1. GENERAL INFORMATION
This document informs about the methods of processing and protecting Personal Data.
2. WHO IS THE ADMINISTRATOR OF THE PERSONAL DATA
The controller of personal data is Inventive Logic limited liability/limited partnership company with headquarters in (80–386) Gdansk, ul. Lęborska 3B, registered in the Register of Entrepreneurs of the National Court Register (KRS), kept by the District Court Gdansk–Polnoc in Gdansk, VII Commercial Department of the National Court Register, under KRS number 0000709320, NIP number: 957–09–36–720, e–mail: firstname.lastname@example.org, tel. +47 21 999 413 (Hereinafter referred to as: Ilogic or Data Controller)
3. SCOPE OF THE PROCESSED PERSONAL DATA
Purposes and legal basis for the processing of Personal Data:
a. to the necessary extent for the use of the Services via the Website (Art. 6, section 1 (b) of the GDPR);
b. on the basis of the consent given voluntarily (Art. 6, section 1(a) of the GDPR):
I. in order to transfer such data to a Partner, according to the type of Service provided, i.e. financial products, such as: consumer loan contracts, mortgage contracts, creditworthiness assessment, investment services as well as insurance services, currency exchange, translation services, tax services and social security;
II. in order to send offers regarding cooperation with mortgage and loan brokers, investment and insurance services, currency exchange, translation services, tax and social security services offered in Norway and Poland.
c. on the basis of a legitimate interest (Art. 6, section 1 (f) of the GDPR), in order to:
I. conduct research and analysis of Clients' expectations and needs as well as improvement and introduction of new services, as well as for statistical purposes,
II. provide commercial information and marketing content regarding products or services,
III. perform settlements of services conducted with a Partner;
V. organise or co–organise promotional campaigns or loyalty programs,
VI. maintain payment services and other auxiliary services of third parties, which we use to provide the Services for you,
VII. ensure safe usage of our websites and databases, enforce the Regulations, prevent frauds and abuses, and maintain the correctness and continuity of our systems, including by creating backup copies,
VIII. determine, pursue or defend the Data Controller’s claims and demonstrate compliance with the Data Controller’s obligations under the law,
IX. defence against abuse and fraud in order to ensure legal and physical security of the Data Provider,
X. answer queries and requests submitted via the form on the website or by e–mail.
d. Fulfil the possible legal obligation to process your data (Art. 6, section 1 (c) of the GDPR).
4. RESTRICTIONS ON DATA PROCESSING
a. If we process your data based on your consent – e.g. for sending Partner's marketing information – you can always withdraw your consent. Consent may be revoked at any time by sending an email to email@example.com. Withdrawal of consent does not result in unlawful processing of personal data that took place before its withdrawal.
b. We will process your personal data for the period necessary to achieve the above–mentioned purposes, i.e.:
I. in particular for the duration of the service provided to you, and also after that:
II. for the period and to the extent required by law or
III. for the implementation by the Data Controller of legitimate interests of the administrator to the extent outlined above, i.e. to the extent necessary for the pursuit and defence of claims by the Data Controller – during the limitation period of any claims between the parties,
IV. If we process your data based on your consent, we will continue to process it until the consent is withdrawn.
c. Providing your personal data is always voluntary, but is in some cases necessary to conclude and perform a contract for the provision of services to you. We always mark the fields and information that is required for us to make a deal with you and execute the contract, or for performing legal obligations.
5. TRANSFER OF PERSONAL DATA AND PROFILING
a. Your personal data may be transferred:
I. to public authorities and entities performing public tasks or acting on behalf of public authorities, to the extent and for purposes that in our reasonable belief result from legal provisions,
II. based on a separate consent – to selected Partners, depending on the type of the Service selected – the current list of Partners is available on the Website at www.multinorfinans.no/partners.
III. based on the contract, required by law, of entrusting personal data for processing – to entities that provide us with ancillary services, such as customer service, payment services, professional advisers and companies providing hosting and analytical services.
