We're here for you.

Would you like to know more about our services? 

Call us on: +371 6000 20 50


Do you want to find your nearest branch?
Click here

 

 


Information about your opt-out right under Article 21 GDPR

 

 

 

1. Right to opt out in individual cases

 

 

 

You have the right, at any time, to opt out of any processing of your personal data taking place based on Article 6 (1 e) GDPR (data processing in the public interest) and Article 6 (1 f) GDPR (compliance with legitimate interests), for reasons relating to your own particular situation; moreover, the right to opt out of any processing of your personal data is also subject to profiling based on those regulations. 

 

If you opt out, we will not process your personal data anymore, unless we are able to prove that there are legitimate compelling reasons for the processing that prevail over your interests, rights and freedoms, or the purpose of the processing is to assert, exercise or defend our or third parties legal claims. 

 

 

 

2. Right to opt out from data processing direct advertising purposes 

 

 

 

In individual cases, we will process your personal data for direct advertising purposes. You have the right to opt out of having your personal data processed for such advertising purposes at any time; this also applies to profiling if this is connected to this kind of direct advertising. 

 

If you opt out of having your data processed for direct advertising purposes, we will no longer process your personal data for these purposes.

 

Opting out can take any form but should be sent in the form of corresponding notice to the following address: 

 

 

 

SIA "GC Leasing Baltic"

 

FAO the data protection officer

 

Vienibas gatve 109

 

LV-1058, Riga

 

Latvia

 

Email address: datu-aizsardziba@grenke.lv

 

Data protection information

2. What sources and data do we use?


We process personal data that we receive from our customers through our business relationship. We also – if required to provide our service – process the personal data that we are permitted to obtain from publicly accessible sources (e.g. lists of debtors, land register, the register of companies, foundations and associations, the press, the internet) or sent to us from our sales partners or other third parties (e.g. a commercial ;icensed re-user of data included in the public registry) with good authorised cause. 

The personal data of relevance is as follows: 

 

  • Personal details (name, address, national ID number,date of birth)

  • Contact details (telephone number, email address)

  • Identification details (e.g. ID information)

  • Authentication data (e.g. specimen signature)

  • Order details (e.g. payment order)

  • Data collected to fulfil our contractual obligations (e.g. sales data from payment transactions)

  • Information about financial situation of  the parties involved in the transaction (e.g. credit information, scoring/rating data, origin of assets)

  • Advertising and sales data (including advertising scores), documentation data (e.g. meeting minutes)

  • Other data similar to the categories listed above.

 

3. Why do we process your data (the purpose of the processing) and on what legal basis?

 

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Law on Personal Data Processing: 

 

a. To fulfil contractual obligations (Article 6 (1 b) GDPR) 

 

Data is processed in order to provide financial services contracts to our customers or in order to take measures at the request of you prior entering into a contract. The purpose of the data processing will be geared in the first instance to the product itself (e.g. leasing and factoring) and may encompass needs assessment, consultation and the execution of transactions. For further details of the purposes for which data is processed, please refer to the relevant contract documents and terms and conditions. 

 

b. As part of balancing interests (Article 6 (1 f) GDPR)

 

If necessary, we will not only process your data for the actual fulfilment of the contract, but also to protect our own legitimate interests and those of third parties, especially:

  •  consultation and data sharing with licensed data re-user of Register of Enterprises of the Republic of Latvia to determine credit and default risks.

 

For the purposes of checking any credit or default risks, and to defend ourselves against any criminal acts, we provide Limited Liability company “CREFO Rating” (sabiedrība ar ierobežotu atbildību "CREFO Rating"), registration No. 40003807493, legal address Skanstes street 50, LV-1013, Latvia, with data concerning the request and the applicant. Furthermore, we will send personal data collected for the request for, execution and ending of this business relationship, as well as data for behaviour not in compliance with the contract or for fraudulent behaviour toLimited Liability company “CREFO Rating” .The legal basis for sending this data is Article 6 (1 b) and Article 6 (1 f) of the GDPR. Other basis for sending the information to Limited Liability company “CREFO Rating”  may be based on Article 6 (1 a) of the GDPR in the event that the person has given a clear and unambiguous consent to the processing of his data.

Article 6 (1 f) GDPR may only be used as the basis for sending the data if this is necessary for protecting our legitimate interests and legitimate interests or third parties, thus processing this kind of personal data is more important than the interests or basic rights and fundamental freedoms of the person affected who needs their personal data to be protected. 

