Dotacja unijna - iAML

Information Notices

INFORMATION NOTICE

FOR POLITICALLY EXPOSED PERSONS („PEPs”) AND PERSONS IN THE SANCTIONS LISTS („SLs”)

Pursuant to Article 14(1-2) and Article 14(5)(b) of Regulation (EU) 2016/ 679 of the European Parliament and of the Council of 27/04/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, p. 1) – hereinafter the GDPR – Incaso Group sp. z o. o., with its registered office in Koszalin at ul. Jana Pawła II no. 20 office 70, complies as the controller with its obligation to provide information to politically exposed persons (“PEPs”) and persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”).

1. Controller

Incaso Group sp. z o. o., with its registered office in Koszalin (75-452) at ul. Jana Pawła II no. 20 office 70, telephone number (+48)221003693, is the Controller of personal data of politically exposed persons (“PEPs”) within the meaning of the Act on Anti-Money Laundering and Financing of Terrorism of 1 March 2018 (Journal of Laws of 2018, item 723, as amended), in particular the amendments introduced by the Act of 30 March 2021 amending the Act on Anti-Money Laundering and Financing of Terrorism and certain other acts (Journal of Laws 2021, item 815) (hereinafter: the „AML Act”) and persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”).

2. Contact details of the Data Protection Officer

With respect to personal data protection, you may contact the Data Protection Officer at the following e-mail address: rodo@iaml.com.pl or telephone number (+48)221003693 or in writing to the address of the Controller’s registered office provided above.

3. Basis and purpose of personal data processing

Personal data of politically exposed persons (“PEPs”) and persons entered in sanctions lists for anti-money laundering and terrorist financing purposes (“SLs”) are processed by the Controller pursuant to Article 6(1)(f) of the GDPR, thus based on the legitimate interest of the Controller consisting of the creation and making available, for a fee, to obliged institutions (i.e. banks, insurance companies, payment services bureaus, among others) a tool supporting these entities in the implementation of their obligations under the AML Act, implementing i.a. Directive (EU) No 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing, amending Regulation (EU) No 648/ 2012 of the European Parliament and of the Council and repealing Directive 2005/60/EC of the European Parliament and of the Council and Directive 2006/70/EC of the Commission of 20 May 2015. (Official Journal of the EU.L No. 141, p. 73). The legitimate interest of the Data Controller is supported by the Data Controller’s entitlement to re-use (secondary) public sector information, as referred to in Article 5 of the Act of 11 August 2021 on open data and the re-use of public sector information (Journal of Laws 2021, item 1641). After deletion of your personal data from the tool supporting obliged institutions in fulfilling the obligations of the AML Act mentioned above, your personal data will be stored by the Data Controller for the purpose of defence against possible claims, which constitutes the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).

4. Categories of personal data processed

The Controller processes the following categories of personal data of politically exposed persons (“PEPs”) and persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”):

1) identification data (first names and last name, PESEL number, date and place of birth – the last three only if the Controller obtained them from publicly available and official sources;
2) data on the position held (job title, designation of the position held, place of holding the position/job title, designation of the entity, at which a politically exposed person works);
3) data on the place of origin, nationality, citizenship or sex;
4) contact data – the e-mail address used in relation to the position held – only if the Controller obtained them from publicly available and official sources.

5. The source, from which data originate

The Controller obtained personal data of politically exposed persons (“PEPs”) and persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”) only from publicly available sources, in particular:

– for politically exposed persons (“PEPs”):
1) from the Public Information Bulletin websites maintained by the particular entity;
2) from the central public information repository referred to in Article 9a of the Act of 6 September 2001 on the access to public information (Journal of Laws of 2011, no. 112 item 1198, as amended);
3) from the National Court Register;
4) from Monitor Sądowy i Gospodarczy journal;
5) from political parties register;
6) from other websites.

– for persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”):
1) from publicly available sanctions lists, i.e. in particular:
• OFAC Specially Designated Nationals (SDN) List (U.S. Treasury),
• OFAC Foreign Sanctions Evaders (FSE) List (U.S. Treasury),
• Common Foreign and Security Policy (CFSP) of the European Union (Sanctions EU),
• HR Treasury (HMT) Financial sanctions: Consolidated List of Targets (UK),
• Consolidated United Nations Security Council Sanctions List (UN Sanctions List).

