Processing of personal data within Garanti Bank SA

This document presents the types of personal data collected and processed within GARANTI BANK SA, the purposes and the reasons for such processing, the recipients of the data, the storage periods, the rights of the persons subject to the data processing.

               

GARANTI BANK SA is a company headquartered in Bucharest, no. 5 Sos. Fabrica de Glucoza, Novo Park 3, Business Center, Building F, 5th and 6th floors, sector 2, with order number in the Trade Register J40 / 4429/2009, fiscal registration code 25394008, registered in the credit institutions register no. RB-PJR-40-066 / 2009, Registered in FSA Register with no. PJR01INCR/400019, hereinafter referred to as "the Bank".

This information is intended for individuals, such as:

  • Former customers and current clients of Garanti Bank SA
  • Individuals applying for a product / service of the Bank or communicating to us the data so as to be contacted in connection with their request
  • Any natural person involved in any transaction with Garanti Bank SA, either personally or as a representative of a legal person
  • Payers in the accounts of individuals and legal entities
  • Representatives, natural persons (associates, shareholders, delegates, empowered persons), of some corporate clients
  • People who contact us to obtain various information about our products and services, to submit a suggestion, request or complaint, filling out a request, an online form, or by contacting us on the phone, providing us with their personal data.

Note: The information presented below differs according to the quality of the person concerned, to the types of products and services chosen or benefited by the data subject, the nature of the purpose of the request addressed to the bank by the data subject, the purpose of the processing, the data recipient.

Personal data processed: name, surname, personal numeric code (CNP), health status, citizenship, address, fixed and mobile phone number, e-mail address, profession, workplace, family, economic and financial situation, preferences / payment / saving / debt behavior, image, voice, information about fraudulent activity, information regarding the inaccuracies found in the documents / statements submitted to the Bank, obtained on the basis of the forms, statements and documents submitted, drafted or completed, data taken from a telephone conversation;

The purposes and bases of the processing. Recipients of personal data

(i) for the purpose of concluding and performing a contract to which the data subject is a party or to take action upon their request prior to the conclusion of a contract, the Bank will process the personal data as follows:

o for the conclusion and execution of the current account contract and, depending on the banking services chosen by the data subject, of the savings account contract, of the deposit contract, of the internet / mobile banking services, the payment of the related payment services and the carrying out of the contractual relation with the Bank, for this purpose the latter being able to perform the following activities (as an example):

- carrying out payment operations, cashes, transfers, foreign exchange, direct debit services, scheduled payment orders, etc. (the recipients of the payment data may be recipients of payment transactions, the corresponding banks, interbank trade clearing services providers - eg TRANSFOND SA, the national payment system paid in Ron offered by BNR-ReGIS, etc. .);

- Transmitting data to Turkyie Garanti Bankasi A.S., a Turkish company, an indirect shareholder of the Bank, which manages its IT system, and to any of its legal successors;

                                                                                                                                                                        

- Transmitting data to the contractual partners of the Bank (from Romania or abroad) in order to provide outsourced services, made for and on behalf of the Bank for the purpose of concluding and performing the current account contract (eg sending notifications, archiving, clients services, etc.);

  - the transfer to the payers of the monetary rights (salaries, allowances, pensions, etc.) for me, of the name and surname, CNP and IBAN codes of the current accounts opened in my name, in order for such institutions (employer / Paying Agency / Pension House, etc.) to be able to pay the relative rights in their current account opened with the Bank

o    for the conclusion and performance of the credit agreement, of the credit card contract, of the overdraft and of the guarantee contracts, and for this purpose the Bank may perform the following actions (as an example):

- Automatically assessing the eligibility of the person concerned for granting the credit and the issuing of an automated exclusive decision; to the extent that the decision is negative, the credit request will be rejected. To the extent that the decision is a positive one, the Bank will continue the analysis of the possibility of granting the credit, the final decision not being based solely on automatic processing. The above mentioned automatic rating is based on a score calculated at the level of each credit applicant indicating the probability of repayment or non-repayment of the credit, a score developed based on both the socio-demographic characteristics of the applicant and on the behavioral characteristics of the applicant, with the aim of separating the applicants with high potential to be good payers, from those with inappropriate payment behavior;

- analyzing the credit repayment capacity;

- assessment of the goods registered as guarantee (in which case the recipient of the data is the Assessor);

- analysis of the documents related to the real estate proposed as guarantee (in which case the recipient of the data is the notary office);

- the transmission of notifications regarding the modification of the contractual clauses, notifications regarding the delay in payment of the installments, etc.

