Information note on processing and protecting conditions ensured by the controller CREDIT HISTORY BUREAU „INFODEBIT CREDIT REPORT” SRL

Who are we?

BIC „INFODEBIT CREDIT REPORT” SRL - as private-law legal entity (limited liability company), IDNO 1017600009673, having its registered office in the Republic of Moldova, Chisinau municipality, 10B Calea Iesilor, 4th fl., acting in the market according to the Statute and legislation in force of the Republic of Moldova.

Company, given that it stores and processes[1] personal data of clients, visitors and employees on a large scale (significant number of subjects/clients/employees), notified the National Center for Personal Data Protection (NCPDP) with the purpose of checking and determining if these data are processed in compliance with personal data protection requirements. Thus, NCPDP authorised BIC „INFODEBIT CREDIT REPORT” SRL to act as personal data[2] controller, registered under no 0001302 with the Register of Data Controllers www.registru.datepersonale.md. Authorisation and registration with NCPDP confirms that data processing methods and security requirements applied by the data controller are able to ensure an appropriate level of protection of personal data. 

Whom can I approach to learn details on the procedure for personal data protection processing?

In order to ensure an adequate level of protection of personal data as well as to achieve an independent and qualitative control over the level of compliance when processing your personal data, but also taking into account legal obligations provided for by national law (see point 17 of the Government Decision no. 1123/2010), the Company appointed a data protection officer (DPO) - ‘Privacy by default’ SRL.

Data protection officer may be contacted at the e-mail address: office@gdpr.md or phone number: +373 69 24 22 66.

Who are the recipients of Company's services?

Company's services are intended for any person regardless of gender, colour, citizenship, religion, political vision, status or any other qualification that is not required.

When can we collect your personal data?

We may collect your personal data in the following situations:

-          when you become the subject of the credit history;

-          when you call us for information or assistance via our assistance channels;

-          when you register to benefit from a certain service;

-          when you subscribe to newsletters or notification and other services;

-          when you take part in a survey;

-          when you browse our site;

-          when you subscribe to an application of the Company.

What data are collected from the client?

Personal data controller processes the following categories of personal data[3] of the consumer:

Available when accessing the webpage www.infodebit.md [4]:

1.      Company’s contact details available in ‘Contacts’ field;

2.      Data in ‘News’ field;

3.      Data on newsletter subscription;

4.      Data contained in the contact form in ‘Contacts’ field- name/surname, telephone number, e-mail address, text, other categories of data provided at the initiative of the data subject;

5.      Technical data: (IP, device, operating system, date, month, year of accessing the site, other data as appropriate);

6.      Cookie.

When establishing and managing the CHB Personal Cabinet:

a)      Personal account login;

b)      Personal account password;

c)      One-time password for setting up the account;

d)     IDNO;

e)      E-mail;

f)       Telephone:

g)      Telephone number/fax;

h)      Mpass mobile signature;

a)      Scoring;

b)      Domicile locality/address:

c)      Driving licence data:

d)     Data on the assets held;

e)      Data on the number of credit reports;

f)       Data on active/passive financial arrangements;

g)      Data on positive/negative credit history;

i)      ALT - other income;

j)      ALTB - other payments to non-resident;

k)     DIVA - dividends, Article 901 para.(31) of the Tax Code;

l)      DIVB - income of the non-resident, Article 91 of the Tax Code;

m)    DOB - interests, Article 89 of the Tax Code;

n)     DOBA - interests of resident individuals, except for individual undertakings (IUs) and households (Hs), Article 89;

o)     DOBB - interests, Article 89 of the Tax Code;

p)     FOL - Income obtained by individuals who do not carry out entrepreneurial activity from the transfer in possession and/or use (lease, rent, usufruct) of movable and immovable property, except for agricultural land;

q)      FOND - income of the individual entrepreneur taxpayer (except for Hs);

r)       FONDG - income of the individual entrepreneur taxpayer (Hs);

s)       LIV - payments to the individual in phytotechnics and horticulture;

t)       NEDA - income from which the final tax withholding is made;

u)      NEDB - payments to non-resident, the amount of which is not deductible;

v)      NOR - gambling earnings, except for earnings from promotional campaigns and/or lotteries and betting;

w)     PLT- payments to non-resident, Article 71;

x)      PUB - income from which the final tax withholding is made;

y)      RCSA - amount withdrawn from the share capital;

