Privacy Notice on Data management in connection with the activities of PastPay Europe sp. z o.o. and Péntech Solutions Kft.
The PastPay Europe sp. z o.o. (KRS no.: 0000886016, NIP: 5472223365, REGON: 388248699) and the Péntech Solutions Kft. (seat: 1125 Budapest, Istenhegyi út 48./B, company registration number: 01-09-338535) (hereinafter together referred to as “the Data manager” or the “Companies” or separately the “Company”).
Name of the Data manager:
PastPay Europe sp. z o.o.
Péntech Solutions Kft.
Seat:
ul. LEGIONÓW 33/343-300 BIELSKO-BIAŁAŚLĄSKIE
1125 Budapest, Istenhegyi út 48./B
E-mail address:
info@pastpay.com
info@pentech.hu
Name of the contact person designated by the Data manager for matters relating to Data management:
Bálint Tamás Réti
dr. Réti Tamás Bálint
E-mail address:
info@pastpay.com
info@pentech.hu
Data processor:
the natural or legal person, public authority, agency or any other body which processes Personal data on behalf of the Data manager;
Data management:
any operation or set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Data manager:
the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the management of Personal data; where the purposes and means of the management are determined by Union or Member State law, the Data manager or the specific criteria for the designation of the Data manager may also be determined by Union or Member State law
Data subject:
an identified or identifiable natural person
GDPR:
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Website:
www.pastpay.io, and www.pastpay.com
Infotv.:
Hungarian Act CXII of 2011 on informational self-determination and freedom of information
Pmt.:
Hungarian Act on the Prevention and Combating of Money Laundering and Terrorism Financing
Personal data:
Any information relating to a data subject which makes it possible to identify that natural person, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or one or more factors to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Our Company may receive Personal data from the following sources:
The Data manager shall inform the Data subject that the Data management is carried out in accordance with the provisions of the applicable legislation, in particular the GDPR, the Personal Data Protection Act of 10 May 2018 and the Infotv.
Joint data management by Péntech Solutions Kft. and PastPay Europesp. z o.o.
THE SCOPE OF THE DATA managed:
Details of the legal person’s representative or contact of our client (in particular: name, e-mail address, telephone number, job title)
PURPOSE OF DATA MANAGEMENT:
Contacting and maintaining contacts for business purposes
LEGAL BASIS OF DATA MANAGEMENT:
Our legitimate interest in the performance of a contract with a legal person client or partner or in maintaining a business relationship
RETENTION PERIOD:
Until the end of the business relationship with the legal person or, if earlier, until the termination of the Data subject’s legal relationship with the legal person, if the Data manager becomes aware of this.
-
THE SCOPE OF THE DATA managed:
In the case of our self-employed clients, the details of the Data subject (in particular name, e-mail address)
PURPOSE OF DATA MANAGEMENT:
Contacting and maintaining contacts for contracting and performance purposes
LEGAL BASIS OF DATA MANAGEMENT:
Preparation and performance of the contract with the Data subject
RETENTION PERIOD:
Until the end of the business relationship with the Data subject
-
THE SCOPE OF THE DATA managed:
Contact details of our client’s debtor (in particular: name, e-mail address, telephone number, job title)
PURPOSE OF DATA MANAGEMENT:
Factoring a claim based on a relationship between our client and the debtor of our client
LEGAL BASIS OF DATA MANAGEMENT:
Our legitimate interest in the performance of a contract with our customer.
RETENTION PERIOD:
Until the end of the business relationship with our client or, if earlier, until the termination of the legal relationship of the Data subject with our client’s debtor, if the Data manager becomes aware of this
-
THE SCOPE OF THE DATA managed:
Data collected by cookies on the Website
PURPOSE OF DATA MANAGEMENT:
Please read our Cookie information, available on the Website.
