The cookie policy

The www.bonuscard.ro website is using cookies in order to improve the browsing experience for its users. You can read more about the way that cookies are placed, used and administered and access a few useful links below. If you want to learn more on this topic and can't find your answers in the information presented here, please contact us at 0800 80 1234 (toll-free number, in any fixed line) or +40 21 200 94 94 (regular tariff number in any network), available daily between 9:00 and 22:00.

The cookies used by this website offer valuable feedback and help us to better understand the needs of our visitors. The information gathered through them is not stored in our database and when you close the browser, the cookies are deleted from your computer.


What is a "cookie"?

An "Internet Cookie" (also known as a "browser cookie", a "HTTP cookie" or simply a "cookie") is a small text file consisting in letters and numbers which is stored on your computer, mobile device or other gadget connected to the Internet.

The cookie is installed after a web-server sends this request to a browser (e.g.: Internet Explorer, Chrome) and is completely "passive" (it doesn't contain any software, viruses or spyware programs and can't access the information stored on the user's hard drive). The cookie is then resent to the original website at every visit or to another website that recognizes that cookie. But cookies themselves don't ask for personal information and in most cases don't personally identify the internet user. Their main role is to remember the user's preferences on that website or to identify the loyal visitors of a page.

There are two main types of cookies:

  • Session cookies – which are temporarily stored in the cookie folder of your internet browser and memorized until you leave that website or close the browsing window (e.g.: when you log in / out of a webmail or social network account)
  • Persistent cookies – which are stored on a hard drive or computer hardware (and usually depend on the lifespan on that particular cookie). Some cookies are used for just one session and discarded after the user leaves the website and others are stored and reused each time that person visits the website. However, cookies can be deleted at any time by the user through his browser settings.

Persistent cookies include those placed by another website than the one visited by the user at that particular moment. Known as "third party cookies", they can be anonymously used to memorize the interests of a certain user in order to show him the most relevant pieces of advertising.


What are the advantages of using "cookies"?

Cookies help you enjoy a better browsing experience by remembering your preferences about online confidentiality, language settings or relevant ads. At the same time, they help us to better understand what our users need and improve the structure of our website.

The information we gather help us get a general picture about the areas which could use improvements, such as:

  • the most popular pages (in order to make them more accessible)
  • the pages that are not used (in order to remove the unnecessary content)
  • the most searched types of information (in order to provide them for our users)
  • the areas which show errors (in order to fix them)

What is the lifespan of a cookie?

The lifespan of a cookie can vary dramatically, according to the purpose of their placement. Some cookies are used exclusively for one session (session cookies) and are discarded after the user has left the website, while others are memorized and reused each time the user returns to that website. However, cookies can be deleted at any time by the user through his browser settings.


What are third party cookies?

Some types of content on certain websites can be provided through third parties / suppliers (e.g.: a video or a commercial). Also, third parties can place cookies through the website - these being known as "third party cookies". The third parties have to obey the law and privacy settings of the website holder.


What type of cookies can be placed by third parties?

While visiting www.bonuscard.ro, the following cookies can be placed:

  • Website performance cookies - which memorize the user's preferences so he won't have to mention them every time he visits our website.
  • Analytics cookies - which identify if the user is visiting the website for the first time or if he is a returning visitor. This type of information helps us monitor the unique visitors and the number of visits to our website.

Other third party cookies

On some pages, third parties can place their own anonymous cookies, in order to track the success of an application or to personalize it. Due to its usage profile, our website can't access that kind of cookies, the same way that third parties can't access the cookies held by this website.


The Google Analytics cookies

This website uses cookies that may originate from Google Analytics. The information collected by these cookies is transferred and stored by Google on its personal servers, according to its privacy policy. Our website uses Google Analytics cookies in order to collect information on how the visitors use the website and to detect potential navigation problems.

Google Analytics stores information about the pages visited, the time spend in site, the path of access to the website, as well as the sections accessed through the pages. No personal information is stored, therefore the data collected cannot lead to identifying a particular user.

This website also uses Google Analytics in order to verify if it meets the demands of its users and to prioritize its steps towards improvement. Google offers more information about cookies in the privacy and cookies policy pages. Also, Google offers users and add-on which allows them to leave out Google Analytics on any page they access.

For more information on how Google collects and uses this data, please read more at the privacy policy link.


What type of information is stored and accessed through cookies?

Cookies store in a small text file information what allows a website to recognize a browser. The webserver will recognize that browser until the cookie expires or is deleted.

