Privacy Policy

Data Controller: B2Kapital Cyprus Ltd (hereinafter referred to as “B2K” or the “Company”). In case B2K is acting as “joint controller” with another entity you will be informed accordingly.

Contact information:

B2Kapital Cyprus Ltd,

To the attention of the Data Protection Officer (DPO)

Μακαρίου 56 & Δημοφώντος, Lamda Tower, 1οςόροφος, 1075, ΛευκωσίαΚύπρος,

dpo@b2kapital.com.cy

tel: +357 25259620

fax: +357 25256107

Our Principle

B2K is a credit acquiring company under the supervision of the Cyprus Central Bank.  In the course of its business, B2K deals with the personal information of its debtors / their guarantors / collateral providers (“the data subjects”) and it is important for B2K to protect and respect this information and to protect the privacy of its data subjects.  Ensuring that your personal data is processed correctly and in accordance with applicable legislation is therefore a fundamental principle of the business.  The following is information about how B2K collects and processes the personal data of data subjects.

Definitions

GDPR: The General Data Protection Regulation 2016/679 is an EU regulation on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas.

Personal Data: Personal data means any information relating to an identified or identifiable natural person.   Examples of personal data are social security numbers, names and addresses.

Sensitive personal data can be, among others, data concerning health, genetic data and biometric data.  B2K may process health data only for the purpose of assessing and establishing the level of the data subject’s ability to meet his/her financial obligations

Personal Data Processing:  All forms of personal information actions are personal data processing, such as collection, registration, organization, structuring, and storage.

Collection of information

B2K mainly collects its data subjects’  personal data from a former creditor, such as a bank, when B2K takes over (buys the rights to), for example, a loan or credit agreement (which has expired).  In addition to financial information about the claim itself, such as a copy of the credit/loan agreement, the amount of the capital, the current interest rate, costs and transaction information, the data subject’s  identification and contact information is also collected.  Such information is e.g. the name, social security number, home and/or business address, and in some cases the telephone number and e-mail address. This is necessary in order for B2K to identify its data subjects and enable the collection of claims taken over by the company, whilst also complying with anti-money laundering legislation.

In the case of a data subject appointing a representative, B2K will also process information about that person along with the data subject’s own information.

In some cases, personal information is also collected directly from the data subject.  This can be done by the data subject calling or in any other way he/she delivers to B2K new information, such as changing his/her contact information or providing information regarding his or her home address or place of employment.  In addition, financial details about the debtor/guarantor’s spouse (and family, where applicable) may be collected where the debtor/guarantor agrees to pay off the debt over a period of time.

Collection via the website, cookies

If a data subject or other visitor on B2K’s website approves the use of cookies, B2K will save a cookie on his computer, mobile phone or other device used.  B2K may use the information from cookie files to analyse the traffic on the website, for example, to see who visited the B2K website at a certain time. This way the company can evaluate how the website can be further developed.  It is possible for a visitor on the website to deny the installation of B2K cookie files by enabling the relevant setting through their browser.  In addition, all cookie files can be deleted at any time the visitor chooses to do so on his browser.  Information potentially collected through cookies, would be processed according to the data subject ‘s consent. In addition, a data subject may share his personal data through our website in order to contact B2K or to express interest on a job vacancy.

Collection of Sensitive personal data

We may also collect, in accordance with applicable law and with the explicit consent  of the data subject, and process certain sensitive personal information of himself/herself, with reference to his/her health (physical and mental) status, as follows: social security certificates, evidence of current and previous injuries, of disabilities, a medical diagnosis, medical and medicinal treatment, medical reports, doctor’s certificates, government certification of medical condition and any other information related to your medical history, for the purpose of assisting B2KAPITAL in assessing and establishing the level of the data subject’s ability to meet his/her financial obligations.

Use of the information (Purpose and legal basis)

In the context of debt management and in accordance with the legal basis of the execution of the contract, B2K will process your personal data for the following purposes, namely to the extent it is necessary for us to:

  • administer your loans, including managing any repayments;
  • maintain our records and to communicate with you via e-mail, mail or phone;
  • recover any debt you owe, including tracing your whereabouts;
  • take enforcement action through governmental authorities or courts;
  • update personal information, such as address and phone number;
  • monitor and report claims in debt settlement cases and bankruptcies;

We may process your personal data because it is necessary for us to comply with our statutory and other legal obligations, including:

  • perform any anti-money laundering, know your customer and anti-bribery checks;
  • send details of paid interest to tax authorities;
  • preserve documents according to accounting legislation;
  • enable audit and control in accordance with applicable laws; and
  • search credit and fraud prevention agencies records;

We may process your data in order to exercise our legitimate business interest to do so to the extent permitted by applicable law for the following purposes:

  • representation before the courts in lawsuits related to the transferred claims, which presupposes the transfer of your data to externally cooperating law firms / companies;
  • statistical analysis to evaluate and improve the methodology of collection of receivables; and
  • create a debtor/guarantor’s financial profile, taking into consideration the family’s income and expenses, mainly in cases where the debt will be collected by instalments over a specific period of time

We may process your data  – if required – based on your explicit consent. In this case we will separately contact you to obtain such consent. You may withdraw at any time any consent you provide for us to process your personal data. Such withdrawal will not impact the validity of processing based on your consent prior to its withdrawal.

