Skip to main content
You've reached the end of the results
No results found
Popular searches
  • CREDITS
    CARDS
    ACCOUNTS AND TRANSACTIONS
    SAVING AND INVESTING
    INSURANCES
    PREMIUM BANKING
    Reclama
  • Financing
    ACCOUNTS AND TRANSACTIONS
    CARDS
    Payment solutions
    SAVING AND INVESTING
    Specialised sectors
    Reclama - opens in a new tab
  • Careers
    Newsroom
    Blog
    Podcast
    BT Community
    Reclama
  • We have made a firm commitment to Romanians and local entrepreneurs in supporting their dreams, BT being the partner with whom they can start their journey.
    OMER Tetik
    CEO Banca Transilvania
    • Open online account
    Call Center
    • Call Center status meter dynamic emoji
    High waiting time!

    We are currently experiencing a very high number of calls in our Call Center. If you have an urgent problem, call now, otherwise we'll wait for you later. For quick answers try Ask BT - opens in a new tab or BT Visual Help - opens in a new tab.

    • 0264 308 308 028 or *8028The number is available from any national network. Standard rate.
    0264 303 003Hotline for all Romanians who are out of the country, including assistance in English. Standard tariff.
    Fraud assistance
    If you suspect fraud on your account, quickly call 0264 308 055. Standard rate.
    BT AI Chat acronym - opens in a new tab
    Search with AI Search - opens in a new tab

    AI Search on Ask BT answers all your banking questions.

    - opens in a new tab
    BT Visual Help - opens in a new tab

    Quickly view your account details, call 0264 308 000 and receive an SMS with the access link.

    Information note on the processing of personal data for opening a business relationship with BT through BT Go - legal entities

    Printable version Download

    • 1. Who is the controller of the personal data and the data subjects?

    BANCA TRANSILVANIA S.A. (“the bank”, “BT” or “we”) a credit institution, Romanian legal entity, with the identification and contact details provided in Section III of the General Information Note on the processing and protection of personal data belonging to BT Customers, (“General Information Note”) offers certain categories oflegal entities1the possibility to establishabusinessrelationshipwith the bank (“PJ business relationship”) through the internet/mobile banking application for legal entities - BT Go.  


    If you legally represent a legal entity, you can apply to open a PJ business relationship through BT Go. BT will process your personal data, as a sole operator or together with other operators, in accordance with this information note. You are the person concerned by the processing.

    Legal entities that can open a PJ business relationship through BT Go must have a sole shareholder, who is also the sole legal representative of the company and the sole beneficial owner. Both the company and the individual must be residents of Romania.

    2. On what grounds do we process the data and what happens if you refuse processing?

    When you want to open a PJ business relationship through BT Go, we process your personal data on the following grounds:

    • BT's legal obligations (e.g. know-your-customer for the prevention of money laundering and terrorist financing, remote identification by video means)
    • conclusion/execution of the contract – PJ business relationship
    • the legitimate interest of BT and/or third parties (e.g., to prevent fraud, to collect your preference regarding data processing for advertising purposes, to provide you with support if you interrupt the application process, to verify your eligibility for opening a PJ business relationship)
    • your consent (e.g., for the processing of biometric data for remote identity verification by video means*, agreement to receive advertising messages**)

    *Ifyou do not accept the processing of biometric data, you cannot open a PJ business relationship through BT GO. However, you can do so at any BT branch without the processing of such data.

    ** If you do not want to give your consent to receive advertising messages, you can continue the process of opening a PJ business relationship through BT Go.

    However, if we have a legal obligation to process your data or if it is necessary for the conclusion of the contract, BT will not be able to establish a business relationship with you if you refuse to allow your data to be processed.

    3. For what purposes do we process your personal data, what data do we process, and to whom do we disclose it?

    A. to verify the identity and status of sole partner/legal representative/beneficial owner of the company

    Know Your Customer legislation for the prevention of money laundering and terrorist financing requires us to verify the identity of legal entities with which we are about to establish a business relationship, including individuals who are representatives, proxies, or beneficial owners thereof. We also have a legitimate interest in ensuring that we prevent attempts at fraud through identity theft, especially in the online environment. 

