a. What data we collect to identify/ authenticate BT Go users
In order to use BT Go on which you are a user, we are required by law to verify your identity, i.e. to identify you as a user authorized to use this service. This identification is based on your BT Go login ID ("user ID") and/or password. We will also use (in the case of SMS OTP log-in) the telephone number declared to the bank.
When using the mobile version of BT Go, you can choose to use biometric data (e.g. fingerprint, face-ID) to log in, in which case you should be aware that BT does not have access to this information, it is stored on the device you are using. In this situation, BT only obtains the information that the authentication method has been validated by your phone.
b. What data we collect to ensure BT Go security
In order to be able to protect the transactions ordered through BT Go and the information within this platform, we will collect and use theDeviceID of the device on which you have the BT Go mobile app installed, other phone security identifiers (e.g. Instance ID/ Device Identifier) and the tokens generated, the model, phone manufacturer and operating system type of your phone to verify that you are still using the same phone that you registered to use BT Go with each time you log in.
We also have a legitimate interest and, where applicable, a legal obligation, to collect and use the IP address(es) of the devices you connect to BT Go, including the geographic location from which you transact via BT Go. If you refuse to give us access to this data, you will not be able to use BT Go.
We also use a tool that scans the list of applications on the device you connect to BT Go with for malware, including applications such as those that allow remote/remote connectivity and/or if you use your device for calls while using BT Go. If such applications/ situations or other instances are identified that suggest a compromise of your user accounts in other applications offered by BT, we will block your access to your BT Go user account and/or block your use of BT Go on the potentially compromised device. This blocking is an individually automated decision that we make based on the legal obligations placed on us.
Last but not least, we are required by applicable payment services legislation to monitor transactions to prevent fraud. If we detect transactions that are suspected of fraud, we may take the decision to block their processing.
We process this data to protect the information in BT Go. If you refuse processing, you will not be able to use BT Go.
c. What data we process when you use BT Go
In order to fulfill our legal obligations to provide you with the BT Go service you have contracted for your company and, where appropriate, because we have a legitimate interest in preventing fraud and communicating with BT Go users to support them and to ask them to rate the quality of the BT Go service we use:
-> Account, card and transaction data
When you use the various BT Go functionalities, we will implicitly have access to information related to: bank accounts (of the company and of the payees), balances, transactions ordered through the company accounts or related to the amounts cashed in the company accounts, including information mentioned in the payment explanations. Although this service is dedicated exclusively to legal entity customers of Banca Transilvania, and information about legal entities is not considered personal data, information about customers who are individual professionals is subject to the personal data regime and the bank will treat it in compliance with the applicable legal provisions in this field.
We also process the personal data of you and/or other persons, such as the payees individuals or individualprofessionals or other such persons mentioned in the explanations of payments (e.g. the name you want to insert for the default payee, address, IBAN) or that you define as default payees (name/ first and last name, IBAN).
At the same time, in order to provide the Beneficiary Name Display Service (BNDS) for the purpose of fraud prevention in case of initiated interbank payments, if you are a legal entity customer of the type indicated above, whose information has the personal data regime, we inform you that they are processed according to the details in the Information Note on the processing of personal data within the Beneficiary Name Display Service (BNDS), available on the bank's website, at the following link: https://www.bancatransilvania.ro/nota-de-informare-sanb.
Also for the prevention of fraud, for intra-bank payments initiated from BT Go, BT processes - as an independent controller - the same categories of personal data that are also used within SANB, but without the involvement of other participating banks or Transfond. The basis for the processing of personal data is BT's legitimate interest in preventing fraud in intra-bank payments (BT-BT). The truncated name of the entity, as registered with BT, will be displayed to other BT customers who initiate a payment from a BT application to the entity's account with the bank, regardless of whether the payment is completed or not.
If you integrate from BT Go with the FGO billing platform and allow the provider of this platform access to the transaction history of the company accounts you connect to FGO, you assume the obligation to comply with the applicable legal provisions in the field of processing and protection of personal data, including those of informing and, where applicable, obtaining the consent of the data subjects to whom the company has transferred amounts or from whom it has received amounts in these transactions or whose personal data are contained in the explanations of the transactions, given that these personal data will thus be disclosed to the FGO provider.
-> Contact date
Because we have a legitimate interest in helping you use BT Go (support) and because we want to know what you think about this service (service quality assessment) we will use the contact details you have provided to the bank as a customer. You have the right to object to such contact. For details, please read the section on your rights regarding the processing of your personal data.
-> Permissions required when using the application
When you install the app, you will be prompted for permissions to access your device's camera to scan the QR code when you first log into the BT Go app. Depending on the Android/ iOS version of your phone you can grant access as follows:
- Allow/ Deny access
- Allow/ Deny/ While using the app
- Allow/ Refuse/ Just this once
If you refuse to grant access to the camera when the QR code needs to be scanned, you will not be able to use the BT Go app. You can then withdraw this permission, in which case you will not be able to use the BT Go features that require the use of the camera, but you will be able to use other parts of BT Go.
Also, the first time you log into the app, you will be asked for permission to send notifications. If you refuse to grant access, you will still be able to use the app, but you will no longer receive notifications in the app.
Other permissions required for the use and operation of the app, as set by the operating system provider of the device you are using and for which explicit user consent is not required, are detailed in the 'permissions' section of the Play Store/ Apple Store for the BT Go app (e.g. permissions to notify you when you have no internet connection).
-> Notifications
Through the BT Go mobile banking app we will send you different types of notifications depending on the actions you take, such as but not limited to the following:
- To log in to the web version of BT Go
- For authorising payments made in the internet banking application (web version)