This page is automatically translated from Romanian into English.

Banca Transilvania
Loans
Loans
Accounts and operations
Accounts and operations
Cards
Cards
Savings and investments
Savings and investments
Accounts and operations
Accounts and operations
Financing
Financing
IMM to Go, you do everything online
IMM to Go, you do everything online
Saving and investing
Saving and investing
Newsroom
Newsroom
Investors Relations
Investors Relations
Blog BT
Blog BT
CSR
CSR
UNIT NETWORK INVESTOR RELATIONS ONLINE PROGRAMMING COMMISSIONS BROCHURE MARKETING AGREEMENT
BT Pay – Apple BT Pay – Google BT Pay – Gallery
Download BT Pay

Scan the code with your mobile phone, depending on your phone system.
Download BT Pay

Scan the code with your mobile phone, depending on your phone system.
Download BT Pay

Scan the code with your mobile phone, depending on your phone system.
Download NeoBT

Scan the code with your mobile phone, depending on your phone system.
Download NeoBT

Scan the code with your mobile phone, depending on your phone system.
Download NeoBT

Scan the code with your mobile phone, depending on your phone system.
Download BT24

Scan the code with your mobile phone, depending on your phone system.
Download BT24

Scan the code with your mobile phone, depending on your phone system.
Internet Banking Internet Banking
Discover
Credit for
personal needs The
home credit Credit simulator
See all credits
Shopping cards Cards in lei The Youth Card
See all cards
Private banking Premium banking
Discover
See all
See all
Discover
See all articles
See all articles
Education Social Medium
See all projects
Discover
We have made a firm commitment to Romanians and local entrepreneurs in supporting their dreams, BT being the partner with whom they can start their journey.
ӦMER Tetik CEO Banca Transilvania

Call Center

PESTE
20
MIN
WAITING TIME
10
CUSTOMERS
IN CONVORBORATION
9
CUSTOMERS
WAITING
CALL THE CALL CENTRE
0264 308 028 or *8028 The number is available from any national network.
0264 303 003 Hotline for all Romanians who are out of the country, including assistance in English.
More
Popular searches
Notifications

BT integrates Microsoft 365 Copilot and GitHub Copilot AI assistants

14 March 2024 11:00

BT is the third most powerful banking brand in the world

6 March 2024 15:00

Financial results BT 2023

26 February 2024 18:19

BT turns 30

16 February 2024 09:40

Banca Transilvania buys OTP Bank Romania

9 February 2024 15:00

Question BT had a record number of visitors in 2023, over 5 million

12 January 2024 09:30
  • Backwards
  • | Home
  • Personal data processing and protection policy - previous versions - 11072018-14082019

Privacy Policy

Transilvania Bank's policy regarding the processing and protection of data of character personally in the course of banking activity ("Policy" or "Privacy Policy")

Version valid between 11.07.2018 – 14.08.2019
z PDF

At Banca Transilvania S.A. (hereinafter referred to as "BT", or "Bank") we constantly concern ourselves that the personal data of all persons the physicals with which we interact to be processed in full compliance with the applicable legal provisions and with the highest standards of security and confidentiality.  

To guide and support us in our activity in the field of data processing and protection with personal character I have appointed a data protection officer or DPO), who can be contacted by any person in connection with any aspects of how in which BT processes these data, by sending a complaint / complaint to the bank's headquarters in

  • Mun. Cluj-Napoca, str. G. Barițiu, nr. 8, jud. Cluj, with the mention "to the attention of the responsible for the protection of personal data" or a message to
  • e-mail address dpo@btrl.ro.

In the following we present our policy in this very important field for any person physics, which we undertake to review at certain intervals of time, in order to continuously improve it.

This Policy is not addressed to the employees of Banca Transilvania, they will be informed in the connection with their personal data that BT processes as an employer through a a distinct document, respectively through the Transilvania Bank's Policy regarding the processing and data protection personal employees.

We will explain in this policy what personal data we process in our activity to the people we interact with, in what ways, for what purposes, for what purposes we use them, to whom we disclose them or we transfer them, in what way we ensure their security, as well as what are the rights that people concerned have them in connection with the processing of these data and how they can exercise them.

A. Who is Banca Transilvania?
n
B. What is personal data and what such data does BT process?
n
C. Who are the persons whose personal data is processed by BT?
n
D. What does the processing of personal data mean and how BT gets to is it processing this data?
n
E. What are the grounds on which BT processes personal data?
n
F. What are the purposes for which BT processes personal data?
n
G. To whom Banca Transilvania discloses the personal data that it discloses is it processing?
n
H. How long does BT process personal data?
n
I. What are the rights that the data subjects can exercise with regarding the personal data processed by Banca Transilvania?
n
J. How does BT protect the personal data it processes?
n

BANCA TRANSILVANIA S.A. is a credit institution, a Romanian legal person, with its registered office in Cluj-Napoca, str. G. Baritiu, nr 8, Cluj, phone *8028, registered with the Trade Register under No. J12/4155/1993, unique code RO 5022670, having notified personal data processing and entered in the Register of personal data controllers under number 8728.

BT has over 500 units - branches, agencies, work points, which operate in Romania, as well as a branch and two agencies that carry out banking activity in Italy.   

Our official website is www.bancatransilvania.ro (hereinafter referred to as the "BT website").

The bank manages other websites, whose updated list you can consult here.

Banca Transilvania SA is the parent company of Banca Transilvania Financial Group (named in continued "BT Group"), which includes the subsidiary entities of the Bank about which you can find information on the BT website in the BT FINANCIAL GROUP section.

Personal data means any information relating to an identified natural person, or Identifiable. An identifiable natural person is a directly identifiable person or indirectly, based on this information.