- sending data to Turkyie Garanti Bankasi A.Ş. (and any of its legal successors), a Turkish company, an indirect shareholder of the Bank, which manages its IT system;

- Transmitting data to the contractual partners of the Bank (from Romania or abroad) in order to provide outsourced services, made for and on behalf of the Bank (eg transmission of notifications, archiving, customer service, etc.).

- if the loan requested by the client is guaranteed by the National Credit Guarantee Fund for Small and Medium Enterprises - FNGCIMM IFN SA or by the Rural Credit Guarantee Fund - FGCR IFN SA, the Bank shall transmit to the latter non-bank financial institutions the data necessary for the approval and execution of the guarantee related to the respective credit facility

                                                                                                                                                                          

o for the conclusion of the insurance contract, if the conclusion of the insurance is a condition for the granting of the credit or the credit product has an insurance attached, in which case the Bank will transmit the data to the insurance companies;

o  for the refinancing of the loan, if the person concerned requests this service to another financial institution, in which case the Bank will send to the latter the data necessary for the refinancing.

(ii) for the Bank's performance of legal obligations, such as:

o establishing the identity of the person concerned in order to fulfill the legal obligations of the Bank in the field of customer knowledge, money laundering prevention and combating terrorism;

o Transmitting information to law enforcement authorities to request and receive such information, for example courts of law, prosecutor's offices, bailiffs, the National Office for the Prevention and Control of Money Laundering (ONPCSB), tax authorities, notaries, authorities with supervisory and control role in banking, etc .;

o  the transmission by the Bank of information about the credit granted to the Credit Risk Center, the database functioning at the National Bank of Romania;

o transmitting mandatory notifications based on legal provisions, for example, but not limited to notifications of starting the forced execution procedure, the notification of the debt assignment;

o the transmission by the Bank to another credit institution of the information required for the provision of the account change service, based on the legislation on the comparability of commissions related to the payment accounts, the change of payment accounts and the access to the basic services payment accounts, in case the holder will require the provision of such a service;

o the transmission by the Bank to the payment service providers and to the information service providers of the information required for the provision of such services under the payment services legislation, if the holder requests the provision of such services. The Bank will not be able to refuse the transmission of personal data in such situations; consequently, if the data subject does not agree to the transmission of the data to a particular provider / providers, I assume that the Bank will not initiate information operations on accounts or on payment transactions through them.

                                                                                                                                                                           

o video surveillance of the Bank's premises, representing access areas, both from the outside and from the inside, working areas with the public, driving routes and access to the storage areas of the values.

(iii) in order for the Bank to exercise a legitimate interest, as follows:

o the transmission of personal data to the entities belonging to the Garanti group (all affiliated entities, as well as all the direct and indirect shareholders of GARANTI BANK SA), formed at this time by: Garanti Holding B.V. and G Netherlands B.V. (The Netherlands), Garanti Bilişim Teknolojisi ve Ticaret TAS., Turkyie Garanti Bankasi AS (Turkey), Banco Bilbao Vizcaya Argentaria SA (Spain), Ralfi IFN SA, Motoractive IFN SA, Motoractive Multiservices SRL (for the legitimate purpose of consolidated supervision at group level, for example, analyzing the financial situation of the entities in the group, identifying the risks associated with the group's activity, etc.)

o the use of the data by the Bank for statistical purposes, subject to their pseudonymization;

o transmitting information to debt recovery companies in order to collect outstanding amounts on credit;