-
THE SCOPE OF THE DATA managed:
Personal data necessary to process and respond to complaints, requests and questions
PURPOSE OF DATA MANAGEMENT:
The procedure that meets your request or complaint
LEGAL BASIS OF DATA MANAGEMENT:
In case of a complaint about Data management, to comply with a legal obligation under the GDPR, otherwise our legitimate interest in handling the complaint
RETENTION PERIOD:
Until the complaint handling process is completed
-
THE SCOPE OF THE DATA managed:
Content of video calls, if they are recorded
PURPOSE OF DATA MANAGEMENT:
The recallability of the content of the meeting, its use in case of possible legal claims
LEGAL BASIS OF DATA MANAGEMENT:
Our legitimate interest in the recallability of the content of the meeting
RETENTION PERIOD:
5 years from the termination of the contract (civil law limitation period)
-
THE SCOPE OF THE DATA managed:
Personal data required for economic profiling for our self-employed clients
PURPOSE OF DATA MANAGEMENT:
Assessing the financial reliability and capacity of our existing and prospective clients, the debtors of our existing and prospective clients, the clients of our contracted partners and the debtors of these entities
LEGAL BASIS OF DATA MANAGEMENT:
Preparation and performance of the contract with the Data subject
RETENTION PERIOD:
Until the contract is concluded
-
THE SCOPE OF THE DATA managed:
Details of our legal person client’s representative, contact person (in particular: name, e-mail address, telephone number, job title)
In the case of our self-employed clients, the details of the Data subject (in particular name, e-mail address)
PURPOSE OF DATA MANAGEMENT:
To contact and engage with you for business purposes through our website or other channels
LEGAL BASIS OF DATA MANAGEMENT:
Our legitimate interest in answering your questions or requests
RETENTION PERIOD:
Until the question or request is answered
-
THE SCOPE OF THE DATA managed:
E-mail address; business entity or self-employed status represented
PURPOSE OF DATA MANAGEMENT:
Subscribe to a marketing newsletter
LEGAL BASIS OF DATA MANAGEMENT:
Explicit consent of the Data subject
RETENTION PERIOD:
Until consent is withdrawn
-
THE SCOPE OF THE DATA managed:
Personal data required to participate in the professional event
PURPOSE OF DATA MANAGEMENT:
Contacts related to the event
LEGAL BASIS OF DATA MANAGEMENT:
For self-employed participants, the fulfilment of the contract for the event, for participants representing a legal person, our legitimate interest in the conduct of the event
RETENTION PERIOD:
Until the end of the event
-
THE SCOPE OF THE DATA managed:
Personal data required to participate in the prize draws
PURPOSE OF DATA MANAGEMENT:
Organisation of the prize draw and related contacts with participants
LEGAL BASIS OF DATA MANAGEMENT:
For sole proprietor participants, the performance of the contract for participation in the prize draw, for participants representing a legal person, our legitimate interest in the running of the prize draw
RETENTION PERIOD:
Until the prize draw closes
-
THE SCOPE OF THE DATA managed:
All Personal data mentioned in rows 1-11
PURPOSE OF DATA MANAGEMENT:
Enforcing legal claims
LEGAL BASIS OF DATA MANAGEMENT:
Our legitimate interest in enforcing a claim
RETENTION PERIOD:
5 years from the termination of the contract (civil limitation period)
-
In connection with the above Data management, we draw your attention to the fact that the provision of the Data subject’s data that are managed on the basis of a legal obligation or legitimate interest in the preparation or performance of a contract or business relationship with a Company is mandatory for the conclusion of a factoring framework contract or for certain obligations arising from the legal relationship. Without providing the necessary data, the Companies are unable to fulfil their obligations in connection with factoring or as required by law, and in some cases failure to provide the data may result in our inability to accept or fulfil an order for services.
With regard to data managed on the basis of legitimate interest, please note that you have the right to object to the Data management.
Joint Data manager:
The Companies are considered to be joint managers of each other in relation to the Data management referred to in Chapter 4, lines 1-12 of this Notice.
Data processor:
Name/category of Data processor:
Accountant
Category of Personal data transferred to the Data processor:
Personal data for accounting purposes
Activity involving a Data processor:
Accounting services
-
Name/category of Data processor:
PastPay Europesp. z o.o. in relation to its independent data management, the Péntech Solutions Kft.
Category of Personal data transferred to the Data processor:
Personal data listed in Chapter 4, line 13
Activity involving a Data processor:
Customer identification / customer due diligence
-
Name/category of Data processor:
Service providers providing the IT operations of the Companies (in particular server and domain service providers, mobile phone operating system service providers), customer management service providers, so-called CRM system service providers
Category of Personal data transferred to the Data processor:
Personal data stored on IT servers
Activity involving a Data processor:
IT infrastructure in the office.
-
The Data manager shall inform the Data subject that no Personal data will be transferred to a country or international organisation outside the European Economic Area.