    For remote identification, we will take photos of you and your ID and use your facial biometric data (facial recognition) — only with your consent, which will be requested separately in BT Go. 

    Here is how we would proceed:

    1. Take a photo of both sides of your ID card (requires access to the camera). We automatically extract the data from it, including the photo, and compare it with the data from the General Directorate for Personal Data Processing (D.G.E.P.) (see here for details on the processing of data provided by D.G.E.P.) to verify your eligibility in BT GO.
    2. Move in front of the camera (requires access to the camera) and take a selfie to confirm that you are a real person. We compare your facial features in the selfie, ID card, and D.G.E.P. photo. The analysis is based on criteria such as the color, size, and slant of your eyes, the position and distance between your eyes, eyebrows, lips, and nose. The data used for and resulting from the comparison is biometric data that uniquely identifies you. If the score issued by the facial recognition tool is unsatisfactory, you will be able to resume the application process at a BT unit.
    3. We verify your details in the Trade Register to confirm that you are the sole partner, legal representative, and beneficial owner of the company and that you and the company are resident in Romania — necessary conditions for opening a PJ business relationship through BT Go.
    4. We collect your personal and business phone number and email address, which we verify to ensure that you have access to them. We will use them for communications related to your contractual relationship with the bank and for the electronic signing of the documents required to open a PJ business relationship through BT Go. If you are already a BT customer as an individual—account holder or non-account holder—when you initiate this process through BT Go, you must provide the same personal contact details (phone number/email address) that you already have registered with the bank. Otherwise, you will not be able to continue the process of opening a PJ business relationship through BT Go.

    We process the personal data indicated in points 1-4, used for identification, in order to allow you to initially set your security code (PIN) in BT Go.

    For remote identification in BT GO, we use the services of the service provider Onfido and its sub-processors. They process the data from your photographed ID card, your image (from a selfie/video taken in BT GO), and your facial biometric data solely on behalf of and under the instructions of the bank.

    Based on BT's legitimate interest in ensuring the proper and efficient functioning of the application, BT GO has access to your device's vibration settings in order to confirm the successful completion of each step in the identity verification process. This feature provides you with confirmation that you can proceed to the next step.

    Onfido and its partners may be located in third countries, such as the UK (with adequate data protection recognized by the European Commission), or in other countries that do not have such a decision. In the latter cases, we have ensured that the transfer of data is carried out on the basis of appropriate safeguards provided for by the GDPR, consisting of Standard Contractual Clauses approved by the European Commission, which you can find here:https://eur-lex.europa.eu/legal-content/RO/TXT/PDF/?uri=CELEX:32021D0915&from=EN


    B. for customer knowledge and for establishing/conducting the PJ business relationship

    As the sole legal representative, beneficial owner, and partner of the company, as well as the person authorized to operate the company's accounts, we are required to process your personal data for customer due diligence purposes in order to prevent money laundering and terrorist financing. To this end, we are required to collect, update, and store at least the following categories of personal data about the account holder (as applicable): first name, last name, pseudonym, date and place of birth, personal identification number or other similar unique identifier, citizenship, domicile, residence, address of residence and its legal status, telephone number, fax number, email address, occupation, name of employer or nature of own business, purpose and nature of the business relationship with the bank, source of funds to be used in the business relationship, estimated level of daily transactions, classification/non-classification as a politically exposed person (PEP), source of wealth and important public function held (only in the case of PEPs), as well as details and a copy of the identity document. Part of these categories of data are processed for the same purpose and legal basis, including for non-account holders (representatives, persons authorized to operate the account, and the beneficial owner of the account holder).