The cookie stores important information which can improve your online browsing experience (e.g.: the language settings on websites you visit; keeping you logged into your webmail account; the online banking security etc.)


Why are cookies important for online browsing?

Websites are constantly trying to evolve and improve their services. That's why cookies are essential for the way these platforms work and adapt their content to suit every user's preferences and interests. By refusing or deactivating cookies, you can render some sites impossible to use.

The option is entirely that of the user. For instance, if you refuse or deactivate cookies, it doesn't mean you won't have access to online advertising, but it will not be as relevant (meaning it will not take into consideration the preferences and interests resulting from your online behavior).


Cookie security and privacy

Cookies are completely harmless and do not represent viruses! They use plain text type formats and are not based on code, which means they are not executable programs and can't auto run.

However, because they store information about the preferences and navigation history of the users on one or more websites, cookies may be used as a type of Spyware. Many antispyware products are aware of this and are constantly marking cookies to be deleted in the antivirus/antispyware scanning/cleaning processes.

Generally, browsers include confidentiality settings which provide various levels of cookie acceptance, validity and automatic deletion after the user has visited a website.


Other information regarding security

In order to avoid any type of problems while using cookies, it's good to know everything about the potential security risks. Because they constantly send information back and forth between the browser and the website, if a transgressor or an unauthorized person interferes with this process of data transmission, the information stored by the cookie could be intercepted. Although very rare, this can happen if the browser connects to the server using an unencrypted network (e.g.: an insecure Wi-Fi network).

However, there are some pieces of advice you can follow in order to make sure you can safely browse the internet. Deactivating cookies is not a solution, because it will prevent you from accessing the most popular websites, such as Youtube, Gmail, Yahoo and so on.

Therefore, in order to safely navigate the web while still enjoying the advantages of using cookies, we recommend that:

  • You personalize the browser settings regarding cookies so that they reflect a security level you are comfortable with
  • You constantly install and update antispyware applications
  • If you're not bothered by cookies and are the only person using the computer, you can set long validity terms for storing your navigation history and authentication data.
  • You constantly update your browser, since many of the cookie based attacks exploit the weak points of the browser's older versions.

Can I deactivate cookies?

Deactivating and refusing to allow cookies can limit your online browsing experience by making some websites virtually unusable or difficult to navigate. But the choice is always in the user's hands.

All modern browsers offer the possibility of changing the cookie settings. These settings are usually found under "Options" or in the "Preferences" menu of your internet browser.

GARANTI BANK SA, with headquarters in Bucharest, Sos. Fabrica de Glucoza No. 5, Novo Park 3, Business Centre, Building F, floors 5 and 6, district 2, with order number in the Trade Registry no. J40 /4429/2009, fiscal code 25394008, registered in the Credit Institutions Registry with no. RB-PJR-40-066 / 2009 and in the ASF Registry with no. PJR01INCR/400019/28.03.2019, hereinafter referred to as the "Bank” shall process my personal data, provided in relation with this request, as follows:

 

Processed personal data can be the following type: surname, name, phone number, e-mail address, Personal Identification Number (CNP), home address, profession, work place,  marital, financial and economic status, habits, preferences, payment/debt/saving behavior and any other data I provided through the dedicated form on the Bank website or which will be disclosed during the telephone conversation to be carried out with the Bank representative as a result of this request.

 

The purposes and aims of the processing. Recipients of personal data.

 

    (i) to analyse the possibility of entering into a loan agreement to which I will be a part of or to take steps at my request before entering into this agreement, the Bank shall process the data as follows:

  • sending notifications / information in connection with my request for analyzing the possibility of concluding a loan agreement;
  • sending data to Garanti BBVA Turkey (and to any of its legal successors), a Turkish company, an indirect shareholder of the Bank, which manages its IT system;
  • sending the data to the contractual partners of the Bank (from Romania or abroad) in order to provide outsourced services, made for and on behalf of the Bank (eg transmission of notifications, archiving, customer service, etc.).