6. Recipients of personal data

Personal data of politically exposed persons (“PEPs”) and persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”) may be transferred to the following categories of recipients:

a) recipients of the Controller’s products and services, in particular obliged institutions within the meaning of the AML Act;
b) service providers providing the Controller with technical and organisational solutions allowing for the management of the Controller’s organisation, including entities operating ICT systems or providing the Controller with ICT tools (in particular ICT service providers);
c) Controller’s contractors and employees;
d) other entities and authorities, to which the Controller is obliged or authorised to transfer personal data pursuant to generally applicable laws.

7. Transfer of personal data to third countries or international organisations

The Controller will not transfer personal data of politically exposed persons (“PEPs”) and persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”) to third countries or international organisations.

8. Personal data storage period

Personal data of politically exposed persons („PEP”) will be processed in a tool that assists the institutions required to comply with the obligations of the AML Act as referred to above for as long as such persons are considered as politically exposed („PEP”) by the AML Act, and then for as long as the AML Act requires higher risk measures to be applied to such persons, as referred to in Article 46 of the AML Act. Personal data of persons on sanction lists for anti-money laundering and anti-terrorist financing („SL”) purposes will be processed as long as such persons are on sanction lists. After removing the personal data of the above mentioned persons from the tool referred to above, the personal data of PEP and SL will be stored by the Controller for the period of limitation of claims, if the processing of personal data is necessary to defend against such claims.

9. Personal data protection rights

Pursuant to applicable laws, you have the following rights:

a) right of access to your data and to obtain a copy of the same;
b) right to rectification (correction) of your data;
c) right to erasure of data;
d) right to restriction of processing of personal data;
e) right to object;
f) right to data portability;
g) right to lodge a complaint with the supervisory authority – if you establish that the Controller processes your personal data contrary to the law.

10. Right to object

You have the right to object to processing of personal data on grounds relating to your particular situation. When objecting, you should specify the particular situation, which, in your opinion, justifies the discontinuation of the processing of your data subject to the objection by the Controller. The Controller will no longer process your personal data for the purpose stated above, unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

11. Automated decision-making, profiling

Your personal data is subject to ordinary profiling (i.e. with the participation of the human factor), which involves:

1) analysis of whether you meet the prerequisites to be considered a politically exposed person („PEP”) within the meaning of the AML Act (this analysis is done on the basis of publicly available data);
2) analysis of your PESEL number, in order to obtain information about your year of birth.

The consequence of profiling may be that you may be considered a politically exposed person („PEP”) by obliged institutions within the meaning of the AML Act, which are recipients of the products and services of the Controller.

The Controller does not use your data as part of an automated decision-making system.

INFORMATION NOTICE

FOR POLITICALLY EXPOSED PERSONS OUTSIDE POLAND („PEPs”) AND PERSONS IN THE SANCTIONS LISTS („SLs”)

Pursuant to Article 14(1-2) and Article 14(5)(b) of Regulation (EU) 2016/ 679 of the European Parliament and of the Council of 27/04/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, p. 1) – hereinafter the GDPR – Incaso Group sp. z o. o., with its registered office in Koszalin at ul. Jana Pawła II no. 20 office 70, complies as the controller with its obligation to provide information to politically exposed persons outside Poland (“PEPs”) and persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”).

1. Controller

Incaso Group sp. z o. o., with its registered office in Koszalin (75-452) at ul. Jana Pawła II no. 20 office 70, telephone number (+48)221003693, is the Controller of personal data of politically exposed persons (“PEPs”) within the meaning of the Act on Anti-Money Laundering and Financing of Terrorism of 1 March 2018 (Journal of Laws of 2018, item 723, as amended), in particular the amendments introduced by the Act of 30 March 2021 amending the Act on Anti-Money Laundering and Financing of Terrorism and certain other acts (Journal of Laws 2021, item 815) (hereinafter: the „AML Act”) and persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”).

2. Contact details of the Data Protection Officer

With respect to personal data protection, you may contact the Data Protection Officer at the following e-mail address: rodo@iaml.com.pl or telephone number (+48)221003693 or in writing to the address of the Controller’s registered office provided above.

3. Basis and purpose of personal data processing

Personal data of politically exposed persons (“PEPs”) and persons entered in sanctions lists for anti-money laundering and terrorist financing purposes (“SLs”) are processed by the Controller pursuant to Article 6(1)(f) of the GDPR, thus based on the legitimate interest of the Controller consisting of the creation and making available, for a fee, to obliged institutions (i.e. banks, insurance companies, payment services bureaus, among others) a tool supporting these entities in the implementation of their obligations under the AML Act, implementing i.a. Directive (EU) No 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing, amending Regulation (EU) No 648/ 2012 of the European Parliament and of the Council and repealing Directive 2005/60/EC of the European Parliament and of the Council and Directive 2006/70/EC of the Commission of 20 May 2015. (Official Journal of the EU.L No. 141, p. 73). The legitimate interest of the Controller – depending on the relevant legislation – may be based on the relevant provisions implementing Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019 on open data and re-use of public sector information (OJ 2019 L 2019 No. 172, p. 56). After deletion of your personal data from the tool supporting obliged institutions in fulfilling the obligations of the AML Act mentioned above, your personal data will be stored by the Data Controller for the purpose of defence against possible claims, which constitutes the legitimate interest of the Data Controller (Article 6(1)(f) of the GDPR).

