PRIVACY POLICY AND PROTECTION OF PERSONAL DATA

Last updated: 5/10/2023.

Please select a topic that interests you

1. Introductory part and information about the data controller

Who is the data controller?

What is personal data and who is the data subject?

What is the legal basis of processing?

2. How do we collect personal data?

3. What categories of personal data do we collect?

4. For what purpose do we process your personal data?

5. What is the legal basis for processing your personal data?

6. How do we use your personal data?

Is your data protected?

7. Who are the recipients of your personal data?

8. How long do we keep your personal data?

9. What are your rights and how can you exercise them?

10. With whom do we process your data as joint controllers?

11. Contact information for the protection of personal data

1. Introduction and information about the data controller

Who is the data controller?

In its business, B2 KAPITAL d.o.o. with headquarters in Zagreb, Radnička cesta 41, HR-10000 Zagreb, OIB number: 57509775367 (hereinafter referred to as “B2” or “controller“), whose primary activity is related to the purchase and collection of financial assets, is the controller for the purposes of processing personal data and processes your data in accordance with the law. The controller is a legal or natural person who is responsible for processing personal data for a certain purpose.

In order to achieve effective protection of your personal data, we pay due attention to the fulfilment of our obligations related to the protection of personal data in accordance with the General Data Protection Regulation (“GDPR”) and the Act on the Implementation of the General Data Protection Regulation (Official Gazette 42/18).

If B2 is the joint controller of your personal data in accordance with Article 26 of the GDPR with another controller, based on joint business cooperation and/or on the basis of the use of a joint service and/or the legitimate interest of B2 and a third party, additional information regarding the protection and processing of your personal data, apart from B2, can also be requested from another data controller indicated as a joint data controller in this Policy. In that case, you, as a data subject, can exercise your rights under the GDPR in relation to each data controller individually, as well as against each of them.

This Policy on the processing of your personal data contains our rules regarding the protection and management of your personal data and privacy. In other words, in this Policy on the protection of personal data, we want to clarify how we collect your personal data, what personal data we process, why we process it, how we use it, how we store it, with whom we share it and why.

What is personal data and who is the data subject?

Personal data is all data related to the “data subject”. Data subject is the legal term for an individual whose identity has been determined or can be determined and whose personal data is the subject of processing. An identifiable individual is a person who can be identified directly or indirectly, especially with the help of an identifier (e.g. name, identification number).

These can be:

  1. the debtor or other natural persons (e.g. co-debtors, guarantors, pledge debtors, etc.) from whom B2 collects the claim based on the servicing contract
  2. third parties who settle debts in the name and on behalf of the debtor,
  3. employees of business partners B2,
  4. natural persons, legal representatives or company owners in accordance with special regulations (e.g. the Law on Prevention of Money Laundering and Financing of Terrorism),
  5. natural persons who contact B2 with an inquiry or unequivocally express an interest in cooperation.

What is the legal basis of processing?

The most common basis for the processing of your personal data is a contractual relationship (e.g. based on a contract after another company becomes a new creditor through cession). Other bases of processing are the law, performance of a contractual obligation, and legitimate interest and in limited cases, consent. The bases of processing such as those mentioned are defined in the GDPR and each processing must be based on at least one of them.

2. How do we collect personal data?

Acting in accordance with the applicable legislation, B2 processes personal data obtained from:

  • credit institutions and other financial institutions with which you concluded a loan agreement and/or an agreement relating to some other financial/banking service, i.e. a company that purchased receivables from financial institutions, and for which B2 performs collection and/or servicing of receivables,
  • directly from you or in certain cases from other persons primarily related to the collection of receivables and the return of any overpaid amounts, or on the occasion of your direct inquiry,
  • persons who are authorized to communicate with B2 on your behalf and for your account (e.g. your lawyers),
  • public institutions and state bodies or other persons, as well as persons performing services of public interest (e.g. notaries public),
  • publications and databases that are publicly available or based on a contractual relationship (external sources) to ensure permanent updating of the data we hold about you or to assess your ability to settle claims. External sources mean: public institutions and state bodies, public registers, electronic databases (for example Fina), information available in social media and on the Internet,
  • when you access the website of the B2 company, technical data related to your visit is automatically processed in order to be able to show you the requested page. These records include the IP address, the website you are coming from and other data that is necessarily included in the web request for the purpose of displaying the website,
  • when we collect your data from other sources, we collect them from sources that are publicly available or provided by third parties, and in such cases, we also take into account your rights. These are some of those situations:
  • we cannot contact you and we need to update your information to ensure the accuracy of your personal information,
  • we need this information to prevent fraud and/or prevent money laundering; there are legal requirements and/or legitimate interest in collecting certain data, etc.

