PERSONAL DATA PROTECTION POLICY

This privacy statement provides information about the processing and the protection of personal data applicable to existing and potential clients as well as visitors of the Company’s website.

IDENTIFYING THE CONTROLLER OF PERSONAL DATA

Personal data of clients and visitors of our website is controlled by the company BrainCom OU., registration number: 14773651, with its registered office at Harju maakond, Tallinn, Lasnamäe linnaosa, Peterburi tee 47, 11415, Estonia. Hereafter called “the Company”.

Personal data is also processed by additional companies of the Group as per Article 26, Paragraph 1 GDPR referencing “Joint Controllers/ Administrators” of personal data. For more information and further requests please visit our Cookies policy at: https://pujcka-vsem.org/cookies-policy.php

PERSONAL DATA BEING PROCESSED

Client data related to an inquiry or contract (Identification data and contact details is definitely to be processed)

  • Identification data – name, surname, titles, date of birth, place of residence, social security number
  • Contact information – telephone number, e-mail address, correspondence address
  • Data on the subject of your request – type of loan you are interested in, preference of the lender, social security number, information on your net monthly income, amount of monthly expenses, source of income, information on whether or not you are in foreclosure, bank account number (in extent according to the given loan provider)
  • Setting up the client zone - login name, password
  • Contact records – recording of phone calls, communication via SMS and e-mails

Client data related to visiting the website (Identification data and contact details is definitely to be processed):

  • Identification data – IP address, MAC address
  • Data on client preference – movement on the website (region, time), preference of viewed products

THE REASON OF PROCESSING PERSONAL DATA

What is the reason for processing clients’ personal data and on which legal bases does the Company use for processing personal data?

The Company can process clients’ personal data ONLY in accordance with the relevant applicable Laws and Regulations. The Company being a tipster, as per relevant laws can process the following personal data information based on customers’ consent and when necessary:

  • if it is necessary for the fulfillment of the contract concluded with the customers or for the implementation of measures prior to the conclusion of this contract at clients’ request;
  • if necessary to comply with Company’s legal obligations;
  • if it is necessary for the purposes of Company’s legitimate interests (“legitimate interest”);
  • based on customers’ consent.

Therefore, customers’ consent is only required when the purpose of processing personal data is not provided by relevant Laws.

The Company processes personal data for the following purposes:

  1. Offering Products before the conclusion of the contract;
  2. Marketing and Record Keeping of necessary documentation relevant to the service/product provided for the Company to comply with relevant legal obligations;
  3. Performance of the contract;

Note: Clients’ rights regarding the process of personal data is important, thus, clients should be informed accordingly.

Does the client have to provide their personal data to the Company?

Clients always provide personal data voluntarily. In the case of refusal of providing personal data for processing purposes, it will be impossible for the Company to conclude a contract on consumer loan.

In the event that the client consents to the processing of personal data, it is entirely and at all times at customer’s discretion the provision of such personal data for the purposes predefined.

It should be noted that granting clients’ consent for the provision of personal data is not a prerequisite for mediating a consumer loan.

In any case, clients can withdraw their consent at any time free of charge. Revocation of consent does not affect the legality of processing based on consent prior to its revocation.

How does the Company access customers’ personal data?

The Company processes personal data that was submitted by the client and or have arose as part of clients’ activity on the following websites: https://pujcka-vsem.org/

THE PURPOSES OF PROCESSING CLIENTS’ PERSONAL DATA

  1. The purpose of processing personal data is to register the client upon demand, detect interest in a particular service or product appearing on the Company’s website including consumer loan, financial or non - financial information and mediating for possibly concluding a consumer loan.

