The personal data of Customers that we process, may sometimes be disclosed/transferred by BT in accordance with the GDPR principles, based on the applicable legal grounds depending on the situation and only under conditions that ensure their full confidentiality and security.
We commit to respect the fundamental human rights and freedoms in the event of such disclosures, in particular the right to the protection of personal data and the right to privacy, and to periodically evaluate our work in this area to ensure that these rights are always respected.
You can find below in this section (* -> *** ) details about legal provisions that require us to report/communicate personal data concerning you to some authorities.
Also, when public authorities/institutions request us to provide personal data, we commit to only disclose them if we have a legal obligation or a legitimate interest, only based on clear internal procedures and only with the approval of persons in a management position.
We will only make available to the authorities the strictly necessary data and if it is demonstrated that we have made such disclosures of personal data in violation of human rights, we commit to repair the damage caused to the data subjects.
The categories of recipients to whom we may disclose personal data are, upon case:
- other Customers who have the right and need to know them;
- other entities within the BT Financial Group;
- companies involved in payment processing (e.g. Transfond S.A., payment processors);
- financial-banking entities (e.g. participants in payment schemes/systems and interbank communications such as S.W.I.F.T., S.E.P.A., ReGIS, partner banks and correspondent banks, banks or financial institutions participating in syndicated loans);
- international payment organisations (e.g. Visa, Mastercard);
- contractual partners (service providers) used in BT's activity, such as but not limited to providers/suppliers of: services for issuing digital certificates (for the application of the qualified/extended electronic signature), overdue/receivables collection services, IT services (maintenance, implementation, support, cloud), services of archiving in physical and/or electronic format, courier, audit, card-related services, market studies/research, e-mail/SMS/phone call transmission, marketing services, other services offered by providers to whom BT has outsourced certain financial-banking services, etc.);
- insurance companies;
- real estate evaluation companies;
- management companies of pension and investment funds;
- companies (funds) guaranteeing various types of credit/deposit products (e.g. F.N.G.C.I.M.M., F.G.D.B., etc.);
- partners of the bank in various fields, whose products/services/events we can promote to BT Customers based on their consent. The updated list of the bank's partners can be found here: https://www.bancatransilvania.ro/parteneri;
- assignees;
- national public authorities and institutions, such as, but not limited to: the National Bank of Romania (B.N.R.), the National Tax Administration Agency (A.N.A.F.)*, the Ministry of Justice, the Ministry of Internal Affairs (M.A.I.), the General Directorate for Personal Records (D.G.E.P.), the Ministry of the Interior (M.A.I.), the Ministry of Justice (M.A.I.), the Ministry of the Interior (M.A.I.)) to whom we send the names, surnames and CNP of the customers/persons who complete the steps to become BT customers for the validation of these data and for the provision of additional information from their current identity documents, which we process for the purpose of customer knowledge according to the details in section Privacy Hub of the website, subsection "Know Your Customer", the National Office for the Prevention and Combating of Money Laundering (O.N.P.C.S.B.) **, the National Agency for Cadastre and Real Estate Publicity (A.N.C.P.I.), the National Registry of Real Estate Publicity (R.N.P.M.), the Financial Supervisory Authority (A.S.F.), including, where applicable, their territorial units;
- banking institutions or state authorities, including from outside the European Economic Area - in the case of S.W.I.F.T.-type international transfers or as a result of the processing carried out for the purpose of applying F.A.T.C.A legislation. and C.R.S.;.
- public notaries, lawyers, bailiffs;
- Central Credit Register***;
- The Credit Bureau and the Participants in the Credit Bureau system****;
* disclosing personal data to A.N.A.F.
According to the provisions of the Fiscal Procedure Code (Law no. 207/2015), in its capacity as a credit institution, BT has the legal obligation to:
1. Communicate daily to A.N.A.F.:
- the list of holders of natural persons, legal entities or other entities without legal personality that open or close at BT bank or payment accounts, the persons who have the right to sign for the opened accounts, the persons who claim to act on behalf of the client, the real beneficiaries of the account holders, together with the identification data provided for in art. 15 para. (1) from Law no. 129/2019 for the prevention and combating of money laundering and the financing of terrorism, as well as for the modification and completion of some normative acts, with subsequent amendments and additions, or with the unique identification numbers assigned to each person/entity, upon case, as well as with the information regarding the number IBAN and date of opening and closing for each individual account.
- the list of people who rented safe deposit boxes, accompanied by the identification data provided in art. 15 para. (1) from Law no. 129/2019, with subsequent amendments and additions, or by the unique identification numbers assigned to each person/entity, as the case may be, together with the data related to the termination of rental contracts.
2. Communicate, at the request of A.N.A.F., for each account owner who is the subject of the request, all turnovers and/or balances of the accounts opened at the bank, as well as the information and documents regarding the operations carried out through those accounts.
3. Submit to A.N.A.F. – on occasion of a request to open a bank account or to rent a safe deposit box - the request for the assignment of the fiscal identification number/fiscal registration code for non-resident natural persons that do not have a fiscal identification code. The request sent by BT to A.N.A.F. will include the following data of the non-resident: name, surname, date and place of birth, gender, home address, data and copy of the identity document, tax identification code from the country of residence (if any). BT can also send to A.N.A.F. the proving documents of information submitted in the request. Based on the data submitted, the Ministry of Finance assigns the fiscal identification number or, as the case may be, the fiscal registration code, fiscally registers the respective person and communicates the information related to the fiscal registration to BT.
** O.N.P.C.S.B. - If the conditions are met for the transmission by BT of some personal data to the National Office for the Prevention and Combating of Money Laundering, according to the legislation for the prevention and combating of money laundering and the financing of terrorism, they are transmitted simultaneously and in the same format and to A.N.A.F.
*** C.R.C. - The bank has the legal obligation to report to the Credit Risk Register (C.R.C) within the B.N.R. credit risk information for each debtor that meets the condition to be reported (includes the identification data of a natural person debtor and operations in lei and in foreign currency through which the Bank exposes itself to the risk of that debtor) , respectively to have registered against him an individual risk, as well as the information about detected card frauds.
**** Biroul de Credit S.A./participants in the Credit Bureau system - the Bank has the legitimate interest to report in the Credit Bureau System, to which the other Participants also have access (mainly credit institutions and non-banking financial institutions, as joint controllers of the bank and the Credit Bureau) the personal data of the Customers who have contracted loans, as well - under certain conditions- of Customers who register delays in loan payment of at least 30 days. The data is disclosed to these recipients also in the case of queries of this system, carried out by the bank in the process of analyzing a credit request or application.