Within the banking activity it carries out, Banca Transilvania processes the following categories of personal data:

  • identification data: name, surname, pseudonym (if applicable), date and place of birth, code personal identification number or other similar unique identifier, the series and number of the act national or international identity/passport, as well as a copy thereof, domicile and residence (if applicable), telephone, fax, e-mail address, nationality,
  • the profession, occupation, name of the employer or nature of his own activity (if applicable),
  • information about the important public office held - if any - and political opinions (exclusively in the context of obtaining information related to the quality of a politically exposed person),
  • information about the family situation (including marital status, number of children, dependent children),
  • information about the economic and financial situation - including income data, data about bank transactions and their history, data on the assets held, as well as data on behaviour,
  • image (contained in identity documents or surprised by video surveillance cameras installed in the bank's headquarters, as well as at its ATMs),
  • voice, including in the recordings of telephone conversations. BT records audio telephone calls in order to improve the quality of services and calls, but also to provide proof of request/agreement/option on certain issues requested / discussed / agreed during phone calls;
  • signature and, in specific cases, the digital fingerprint (in the case of non-book persons or of visually impaired persons),
  • identification codes, allocated by Banca Transilvania or other financial banking institutions or non-banking, necessary for the provision of services, such as, but not limited to, the codes IBAN attached to bank accounts, debit/credit card numbers, expiration date Cards 
  • health data, processed exclusively if the processing of such data is necessary to prove by customers the difficult situation in which they find themselves they or their family members, in order to grant facilities, or in the context of supply of insurance products intermediated by the Bank,
  • information regarding the fraudulent/ potentially fraudulent activity, consisting of data relating to allegations and convictions related to offences such as fraud, money laundering and financing of acts of terrorism, 
  • information regarding the location of certain transactions (in case of performing operations at ATMs or POS belonging to Banca Transilvania),
  • data and information related to the products and services offered by the Bank or by collaborators of the it, which the data subjects use (such as, but not limited to, type of credit, deposit, insurance)

In the course of its activity, BT primarily processes the personal data of the Ordinary customers, those with whom he has established a relationship long-term contract, carried out according to the General Business Conditions of Transilvania Bank applicable - as the case may be - to natural or legal persons (called relationship of business). These regular customers are generally: natural persons- major or minors - who have at least one current account opened with BT as a person customer the natural persons empowered/legal representatives operating on the accounts opened with BT on the names of natural or legal persons and their beneficial owners.

At the same time, however, BT offers its services and products for use to customers occasional. These are people who do not have an account opened with BT and no rights to operating on these, but sometimes uses BT units or equipment (such as ATMs, BT Express, BT Express Plus etc.) for performing different types of bank transactions (cash deposits in BT accounts, payment of invoices), transfers of amounts (for example Western transfers Union) or operations at the foreign exchange office, provide us with their personal data on the occasion of visiting BT websites or units or when using the support services offered by Bank's Call Center.

Banca Transilvania is a company listed on the Bucharest Stock Exchange, so it processes in this quality and personal data of its Shareholders, in accordance with with the provisions of the capital market law.

These Clients or Shareholders need to provide us sometimes - in order to be able to respond to them requests, for obtaining a product, performing an operation / provision of a service - data with personal character belonging to other people, such as: husband, wife, life partner, members the family, the beneficiary of a payment operation, the guarantor of a loan, the beneficiary of an insurance, individuals whose data are inserted in the documents made available by the client.

If it is the Client or shareholder who provides BT with information about other persons, he has the obligation to inform the respective data subjects about the content of this policy in connection with the processing of their personal data.

In the contracts that BT concludes with any supplier / supplier of goods / services (partner contractual) personal data of the signatories of these signatories are inserted contracts (usually name, surname, position held and signature belonging to legal representatives or conventional of the contractual partners), of the contact persons designated by the contractual partner (usually name, surname, telephone number and e-mail address), of the other categories of individuals whose data are disclosed to the Bank by the partner Contract. These personal data will be processed by BT in connection with the conclusion and the performance of these contracts, for the internal administrative-financial management, storage and archiving contractual documentations, testing and using information systems and IT services, complaints management, carrying out audit missions. The basis of the processing personal data belonging to these categories of persons is the legal obligation of bank, conclusion / execution of the contract and legitimate interest of the Bank. Character data staff that we are aware of in the context of the relationship with a contractual partner are disclosed, as the case may be: to the contractual partner who provided them to us, to the entities of the BT Group, BT partners who need to know them, public authorities and institutions entitled to them Request. The data will be processed at BT level during the contract period and subsequently, until the expiry of the archiving term of the contractual documentation. In view of the fulfillment of the mentioned purposes, it is possible for the Bank to transfer certain categories of data with personal character that the contractual partner has made available to us outside the Space European Economic EEA. The persons concerned by this processed benefit from the rights provided within the framework of this policy for the persons concerned by the processing.

All these categories of individuals that we have listed before we will call them below "datasubjects" of the processing of personal data.

"Processing" of personal data means any operation or set of data operations, such as collection, recording, organisation, structuring, storage, adaptation or alteration, extraction, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

The personal data we use in the course of our activity we obtain, as a rule, directly from the data subjects, on various occasions and ways:

  • at the time of establishment and during the business relationship with BT
  • on the occasion of concluding and carrying out contracts for products / services offered by the bank, in your own name or for third parties
  • by filling in forms available on the BT website, on other websites owned by the bank or other entities in the Group
  • by registering/ participating in various contests/campaigns organized by BT in its units, on the BT website or on the bank's social media pages
  • when we are asked for information / we receive notifications / complaints to the phone numbers of bank, on the e-mail addresses, through messages sent on the bank's pages from networks of socializing or received letric in BT units
  • when applying for available positions in the bank (online, sending / submitting CVs in BT units or on various e-mail addresses, at career fairs or other events)

Indirectly, we can find out personal data of the data subjects from / through:

  • public or public interest authorities and institutions, correspondent banks, lawyers, notaries, bailiffs or other persons who send us notices / requests
  • proxies of the data subjects in order to open /carry out the business relationship with BT
  • consultation of external databases, public or private, directly or through third-party suppliers, such as the National Trade Register Office, the Credit Bureau S.A., the portal of the Romanian courts administered by the Ministry of Justice, third parties owners of databases of persons accused of terrorism or politically exposed
  • employers of the data subjects, if we conclude with them conventions for the transfer of wages or other types of amounts
  • other entities in the BT Group, with which the data subjects enter into contractual relations and is need for the Bank to know their data based on its membership in the BT group and for good carrying out the common economic activity that they carry out together with the other entities of the BT Group
  • collaborators of the bank, who collect on its behalf data of persons who wish to or contacted by BT for the presentation of products/services they are interested in
  • Central Depository S.A., in the case of the Bank's Shareholders' data
  • the use by the data subjects of the BT website, of other websites operated by the bank (through cookies, Google Analytics, etc.) or other entities in the Group. For details about these aspects and the ways in which they can be launched or blocked cookies, you can consult the policy of using the cookies of the website.