3. What categories of personal data do we collect?

We process the following categories of personal data:

  • identification data such as: name and surname, date of birth, citizenship, personal identification number (OIB), place of birth, place of residence, place of residence,
  • contact information such as: postal address, telephone number, e-mail,
  • information about your financial and/or professional status such as: employment/profession, nature of self-employment (e.g. trade), name of employer, income, type of income, sources of income, bank account, information on real estate and other assets of yours, information on existing debt (e.g. type of debt, amount of debt, interest, currency, costs), information related to debt collection (e.g. repayment plan, costs, debt balance),
  • signature,
  • data on other participants in the legal transaction (e.g. guarantors/heirs/spouses) on the basis of which there is a creditor’s claim for whom B2 performs collection or servicing of claims,
  • data on administrative or judicial proceedings in which you are a party to the extent that they are related to claims that are in the portfolio of creditors for whom B2 provides servicing services, i.e. claims collection and/or may affect the collection of claims (e.g. enforcement proceedings, personal bankruptcy proceedings consumer and other court proceedings initiated in order to protect the legal claims/interests of creditors in court, etc.); information that is considered evidence of any interaction between you and B2 through written and/or oral communication,
  • in cases where the data subject voluntarily submits to B2 information about the state of health and/or health documentation, B2 keeps a note of the submitted information for the purpose of individualized access to the search of the data subject, but without saving the medical documentation if it has been submitted (e.g. as an attachment in an email in).

4. For what purpose do we process your personal data?

B2 processes your data only to the extent that this data relates to and/or can affect the process of collection of claims and the defence of B2’s legal claims. In this context, the purpose for the processing of personal data mainly includes the collection of claims on behalf of and for the account of creditors, and includes the following:

  • analysing your financial situation and source of income so that we can determine the conditions for debt repayment that correspond to your individual situation,
  • communication with you and proper identification of all data subjects whose personal data we process,
  • on the basis of the authorization given by the creditor, coordinating the initiation and conduct of legal (court) procedures for the collection of claims (e.g. executions, personal bankruptcy proceedings of consumers), and finding favourable solutions for all involved parties that will lead to debt settlement,
  • processing and answers to your questions, complaints and requests,
  • assessment of whether the creditor will establish a contractual relationship or conclude a transaction (e.g. preparation of a risk assessment related to the conclusion of an agreement on the purchase and sale of receivables, preparation of the submission of bids/participation in the auction procedure) including the preparation or auxiliary verification activities for the purpose of preventing money laundering and terrorist financing and fraud prevention,
  • statistical analysis in order to assess the activity of B2 in the management of the portfolio collection procedure in the name and on behalf of the creditor, as well as the need to improve the methodology of collection/repayment of receivables,
  • responding to requests from government bodies or fulfilling legal requirements that apply to B2,
  • preparation of reports for competent authorities when required by accounting and/or tax regulations.

We state how B2 can sometimes use your personal data for other and/or certain ancillary purposes (for example, internal reports and internal management of the portfolio servicing process on behalf of and for the account of creditors, external auditing, archiving – in physical and/or electronic form, correspondence ) which are always in accordance with the original purpose for which the creditor collected your personal data. In cases where your data is processed for other purposes, which are not specified in these Rules, we will inform you about all new processing and purposes for which your data is processed. We document the legal basis for all processing undertaken.