o periodical reporting and consulting of data (identification data: name, surname, personal identification number, home address / residence and mailing address, fixed / mobile phone number, date of birth, country code and passport  series/ number for non-resident persons; employer's name and address; data concerning the credit-type products required/granted: the type and name of the Participant, the type of product, the status of the product / account, the date of granting, the grant period, the amounts granted, the amounts due, the maturity date, currency, payment frequency, amount paid, monthly installment, outstanding amounts, number of outstanding installments, number of days of delay, delay category, date of closing of the product; data about events occurring during the course of the credit product, such as those relating to restructuring / refinancing, payment, assignment of the credit agreement, assignment of the claim; data concerning the relations with other accounts: information on credit type products to which I am the co-debtor and / or guarantor; insolvency data: information on the data persons against whom an insolvency procedure has been opened; number of queries: the number of Credit Reports issued by the Credit Bureau, at the request of one or more Participants) to the Biroul de Credit SA, headquartered in Bucharest, no. 29 Sfanta Vineri Street, 4th floor, sector 3, a private law entity administering the Credit Bureau System, in which personal data are processed in relation to the lending activity of the Participants (credit institutions, non-banking financial institutions, insurance companies and debt recovery which signed a Participation Contract with Biroul de Credit) for the carrying out of a responsible crediting activity companies under the protection, facilitation of access to credit and prevention of excessive indebtedness of the data subjects, under compliance with the legal framework for the assessment of creditworthiness and of the credit risk diminishing, and of preventing the use of the financial and banking system in order to carry out activities contrary to the law; The Bank has the obligation, in accordance with the legal regulations in force, to assess the ability of the data subject to repay the loan before concluding a credit agreement and during the course of the credit. For this purpose, the Bank processes the above-mentioned information, registered on your name in the Registries, and transmits it to the Credit Bureau for the purpose of processing by this institution and for the purpose of consulting it by any Participant for the purpose of initiating or conducting a credit relation, and for credit-type insurance.

The above-mentioned personal data may be processed by the Credit Bureau, also with the purpose to calculate, at the Participant's request, the FICO® Score from the Credit Bureau.

                                                                                                                                                                             

The Bank and the other Participants use the FICO® Score from the Credit Bureau to reduce the credit risk associated with a debtor / potential borrower. FICO® Score from the Credit Bureau is a number between 300 and 850 obtained from the statistical process that processes the information recorded by the Participants in the Credit Bureau System and indicates the likelihood that the data subject will pay his interest rates in the future. The main causes of the FICO® Score decrease from the Credit Bureau are displayed under the form of reason codes. FICO® Score from the Credit Bureau takes into consideration the following elements that give predictability: payment history, current debt, duration of the account / credit accounts (the average number of months from the granting of credits), the demand for new credits (the number of queries and credits granted over the past 6 months), credit mix (types of credits granted), age of the data subject. The influence of these elements on the FICO® Score from the Credit Bureau may vary depending on the information recorded at the Credit Bureau for each data subject. FICO® Score from the Credit Bureau is a highly predictive analytical tool that, along with the Credit Report data and the information obtained from the Participants from other sources, competed for the correct assessment of the creditworthiness of the data subject for the conclusion/ performance of the contract credit.

o Enrollment of the Real Estate Guarantees Electronic Archive (A.E.G.R.M.) of the real estate guarantees established for the Bank, for the guarantee of the credit, in order to carry out the pratices for advertising thereof and to ensure the Bank's priority in the performance;

o transmitting data to the assignors of the receivables, if the Bank will assign the receivables related to the credit contract / agreements in which the data subject is / was a party;

o transmission of data to the judicial executors in order to execute the guarantees and to recover the debts related to the credit contract;

o video surveillance of bank machines in order to prevent fraud and to solve any complaints

                                                                                                                                                                           

(iv) processing of personal data on the basis of the consent of the data subject:

o for the purpose of consulting the information registered with the Biroul de Credit SA on behalf of the data subject, such as information about the credit products, similar or insurance products, or other commitments that which they benefit from or benefited from, such as the credit limit, the duration of the credit, payment history, current balance, outstanding value and any information related thereto, for the purpose of assessing solvency, of reducing the credit risk, and of determining the indebtedness degree.

o  for the purpose of consulting the information registered in the database of the National Agency of Tax Administration (ANAF), regarding the quality of the person targeted by the taxpayer and of the level of the income thereof, for the purpose of evaluating the eligibility for granting the requested loan (Agreement on Interrogation and Processing of Information). The Bank may request on behalf of the taxpayer, tax information about the applicant for the period of the last 2 completed tax years, including the information related to the period between the last fiscal year ended and the date of their request.

o for the purpose of consulting, in order to initiate the credit relationship, the banking risk information, such as the situation of the global risk and the situation of the outstanding loans recorded at the Credit Risk Center, the structure functioning at the National Bank of Romania, in relation to the data subject

o  for publicity, marketing and advertising purposes, profile creation and personalized offers (according to the person's options).