The activity carried out by Banca Transilvania, in its capacity as a credit institution, is strictly regulated by various normative acts. Thus, many of the processing of data of character the staff that BT makes are imposed by the legal obligations it has. At the same time, however, BT processes personal data necessary for the conclusion and/or execution of contracts concluded with the data subjects, on the basis of his legitimate interest or, when applicable, in the basis of the consent of the data subjects.

Except in cases where personal data are processed on the basis of consent data subjects, the refusal of the persons to have their data processed by BT will make it impossible providing the requested services or solving their requests.

Performing any operation, requested at the counters of the BT units by the clients ordinary or occasional, presupposes that the Bank will go through the stage of identification of the to these people. In this regard, BT employees will ask people to present their valid id. In some cases required by law, it will also be necessary performing and retaining by BT the copy of the identity document, for the period provided by law.

Cases in which BT has the obligation to apply the standard measures of knowledge of the clients, and including to perform and withhold the copy of the identity document are Following:

  • when establishing a business relationship;
  • when performing occasional transactions worth at least EUR 15,000 or equivalent, whether the transaction is carried out in a single operation, or several operations that seem to have a connection between them;
  • where there is a suspicion that the operation in question is aimed at money laundering, or terrorist financing, regardless of the incidence of the derogatory provisions from the the obligation to apply the standard customer-knowledge measures set out in the this law and the value of the operation;
  • if there are doubts as to the veracity or relevance of the information of identification already held about the customer;

Under the legal obligation to apply standard measures of customer knowledge, which any Romanian credit institution has according to the provisions of the Regulation BNR nr. ANGEFLY NO. 9/2008 on customer knowledge in order to prevent and combat money laundering, of Law 656/2002 on preventing and combating money laundering and financing terrorism and HGR 594/2008 for the application of Law 656/2002 on combating money laundering and terrorist financing, at the time of establishing a business relationships, it is necessary to collect and keep in the records of BT at least the following categories of personal data: name, surname, date and place of birth, personal identification number or other similar unique identifier, domicile, telephone number, fax, e-mail address, citizenship and, if the case, pseudonym, address of residence, occupation, name of the employer or nature own activity, important public office held, name of the real beneficiary.

The same information is collected if a client is represented in the relationship with the bank of another person, acting as empowered, curator, guardian or in any other capacity and, in addition, data relating to the nature and limits Empowerment.

In case of establishing and carrying out the business relationship with a legal person client, it is will collect the data mentioned in the paragraphs above in order to identify the persons which, according to the articles of incorporation and/or the decision of the statutory bodies, are invested with the power to direct and represent the entity and their powers of employment of the entity, as well as for the identification of the person acting on behalf of the and information to establish that it is authorized/empowered in These data, the bank has the obligation to verify them including in the registers Public.

Under the same legal obligations, the data of identity of the beneficial owner.

The verification of the collected data will be done on the basis of identity documents, but also through verification of other sources.

Performing and retaining the copy of the deed of the identity of all these persons is also mandatory for the bank.

In the process of knowing the clientele, the bank has the legal obligation to collect including information related to the quality of the politically exposed person of the clients with whom enter into a business relationship. For this purpose only, BT will process information that falls into the category of political opinions - personal data of a special character.

Also, in accordance with the legal obligations incumbent on him in this matter, in the stage of enrollment and opening of account BT will classify customers by degrees of risk, in the basis of criteria such as nationality, residence, finding, functions or positions important owned.

In the process of knowing the clientele, based on the legal obligations of GEO no. ANAe no. 202/2008 on the implementation of international sanctions and the Regulation No. ANNThen. 28/2009 on the supervision of the implementation of sanctions international, as well as on the basis of his legitimate interest in not entering into relations of business with persons accused or suspected of non-compliance with the law, the bank processes information regarding fraudulent / potentially fraudulent activity (data on charges and convictions related to crimes such as fraud, laundering money and financing of terrorist acts) 

BT has an obligation to ensure that all such data is updated in its records throughout the business relationship with customers, meaning that it will request to update the data provided at the initiation of the business relationship, or by as many times as necessary, being able to even update them on their own initiative, from sources externally secure, public or private, accessed directly or through third parties suppliers.

All these data are kept in the bank's records according to the established legal term, which is at least 5 years after the termination of the client's business relationship with BT.

If the request for initiation of the business relationship is filled in online, in the sections available on the BT website, the applicants will have to provide the same data imposed by the aforementioned legal provisions, following that the enrollment process (establishing the relationship of afceri) to be completed only after signing the documentation in a unit of the bank. If, within 60 days from the completion of the application online opening of the business relationship the applicant does not show up in a BT unit for signing, respectively completing the enrollment process, its data will be deleted from the bank's records.

Lending is one of the main activities carried out by a credit institution. Concluding and carrying out a credit agreement with a natural or legal person, involves going through several stages in which character data is processed personnel under the legal obligations of the Bank, on the basis of the conclusion and execution credit/guarantee/evaluation contract, based on the legitimate interest that the Bank it justifies it, as well as, in some concrete situations, based on the consent data subjects of the processing.

1.1. Processing of personal data in the Credit Bureau System

1.1.a.The legal basis and the purpose of the data processing in the Office system Credit

The bank has the obligation, according to the legal regulations in force, to evaluate the ability of the applicants to repay the loan before the conclusion of a credit agreement and during its development. To this end, process the information indicated in point 1.1.c below, both in own records, as well as transmitting them to the Credit Bureau in order to processing by this institution and consulting them by any Participant in this system, for the purpose of initiation or running a credit relations, such as for the insurance of credit products.