5. What is the legal basis for processing your personal data?

B2 may process your personal data based on the following legal bases, all depending on the purpose for which the data is processed:

  • processing of personal data for the purpose of fulfilling legal obligations that B2 is obliged to comply with – for example, keeping accounting data; processing of personal data as part of the fulfilment of obligations from regulations adopted to prevent money laundering and financing of terrorism, tax or accounting legislation, and other binding regulations and instructions of state administration bodies,
  • In exceptional cases, processing is also necessary to protect the key interests of data subjects or other natural persons (for example, possible in cases of threats to vital and key interests of data subjects such as natural and humanitarian disasters and/or actions),
  • legitimate interest of B2 (for example, so that B2 could collect acquired claims, assess the success of the collection of claims on behalf of and on behalf of the creditor, i.e. predict whether the debt will be successfully collected or whether the creditor will have to initiate appropriate procedures),
  • express consent of the data subject in the case it is granted to B2 (e.g. in relation to persons who send an inquiry or submit personal data on their own initiative and expect a response or in cases where consent was requested from the debtor or another natural person (e.g. co-debtors, guarantors, pledge debtors, etc.), about which the data subjects would be given a separate notification and it would be possible to give consent after notification.

Given that B2 also acts as a joint controller in certain situations (see chapter With whom do we process your data as joint controllers?) In these situations, data is shared in accordance with the contract concluded with the aforementioned companies, for which there is, among other things, legitimate interest of all companies.

6. How do we use your personal data?

Processing of personal data means any process or set of processes performed on personal data or sets of personal data, including, for example, sharing, storage and access.

We use tools that are not fully automated (requires human intervention) to determine/perform an evaluation/assessment of receivables collection. Such evaluation is based on the data that you have directly submitted to us or that has been submitted to us by the previous creditor (assignor) and the current creditor, as well as on information obtained from public sources (Internet/social networks/public databases/publications and official (public) information issued by state bodies/official databases on subjects and persons subject to international sanctions). Thanks to this information, we can make a conclusion on behalf of and on behalf of the creditor about the optimal method of repayment/settlement of claims for both parties, especially whether it is necessary to initiate enforcement proceedings, as well as make an assessment for the creditor whether to conclude a contract on the sale or assignment of claims.

If we cannot contact you, in order to comply with the principle of data accuracy, we will make every effort to update your personal data based on information obtained from official sources (e.g. court register, press release and official information issued by government bodies) or from public sources (Internet/social networks/public databases).

We use information about your property that secures the creditor’s claims for the purpose of collecting claims.

Also, we use your data to conduct internal statistical analysis in order to evaluate the effectiveness and improve the collection methodology of creditors’ claims.

We process, analyse and respond to your complaints, requests to exercise your rights under the GDPR and all other requests you contact us with.

We inform you about the status of your debt (while we process your personal data), the status of ongoing legal proceedings related to your debt, as well as all the data and information you are interested in regarding the debt collection process.

Is your data protected?

B2 believes that the security of your personal data is very important, and in this sense, we ensure and implement verification of organizational and technical security measures designed to protect your data from unauthorized access, modification, disclosure or destruction. Access to your personal data is permitted only to persons authorized by B2 or authorized by B2 and/or the creditor after appropriate assessment and after they have previously committed to maintaining confidentiality.

7. Who are the recipients of your personal data?

In the normal course of business, B2 may transfer your data to other individuals or legal entities in order to achieve the purposes for which we process personal data that you directly provided to us or that we received from other sources. B2 may also use or disclose personal information when legally required to do so or permitted by law.

Here are examples of persons to whom B2 may transfer your personal data:

