Information on the processing and protection of personal data in the context of the provision of the BT Go Internet and Mobile Banking service ("BT Go Privacy Policy")
Version applicable from 22.06.2024
1. General provisions
Banca Transilvania, S.A. with registered office in Cluj-Napoca, 30-36 Calea Dorobanților Street, Cluj County, registered with the Trade Register under number J12/4155/1993, unique code RO 5022670, contact telephone number: 0264.8028 (hereinafter referred to as "BT") offers its customers the Internet and Mobile Banking service - BT Go (hereinafter referred to as "BT Go").
We hereby inform you what personal data we are going to use for the identification/authentication of users (identity verification), for the security of this service for fraud prevention purposes, as well as in the context of the use of BT Go functionalities, for what and on what basis we use this data, to whom we disclose it, for how long we keep it, how we protect it and what rights data subjects have.
This policy is complemented by the provisions the General Information Notice on the processing and protection of personal data of BT customers which is an integral part of the BT Privacy Policy which can be found on the website www.bancatransilvania.ro or by accessing the following link https://www.bancatransilvania.ro/politica-prelucrare-si-protectie-date-personale/.
The BT Go Privacy Policy may be revised by BT from time to time. Users will be notified if such changes occur via notices displayed in the BT Go app.
2. What data we collect to identify/authenticate BT Go users
In order to use the BT Go service you have contracted, we need to verify your identity, i.e. identify you as a user authorised to use this service. This identification is done on the basis of your BT Go login ID (hereinafter referred to as "user ID") and/or a password.
Existing customers will use the BT24 user ID and password. For the OTP SMS method, the code will be sent to the phone number you have declared to the bank for the BT24 service. Only with this phone number you will be able to register for using the BTGo mobile application and on this number you will receive the messages confirming/confirming your registration in this application.
New customers, who have never used any BT app for their company before, will use the BT Go user ID and password, credentials provided by the bank when opening the business relationship. After the first login you will need to change your password. The OTP SMS code will be sent to the phone number you told the bank for the BT Go service. Only with this phone number you will be able to register to use the BTGo mobile application and on this number you will receive the messages confirming/confirming your registration in this application.
When you use the mobile version of BT Go and use biometric data allowed by the phone you have downloaded the app on (e.g. fingerprint, face-ID) to log in, please note that BT does not have access to this information, but it is stored in the device you are using. In this situation, BT only obtains the information that the authentication method has been validated by your phone.
3. What data we collect to ensure the security of BT Go
In order to protect your BT Go transactions and information within this platform, we will collect and use the Device ID of the phone on which you have the BT Go mobile app installed, other phone security identifiers (e.g. Instance ID/Device Identifier) and the tokens generated, the model, manufacturer and operating system type of your phone to verify that you are still using the same phone that you registered with to use the BT Go app each time you log in. We also process the IP address(es) of the phone and, where applicable, the station (computer, laptop) with which you log in to BT Go. If you refuse to grant us access to this data, you will not be able to use the BT Go service.
We also use a tool when you start the app that scans the app list of the device you're connecting with for malware, including apps such as those that allow remote/remote login. If such apps are identified, an alert is sent to the bank and, depending on the situation, access to the app may be blocked, the transaction may be blocked or you may be contacted by the bank. We process this data to protect the information in BT Go. If you refuse to process it, you will not be able to use BT Go.
4. What data we process when you use BT Go
In order to fulfil the legal obligations we have, to provide you with the BT Go service you have contracted for your company and, where applicable, because we have a legitimate interest in preventing fraud and communicating with BT Go users to support them and to ask them to evaluate the quality of the BT Go service we use:
Account, card and transaction data
When you use the various functionalities of BT Go, we will have access by default to information on: bank accounts (company and payee), balances, transactions ordered through company accounts or related to amounts received on company accounts, including information mentioned in the payment explanations. Although this service is exclusively dedicated to legal entity customers of Banca Transilvania, and information about legal entities is not considered, as a rule, personal data, if you have an entity such as a P.F.A., I.I., individual form of exercising liberal professions (e.g. individual law firms, notaries, bailiffs' offices, etc.) you should be aware that information about them is subject to the personal data regime and the bank will treat it in accordance with the applicable legal provisions in this field. We also process the personal data of you and/or other persons, such as the payees of payments who are natural persons or P.F.A., I.I., individual forms of self-employed professionals (hereinafter "individual professionals") or other such persons mentioned in the explanations of payments (e.g. the name you want to insert for the predefined payee, address, IBAN) or whom you define as predefined payees (name/first name, IBAN).
At the same time, in order to provide the Beneficiary Name Display Service (BNDS) for the purpose of fraud prevention in case of initiated interbank payments, if you are a legal entity customer of the type indicated above, whose information has the personal data regime, we inform you that they are processed according to the details in the Information Note on the processing of personal data within the Beneficiary Name Display Service (BNDS), available on the bank's website, at the following link: https://www.bancatransilvania.ro/nota-de-informare-sanb.
Also for the prevention of fraud, in the case of intrabank payments initiated from BT Go, BT processes - as an independent controller - the same categories of personal data that are also used within SANB, but without the involvement of other participating banks or Transfond. The basis for the processing of personal data is BT's legitimate interest in preventing fraud in intra-bank payments (BT-BT). The truncated name of the entity, as registered with BT, will be displayed to other BT customers who initiate from a bank application a payment to the entity's account with the bank, regardless of whether the payment is completed or not.