The processing of personal data required by Garanti Bank SA to initiate a business relationship / by other forms / channels is mandatory, except as a rule, where the processing of the data is based on the consent of the person concerned (eg. In case of marketing or automated decision making that produces significant legal effects or significant similar effects and which are not necessary for the performance of a contract or the fulfillment of a legal obligation). In other cases, the refusal of the data subject will cause Garanti Bank SA to be unable to provide services or financial-banking products.

                                                                                                                                                                                                     

The Transfer of Personal Data Abroad

In fulfilling the above purposes, Garanti Bank SA will transfer the personal data abroad only if, in the recipient country, is ensured an adequate level of personal data protection recognized by a European Commission decision such as the countries of the European Economic Area (EEA).

In the absence of such a decision of the European Commission, the Bank may transfer personal data to a third country only if the person processing the data on behalf of the Bank offered adequate safeguards provided by the law to protect personal data.

The Bank may be contacted to obtain additional information on the guarantees offered for the protection of personal data in case of any transfer of data to foreigners through a written request to do so.

The period for personal data storage

The Bank will store personal data for periods of up to 10 years from the termination of the contractual relationship / transaction / data provision (depending on the quality of the data subject, of the products and services they benefit from, of the relationship thereof with the bank, etc.) given the banking legislation provisions on customer knowledge, money laundering prevention and terrorism financing, the provisions of the Accounting Law, the need to defend / preserve the rights of the Bank in a possible litigation, the provisions of the legislation regarding the guarding of objectives, goods, values and protection of persons, the legitimate interest of the Bank to perform video surveillance of the bank machines in order to prevent fraud and to resolve any complaints.

For the purpose of archiving the data under the National Archives Act and taking into account the Archival Nomenclature (approved by the National Archives) applicable at the level of the Bank and for the data processing by the Bank for statistical purposes, the data may be stored for periods longer than those indicated above.

As far as the processing for marketing purposes is concerned, it will cease at the moment of withdrawal of the consent granted to the Bank for this purpose, regardless of whether the above-mentioned storage periods have been fulfilled or not.

Rights of the person concerned

The person concerned has the possibility to exercise, under the conditions and in the cases provided by the law, the following rights regarding the personal data processed by the Bank:

  • the right to access to the collected personal data - the right to obtain from the Bank a confirmation that it processes personal data or not, and, if so, to ensure access to the data; for this purpose, the Bank will provide a copy of the personal data undergoing processing;
  • the right to object - the right to oppose at any time, for legitimate and legitimate reasons related to my particular situation, so that the personal data are the object of processing by the Bank; The Bank will no longer process personal data unless it demonstrates to have legitimate and compelling reasons that justify processing and that prevail over the person's interests, rights and freedoms, or that the purpose of the processing is to establish, exercise or defend a right in Court.
  • the right to data portability - the right to receive the personal data we have provided to the Bank and to transmit it to another operator; this right may be exercised only when:

(i) the processing of personal data is based on basis of the consent granted for processing or is based on the performance of a contract; and

(ii) the processing is carried out by automatic means;

  • the right to withdraw the consent granted for data processing - this right can be exercised at any time, without costs, only when the processing of personal data is made on the basis of the consent granted for the processing of the data; the withdrawal of consent does not affect the lawfulness of the processing carried out to that point;
  • the right to rectify the data: the right to request and obtain the rectification of inaccurate personal data and / or to obtain the completion of incomplete personal data, including by providing an additional statement;
  • the right to delete the data ("the right to be forgotten") - this right can be exercised in the following cases:

(i) the personal data are no longer required for the purposes for which they were collected or processed;

(ii) I withdraw the consent on the basis of which the processing takes place and there is no other legal basis for the processing;

(iii) I exercise my right of opposition with regard to the processing of personal data and there are no legitimate reasons to prevail in the processing;

(iv) I exercise my right of objection with regard to the processing of personal data for the purposes of direct marketing;

(v) the personal data were processed unlawfully;

(vi) the personal data must be deleted to comply with a legal obligation of the Bank.

There may be situations where the Bank will not be able to respond to the data deletion request, namely:

(i) in cases where the Bank has a legal obligation to store personal data;

(ii) in cases where data are stored for purposes of archiving in the public interest or for statistical purposes;

(iii) in cases where the data are necessary for the establishment, exercise or defense of a right in Court.