As per Act No. 257/2016 Coll., on consumer loans, as amended and prior to the conclusion of a contract, the Company can process clients’ personal data. More precisely, in the case that a client has already submitted a request for a consumer loan on Company’s website, indicating there is an interest in consumer loan or any other financial or non-financial product, the Company has the right to:

  1.  Forward client’s data to the credit provider or intermediary, financial or non-financial services provider and
  2.  store all related communications regarding the mediation of the given consumer loan.
  1. Another purpose of processing clients’ personal data is for marketing. In the event that clients have given the Company their consent to use their personal data for marketing purposes, they might use that to communicate offers and other financial services or products of the Company’s partners via email, SMS or phone calls. The Company is legally entitled to communicate with clients, regardless of giving their consent or not, regarding any consumer offering loans as part of their legitimate interest and the Terms already agreed.
  1. Processing of personal data is performed for Marketing purposes on the basis of Cookies. The Company on the basis of legitimate interest and in agreement with the clients, are eligible to process data related to the visit of the client to Company’s websites , check and monitor what the client searched for in the website which appeared to be interesting for further improvement. Advertising banners will be displayed on the parts of the website that the client spends during their visit to the Company’s website.

Further information regarding cookies’ policy and how the Company uses this information can be found in the relevant document on the Company’s website at “Company’s Cookies Policy”.

  1.  Adding on to the purposes of processing personal data, the Company, as part of its legitimate interest, uses clients’ personal data to generate and develop analysis models and methods on aggregated data to easily identify clients’ needs and market trends to improve Company’s products and services.
  1. The Company, to remain compliant with its legal obligations based on Act No. 563/1991 Coll., (on accounting, as amended) and Act No. 586/1992 Coll., (on income taxes, as amended) and as part of its legitimate interests, processes clients personal data for accounting and taxation purposes justifying invoices issued to different partners.
  1.  Further to the above, the Company’s legitimate interests allow clients' personal data to be processed to monitor quality of the service provided, complaints received, identify disputes, and meet overall customer requests to ensure that standards of customer satisfaction are met. In this effort, the Company aims to provide high quality customer service at all times by monitoring calls, handling complaints and considering customer suggestions.
  1. In accordance with Act No. 257/2016 Coll.,(consumer credit, as amended), Act No. 110/2019 Coll.,( on the processing of personal data, as amended), Act No. 229/2002 Coll., (on the financial arbitrator, as amended), Act No. 143/2001 Coll.,( protection of economic competition, as amended) and, Act No. 64/1986 Coll.,( Czech Trade Inspection, as amended), the Company is required to process clients’ personal data to fulfill the obligations set as per the acts mentioned above and cooperate with supervisory authorities as required.

The Company’s activities are supervised by local authorities such as the Czech Trade Inspection or the Office for the Protection of Economic Competition, the Office for the Protection of Personal Data and the Czech National Bank and the Company might be required to transfer clients personal data to such authorities for their sole utilization.

  1. The Company for GDPR purposes, in accordance with Act No. 110/2019 Coll. on Personal Data Processing, which implements the General Data Protection Regulation (Regulation (EU) 2016/679) and in order to fulfill its legal obligations, has appointed a personal data protection officer. The personal data protection officer will be responsible to process any requests related to the exercise of clients rights regarding the process of personal data and also monitor the Company’s compliance with applicable legislation and access rights authorized internally by the Company.
  1.  Last, the Company, as part of its legitimate interest, has the right to process clients’ personal data to ensure the Company functions properly by complying with Internal Policies and procedures. Therefore, clients personal data is processed for mail processing and document circulation enabling the Company to compare information inside and outside the organization.

FOR HOW LONG IS THE COMPANY ALLOWED TO PROCESS CLIENTS PERSONAL DATA?

Process of clients personal data is allowed only for the duration of the contract, and then for the period for which the Company is obliged to keep clients personal data in accordance with the relevant laws and regulations and then for a predefined period necessary in case of court or administrative proceedings when the Company is requested to present documented evidence.

Clients’ personal data for which clients consent was given is processed for the period for which the clients’ consent was given or until the consent is withdrawn.

The Company processes clients’ personal data that is absolutely necessary for the given purpose and always according to the legal framework of data minimization. Immediately and upon expiration of the given period clients’ personal data is deleted.

DOES THE COMPANY PROCESS CLIENTS’ PERSONAL DATA ABROAD?

