In this Information Memorandum on the Processing of Personal Data, we outline the purpose of and extent to which we process your personal data and information about your rights in connection with the processing of your personal data is provided.
We, Provident Financial s.r.o., with our registered office at Olbrachtova 2006/9, Krč, 140 00 Prague 4, Comp. Reg. No.: 256 21 351, registered in the Commercial Register administered by the Municipal Court in Prague, File No. C 55523 (hereinafter referred to as “Provident“) as your data controller, process your personal data.
We process personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the “GDPR”), Provident’s internal regulations and rules, and all applicable laws. If you have any questions or wish to exercise any of your rights concerning the protection of personal data, please contact us or our Data Protection Officer, using the contacts below.
Personal data are processed to the extent necessary only, in regard to the type and category of personal data. Your personal data are retained for the period necessary for achieving the purpose of processing, such as for the period determined by the applicable laws. We wish to keep only up-to-date and accurate data, so we update the data from time to time. The appropriate security of personal data is a requisite part of proper processing of personal data, so we have implemented different measures to protect personal data from any unauthorised access. Our objective is to preserve your privacy to the maximum extent possible; therefore, we always make a proper assessment whether the particular processing is required and whether it does not unreasonably infringe upon your rights and freedoms.
We are always at your disposal at:
Provident Financial s.r.o.
Address: Olbrachtova 2006/9, Krč, 140 00 Prague 4
WhatsApp: 723 53 53 53
A Data Protection Officer is the person to contact anytime when you have any questions concerning personal data protection, using the following contact details:
Name: Petra Dolejšová
Correspondence address: Provident Financial s.r.o., Olbrachtova 2006/9, Krč, 140 00 Prague 4
You may also report data security breaches or any suspected additional breaches of rights and obligations in connection with data protection to the Data Protection Officer.
You may also contact our Data Protection Officer anonymously using the contact details provided above.
We process the following categories of your personal data:
Identity information – name, surname, address, date of birth, national identification number and other relevant personal data
Information about identification document – document number, date of issue, expiry date and other relevant personal data
Contact details – e-mail, telephone number, correspondence address and other relevant personal data
Demographic data – marital status, qualification level, type of housing, number of children, information about place of residence and other relevant personal data
Occupational information – information about employer and other relevant personal data
Information about financial position – income, quantifiable expenses, other loans and other relevant personal data
Information about the service of other loans – amount of loans, repayments of existing loans, overdue amounts and other relevant personal data
Information about consumer behaviour – information about e-trading, purchases, ownership of property (such as house, apartment, car) and other relevant personal data
Digital data – cookies, IP address, Internet address, information about the way of filling in an electronic application, other data from publicly available resources and other relevant personal data.
Voice record – audio record of your voice
We respect a special protective mode of a national identification number, so we process it only if required by special legislation or if we obtained your consent. We need national identification numbers in particular for the fulfilment of our legal obligations provided by Act No. 253/2008 Sb., on Certain Measures against Money Laundering and Financing Terrorism, as amended, and for access to and sharing information in client information registries.
Primarily, we obtain your personal data directly from you:
from your loan application filled in on our website or from applications filled in with our business representatives and partners;
from communication or conversation by telephone, e-mail or using other means of electronic communication;
from documents which you submit to us;
from automated interactions with you on our web / mobile application(s);
our internal databases, where we lawfully retain such data.
Sometimes, we obtain personal data from other publicly accessible and private registries and records, in particular:
from client information registries (credit bureaux);
from the Commercial Register;
from the Trade Register;
from the Insolvency Register;
from the Central Distraint Register; or
from the Central Register of Invalid Documents.
In general, we retain your personal data for the period determined by the applicable laws or by the agreement, for the term of granted consent or based on our legitimate interest.
We retain personal data that we process for the reason of fulfilling our legal obligation for the period determined by the applicable laws. In exceptional cases when longer periods of retention of certain documents that may contain personal data are determined by the laws, we retain personal data processed for the performance of our legal obligations for a maximum of 10 years from the time of termination of the contractual relationship with you.
