaw at ul. Postępu 18B, 02-676 Warsaw, entered in the register of entrepreneurs maintained by the District Court for the Capital City of Warsaw, XIII Commercial Division of the National Court Register under number 0000997711
  • Nova Mispra Capital Sp. z o.o., with its registered office in Warsaw at ul. Domaniewskiej 47/10, 02-672 Warsaw, entered in the register of entrepreneurs maintained by the District Court for the Capital City of Warsaw, Commercial Division of the National Court Register under number 0000585683
  • Recoverso RMC OÜ, with its registered office in Tallinn (Estonia) at Toompuiestee 35, Tallinn, 10149, registered in the Estonian Commercial Register under number 141897044

    or another creditor on whose behalf Julianus Inkasso Sp. z o.o. undertakes activities related to debt servicing.

    (hereinafter the Controller).

    If the personal data controller is an entity other than those indicated above, full details of the controller, including its name, registered office address, and legal basis for data processing, will be provided in the first correspondence addressed to the data subject.

Contact with the Controller
For all matters related to the processing of personal data, you may contact the Controller at the above registered office address, by e-mail at dataprotection@julianus.pl, or by traditional mail at: ul. Postępu 18B, 02-676 Warsaw.

Data Protection Officer
The Controller has appointed a Data Protection Officer (DPO), who may be contacted regarding personal data matters — DPO Małgorzata Topyła-Komosa.

The DPO may be contacted electronically via e-mail at dataprotection@julianus.pl or by traditional mail at the correspondence address: Data Protection Officer, Julianus Inkasso Sp. z o.o., ul. Postępu 18B, 02-676 Warsaw.

Source of Personal Data
Personal data is obtained directly from you or from third parties, such as entities on whose behalf you act or our business partners, as well as from publicly available registers. Information is obtained, among others, through completion of a contact form, sending an e-mail message, telephone conversations initiated by you, and cookies.

Scope of Processed Personal Data
When contacting the Controller via the website, contact details provided on the website, or by other means, the Controller processes the data provided by you for contact purposes, including first name, last name, PESEL, identity document number, e-mail address or telephone number, residential address, bank account number, the content of your inquiry or matter raised, and any other data you provide.

In connection with the use of cookies for statistical purposes, the Controller may process the following data: IP address, duration of a given session, and frequency of website visits.

Purpose and Legal Basis for Personal Data Processing
Purpose of processing and its legal basis:

  • Providing a response or follow-up contact with a person who contacted the Controller. Legitimate interest of the Controller – Article 6(1)(f) GDPR.
  • Taking steps prior to entering into, as well as concluding and performing a contract or agreement — where you are a party thereto. Processing is necessary for the performance of a contract – Article 6(1)(b) GDPR.
  • Ensuring contacts necessary for servicing and performance of a contract concluded with the entity on whose behalf you act and maintaining business relations. Legitimate interest of the Controller – Article 6(1)(f) GDPR.
  • Carrying out activities aimed at improving and coordinating the Controller’s operations, including correspondence registration. Legitimate interest of the Controller – Article 6(1)(f) GDPR.
  • Taking actions aimed at debt recovery, handling complaints, and establishing, pursuing, or defending against claims. Legitimate interest of the Controller – Article 6(1)(f) GDPR.
  • Fulfilment of legal obligations imposed on the Controller, including accounting and bookkeeping obligations and execution of data subjects’ rights. Compliance with a legal obligation – Article 6(1)(c) GDPR.
  • Sending marketing content in the form of a newsletter (including information about the company and current offers) by electronic means. Voluntary consent – Article 6(1)(a) GDPR.
  • Conducting direct marketing activities. Legitimate interest of the Controller – Article 6(1)(f) GDPR.
  • Conducting recruitment processes and selecting a suitable candidate for employment. Within the scope resulting from Article 22(1) of the Labour Code, the legal basis is a legal obligation of the Controller (Article 6(1)(c) GDPR).
  • Collecting information on website traffic statistics. Legitimate interest of the Controller – Article 6(1)(f) GDPR.
  • Handling requests submitted by data subjects and processing personal data inquiries. Compliance with a legal obligation to review the request (Article 6(1)(c) GDPR).
  • Maintaining a register of recorded telephone conversations. The legal basis is the Controller’s legitimate interest consisting of responding, maintaining contact, and establishing, pursuing, or defending potential claims (Article 6(1)(f) GDPR); where the call concerns initiating cooperation — processing is necessary to take steps prior to entering into a contract at the request of the data subject (Article 6(1)(b) GDPR).

