The cookie policy

The www.bonuscard.ro website is using cookies in order to improve the browsing experience for its users. You can read more about the way that cookies are placed, used and administered and access a few useful links below. If you want to learn more on this topic and can't find your answers in the information presented here, please contact us at 0800 80 1234 (toll-free number, in any fixed line) or +40 21 200 94 94 (regular tariff number in any network), available daily between 9:00 and 22:00.

The cookies used by this website offer valuable feedback and help us to better understand the needs of our visitors. The information gathered through them is not stored in our database and when you close the browser, the cookies are deleted from your computer.


What is a "cookie"?

An "Internet Cookie" (also known as a "browser cookie", a "HTTP cookie" or simply a "cookie") is a small text file consisting in letters and numbers which is stored on your computer, mobile device or other gadget connected to the Internet.

The cookie is installed after a web-server sends this request to a browser (e.g.: Internet Explorer, Chrome) and is completely "passive" (it doesn't contain any software, viruses or spyware programs and can't access the information stored on the user's hard drive). The cookie is then resent to the original website at every visit or to another website that recognizes that cookie. But cookies themselves don't ask for personal information and in most cases don't personally identify the internet user. Their main role is to remember the user's preferences on that website or to identify the loyal visitors of a page.

There are two main types of cookies:

  • Session cookies – which are temporarily stored in the cookie folder of your internet browser and memorized until you leave that website or close the browsing window (e.g.: when you log in / out of a webmail or social network account)
  • Persistent cookies – which are stored on a hard drive or computer hardware (and usually depend on the lifespan on that particular cookie). Some cookies are used for just one session and discarded after the user leaves the website and others are stored and reused each time that person visits the website. However, cookies can be deleted at any time by the user through his browser settings.

Persistent cookies include those placed by another website than the one visited by the user at that particular moment. Known as "third party cookies", they can be anonymously used to memorize the interests of a certain user in order to show him the most relevant pieces of advertising.


What are the advantages of using "cookies"?

Cookies help you enjoy a better browsing experience by remembering your preferences about online confidentiality, language settings or relevant ads. At the same time, they help us to better understand what our users need and improve the structure of our website.

The information we gather help us get a general picture about the areas which could use improvements, such as:

  • the most popular pages (in order to make them more accessible)
  • the pages that are not used (in order to remove the unnecessary content)
  • the most searched types of information (in order to provide them for our users)
  • the areas which show errors (in order to fix them)

What is the lifespan of a cookie?

The lifespan of a cookie can vary dramatically, according to the purpose of their placement. Some cookies are used exclusively for one session (session cookies) and are discarded after the user has left the website, while others are memorized and reused each time the user returns to that website. However, cookies can be deleted at any time by the user through his browser settings.


What are third party cookies?

Some types of content on certain websites can be provided through third parties / suppliers (e.g.: a video or a commercial). Also, third parties can place cookies through the website - these being known as "third party cookies". The third parties have to obey the law and privacy settings of the website holder.


What type of cookies can be placed by third parties?

While visiting www.bonuscard.ro, the following cookies can be placed:

  • Website performance cookies - which memorize the user's preferences so he won't have to mention them every time he visits our website.
  • Analytics cookies - which identify if the user is visiting the website for the first time or if he is a returning visitor. This type of information helps us monitor the unique visitors and the number of visits to our website.

Other third party cookies

On some pages, third parties can place their own anonymous cookies, in order to track the success of an application or to personalize it. Due to its usage profile, our website can't access that kind of cookies, the same way that third parties can't access the cookies held by this website.


The Google Analytics cookies

This website uses cookies that may originate from Google Analytics. The information collected by these cookies is transferred and stored by Google on its personal servers, according to its privacy policy. Our website uses Google Analytics cookies in order to collect information on how the visitors use the website and to detect potential navigation problems.

Google Analytics stores information about the pages visited, the time spend in site, the path of access to the website, as well as the sections accessed through the pages. No personal information is stored, therefore the data collected cannot lead to identifying a particular user.