For loan applicants and certain categories of people in relationships with them, during the analysis stage of a loan application, the Bank consults Credit Bureau system, justifying a legitimate interest in this regard for carrying out a responsible lending activity.

The Credit Bureau SA is the private law entity that manages the System Credit Bureau, where personal data are processed in connection with the lending activity carried out by the Participants.

The participants in the Credit Bureau System are credit institutions, non-banking financial institutions, insurance companies and companies of recovery of receivables, who have signed a Participation Contract with the Office of Credit.

1.1.b. The obligation to provide the data and the consequences of non-compliance Its

The provision of personal data is necessary for the purpose mentioned in point 1.1.a. Refusal of the persons concerned by this processing to provide their personal data, necessary for the achievement of the above-mentioned purpose, will lead you to the Bank's impossibility to fulfill its legal obligations in connection with granting the loan.

1.1.c. Categories of personal data processed in the System Credit Bureau

The data processed in the Credit Bureau System are:

  • identification data of the data subject:name, surname, code personal numeric, home /residence and correspondence address, number landline / mobile phone, date of birth, country code and series / passport number in the case of non-resident persons;
  • data relating to the employer:name and address of the employer;
  • data regarding the credit products requested/granted: type and name of the Participant, type of product, status the product/account, the date of granting, the term of granting, the amounts granted, amounts due, due date, currency, frequency of payments, amount paid, monthly installment, overdue amounts, number of outstanding installments, number of days of delay, category of delay, date of closure of the product;
  • data regarding the events that occur during the development of the credit producttype, such as those relating to restructuring / refinancing, giving in payment, assignment of the contract of credit, assignment of the receivable;
  • data regarding the relations with other accounts:information regarding credit-type products in which the data subject has the capacity co-debtor and/or guarantor;
  • insolvency data:information regarding the data subjects against whom an insolvency procedure has been opened;
  • number of interrogations:indicates the number of Credit Reports issued by the Credit Bureau, at the request of one or more Participants;

1.1.d Recipients of data

The personal data registered in the Credit Bureau System are disclosed to the Participants in this system, upon request, for the purpose mentioned in the point 1.1.a.

Personal data processed in the Credit Bureau System will not be disclosed to third parties, except for public authorities and institutions, according to their competences and applicable legislation, such as the Authority National Supervisory Team for Personal Data Processing, Bank National Authority of Romania, National Integrity Authority, courts judges, notaries public, bailiffs, investigation bodies Criminal.

1.2. Processing of personal data in the records of Banca Transilvania S.A.

1.2.a. The legal basis and purpose of the processing of personal data

For the purpose of payment and, as the case may be, of analyzing a loan application formulated, in accordance with the need to carry out an activity of responsible crediting, in addition to the processing of personal data in credit bureau system S.A., the Bank processes in its own records such data under the legal obligations they must comply with, the concluding the credit / guarantee / evaluation / insurance contract, based on his legitimate interest and, as the case may be, with the consent of the data subjects.

1.2.b. The obligation to provide the data and the consequences of non-compliance Its

The provision of personal data is necessary for the purpose of payment/analysis of a loan application. Refusal to provide the data necessary to achieve this purpose will lead to the impossibility of the Bank Transilvania S.A. to fulfill its legal obligations in connection with the granting the loan, and the loan application will not be analyzed.

1.2.c. Categories of personal data processed within the Bank Transylvania S.A.

Personal data mentioned above as being processed in the Office system of Credit are processed by Banca Transilvania S.A. and in its own records. To these data is added information that the Bank finds out as a result of checking the persons concerned in their own records, as well as in databases public such as websites - portal of the courts, ONRC, etc.

1.2.d.Existence of an automated decision-making process, including the creation of profiles made through the BT scoring application

In order to objectively verify the fulfillment of the eligibility conditions for the re-financing and, as the case may be, the analysis of the loan application- BT processes in some cases, based on his legitimate interest, personal data of the loan applicants (individuals and legal representatives of the legal staff) as well as other natural persons participating in the stage of analysis of the loan application in its own automated system ("the application of BT scoring").

In the BT scoring application, the character data are entered and analyzed personal identification data, other data completed in the credit application, information resulting from verifications carried out in the Bank's own records or in those of the Credit Bureau SA, such as - if the persons concerned by this processing collects income in an account opened with the Bank or are regular customer of the Bank, the level of monthly payment obligations, the history payment in the case of other loans contracted from the Bank, etc. Following analyzing these data/information, the BT scoring application issues a score which is based on a profile of the debtor/potential debtor good or bad payer. The returned score thus determines the credit risk and  the probability of payment of installments on time in the future.

Based on the score issued by the BT scoring application, to which the result is joined checking the relevant personal situation in public databases such as websites - portal of the courts, ONRC, etc. - The bank establishes if the eligibility conditions established by its internal regulations and will make the decision of admission or rejection of the loan application, a decision that is based on the analysis performed by the employees Bank (human intervention).

1.2.e At this stage of the crediting process, applicants they will be handed a form by signing which they can express their agreement that the bank to consult the ANAF database, for a limited period - of maximum 5 working days - regarding the incomes made by them, considering that the level of income earned is an essential element for establishing compliance with the bank's credit conditions.

Also at this stage, for some types of lending products, the Bank wants to consult the records of the Credit Risk Central, in which case it will be handed over the loan applicant for completion and signing of an agreement form Dedicated.

2.1. Legal basis and purpose of processing

For the conclusion and performance of credit agreements and, as the case may be, of the guarantee / evaluation / insurance contracts related to them, the Bank processes the categories of personal data mentioned in this section in point 2.3, in the basis of its legal obligations, of the conclusion and execution of contracts and in the basis of his legitimate interest

2.2. Obligation to provide data and consequences of non-compliance Its

The provision of personal data is necessary for the purpose of concluding and the performance of credit agreements and, as the case may be, of the accessory contracts these (e.g. warranty). Refusal of persons to process personal data necessary to achieve the mentioned goal, will lead to the impossibility of the Bank of to provide you with the requested credit.

