- Sogelease Profile
- Info GDPR
INFORMATION ON THE PROCESSING OF PERSONAL DATA
(Version 01 / May 24, 2018)
BRD Sogelease IFN S.A., with headquarters in Bucharest, sector 1, Ion Mihalache Blvd. 1-7, 12th floor, BRD Turn block, registered with the Trade Registry under number J40 / 6764/2001, CUI RO 14080565, registration number in the Special Register RS-PJR-41-110006 / 30.11.2006 "SGL" processes personal data as an operator.
SGL processes personal data of the following target categories:
- clients, natural persons and authorized natural persons, members of the liberal professions and individual enterprises;
- Representatives of the legal entity client (legal or conventional), senior management, other key personnel within the client;
- direct and indirect associates of the legal entity customer;
- the real beneficiaries of the legal entity customer;
- guarantors and co-debtors,
- family members of the above persons;
- customer-appointed contacts, as appropriate
(collectively, "Target Persons").
SGL wishes to inform the Target Persons of how they process their personal data in the context of their work, as well as on the rights of the Target Persons, starting on May 25, 2018 (the date of entry into force of GDPR ).
SGL processes the following categories of personal data: identification data, contact data, economic and financial data, demographics, payment history history data, professional qualification data, warranty data, biometric data (signature).
A.SELECTION OF CLIENTS. CONCLUSION AND EXECUTION OF THE CONTRACT
a) Preparation of documentation for obtaining funding.
b) Preliminary verification before concluding the contract and making the decision to grant financing from the range of products offered by SGL;
c) Issuance of the financing contract and its accessories;
d) Preparation of the documentation for the sale and transfer of ownership of the goods.
In order to make a decision on the customer's request, SGL may query the internal database, the risk base of BRD Société Générale, external databases, and thus also access to personal data of the Target Persons.
We process the data of the Target Persons for: performance of the contract and monitoring of the contractual relationship and the risks associated with it.
During the course of the contract, in certain situations (such as difficulties in executing the contract), we will be able to contact the Visible Person through various channels (such as phone, email, instant messaging, letter, field visits) to find the best the performance of the contract and the continuation of the contractual relationship under the best conditions.
The conclusion and execution of the contract for the processing necessary and closely related to this purpose and the processing carried out at the customer's request for the conclusion and performance of the contract (Article 6 paragraph 1 letter b) of GDPR)
SGL's legitimate interest in ensuring compliance with the standards required for funding and operating in line with internal policies and standards imposed at Group level. Société Générale (Article 6 (1) (f) GDPR)
Compliance with specific legal obligations in the matter (Article 6 (1) (c) GDPR)
B.ECONOMIC-FINANCIAL AND ADMINISTRATIVE MANAGEMENT. ANALYZES AND INVESTIGATIONS FOR DOMESTIC USE
We use personal data to optimally organize and streamline our work. In this regard, we may use personal data, among others:
- for the organization of internal databases as support for the work of the SGL structures and departments.
- to improve and optimize our processes, products and services.
- to efficiently organize, perform and / or manage debt collection and debt recovery.
- to investigate possible fraud / suspicions of fraud.
- to support our position in various investigations, administrative and judicial proceedings, litigation, etc. in which SGL is involved.
- in the context of various analyzes, internal audit procedures and / or investigations conducted by SGL, on its own initiative or following receipt of a referral from a third party (including public authorities).
SGL's legitimate interest in streamlining and optimizing its activity (Article 6 (1) (f) GDPR).
C.ASSISTANCE TO CUSTOMERS (INCLUDING IMPROVING THEM) AND MANAGEMENT OF COMPLAINTS
In order to address customer requests and to keep them up to date with any changes / useful information on financial products used by SGL, we process some of the personal data of the Target Persons (those needed for each processing appropriate to that purpose - telephone number for contacting and providing telephone information, the data provided in the documents provided for changes requested in our systems, or solving various complaints / requests you have).
