Privacy Policy

 

PRIVACY POLICY

 

Leasys Group has implemented this privacy policy to ensure that personal data is processed in accordance with applicable regulations:

- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR).

- Other applicable laws relating to the processing of personal data, including laws implemented at national level.

This privacy policy describes our policies for protecting information about our prospects, customers, our customers' employees, partners, our partners' employees, suppliers and visitors to our premises.

 

PERSONAL DATA PROTECTION AND MANAGEMENT

 

1. RESPONSIBILITY FOR DATA PROCESSING

  •       Leasys Polska sp. z o. o. ul. Puławska 338 02-845 Warsaw, as the data controller, is responsible for the processing of personal data transferred in the context of:

- Inquiries,

- Valuations,

- Orders,

- Ongoing management of contracts and services,

  •      Leasys Polska is not responsible for any disclosure of information to third parties outside the strict framework of using its websites or those of its partners. Therefore, the user is responsible for taking all necessary precautions to avoid errors or destructive elements such as viruses.

 

2. ADEQUATE, RELEVANT AND LIMITED DATA COLLECTION

  • To establish and maintain our relationship, we may collect various categories of personal information directly from you, such as:

- Identification data: surname, first name, citizenship, signature (or authorization to sign), Tax Identification Number, ...

- Contact details: postal address, e-mail, telephone number, ...

- Personal data: marital status, number of children, number of household members, ...

- Economic and financial data: bank name, bank address, bank account number, tax status, country of residence, ...

- How you browse our websites or applications: cookies, IP address, login and navigation data, ...

- User habits and preferences regarding the use of our products and services or contact with us.

- To check whether you are qualified to drive, we may ask you to show your driving licence.

  • If permitted by local law, we may use a provider with expertise in facial recognition technology to identify you in certain cases, such as electronic signatures. For sensitive data (biometric data), this provider will require your consent if you choose this type of authentication. The privacy policy of such a provider will be available on its website.
  • We may also collect information about other people indirectly who are connected to you (some of which we will inform you about, others you will need to inform us about):

- Heirs and beneficiaries in the event of death;

- In the case of legal persons: representatives and persons authorized to contact or cooperate, actual owners and shareholders;

- Customer employees or drivers (not leasing subscribers)

  • We may also collect certain data from the vehicle we rent to you: mileage, accident report, geolocation (disabled).

 

3. PERSONAL DATA PROCESSING

Our processing of personal data is lawful, fair, and transparent. Data is collected for specific, explicit, and legitimate purposes. The list below is not exhaustive and may change as a result of changes in legislation or our business strategy.

  • On the basis of a concluded contract (future client) or during the implementation of a contractual relationship (client) – legal basis: Article 6(1)(b) of the GDPR.

- When reviewing a long-term rental/extension (LTR) application, automated processes may be implemented through our banking intermediary or another intermediary used for this purpose (scoring or pre-scoring). This serves as a decision-making aid, ensuring human involvement in the decision-making process.

The user has the right to obtain an explanation of the decision and to challenge it by requesting its re-evaluation.

- The user can subscribe to additional services or some services on their own (without an LTR agreement).

- All operations related to the management of our cooperation from the pre-contract stage to the return of the vehicle.

  • Based on legal and regulatory obligations – legal basis Article 6(1)(c) of the GDPR.

We use some of your data to comply with certain legal obligations, either our own or those of third parties:

- Preventing and controlling money laundering and terrorist financing. We must comply with international sanctions and embargoes. This requires us to identify you and verify your identity when submitting a request.

- Leasys Polska and/or our financial intermediaries will review the regulatory documentation when considering your long-term rental application.

- In accordance with our legal obligations, we are also obliged to inform the relevant institution in the event of a payment incident covered by the requirement to be registered by the General Inspector of Financial Information (GIIF).

- In some cases, we may be required to provide information in response to an official request from a public authority, e.g. a court or administrative authority.

  •  Based on our legitimate interest (balanced with the protection of the interests and fundamental rights and freedoms of the user) – legal basis Article 6(1)(f) GDPR.

- We use some of your personal data to manage our customer relationships:

o Improving the quality of our products or services.

o Improved training for our advisors (by listening to or recording phone calls), tracking ongoing requests and improving our processes.

o Reporting, research, statistics and audits to monitor our activities and our commitments to shareholders.

- We also use your data to improve:

o Management, prevention and detection of internal fraud.

o Risk management and compliance.