IV. Based on the legitimate interest of the Data Controller – to the Partner – to conduct settlements of cooperation consisting in the provision of support and promotion services on behalf of the Partner.
b. Your data will be transferred outside the European Economic Area to our service providers in countries that ensure an adequate level of protection in accordance with the decision of the European Commission, including entities based in the United States participating in the Privacy Shield programme, or on the basis of the specific contract for the processing of personal data – the so–called Standard Contractual Clauses for data transfers between EU and non–EU approved by the European Commission. You will be able to obtain a copy of the transferred data by contacting us.
c. By providing services to you on the Website, we will process your data automatically, including profiling by using some of the information you share with us to analyse or predict your personal preferences, interests or needs, but we will do it only in order to personalise the usage of the Services via the Website or to better match ads and commercial information to your needs. Therefore, it will never produce any legal effects or significantly affect your situation in a similar manner.
6. YOUR RIGHTS
a. All persons whose personal data is processed by iLogic have a number of rights arising from the processing of their personal data, including:
I. the right to access personal data, including the right to obtain a copy of such data,
II. the right to request correction (rectification) of personal data – when you notice that the data is incorrect or incomplete,
III. the right to request the deletion of personal data (the so–called "right to be forgotten") – provided, however, that the data is no longer necessary for the purposes for which it was collected or otherwise processed (e.g. under the condition of removing the account) or if you object to data processing or withdraw the consent on which the processing is based and there is no other legal ground for processing, or if the data is processed illegally or must be removed in order to comply with a legal obligation,
IV. the right to request limitation of personal data processing – if you indicate that your data is incorrect, when data processing is unlawful but you do not want to delete it or when your data is no longer required, but you need it to determine, defend or pursue claims, or when you object to the processing of data – until it is determined whether the legitimate grounds for the processing of data by us take precedence over the basis of your objection,
V. the right to transfer personal data – if the processing is carried out automatically on the basis of a contract concluded with you or based on your consent,
VI. the right to object to the processing of personal data, including profiling – if we process your data based on a legitimate interest and the opposition is justified by your special situation and when we process your data for direct marketing purposes and profile your data for marketing purposes.
b. All requests regarding the above rights can be submitted in writing or sent by e–mail to the Data Controller’s addresses indicated above. We will do our best to respond to your requests promptly, no later than one month after we have received them, unless they prove to be numerous or complicated. In this case, we will inform you about the deadline for replying. All requests are free of charge, but should they be found evidently unreasonable or excessive, we will be able to charge a reasonable fee, including communication fees or costs related to the performance of the requested actions, or refuse to take action on the request.
c. If you believe that the Data Controller has violated the law by processing your personal data, please write to us at the following e–mail address: firstname.lastname@example.org. You have the right to lodge a complaint with the supervisory body, i.e. the President of the Personal Data Protection Office.
d. It is possible at any time to resign from using the Services via the Website by sending an e–mail to email@example.com, which will result in the cessation of the processing of your personal data, without affecting the lawfulness of the processing that was carried out before the resignation from the Services on the Website. If you receive a message about the resignation from providing services, the data will be deleted within 30 days.
7. THIRD PARTY ACCESS TO DATA
Personal data is processed only by authorised employees or associates of iLogic or cooperating entities on the basis of a lawful contract of entrusting personal data for processing, who are both trained and authorised to do so.
8. SECURITY AND PROTECTION OF PERSONAL DATA
1. The Data Controller declares that it makes use of technical and organisational measures to ensure the protection of processed data according to their categories and possible threats, and protects in particular the Customer’s personal data against disclosure to unauthorised persons, loss, or damage.
3. Personal data is protected against unlawful disclosure to unauthorised persons, removal by unauthorised persons, destruction, loss, damage or alteration as well as processing contrary to the generally applicable law. We use appropriate security measures to protect your data. These include internal reviews of our data collection, storage and processing practices as well as physical and software security measures to guard against unauthorised access to systems where we store personal data.