4. Categories of personal data processed

The Controller processes the following categories of personal data of politically exposed persons outside Poland (“PEPs”) and persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”):

1) identification data (first names and last name, date and place of birth – only if the Controller obtained them from publicly available and official sources;
2) data on the position held (job title, designation of the position held, place of holding the position/job title, designation of the entity, at which a politically exposed person works);
3) data on the place of origin, nationality, citizenship or sex;
4) contact data – the e-mail address used in relation to the position held – only if the Controller obtained them from publicly available and official sources.

5. The source, from which data originate

The Controller obtained personal data of politically exposed persons (“PEPs”) and persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”) only from publicly available sources, in particular:

– for politically exposed persons (“PEPs”) – from publicly available sources, in particular from the websites of relevant institutions;
– for persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”) – from publicly available sanctions lists, i.e. in particular:
• OFAC Specially Designated Nationals (SDN) List (U.S. Treasury),
• OFAC Foreign Sanctions Evaders (FSE) List (U.S. Treasury),
• Common Foreign and Security Policy (CFSP) of the European Union (Sanctions EU),
• HR Treasury (HMT) Financial sanctions: Consolidated List of Targets (UK),
• Consolidated United Nations Security Council Sanctions List (UN Sanctions List).

6. Recipients of personal data

Personal data of politically exposed persons outside Poland (“PEPs”) and persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”) may be transferred to the following categories of recipients:

a) recipients of the Controller’s products and services, in particular obliged institutions within the meaning of the AML Act;
b) service providers providing the Controller with technical and organisational solutions allowing for the management of the Controller’s organisation, including entities operating ICT systems or providing the Controller with ICT tools (in particular ICT service providers);
c) Controller’s contractors and employees;
d) other entities and authorities, to which the Controller is obliged or authorised to transfer personal data pursuant to generally applicable laws.

7. Transfer of personal data to third countries or international organisations

The Controller will not transfer personal data of politically exposed persons outside Poland (“PEPs”) and persons entered in sanctions list for anti-money laundering and terrorist financing purposes (“SLs”) to third countries or international organisations.

8. Personal data storage period

Personal data of politically exposed persons outside Poland („PEP”) will be processed in a tool that assists the institutions required to comply with the obligations of the AML Act as referred to above for as long as such persons are considered as politically exposed („PEP”) by the AML Act, and then for as long as the AML Act requires higher risk measures to be applied to such persons, as referred to in Article 46 of the AML Act. Personal data of persons on sanction lists for anti-money laundering and anti-terrorist financing („SL”) purposes will be processed as long as such persons are on sanction lists. After removing the personal data of the above mentioned persons from the tool referred to above, the personal data of PEP and SL will be stored by the Controller for the period of limitation of claims, if the processing of personal data is necessary to defend against such claims.

9. Personal data protection rights

Pursuant to applicable laws, you have the following rights:

a) right of access to your data and to obtain a copy of the same;
b) right to rectification (correction) of your data;
c) right to erasure of data;
d) right to restriction of processing of personal data;
e) right to object,
f) right to data portability;
g) right to lodge a complaint with the supervisory authority – if you establish that the Controller processes your personal data contrary to the law.

10. Right to object

You have the right to object to processing of personal data on grounds relating to your particular situation. When objecting, you should specify the particular situation, which, in your opinion, justifies the discontinuation of the processing of your data subject to the objection by the Controller. The Controller will no longer process your personal data for the purpose stated above, unless the Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

11. Automated decision-making, profiling

Your personal data is subject to ordinary profiling (i.e. with the participation of the human factor), which involves analysis of whether you meet the prerequisites to be considered a politically exposed person („PEP”) within the meaning of the AML Act (this analysis is done on the basis of publicly available data).

The consequence of profiling may be that you may be considered a politically exposed person („PEP”) by obliged institutions within the meaning of the AML Act, which are recipients of the products and services of the Controller.

The Controller does not use your data as part of an automated decision-making system.

Zaufali nam