If you integrate from BT Go with the FGO billing platform and allow the provider of this platform access to the transaction history of the company accounts you connect to FGO, you assume the obligation to comply with the applicable legal provisions in the field of processing and protection of personal data, including those of informing and, where applicable, obtaining the consent of the data subjects to whom the company has transferred amounts or from whom it has received amounts in these transactions or whose personal data are contained in the explanations of the transactions, given that these personal data will thus be disclosed to the FGO provider.
Date of contact
Because we have a legitimate interest in helping you use BT Go (support) and because we want to know what you think about this service (service quality assessment) we will use the contact details you have provided to the bank as a customer. You have the right to object to such contact. For details, please read the section on your rights regarding the processing of your personal data.
Permissions required in the context of using the application
When you install the app, you will be asked for permissions to access your device's camera to scan the QR code when you first log into the BT Go app. Depending on the Android/iOS version of your phone you can grant access as follows:
- Allow/ Deny access
- Allow/ Deny/ While using the app
- Allow/ Refuse/ Just this once
If you refuse to grant access to the camera when the QR code needs to be scanned, you will not be able to use the BT Go app. You can then withdraw this permission, in which case you will not be able to use the BT Go features that require the use of the camera, but you will be able to use other parts of BT Go.
You will also be asked for permission to send notifications the first time you log in. If you refuse to grant access, you will still be able to use the app, but you will no longer benefit from the notifications in the app.
Other permissions required for the use and operation of the app, as set by the operating system vendor of the device you are using and for which explicit user consent is not required, are detailed in the "permissions" section of the Play Store/Apple Store for the BT Go app (e.g. permissions to notify you when you have no internet connection).
Notifications
Through the BT Go mobile banking app we will send you different types of notifications depending on the actions you take, such as but not limited to the following:
- To log in to the web version of BT Go
- For authorising payments made in the internet banking application (web version)
5. To whom we may disclose data as a result of using BT Go
For sole trader customers, data about their accounts and transactions in BT Go indirectly identify the natural person representing the sole trader and are thus personal data. We will disclose this data, as appropriate, to:
- other BT Customers who have a right and need to know them
a. BT Go users (all BT Go users are BT Customers) if you have granted other persons BT Go user rights on the individual professional accounts opened with BT, we will disclose to these persons - within BT Go - the banking data (accounts, transactions, account and transaction identifiers, etc.) corresponding to the accounts you have granted user rights to
b. BT customers to whom you order payments from BT Go
When you make transactions through BT Go to other BT customers' accounts, the data related to these transactions (usually the name of the individual professional, amount, IBAN of the BT account, explanation of the payment) will be accessible to the beneficiaries to whom you made the payment.
- contractual partners (service providers) used in BT's business
a. BT Go allows connection to services offered by the bank's contractual partners (e.g. billing services). If you use these functionalities, the data required to activate/ connect/ operate these services are disclosed to these partners (these partners are also BT Customers).
b. your data processed in BT Go may be accessed, on a need-to-know basis and only on the basis of adequate personal data protection safeguards, by the bank's contractual partners who support us in providing the BT Go service.
- financial-banking entities
When you make transactions via BT Go to customers of other banks/payment institutions, the payment data (usually the name of the paying professional customer, the amount, the explanation of the payment) will be transmitted to the payee's bank for processing the transaction.
The list of addressees shall be supplemented by the list provided for in General Information Notice on the processing and protection of personal data of BT Customerssection XI.
6. How long we keep the data processed in the context of providing the BT Go service
Your data, as a BT customer, as well as the data on the transactions carried out through the accounts (including through BT Go) are subject to the retention regime provided for by the applicable regulations, being at least 5 years from the end of your business relationship with the bank, unless longer legal terms are applicable, which can be up to 10 years from the end of the business relationship.
7. How we ensure the protection of personal data in BT Go
Banca Transilvania takes all necessary technical and organisational measures to protect personal data within BT Go. Despite these precautions, the Bank cannot guarantee that unauthorised persons will not gain access to your personal data through the terminals you use to access BT Go if they are unprotected or inadequately protected.
You are solely responsible for maintaining the confidentiality and security of the terminal used to access BT Go (phone, computer, etc.) and in particular the login ID and/or login passwords (password, fingerprint or other security method provided by your phone).
8. What rights do BT Go users have
In accordance with the provisions of the General Data Protection Regulation ("GDPR"), as a data subject of the processing of personal data in the context of the use of BT Go, you are guaranteed the following rights: the right to be informed (we fulfil our obligation to inform you through this notice), the right of access, the right to rectification, the right to erasure of data, the right to restriction of processing, the right to data portability, the right to object, the right to address the National Authority for the Supervision of Personal Data Processing (ANSPDCP) and justice. You will find these rights detailed including in the provisions General information notice on the processing and protection of personal data of BT customers.
You can exercise these rights with BT at BT or contact the BT Data Protection Officer (DPO) by sending a request by post to the aforementioned BT headquarters - with the indication - "to the attention of the DPO" - or by electronic means to the e-mail address dpo@btrl.ro.
You also have the right to contact the National Authority for the Supervision of Personal Data Processing (ANSPDCP)(plangere@dataprotection.ro).