9. TRANSFERRING COMMERCIAL INFORMATION BY ELECTRONIC MEANS OF COMMUNICATION
1. Transferring of commercial information by electronic means of communication can only take place after obtaining your consent.
2. Sending commercial information by electronic means in accordance with the Act of 18 July 2002 on Providing Services by Electronic Means will take place on the basis of a separate consent if you provide us with your email address.
3. The use of telecommunications terminal equipment and automatic calling systems for the purposes of direct marketing in accordance with the Act of 16 July 2004 – Telecommunications Law will take place on the basis of the granted consent if you provide us with your phone number or identification data of your communicator.
4. You can withdraw your consent to receive commercial information by electronic means at any time. It is enough to send us an e–mail containing withdrawal of consent to firstname.lastname@example.org.
a. The Data Controller uses so–called own cookies and other similar technologies for the following purposes:
I. Website configuration,
II. adjusting the content of the Website to the user's preferences and optimising the use of the Website,
III. recognition of the Website user's device and its location, as well as displaying the website per user's individual needs,
IV. remembering the settings selected by the user and personalising the user interface,
V. remembering the history of pages visited on the website in order to recommend content,
VI. font size, website appearance, etc.
VII. user authentication on the Website and providing user sessions,
VIII. maintenance of the Website user's session (after logging in) to allow the user to use the Website without re–typing their login and password,
IX. correct configuration of selected Website functions, allowing, in particular, verification of the authenticity of the browser session,
X. optimising and improvement of the performance of services provided by the Data Controller,
XI. implementation of the processes necessary for the full functionality of the websites,
XII. adjusting the content of the Website to the user's preferences and optimising the use of the Website. In particular, these files allow us to understand the basic parameters of the User's device and to properly display the Webpage tailored to their individual needs,
XIII. remembering the user's location,
XIV. the correct configuration of selected functions of the website, allowing, in particular, the adjustment of the information provided to the user, taking into account their location,
XV. analysis and testing, as well as internet audience measurement,
XVI. to create anonymous statistics to help you understand how to use users utilise the Website, which can improve its structure and content,
XVII. ensure the safety and reliability of the Website.
b. The Data Controller uses external cookies and other similar technologies for the following purposes:
I. presenting multimedia content downloaded from external websites (including vimeo.com, youtube.com, wrzuta.pl)
II. collecting general and anonymous static data via analytical tools (including Google Analytics),
III. presenting advertisements tailored to user preferences by using an online advertising tool.
I. Mozilla Firefox: https://support.mozilla.org/en–US/kb/cookies–information–websites–store–on–your–computer
II. Internet Explorer: https://support.microsoft.com/pl–pl/help/278835/how–to–delete–cookie–files–in–internet–explorer
III. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
IV. Safari: https://support.apple.com/en–euro/guide/safari/sfri11471/mac
V. Opera: http://help.opera.com/Linux/9.22/pl/cookies.html
2. The site uses plug-ins from the Facebook social network.
a. Facebook plug-ins can be recognised by the Facebook logo on our website. An overview of Facebook plug-ins can be found here: http://developers.facebook.com/docs/plug-ins/.
b. When you visit our website, the plug-in establishes a direct connection between your browser and the Facebook server. Facebook receives information that you have visited our website via an IP address. If you click "Like–Button" on Facebook while you are logged in to your Facebook account, you will be able to link the content of our website with your Facebook profile. As a result, Facebook can assign your visit to our website to your user account.
c. Please note that we, as the website provider, do not obtain any knowledge about the content of the transmitted data and its use by Facebook. If you do not want Facebook to associate your visit to our site with your Facebook user account, log out of your Facebook user account.
3. Server logs.
a. Using the website is associated with sending queries to the server on which the website is stored. Each query directed to the server is saved in the server's logs.
b. Logs include, among others, your IP address, server date and time, information about the web browser and the operating system you are using. Logs are saved and stored on the server.
c. The data saved in the server's logs is not associated with specific people using the site and are not used by us to identify you. The server's logs serve only as auxiliary material used to administer the site, and their content is not disclosed to anyone except those authorised to administer the server.
