Privacy Policy

This document regulates the policy applied by Pactus.eu Sp. z o.o. with its registered office in Wrocław, Racławicka 2-4, 53-146 Wrocław, entered into the register of entrepreneurs kept by the District Court for Wrocław-Fabryczna in Wrocław, VI Commercial Division of the National Court Register under KRS number: 0001000819, Tax Identification Number (NIP): 8992942056, Company Registration Number (REGON): 523601312 (hereinafter: the Controller), in the field of protection of users' personal data and information that may constitute a business secret of the users. This policy applies to services offered by the Controller through the website www.pactus.eu and the Pactus.eu Customer Service Panel form. The above policy does not cover third-party websites and services that can be accessed through links on the aforementioned website. Detailed information on the protection of personal data is available from each service provider separately. The Controller recommends always reading the relevant documents on the suppliers' websites.

Introduction

We provide debt collection services and therefore we process personal data of Clients and debtors. We have created a Privacy Policy, thanks to which we fulfill our obligations under the law, including GDPR.

When does this Privacy Policy apply?

This Privacy Policy applies only in cases where the Pactus.eu is the controller of personal data and processes it. This applies both to the case in which the Controller processes personal data that Pactus.eu obtained directly from the data subject, as well as the case in which Pactus.eu obtained personal data from other sources.  In both cases, TC fulfils its information obligations set out in Articles 13 and 14 of the GDPR in accordance with these provisions.   This Policy does not apply to, among other things, situations where Pactus.eu processes your data only as a processor, i.e., for example, with regard to data of debtors entrusted to Pactus.eu for processing by their creditors, who are clients of Pactus.eu, in order for Pactus.eu to provide debt collection services to creditors (in these situations creditors are the controllers of personal data). Data of debtors is provided to Pactus.eu as a processor through the form available in the Customer Panel. The scope of entrusted data includes, among others: Tax Identification Number of the debtor, company name, contact details, contact data, financial data, other documents and information concerning the debtor and the reported claim, etc.   As a processor of personal data, Pactus.eu informs that it acts as a controller of personal data, i.e. as an entity deciding on the purpose and method of data processing, with respect to: 1) personal data of natural persons within the scope of the performance of the contract concluded with them (contract for the provision of debt collection services or any other contract the subject of which is the provision of services by Pactus.eu to such persons), 2) personal data of natural persons from whom the Pactus.eu acquired the claim as a result of its assignment, 3) data of natural persons who have consented to the processing of their data, 4) data of debtors (who were or are registered on the Trans.eu Platform) submitted for debt collection by Pactus.eu clients, which the Pactus.eu makes available to Trans.eu Group S.A. for the purpose of calculating the TransRisk Index by Trans.eu Group S.A., in order to ensure the possible level of security of the Trans.eu Platform users against unreliable contractors, and in particular the security of transactions and trading on the transport exchange operating within the Trans.eu Platform. The source of obtaining the data of these debtors is the information provided by Pactus.eu clients ordering Pactus.eu for debt collection against the above-mentioned debtors.   However, in the scope of debtors' personal data (as part of the debt collection service), Pactus.eu acts as a processor. Clients remain the controller of this personal data. The rules for entrusting data processing are set out in the General Terms and Conditions of Debt Collection Services available on our website (regarding the data entrusted by you to Pactus.eu in connection with ordering debt collection services).  

Data we collect

To use our services and products, you need to register an account and/or log in to the Customer Service Panel at https://app.pactus.eu/ To do this, you need to provide:
  1. e-mail address and/or
  2. TransID number.
If you are a user of the Trans.eu Platform, you can log in to the Panel using your TransId and password. In this case, you can also provide additional information that relates to your professional preferences and qualifications. In order to use the services and products offered by the Controller, it is necessary to register an account through the form provided on the Pactus.eu website. During registration, one must provide the data indicated in the form. When logging in, the User enters the following information: TransID number. In addition, the User may supplement the profile within their account with additional data, such as: language, e-mail address, landline phone, mobile phone. We can obtain some of the data from public sources, such as the National Court Register, the Central Register and Information on Economic Activity or similar sources, as well as from private entities that collect and provide information on entrepreneurs. These sources include data such as: identifying information, contact details, etc. Provision of data is voluntary, although necessary for the implementation of the service and the contact with the Controller. If the Controller is not provided with the necessary information, it will not be possible for the Controller to perform and deliver the service. Some data is collected passively, i.e. while you are using the website (e.g. IP address, resolution, location, browser type).