This website also uses Google Analytics in order to verify if it meets the demands of its users and to prioritize its steps towards improvement. Google offers more information about cookies in the privacy and cookies policy pages. Also, Google offers users and add-on which allows them to leave out Google Analytics on any page they access.

For more information on how Google collects and uses this data, please read more at the privacy policy link.


What type of information is stored and accessed through cookies?

Cookies store in a small text file information what allows a website to recognize a browser. The webserver will recognize that browser until the cookie expires or is deleted.

The cookie stores important information which can improve your online browsing experience (e.g.: the language settings on websites you visit; keeping you logged into your webmail account; the online banking security etc.)


Why are cookies important for online browsing?

Websites are constantly trying to evolve and improve their services. That's why cookies are essential for the way these platforms work and adapt their content to suit every user's preferences and interests. By refusing or deactivating cookies, you can render some sites impossible to use.

The option is entirely that of the user. For instance, if you refuse or deactivate cookies, it doesn't mean you won't have access to online advertising, but it will not be as relevant (meaning it will not take into consideration the preferences and interests resulting from your online behavior).


Cookie security and privacy

Cookies are completely harmless and do not represent viruses! They use plain text type formats and are not based on code, which means they are not executable programs and can't auto run.

However, because they store information about the preferences and navigation history of the users on one or more websites, cookies may be used as a type of Spyware. Many antispyware products are aware of this and are constantly marking cookies to be deleted in the antivirus/antispyware scanning/cleaning processes.

Generally, browsers include confidentiality settings which provide various levels of cookie acceptance, validity and automatic deletion after the user has visited a website.


Other information regarding security

In order to avoid any type of problems while using cookies, it's good to know everything about the potential security risks. Because they constantly send information back and forth between the browser and the website, if a transgressor or an unauthorized person interferes with this process of data transmission, the information stored by the cookie could be intercepted. Although very rare, this can happen if the browser connects to the server using an unencrypted network (e.g.: an insecure Wi-Fi network).

However, there are some pieces of advice you can follow in order to make sure you can safely browse the internet. Deactivating cookies is not a solution, because it will prevent you from accessing the most popular websites, such as Youtube, Gmail, Yahoo and so on.

Therefore, in order to safely navigate the web while still enjoying the advantages of using cookies, we recommend that:

  • You personalize the browser settings regarding cookies so that they reflect a security level you are comfortable with
  • You constantly install and update antispyware applications
  • If you're not bothered by cookies and are the only person using the computer, you can set long validity terms for storing your navigation history and authentication data.
  • You constantly update your browser, since many of the cookie based attacks exploit the weak points of the browser's older versions.

Can I deactivate cookies?

Deactivating and refusing to allow cookies can limit your online browsing experience by making some websites virtually unusable or difficult to navigate. But the choice is always in the user's hands.

All modern browsers offer the possibility of changing the cookie settings. These settings are usually found under "Options" or in the "Preferences" menu of your internet browser.

* READ THE DOCUMENT TO AGREE WITH PERSONAL DATA PROCESSING.

Processing of personal data within Garanti Bank SA

This document presents the types of personal data collected and processed within GARANTI BANK SA, the purposes and the reasons for such processing, the recipients of the data, the storage periods, the rights of the persons subject to the data processing.

               

GARANTI BANK SA is a company headquartered in Bucharest, no. 5 Sos. Fabrica de Glucoza, Novo Park 3, Business Center, Building F, 5th and 6th floors, sector 2, with order number in the Trade Register J40 / 4429/2009, fiscal registration code 25394008, registered in the credit institutions register no. RB-PJR-40-066 / 2009, hereinafter referred to as "the Bank".

