Does RODO affect the surety and promissory note surety used as collateral for factoring? Are there new obligations on the factor as a result? Is it possible to do without the consent of the guarantor? All three questions posed in this way should be answered in the affirmative.
As is well known, suretyship, especially promissory notes, is a popular form of factoring security. When the factor is a company - most often the surety is a member of the board of directors, a proxy, a partner. When the factor is an individual - the spouse is most often the surety. The common denominator is that the guarantor is a person who is not a factor, and therefore one who is most often not bound to the factor by any legal relationship. So what about the processing of personal data in such a situation? What does the RODO say about it?
The factor collects personal data from the guarantor, and therefore must comply with the obligation under Article 13 of the RODO and plug the appropriate communication into the surety agreement or the promissory note guarantor's declaration - i.e., comply with the so-called information obligation. The personal data of the guarantor whose collection is justified are most often those given in the compact: name, PESEL, residential address. Taking data from the ID card will be rather difficult to defend under the principle of minimization. The administrator of the guarantor's personal data will be the factor, and the personal data will be processed for the purpose of performing the promissory note surety relationship. The legal basis for the processing of the guarantor's personal data will be (i) performance of the promissory note surety agreement (relationship) (Article 6(1)(b) RODO) and (ii) legitimate interest pursued by the Administrator (establishment, investigation or defense of claims between the guarantor and the factor) (Article 6(1)(f) RODO).
It is also worth stipulating from the outset to whom the guarantor's personal data may be disclosed or entrusted, as the catalog of such entities may differ from the standard provisions here (this includes, for example, a potential buyer of a claim secured by a surety, including an endorser). Of course, the guarantor should also be instructed about his rights under Articles 15-21 of the RODO and the legal remedies available to him.
The collection of any consent from the guarantor should be avoided by virtue of the possibility of withdrawal - with the risk that the legal basis for data processing will collapse. A properly formed surety relationship means that there will be sufficient legal grounds for processing personal data - other than the guarantor's consent.