- Managing amicable and contentious debt collection and, in general, any necessary judicial or extrajudicial actions related to the execution of our contract or any other extra-contractual actions,

  •  Based on the consent of the user (or their employees/drivers), which the user can withdraw at any time (opt-in) – legal basis Article 6(1)(a) GDPR:

- We will be able to conduct electronic marketing (e-mail and SMS).

- We may send you offers of products or services from us, our shareholders, Crédit Agricole Group & Stellantis Group or some of our partners.

- We may also invite you to participate in competitions or promotional offers.

 

  •  Based on our legitimate interest or consent – legal basis Article 6(1)(f) GDPR or Article 6(1)(a) GDPR:

- Call center management (providing telephone services to its clients to support the management and implementation of the contract);

- Maintaining the website and managing cookies (some data is collected using cookies, which allow for a more comprehensive use and improve the browsing experience, combat fraud and analyse the performance of our website and our services);

- Conducting satisfaction or opinion surveys (customers, potential customers, ...).

-          

- Profiling (profiling settings that enable us to better understand your profile and interests, in particular to personalise your experience of using our website and services, and to tailor marketing activities to your needs and interests).

 

4. DATA STORAGE PERIOD

We process your personal data in a form that permits your identification, no longer than necessary to achieve the processing purpose. Once that purpose is achieved, your personal data is deleted or anonymized.

We delete or anonymise personal data, in particular in the following cases:

  • the data subject withdraws consent to the processing of personal data, and this consent was the sole basis for processing,
  • the data subject effectively objects to further processing,
  • the limitation periods for any claims have expired,
  •  the periods for which the applicable legal provisions require us to store personal data have expired.

 

5. THIRD PARTIES INVOLVED IN DATA PROCESSING

In some cases, Leasys Polska transfers your personal data to third parties who are independent "data controllers" or our processors. Only data strictly necessary for the performance of such third parties' tasks will be transferred. Leasys Polska may share data:

  •  other Leasys SpA affiliates and its shareholders, Crédit Agricole Group & Stellantis Group, for the performance of a contract with you or for legitimate commercial interests (consent, contract and legitimate interest);
  • dealers or intermediaries from their brand/distribution network or from our broker (consent, agreement and legitimate interest);
  • in the event of a suspected violation of third party rights, unlawful acts or abuse, we may transfer personal data to third parties who have a legitimate interest in doing so, to supervisory authorities or administrative or judicial authorities (legal obligation, legitimate interest);
  • parties who assist us in providing services and are not subcontractors. For example, accountants and legal advisors, banks, insurance companies, and car manufacturers (legal obligation, legitimate interest);
  • our data processors and their employees: external entities to whom we commission certain data processing activities. For example:

- suppliers of IT systems and data hosting,

- providers of other services (e.g. banking, insurance, customer service, organization or performance of quality and satisfaction surveys),

- entities that help us implement marketing activities: monitoring the quality of our services or partnerships or for commercial purposes;

 

We have signed agreements with each of our data processors to ensure that your data is processed with appropriate safeguards and only in accordance with our instructions;

  • System administrators: our employees or employees of data processors to whom we have entrusted the management of our IT systems and who may therefore access, modify, or otherwise process your personal data. These individuals have been selected, appropriately trained, and their activities are monitored. 

 

6. DATA TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA

 

  • User data will not be transferred to a third country or an international organisation, except in exceptional and strictly necessary cases.
  • If necessary, for technical or operational reasons, data may be processed in countries outside the European Economic Area, provided that there is a decision by the European Commission on the adequacy of the level of data protection in such countries (list regularly updated by the supervisory authorities and available on their websites).
  • In the absence of such a decision, any transfer of personal data to third countries will only be possible if another legal basis for such transfer is provided, including standard contractual clauses adopted by the European Commission ((EU) 2021/915). To receive detailed information on the safeguards applied, please contact us by sending an email to daneosobowe.pl@leasys.com .

 

7. LINKS TO THIRD-PARTY WEBSITES

Third-party websites accessible via hyperlinks or links are the responsibility of those third parties. Leasys Polska is not responsible for the transfer of personal data to third-party websites.

We recommend that you review the privacy policy of the relevant third party for information about how that third party manages your personal information.

 

8. MARKETING, PROFILING AND COOKIES

  • Leasys Polska uses cookies (small text files that are placed and stored on your computer). Detailed information is provided in our cookie policy, which can be found in the footer of the page.