This information is intended for individuals, such as:

  • Former customers and current clients of Garanti Bank SA
  • Individuals applying for a product / service of the Bank or communicating to us the data so as to be contacted in connection with their request
  • Any natural person involved in any transaction with Garanti Bank SA, either personally or as a representative of a legal person
  • Payers in the accounts of individuals and legal entities
  • Representatives, natural persons (associates, shareholders, delegates, empowered persons), of some corporate clients
  • People who contact us to obtain various information about our products and services, to submit a suggestion, request or complaint, filling out a request, an online form, or by contacting us on the phone, providing us with their personal data.

Note: The information presented below differs according to the quality of the person concerned, to the types of products and services chosen or benefited by the data subject, the nature of the purpose of the request addressed to the bank by the data subject, the purpose of the processing, the data recipient.

Personal data processed: name, surname, personal numeric code (CNP), health status, citizenship, address, fixed and mobile phone number, e-mail address, profession, workplace, family, economic and financial situation, preferences / payment / saving / debt behavior, image, voice, information about fraudulent activity, information regarding the inaccuracies found in the documents / statements submitted to the Bank, obtained on the basis of the forms, statements and documents submitted, drafted or completed, data taken from a telephone conversation;

The purposes and bases of the processing. Recipients of personal data

(i) for the purpose of concluding and performing a contract to which the data subject is a party or to take action upon their request prior to the conclusion of a contract, the Bank will process the personal data as follows:

o for the conclusion and execution of the current account contract and, depending on the banking services chosen by the data subject, of the savings account contract, of the deposit contract, of the internet / mobile banking services, the payment of the related payment services and the carrying out of the contractual relation with the Bank, for this purpose the latter being able to perform the following activities (as an example):

- carrying out payment operations, cashes, transfers, foreign exchange, direct debit services, scheduled payment orders, etc. (the recipients of the payment data may be recipients of payment transactions, the corresponding banks, interbank trade clearing services providers - eg TRANSFOND SA, the national payment system paid in Ron offered by BNR-ReGIS, etc. .);

- Transmitting data to Turkyie Garanti Bankasi A.S., a Turkish company, an indirect shareholder of the Bank, which manages its IT system, and to any of its legal successors;

                                                                                                                                                                        

- Transmitting data to the contractual partners of the Bank (from Romania or abroad) in order to provide outsourced services, made for and on behalf of the Bank for the purpose of concluding and performing the current account contract (eg sending notifications, archiving, clients services, etc.);

  - the transfer to the payers of the monetary rights (salaries, allowances, pensions, etc.) for me, of the name and surname, CNP and IBAN codes of the current accounts opened in my name, in order for such institutions (employer / Paying Agency / Pension House, etc.) to be able to pay the relative rights in their current account opened with the Bank

o    for the conclusion and performance of the credit agreement, of the credit card contract, of the overdraft and of the guarantee contracts, and for this purpose the Bank may perform the following actions (as an example):

- Automatically assessing the eligibility of the person concerned for granting the credit and the issuing of an automated exclusive decision; to the extent that the decision is negative, the credit request will be rejected. To the extent that the decision is a positive one, the Bank will continue the analysis of the possibility of granting the credit, the final decision not being based solely on automatic processing. The above mentioned automatic rating is based on a score calculated at the level of each credit applicant indicating the probability of repayment or non-repayment of the credit, a score developed based on both the socio-demographic characteristics of the applicant and on the behavioral characteristics of the applicant, with the aim of separating the applicants with high potential to be good payers, from those with inappropriate payment behavior;

- analyzing the credit repayment capacity;

- assessment of the goods registered as guarantee (in which case the recipient of the data is the Assessor);

- analysis of the documents related to the real estate proposed as guarantee (in which case the recipient of the data is the notary office);

- the transmission of notifications regarding the modification of the contractual clauses, notifications regarding the delay in payment of the installments, etc.

- sending data to Turkyie Garanti Bankasi A.Ş. (and any of its legal successors), a Turkish company, an indirect shareholder of the Bank, which manages its IT system;

- Transmitting data to the contractual partners of the Bank (from Romania or abroad) in order to provide outsourced services, made for and on behalf of the Bank (eg transmission of notifications, archiving, customer service, etc.).