2.3. Categories of personal data processed

Personal data processed by the Bank for the purpose mentioned in point 2.1 of the the present section are those used in the stage of preofertare/analysis of the credit application, to which are added other such data that have been filled in and/or received on the occasion/for the conclusion or during the contract credit and guarantee.

BT allocates to each of its clients a client id (Client Id) based on which it is identified in the bank's records, as well as an IBAN code for each account (current, card, savings, etc.) opened in the name of the customer at Bank.

At the same time, for each of the cards issued by BT to its customers, it is allocates a unique number (PAN), which BT registers on the card together with the expiry date its name and surname, the name and surname of the card holder and the CVV basket (back). Based on agreement of the cardholders, there is the possibility of registering on the card including the IBAN code.

Banca Transilvania is constantly preoccupied with offering its clients with whom it concludes a business relationship such online services and products be – the internet banking service – with the variants BT24, mobile BT24 or BT24 Invoices - digital wallet payment application - BT Pay, chat both "Livia from BT" accessible via Facebook, the self serv service callable by phone. For the use of these services is necessary for the processing by the bank of certain categories of personal data in order to identify individuals as BT clients and, subsequently, as users of the services. These data are usually - name, surname, date of birth, customer code, phone number.

Some of the BT applications, which are accessible with the help of mobile equipment (example: BT24 mobile, BT Pay), may require their users either at the time of installation, or during their use, access to certain data with personal character supplementing such as, but not limited to: camera (by example for the option to scan the barcodes of the invoices), location (in certain sections of applications, for displaying units and ATMs BT located nearby or for indicating the shops of the merchants registered in the Star BT loyalty program), contacts (only when accessing the option of payments by Email / SMS / P2P for the automatic filling in of the beneficiaries' details), SMS (for the automatic completion of the SMS-OPT codes required within the various sections of applications), phone status and identity (e.g. IMEI's phone is required to activate the mbt24 mobile internet banking application), information related to the existence or non-existence of a method of securing the phone used in the Applications.

Also, when using online services, to ensure security the transactions made will be processed in some situations the IP address of the device on that you use. These data are requested and used strictly for insurance purposes the security of the transactions and processed only for the strictly necessary period.

In order to provide certain banking services, such as, but not limited to, internet and mobile banking - with the variants of BT24, mobile BT24 or BT24 Invoices- SMS Alert, BT Alert, the bank will process the phone number communicated by the clients in order to provide the respective services.

Also, the phone number, e-mail address or domicile/residence/correspondence provided by the clients for the development of the relationship of business, will be processed by the bank in order to inform clients about to issues of interest related to the functioning of the services / products contracted by the BT,as well, but not limited to interruptions in the operation of some services, institution of garnishing on bank accounts, warnings on expiry bank cards issued by BT or identity documents, but also for contacting them in the activity of debt collection.

In the case of "apply online" services for various BT products/services/contests/events, available in the form of forms on BT's website and on other websites controlled by the bank, we usually request filling in the following personal data: name, surname, telephone number and address e-mail, in order to contact the applicants to provide them with an answer/information in connection with these requests.

Depending on the specifics of the product / service for which it is applied online, there are situations when it is necessary to provide additional data, either of those imposed by legal provisions, either of those processed by BT on the basis of the legitimate interest to identify the persons in order to be able to provide them / provide them with the products / services / information Requested.

The data filled in in these forms are processed by the bank for the purpose of providing products / services / information requested, for the period necessary to fulfill these goals, according to the bank's retention policies elaborated in accordance with the the principles and obligations established by the applicable laws in the field of processing and protection of personal data.

BT will not collect or store the personal data of those who have it completed online, if they have not completed their registration.

Any person has the right to deposit cash amounts in accounts opened with BT, if the holders of these accounts have allowed such deposits to be made by third parties.

In order to make such a deposit, the bank has the legal obligation to identify payers based on their identity documents, and respectively also to process a series of their personal data - name, surname, series and number of the act of identity, personal identification number, address, details of the deposited amount and explanations on the nature of the payment (what is the payment).

In the cases provided by law, mentioned in point. I of this section, for making cash deposit The bank will have to perform and keep in his records the copy of the identity document belonging to the occasional Clinet who make deposit

If certain occasional Clients repeatedly present themselves in the units bank to make deposits of cash amounts in the accounts opened with BT, for to streamline the bank's activity, respectively to reduce the waiting time in units, the bank has a legitimate interest to use their data collected on the occasion of previous deposits, and they will be prefilled in the receipt form cash deposit. The data of external depositors will not be processed for other purposes, will be accessed only by the staff who has the need to know and keep them only for the periods stipulated in the internal retention policies and within the acts norms containing provisions on this aspect.

Any person has the opportunity to address the bank's requests, to request the provision of information / taking measures or can send him complaints / complaints, on various channels such as – by sending/submitting legal complaints at the bank's headquarters or of its territorial units, by calling the phone number of the call center BT or any other phone number assigned to BT units, by sending messages on e-mail addresses made available to customers or on the addresses of e-mail of the bank's employees, by sending electronic messages in the framework of the secure internet banking platform BT24, by filling in some forms dedicated on the BT website or on other websites controlled by the bank - for the list all BT websites enter here.

To identify the requesting persons, to analyze the reported situation and to to respond to these requests for information / notifications / complaints, the bank processes a series of personal data - name, surname, telephone number, address of electronic mail or correspondence from which the request was received, other personal data provided within the messages or that is required to be processed in order to formulate answers / provide the requested information.

In order to prove that these complaints / complaints / requests for information/measures, as well as for quality control answers/information/actions transmitted/taken by the bank, as well as for purposes of quality control of the support services, the received messages will be kept in the records BT both in the format in which they were received, as well as in electronic format, and phone calls will be recorded and kept during the business relationship for BT clients, respectively for a period necessary to fulfill the purpose in which have been processed (formulating the answer/providing the information), plus a period of 3 years - the legal term of prescription if the data do not belong to persons with which bank has established a business relationship.