  • we can transfer your personal data to other member companies of the B2Impact group, which is part of B2, and which have their headquarters in the countries of the European Economic Area. Exceptionally, your personal data is also can be transferred for certain technical or operational reasons companies of the B2Impact group that have their headquarters in countries that are not members of the European Economic Area, and for which a decision on the adequacy of the European Commission has not been made, including branches in Serbia. Risks associated with transferring your personal data to a country that does not provide an adequate level of protection in accordance with EU standards, B2 minimizes by applying appropriate approved protective measures in the form of execution of data transfer agreements with standard contractual clauses for the transfer of personal data to third countries. B2 conducts and reviews transfer risk assessments in order to be aware of and react to possible risks of data transfer to third countries at all times.
  • to our contractual partners and/or acquirers of claims – we may transfer your personal data to other natural or legal persons to whom we address on behalf and on behalf of the creditor
  • to the contractual party that performs collection of overdue receivables in the name and for the account of B2
  • supervisory authorities if this is a legal obligation B2 or when required by applicable national or European legislation. In these cases, we may transfer information about your personal data or transactions without the need to notify you.
  • to other state authorities – we may provide your personal data in order to comply with certain legal requirements or to third parties who justify the existence of a legitimate interest (e.g. notaries public, courts).
  • transfer of data at your request – you may send us a request that your data should be transferred to a representative or an authorized person acting on your behalf and, in your interests, (for example, financial advisors, lawyers, intermediaries).
  • to service providers who help us improve our services or develop, implement or manage business systems, infrastructure or operational processes (for example, auditors, consultants, analysts, etc.).
  • suppliers who provide us with support in the collection of claims, including the promotion and encashment of collateral (e.g. real estate agencies, websites where we provide real estate promotion, including online platforms for real estate promotion, lawyers, court appraisers, consulting companies, cadastral experts, etc.).
  • suppliers who provide us with maintenance and support services, in order to be able to provide collection services and claims servicing in optimal and secure conditions. For example, suppliers who develop/implement or maintain IT applications and infrastructure, archiving companies, document printing companies, couriers/providers of postal services, companies that manage security systems that implement measures to ensure the confidentiality/integrity and availability of your data, etc.
  • service providers who provide assistance in the implementation of legal proceedings, enforcement proceedings, consumer personal bankruptcy proceedings or other claims collection proceedings on behalf of and on behalf of the creditor (e.g. lawyers, appraisers, consulting companies, surveyors, real estate agencies).

8. How long do we keep your personal data?

B2 will process your personal data for the time necessary for the processing goals, which may vary depending on the purposes of the data being processed. Therefore, B2 will process your data during the collection/service of claims and store them for a period of five years from the moment the debt is transferred and/or after full settlement of the claim, unless the applicable legal regulations stipulate otherwise. In case of settlement of the claim of the creditor for whom he performed service work after the end of enforcement proceedings and/or any other court proceedings, personal data will be kept for at least 10 years, unless the applicable legal regulations stipulate otherwise. In case of data processing for accounting purposes in the name and for the account of the Creditor, your data will be stored for at least 11 years in accordance with legal regulations on accounting. The retention period of the data resulting from the records of telephone conversations of the Call Center is kept for 1 year from the date of recording. In order to answer your other inquiries, for example if you want us to contact you regarding the sale of some real estate, we keep a note about your interest and contact in a closed system with the subject of the inquiry until the subject is deleted from the system.

9. What are your rights and how can you exercise them?

At any time, you can exercise the following rights, within the limits provided by the applicable legislation related to the area of ​​personal data protection:

The right to access personal data – at any time you can request access to your personal data and we will inform you whether B2 is processing personal data relating to you. If such personal data is processed, you can request the following: access to information about the categories of personal data in question, the purpose of the processing, the intended period for which the personal data will be stored if possible or the criteria used to determine that period, if the personal data they do not collect from you, information about their source, and information about the existence of automated decision-making. B2 can provide you with a copy of the personal data being processed. B2 may charge a reasonable fee based on administrative costs for any additional copies you request.

Right to rectification – you can ask us to correct your personal data at any time so that it is up-to-date and accurate at all times.

The right to delete personal data (“the right to be forgotten”) – you can request the deletion of your personal data that we process and take all necessary steps to do so if: (i) it no longer exists or the purpose for which it was collected has been fulfilled; (ii) you withdraw your consent, and the processing was carried out on the basis of that consent and there is no other legal basis for continuing the processing; (iii) you objected to data processing and there are no other legitimate reasons for further processing; (iv) Your personal data has been processed without a valid legal basis. We also inform you that personal data for which you have exercised the right to deletion may be further processed in the following situations: (i) to fulfil legal obligations governing the processing; (ii) as well as for realization/defence of legal claims of B2 in court proceedings.

The right to restriction of processing – you have the right to request restriction of processing in the following situations: (i) you contested the accuracy of your personal data that we are processing, and during the period required to check their accuracy, your data will be processed with a limit (ii) the processing of your personal data was illegitimate, and you objected to the deletion of data by requesting instead limited data processing; (iii) you objected to the processing of your personal data, and during the verification of the validity of the legal basis, the processing of your data will be limited; (iv) even though the data retention period has expired, you have expressly requested that we retain your data in order to exercise your rights in court. In case of limited processing, your personal data may be processed by storage. Other personal data processing activities will only be possible for: (i) exercising rights/defending legal claims of B2 in court; (ii) protection of the rights of other natural or legal persons; (iii) based on your express consent or (iv) protection of public interest. If your request for the restriction of data processing is granted, we will inform you about this before lifting the restriction of personal data processing.