z)      RCSB - amount withdrawn from the share capital of non-resident;

aa)   ROY - royalty paid for the benefit of the individual;

bb)  ROYA - royalty (fees) and interests, Article 89 of the Tax Code;

cc)   ROYB - income of the non-resident, Article 91 of the Tax Code;

dd)  SAL - salary payments, Article 88 of the Tax Code;

ee)   SALA - salary payments, Article 24 para.(21) of the Law no 1164-XIII;

ff)    SER - income from which taxes are withdrawn, Article 90 of the Tax Code;

gg)  SERB - income from which taxes are withdrawn, Article 90 of the Tax Code;

hh)  Data on the status of founder/administrator of the legal entity;

ii)      List of personal reports required;

jj)      List of checks carried out based on the IDNO;

kk)  Other categories of data provided at the initiative of the data subject;

When using the Check solution based on the IDNO:

a)      Name, surname;

b)      IDNO;

c)      E-mail;

d)     Telephone;

e)      Country;

f)       Locality;

g)      Address;

h)      Bank details.

     When using the Check solution based on the IDNO:

1.      Data on the status of founder/administrator of the legal entity;

2.      Job;

3.      Address;

4.      Telephone/fax;

5.      Telephone:

6.      Data contained in the Financial Statement;

7.      Data contained in Entity Information field.

The specified personal data will be processed by the data controller for the period provided by Law no 120/2008 on credit history bureaus - 5 years from the last update/modification.

1)      Under the consent[5] of the data subject, for sales prospecting[6] and direct marketing, as well as for providing advertisements of third parties[7], such as:

a)      The consent to receive marketing messages, by e-mail: yes or no;

b)      The consent to receive advertising messages of third parties by e-mail: yes or not.

The personal data subject is entitled to withdraw at any time the consent for the processing of personal data set out in letter a) -b). 

Withdrawal of consent for the processing of personal data for the specified purposes does not affect in any way the basic object of the provision of services.

The request regarding the withdrawal of consent does not need to be motivated and can be submitted by the data subject at the email address indicated on the page www.infodebit.md.

The data controller may also process other identifiers of the data subject if they will be recorded/exposed by the data subject: by written or electronic requests or communications, verbal statements at the company's headquarters or by telephone or means used to provide services.

Who can access personal data? 

The controller applies strict mechanisms for the management, administration and access of your personal data, being limited to a strictly necessary number of persons, who, in their turn, have different types of access in terms of personal data volume that can be processed.

The following categories of recipients may have access to your personal data:

a)  Employees - within the limits of duties distributed through internal documents;

b)  Contractual beneficiaries - suppliers of credit histories;

c)   Subjects of credit histories;

d)   Processors:

-    The companies responsible for ensuring the maintenance and servicing of the technical equipment - insofar as the concrete situation is necessary and authorized by the management;

-     Responsible companies that provide software maintenance;

-     Companies responsible for ensuring external financial audit;

-     Companies responsible for receiving and delivering postal items;

e)    Other personal data controllers:

-          National Center for Personal Data Protection;

-          Tax Service;

-          Agency for Consumer's Protection;

-          Law enforcement bodies[8];

f)       Individuals or legal entities mentioned by the client as being the recipient of personal data.

g)      Contractual partners or institutions you allowed to transmit your personal data.

In all cases of personal data disclosure, the controller shall take precautionary measures to verify the lawfulness of such disclosure which will include at least: if the requirements of the form and procedure for requesting information (in written or electronic form, according to the requirements of the electronic signature and the electronic document) have been observed, if the purpose, legal basis and causal link between the requested information and the case/petition/process under examination has been indicated.

The confidentiality of personal data concerning the data subject shall also be ensured in the event of incapacity for exercise or limited capacity, including in the event of death. 

In all unclear cases regarding the manner and need to disclose personal data, they shall be interpreted by the controller in favour of your rights. 

What rights do I have in relation to data processing?  

Right to information

Your right to information is exercised by providing and publishing this Information Note and similar information when we communicate directly with you through the point of contact (employees);

 Right to access data

 

You or your legal representative, upon request, have the right to access information about your own data: how they were processed, by whom, to whom they were disclosed, the time limit for storing this information, and the right to obtain parts of certain documents that concern you. In addition, you have the right to obtain information on the legal consequences of data processing and the exercise of the right to intervene in personal data.

Right to rectification of personal data

 

You have the right to ask us to rectify any inaccurate data we have about you.