Personal Data Profiling

Your personal data will not be used for automated decision-making, including profiling.

 

Recipients of Personal Data
Recipients of your personal data will include:

  • Authorized personnel of the Controller.
  • Entities processing personal data on behalf of the Controller for purposes for which the data was collected (in particular IT solution providers and entities providing IT services and technical support). These entities must have access to data to perform their duties and will access personal data only to the extent necessary for task performance.
  • Public authorities and entities performing public tasks or acting on behalf of public authorities, within the scope and for purposes resulting from generally applicable laws.

Transfer of Data Outside the European Economic Area
Due to the use of Google Analytics tools, personal data may be transferred outside the European Economic Area. In connection with such transfers, the Controller ensures cooperation exclusively with providers guaranteeing a high level of personal data protection.

The Controller ensures that transfers of data outside the EEA take place with appropriate safeguards based on relevant agreements containing standard contractual clauses adopted by the European Commission. The content of such agreements is available from the Controller.

Personal Data Retention Period
The data processing period is related to the purposes and legal bases of processing; therefore:

  • Data processed based on statutory requirements will be processed for the period required by applicable law.
  • Data processed for the purpose of concluding and performing a contract will be processed for the period necessary for its performance and settlement.
  • Data processed based on the Controller’s legitimate interest will be processed until an effective objection is raised or the interest ceases.
  • Data processed based on consent will be processed until consent is withdrawn.
  • Personal data processed for recruitment purposes will be stored until completion of the recruitment process in which you participate. If additional consent is given for future recruitment processes, your data will be stored for a period of 9 months.

Obligation to Provide Personal Data
Providing personal data is voluntary; however, it is necessary to achieve the purpose you intend to accomplish, including use of the website, conclusion of a contract, or receiving a response to your inquiry.

The Controller indicates that providing personal data specified in Article 22(1) of the Labour Code is mandatory under applicable labour law. Failure to provide such data will result in the inability to participate in the recruitment process. Providing personal data beyond the scope of Article 22(1) of the Labour Code is voluntary. The Controller declares that failure to provide such additional data cannot constitute grounds for less favourable treatment of a job applicant nor result in any negative consequences, in particular refusal of employment.

Your Rights
You have the right to:

  • Request access to your personal data, rectification, erasure, restriction of processing, and the right to data portability.
  • Where processing is based on the Controller’s legitimate interest — object at any time to processing for reasons related to your particular situation.
  • Where legitimate interest consists of direct marketing activities — object at any time to processing for marketing purposes without providing justification.
  • Withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
  • Lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office.
    Requests concerning the exercise of your rights may be submitted using the contact details provided above.

Changes to the Privacy Policy
The Controller reserves the right to introduce changes to the Privacy Policy, about which Users will be informed in advance.

Role of the Data Processor
As Julianus Inkasso Sp. z o.o. also performs debt collection activities on behalf of other entities, it may act as a data processor on behalf of the Controller who entrusts personal data for the purpose of debt collection activities. In such cases, Julianus Inkasso Sp. z o.o. processes data based on a data processing agreement concluded pursuant to Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation).

Currently, Julianus Inkasso Sp. z o.o. processes personal data entrusted for debt collection purposes by the following data controllers: Nova Mispra Capital Sp. z o.o. (registration number: 0000585683, registered office: Domaniewskiej 47/10, 02-672 Warsaw, Poland), Recoverso RMC OÜ (registration number: 14189704, registered office: Toompuiestee 35, 10149 Tallinn, Estonia), as well as other entities on whose behalf debt collection activities are performed, depending on the nature of the mandate and contractual relationship with the respective entity.