    The data collected for customer identification purposes, including checks, documents, and transactions, contributes to establishing the risk profile and is kept for 5 years after the end of the relationship with the bank, with the possibility of extension, in accordance with the law. At the end of this period, the data is deleted or anonymized, unless other legal provisions require its continued storage. According to the Tax Procedure Code, some data is reported daily to the National Agency for Fiscal Administration (ANAF) and is kept for 10 years after the end of the business relationship.

    At the same time, the bank assigns identifiers to customers, such as, but not limited to: customer code (CIF BT), IBAN codes for accounts opened with the bank, bank card numbers, based on which they can be identified in the bank's systems.

    When necessary, customers' personal data will be disclosed/transferred to various categories of recipients (e.g., to ANAF (the Romanian National Agency for Fiscal Administration) in accordance with tax legislation, to other banks and their customers to whom/from whom BT customers transfer/collect amounts from/to BT accounts, to service providers used by the bank), including to entities that are part of the BT Financial Group, for legitimate purposes and under conditions that ensure their security. All categories of recipients can be found in the dedicated section of the General Information Note.

    To set up your current account package, we will check the date your company was established and, if it is less than 12 months old, we will offer you the package dedicated to newly established companies – First Year Free Account (to be automatically changed when 12 months have passed since the company was established). Otherwise, you will be able to choose one of the Unlimited packages.

    We need to process your personal data in order to contract the current account package and the banking products/services included therein (e.g., the IBAN of the current account from which the package price will be charged, for the BT Alert service included in the package, the telephone number of the legal representative is used, the unit chosen for picking up the card or, as the case may be, the postal address for card delivery).


    C. for collecting marketing preferences and notifications in BT GO

    Collection of marketing options

    The bank has a legitimate interest in collecting your preferences regarding the processing of personal data for advertising purposes ("marketing preferences"). If you are about to become a non-account holder BT customer in the process of opening a PJ business relationship through BT Go, you will be shown a screen where you can choose to have your data processed for advertising purposes or decline. Onlyif you give your consent will we send you marketing messages.

    Before freely deciding whether you want to receive such messages, please consider the following:

    What personal data we use – if you choose to receive advertising messages, we process: your first name, last name, phone number, email address, and mailing address provided to the bank. At the same time, to ensure that the advertising messages are relevant, we will also use other information that we obtain when you use our services/products (e.g., transaction data, age, location, income range, etc.). We will analyze this data automatically (profiling) to form an opinion about the products/services/events that would suit you. It is also important to know that in advertising messages sent by email, we use tracking pixels and/or other similar technologies to better understand how you interact with the messages. Through these technologies, we collect information such as: when/if you opened the email, links or certain areas accessed within the email. This allows us to improve our marketing strategies and send you more relevant advertising messages. You can avoid email tracking through these technologies by adjusting your email settings (according to the options offered by your email service provider). How long the agreement is valid - if you choose to receive advertising messages, the agreement is valid until you withdraw/modify it or, otherwise, until you cease to be a BT customer - account holder or non-account holder (e.g., proxy, customer representative).

    Who we share your data with – if you choose to be contacted for advertising purposes, depending on your preference, BT will share your data with:

    (1) BT subsidiaries – entities within the Banca Transilvania Financial Group (BT Microfinanțare IFN SA, BT Asset Management S.A.I. S.A., BT Leasing Transilvania I.F.N. S.A., BT Direct I.F.N. S.A., BT Capital Partners S.S.I.F. S.A., BT Pensii Societate de Administrare a Fondurilor de Pensii Facultative S.A., BT Broker S.R.L., Fundația Clubul Întreprinzătorului Român, Fundația Clujul are Suflet and other entities that may join this group in the future), unless you have expressed your communication preferences directly to the subsidiaries;
    (2) current or future partners of BT and/or BT subsidiaries, whose products/services/events are related to BT services/products – the list of current partners is available at this link or, upon request, at any BT or BT subsidiary location.

    At the same time, in order to send advertising messages, your data will be disclosed to service providers, who will process it as persons authorized by BT, BT subsidiaries, or their partners.