 

    (ii) for the Bank to comply with its legal obligations, such as:

  • establishing my identity in order to fulfil the legal obligations of the Bank in the field of customer knowledge, money laundering prevention and terrorism fighting;
  • sending information on current accounts to the authorities authorized by the law to request and receive such information, e.g. the National Authority for Tax Administration (ANAF), the National Office for Prevention and Control of Money Laundering (ONPCSB), the courts of law, prosecutors, official receivers, notaries, supervisory and control authorities in the banking field, etc;

    •  

    (iii)   for the Bank to exercise a legitimate interest, as such:

    • sending the personal data to the entities that are part of Garanti BBVA group (all affiliated entities, as well as all the direct and indirect shareholders of GARANTI BANK SA), made up currently of: Garanti Holding B.V. and G Netherlands B.V.(The Netherlands), Garanti Bilisim Teknolojisi ve Ticaret T.A.S., Garanti BBVA Turkey(Turkey), Banco Bilbao Vizcaya Argentaria SA(Spain), Ralfi IFN SA, Motoractive IFN SA, Motoractive Multiservices SRL(Romania), for internal administrative purposes (for the lawful purpose of carrying out consolidated supervision at a group level, for instance the analysis of the financial situation of the entities in the group, the identification of the risks relative to the group activity, etc.)
    • using the data by the Bank for statistical purposes, under the condition of their pseudonymization.

     

    The transfer of personal data abroad

    In fulfilling the above purposes, Garanti Bank SA will be able to transfer personal data abroad only if an adequate level of personal data protection recognized by a European Commission decision is ensured in the recipient country.

    In the absence of such a decision issued by the European Commission, the Bank may transfer personal data to a third country only if adequate safeguards according to the law are provided in order to protect personal data. The Bank may be contacted to obtain additional information on the guarantees offered for the protection of personal data in case of any transfer of data to foreigners, through a written request to do so.

The personal data storage period

In the event I conclude a loan agreement with the Bank, the Bank will store the personal data for the duration of our contractual relations and after the termination of such relations for a period of maximum 10 years, taking into account: the banking legislation provisions on customer knowledge, the prevention of money laundering and the financing of terrorism, the provisions of the Accounting Law regarding the keeping of the supporting documents underlying the records in the financial accounting, the need to defend / preserve the Bank's rights in a possible litigation regarding the conclusion, performance or termination of the credit contract.

 

In the event that I will not conclude a loan agreement with the Bank, the Bank will store the personal data for a period of 5 years from the date of the request, taking into account the banking legislation on customer knowledge, money laundering prevention and terrorist financing and the need to protect / preserve the Bank's rights in a possible litigation.

 

For the purposes of data archiving according to the National Archives Act and taking into account the National Archives (approved by the National Archives) applicable at the Bank level and for the data processing by the Bank for statistical purposes, the data may be stored for periods longer than those indicated above.

My rights

I will be able to exercise, in the cases and under the conditions provided for by the law, the following rights with respect to the personal data processed by the Bank:

 

  • the right of access
  • the right of opposition
  • the right to data portability
  • the right to rectify the data
  • the right to deletion of the data (the "right to be forgotten")

 

There may be cases when the Bank will not be able to positively respond to the data deletion request, namely:

 

i. in cases where the Bank has a legal obligation to store personal data;

 

ii. where data are stored for the purposes of archiving in the public interest or for statistical purposes;

 

iii. in cases where the data are necessary for the establishment, exercise or defense of a right in Court.

 

● the right to restrict the data processing;

 

The above-mentioned rights may be exercised by sending a request to GARANTI BANK SA, its headquarters, to any of the branches of the Bank, as well as by electronic means, to the e-mail: dpo@garantibbva.ro, providing sufficient data to allow the Bank to identify the applicant.

 

  • the right to file a complaint with a supervisory authority for personal data processing. In Romania, the complaint will be filed with the National Supervisory Authority for Personal Data Processing (ANSPDCP), headquartered in Gheorghe Magheru Blvd. 28-30, District 1, postal code 010336, Bucharest, under the form of a written notice, at the headquarters of the institution, or electronically, at the e-mail address anspdcp@dataprotection.ro.


By validating this form I declare that I have been informed and I agree with the processing of my personal data as it is described above.

* READ THE DOCUMENT TO AGREE WITH PERSONAL DATA PROCESSING.

 

GARANTI BANK SA, with headquarters in Bucharest, Sos. Fabrica de Glucoza nr. 5, Novo Park 3, Business Center, Building F, 5ht and 6th floors, 2nd District, number in the Trade Registry J40/4429/2009, tax registration number 25394008, registered in the Credit Institutions Registry with no. RB-PJR-40-066/2009, hereinafter referred to as the „Bank”, , shall process your personal data provided in relation with this request, as follows:

 

Personal data processed: surname, name, personal code (CNP), address, phone number, e-mail  address and any other data provided to the Bank based on this suggestions and complaints form;

 

Processing purposes. Personal data recipients.  