  • the right to restrict data processing - this right may be exercised under the following conditions:

(i) where the data subject challenges the accuracy of the processed data; the restraint will operate for a period that will allow the Bank to verify the accuracy of the data;

(ii) if the processing is illegal and the data subject will object to the deletion of personal data, requesting instead the restriction of their use;

(iii) The Bank no longer requires personal data for processing, but the data subject will request them for the establishment, exercise or defense of a right in Court,

(iv) if the data subject has exercised his right to oppose data processing, unless the processing is for direct marketing purposes; the restraint will operate / will apply for the period of time to verify that the legitimate rights of the Bank override the rights of the data subject.

  • the right to obtain human intervention from the Bank, to express the views and to challenge the Bank's decision exclusively on the eligibility of the data subject for the granting of the loan.

The above-mentioned rights may be exercised by sending a request to GARANTI BANK SA, at its headquarters, to any of the branches of the Bank, as well as by electronic means, to e-mail dpo@garantibbva.ro, providing sufficient data to allow the applicant to identify the applicant by the Bank.

  • the right to file a complaint with the supervisory authority for the processing of personal data - this right may be exercised if the data subject considers that the processing of personal data violates the legal provisions in the field of data protection, without prejudice to any other administrative or judicial remedies; the complaint may be filed with the supervisory authority of the Member State of the European Union in which the person concerned has the regular residence or where the place of work is or where the alleged infringement has occurred. In Romania, the complaint is filed with the National Supervisory Authority for Personal Data Processing (A.N.S.P.D.C.P.), headquartered in no. 28-30 G-ral. Gheorghe Magheru Street, District 1, postal code 010336, Bucharest, in the form of a written notification, at the headquarters of the institution or electronically, at the e-mail address anspdcp@dataprotection.ro.

The contact details of the Data Protection Officer are:

  • e-mail address: dpo@garantibbva.ro
  • mail address: Bucharest, no. 5 Sos. Fabrica de Glucoza Street, Novo Park 3, Business Center, Building F, 5th and 6th floor, district 2

GARANTI BANK SA, with headquarters in Bucharest, Sos. Fabrica de Glucoza No. 5, Novo Park 3, Business Centre, Building F, floors 5 and 6, district 2, with order number in the Trade Registry no. J40 /4429/2009, fiscal code 25394008, registered in the Credit Institutions Registry with no. RB-PJR-40-066 / 2009 and in the ASF Registry with no. PJR01INCR/400019/28.03.2019, hereinafter referred to as the "Bank” shall process my personal data, provided in relation with this request, as follows:

 

Processed personal data can be the following type: surname, name, phone number, e-mail address, Personal Identification Number (CNP), home address, profession, work place,  marital, financial and economic status, habits, preferences, payment/debt/saving behavior and any other data I provided through the dedicated form on the Bank website or which will be disclosed during the telephone conversation to be carried out with the Bank representative as a result of this request.

 

The purposes and aims of the processing. Recipients of personal data.

 

    (i) to analyse the possibility of entering into a loan agreement to which I will be a part of or to take steps at my request before entering into this agreement, the Bank shall process the data as follows:

  • sending notifications / information in connection with my request for analyzing the possibility of concluding a loan agreement;
  • sending data to Garanti BBVA Turkey (and to any of its legal successors), a Turkish company, an indirect shareholder of the Bank, which manages its IT system;
  • sending the data to the contractual partners of the Bank (from Romania or abroad) in order to provide outsourced services, made for and on behalf of the Bank (eg transmission of notifications, archiving, customer service, etc.).

 

    (ii) for the Bank to comply with its legal obligations, such as:

  • establishing my identity in order to fulfil the legal obligations of the Bank in the field of customer knowledge, money laundering prevention and terrorism fighting;
  • sending information on current accounts to the authorities authorized by the law to request and receive such information, e.g. the National Authority for Tax Administration (ANAF), the National Office for Prevention and Control of Money Laundering (ONPCSB), the courts of law, prosecutors, official receivers, notaries, supervisory and control authorities in the banking field, etc;

    •  

    (iii)   for the Bank to exercise a legitimate interest, as such:

    • sending the personal data to the entities that are part of Garanti BBVA group (all affiliated entities, as well as all the direct and indirect shareholders of GARANTI BANK SA), made up currently of: Garanti Holding B.V. and G Netherlands B.V.(The Netherlands), Garanti Bilisim Teknolojisi ve Ticaret T.A.S., Garanti BBVA Turkey(Turkey), Banco Bilbao Vizcaya Argentaria SA(Spain), Ralfi IFN SA, Motoractive IFN SA, Motoractive Multiservices SRL(Romania), for internal administrative purposes (for the lawful purpose of carrying out consolidated supervision at a group level, for instance the analysis of the financial situation of the entities in the group, the identification of the risks relative to the group activity, etc.)
    • using the data by the Bank for statistical purposes, under the condition of their pseudonymization.