The purpose of collecting the minimum amount of data (technically necessary) is to enable the website to function properly and to identify fraudulent or repeated connection attempts in order to protect the connection system against misuse.

  • Our website uses Google Analytics 4, a web analytics service provided by Google Inc. ("Google"). Google Analytics 4 uses cookies to analyze website usage. The information generated by the cookie about your use of the website is transmitted to and recorded by Google (https://support.google.com/analytics/answer/12017362?sjid=15918576281740044030-EU).
  • With your consent, we use this data to:

o Ensuring the consistency of user experience;

o Creating reports on website activity;

o Offering other services related to the operation of the website and the use of the Internet.

 

  • You can set your cookie preferences when you first log in (or each time you log in privately) or change your consent in the "Manage my settings" section of our cookie policy.

 

9. INTERACTIONS WITH SOCIAL NETWORKS

  • Customer support via social media

You can also contact us through our social media channels. For example, if you send us a message or post on our social media accounts, we may use the information contained in the message or post to contact you regarding your question/request. To provide the requested assistance, we may ask you to provide additional information in a direct or private message, such as details about the problem, name, email address, phone number, location (city/country), license plate number, vehicle identification number (VIN), and/or make, model, and year of your vehicle. The information you provide will not be used for direct marketing purposes; market research to improve our services and products will be conducted solely on the basis of aggregated (anonymous) data.

o Please remember that sensitive information (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, or health status) should not be shared in messages. Anyone can read a message posted in a public space on a social network.

  • Social media links

Our website contains links to social networks.

To protect the personal data of our website visitors, we do not use social media plugins. Instead, HTML links are integrated into the page, enabling easy sharing on social networks. Integrating such a link prevents direct connections to various social network servers when accessing our website. Clicking one of the buttons opens a browser window and redirects the user to the relevant social network's website, where (after logging in) they can, for example, use the "Like" or "Share" button.

o For more information on the purpose and scope of data processing and the subsequent use of your personal data by social networks and their websites, as well as your rights and possible parameters for protecting your privacy, please refer to the data protection policies of the individual social networks.

Facebook: http://www.facebook.com/policy.php

Twitter: https://twitter.com/privacy

Instagram: https://help.instagram.com/155833707900388

You Tube: https://www.google.de/intl/de/policies/privacy/

LinkedIn: https://www.linkedin.com/legal/privacy-policy

 

10. ENFORCING YOUR RIGHTS

In accordance with applicable law, you may exercise your rights within the scope of our services, to the extent permitted by such law:

Laws

Description

GDPR Article

Information and access to data

The user may obtain information on the processing of his or her personal data as well as a copy thereof.

We will provide you with information, including on the purposes of processing, the categories of data processed, recipients, the period of their storage, and your rights to rectify, erase, limit the processing of your data or object to processing, if applicable.

13 and 15

Rectification

The user may request that their data be corrected if it is incorrect, outdated or incomplete.

16

The right to delete data (the right to be forgotten)

The user may request the deletion of his or her data.

17

Limitation of data processing

The user may request that the processing of his or her data be restricted.

18

Data transfer

Users may request the transfer of their data to another data controller. This copy must be in a structured and machine-readable (electronic) format.

20

Opposition

The user objects to data processing (e.g. profiling) for reasons relating to his or her particular situation.

21

Withdrawal of consent to data processing

The user may withdraw his consent at any time

7

      

  • To exercise the rights set out above, you may, at any time, without giving any reason and free of charge, send your request to the following email address:  daneosobowe.pl@leasys.com . You may be asked to confirm your identity by providing certain information or copies of official documents.
  •  The User also has the right to lodge a complaint with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, or to use
  • from the legal protection measures provided for in applicable law.

 

11. PROTECTION

We have taken appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against loss, destruction, alteration, unauthorised disclosure or unauthorised access.

 

12. CHANGES TO THIS PRIVACY POLICY

  • We reserve the right to unilaterally amend or supplement this Privacy Policy. We recommend that you review it regularly.
  • This Privacy Policy was last updated on December 18, 2024.

13. CONTACT WITH LEASYS

If you have any questions or comments regarding this Privacy Policy or the processing of your personal data, please contact the Data Protection Officer for detailed explanations by post at the following address:

Leasys Polska sp. z o. o. ul. Puławska 338 02-845 Warsaw or by e-mail: daneosobowe.pl@leasys.com .