 

(i) In order to register your suggestion / complaint and to take steps to resolve it, the Bank will process your personal data as follows:

 

  • transmitting notifications / information in connection with the settlement of the complaint/request
  • sending data to Turkyie Garanti Bankasi A.Ş. (and any of its legal successors), a Turkish company, an indirect shareholder of the Bank, which manages its IT system;
  • Transmitting data to the contractual partners of the Bank (from Romania or abroad) in order to provide outsourced services, made for and on behalf of the Bank (eg transmission of notifications, archiving, customer service, etc.).

 

(ii) for the Bank's performance of legal obligations, such as:

  • establishing the identity in order to fulfil the legal obligations of the Bank in the field of customer knowledge;
  • transmitting information to the authorities certified by the law to request and receive such information, for example Courts of Law, Prosecutor's offices, official receivers, the National Office for the Prevention and Control of Money Laundering (ONPCSB), tax authorities, notaries, authorities with supervisory and control role in the field of banking, etc .;

 

(iii) in order for the Bank to exercise a legitimate interest, as follows:

  • o the transmission of personal data to the entities belonging to the Garanti Group (all affiliated entities, as well as all direct and indirect shareholders of GARANTI BANK SA), formed on this date by: Garanti Holding B.V. and G. Netherlands B.V. (The Netherlands), Garanti Bilişim Teknolojisi v Ticaret TAS., Turkye Garanti Bankasi AS (Turkey), Banco Bilbao Vizcaya Argentaria SA (Spain), Ralfi IFN SA, Motoractive IFN SA, Motoractive Multiservices SRL (Romania) for internal administrative purposes (for the legitimate purpose of consolidated supervision at group level, for example, analysing the financial situation of the entities in the group, identifying the risks associated with the group's activity, etc.)
  • the use of data by the Bank for statistical purposes, subject to their pseudonymization.

 

 

 

Transfer of personal data abroad

 

 

In fulfilling the above purposes, Garanti Bank SA will transfer the personal data abroad only if an adequate level of personal data protection recognized by a European Commission decision such as the countries of the European Economic Area (EEA) is ensured in the recipient country.

In the absence of such a decision of the European Commission, the Bank may transfer personal data to a third country only if the person processing the data on behalf of the Bank offered adequate guarantees provided by the law to protect personal data.

The Bank may be contacted to obtain additional information on the guarantees offered for the protection of personal data in case of any transfer of data to foreigners through a written request for this purpose.

 

The period of personal data storage

 

As long as you are a customer of the Bank, the Bank will store the personal data for the duration of our contractual relations and after the termination of these relationships for a period of maximum 10 years, taking into account: the banking legislation on customer knowledge, the provisions of the Accounting Law on keeping the supporting documents underlying the records in financial accounting, the need to protect / preserve the Bank's rights in a possible litigation;

Unless you are a Bank customer, the Bank will store your personal data for a period of 3 years considering the need to protect / preserve the Bank's rights in a possible litigation.

For the purpose of archiving the data under the National Archives Act and taking into account the National Bank Archival Nomenclature (approved by the National Archives) applicable by the Bank and for the data processing by the Bank for statistical purposes, the data may be stored for periods longer than those indicated above.

 

My rights

 

You will be able to exercise, in the cases and under the conditions provided by the law, the following rights regarding the personal data processed by the Bank:

  • the right of access
  • the right of opposition
  • the right to data portability
  • the right to rectify the data
  • the right to delete the data (the "right to be forgotten")

There may be situations where the Bank will not be able to respond to the data deletion request, namely:

  1. in cases where the Bank has a legal obligation to store personal data;
  2. in cases where data is stored for purposes of archiving in the public interest or for statistical purposes;
  3. in cases where the data are necessary for the establishment, exercise or defence of a right in Court.
  • the right to restrict the data processing

 

The above-mentioned rights may be exercised by sending a request to GARANTI BANK SA, at its headquarters, to any of the branches of the Bank, as well as by electronic means, to e-mail dpo@garantibbva.ro, providing sufficient data to allow the identification of the applicant by the Bank.

  • The right to submit a complaint with the Personal Data Processing Authority in Romania; the complaint shall be submitted at the National Authority for the Surveillance of Personal Data Processing (A.N.S.P.D.C.P.), with headquarters in B-dul G-ral Gheorghe Magheru 28-30, 1st District, postal code 010336, Bucharest, under the form of a written notification, at the headquarters of the institution, or electronically, at the e-mail address anspdcp@dataprotection.ro.

  

 

* READ THE DOCUMENT TO AGREE WITH PERSONAL DATA PROCESSING.
tttt