     

    The transfer of personal data abroad

    In fulfilling the above purposes, Garanti Bank SA will be able to transfer personal data abroad only if an adequate level of personal data protection recognized by a European Commission decision is ensured in the recipient country.

    In the absence of such a decision issued by the European Commission, the Bank may transfer personal data to a third country only if adequate safeguards according to the law are provided in order to protect personal data. The Bank may be contacted to obtain additional information on the guarantees offered for the protection of personal data in case of any transfer of data to foreigners, through a written request to do so.

The personal data storage period

In the event I conclude a loan agreement with the Bank, the Bank will store the personal data for the duration of our contractual relations and after the termination of such relations for a period of maximum 10 years, taking into account: the banking legislation provisions on customer knowledge, the prevention of money laundering and the financing of terrorism, the provisions of the Accounting Law regarding the keeping of the supporting documents underlying the records in the financial accounting, the need to defend / preserve the Bank's rights in a possible litigation regarding the conclusion, performance or termination of the credit contract.

 

In the event that I will not conclude a loan agreement with the Bank, the Bank will store the personal data for a period of 5 years from the date of the request, taking into account the banking legislation on customer knowledge, money laundering prevention and terrorist financing and the need to protect / preserve the Bank's rights in a possible litigation.

 

For the purposes of data archiving according to the National Archives Act and taking into account the National Archives (approved by the National Archives) applicable at the Bank level and for the data processing by the Bank for statistical purposes, the data may be stored for periods longer than those indicated above.

My rights

I will be able to exercise, in the cases and under the conditions provided for by the law, the following rights with respect to the personal data processed by the Bank:

 

  • the right of access
  • the right of opposition
  • the right to data portability
  • the right to rectify the data
  • the right to deletion of the data (the "right to be forgotten")

 

There may be cases when the Bank will not be able to positively respond to the data deletion request, namely:

 

i. in cases where the Bank has a legal obligation to store personal data;

 

ii. where data are stored for the purposes of archiving in the public interest or for statistical purposes;

 

iii. in cases where the data are necessary for the establishment, exercise or defense of a right in Court.

 

● the right to restrict the data processing;

 

The above-mentioned rights may be exercised by sending a request to GARANTI BANK SA, its headquarters, to any of the branches of the Bank, as well as by electronic means, to the e-mail: dpo@garantibbva.ro, providing sufficient data to allow the Bank to identify the applicant.

 

  • the right to file a complaint with a supervisory authority for personal data processing. In Romania, the complaint will be filed with the National Supervisory Authority for Personal Data Processing (ANSPDCP), headquartered in Gheorghe Magheru Blvd. 28-30, District 1, postal code 010336, Bucharest, under the form of a written notice, at the headquarters of the institution, or electronically, at the e-mail address anspdcp@dataprotection.ro.


By validating this form I declare that I have been informed and I agree with the processing of my personal data as it is described above.

* READ THE DOCUMENT TO AGREE WITH PERSONAL DATA PROCESSING.

 

GARANTI BANK SA, with headquarters in Bucharest, Sos. Fabrica de Glucoza nr. 5, Novo Park 3, Business Center, Building F, 5ht and 6th floors, 2nd District, number in the Trade Registry J40/4429/2009, tax registration number 25394008, registered in the Credit Institutions Registry with no. RB-PJR-40-066/2009, hereinafter referred to as the „Bank”, , shall process your personal data provided in relation with this request, as follows:

 

Personal data processed: surname, name, personal code (CNP), address, phone number, e-mail  address and any other data provided to the Bank based on this suggestions and complaints form;

 

Processing purposes. Personal data recipients.  