According to the provisions of Law nr. 333/2003 on the security of objectives, goods, values and the protection of persons, with subsequent amendments and completions and of the Decision No. 301 of April 11, 2012 for the approval of the Methodological Norms of Law no. 333/2003 regarding the security of objectives, goods, values and the protection of persons, BT has the legal obligation to video surveillance the ATM area, as well as the areas of the horses access, hallways and other high-risk areas.

Based on its legitimate interest, the bank understands to supervise video and other areas accessible to the public that presents a potential security risk for persons/spaces or goods.

The video surveillance activity involves the processing of the image of the persons, and the places where the cameras are located are properly marked, by a specific and prominent notice accompanied by the icon.

The video surveillance system is not used for any purpose other than the one mentioned, not uses to monitor the activity of the public, employees or timekeeping. Of Nor is the system a means of investigating or obtaining information for internal investigations or disciplinary proceedings, except where a physical security incident occurs or criminal behavior is observed (in exceptional circumstances the images may be transferred to the investigating bodies in the framework of a disciplinary or criminal investigation).

The system can record any movement detected by the cameras installed in the area supervised, along with date, time and location. All rooms are functional 24 hours, 7 days a week. When necessary, the quality of the images allows recognition of people passing through the action zone of the cameras. Records video are stored in the internal records of the bank.

In addition to image processing in the framework of the video surveillance activity, to allows visitors' access to some spaces where the bank operates, the personnel with security attributions will identify the visiting persons based on the documents their identity, and the name, surname, series and number of the identity document of the these persons are to be registered in special registers and kept in the format letric for the legally established period.

BT wants to inform interested persons about the products /services/ events offered/organized by the bank, the entities of the BT Financial Group or by the their partners, meaning that they process the personal data of these persons, if they have expressed their consent to receive such advertising messages by filling in the dedicated form, accessible in any unit of the bank and on website.

The data processed by BT for the purpose of transmitting advertising messages are usually name, surname, telephone number and/or e-mail address or correspondence provided by persons interested in receiving advertising mesae. To ensure that the advertising messages transmitted are relevant to its customers, The bank will process other information it finds out about the client, in the context in which they use BT's services/products (e.g. transaction data, age, location, income range, etc.), on which he will automatically study (profiling) to create an opinion related to the products/services/events that would be appropriate.

The personal data will be processed by the Bank until the termination of the relationship business with the data subjects or, as the case may be, until the withdrawal of their agreement to receive such messages.

Advertising messages will be transmitted mainly on SMS channels, phone call, e-mail address, postal correspondence address.

In some cases, for the transmission of advertising messages on these channels, BT will contract service providers, who will process the personal data of persons in the name and for BT, only for the transmission of advertising messages established in compliance with the instructions of BT and being under the close supervision of the Bank.

Willing people can choose to receive advertising messages from several categories, including: products and services of BT, products and services of the BT subsidiaries, events organized by BT, products/services of partners, which are related to products/services of BT or BT subsidiaries and events organized by BT partners.

BT subsidiaries whose products/services and events are intended to be promoted in the framework of advertising messages sent to persons who have opted for this purpose  are the following entities in within the Banca Transilvania Financial Group 

The list of current categories of partners of BT and/or subsidiaries of BT is accessible at the https://www.bancatransilvania.ro//Sites_portofoliu_BT_25.05.2018-14.08.2019_versiunea_1.pdf link and https://www.bancatransilvania.ro//Parteneri_BT_Politica_Confidentialitate_31.07.2019-prezent_Versiunea_2.pdf or in any BT or BT subsidiary establishment.

If you have opted to receive advertising messages about products/services of events offered/organized by BT subsidiaries or by partners, these entities will process the personal data for the purpose of transmitting these messages, under close supervision and coordination of the Bank. For any possible processing of personal data carried out by BT partners / subsidiaries of BT  outside or adjacent to the transmission of advertising messages, such as, for example, in order to conclude contracts related to their products / services that have been promoted, these partners are going to act as operators of the processed personal data.

Consent to receive advertising messages may be withdrawn or modified by several modalities, indicated separately on the form for expressing the consent to the processing of personal data for advertising purposes.

In some concrete cases, with strict respect for rights and freedoms to individuals, Banca Transilvania will process personal data for the purpose of transmission of advertising messages based on its legitimate interest in promoting the products and services they offer.

BT is one of the companies with the largest number of employees in Romania, and ads about various vacancies in the bank are posted on recruitment sites. People who access these sites and apply for specific positions available in BT or the "careers" section of the www.bancatransilvania.rowebsite, will be directed to the platform secure recruitment used by Banca Transilvania.

Within this platform, either they will want to apply only for a certain post, or that will prefer that the bank can contact them for different positions available in the company, candidates will be asked to create an account, entering their name, first name, a phone number and an e-mail address where it can be contact for recruitment purposes and upload at least their CV.

If it will apply only for a certain post accessed, the personal data of the the candidate will be processed by the bank only within the recruitment process for that post, following that they and the account created in the platform to be deleted at completing the recruitment process for the respective position.

If, instead, the candidate will choose to be contacted generally for vacancies in the BT, it will be necessary to select a series of predefined criteria in the platform, in the basis of which will be announced about the availability of posts that are Fit. In this case, the candidate's data will be kept for recruitment purposes for a period of 1 year from the moment of registration of this option.

The same retention period applies if the CVs were handed over /transmitted to the Bank by the candidates on any other channels.

After the expiry of the mentioned term, BT will anonymize the personal data collected for recruitment purposes, and they will be used only for the generation of statistical reports for the internal use of the bank. Once these records become anonymous, they can no longer identify the person to whom they belong.

In the recruitment process, references from employers can become relevant previous candidates. If the bank needs them, it will contact the candidate to ask for his consent to obtain them on his behalf. If the candidate does not will express his consent in this regard, it will be necessary to obtain these himself references, if he wants to continue the recruitment process.

The candidate has the option to delete at any time the account created within the BT's recruitment platform, which will equate to the withdrawal of consent or as the bank to process his personal data for recruitment purposes. From the moment deleting the account in the platform, only the candidate will be able to access his/her data registered, not BT.

If the bank will receive CVs or job applications on other channels than the recruitment platform indicated above, will keep these data for the same periods of time mentioned above, respectively until the end of the recruitment process for the chosen post, or, as the case may be, for a period of 6 months, which can be extended at the request of the candidate, if he/she wants to apply for various positions available in the company.