We retain personal data which we process for the reason of performance of an agreement for the term of the agreement and then for the period of legitimate interest (usually for the limitation period when we may have an interest in making or defending our legal claims and in the case of initiating court, arbitration, distraint or other similar proceedings, for the period of such proceedings and then for the periods for filing extraordinary remedies and during proceedings for filing extraordinary remedies).
We retain customer line call records for the period of 3 years.
We retain personal data which we process based on your consent for the period determined in the respective consent to the processing of personal data or until such consent is withdrawn.
To increase security, we have camera surveillance at the reception of Provident’s branches. We retain video footage for maximum of 7 days.
Depending on the purpose of data processing, we may disclose your personal data to the following categories of third parties:
governmental authorities with jurisdiction (such as law enforcement authorities, tax administrators, the financial supervision authority, the consumer protection authority);
entities assessing creditworthiness, in particular client information registries;
In connection with our business activities as a multinational corporation, your personal data are also transferred to other companies in the International Personal Finance plc. (hereinafter referred to as the “IPF”) group, in accordance with the requirements of applicable laws and internal administrative purposes within the group.
The following companies make up the IPF group: IPF International Limited, Provident Polska S. A., Provident Financial Romania I.F.N. S.A., Provident Pénzügyi Zrt. and Provident Financial, s.r.o., IPF Digital AS. For a regularly updated list of members of the IPF Group, see http://www.ipfin.co.uk/en/about-us/our-businesses.html.
To process your personal data, we also use external sub-processors. We use the following categories of sub-processors: credit bureaux, external call centres, marketing agencies, research agencies, external collection agencies, external law offices, print solution suppliers and suppliers of IT solutions. Contacts are available in the heading of this Information Memorandum and on creditea.cz website.
We disclose your personal data only to the extent necessary and in the form necessary to achieve the purposes determined in this Information Memorandum and to our contractual partners only with whom we have concluded agreements protecting your rights and freedoms concerning your personal data.
We will process your personal data in the EU and also in other countries, in particular in the US and India.
Before transferring your personal data, we always diligently assess all circumstances in order to achieve the adequate level of protection of your personal data. When we cooperate with our US partners, we transmit your personal data based on the adequacy decision of the European Commission. In respect of the transmission of your personal data to partners from other third countries, we undertake to commit ourselves to so-called standard contractual clauses which guarantee an adequate level of protection.
The reason for processing your data abroad is to optimise the costs for the operation of IT systems.
In connection with the transferal of your personal data to foreign countries, you are guaranteed the possibility of exercising all your rights and to demand efficient legal protection by foreign public authorities.
Your personal data may be processed both manually and on an automated basis. Automated processing is carried out in our information system, or in the information systems of our sub-processors. Your personal data are processed in particular by our selected employees and business representatives. We have adopted such measures to allow access to your personal data only by authorised and trained employees and sub-processors who are involved in their processing and also to make sure that these employees and sub-processors keep confidential all facts, information and data (personal or otherwise) of which they may learn in the performance of their work. We have a written agreement on the processing of personal data entered into with all sub-processors that emphasises the security of your personal data and contains identical warranties for personal data processing steps from these sub-processors as are provided by us.
We process your personal data by collecting, storing and categorising them in our systems and by checking whether they are correct, or we can update and categorise them based on your relationship to our company (future, current and former client); in the end, we destroy them.
The legal basis for the processing of your personal data and individual purposes of their processing are described below:
Performance of an agreement
Before entering into a loan agreement, you are obliged to fill in a loan application form. Based on data provided by you and data obtained from external resources, we check your creditworthiness. Then our system will calculate and create a loan proposition for you. In the proposition, the conditions of our loan agreement is determined. The proposition is required for the preparation of a risk analysis and for risk management. If you fail to provide requested information in your loan application, we will not be able to prepare a loan proposition for you. Although propositions are prepared automatically, decisions on the loan provision are always reviewed by one of our employees who can make a decision different from the proposal, at the employee’s discretion. Before entering into a loan agreement, we process your contact data to be able to give you information about our financial product and to allow you to make an informed decision.
To be able to change any existing loan agreement, we must collect and use your personal data to be able to reassess your creditworthiness. For the duration of the loan agreement, we will use your data for the allocation of payments which you have transferred us.
Using your contact data, we will also send you through our telecommunication providers information about availability of your loan agreement and other documentation to the agreement which will be available online in your Customer Account.