If we are not able to process your personal data, we may not be able to administer your credit facilities, which may (among other things) affect your ability to manage your repayments. personal data when it is necessary to establish, enforce or defend a legal claim.

How we may share information

We may disclose your personal data to other data controllers, including:

  • our respective affiliates (including B2K’s affiliate B2Holdings Group), administrators, and related fund entities;
  • our respective auditors, legal and professional advisers;
  • credit reference agencies and fraud prevention agencies;
  • third parties that may, directly or indirectly, acquire or seek to acquire, us or an interest in your credit facilities;
  • where enforcement procedures are initiated, with persons/entities involved in such procedures, such as legal advisers, law courts and court representatives; and
  • our respective regulators and governmental authorities.

As described above, we may also share the data with Courts of Law to determine claims and take executive measures such as Court Orders and foreclosure. The information may also be provided to other authorities, such as the Cyprus Office of the Commissioner for Personal Data Protection, the Central Bank of Cyprus, Artemis Information Systems Ltd (Credit Bureau).

We may disclose your personal data to our data processors, including our subcontractors such as our respective:

  • debt collection and management agencies;
  • IT and software systems providers;
  • call centre providers;
  • external companies used to process / envelope letters that will be sent to you,
  • cloud data storage and data back-up storage providers; and
  • file storage/archiving companies and record management providers.

Transfer to other countries

During the processing personal data may be transferred, either by B2K or its data processors, outside the European Economic Area (EEA) to the third countries which are not subject to the European Commission’s adequacy decision. In such cases, the personal data will be transferred in compliance with the General Data Protection Regulation articles 46, 47, or 49(1), especially, Standard Contractual Clauses. The information about the transfers can be obtained through contact on the mail provided in this privacy notice.

Security

Information about B2K’s data subjects is protected by the law of confidentiality.  B2K therefore protects all activities in the business, including personal data processing, through various technical and organizational measures.  The company has procedures that limit or control the dissemination of data both internally and externally. If there is an incident (“data breach”) where B2K’s data subjects’ data is distributed to, or accessed by, unauthorized persons B2K will promptly inform the Data Protection Commission.

Storage time

Data subjects ‘ personal information is stored throughout their relationship with B2K. Once the claim is fully paid the relevant data will be erased after 10 years, provided that B2K is not required by law to continue to store the data, e.g. due to an ongoing court case.

Automated decision making and potential profile creation

As part of the processing activities, the Company, based on its legitimate interest, according to the GDPR art. 6(1)f and to the extent necessary to debt recovery may use your personal data and information, including liability, economic situation, history of repayments and contracts related to the debt settlement process for the creation of your profile. Profiling is required in order to assess the payment behavior and financial status of data subjects based on statistical models and expert rules. As a result, the decision on the method of collection may be made, in particular, what form the communication process will take, how the amicable settlement offers will be selected, and what amicable and judicial measures will be taken.However, the company does not exercise any form of automatic decision-making that is based on profiling and that would have legal or other significant repercussions on the data subject.

Data subjects’ rights

Data subjects can request details with regards to the personal data that B2K hold and request access to this personal data (right of access); To review what B2K processes, it is possible for all data subjects to request a data extract.  Such a request may be made by post or e-mail to the Data Protection Officer as following:

By email at dpo@b2kapital.com.cy or, by post at: P.O. Box 52704, 4067 Limassol Cyprus.

By requesting a data extract, the data subjects receive information about their personal data being processed.  B2K will endeavour to respond to such request 1 month from the date of the request by the data subject. In the event of a data subject’s request, if technically feasible, B2K may also compile the personal data and transmit the information to another party designated by the data subject.

Data subjects may object to B2K’s use of personal data (right to object) however B2k may refuse on the reasons of legitimate grounds for the processing; data subjects wishing to add to incomplete personal data or have reasons to believe that there is a flaw in their data (right of rectification), are encouraged to contact B2K’s Data Protection Officer as above.

A data subject would also be entitled to their data being deleted (right “to be forgotten”) if they are no longer required for the purposes for which B2K has collected them nor any reasonable ground exists to continue processing these.  Alternatively, a data subject may request B2K to restrict processing of their personal data.

It is very important for B2K that our data subjects have confidence in our personal data processing and that it is carried out in a correct and legal manner. B2K will therefore promptly investigate any issues raised by the data subject. A data subject wishing to comment or complain on B2K’s personal data processing may also contact the Office of the Commissioner for Personal Data Protection at:

commissioner@dataprotection.gov.cy or, by post at: P.O. Box 23378, 1682 Nicosia, or by Τel: +357 22818456, or by Fax: +357 22304565

This privacy policy may be adjusted and updated if B2K’s internal processes are changed or if the company is required to update the information by law or a regulatory authority decision.  The most current version will always be available on the company’s website at:  www.b2kapital.com.cy

.