 

(i) In order to register your suggestion / complaint and to take steps to resolve it, the Bank will process your personal data as follows:

 

  • transmitting notifications / information in connection with the settlement of the complaint/request
  • sending data to Turkyie Garanti Bankasi A.Ş. (and any of its legal successors), a Turkish company, an indirect shareholder of the Bank, which manages its IT system;
  • Transmitting data to the contractual partners of the Bank (from Romania or abroad) in order to provide outsourced services, made for and on behalf of the Bank (eg transmission of notifications, archiving, customer service, etc.).

 

(ii) for the Bank's performance of legal obligations, such as:

  • establishing the identity in order to fulfil the legal obligations of the Bank in the field of customer knowledge;
  • transmitting information to the authorities certified by the law to request and receive such information, for example Courts of Law, Prosecutor's offices, official receivers, the National Office for the Prevention and Control of Money Laundering (ONPCSB), tax authorities, notaries, authorities with supervisory and control role in the field of banking, etc .;

 

(iii) in order for the Bank to exercise a legitimate interest, as follows:

  • o the transmission of personal data to the entities belonging to the Garanti Group (all affiliated entities, as well as all direct and indirect shareholders of GARANTI BANK SA), formed on this date by: Garanti Holding B.V. and G. Netherlands B.V. (The Netherlands), Garanti Bilişim Teknolojisi v Ticaret TAS., Turkye Garanti Bankasi AS (Turkey), Banco Bilbao Vizcaya Argentaria SA (Spain), Ralfi IFN SA, Motoractive IFN SA, Motoractive Multiservices SRL (Romania) for internal administrative purposes (for the legitimate purpose of consolidated supervision at group level, for example, analysing the financial situation of the entities in the group, identifying the risks associated with the group's activity, etc.)
  • the use of data by the Bank for statistical purposes, subject to their pseudonymization.

 

 

 

Transfer of personal data abroad

 

 

In fulfilling the above purposes, Garanti Bank SA will transfer the personal data abroad only if an adequate level of personal data protection recognized by a European Commission decision such as the countries of the European Economic Area (EEA) is ensured in the recipient country.

In the absence of such a decision of the European Commission, the Bank may transfer personal data to a third country only if the person processing the data on behalf of the Bank offered adequate guarantees provided by the law to protect personal data.

The Bank may be contacted to obtain additional information on the guarantees offered for the protection of personal data in case of any transfer of data to foreigners through a written request for this purpose.

 

The period of personal data storage

 

As long as you are a customer of the Bank, the Bank will store the personal data for the duration of our contractual relations and after the termination of these relationships for a period of maximum 10 years, taking into account: the banking legislation on customer knowledge, the provisions of the Accounting Law on keeping the supporting documents underlying the records in financial accounting, the need to protect / preserve the Bank's rights in a possible litigation;

Unless you are a Bank customer, the Bank will store your personal data for a period of 3 years considering the need to protect / preserve the Bank's rights in a possible litigation.

For the purpose of archiving the data under the National Archives Act and taking into account the National Bank Archival Nomenclature (approved by the National Archives) applicable by the Bank and for the data processing by the Bank for statistical purposes, the data may be stored for periods longer than those indicated above.

 

My rights

 

You will be able to exercise, in the cases and under the conditions provided by the law, the following rights regarding the personal data processed by the Bank:

  • the right of access
  • the right of opposition
  • the right to data portability
  • the right to rectify the data
  • the right to delete the data (the "right to be forgotten")

There may be situations where the Bank will not be able to respond to the data deletion request, namely:

  1. in cases where the Bank has a legal obligation to store personal data;
  2. in cases where data is stored for purposes of archiving in the public interest or for statistical purposes;
  3. in cases where the data are necessary for the establishment, exercise or defence of a right in Court.
  • the right to restrict the data processing

 

The above-mentioned rights may be exercised by sending a request to GARANTI BANK SA, at its headquarters, to any of the branches of the Bank, as well as by electronic means, to e-mail dpo@garantibbva.ro, providing sufficient data to allow the identification of the applicant by the Bank.

  • The right to submit a complaint with the Personal Data Processing Authority in Romania; the complaint shall be submitted at the National Authority for the Surveillance of Personal Data Processing (A.N.S.P.D.C.P.), with headquarters in B-dul G-ral Gheorghe Magheru 28-30, 1st District, postal code 010336, Bucharest, under the form of a written notification, at the headquarters of the institution, or electronically, at the e-mail address anspdcp@dataprotection.ro.

  

 

* READ THE DOCUMENT TO AGREE WITH PERSONAL DATA PROCESSING.
tttt