Right to delete personal data (‘right to forget)

 

You have the right to require personal data we hold about you. This is not an absolute right and, depending on the legal basis that applies, we may have legitimate reasons to continue processing the data.

Right to restrict processing

 

You have the right to require restriction of processing your personal data. You can ask us to do this, for example, if you content the accuracy of data. Only EU residents have the right to exercise this right.

Right to object

You have the right to object to the processing of your personal data for reasons related to your particular situation. The right is not absolute and we can continue to use the data if we can prove compelling legitimate reasons.

Rights related to the automatic making of individual decisions, including profiling

You have the right to object to a decision made solely against automated processing, regardless of your individual situation, including against profiling. If we make any automatic decision-making, we will record this in our Information Note and we ensure you that you can request that the decision take into account your personal particularities.

Right to justice

This right consists in the possibility of filing a complaint with the Supervisory Authority of the Personal Data Processing or the court, for the defence or reinstatement of the infringed rights. You have the right to file a complaint to the National Center for Personal Data Protection if you are not satisfied with any aspect of the processing of personal data by us or you believe that we do not fulfil our responsibilities as data controller. The contact details of the Authority are: MD-2004, Republic of Moldova, Chisinau municipality, 48 Serghei Lazo St. tel: + 373-22-820801, fax: + 373-22-820807, e-mail: centru@datepersonale.md 

What does notification about the use of "cookies" mean?

Cookie - is that information that is collected when accessing the web page www.infodebit.md, to identify the user who accessed a certain informational content. This is generated by our server and the computer on which your browser operates. The information contained in the cookie is set by the server and may be used by that server whenever the user visits the website. A cookie can be considered as an identity card of the Internet user, which indicates to a website when the user returned. Similar technologies are also applicable for mobile devices (tablet, smartphone) used to access information on the respective web page.

The use of cookies allows us to offer you certain functions and provides us with information about visits to our website or the use of our applications. Most browsers are automatically set to provide cookies, but you are not required to accept them. If you wish to delete cookies that are already on your computer or object to the collection and disclosure of this information, you may access the browser manufacturer's guides at the following addresses:

-          Chrome(https://support.google.com/accounts/answer/61416?co=GENIE.Platform=Desktop&hl=en)

-          Mozilla(https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences)

-          Internet Explorer(https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies)

What cookies does our site use?

Webpage www.infodebit.md
Cookies that are necessary and allow you to browse the website and use its basic functions. Usually, they are installed only in response to actions performed by you that equate to a service request. These cookies are indispensable for the use of our website.

COOKIE NAME                                          PROVIDER                                                  TYPE                     EXPIRY

PHPSESSID                           infodebit.md

First found URL: https://www.infodebit.md/

 

Cookie purpose description: Preserves user session state across page requests.

Initiator: Webserver

Source: infodebit.md

Data is sent to: Moldova

HTTP

1 day

Cookies for statistics.

 

 Statistical cookies help site owners understand how visitors interact with websites by collecting and reporting information anonymously.

 

COOKIE NAM E

PROVIDER

TYPE

EXPIRY

__utma

infodebit.md

HTTP

2 years

 

First found URL: https://www.infodebit.md/

 

 

 

Cookie purpose description: Collects data on the number of times a user has visited the web site as well as dates for the first and most recent visit. Used by Google Analytics.

 

Initiator: Script tag, page source line number 586

Source: https://www.infodebit.md/js/custom.js

Data is sent to: Moldova

Blocked until accepted by user: No

__utmb                     infodebit.md                                       HTTP       1 day

 First found URL: https://www.infodebit.md/

Cookie purpose description: Registers a timestamp with the exact time of when the user accessed the web site. Used by Google Analytics to calculate the duration of a web site visit. 

Initiator: Script tag, page source line number 586

Source: https://www.infodebit.md/js/custom.js

Data is sent to: Moldova

Blocked until accepted by user: No

__utmc                     infodebit.md                                       HTTP       Session

First found URL: https://www.infodebit.md/

 

 

Cookie purpose description: Registers a timestamp with the exact time of when the user leaves the web site. Used by Google Analytics to calculate the duration of a website visit.