Also, in the context of the assistance we provide, we may process the data of the Target Persons either for the purpose of conceiving and transmitting specific notifications / information as well as for the subsequent storage of such notifications.
Concluding and executing the contract for the processing required and closely related to that purpose and processing at the request of the Target Persons for the conclusion of the contract (Article 6 paragraph 1 letter b of GDPR)
Compliance with specific legal obligations in the matter, where the law expressly provides for the transmission of certain periodic information to clients (Article 6 paragraph 1 letter c of GDPR)
Legitimate interests of SGL (i) to comply with a specific obligation and to avoid any negative consequences (when the law only generically imposes the obligation, without indicating the limits of the processing - the data, the purposes, the data subject, the duration of the processing, etc.) ii) to carry out their work according to internal and group standards. (Article 6 (1) (f) GDPR).
D. DIRECT MARKETING AND COMMERCIAL COMMUNICATIONS
We may use personal data of the Target Persons to transmit business communications from SGL or our partners, on the basis of the customer's consent.
If you are already a customer, we will be able to transmit commercial communications on SGL products and services using the contact details in our database if you have not exercised your right to object.
We are interested in customer opinion about our products and services, about SGL, in general, or about a particular topic relevant to our work. We will be able to periodically contact our customers to find out how we can improve our products and services, or how we can better respond to customer needs and expectations. Target Persons are not obliged to respond, and if they do not respond, it will in no way affect the relationship with SGL.
Consent (Article 6 paragraph 1 letter GDPR).
Legitimate interest (Article 6, letter f GDPR)
E.STATISTICS AND INTERN STUDIES
We are committed to constantly improving the quality of our products and services and monitoring customer relationship. Based on our legitimate interest, we use the data we collect from customers or other data we generate / deduct from the data received for various statistics, analyzes, and internal surveys in an anonymous format.
Legitimate interest (Article 6 paragraph 1 letter f GDPR)
F.COMPLIANCE WITH LEGAL OBLIGATIONS, INCLUDING THOSE DERIVING FROM ADMINISTRATIVE ACTS ISSUED IN IMPLEMENTING THE LAW AND COMPLIANCE WITH ANY OTHER REQUIREMENTS / STANDARDS
Sometimes, either for the conclusion / execution of the contract or for the actual conduct of the business, SGL has specific legal obligations involving the processing of Target Persons' data, such as: (i) knowing the client, including preventing money laundering and combating the financing of terrorist acts; (ii) performing specific reports provided by law to various public entities such as the NBR, the National Office for the Prevention and Control of Money Laundering; (iii) reporting to Société Générale Group companies (e.g., individuals, authorized natural persons, members of the liberal professions, individual enterprises).
For information on processing under our legal obligations, please feel free to contact us at the following coordinates.
In addition to legal obligations, we also have a set of internal / group-level reporting / management / internal / external audit obligations that may involve the processing of personal data of the Target Persons, including the request for additional data compared to those already provided.
Compliance with specific legal obligations in the matter (Article 6 (1) (c) GDPR)
SGL's legitimate interest in complying with a specific obligation and avoiding any negative consequences (when the law merely generates the obligation without indicating the limits of the processing - the data, the purposes, the data subjects, the length of the processing, etc.) and performs the specific activity under optimum conditions in compliance with all applicable standards. (Article 6 (1) (f) GDPR)
We process the personal data of the Target Persons that the customer provides us directly or we generate or deduce as a result of customer interaction with SGL.
In addition, we can obtain and process personal data of the Target Persons for the purposes described herein and other sources such as: Statistical Data Providers / Reports / Extracts, BRD / SG, Public Databases / Internet Search Engines , Internal and external business partners.
On a case-by-case basis, we can disclose Target Persons data to:
- Support suppliers for our products and services (invoicing, registration, imports, fines, insurers, insurance broker);
- Partners with whom we collaborate to distribute our products from various fields such as automotive, insurance, financial.
