General Notification regarding Personal Data
1. Who we are?
VISTA BANK (ROMANIA) SA with its registered office in Romania, Bucharest, 90-92 Emanoil Porumbaru street, district 1, registered with the Register of Commerce under no. J40/4436/1998, sole registration code 10556861 (“The Bank”, “Vista Bank”, “we”, “ours” or “us”) respects data confidentiality. This announcement describes the personal data we collect, the purposes we collect and use the information, and to whom we provide your personal data.
2. What kind of personal data we process?
The Bank is a Controller of the personal data that you (the data subject) provide. As a potential or existing customer (individual client, actual beneficiary, guarantor or designated representative), the Bank collects, uses and discloses the following types of personal data:
- Personal data such as your name, identification number (CNP), date of birth, KYC documents (including a copy of your national identity card or passport) and contact details;
- Financial information, including records of payments and transactions, information about assets in your possession as well as tax information;
- Details about our interactions with you as well as the products and services you use (including, without limitation, recordings of telephone calls between you and us).
- The data transmitted by your browser when you access our website and are automatically recorded by our server, including the date and time of access, the name of the file accessed, as well as the volume of data transmitted and the performance of the access, your internet browser, browser language and the requesting domain as well as the IP address (the additional data will only be recorded through our site if the disclosure is made voluntarily, for example, during a registration or request);
- Our Mobile Banking app collects, transmits and stores, based on the Bank's legitimate interest, information about your mobile device and the applications installed on it to enable protection against malware, even when the Bank's Mobile Banking app is not in active use in order to provide persistent protection; and
- In certain cases, depending on the product or service we provide, sensitive personal data, such as political opinions or affiliations, health information, race or ethnic origin, religious or philosophical beliefs and, to the extent legally possible, crimes committed or presumed to have been committed.
If relevant to the products and services we offer to you, we may also collect information about additional cardholders or account holders, business partners (including other shareholders or actual beneficiaries), dependents or members of the family, representatives and agents. Prior to providing us with personal data, you must provide a copy of this notice to these individuals in order to be informed.
3. Why we need this information?
We need your personal data to carry out the following activities and services:
- Enrolling you as a customer and offering our products and services;
- Managing the commercial relationship as well as the communications to you regarding the products and services purchased from us and our business partners;
- Help us find out more about you as a customer, about the satisfaction of the products and services you receive, and about other products and services you might be interested in receiving;
- Contact you for direct marketing actions regarding the products and services we think you are interested in, including those offered by us and our business partners, as well as facilitating contests and promotions, if we have your prior consent in this regard;
- For the fulfillment of the obligations provided by the regulations in force;
- Ensuring the security of our customers, employees and other stakeholders;
- Lending process;
- To ensure the prudentially of the Bank's operational management (including credit and risk management, insurance, audit and similar administrative purposes) and
- Any other purposes necessary to fulfill our regulatory and contractual duties
In addition, we may process your personal data in the light of specific legitimate interests, such as:
- Crime prevention, detection and investigation, including fraud and money laundering or terrorist financing, as well as commercial risk analysis and management;
- In connection with any complaints, actions or procedures (including, but not limited to, drafting and reviewing documents, transaction documentation, obtaining legal advice and facilitating litigation) and / or protecting and enforcing contractual and legal rights and obligations;
- Assistance in the field of law enforcement and investigations by competent authorities (including, but not limited to, providing information to regulatory bodies, conducting audit, surveillance and investigation controls or due diligence procedures for clients);
- Managing and preparing reports for internal purposes, requesting feedback or participating in surveys, as well as conducting research and / or analysis for statistical or other purposes to design our products, understand customers’ behavior, market preferences and trends and to review, develop and improve the quality of our products and services.
These interests may be taken into consideration, even if you do not keep an account with us, or we have concluded our commercial relationship, for the entire period provided by law or for the purpose of exercising or defending a legal claim.
You have the right to oppose such legitimate interests and we will handle your request from case to case.
4. What we do with this information?
Your personal data are processed at the Bank's headquarters in ROMANIA. Your data is hosted and stored in Romania.
It is possible to send your personal information to other partners under the following conditions:
- Third parties acting on your behalf or otherwise involved in a transaction with you, including: a party acquiring or involving risks in or in connection with the transaction; beneficiaries of payments, real beneficiaries, account holders, intermediaries, correspondent banks; clearing houses and clearing or settlement systems; specialized companies or payment institutions, such as SWIFT; (if you have a debit or credit card with us) card payment schemes, card processors, call center support for cards and other payment providers and card platforms; other financial institutions, lending agencies or credit bureaus (for the purpose of obtaining or providing credit references); any third party fund manager who provides you asset management services; and any broker / intermediary to whom we provide recommendations;
- Third parties providing services to us and other providers, such as IT and hosting services providers, marketing providers, communications and print service providers, debt collection, debt tracking and recovery, fraud prevention, payment processing and the reference agencies for loans (and when we do, we take steps to ensure that it complies with our data security standards so that your personal data remains secure);
- Third parties, including potential buyers who receive information in the context of the proposed sale or sale of our business or reorganization (and when we do so we take steps to ensure that such potential buyers keep the data secure);
- From time to time, public authorities, regulatory authorities or government bodies, including when required by law or regulation or when required by such authorities or bodies,
- Our affiliates in the group or any other third party for whom the disclosure of personal data is necessary in order to fulfill our contractual or legal duties or our legitimate interest.