 

Initiator: Script tag, page source line number 586

Source: https://www.infodebit.md/js/custom.js

 

Data is sent to: Moldova

Blocked until accepted by user: No

__utmz                     infodebit.md                                       HTTP       6 months

First found URL: https://www.infodebit.md/

 

 

Cookie purpose description: Collects data on where the user came from, what search engine was used, what link was clicked and what search term was used. Used by Google Analytics.

 Initiator: Script tag, page source line number 586

Source: https://www.infodebit.md/js/custom.js

Data is sent to: Moldova

Blocked until accepted by user: No

 

_ga                            infodebit.md                                       HTTP       2 years

 

First found URL: https://www.infodebit.md/     

 

Cookie purpose description: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

Initiator: Page source line number 616-622

Source: Inline script

Data is sent to: Moldova

Blocked until accepted by user: No

_gat                           infodebit.md                                       HTTP       1 day

First found URL: https://www.infodebit.md/     

Cookie purpose description: Used by Google Analytics to throttle request rate

Initiator: Page source line number 616-622

Source: Inline script

Data is sent to: Moldova

Blocked until accepted by user: No

_gid                           infodebit.md                                       HTTP       1 day

 

First found URL: https://www.infodebit.md/     

Cookie purpose description: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

 

Initiator: Page source line number 616-622

Source: Inline script

Data is sent to: Moldova

Blocked until accepted by user: No

collect                      google-analytics.com                        Pixel         Session

First found URL: https://www.infodebit.md/     

Cookie purpose description: Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.

Initiator: Inline script, page source line number 616-622

Source: https://www.google-analytics.com/r/collect?v=1_v=j82a=1351492444t=pageview_s=1dl=https%3A%2F%2Fwww.infodebit.md%2Ful=en-usde=UTF-8dt=Biroul%20Istoriilor%20De%20Credit%20-%20Infodebitsd=24-bitsr=1024x768vp=1000x741je=0_utma=182833918.800748779.1589295353.1589295353.1589295353.1_utmz=182833918.1589295353.

1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)_utmht=1589295387242_u=IQBCAUAB~jid=211910634gjid=1659306877cid=800748779.1589295353tid=UA-144214261-1_gid=623874391.1589295387_r=1gtm=2ou4t0z=1346984569

Data is sent to: United States (adequate)

Adequate country under GDPR (EU)

Blocked until accepted by user: No

Cookies collected for marketing purposes
Cookies collected for marketing purposes are used to track visitors to websites. The intention is to show relevant and interesting ads for each user and therefore more valuable to publishers and third-party advertisers.

COOKIE NAM E                                                           PROVIDER                      TYPE       EXPIRY

common/cavalry_endpoint.php               facebook.com         Pixel    Session

First found URL: https://www.infodebit.md/

Cookie purpose description: Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement - This also allows the website to limit the number of times that they are shown the same advertisement.

Initiator: In line script, page source line number 543-549

Source: https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1589295259119t_start=1589295259120t_d o mco n ten t=1589 295259162t_layout=1589295259850t_onload=1589295259850t_paint=1589295259850t_creport= 1589295259850t_tti=1589295259162lid =

 6825971157858123926-0

 

Data is sent to: Sweden (adequate)

Adequate country under GDPR (EU)


[1] personal data processing - any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, storage, preservation, retrieval, adaptation or alteration, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

[2] controller - public or private-law legal or natural entity, including the public authority, any other institution or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data expressly provided for by the legislation in force

[3]personal data - any information on an individual that is identified or can be identified;

[4] * categories of personal data required for processing;

[5] consent of the personal data subject - any free, express and unconditional, written or electronic indication, according to the electronic document requirements, by which the personal data subject accepts his/her personal data to be processed;

[6] direct marketing (sales prospecting) - the method of distribution of products and services in which marketing concepts, techniques and tools are used, including by post, electronic communications services or other forwarding services, materialized in an approach oriented directly at the personal data subject, aiming to generate a quantifiable reaction to it.

[7] third party - individual or public or private-law legal entity other than the personal data subject, than the controller or the processor and than the person who under the direct authority of the controller or the operator is authorized to process personal data;

[8] public authority or subdivision of such authority, responsible for preventing, investigating, detecting criminal offenses, for the purpose of enforcing criminal proceedings, prosecuting criminal offenses or enforcing criminal penalties, including protecting and preventing threats to public order, including, but not limited to: police, prosecution bodies, customs bodies, penitentiary institutions, bodies for preventing and combating corruption, money laundering, terrorist financing, recovery of criminal assets, probation bodies, state security bodies.