- if the loan requested by the client is guaranteed by the National Credit Guarantee Fund for Small and Medium Enterprises - FNGCIMM IFN SA or by the Rural Credit Guarantee Fund - FGCR IFN SA, the Bank shall transmit to the latter non-bank financial institutions the data necessary for the approval and execution of the guarantee related to the respective credit facility

                                                                                                                                                                          

o for the conclusion of the insurance contract, if the conclusion of the insurance is a condition for the granting of the credit or the credit product has an insurance attached, in which case the Bank will transmit the data to the insurance companies;

o  for the refinancing of the loan, if the person concerned requests this service to another financial institution, in which case the Bank will send to the latter the data necessary for the refinancing.

(ii) for the Bank's performance of legal obligations, such as:

o establishing the identity of the person concerned in order to fulfill the legal obligations of the Bank in the field of customer knowledge, money laundering prevention and combating terrorism;

o Transmitting information to law enforcement authorities to request and receive such information, for example courts of law, prosecutor's offices, bailiffs, the National Office for the Prevention and Control of Money Laundering (ONPCSB), tax authorities, notaries, authorities with supervisory and control role in banking, etc .;

o  the transmission by the Bank of information about the credit granted to the Credit Risk Center, the database functioning at the National Bank of Romania;

o transmitting mandatory notifications based on legal provisions, for example, but not limited to notifications of starting the forced execution procedure, the notification of the debt assignment;

o the transmission by the Bank to another credit institution of the information required for the provision of the account change service, based on the legislation on the comparability of commissions related to the payment accounts, the change of payment accounts and the access to the basic services payment accounts, in case the holder will require the provision of such a service;

o the transmission by the Bank to the payment service providers and to the information service providers of the information required for the provision of such services under the payment services legislation, if the holder requests the provision of such services. The Bank will not be able to refuse the transmission of personal data in such situations; consequently, if the data subject does not agree to the transmission of the data to a particular provider / providers, I assume that the Bank will not initiate information operations on accounts or on payment transactions through them.

                                                                                                                                                                           

o video surveillance of the Bank's premises, representing access areas, both from the outside and from the inside, working areas with the public, driving routes and access to the storage areas of the values.

(iii) in order for the Bank to exercise a legitimate interest, as follows:

o the transmission of personal data to the entities belonging to the Garanti group (all affiliated entities, as well as all the direct and indirect shareholders of GARANTI BANK SA), formed at this time by: Garanti Holding B.V. and G Netherlands B.V. (The Netherlands), Garanti Bilişim Teknolojisi ve Ticaret TAS., Turkyie Garanti Bankasi AS (Turkey), Banco Bilbao Vizcaya Argentaria SA (Spain), Ralfi IFN SA, Motoractive IFN SA, Motoractive Multiservices SRL (for the legitimate purpose of consolidated supervision at group level, for example, analyzing the financial situation of the entities in the group, identifying the risks associated with the group's activity, etc.)

o the use of the data by the Bank for statistical purposes, subject to their pseudonymization;

o transmitting information to debt recovery companies in order to collect outstanding amounts on credit;