As per Act No. 110/2019 Coll. on Personal Data Processing, which implements the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and became applicable, on 24 April 2019, the Company has the right to transfer clients’ personal data within the European Economic Area under regime of free movement of personal data.

For some of our suppliers located in third countries and might be transferring clients’ personal data, the procedures applied are always compliant with all legislative requirements.

DOES THE COMPANY SHARES CLIENTS’ PERSONAL DATA?

In general terms, personal data which is made available by the clients is received by the entity that receives it. In some cases, the recipient might be another personal data manager or processor clarifying the purpose of processing this type of personal data. Clients’ personal data is shared with financial product providers acting as independent personal data administrators) for which clients showed interest. BrainCom OU, by principle, does not share clients’ personal data with other personal data administrators without clients’ given consent or such transfer is part of the Company’s legitimate interest or the Company is authorized by law to do so.

Clients’ consent is not required by law for the sharing of clients’ personal data with personal data processors. The Company, as part of its legitimate interest performs proper screening to the entities that become personal data processors of our clients’ personal data managed by BrainCom OU. BrainCom OU takes the necessary legal actions to ensure that personal data processors comply with the required technical security measures by concluding a written contract with the entities that become personal data processors. Entities that become personal data processors are entitled to process clients’ personal data managed by BrainCom OU only to fulfill their tasks and for the agreed period of time.

List of Providers of financial products:

  1. non-bank lenders
  2. loan brokers
  3. Banks
  4. Insurance Companies

 When a client completes a financial product request, their immediate consent and understanding is given for the following actions:

  • Financial product providers listed above have the right to consult and the proceed as per:
  1. the SOLUS register;
  2. the Non-bank register (client information);
  3. the Bank register (client information);
  4. the Central record of executions Enforcement Chamber of the Czech Republic);
  5. the database of the Ministry of the Interior of the Czech Republic (verification of the validation of personal documents);
  6. The insolvency register established by the Ministry of Justice of the Czech Republic, the real estate cadastre, or an internal system, even without clients’ consent, to assess creditworthiness in accordance with Act No. 257/2016 Coll., on consumer credit, as amended;
  7. Financial product providers have the right to assess on preliminary basis if the clients opt for a financial service and decide upon the continuation of negotiations on financial product requested;
  8. Profilirization during the assessment as described above including including initial screening for the prevention and identification of fraudulent incidents;
  9. Fill in advance with clients’ personal data their customized electronic form required to apply for a financial product;
  10. For the settlement of the reward, the Company might be sharing information and updates on the status of the application regarding the provision of the relevant financial product considering data already communicated and the amount of funds finally approved.

Service Providers

  • Marketing entities,
  • Audit entities,
  • Accounting entities,
  • Entities dealing with education and HR
  • Legal service providers
  • IT Service Providers
  • Internet marketing companies,
  • Entities engaged in sales, service and development of marketing systems,
  • Entities engaged in developing and implementing business models,
  • Web and mobile application development entities,
  • Online communication service providers,
  • Call center service providers.

The Company will share the data filled by the client in the request for the financial product interested to the Financial product provider (hereinafter referred to as “Provider”). The Provider’s procedure is to preliminary assess whether the client meets the necessary criteria to be offered a contract for the provision of the financial product for which the client is interested. For this purpose, the Provider may use the provided data to view the relevant registers and databases as listed above. The Provider right after being provided data by BrainCom OU and the preliminary assessment has the right to communicate the client by phone details regarding the continuation of the application. In cases where the client disagrees with the result of the assessment of the application, the client has the right to communicate their opposition or request “human review”.

For the settlement of the reward, the Company might be sharing information and updates on the status of the application regarding the provision of the relevant financial product considering data already communicated and the amount of funds finally approved.

RIGHTS OF THE COMPANY PROCESSING CLIENTS PERSONAL DATA

The Company will process within 30 days after the acceptance of submissions any requests, inquiries, exercise of rights or other submissions without unnecessary delays. Considering the volume and complexity of applications, the period of process might be extended up to two months, and such an extension will be communicated within one month after the Company accepted the client's request.