    Communications that are not influenced by marketing options - options expressed regarding the processing of personal data for advertising purposes, whatever they may be: (a) do not refer to messages of general interest or of particular interest to customers, which are sent by BT based on its legitimate interests in conducting business relations in good conditions or based on its legal obligations; (b) do not influence the subscription/unsubscription of the email address entered in the forms available on BT websites to receive information from various areas of interest. Subscription to the newsletters available on the site is done through the respective online forms, and unsubscription is managed by following the unsubscribe link in the newsletters received after subscription.

    If you agree to receive advertising messages, you can withdraw/change your consent at any time and/or object to profiling for advertising purposes as follows:


    Based on the above information, when opening a PJ business relationship in BT Go, you will be shown both the option to not receive advertising messages (refusal) and the option to receive such messages (consent). The consent option will be divided into several categories from which you can choose: products and services of BT and/or BT subsidiaries, events organized by BT and/or BT subsidiaries, products/services of partners related to products/services of BT or BT subsidiaries, and events organized by BT partners.

    If you are already a BT individual customer (account holder or non-account holder) when you initiate the process of opening a PJ business relationship through BT Go, the screen for expressing marketing options will not be displayed, so the marketing options previously expressed will remain valid, whatever they may be.

    Collecting preferences and sending notifications in BT GO

    During the process, you will be asked if you allow notifications in BT GO. If you accept such notifications and do not complete the application process within the deadline set after setting your PIN, we will send you notifications to remind you to resume the process. In this case, you will resume the process where you left off. If you do not set a PIN or complete the process within the set deadline, you will have to restart the process from the beginning if you wish to open your current account through BT GO.


    D. For the issuance and management of the Qualified Digital Certificate issued by Alfatrust Certification S.A. for signing the documentation for establishing the PJ business relationship

    To complete the process of opening a PJ business relationship through BT GO, you will need to sign with a qualified electronic signature the application for opening the contractual/business relationship and for contracting the transactional products included in the current account package and, where applicable, the form for enrolling as a non-account holder customer and the form with options regarding the processing of your data for advertising purposes.

    The issuance and use of the digital certificate for signing is free of charge for you, but it is necessary for BT and Alfatrust, as associated operators, to jointly process personal data about you for the issuance of this electronic signature, as we inform you below:

    1. Joint Data Controllers

    Pursuant to Articles 13-14 of EU Regulation 679/2016 - General Data Protection Regulation (“GDPR”), Alfatrust Certification S.A. (“Alfatrust”) and Banca Transilvania S.A. (“BT” or “Bank”), with the identification and contact details indicated in the Terms and Conditions for the provision of certification services for qualified digital certificatesinform you about the processing of your personal data as a User ("data subject"), which they carry out as associated operators for the purpose mentioned in point b below.

    b. Purpose and basis for processing personal data

    The purpose for which the associated operators process the User's data is to issue and manage the Qualified Digital Certificate ("Certificate").

    BT is the operator that identifies the User, collects the personal data necessary for issuing the Qualified Digital Certificate, and transmits it to Alfatrust so that this operator can issue the certificate.

    The data that BT collects from Users is processed by the Bank in its own records, in the context of the business relationship that is initiated between the User and the Bank at the time the data is transmitted to Alfatrust.

    During the period of validity of the certificate, personal data is processed by associated operators, as appropriate, including in situations where Users request the suspension or revocation of the certificate in the manner detailed in the Terms and Conditions of Service.

    The grounds for processing personal data for the defined purpose are the legal obligation (Art. 6 para. 1 lit. c GDPR), the conclusion/performance of the Contract (Art. 6 para. 1 lit. b GDPR) and the legitimate interest of the associated controllers (Art.6 para. 1 lit. f GDPR).

    With regard to legal obligations, both BT—as a credit institution with which the User initiates a business relationship—and Alfatrust—as an accredited certification service provider from which the User wishes to obtain a certificate—are subject to the applicable legal provisions in the field of money laundering and terrorist financing prevention, according to which they must collect a series of personal data. This data is also necessary for the conclusion/execution of the Contract under which the User is allowed to use the certificate to sign documentation in relation to BT.

