Information for politically exposed persons, close associates of politically exposed persons, and family members of politically exposed persons whose personal data are processed by the Controller

For the purposes of this information notice, the terms: politically exposed person (hereinafter: “PEP”), close associate of a politically exposed person (hereinafter: “RCA”), and family member of a politically exposed person (hereinafter: “RCA”) are defined in accordance with the Act of 1 March 2018 on counteracting money laundering and terrorist financing (AML).

​

Pursuant to Article 14 sec. 1–2 and 5 let. b of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), Finobserve sp. z o.o. provides the following information regarding the processing of your personal data:

 

1. Controller

The controller of your personal data is Finobserve sp. z o.o., with its registered office in Kraków, Kazimierza Morawskiego 5/323, 30-102 Kraków, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków – Śródmieście in Kraków, 11th Commercial Division of the National Court Register, under KRS number: 0001120697, NIP (Tax Identification Number): 6772514021, share capital: PLN 5 000.

 

2. Contact with the Controller

You may contact the Controller:

1) by email at – gdpr@fin-observe.com

2) by telephone at – +48 (737) 170 - 043

 

3. Purposes and legal basis of processing

The Controller processes personal data in order to make them available as part of the services offered and to enable clients to fulfil obligations arising from legal regulations, in particular AML regulations, consisting in the identification of persons having the status of PEP or RCA.

 

The legal basis for the processing of personal data is the legitimate interest pursued by the Controller (Article 6 sec. 1 let. f GDPR), which consists in making personal data available within the services offered and enabling clients to fulfil obligations arising from legal regulations, in particular AML regulations, consisting in the identification of persons having the status of PEP or RCA.

​

The Controller processes contact details of PEPs and RCAs in order to directly fulfil the information obligation towards those persons.

​

The legal basis for the processing of personal data with regard to the contact details of PEPs and RCAs is the legitimate interest pursued by the Controller (Article 6 sec. 1 let. f GDPR), which consists in defence against potential claims.

 

4. Categories of data

The Controller processes the following categories of personal data: name and surname, image, name and surname of the spouse, date of birth, PESEL number, functions performed/official positions held, citizenship, information contained in asset declarations, and contact details, where such details could be determined on the basis of publicly available sources and where the information obligation was fulfilled directly towards the data subject.

 

5. Recipients of the data

The Controller may disclose your personal data to:

1) clients using the Controller’s services,

2) subcontractors (entities whose services the Controller uses in processing), such as IT service providers.

​

6. Source of data

The Controller obtained personal data from publicly available sources, i.e. from BIP (Public Information Bulletin) websites maintained for individual entities with which PEPs and RCAs are associated.

 

7. Data retention period

The Controller stores personal data for as long as the Controller’s legitimate interest exists. 

 

8. Automated decision-making

The Controller performs automated linking of personal data originating from different registers or published lists in order to present connections between data subjects.

 

9. Data subjects’ rights

You have the following rights:

1) the right of access to your personal data and to obtain a copy thereof;

2) the right to rectification of personal data;

3) the right to erasure of personal data;

4) the right to request restriction of processing of personal data;

5) the right to data portability;

6) the right to object to the processing of your personal data;

7) the right to lodge a complaint with the supervisory authority. 

 

To exercise the above rights, you may contact the Controller.