The data re-user company of Register of Enterprises of the Republic of Latvia will process the data received and also use this to create (evaluate) an entityprofile (scoring), in order to provide their contractual partners in the European Union and in European Economic Area and Switzerland, and, where necessary, other third party countries (provided there is a decision from the European Commission foran adequacy of the level of protection of personal data ) with information so they can assess the creditworthiness of natural persons, among others.

Our company has collaboration with licensed data re-user of the Register of Enterprises of the Republic of Latvia that provides all the information available in the Register of Enterprises of the Republic of Latvia for credit management and credit risk management. our service provider is:

Limited Liability company “CREFO Rating", registration No. 40003807493, legal address Skanstes street 50, LV-1013, Riga, Latvia.

 

For detailed information as described in Article 14 GDPR regarding activities undertaken in processing personal data by the mentioned company, please refer to the information provided about the respective company to the following link: www.crediweb.lv

 

  • To analyze the conditions for selling the products and to optimize the procedures, in order to provide customers with appropriate access to products
  • Advertising or market and opinion research, if you have not objected to your data being used

  • Assertion of legal claims and defense during legal disputes

  • Guaranteeing IT security and safeguarding IT system operations at our company

  • Prevention and clarification of criminal acts

  • Building and plant safety measures (e.g. access control)

  • Measures to guarantee requirements of national supervisory authority

  • Business management measures and measures to develop products and services

 

c. Based on your consent (Article 6 (1 a) GDPR) 

 

If you have given us your consent to process personal data for certain purposes (e.g. forwarding your personal data within the companies belonging to the Group, evaluating payment transaction data for marketing purposes), it will be lawful to do this processing based on the consent you have given..

 

d. Based on statutory provisions (Article 6 (1 c) GDPR) or public interest (Article 6 (1 e) GDPR)

 

We are required to meet various legal requirements (i.e. the provisions of the laws on the prevention of money laundering and legal acts regulating tax issues) and specifications applicable to leasing providers  . Reasons for processing data includes to check the creditworthiness, to confirm identity and age, to prevent fraud and money laundering, to fulfil checking and notification requirements set by tax law, and to assess and manage risks.

 

4. Who will receive my data?


The offices at our companies who need access to your data so that we meet our contractual and legal requirements will receive access to your data. The service providers and agents that we use may also receive the data for these purposes, if they maintain confidentiality obligations in accordance with GDPR requirements and other personal data protection laws. These companies that provide us with support for basic services, fall into the categories of credit-lending services, IT services, logistics, printing services, telecommunications, debt collection, advice and consultation, plus sales and marketing.

Please bear in mind that we are required to keep all customer-related data and valuations that we know confidential, implementing appropriate technical and organizational measures to protect personal data from unauthorized access, unlawful processing or disclosure, accidental loss, alteration or destruction. We are only permitted to forward information about you if statutory provisions demand this, you have given your consent for this or if it is necessary for the establishment, termination or monitoring of mutual relationships . Potential recipients of personal data under these conditions include (for example):

 

  • State bodies and institutions (e.g. the Bank of Latvia, The Office for Prevention of Laundering of Proceeds Derived from Criminal Activity, tax authorities, law enforcement agencies) if there is a statutory or official obligation to do so. 

  • Other credit and financial service providers or similar institutions to whom we send personal data in order to maintain the legal relationship with you (e.g. correspondent banks, licensed data re-user of the Register of Enterprises of the Republic of Latvia, depending on the contract). 

  • Other companies within our Group conducting a risk controlling process because of a statutory or official requirement to do so.

  • Our company works closely with GRENKE AG (Neuer Markt 2, 76532 Baden-Baden, Germany – parent company of GRENKE Bank AG), for example, in connection with the administration of leasing contracts, credit decision-making process based on valuation, marketing, IT procurement and software licensing, leasing asset insurance, control and leasing product development. To provide leasing payments through the direct debit process, our company provides data to GRENKE AG Finance Department and uses its resources.

If, in accordance with these data bases, other people are involved in the processing of your data, we undertake to verify that these persons process your personal data in accordance with the requirements of the GDPR and other data protection laws.

 

5. Is data sent to a third country or to any international organisation?

 

In everyday economic activity, customer personal data is processed in the European Union and in the European Economic Area (EU / EEA), but in some cases they can be transferred and processed in third countries outside the EU / EEA.Data will be sent to third countries if

 

  • it is necessary for carrying out your orders (e.g. payment orders),

  • it is legally required (e.g. notification is obligatory under tax laws) or 

  • you have given us your consent to do so. 