No special Personal data will be managed in the course of the Data management.
The Data subject may request the Data manager to access, rectify or erase Personal data relating to them, in certain cases to restrict the management of the data and to object to the management of Personal data. The Data subject shall also have the right to data portability and the right to submit a complaint to the supervisory authority and to a judicial remedy.
In the case of management based on consent, the Data subject also has the right to withdraw consent at any time, without prejudice to the lawfulness of the management carried out on the basis of consent prior to the withdrawal.
At any time, the Data subject has the right to request information on whether and how their Personal data are managed by the Data manager, including the purposes of the management, the recipients to whom their data have been disclosed or the source from which the data were obtained by the Data manager, the retention period, any rights they have in relation to the management, as well as information on automated decision-making, profiling and, in the case of transfers to third countries or international organisations, information on the guarantees relating thereto. In exercising the right to access, the Data subject shall also have the right to request a copy of the data and, in the event of an electronic request, the Data manager shall provide the requested information electronically, unless the Data subject requests otherwise. Where the Data subject’s right to access negatively affects the rights and freedoms of others, in particular the trade secrets or intellectual property of others, the Data manager shall be entitled to refuse to comply with the Data subject’s request to the extent necessary and proportionate.
The Data manager shall correct or complete Personal data relating to the Data subject at the Data subject’s request. Where the Personal data concerned by this right has been communicated by the Data manager to another party (i.e. an addressee such as a Data processor), the Data manager shall inform such parties without undue delay after the correction of the data, provided that this is not impossible or involves a disproportionate effort on the part of the Data manager. The Data subject shall be informed of these recipients by the Data manager upon request.
If the Data subject requests the erasure of any or all of their Personal data, the Data manager shall erase the Personal data without undue delay if:
Where the Personal data concerned by this right have been communicated by the Data manager to another party (i.e. an addressee such as a Data processor), the Data manager shall inform such parties without undue delay after erasure, provided that this is not impossible or involves a disproportionate effort on the part of the Data manager. The Data subject shall be informed by the manager of these recipients upon request. The Data manager is not always obliged to erase Personal data, in particular where, for example, the processing is necessary for the establishment, exercise or defence of legal claims.
The Data subject may request the limitation of the Data managemnt of their Personal data in the following cases:
Limitation of Data management means that the Data manager does not manage the Personal data subject to the limitation, except for storage, or only to the extent to which the Data subject has consented, or, in the absence of such consent, the Data manager may manage the data necessary for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State of the European Union. The Data manager shall inform the Data subject in advance of the un-limiting of the Data management. Where the Personal data covered by this right have been disclosed by the Data manager to another party (i.e. an addressee such as a Data processor), the Data manager shall inform such parties of the limitation of Data management, provided that this is not impossible or involves a disproportionate effort on the part of the Data manager. The Data subject shall be informed by the Data manager of these recipients upon request.
If the legal basis for the Data management relating to the Data subject is the legitimate interest of the Data manager or a third party, the Data subject has the right to object to the Data management. The Data manager shall not be obliged to uphold the objection if the Data manager proves that
If the Data subject considers that the Data manager’s management of their Personal data breaches the provisions of the applicable data protection legislation, in particular the GDPR, they have the right to submit a complaint to the competent data protection supervisory authority in the Member State where they have their habitual residence, place of work or place of the alleged breach. In Poland, a complaint can be lodged with the Urząd Ochrony Danych Osobowych (“UODO”). The contact details of the UODO are:
Website: https://uodo.gov.pl/en
Address: ul. Stawki 2, 00-193 Warszawa
Phone number: 22 531-03-00
E-mail address: kancelaria@uodo.gov.pl
Regardless of their right to submit a complaint, the Data subject may also take legal action in the event of a breach of the above rights. The Data subject also has the right to appeal to the courts against a final decision of the supervisory authority concerning them. The Data subject also has the right to judicial remedy in accordance with the relevant legal provisions and in the relevant way.
The Companies use economic profiling (i.e., the automated combination and evaluation of Personal data) in the selection of their customers, in which process Personal data is processed only in relation to sole proprietors. In particular, the Companies will analyse the individual entrepreneur’s cash book, tax flow account. Profiling is carried out by a natural person and does not involve automated decision-making.
Last updated: 15 November 2023.