The right to data portability – in the case of your personal data that we process automatically, on the basis of your express consent or on the basis of the execution of the contract between you and B2, you can request that the said data be structured in an automatically readable format that you can send to another controller or you can ask us to send directly data to that controller (to the extent that this is technically possible for B2).

The right to object to the processing of personal data – for reasons related to your specific situation, you can object to the processing of your personal data based on B2’s legitimate interest and/or data processing carried out in the public interest, including the creation of a profile based on these provisions.

The right to withdraw consent – in cases where the processing is based on your consent, the consent can be withdrawn at any time and the processing will stop. Withdrawal of your consent will have effects only for future processing. The processing carried out before the withdrawal of consent remains valid.

All the above-mentioned rights can be exercised by submitting a written request to the contact details below, and we will respond to you within one month or, if the request requires a more complex analysis, that period can be extended for a further 2 months, in which case we will inform you of the reasons for the extension. If you submit your request electronically, we will also provide you with the information electronically, if possible, or through another format or channel requested by you. B2 may request additional information to verify your identity before we share with you a statement about your personal data or act in connection with the exercise of your above-mentioned rights. We also inform you that in justified cases the law allows us to refuse to act on your requests or charge a fee, for example where your requests are excessive in their repetitive or manifestly unfounded nature. In such a case, we will give you a written explanation of such treatment.

If you believe that your personal data is being processed unjustifiably and the processing does not comply with legal regulations, you can file a complaint directly with the Personal Data Protection Agency at the address: Selska cesta 136, 10000 Zagreb, phone: (0)1 4609- 000, e-mail: azop@azop.hr.

10. With whom do we process your data as joint controllers?

In accordance with Article 26 of the GDPR, in certain cases of processing, B2, together with another data controller, jointly determines the purposes and methods of data processing and transparently determines its responsibilities and compliance with the obligations from the GDPR, especially with regard to the exercise of your rights as data subjects and their duties regarding the provision of information from Articles 13 and 14 of the GDPR. You, as a data subject, regardless of the agreement reached between the joint controllers, can exercise your rights under the GDPR in relation to each data controller individually, as well as against each of them on the contact details listed below.

Besides B2 KAPITAL d.o.o. with headquarters in Zagreb, Radnička cesta 41, ID number: 57509775367, registered in the court register of the Commercial Court in Zagreb under registration subject number (MBS) 080859406, a member of the B2Impact group, the following is information on joint data controllers with whom B2 determines the purposes and methods of processing and contact points for the purposes of exercising your rights:

  • VERALTIS ASSET MANAGEMENT d.o.o., Radnička cesta 41, Zagreb (City of Zagreb), OIB 32235033898, registered in the court register of the Commercial Court in Zagreb under registration subject number (MBS) 081405488 (“Service provider”) (hereinafter: Veraltis Hrvatska). Company Veraltis Hrvatska is a member of the B2Impact group,
  • VERALTIS ASSET MANAGEMENT SINGLE MEMBER SOCIÉTÉ ANONYME CLAIMS MANAGEMENT FROM LOANS AND CREDITS, based in Greece, Kifisias Av. 1-3, Athens, entered in the court register under number 140536701000, (“Master Servicer”) (hereinafter: Veraltis Greece). Veraltis Greece is also a member of the B2Impact group.

The companies B2, Veraltis Croatia and Veraltis Greece mutually concluded a Local Agreement on the provision of services for the servicing of overdue receivables. With the aforementioned agreement, B2 transferred certain activities related to the collection of receivables to Veraltis Hrvatska. When performing these activities, B2, Veraltis AM and Veraltis Greece jointly determine the purposes and methods of processing your data.

For further information related to the processing of your data, you can contact the contact information from this Notice or B2 or Veraltis Hrvatska at the address of the headquarters and at the number 01/5605 540, e-mail: dpo@presido.hr or zastita-osobnih-podataka@veraltis.hror Veraltis Greece: e-mail: dpo@veraltis.gr.

