This document sets out the Privacy Policy of the https://pl.finbee.com/en/ website (hereinafter: the “Portal”).
Words used with a capital letter have the meaning given to them in the Terms and Conditions of this Portal.
Personal data collected by the Portal Administrator is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1), hereinafter referred to as: RODO.
The use of the Services available on the Portal is addressed to persons and entities with full legal capacity. The Administrator does not process the data of minors.
Personal data controller
The administrator of your personal data is the company under the name of Finbee Poland Sp. z o.o. with its seat in Warsaw (00-819) at Złota street no. 75A flat 7, entered into the register of entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw XIII, Economic Division of the National Court Register under the KRS number 0001092305, NIP: 5273102601, REGON: 528001539, with the share capital of PLN 5,000.00 (hereinafter referred to as “Administrator” or “Finbee”).
The Controller can be contacted on all matters concerning the processing of personal data:
- by e-mail to: [email protected];
- by post to the following address: Złota street no. 75A flat 7, 00-819 Warsaw;
Aims and legal bases for processing personal data
- The data controller processes your personal data for the following purposes and scope: to enable the use of the Portal and the services provided by the Administrator (based on Article 6(1)(b) of the GDPR);
- to process an application for a Loan Agreement or to take steps in connection with the conclusion of that agreement and, if an agreement is concluded, also in connection with its execution or termination and the performance of other activities in connection with the agreement (on the basis of Article 6(1)(b) of the GDPR);
- for the purpose of assessing creditworthiness and credit risk, including using profiling (based on Article 6(1)(f) of the GDPR)
- for the purpose of making a credit assessment, assessing credit risk and enabling verification of the correct implementation of the assessment, including for the purpose of obtaining information from third parties on the history of monetary obligations (on the basis of Article 6(1)(a) of the GDPR),
- protection against claims, debt recovery, litigation, arbitration and mediation (based on Article 6(1)(f) of the GDPR);
- direct marketing of products or services, including profiling, by means of electronic and telephonic communications (based on Article 6(1)(a) of the GDPR);
- to improve the Portal and create Portal statistics, including through the use of cookies (based on Article 6(1)(a) of the GDPR);
- for the purpose of establishing, investigating, enforcing and defending against claims in court proceedings and before enforcement or other authorities called upon to do so in accordance with generally applicable law (on the basis of Article 6(1)(f) of the GDPR);
- For the purpose of dealing with complaints and requests and responding to questions from Users (based on Article 6(1)(f) of the GDPR);
- Your data may also be processed (insofar as this is related to the Administrator’s activities and insofar as the collateral purposes are linked to the above-mentioned purposes) for the following collateral purposes (on the basis of Article 6(1)(f) GDPR):
− data archiving,
− ensure the smooth functioning of the Portal,
− producing internal reports and analyses,
− conducting internal audits,
− the creation of viewing statistics for the Portal
− to adapt the Portal to the needs of Users,
− creation of a user profile based on previous history,
− conducting statistical surveys,
− business, economic or legal advice that is provided to the Data Controller.
Type of data
The controller processes the following categories of relevant personal data:
- contact details (in particular: address, telephone, e-mail);
- identification data (in particular: first name, surname, PESEL number, identity card number);
- data on the obligation (in particular: purpose and source of the obligation, amount and currency, status of the debt, period and terms of repayment of the obligation, course of the obligation, data on the legal security of the obligation);
- data obtained from credit and economic information bureaus and cooperating entities
- data relating to activity on the Portal (cookies);
Data source
Personal data is collected directly from you as part of the completion of the forms available on the Portal or from third parties to whom you have given your consent to transmit it to the Administrator.
In addition, personal data may be obtained from publicly available sources such as the National Court Register, the Central Register of Beneficiaries, the Central Register and Information on Business Activity, etc.
Voluntary provision of personal data
The provision of personal data is voluntary. However, failure to provide personal data may result in inability to use the Administrator’s Services.
Processing time
We will retain your personal data for the duration of the provision of the Services and, upon termination of the Services or the contractual relationship between the parties, for the period necessary to safeguard the legal interests of the Data Controller or where required by law.
As a general rule, the Controller shall keep your personal data for no longer than is necessary, taking into account the purposes of data collection, i.e. the fulfilment of contractual obligations towards the users of the Portal or the exercise of the Controller’s legitimate interests, or as required by the statutory retention period.
Your personal data will be processed for the period necessary to fulfil the purposes indicated in this clause, in particular:
a) to enable the use of all Portal Services for the duration of the Usage Agreement, thereafter for the period and to the extent required by law or for the protection of possible claims;
b) in the case of the conclusion of a Loan Agreement with the Administrator, for the duration of the agreement and thereafter for the period and to the extent required by law or for the protection of possible claims;
c) for marketing purposes – until you revoke your consent to the processing of your personal data;
d) for the purpose of dealing with complaints and reported claims – until the statute of limitations for potential claims has expired;
e) for the purposes of legal proceedings – data may be processed up to 6 years from the date of the final decision terminating the proceedings, subject to the interruption of the limitation period;
f) for the purpose of compilation of statementś, analyses and statistics – for the duration of the contract and thereafter for no longer thaṅ the period after which claims arising from the contract become time-barred.
Recipients of personal data
The Administrator may transfer personal data to entities that process such data on its behalf, e.g. IT service providers, law firms, entities providing accounting, HR and payroll services, companies providing archiving and tax services and companies in the Administrator’s group.