 

6. How are my data processed on the website?

 

Unless indicated otherwise, we only process your data on our website in the following way in order to process your request (Article 6 (1b) GDPR) or because of legitimate interests we have (Article 6 (1f) GDPR): 

 

a. Usage data

 

Any time you access a page or a file, generic data are saved automatically in a log file via this procedure. The data are saved for system-related and statistical purposes only, or as an indicator of criminal acts in certain exceptional cases.

We use these data to improve our websites and to present you with content reflecting your interests on various website pages and on multiple end devices. No usage data are combined with personalised data as part of this process. If you decide to send us your data, these data will have a back-up to ensure that due to technical or software errors your data is not damaged or lost. The same applies to data saved in our system. For security reasons, we will save your IP address.

We do not create a browser history. Data are not forwarded to third parties or otherwise processed unless there is a legal obligation to do so.

 

More specifically, the following data set is stored from every processing request:

  

  • The end device used

  • The name of the file accessed

  • The date and time of the request

  • The time zone

  • The amount of data transmitted

  • Notification of whether the request was successful

  • Description of the type of web browser used

  • The operating system used

  • The page visited before

  • The provider

  • The user’s IP address

 

b.Contact us/requests

 

If you contact us (e.g. using contact forms), we will save your data for the purposes of processing your request and also in case further correspondence is necessary. All data are deleted after your request has been processed. This does not include data for which there is a corresponding legal or other requirement to keep the data.

 

c. Registration

 

We only use the data given to us during registration so that it is possible to use our website.We collect the following data during the registration process:

 

  • Email address,

  • Username,

  • Password.

 

d. Newsletter

 

Subject to your consent (Article 6 (1a) GDPR), we would be happy to keep you informed of recent developments with our newsletter. For us to send you the newsletter, you have to enter your name and email address and also have the option to provide other information voluntarily. After you have sent your email address, we will send you an email to the email address you entered, in which you have to click a confirmation link to verify the email address you entered.

We only store your data for the purpose of sending our newsletter. We also store your IP address and the date of your registration as proof of your registration for the newsletter in cases of doubt.

You can unsubscribe from the newsletter at any time by clicking on the ‘Unsubscribe’ link at the bottom of the newsletter. 

 

e. Use of cookies

 

To make visiting our websites an appealing experience and to make it possible to use certain features, we use cookies on different pages. Cookies are small text files that are stored on your end device. Some of the cookies that we use are deleted again at the end of the browser session, i.e. after you close your browser (session cookies). Other cookies remain on your end device and enable us or our partner companies to recognise your browser again the next time you visit (persistent cookies).

Cookies do not make it possible to access other files on your computer, or discover your email address.Most browsers have settings that mean they accept cookies automatically. If the standard settings are saved for cookies in your browser, all processes will run unnoticed for you in the background. You can change these settings, however, in your browser.

You can adjust your browser so that you are informed when cookies are set and can make individual decisions about accepting them, or generally rule out cookies in certain cases.

If you restrict cookies, some individual features of our website may be restricted too.

 

f. Range analysis using Matomo

 

We have a legitimate interest (i.e. an interest in the analysis, optimisation and cost-effective operation of our website within the meaning of Article 6 (1f) GDPR) in the use of Matomo, software designed to statistically evaluate user access. Your IP address is shortened before it is saved. Matomo uses cookies that are saved on the users' computers and make it possible to analyse use of this online service by the users. Pseudonymous use profiles may be created for the users during this. The information generated by the cookie about your use of this online service is stored on our server and not forwarded to third parties. You can opt out of this data processing as follows:

 

g. Embedded YouTube videos

 

In line with our legitimate interests, we embed YouTube videos on our website; these videos are stored on www.youtube.com and can be viewed directly on our website. 

 

If you visit the website, YouTube is notified that you have opened the relevant page of our website. Additionally, the data described in section 6 a) are transmitted. This happens regardless of whether or not you have a YouTube account that you have logged into. If you are logged into Google, you data will be attributed to your account directly. If you do not want the data to be associated with your YouTube profile, you must log out before you click on the button. YouTube stores your data as a user profile and uses them for the purposes of marketing, market research and/or customising its website. In particular, your data are evaluated this way (even if you are not logged in) in order to provide personalised advertising and notify other users of the social network of your activity on our website. You are entitled to object to the creation of these user profiles; you must contact YouTube if you wish to exercise this right.

See the privacy policy for more information on the scope and purpose of data collection and processing by YouTube. The privacy policy also contains more information on your right to revoke consent and how to configure your browser in order to protect your privacy: https://policies.google.com/privacy 

Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield.