Use of data

Personal data will be processed:
  • for the purposes necessary for the provision of the debt collection service based on the contract concluded between the Client and the Controller or in order to carry out activities prior to the conclusion of the debt collection contract (Article 6(1)(b) of the GDPR),
  • if necessary, for the purposes of the legitimate interests pursued by the Controller or a third party (Article 6(1)(f) of the GDPR), among others:
    • customer service (i.e. enabling contact, negotiations, concluding a contract or accepting an order),
    • to answer the question/complaint,
    • to send the Controller's newsletter regarding changes in the software, Regulations, etc.,
    • to ensure the Controller's IT security;
    • to survey customer satisfaction,
    • to assert and defend against claims,
    • in direct marketing of products and services of the Controller and entities from the Trans.eu Group, as well as other entities which the Controller provides with services under separate agreements,
    • for internal administrative purposes of the Controller, such as preparation of statistics, analyses, e.g. ways of using the website, preferences,
  • in order to comply with legal obligations (including, but not limited to, accounting, bookkeeping, taxation) – pursuant to Article 6(1)(c) of the GDPR,
  • on the basis of consent (Article 6(1)(a) of the GDPR) for specific purposes (e.g. to provide information about the services/newsletter if there is an interest in them, or to transfer data within the Trans.eu Group).
If the Client has given such consent, the Controller sends information on the current and future products and services of the Controller and entities from the Group by e-mail in the form of an information or advertising campaign. With regard to personal data, the consent may be withdrawn at any time, however, it does not affect the processing of personal data prior to its withdrawal. Personal data may be processed by automated means (including profiling). The purpose of profiling is to collect information about the activity and preferences of Clients, which allows for better adjustment of the offer and messages addressed to them, as well as to detect events that may threaten the safety of Users. The legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR).  

Recipients of personal data

The data may be made available to other recipients in order to perform the contract for the provision of debt collection services, in order to fulfill a legal obligation incumbent on the Controller, based on consent or for the purposes resulting from the legitimate interests of the Controller or a third party. The recipients may be in particular: Pactus.eu subsidiaries, entities from the Trans.eu capital group, institutions legally authorized to receive data on the basis of relevant provisions of law (e.g. law enforcement or judicial authorities), as well as entities processing data on behalf of the Controller and their authorized employees, where such entities process data on the basis of a contract with the Controller and only in accordance with instructions and under the condition of confidentiality. Entities performing tasks on behalf of and for the Controller include those providing services to the extent necessary to ensure technical facilities for the provision of services, such as payment service providers, IT and entities that manage the Customer Service Panel. The Controller shall exercise due diligence in the transfer of data, using measures and safeguards to prevent unauthorized access to data (including SSL, encrypted connections).  

Transfer of data outside the European Community

The level of protection of personal data outside the European Economic Area (EEA) may differ from that provided by European law. We only transfer personal data outside the EEA when it is necessary. If we do this, we ensure an adequate level of protection of personal data.  In order to achieve this, first and foremost:
  1. we transfer personal data to countries that - under a decision issued by the European Commission - have been recognized as ensuring an adequate level of protection of this data,
  2. we use standard contractual clauses issued by the European Commission,
  3. we use other adequate safeguards.
 