11. EXCLUSION OF LIABILITY
b. The Data Controller reserves the right to introduce changes, withdrawals or modifications of the functions or properties of the Website, as well as to cease operations, transfer rights to the Website and perform any legal actions permitted by applicable laws. All actions carried out by iLogic may not violate user's rights.
12. CONTACT WITH THE DATA CONTROLLER
ANNEX CONCERNING FINANCIAL SERVICES (EXCLUDING MORTGAGE LOANS) AND INSURANCE.
§ 1 General information on the processing of Personal Data
1. While using the Website's services, you will be asked to provide some of your Personal Data and to complete the Form. We will only ask you for the data which is relevant to the purposes for which it will be processed.
2. Remember that providing your Personal Data is voluntary and is used to provide the Services in accordance with the Regulations for the use of the Website.
3. To the extent required by the scope of the Service, data processing consists also in making it available to the selected Partner.
4. Personal Data will be collected in connection with the use of the Services via the Website, for the purpose and scope necessary for:
• collecting data and information about the Customers,
• collecting the Offers from the Partners for the selected Services (applies in particular to the Services referred to in Appendices 2 and 3 and the Premium Service referred to in Appendix 4),
• obtaining credit information from Gjeldsregisteret (applies to the Service referred to in Appendix 4),
• preparing a Report in the case of the Premium Service referred to in Appendix 4,
• performing the contract for the provision of electronic services,
• marketing of our own products or the Data Controller services;
• answering a question via the contact form.
§ 2 Legal basis for processing personal data
1. The legal basis for data processing depends on the purpose of processing your data, and thus:
– when processing personal data for the purpose of concluding and implementing an insurance contract through an insurance company or a loan product contract (in such case, the data controller is the insurance company or the loan provider you have chosen) – the legal basis is Art. 6, section 1 (b) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data as well as repealing Directive 95/46/EC (General Data Protection Regulation, 'GDR'). 6, section 1 (f) of GDPR,
– when processing personal data for the purpose of providing a service by the Data Controller consisting of the collection and sharing of information, including personal data, from the persons interested in the Insurance Offer and transferring such information to the Insurance Partners (in such case the Data Controller is these Insurance Partners) – the legal basis is Art. 6, section 1 (b) of GDPR, i.e. the implementation of the contract on the conditions set out in the Regulations regarding the collection of data and displaying offers of the Insurance Partners, as well as Art. 6, section 1 (a) of GDPR, i.e. consent regarding the transfer of data to the Insurance Partners.
– when processing personal data for the purpose of providing a service by ILogic consisting of the collection and sharing of information, including Personal Data, from the persons interested in the (loan) Offer and transferring such information to the Partners/the Partner (in such case the data controller are these Partners/this Partner) – the legal basis is Art. 6, section 1 (b) of GDPR, i.e. the implementation of the contract on the conditions set out in the Regulations regarding the collection of data and displaying the Offers of the Partners, as well as Art. 6, section 1 (a) of GDPR, i.e. consent regarding the transfer of data to the Partners.
– when processing personal data to enable future remote contact in order to present an offer of the Partners/the Partner (in such case the data controller is ILogic) – applies to the Services referred to in Appendices 2 and 3 – the legal basis is Art. 6, section 1 (b) of GDPR,
- when processing personal data for the purpose of providing the Service and the Premium Service, referred to in Appendix 4, consisting in the provision of personal data from Gjeldsregisteret to Ilogic, the legal basis is consent - Art. 6, section 1 (a) of GDPR, while in terms of the development of this data and preparation of the Report - the legal basis is Art. 6, section 1 (b) of GDPR (contract performance). The presentation of the processed data from Gjeldsregisteret and the Refinancing Offer within the Premium Service requires the Customer's marketing consent (Art. 172 of Telecommunications Law and Art. 10 of the Act on Providing Services by Electronic Means) and takes place on the basis of Art. 6, section 1 (b) of GDPR (contract performance).