 

7. Which data is processed on the partner portal?

 

At gfs.grenke.de we provide access to registered dillers to their user account on our Partner Portal, where you as a diller or your assigned employee can use these features.

 

a. Registration

 

In the framework of the registration process, we obtain the following data:

• company's requisites and address;

• contact information (office telephone number, official e-mail, contact person's contact details);

 

You can also enter other (optional) data voluntarily to personalize your user account.

As a diller, you can give access to selected employees to your user account on our Partner Portal.

 

b. Functions

 

On the portal of our cooperation partner we offer the following functions:

  • Generation and storage of offers and requests;
  • Archives of saved offers, requests and contracts;
  • Administration of Diller user accounts;
  • Launching the process of an electronic contract (eContract) signing.

 

c. Data processing

 

We use the data presented at the time of registration or use of the functions to the extent necessary to fulfill the function of the respective Partners's portal, contract or pre-contractual arrangements pursuant to Article 6 (1) (b) of the GDPR.

To the extent necessary, we process the data obtained during the duration of the contractual relationship and also after the actual performance of the contract in order to protect our legitimate interests and legitimate interests of third parties, in particular in cooperation and exchange of data with credit agencies, other reference institutions and databases (for example, Limited Liability Company “CREFO Rating”, "FIRMAS.LV" Ltd.) for solvency or credit risk determination in leasing transactions.

 

d. Liability

 

As far as you enter data for the processing described on the Partners's portal, you are responsible for the permissibility of obtaining and registering on the Partners's portal or any related data protection requirements, including the accuracy and relevance of the data provided. If your data has changed, you must immediately correct the data in the personal settings of the user account.

It is your responsibility and you must ensure that access to your created user account is exclusively possible for you or your authorized representatives. If you suspect that an unauthorized third party is aware of or can access your access data, you should immediately notify us by using the contact details provided here.

 

You are responsible for the applicable legislation for each activity performed on our Partners' Portal, using your access data.

 

We are responsible for data protection processing and data security when processing data described in the previous paragraph.

 

e. Passwords

 

Access to the created user account is possible only after entering your individual password. You or your employees are required to choose a secure password and protect the password from third-party access.

 

f. Revocation and account deletion option

 

You can delete the registered data at any time on the Partner's portal, and you can disable the User Account at any time in the administration section.

 

It will also allow you to opt out to the storage of such personal data that are entered during registration and while used.

 

Data stored by us is also deleted as soon as it is no longer needed for the purpose for which it was obtained and such deletion is not in conflict with data storage obligations. If data is not deleted, because it is necessary for other legitimate processing purposes, processing of this data is limited, i.e., data are processed only for specific legitimate purposes. This applies, for example, to user data that should be stored for business or tax reasons.

 

g. Prohibited activities

 

You are prohibited from engaging in any activity on your user account which would violate applicable law or rights of third parties. In particular, you are not allowed to use such content that would obviously violate rights of the third party. When placing your content to our Partner portal as well as when contacting other users, the following actions are prohibited, regardless of whether it creates any breach of the law:

  • distribution of viruses, Trojan horses and other malicious programs;
  • sending spam and junk e-mails, as well as chain letters;
  • harassment against other users;
  • encouraging other users to disclose passwords or personal data to use them for illegal purposes.
 
 

8. How long is my data saved?

 

We process and store your personal data for as long as is necessary to fulfil our contractual and legal obligations. To determine the period of your personal data storage we take into account, for example, the requirements of the applicable laws and regulations on accounting, commerce, civil liability and the prevention of money laundering. Please note that our business relationship is a continuing obligation that is set up for years.

 

If the data is no longer required to fulfil contractual or legal obligations, it will be deleted periodically unless temporary further processing is required for the following purposes:

  • Fulfilment of a duty to preserve the data under the Commercial Law and Civil Law;

  • to fulfill the obligations related to the retention of data in accordance with the legislation regarding accounting;

  • to fulfill obligations related to the retention of data in accordance with the valid legislation of the Republic of Latvia and the tax regulations (Law on Taxes and Duties, Law on Corporate Income Tax, Law on Value Added Tax, etc.);

  • to fulfill the obligations related to the Law on the Prevention of Laundering the Proceeds from Criminal Activity (Money Laundering) and of Terrorist Financing.

 

Legislation mentioned requires the data to be stored/documented for up to ten years (limitation periods), however, observing the principle of minimizing data in accordance with Article 5 (1 c) of the GDPR, we will individually decide, on the need for data retention and a retention period, on an individual basis.