Rights of the data subject

The Client has the right to access personal data, to request correction, restriction or deletion of personal data, to withdraw at any time consent to the processing of data within the scope of such consent, as well as to transfer personal data. The Client has the right to lodge a complaint with the supervisory authority, which in the Republic of Poland is the President of the Office for Personal Data Protection, if they believe that the processing of their data violates the provisions of the GDPR. In addition, the Client has the right to object at any time to the processing of data for reasons related to a particular situation, when the Controller processes data for the purposes of legitimate interests, for purposes related to direct marketing, including profiling. After confirming the User's identity, the Controller will exercise the indicated rights based on the analysis of the legitimacy of the request and the applicable law. The Controller will make every reasonable effort to comply with Users' requests for personal data, unless the data must be retained due to applicable law or other legitimate legal interests of the Controller. Data retention period We will process and store your personal data for the necessary period:
  • to perform the concluded contract until its completion, and then for the period specified by law, or to pursue any claims,
  • to the extent that the data is processed based on consent – the Controller will process it until its withdrawal;
  • until the legitimate interests of the Controller constituting the basis for such processing are fulfilled or until the User objects to such processing, unless there are legitimate grounds for further data processing.
The data collected during the Users' visits on the Controller's website will be processed until it becomes outdated or useless. This applies to data processed for analytical and statistical purposes, including the use of cookies and administration of the Controller's websites.

Cookies

The Controller uses the so-called "cookies" to track visits of the Users on the websites and save their preferences, e.g. language, login details - and to adjust the services offered to their needs. Thanks to these files, we can develop general statistics on the activity of the Users on the websites. We will store these files until they are no longer useful or become outdated. We will not share cookies with other third parties. We will transfer them only to entities that provide services to the extent necessary to ensure technical support for these files, e.g. by placing information in the form of cookies and other similar technologies on the end device (e.g. computer, smartphone) (e.g. Google Ads, Facebook Ads, LinkedIn Ads, Microsoft Ads) and entities from the Trans.eu Group. It is possible to disable cookies in your web browser. Please note that although you will be able to use all products and services, you may experience some difficulties - our website may not function properly. You can also manage the categories of "cookies" through the "Consents" window that appears when you first visit our website. Detailed information on the rules for the use of "cookies" by the Controller is specified in the Information about cookies available in the consent window. We use the so-called "cookies" to track visits of the Users on the websites and save their preferences, e.g. language, login details - and to adjust the services offered to their needs. Thanks to these files, we can develop general statistics on the activity of the Users on the websites.

Social media sites

Our website may include social media plug-ins, i.e. Facebook, LinkedIn, Twitter, Instagram, TikTok, etc. If you would like to obtain up-to-date information on the protection of personal data by these providers, you should consult their privacy policies yourself.

Data in Google Analytics and other service providers

Traffic on the Controller's websites is monitored, among others, by the Google Analytics system or other service providers whose purpose is to collect data on the manner of using the websites and their popularity, as well as to identify users visiting the websites and adjust advertising content. This data (e.g. the browser used or IP address) will not be shared by the Administrator with third parties. What we do to ensure safety

To keep you safe:

  1. we use SSL encryption;
  2. we only allow you to access your account if you enter your login and password correctly. We recommend setting a password that is 8 characters long, contains upper and lower case letters, special characters and numbers. Only you should know the password.
  3. we control the methods by which information is collected, stored and processed - including physical security measures to protect against unauthorized access to the system;
  4. we grant access to personal data only to those employees, contractors and colleagues who need to have access to that information in order to process it for our purposes. Under the contract, they must maintain strict confidentiality and, in the case of entrusting data, with agreements for entrusting the processing of personal data.

Privacy Policy Statement

Our Privacy Policy came into effect on 17.06.2024. We may update it to reflect changes in our information processing practices and standards. We may make such modifications without notifying the data subjects. If there are any changes that materially change the rules for the processing of personal data, we may inform you about them by e-mail or in a notification on the website. The changes will be effective from the date they are published at www.pactus.eu and we will also notify you of the date of their implementation.

Contact

If you have any questions or comments regarding the Privacy Policy, please contact: Pactus.eu Sp. z o.o. Racławicka 2-4, 53-146 Wroclaw, dane.osobowe@pactus.eu We have appointed a Data Protection Officer, who can be contacted by e-mail. Send a message to: dane.osobowe@pactus.eu