  • BACKB INVESTMENTS S.À.RL, (limited liability company), with its registered office in Luxembourg, Rue Joseph Junck 9, L-1839 Luxembourg, entered in the court register under number B-260.595 (“Issuer and founder of B2”) hereinafter referred to as BACKB. The company BACKB is a member of the B2Impact group.

The companies B2, Veraltis Greece and BACKB concluded a Master Servicing Agreement with each other. On that occasion, the contracting parties agreed that B2 will delegate the administration and management, as well as the performance of specific activities related to the servicing of claims to Veraltis Greece (as the Master Servicer). When performing these activities, B2 and Veraltis Greece and BACKB jointly determine the purposes and methods of processing your data.

The aforementioned companies, as joint controllers, will process your data in order to achieve jointly established purposes and methods of processing, and will jointly establish procedures for the purpose of: implementing the claim collection process; assessment and analysis of billing options in order to find the optimal solution for your individual situation; communications; determination of identity; analysis for the purpose of detection, prevention of money laundering and financing of terrorism; finding favourable solutions for all parties; processing and responding to your inquiries or complaints; cooperation during the implementation of internal and external audits; assessments and analyses of new portfolios of insolvent debts; responding to the requests of supervisory and/or other public bodies; optimization of the receivables collection process, including profiling without automatic decision-making (human intervention is required).

Please note that we do not process all of your data as joint data processors, but only those that are necessary to carry out the activities regulated by the Main and Local agreements on the provision of servicing services (for example, identification data on the debtor, name, surname, date of birth, address, financial data, data on assets that secure claims, other data related to the collection procedure).

You can exercise your rights arising from the General Data Protection Regulation, which relate to the provision of B2 services as a data controller responsible for the categories of data, purposes and grounds from this Policy, to B2 via the contact information provided in this Policy.

Each of the aforementioned joint data controllers separately and independently applies all necessary organizational and technical measures, including information security and protection systems, to ensure the security of your personal data and its protection against any accidental or unlawful destruction, loss, modification, prohibited dissemination and any another form of illegal processing. The measures thus applied guarantee a level of security appropriate to the risks of the type and nature of the processed data by using appropriate technologies to improve privacy and secrecy all in accordance with the GDPR.

11. Contact information for the protection of personal data

If you have any questions or requests regarding the above rights and other information, feel free to contact us:

Address: B2 KAPITAL d.o.o. with headquarters in Zagreb, Radnička cesta 41, HR-10000 Zagreb, phone: (0)1 5605 540.

Personal data protection officer: e-mail: dpo@presido.hr, zastita-osobnih-podataka@b2kapital.hr.

If you wish, in addition to a direct written request, you can send your request via the attached form below, which can help you when formulating your request and what you, as a data subject, want to achieve or ask of B2. You can send the completed request form for exercising your rights by mail or e-mail.

We will respond to all requests as soon as possible, and no later than within a month from the date of receipt of a complete Request.

In the case of an unusually large number of requests as well as in the case of the complexity of your inquiry, it is possible that we will need additional time to respond. In this case, we will inform you in a timely manner, and you will receive our answer no later than 3 months from the date of receipt of the formal request.

REQUEST FOR THE EXERCISE OF RIGHTS REGARDING THE PROCESSING OF PERSONAL DATA (General Regulation on the Protection of Personal Data (EU) 2016/679)

B2 kapital

Contact Us
B2 Kapital d.o.o.
Radnička cesta 41
10000 Zagreb
Croatia
 +385 (0) 1 5605 540
+385 (0) 1 5605 541
 centar@b2kapital.hr

MB: 04066740
OIB: 57509775367
Archives
Corporate account management
+385 (0) 1 800 11 70
CONTACT OF DATA PROTECTION OFFICER
zastita-osobnih-podataka@b2kapital.hr
Real Estate
+385 (0) 91 333 0319
CONTACT FOR PRESS INQUIRIES
press@b2kapital.hr

Cookie usage policy

PRIVACY POLICY AND PROTECTION OF PERSONAL DATA

Privacy notice for candidates

Disclaimer

Change cookies settings

© Copyright 2019 B2 Kapital d.o.o. All rights reserved.