INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA
On 25 May 2018 becomes applicable the EU regulation concerning the protection of personal data: Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/WE (hereinafter referred to as the “GDPR Regulation”).
The national provisions concerning the protection of personal will also change. In particular, the existing law from 29 August 1997 on the protection of personal data will be repealed. The act that will apply is the act on the protection of personal data from 10 May 2018 (together referred to as the “GDPR Provisions”).
In relations to the execution of the GDPR Provisions, Inter Best 97 Polska Sp. Z o.o. Sp.k. with its headquarters in Warsaw, on ulica Poleczki 35 (hereinafter referred to as Europcar) informs about the rules for the processing of your data and vested rights related to it.
From 25 May 2018 the following rules become in force:
I. INDICATION OF PERSONAL DATA CONTROLLER
The controller of personal data is Europcar (hereinafter referred to as the “Controller of PD”). the contact with the Controller of PD is possible via e-mail address: email@example.com or by regular post to the address: Inter Best 97 Polska Sp. z o.o. Sp. k. 02-822 Warszawa, ul. Poleczki 35 with a note: „Personal data”.
II. EXTENT AND PURPOSE OF PROCESSING PERSONAL DATA
1. Europcar processes your personal data:
a) for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract [article 6 paragraph 1(b) of the GDPR Regulation],
b) to enable the Controller to satisfy a legal obligation [article 6 paragraph 1(c) of the GDPR Regulation],
c) because of the legitimate interest [article 6 paragraph 1(f) of the GDPR Regulation], for:
2. In addition, Europcar may, on the basis of separate consent [article 6 paragraph 1(a) of the GDPR Regulation] proces data for the purpose of:
a) identification of the interests and preferences of customers or development of services offered, based on automated processing of the Controller of PD. Basing on a customer profile the Controller of PD may
b) marketing of Europcar own products and services or of similar products and services offered by Europcar’s partners,
c) indirect marketing of products and services offered by entities collaborating with Europcar, whereby customer’s personal data will not be shared with third parties;
3. Marketing referred to above in sections b) and c) may be carried out by Europcar through electronic means of communication, namely text messages, MMS, mobile application, telephone communication.
III. PERIOD OF DATA PROCESSING
Your personal data will be processes within the period necessary to achieve the objectives specified in section II, including:
a) for the duration of the contract and, after its expiry, for the period necessary to:
b) personal data processed for marketing of Europcar’s own products and services based on the legitimate interest, will be processed until there are objections being raised by the data subject;
c) personal data processed based on separate consent will be stored until the consent is renounced.
IV. DATA SUBJECT’S RIGHTS
The following rights are guaranteed to you under the GDPR Provisions:
a) the right to access personal data being processed, i.e. the right to obtain confirmation from the Controller of PD if your personal data are being processed and to what extent;
b) the right to rectify data if there is a reasonable suspicion that the data being processed is incorrect or incomplete;
c) the right to limit data processing, including:
d) the right to delete personal data if:
e) the right to transfer data via the Controller to another controller, provided that the processing takes place on the basis of an agreement concluded with the data subject or on the basis of the consent expressed by such person;
f) the right to lodge a complaint to a competent supervisory body if the data processed by Europcar are violating the GDPR Provisions
g) the right to obtain intervention of the Controller of PD, to express your own position and challenge decisions based on automated data processing.
The rights specified above in sections a) – g) may be executed by contacting the Controller of PD (address given at the beginning, with a note “Personal data protection”) through any appropriate form.
V. INFORMATION ABOUT DATA RECIPIENTS
In connection with the processing of personal data for the purposes set out in point II, your personal data may be made available to the following recipients or categories of recipients:
a) entities involved in the processes necessary to execute contracts with you,
b) entities supporting Europcar in its business activities, including entities that process personal data for Europcar (so-called Europcar processors) participating in the performance of our activities, comprising: agents, advertising agencies, sponsors and other entities involved in the sale of our services or organization of marketing campaigns;
c) entities related to Europcar under the Europcar capital group, in the implementation of reporting obligations;
d) entities that carry out telecommunications services;
e) entities that carry out debt collection service and entities purchasing amounts due - if you do not pay our bills or invoices on time;
f) entities providing banking services, in order to refund your item or to provide a payment order;,
g) entities providing mail and express services;
h) entities providing transport services;
i) entities printing correspondence and serving correspondence from customers;
j) Economic Information Bureau and Credit Information Bureau (BIK) in order to receive information about your debts, which are available in these offices;
k) the Polish Bankers’ Association to verify that the identity document produced by you have not been reported to the Cancelled Documents System;
l) archiving bodies;
m) entities involved in customer surveys;
n) entities providing technical services to Europcar, including: development and maintenance of IT systems and websites as well as providing teleinformation tools for Europcar;
o) entities providing advisory, consultancy services, accounting, auditing, financial and legal assistance services to Europcar.
p) Law enforcement authorities in case of suspicion of a crime in connection with the contract concluded with Europcar.