In addition to the purposes detailed in the previous sections, the Bank Transylvania also processes personal data for other purposes, such as:

  • performing analyses and keeping economic and financial management records and/or administrative in the Bank;
  • administration within the internal departments of the services and products offered by the bank;
  • evaluating and monitoring the financial-commercial behavior of the Clients on the during the business relationship with the Bank; 
  • creating or analyzing profiles to improve BT products/services or of the entities in the BT Group;
  • analyzing the behavior of website users through the use of cookies, both of BT and of third parties, in order to provide general content or customized, offers tailored to the interests of users (details in  Cookie Policy);
  • conducting internal analysis (including statistics), both on products / services, as well as with regard to the client portfolio, for the improvement of and the development of products/services, as well as the performance of studies and analyses of the market regarding the Bank's products/services;
  • calculation of the commissions to which the employees acting within the the sales force of BT;
  • archiving both in physical and electronic format of documents, making correspondence registry services addressed to and dispatched by BT, as well as carrying out courier activities; 
  • settlement of disputes, investigations or any other petitions/complaints/requests in which BT is involved; 
  • performing risk controls over BT's procedures and processes, as well as carrying out audit or investigation activities;
  • making and transmitting reports to the competent institutions to them receive in accordance with the legal provisions applicable to BT (eg reports about the payment incidents at the Payment Incidents Central within the NBR, declaring transactions that exceed the amount established by law to the Office National Prevention and Control of Money Laundering);
  • for monitoring the clients' activity in order to detect transactions unusual and suspicious transactions;

The personal data of the Bank's Clients are disclosed or, as the case may be, transferred, in compliance with the applicable legal grounds, depending on the situation and only under conditions that ensures full confidentiality and security of the data, to categories of recipients, as well as, but not limited to:

  • branches, agencies, work points, representative offices of the Bank,
  • entities within the BT Financial Group mentioned in this policy or on BT website and others that can join the BT Group in the future
  • Service providers used by the Bank for: IT services (maintenance, software development), archiving in physical and / or electronic format; courier; audit; card-related services and their enrollment in platforms; of studies/market research, of transmission of advertising messages, monitoring traffic and user behavior online tools, marketing services through social media resources, etc.;
  • processing inter-banking payments and transmitting information on inter-banking operations (ex: Transfond, Society for Worldwide Interbank Financial Telecommunication- SWIFT);
  • public authorities and institutions (such as, but not limited to, the NBR, ANAF*, police, the Office National Prevention and Combating of Money Laundering**),
  • companies (funds) guaranteeing various types of credit / deposit products (e.g. FNGCIMM, FGDB etc.),
  • ONRC, OCPI, AEGRM, notaries public, lawyers, bailiffs;
  • Central Credit Register***;
  • Credit Bureau and Participants in the Credit Bureau system****;
  • insurance companies;
  • valuation companies;
  • companies collecting overdue debts or receivables;
  • entities to which the Bank has outsourced the provision of financial and banking services;
  • partners of the Bank;
  •  international payment organizations (e.g. Visa, Mastercard);
  • banking institutions or state authorities, including outside the European Economic Area - in the case of international transfers of the SWIFT type or as a result of processing carried out in the purpose of applying the fatca and CRS legislation, social media providers, debt recovery services and/ or debt collection, appraisers, real estate agencies.

*According to the provisions of the Fiscal Procedure Code (Law 207/2015), in its capacity credit institution, BT has the legal obligation to communicate daily to the central tax body – A.N.A.F.- list of holders who are natural persons, legal entities or any other entities without personality legal entities that open or close accounts, as well as the identification data of the persons who own the right of signature for the accounts opened with them, the list of persons renting boxes of values, as well as the termination of the lease. A.N.A.F. may communicate this data to local tax bodies or to other central and local public authorities, under the law.

**If the conditions for the transmission by BT of data with personal character to the National Office for Prevention and Control of Money Laundering, according to Law nr. 656/2002 for the prevention and sanctioning of money laundering, as well as for establishing measures to prevent and combat the financing of terrorism, republished, with subsequent amendments, they are transmitted simultaneously and on the same format and to A.N.A.F.

The bank has the legal obligation to report to the Central Credit Risks Office (CRC) the information of credit risk for each borrower who meets the condition of being reported (includes the data identification of a debtor, natural person or non-banking legal person, and operations in lei and in foreign currency through which the Bank exposes itself to risk towards that debtor), respectively to have registered with him an individual risk, as well as information about card frauds Found.

The bank has the legitimate interest to report in the Credit Bureau System, to which they have access and other Participants (mainly credit institutions and non-banking financial institutions) data your personal if you register delays in the payment of the loan of at least 30 days, after prior notification of the data subjects in this regard by at least 15 days before the reporting date.

For the purpose of providing banking services that are the subject of contracts concluded between the Client and the Bank, it will transfer personal data abroad, as the case may be, including to states that does not ensure an adequate level of protection for them. Initiation by the Client of some operations of the type of payment orders represents his consent for the transfer of his data with Personal bank character to the respective States. States which do not provide a level of protection adequate are the states outside the European Union / the European Economic-European Area, except for the states to which the European Commission has recognised an adequate level of protection, namely: Andorra, Argentina, Canada, Switzerland, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Uruguay (in so far as no decision will be issued to the contrary in respect of any of these states).

In order to achieve the purposes presented in this Policy, the personal data will be be processed by BT throughout the contractual relationship with the data subjects and after its completion in order to comply with the applicable legal obligations, including those in the matter of archiving.

Personal data completed in the credit application and those processed for knowledge clientele in order to prevent and sanction money laundering and combat terrorism,  are stored in the BT records for a period of 3 years from the date of signing the request for crediting, if it is rejected and, respectively, for a period of 5 years starting with the date of termination of the credit relationship, if a credit agreement will be concluded following the approval of the loan application.