o periodical reporting and consulting of data (identification data: name, surname, personal identification number, home address / residence and mailing address, fixed / mobile phone number, date of birth, country code and passport  series/ number for non-resident persons; employer's name and address; data concerning the credit-type products required/granted: the type and name of the Participant, the type of product, the status of the product / account, the date of granting, the grant period, the amounts granted, the amounts due, the maturity date, currency, payment frequency, amount paid, monthly installment, outstanding amounts, number of outstanding installments, number of days of delay, delay category, date of closing of the product; data about events occurring during the course of the credit product, such as those relating to restructuring / refinancing, payment, assignment of the credit agreement, assignment of the claim; data concerning the relations with other accounts: information on credit type products to which I am the co-debtor and / or guarantor; insolvency data: information on the data persons against whom an insolvency procedure has been opened; number of queries: the number of Credit Reports issued by the Credit Bureau, at the request of one or more Participants) to the Biroul de Credit SA, headquartered in Bucharest, no. 29 Sfanta Vineri Street, 4th floor, sector 3, a private law entity administering the Credit Bureau System, in which personal data are processed in relation to the lending activity of the Participants (credit institutions, non-banking financial institutions, insurance companies and debt recovery which signed a Participation Contract with Biroul de Credit) for the carrying out of a responsible crediting activity companies under the protection, facilitation of access to credit and prevention of excessive indebtedness of the data subjects, under compliance with the legal framework for the assessment of creditworthiness and of the credit risk diminishing, and of preventing the use of the financial and banking system in order to carry out activities contrary to the law; The Bank has the obligation, in accordance with the legal regulations in force, to assess the ability of the data subject to repay the loan before concluding a credit agreement and during the course of the credit. For this purpose, the Bank processes the above-mentioned information, registered on your name in the Registries, and transmits it to the Credit Bureau for the purpose of processing by this institution and for the purpose of consulting it by any Participant for the purpose of initiating or conducting a credit relation, and for credit-type insurance.

The above-mentioned personal data may be processed by the Credit Bureau, also with the purpose to calculate, at the Participant's request, the FICO® Score from the Credit Bureau.

                                                                                                                                                                             

The Bank and the other Participants use the FICO® Score from the Credit Bureau to reduce the credit risk associated with a debtor / potential borrower. FICO® Score from the Credit Bureau is a number between 300 and 850 obtained from the statistical process that processes the information recorded by the Participants in the Credit Bureau System and indicates the likelihood that the data subject will pay his interest rates in the future. The main causes of the FICO® Score decrease from the Credit Bureau are displayed under the form of reason codes. FICO® Score from the Credit Bureau takes into consideration the following elements that give predictability: payment history, current debt, duration of the account / credit accounts (the average number of months from the granting of credits), the demand for new credits (the number of queries and credits granted over the past 6 months), credit mix (types of credits granted), age of the data subject. The influence of these elements on the FICO® Score from the Credit Bureau may vary depending on the information recorded at the Credit Bureau for each data subject. FICO® Score from the Credit Bureau is a highly predictive analytical tool that, along with the Credit Report data and the information obtained from the Participants from other sources, competed for the correct assessment of the creditworthiness of the data subject for the conclusion/ performance of the contract credit.

o Enrollment of the Real Estate Guarantees Electronic Archive (A.E.G.R.M.) of the real estate guarantees established for the Bank, for the guarantee of the credit, in order to carry out the pratices for advertising thereof and to ensure the Bank's priority in the performance;

o transmitting data to the assignors of the receivables, if the Bank will assign the receivables related to the credit contract / agreements in which the data subject is / was a party;

o transmission of data to the judicial executors in order to execute the guarantees and to recover the debts related to the credit contract;

o video surveillance of bank machines in order to prevent fraud and to solve any complaints

                                                                                                                                                                           

(iv) processing of personal data on the basis of the consent of the data subject:

o for the purpose of consulting the information registered with the Biroul de Credit SA on behalf of the data subject, such as information about the credit products, similar or insurance products, or other commitments that which they benefit from or benefited from, such as the credit limit, the duration of the credit, payment history, current balance, outstanding value and any information related thereto, for the purpose of assessing solvency, of reducing the credit risk, and of determining the indebtedness degree.

o  for the purpose of consulting the information registered in the database of the National Agency of Tax Administration (ANAF), regarding the quality of the person targeted by the taxpayer and of the level of the income thereof, for the purpose of evaluating the eligibility for granting the requested loan (Agreement on Interrogation and Processing of Information). The Bank may request on behalf of the taxpayer, tax information about the applicant for the period of the last 2 completed tax years, including the information related to the period between the last fiscal year ended and the date of their request.

o for the purpose of consulting, in order to initiate the credit relationship, the banking risk information, such as the situation of the global risk and the situation of the outstanding loans recorded at the Credit Risk Center, the structure functioning at the National Bank of Romania, in relation to the data subject

o  for publicity, marketing and advertising purposes, profile creation and personalized offers (according to the person's options).