- Entities managing financial databases (such as the Credit Risk Center);
- Providers of marketing services such as marketing agencies, e-mail marketing service providers, web page development and maintenance service providers;
- Providers of archiving services;
- Providers of software / hardware and technical assistance / consultancy / management required for such products;
- Providers of legal assistance services, court bailiffs, commercial counseling, other assistance needed for SGL's work, acting in the field of counseling on various aspects;
- Providers of receivables and goods recovery services;
- Public Authorities for our compliance with specific legal obligations to collaborate with and / or control entities (including external auditors) requesting data from SGL in accordance with the legal provisions and rules established at Société Générale Group level;
- Companies in the Société Générale Group that may have access to certain customer data in the context of permanent oversight, major risk cases, or for the purpose of marketing and improving their own products / services.
- Providers of security and protection services;
- Providers of postal / courier services;
- Providers of training services for SGL staff.
In principle, we can transfer the data of data subjects in the European Economic Area (EEA) or the countries recognized by the Commission as ensuring an adequate level of protection of personal data. In some situations, we can always transfer the data to Target Persons to other states on the basis of appropriate safeguards.
We keep the data of the Target Persons as necessary to meet the purposes for which they were collected, with due regard for internal data retention procedures, including the applicable SGL archiving rules.
By law, Target Persons have the following personal data processing rights of SGL:
a) Right of access: Target individuals can obtain from SGL the confirmation that we process their personal data as well as information on the specific nature of the processing such as: the purpose, the categories of processed personal data, the recipients of the data, the period for which the data are the right to rectify, erase or restrict the processing. This entitlement allows the Target Persons to obtain a free copy of the processed personal data, as well as for any extra copies;
b) Right of Data Correction: Target Persons may ask us to modify incorrect Target Persons' data or, if necessary, fill in data that is incomplete;
c) Right to Deletion: Targeted Persons may request the deletion of their personal data when: (i) they are no longer necessary for the purposes for which we have collected and processed them; (ii) the consent to the processing of personal data has been withdrawn and we can no longer process it on other legal grounds; (iii) personal data is processed contrary to law; respectively (iv) personal data must be deleted in accordance with the relevant legislation;
d) Withdrawal of consent: Visually impaired persons may at any time withdraw consent to the processing of personal data processed on a consent basis;
e) Right of objection: Target individuals may at any time object to processing for marketing purposes and to SGL-based processing for reasons of their specific circumstances;
f) Restriction: Targeted Persons may request that their personal data be restrained if: (i) they contest the accuracy of personal data for a period that allows us to verify the accuracy of the data in question; (ii) the processing is illegal and the Target Person opposes the deletion of personal data, instead requesting the restriction of their use; (iii) data is no longer required for processing, but the Visible Person requests us for a court action; respectively, (iv) if the Target Person opposed the processing, for the period of time to verify that legitimate rights of SGL as an Operator override the Target Person's rights.
g) Right to Portability: Target Persons may require, under the law, to provide personal data in a structured, frequently used, automated way. If you request this, we may pass that data to another entity, if technically possible.
h) Right to Submit a Complaint to the Surveillance Authority: Interested Persons have the right to file a complaint with the data processing supervisor if you believe that your rights have been violated:
Autoritatea Națională pentru Supravegherea Prelucrării Datelor cu Caracter Personal
B-dul G-ral. Gheorghe Magheru 28-30 Sector 1, cod postal 010336 Bucuresti, Romania
FOR THE EXERCISE OF RIGHTS REFERRED TO ITEMS a) - g) ABOVE, YOU MAY CONTACT US USING THE CONTACT DATA REFERRED TO IN SECTION VIII (CONTACT).
For any questions about this notice information, or if persons concerned wish to exercise their rights, we can be contacted as follows:
BRD Sogelease IFN S.A.
In the attention of: Data Protection Officer BRD (DPO)
Mailing address: Bd. Ion Mihalache, nr 1-7, sector 1, Turn BRD, Postal Code 011171, București, România