    In order to support Users who wish to submit a request for suspension or withdrawal of their certificate, the associated operators justify a legitimate interest in offering them the possibility to submit these requests not only directly to Alfatrust, but also through BT. The resolution of these requests involves the exchange of Users' personal data between the two associated operators.

    Contact details—telephone number and home address—will be processed by any of the associated operators whenever it is necessary to contact the end user for the proper performance of the contractual relationship related to the qualified digital certificate.

    c. Categories of personal data and persons whose personal dataare processed.

    The personal data processed for the purpose mentioned above are those required by law to be collected by a credit institution or a certification service provider for the prevention of money laundering and the financing of terrorism, namely: surname, first name, personal identification number, home/residence address, date of validity of the identity document, telephone number, and copy of the identity document. All this data, as collected by the Bank, will be made available to Alfatrust for the issuance and management of the Qualified Digital Certificate.

    The processing of this personal data is necessary for the generation of the Qualified Digital Certificate. The User's refusal to have this data processed will make it impossible to issue the Qualified Digital Certificate.

    The persons concerned by this processing are only Users, as defined in the Terms and Conditions of Use.

    d. Recipients of personal data

    With the exception of the associated controllers between whom personal data processed for the purpose of the processing will be exchanged, the data are disclosed, where appropriate, to the employees of the associated controllers who need to know them, to IT service providers, auditors, authorities and institutions entitled to know them.

    e. Period of processing of personal data

    Information on a Qualified Digital Certificate (including personal data) is processed by Alfatrust for a period of 10 years from the date of its termination of validity, in accordance with legally established deadlines.

    At Banca Transilvania, the remote electronic signature, applied on the basis of the Qualified Digital Certificate issued by Alfatrust on the documentation signed in relation to BT, is kept for the entire period during which a business relationship exists between the customer user and BT, plus the terms established in the applicable banking legislation, i.e. at least 5 years from the termination of the business relationship with the credit institution.

    f. Rights of persons concerned by the processing of their personal data for the indicated purpose

    Any User, in their capacity as a data subject, is guaranteed the exercise of the following rights regarding the processing of their personal data by any of the associated operators: the right of access, the right to rectification, the right to restriction of processing, the right to erasure, the right to object to processing, the right to data portability.

    Users may exercise these rights or contact the data protection officers with any questions/requests regarding the processing of personal data as follows:

    • to Banca Transilvania S.A. - by e-mail to dpo@btrl.ro or by a request sent to BT headquarters, with the mention "for the attention of the Data Protection Officer (DPO)"
    • to Alfatrust Certification S.A.- by e-mail to dataprotection@alfasign.ro or by a request sent to the Alfatrust headquarters, with the mention "for the attention of the Data Protection Officer (DPO)".

    Users also have the right to lodge a complaint with the supervisory authority - the National Supervisory Authority for Personal Data Processing (ANSPDCP), basedinBucharest, Sector 1, Bd. G-ral Gh. Magheru nr. 28-30.

    4. Retention period for personal data

    The personal data collected will be stored for 30 days if you do not complete the current account opening request initiated in BT GO by applying a qualified electronic signature.

    If you have signed the necessary forms for the PJ business relationship and then decided not to establish it or it was refused, as well as if you became a BT account holder after completing this process, the data retention periods in the dedicated section of the General Information Note apply.

    5. Your rights, DPO contact details, and details about personal data processing

    In general, the bank processes BT customers' personal data in accordance with the General Information Note, and when they use BT Go, in accordance with the BT Go Privacy Policy. You can find this information on the website www.bancatransilvania.ro, in the Privacy Hub section, where you can find details about your rights and how you can exercise them, as well as the contact details of BT's data protection officer (DPO BT). This information note is supplemented by the information in the General Information Note and the BT Go Privacy Policy.