The processing of personal data required by Garanti Bank SA to initiate a business relationship / by other forms / channels is mandatory, except as a rule, where the processing of the data is based on the consent of the person concerned (eg. In case of marketing or automated decision making that produces significant legal effects or significant similar effects and which are not necessary for the performance of a contract or the fulfillment of a legal obligation). In other cases, the refusal of the data subject will cause Garanti Bank SA to be unable to provide services or financial-banking products.

                                                                                                                                                                                                     

The Transfer of Personal Data Abroad

In fulfilling the above purposes, Garanti Bank SA will transfer the personal data abroad only if, in the recipient country, is ensured an adequate level of personal data protection recognized by a European Commission decision such as the countries of the European Economic Area (EEA).

In the absence of such a decision of the European Commission, the Bank may transfer personal data to a third country only if the person processing the data on behalf of the Bank offered adequate safeguards provided by the law to protect personal data.

The Bank may be contacted to obtain additional information on the guarantees offered for the protection of personal data in case of any transfer of data to foreigners through a written request to do so.

The period for personal data storage

The Bank will store personal data for periods of up to 10 years from the termination of the contractual relationship / transaction / data provision (depending on the quality of the data subject, of the products and services they benefit from, of the relationship thereof with the bank, etc.) given the banking legislation provisions on customer knowledge, money laundering prevention and terrorism financing, the provisions of the Accounting Law, the need to defend / preserve the rights of the Bank in a possible litigation, the provisions of the legislation regarding the guarding of objectives, goods, values and protection of persons, the legitimate interest of the Bank to perform video surveillance of the bank machines in order to prevent fraud and to resolve any complaints.

For the purpose of archiving the data under the National Archives Act and taking into account the Archival Nomenclature (approved by the National Archives) applicable at the level of the Bank and for the data processing by the Bank for statistical purposes, the data may be stored for periods longer than those indicated above.

As far as the processing for marketing purposes is concerned, it will cease at the moment of withdrawal of the consent granted to the Bank for this purpose, regardless of whether the above-mentioned storage periods have been fulfilled or not.

Rights of the person concerned

The person concerned has the possibility to exercise, under the conditions and in the cases provided by the law, the following rights regarding the personal data processed by the Bank:

  • the right to access to the collected personal data - the right to obtain from the Bank a confirmation that it processes personal data or not, and, if so, to ensure access to the data; for this purpose, the Bank will provide a copy of the personal data undergoing processing;
  • the right to object - the right to oppose at any time, for legitimate and legitimate reasons related to my particular situation, so that the personal data are the object of processing by the Bank; The Bank will no longer process personal data unless it demonstrates to have legitimate and compelling reasons that justify processing and that prevail over the person's interests, rights and freedoms, or that the purpose of the processing is to establish, exercise or defend a right in Court.
  • the right to data portability - the right to receive the personal data we have provided to the Bank and to transmit it to another operator; this right may be exercised only when:

(i) the processing of personal data is based on basis of the consent granted for processing or is based on the performance of a contract; and

(ii) the processing is carried out by automatic means;

  • the right to withdraw the consent granted for data processing - this right can be exercised at any time, without costs, only when the processing of personal data is made on the basis of the consent granted for the processing of the data; the withdrawal of consent does not affect the lawfulness of the processing carried out to that point;
  • the right to rectify the data: the right to request and obtain the rectification of inaccurate personal data and / or to obtain the completion of incomplete personal data, including by providing an additional statement;
  • the right to delete the data ("the right to be forgotten") - this right can be exercised in the following cases:

(i) the personal data are no longer required for the purposes for which they were collected or processed;

(ii) I withdraw the consent on the basis of which the processing takes place and there is no other legal basis for the processing;

(iii) I exercise my right of opposition with regard to the processing of personal data and there are no legitimate reasons to prevail in the processing;

(iv) I exercise my right of objection with regard to the processing of personal data for the purposes of direct marketing;

(v) the personal data were processed unlawfully;

(vi) the personal data must be deleted to comply with a legal obligation of the Bank.