Your personal data may be shared with entities entitled to receive them on the basis of your consent for the purposes of creditworthiness assessment and credit risk analysis, i.e.:
a) Biuro Informacji Kredytowej S.A., ul. Zygmunta Modzelewskiego 77A, 02-679 Warszawa;
b) Krajowy Rejestr Długów Biuro Informacji Gospodarczej S.A., ul. Danuty Siedzikówny 12, 51-214 Wrocław;
c) Biuro Informacji Gospodarczej InfoMonitor S.A., ul. Zygmunta Modzelewskiego 77A, 02-679 Warszawa;
d) Kontomatik sp. z o.o., ul. Prosta 51, 00-838 Warszawa.
Data may also be transmitted to the relevant authorities and bodies to the extent and in the situations stipulated by law, e.g.: President of the Personal Data Protection Authority, public prosecutor’s office, police.
Your personal data may be transferred outside the European Economic Area as part of the Administrator’s use of, for example, IT solutions and systems providers, which may store your personal data on servers located outside this area.
Such transfer may be based on a decision of the European Commission finding an adequate level of protection or the application of appropriate legal safeguards, which are in particular standard contractual clauses for the protection of personal data approved by the European Commission. Personal data may be transferred to a third country on the basis of one of the grounds listed in Article 49(1) of the GDPR.
Rights of the data subject
The data subject has the right to request: rectification, erasure, portability or restriction of the processing of personal data and to object to such processing, including profiling and access to the data.
The data subject has the right to lodge a complaint with the supervisory authority dealing with the protection of personal data, namely the President of the Office for Personal Data Protection with its seat in Warsaw, Stawki street no. 2, 00-193 Warsaw.
To the extent that the Administrator’s processing of your personal data is based on your consent, you have the right to withdraw it at any time. However, the withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal. It also does not affect the possibility of processing personal data to the extent necessary to comply with an obligation arising from a legal provision or to establish, assert or defend claims vested in the Administrator.
Automatic decision-making
Your data will be processed by automated means, including profiling.
In order to carry out statistical and marketing activities, we profile your data so that we can best tailor marketing communications to your needs, including tailoring specific product and service offers. We assess your preferences on the basis of data collected automatically (recorded and stored) via cookies and resulting from your activity on the Portal. We also profile your data in order to assess your creditworthiness and credit risk.
Cookies
General information
When browsing the Portal’s websites, “cookies” are used, i.e. small text files which are stored on your terminal equipment in connection with the use of the Portal. Their use is aimed at the correct functioning of the websites.
These cookies allow us to identify the software you are using and to customise the Portal.
The cookies we use are safe for your devices.
Types of cookies
We use two types of cookies:
- Session cookies: are stored on the device and remain there until the session of the respective browser ends. The stored information is then permanently deleted from the device’s memory. The mechanism of session cookies does not allow any confidential information to be retrieved from the device.
- Persistent cookies: these are stored on the device and remain there until deleted. The end of the session of the browser concerned or the switching off of the device does not delete them from the device. The mechanism of permanent cookies does not allow any confidential information to be retrieved from the device.
Objectives
We use cookies (including third parties) for the following purposes:
- To ensure that the Portal functions correctly (necessary cookies);
- creation of statistics – helping to understand how Users use the Website, which allows to improve its structure and content through analytical tools, e.g. Google Analytics (analytical cookies)
- determine the profile of the user and then display tailored content in advertising networks, using
the online advertising tool mp. Google Adwords (marketing cookies);
Cookies used:
| Name of cookie | Purpose and content | Retention period of the cookie |
| Essential | ||
| cookieyes-consent | CookieYes sets this cookie to remember users’ consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors. | 1 year |
| XSRF-TOKEN | Wix set this cookie for security purposes | 6 hours |
| Analytical | ||
| _gcl_au | Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services. | 3 months |
| _ga | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. | 1 year 1 month 4 days |
| _gid | Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website’s performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously. | 1 day |
| _ga_* | Google Analytics sets this cookie to store and count page views. | 1 year 1 month 4 days |
| ln_or | Linkedin sets this cookie to registers statistical data on users’ behaviour on the website for internal analytics. | 1 day |
| _hjSessionUser_* | Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. | 1 year
|
| _hjFirstSeen | Hotjar sets this cookie to identify a new user’s first session. It stores the true/false value, indicating whether it was the first time Hotjar saw this user. | 30 minutes |
| _hjSession_* | Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. | 30 minutes |
| AnalyticsSyncHistory | Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie. | 1 month |
| _fbp | Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website. | 3 months |
| _hjTLDTest | To determine the most generic cookie path that has to be used instead of the page hostname, Hotjar sets the _hjTLDTest cookie to store different URL substring alternatives until it fails. | session |
| _gat | Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites. | 1 minute
|
| Marketing | ||
| _rdt_uuid | Reddit sets this cookie to build a profile of your interests and show you relevant ads. | 3 months |
| li_sugr | LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant. | 3 months |
| bcookie | LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs. | 1 year |
| test_cookie | doubleclick.net sets this cookie to determine if the user’s browser supports cookies. | 15 minutes |
| bscookie | LinkedIn sets this cookie to store performed actions on the website. | 1 year |
Links to other sites
If the Portal contains links to other websites. We cannot be held responsible for the privacy practices of those sites. We urge you, when you go to other sites, to read the privacy policy established there. This privacy policy only applies to the Portal.
Changes to cookies on your own
It is the Administrator’s intention to make our use of cookies and other technologies as transparent as possible for Portal Users. We want to provide you with the best possible product – in this case the Portal. We are able to do this thanks to cookies (including those of external companies), as described above.
Some browsers allow you to choose how your browser responds to requests from third parties to send a cookie to your device. To restrict your browser from sending cookies, please refer to the following pages for information on how to avoid cookies being placed: Firefox; Internet Explorer; Google Chrome; Bing; and Safari.
The Administrator reserves the right to amend all or part of this Policy. Any changes to the Policy will be implemented with immediate effect, after the amended Policy is posted on the Portal.