9. What data protection rights do I have?



Each individual that is identified as a data subject within the meaning of Article 4 (1) of GDPR and with which we deal with has a right:

  •  of access to its data and acquiring relevant information in accordance with Article 15 GDPR, 
  • of demanding and supplementing inaccurate data in accordance with Article 16 GDPR, 
  • of demanding to erase personal data in accordance with Article 17 GDPR, 
  • to attain restrictions of personal data processing in accordance with Article 18 GDPR, 

  • to object to data processing in accordance with Article 21 GDPR.


You may withdraw your consent to your personal data being processed by us at any time. This also applies to the withdrawal of declarations of consent received before 25 May 2018, the date on which the GDPR comes into force. Please note that this withdrawal will only be effective from the moment it is notified to us, provided that there is no other legal basis for your personal data processing in accordance with Article 6 of GDPR. It will not apply to any data processed before the corresponding notification was received, as well as in case there is another legitimate basis for the further processing of your personal data .


10. Do I have to provide data?


You need to provide us with the personal data necessary for us to enter into and maintain a business relationship and to fulfil the requisite contractual obligations associated with this, or when law requires us to collect it. Without this data, we will usually not be able to enter into a contract with you or to execute this contract.

More specifically, pursuant to money laundering requirements we have to verify your identity before we enter into a legal relationship with you, and to find out and record your name, place and date of birth, nationality, address and ID data (if possible) when doing so. To ensure that we can meet this obligation, you have to provide us with the necessary information and documents according to Law on the Prevention of Laundering the Proceeds from Criminal Activity (Money Laundering) and of Terrorist Financing and notify us immediately of any changes occurring during our legal relationship. If you do not provide us with the necessary information and documents, we will not be permitted to enter into or continue the legal relationship.


11. To what extent will decision-making be automated?


To establish and maintain the business relationship, we do not use fully automated decision-making in accordance with Article 22 GDPR. If we use this procedure in individual cases (e.g. marketing purposes or solvency evaluation), we will provide you with separate information about this, if required by legislation applicable to such processing of personal data.


12. Do you do profiling? 


We automate the processing of your data in some cases with the purpose to evaluate certain aspects of you personally (profiling). We use profiling in the following cases (for example):

 

  • Due to legal and regulatory requirements, we are duty-bound to fight money laundering, the funding of terrorism and criminal acts putting our assets at risk. We perform your data processing even within the framework of our existing cooperation (including during payment transactions). These measures have also been put in place to protect you. 

  • We use evaluation tools to provide you with targeted information and advice about products (goods and services), that you already purchased from us. These make it possible to communicate and advertise (including market and opinion research) and offer you our products in a way that meets your needs. 

  • When processing and analyzing your creditworthiness information we perform creditworthiness and credit risk evaluation. This process calculates the probability of a customer meeting their payment obligations in accordance with the contract. This calculation will factor in solvency, expenses, existing liabilities, employment, employer, length of service, experience from previous business relationships, repayment of previous loans as contractual agreed-upon, as well as information from licensed data re-user of Register of Enterprises of the Republic of Latvia, for instance. The score values calculated help us to make decisions on product sales and are factored into routine risk management procedures. 

     

     

 

Information about your opt-out right under Article 21 GDPR

 

1. Right to opt out in individual cases

 

  

You have the right, at any time, to opt out of any processing of your personal data taking place based on Article 6 (1 e) GDPR (data processing in the public interest) and Article 6 (1 f) GDPR (compliance with legitimate interests), for reasons relating to your own particular situation; moreover, the right to opt out of any processing of your personal data is also subject to profiling based on those regulations. 

 

If you opt out, we will not process your personal data anymore, unless we are able to prove that there are legitimate compelling reasons for the processing that prevail over your interests, rights and freedoms, or the purpose of the processing is to assert, exercise or defend our or third parties legal claims. 

 

  

2. Right to opt out from data processing direct advertising purposes 

 

  

In individual cases, we will process your personal data for direct advertising purposes. You have the right to opt out of having your personal data processed for such advertising purposes at any time; this also applies to profiling if this is connected to this kind of direct advertising. 

 

If you opt out of having your data processed for direct advertising purposes, we will no longer process your personal data for these purposes.

 

Opting out can take any form by approaching us on the following contact infromation: 

 

 

SIA "GC Leasing Baltic" FAO the data protection officer

Vienibas gatve 109

LV-1058, Riga

Latvia

Email address: datu-aizsardziba@grenke.lv