Regarding the data processed within the BT activity in the Credit Bureau system, they are stored at the level of this institution and disclosed to the Participants for 4 years from the date of update, except for the data of the credit applicants who have waived the application for credit or to which the credit has not been granted, which are stored and disclosed to the Participants for a period of 6 months.

Personal data for which BT has the legal obligation to report to the Credit Risk Central (CRC) will be kept in the records of the CRC for a period of 7 years from the date of credit registration.

The agreements for consulting the ANAF database will be kept in the Bank's records for a period of time 10 years after signing them - if the loan application was rejected - and for 5 years respectively upon termination of the credit relationship, but not less than 10 years from the date of signing the agreement- for if the loan application was admitted and a credit agreement was concluded. Upon request, these agreements are to be made available, upon request, to ANAF.

For data processed on the basis of the consent of the data subjects for the purpose of transmission advertising messages, they will be processed until the termination of the business relationship with The bank or, as the case may be, until the withdrawal of the respective agreement.

In order to prove that complaints / complaints / requests for information / measures have been received and that answers have been made to them, including for the quality control of the answers provided by BT, messages of this type received on any channel will be kept in the records of BT both in format paper, as well as electronically, during the business relationship for BT customers, respectively for a the period necessary to fulfill the purpose in which they were processed (formulation answer/ provision of information), plus a period of 3 years - the legal term of prescription in if the data do not belong to persons with whom BT has established a business relationship.

Personal data processed for recruitment purposes will be kept by BT until the end the recruitment process for the available position. If the data subjects want to be contacted for more positions that would suit them, the data from the CVs and other records that they have made available to BT for this purpose will be kept for a period of no more than 1 year, if in this time interval is not required to delete them from the Bank's records.

The duration of storage of data obtained through the video surveillance system is proportionate to the purpose for which the data are processed, i.e. not exceeding 30 days, the period after which the records are deleted by automatic procedure, in the order in which they were Recorded. In the event of a security incident, the shelf life of the material Relevant footage may exceed the normal range depending on the time required for further investigation of the security incident.

Any other personal data processed by BT for other indicated purposes will be kept for the period necessary to fulfill the purposes for which they were collected at which they can be adds non-excessive terms, established according to the legal obligations applicable in the field, including butt without limitation, to the dispositions in the matter of archiving.

Any data subject has the following rights with regard to the processing of his or her personal data staffed by BT.

a. Right to be informed:

It means the right of the data subjects to receive from BT clear, transparent, written information in a language that is easy to understand, about how BT uses data personal, as well as about the rights they have. BT understands to fulfill this obligation to inform by the details it provides in this document, such as and by other information notes inserted in the forms and contracts used in the its activity

b. Right of access:

The data subjects have the right of access to personal data, respectively to obtain a confirmation of the whether or not BT processes their personal data, as well as a copy thereof, so that they have the possibility to check if they are processed by BT in accordance with the provisions of the legislation in this field.

c. Right to rectification:

Data subjects have the right to have their personal data corrected, if they are find in the BT records in the wrong format, if they are inaccurate or incomplete

d. Right to delete data

This right is also called "the right to be forgotten". On the basis of it, the data subjects may request erasing their personal data that BT processes, if it no longer there is grounds for their processing

is. The right to restrict the processing:

Data subjects may, in some cases, stop BT's use of the data they use I look, for a certain period of time. When the processing of this data is restricted, personal data will still be kept in BT's records, but will not may be used during this period and will be marked as restricted from processing.

f. Right to data portability:

Data subjects have the right to obtain from BT, in a machine-readable format, the data that they have provided to us or may ask us to transmit this data to another operator chosen by they

g. Right to opposition:

Data subjects may object to certain processing of personal data that they have concern, such as processing in order to receive advertising messages.

h. Right of data subjects to address the National Surveillance Authority Personal Data Processing (ANSPDCP) and justice.

Based on this right, the data subjects can address to ANSPDCP or to the courts of law requests /petitions in connection with the processing of their personal data by BT

The ways in which the data subjects can exercise their rights mentioned in points 2-7 of May the top are:

  • by mailing a written request to the BT headquarters in Cluj-Napoca, str. G. Baritiu, nr. 8, jud. Cluj, with the mention – "to the attention of the protection officer data (DPO)' or
  • electronically to the e-mail address dpo@btrl.ro.

Also, for the data processed by BT in the Credit Bureau System, as they were provided in this policy, the persons concerned by this processed may have their rights access and restriction provided above, and to the Credit Bureau S.A., as follows:

  • by a written, signed request, sent by post to the Credit Bureau, or
  • by accessing the Credit Bureau (www.birouldecredit.ro) website securely.

The persons concerned by the processing of their personal data in the Credit Bureau System have at the same time, the right to obtain, upon request, at the time of communicating the credit decision, a copy of the Credit Report issued by the Credit Bureau, which was used by BT in the analysis credit application.

BT develops an internal framework of standards and policies to keep your data secure Personal.  They are regularly updated to comply with the regulations that are applicable to the Bank and the highest standards in the field.

Specifically and according to the law, the Bank adopts and applies technical and organizational measures adequate (policies and procedures, it security, etc.) to ensure confidentiality and the integrity of personal data and the way they are processed.

BT employees have the obligation to maintain confidentiality and cannot disclose the data of character staff that they process in their activity.

The Bank ensures that its contractual partners who have access to personal data have access to their personal data imposes contractual obligations in accordance with the legal provisions and that we verify their observance of the obligations they have assumed. They will process the data personal data in the name and for the Bank, only in accordance with the instructions received from it and only by complying with the security and confidentiality requirements within the limits imposed.

We warrant that BT does not sell the personal data it collects from the data subjects and does not transmit such data to entities, other than the ones that are entitled to know them, in line with the legally established principles and obligations.

The attention of the visitors to the BT websites is drawn as they may contain links to websites whose privacy/personal data processing policy is Other than that of BT. Persons who send personal data to any of these sites must be aware that their information falls under the scope of the statement of confidentiality / processing of personal data of those websites, which you we recommend you to read it. BT's policy on the processing and protection of personal data does not apply to information provided on those websites.

This policy is regularly reviewed to guarantee the rights of data subjects and to improve the processing and protection modes of processed personal data.