We may also use data about your unperformed obligations for the enforcement of our claims or provide such data to our authorised provider(s) of claims collection services.
Fulfilment of legal obligations
We further process your personal data to duly perform all obligations determined by the data protection laws, the Consumer Loan Act, the Act on Certain Measures against Money Laundering and Financing Terrorism and other applicable laws.
If we do not obtain data required by the law, we are not able to enter into a loan agreement.
We share your data with entities assessing creditworthiness information for the purpose of assessing your creditworthiness.
We observe the principle of responsible provision of loans – for this purpose, we collect your financial information stated in the loan application. We collect your financial data also from other sources. For example:
We check data determined in documents which you submitted to us for the verification of your income and expenses; and
We make investigations in client registries concerning other debts and payment behaviour.
We use the collected data to verify your creditworthiness. You have the right to receive information about data used in the assessment of your creditworthiness immediately and to challenge the decision on the (non-)provision of a consumer loan.
To prevent money laundering, we collect information concerning you and your identity documents in printed or electronic form. We disclose some of the information to be able to check your data in certain databases and to use these data to check your identity.
Audit, tax and accounting obligations apply to us, too. This is why we disclose your personal data to our tax advisors, auditors and other advisors, if any, always subject to maintaining the confidentiality of these data.
Under applicable laws (including international treaties), other obligations in which your personal data must be processed might apply to us. Such personal data will be always processed exclusively for the purpose of fulfilment of the particular legal obligation.
Our legitimate interest
We process your personal data also based on our legitimate interests, though only provided that your interests and fundamental rights and freedoms do not overrule our legitimate interest. Before any processing is commenced, we always carefully measure your interests against ours. If you disagree with the processing, you have the right to object, and we will make a new assessment.
For the duration of our contractual relationship and for the period of 5 years after the termination of our contractual relations by the repayment of your loan, we are interested in sending you promotional materials for our products and services customised to your needs and to inform you about competitions and other marketing campaigns for our current and former customers that are underway. We may use your contact data to send you information about our products and services which are similar to those which we provide or which we provided to you in the past. We can do so via letter, e-mail, SMS or social media, provided that each report contains a simple opt-out option.
To be able to comply with your requirements and needs in the best possible way, we process your data for the purpose of customising our offers. We disclose your data to local and foreign creditors and banks upon their authorised requests in the case that you requested the provision of their services. We disclose some of your data to financial fraud detection systems in order to prevent from financial fraud.
To record the demonstrations of your will, to improve the quality of our services and to defend our legal claims, we record all calls to the customer line. We collect digital data about your devices to secure our network and to monitor the traffic of our website.
On a limited basis, we can use the personal data also for the development of new products and services and optimisation of our existing products.
Based on our legitimate interest, we also share information about your creditworthiness, payment behaviour and trustworthiness with client information registries and their authorised users. From these registries, we also receive information about you.
This way, we process your personal data for the purpose of:
fulfilling our obligation of the responsible provision of consumer loans;
mutually informing authorised users of client registries about your creditworthiness, trustworthiness and payment behaviour;
assessing (also repeatedly) your creditworthiness, payment behaviour and trustworthiness by operators of client information registries and their authorised users.
From your data available in client registries and from your other publicly accessible data (such as your personal data contained in the insolvency register), the operators of individual client registries create an information file, and in that file, they perform statistical assessments of your creditworthiness and trustworthiness.
These operators disclose your personal data (in the form of an information file including data on statistical assessments of your creditworthiness and trustworthiness) in the form of online queries to all authorised users of client registries. To us this also means always to the extent and on the conditions stated for each of these client registries in the respective information memorandum. For current versions of the Information Memorandum of the Banking Register of Client Information and Non-banking Register of Client Information and information about registers of SOLUS association, see our website.
Provident’s credit application process is automatic. Provident’s system will automatically conduct several checks - if any of them fail, your loan application will be rejected. Based on the information collected, our system will generate a score, which will designate your credit amount.
For more information about cookies, see aboutcookies.org. If you disable cookies in your computer, you may not have access to all parts of our website.