During the assessment of the application additional documentation/information might be required for the allocation of the request to the most appropriate entity. Additionally, the Company has the right to justify cases, control and verify the identity of the applicant as part of the exercise of its rights without any extra charges.

The Company is entitled to charge an extra fee for applications that appear to be repeatedly unjustified and unreasonable for the administrative costs the Company might suffer for the assessment of the application, communication performed or refusal of the client to comply with the request.

The client has the right to exercise their right in regards to the following:

1) Access to personal data - The Company in case a client exercises their right to access personal data has to:

  1. Provide a confirmation as to whether or not the clients’ personal data is processed;
  2. Provide specific overview of the personal data being processed including further details such as the purpose of processing, the different types of personal data and the categories of recipients of personal data as well as the period of processing (as already described in this document).

2) Correction of personal data

The client has the right to ask for the correction of the personal data processed by the Company.

3) Deletion of personal data - The client has the right to request the deletion of personal data that is processed by the Company if they believe this is done without their permission. It should be noted that in some instances (i.e. on the basis of complying with relevant regulations or where personal data is required for the fulfillment of the contract) the Company might not be able to delete personal data.

4) Restrictions on the processing of personal data - If the client wishes to exercise the right of restriction of processing personal data, this specific data will be temporarily restricted but NOT DELETED. Limitation of processing of personal data is granted in the following cases:

  1. The client declares their personal data is inaccurate - processing of personal data will be restricted until decision in regards to the accuracy of the data is finalized;
  2. The company process clients personal data in the absence of an applicable legal framework but instead of deletion the clients requests for a restriction;
  3. Clients’ personal data is no longer needed by the company for processing purposes but the client would require them for legal claims
  4. The client raised an objection and the Company is obliged to restrict the processing of personal data during the period required to determine the validity of that objection;

5) Right of objection to the processing of personal data

The client can raise their objection for the processing of personal data if such processing is part of the Company’s legitimate interest exclusively covering the client's current conditions/situation. The client should describe in full current condition/situation for which they exercise their right of objection. The company after receiving the objection has to assess the application request and in case there is no existence of legitimate rationale for processing of such data, or that clients’ interests or rights or freedoms are not violated, or that data is not needed for legal claim actions, then the Company will terminate the processing of client’s personal data for the specific purpose. 

In the case that exercise of objection concerns the Company’s legitimate interest i.e for marketing purposes, the client is not required to justify the objection.  The Company is obliged to accept this kind of objections with no further assessment.

6) The right to data portability

Transfer of data can only be performed only when the processing of personal data was authorized by the client or in the event that the processing of specific personal data is necessary for the successful performance of a contractual agreement. The company under this instance is obliged to provide the client in readable format the personal data being processed after granting the required authorization.

As per Company’s policies and procedures, the client must communicate directly to the Company their request of transfer of personal data since instructions communicated by other administrators are not allowed

7) Revocation of consent

The client has the right to revoke their consent of processing their personal data at any time considering that the processing of personal data is based on clients’ consent. Processing of personal data on consent is considered to be legal for the period prior to its revocation.

8) Filing complaint to the Supervisory local authority

The Supervisory authority for the processing of personal data is the Office for the Protection of Personal Data, based in Plk. Sochora 727/27, 170 00 Prague 7 - Holešovice. For more information clients can visit the website of the Office for the Protection of Personal Data at www.uoou.cz.

If the client wishes to exercise any of the customer rights listed above needs to contact the Company either in writing or by email.

In Writing at:

BrainCom OU

Full address: Harju maakond, Tallinn, Lasnamäe linnaosa, Peterburi tee 47, 11415, Estonia

By email: 5319539@gmail.com 

 

COMMISSIONER FOR THE PROTECTION OF PERSONAL DATA

The Company has appointed a personal data protection officer that the clients can contact for requests or recommendations related particularly to the Company’s Personal data processing Policy and the exercise of any rights.

NAME: Serhii Mozgovyi

ADDRESS: Harju maakond, Tallinn, Lasnamäe linnaosa, Peterburi tee 47, 11415, Estonia

EMAIL: 5319539@gmail.com