5. What are the legal bases?
We process your personal data in order to fulfill our contractual obligation to provide you with the product and / or services you have purchased or intend to purchase, we have a legal obligation to process, we can justify a high legitimate interest in this regard or based on your consent.
6. What are your rights?
As a data subject, you can contact our data protection officer at any time with a formal notification, in accordance with the contact details mentioned below, to exercise your rights in accordance with the European Parliament and Council’s General Data Protection Regulation 2016/679 ("GDPR").
These rights are as follows:
- The right to receive information on data processing and a copy of the processed data (access right, article 15 GDPR).
- The right to request the rectification of inaccurate data or the completion of incomplete data (access right, art. 16 GDPR).
- The right to request the deletion of personal data and, if the personal data have been made public, information on the request for deletion (deletion right, Article 17 GDPR) against other controllers.
- Right to request restriction of data processing (right to restriction the processing, article 18 GDPR).
- The right to receive personal data regarding the data subject in a structured format, frequently used and which can be read automatically and to request the transmission of this data to another operator (the right to data portability, article 20 GDPR).
- The right to oppose data processing to stop them (the right to object, article 21 GDPR),
- The right to withdraw at any time a given consent to stop a processing of the data based on your consent. Withdrawal will not affect the legality of processing based on prior consent before withdrawal (the right to withdraw consent, article 7 GDPR).
- The right to file a complaint with a supervisory authority if you consider that data processing is a violation of the GDPR (the right to file a complaint with a supervisory authority, Article 77 GDPR).
In case you would like to contact us for any reason to find out more about how we have handled your personal data or to use your rights, please contact the Data Protection Officer at the following email address: protectiadatelorvistabank.ro or in writing at VISTA BANK (ROMANIA) SA, 90 - 92 Emanoil Porumbaru St., District 1, Bucharest, Romania. Our Data Protection Officer will then review your complaint and cooperate with you to resolve the issue.
7. Automatic decision making (including profiling)
Vista Bank uses automated means of processing, including profiles to determine eligibility and creditworthiness.
As a banking financial institution, Vista Bank is subject to several legal obligations, including those regarding the evaluation of its clients in order to determine their eligibility and their solvability, which must be realized before entering into a business relationship with them.
Vista Bank will process your personal data, as you have directly provided them or collected from these parties, such as the Credit Bureau or tax authorities or other third-party legal sources, for the purpose of conducting our solvability assessment. Prior to the conclusion of the contract for the products and services purchased by you, Vista Bank must evaluate whether or not you have the capacity to qualify for a particular banking product and, thus, this type of processing will help us to make a correct and legal decision. Next, Vista Bank will automatically process your personal data, to determine the conditions in the client's risk profile.
All the decisions and the automatic profile made by Vista Bank take into account the legal obligations to which Vista Bank is subject, as a financial institution. This type of processing will only be performed by Vista Bank if:
- It is necessary for the conclusion and fulfillment of the financial products and services contract with you;
- It is applied in accordance with the legislation applicable to Vista Bank;
- It is based on your explicit consent.
You have the right to receive additional information about the logic behind such automatic processing, as well as its legal effects and consequences. At your request, your solvability and the type of eligible product and / or service of Vista Bank can be evaluated with human involvement in addition to your profile obtained by automatic means.
8. What is the duration of the storage of personal data?
We process your personal data for the entire period necessary to achieve the purposes for which it was collected, unless there is a legal requirement to keep the data longer or we can justify a legitimate interest in it.
9. Are your data safe at VISTA BANK?
We have adequate technical and organizational measures in place to prevent unauthorized or illegal access to the personal data you have provided to us. Because complete data security for e-mail, instant messaging and similar media cannot be guaranteed, we recommend that you send any particularly sensitive information through a secure means.
10. Data Transferred outside the space of the European Union / European Economic Community
Vista Bank is part of a global business. We may transfer or disclose the personal data we collect about you to recipients from countries other than Romania. When we transfer or disclose your personal data outside the European Economic Area, we comply with the applicable legal requirements that provide adequate guarantees for the transfer of personal data.
11. Updates of the Notification
This privacy notice may be periodically updated to reflect changes in our privacy practices. We will notify you by the agreed / indicated means of communication of any significant changes to our Privacy Notice and will indicate at the bottom of the notice (Version, Date) when it was most recently updated. If we update this Privacy Notice, in certain circumstances, we may ask for your consent.