Information generated by cookies in regard to the use of website including the IP address is transmitted to Google tools and other online marketing platforms (like Facebook, Seznam, etc). This information is then used for the evaluation of traffic and other statistics concerning the website. Provident itself or through a third parties will not use any statistic tools for collecting personal data of visitors of this website.
Google tools, nor tools from other mkt platforms will not connect the visitor’s IP address with any other collected data. Provident or Google will not use the IP address to directly identify the website visitor or the computer from which the visitor accessed the website. At the same time, they will not connect any other obtained data with personal data of visitors from other sources, unless the visitor hands them over of their own free will.
Each visitor may set their Internet browser to notify them of downloading cookies or not to accept cookies at all. Disabling cookies may, however, limit the functions of the website creditea.cz.
The website provident.cz and creditea.cz at the same time use the analytical application UsabilityTools which allows monitoring and recording of mouse movements (movements, clicking, scrolling) and filling in of text information. Usability Tools do not collect any personal data which the visitor does not voluntarily provide, and they do not monitor the visitor’s viewing of websites which do not use Usability Tools.
We process your data on a fully transparent basis. Anytime during the processing of your personal data, you can use the following rights:
You have the right to access your personal data and to get a copy of your personal data that we process.
You have the right to portability of your data which you provided to us or which we process based on your consent or for the purposes of performance of agreement and which are processed on an automated basis. We will provide the data to you in a secured file in a machine-readable form which you can save or disclose to other service providers. You can also provide us data obtained from other companies. You can also request us to provide your data to another controller; however, we will be able to do that only provided that such transfer is technically possible. As the said file contains your personal data, we recommend saving it on your device in a secure fashion.
We keep your data up-to-date, so from time to time and when required by the law, we will ask you to check your data; however, if you should find that the data we keep concerning you are incorrect, you may request a rectification of incorrect data, and using the above-mentioned contact details, you can supplement missing or additional data. If there is any doubt about your data being correct, you may request restriction of the processing of your data for the period for which we will be checking whether they are correct.
You have the right to data restriction. It means that we will retain your data, but we will not use them otherwise. You also have the right to erasure of your personal data, though only in the cases provided by the law:
Your data is no longer necessary for us or the agreed retention period has been exceeded;
In the case that your data is processed based on your consent, you have withdrawn your consent;
You do not consent to the processing of your personal data based on our legitimate interest; before your interest is verified, we will restrict the processing and, in the case, that your rights will prevail over ours, we will erase the data upon your request;
You do not consent to the processing of your personal data for marketing purposes;
Personal data must be erased if necessary, for the fulfilment of a legal obligation;
If the processing is illegal.
If no legal grounds exist, we will not erase or restrict your data.
You have the right to object at any time to processing for direct marketing purposes and terminate providing you with offers and services of our company. You can contact us at our e mail address, WhatsApp phone number or be in touch with us on following contacts.
o WhatsApp: 723 53 53 53
If you wish to exercise any of your above-mentioned rights, you can do so through our customer service department on WhatsApp phone number 723 53 53 53 or at our e mail address email@example.com, in writing at the Provident registered address.
You have the right to disagree with a decision based solely on automated processing of your data including profiling, by contacting our customer service using the contact details provided in this Information Memorandum.
You may contact our Data Protection Officer any time using the contact details provided at the beginning of this Information Memorandum. You should contact the Data Protection Officer also in case that you believe we have violated your rights under the data protection laws.
If you feel that your rights were violated in connection with data processing, you have the right to contact the authorised supervisory office (usually the Office for Personal Data Protection at Pplk. Sochora 27, 170 00 Prague 7) or the court with jurisdiction.
You have the right to object to the processing of your personal data based on our legitimate interest; should you wish to do so, you may through our customer service department on WhatsApp phone number 723 53 53 53 or send an e-mail to firstname.lastname@example.org.
Please note that if we find that our legitimate interest prevails over your rights and freedoms, we may continue the processing of your personal data. If your objection is found justified, it could mean that we would no longer process your personal data for the given purpose.
We review this Information Memorandum from time to time and we can occasionally change it (mainly for the compliance with the laws and data protection processes). Updated versions will be available at our website and you will be notified of any changes in each case.
This Information Memorandum was last updated on 17th March 2020.