There may be situations where the Bank will not be able to respond to the data deletion request, namely:

(i) in cases where the Bank has a legal obligation to store personal data;

(ii) in cases where data are stored for purposes of archiving in the public interest or for statistical purposes;

(iii) in cases where the data are necessary for the establishment, exercise or defense of a right in Court.

  • the right to restrict data processing - this right may be exercised under the following conditions:

(i) where the data subject challenges the accuracy of the processed data; the restraint will operate for a period that will allow the Bank to verify the accuracy of the data;

(ii) if the processing is illegal and the data subject will object to the deletion of personal data, requesting instead the restriction of their use;

(iii) The Bank no longer requires personal data for processing, but the data subject will request them for the establishment, exercise or defense of a right in Court,

(iv) if the data subject has exercised his right to oppose data processing, unless the processing is for direct marketing purposes; the restraint will operate / will apply for the period of time to verify that the legitimate rights of the Bank override the rights of the data subject.

  • the right to obtain human intervention from the Bank, to express the views and to challenge the Bank's decision exclusively on the eligibility of the data subject for the granting of the loan.

The above-mentioned rights may be exercised by sending a request to GARANTI BANK SA, at its headquarters, to any of the branches of the Bank, as well as by electronic means, to e-mail dpo@garantibank.ro, providing sufficient data to allow the applicant to identify the applicant by the Bank.

  • the right to file a complaint with the supervisory authority for the processing of personal data - this right may be exercised if the data subject considers that the processing of personal data violates the legal provisions in the field of data protection, without prejudice to any other administrative or judicial remedies; the complaint may be filed with the supervisory authority of the Member State of the European Union in which the person concerned has the regular residence or where the place of work is or where the alleged infringement has occurred. In Romania, the complaint is filed with the National Supervisory Authority for Personal Data Processing (A.N.S.P.D.C.P.), headquartered in no. 28-30 G-ral. Gheorghe Magheru Street, District 1, postal code 010336, Bucharest, in the form of a written notification, at the headquarters of the institution or electronically, at the e-mail address anspdcp@dataprotection.ro.

The contact details of the Data Protection Officer are:

  • e-mail address: dpo@garantibank.ro
  • mail address: Bucharest, no. 5 Sos. Fabrica de Glucoza Street, Novo Park 3, Business Center, Building F, 5th and 6th floor, district 2
* READ THE DOCUMENT TO AGREE WITH PERSONAL DATA PROCESSING.

 

GARANTI BANK SA, with headquarters in Bucharest, Sos. Fabrica de Glucoza nr. 5, Novo Park 3, Business Center, Building F, 5ht and 6th floors, 2nd District, number in the Trade Registry J40/4429/2009, tax registration number 25394008, registered in the Credit Institutions Registry with no. RB-PJR-40-066/2009, hereinafter referred to as the „Bank”, , shall process your personal data provided in relation with this request, as follows:

 

Personal data processed: surname, name, personal code (CNP), address, phone number, e-mail  address and any other data provided to the Bank based on this suggestions and complaints form;

 

Processing purposes. Personal data recipients.  

 

(i) In order to register your suggestion / complaint and to take steps to resolve it, the Bank will process your personal data as follows:

 

  • transmitting notifications / information in connection with the settlement of the complaint/request
  • sending data to Turkyie Garanti Bankasi A.Ş. (and any of its legal successors), a Turkish company, an indirect shareholder of the Bank, which manages its IT system;
  • Transmitting data to the contractual partners of the Bank (from Romania or abroad) in order to provide outsourced services, made for and on behalf of the Bank (eg transmission of notifications, archiving, customer service, etc.).

 

(ii) for the Bank's performance of legal obligations, such as:

  • establishing the identity in order to fulfil the legal obligations of the Bank in the field of customer knowledge;
  • transmitting information to the authorities certified by the law to request and receive such information, for example Courts of Law, Prosecutor's offices, official receivers, the National Office for the Prevention and Control of Money Laundering (ONPCSB), tax authorities, notaries, authorities with supervisory and control role in the field of banking, etc .;

 

(iii) in order for the Bank to exercise a legitimate interest, as follows:

  • o the transmission of personal data to the entities belonging to the Garanti Group (all affiliated entities, as well as all direct and indirect shareholders of GARANTI BANK SA), formed on this date by: Garanti Holding B.V. and G. Netherlands B.V. (The Netherlands), Garanti Bilişim Teknolojisi v Ticaret TAS., Turkye Garanti Bankasi AS (Turkey), Banco Bilbao Vizcaya Argentaria SA (Spain), Ralfi IFN SA, Motoractive IFN SA, Motoractive Multiservices SRL (Romania) for internal administrative purposes (for the legitimate purpose of consolidated supervision at group level, for example, analysing the financial situation of the entities in the group, identifying the risks associated with the group's activity, etc.)
  • the use of data by the Bank for statistical purposes, subject to their pseudonymization.

 

 

 

Transfer of personal data abroad

 

 

In fulfilling the above purposes, Garanti Bank SA will transfer the personal data abroad only if an adequate level of personal data protection recognized by a European Commission decision such as the countries of the European Economic Area (EEA) is ensured in the recipient country.

In the absence of such a decision of the European Commission, the Bank may transfer personal data to a third country only if the person processing the data on behalf of the Bank offered adequate guarantees provided by the law to protect personal data.

The Bank may be contacted to obtain additional information on the guarantees offered for the protection of personal data in case of any transfer of data to foreigners through a written request for this purpose.

 

The period of personal data storage

 

As long as you are a customer of the Bank, the Bank will store the personal data for the duration of our contractual relations and after the termination of these relationships for a period of maximum 10 years, taking into account: the banking legislation on customer knowledge, the provisions of the Accounting Law on keeping the supporting documents underlying the records in financial accounting, the need to protect / preserve the Bank's rights in a possible litigation;

Unless you are a Bank customer, the Bank will store your personal data for a period of 3 years considering the need to protect / preserve the Bank's rights in a possible litigation.

For the purpose of archiving the data under the National Archives Act and taking into account the National Bank Archival Nomenclature (approved by the National Archives) applicable by the Bank and for the data processing by the Bank for statistical purposes, the data may be stored for periods longer than those indicated above.

 

My rights

 

You will be able to exercise, in the cases and under the conditions provided by the law, the following rights regarding the personal data processed by the Bank:

  • the right of access
  • the right of opposition
  • the right to data portability
  • the right to rectify the data
  • the right to delete the data (the "right to be forgotten")

There may be situations where the Bank will not be able to respond to the data deletion request, namely:

  1. in cases where the Bank has a legal obligation to store personal data;
  2. in cases where data is stored for purposes of archiving in the public interest or for statistical purposes;
  3. in cases where the data are necessary for the establishment, exercise or defence of a right in Court.
  • the right to restrict the data processing

 

The above-mentioned rights may be exercised by sending a request to GARANTI BANK SA, at its headquarters, to any of the branches of the Bank, as well as by electronic means, to e-mail dpo@garantibank.ro, providing sufficient data to allow the identification of the applicant by the Bank.

  • The right to submit a complaint with the Personal Data Processing Authority in Romania; the complaint shall be submitted at the National Authority for the Surveillance of Personal Data Processing (A.N.S.P.D.C.P.), with headquarters in B-dul G-ral Gheorghe Magheru 28-30, 1st District, postal code 010336, Bucharest, under the form of a written notification, at the headquarters of the institution, or electronically, at the e-mail address anspdcp@dataprotection.ro.