Privacy Policy

a. Who is a BT customer?

"BT Customer" or "Client" is the natural person who is part of any of the following categories of data subjects:

• residents or non-residents, holders of at least one account opened with the Bank (also known as "individual customer holding an account") or that complements the forms dedicated to acquiring this quality;
• legal or conventional representatives of clients who are natural or legal persons holders account, including Customers of the type of authorized natural persons;
• proxies with operating rights on the accounts of clients, natural or legal persons account holders;
• beneficial owners of clients, natural or legal persons holding accounts opened at BT;
• persons with the right to submit bank documents, to collect statements of account and/or deposit cash amounts in the name and on behalf of Clients who are natural or legal persons account holders (also known as 'delegates');
• any other natural users of a product /service of the bank, who do not have the capacity of the client account holder, legal representative, empowered, delegated or beneficiary real, as well as but not limited to: users of additional cards, users of internet/mobile banking services, users of mobile payment applications offered by bank, managers with management guarantee accounts opened with the bank, users of BT meal vouchers);
• guarantors of any kind of payment obligations assumed by individual Customers, or legal account holders;
• persons requesting the bank to open a contractual relationship and/or to contract a contractual relationship certain product/service of the bank, even if this request is rejected;
• the legal or conventional successors of the aforementioned.

We remind you that complete details, in printable format, about the processing by BT of the data of its regular customers – BT Customers – can also be found in   the General Information Note on the processing and protection of personal data belonging to BT Customers

b. Purposes for which we process personal data of BT customers

Upon case, if you are a BT customer, we shall process your personal data as follows:

• identity verification, in order to prevent money laundering and terrorist financing, as well as for the confirmation of the quality of BT Client;

Identity verification is carried out when establishing and during the course of a relationship of business, when ordering any transaction or when requesting to obtain information, or performing operations such as, but not limited to: account information, submission / transmission of any requests / notifications, handing over cards, tokens, expressing some options, contracting some of the bank's products / services, accessing some of the bank's services already contracted, but also on the occasion of phone calls initiated by Customers or by bank.

In the bank's units, the identity is verified on the basis of the identity documents within the term of validity, which must be presented in the original, and in the online environment and in the calls telephones initiated by the Client or the bank, by requesting the provision and validation of some information already in the bank's records in relation to the Client;

• knowledge of the Clientele for the prevention of money laundering and terrorist financing, including risk-based verification, by applying know-your-customer measures which involve both identity verification and the processing of certain data of character personnel required by law, both at the time of acquisition by a particular individual of the quality of Customer (data collection), for the entire period of time that this quality is held (updating of data), as well as after this time, for the period of time legally established after the moment of termination of the Client status (data storage and processing theirs for the purposes permitted by law);
  • For details about the processing of personal data for the purpose of Knowledge The clientele access the following link: https://www.bancatransilvania.ro//Nota-de-informare-privind-prelucrarea-datelor-cu-caracter-personal-in-scop-KYC.pdf
• assessment of solvency, reduction of credit risk, determination of the degree of indebtedness of Customers interested in personalized offers in connection with the products of bank's lending or contracting these types of products (risk analysis of lending);
  • For details about the processing of personal data for the purpose of the analysis of a request for credit deposited with Banca Transilvania S.A. Access Next link: https://www.bancatransilvania.ro//Informare-privind-prelucrarea-datelor-cu-caracter-personal-in-scopul-analizarii-unei-cereri-de-creditare-1.10.2019.pdf  
• conclusion and execution of contracts concluded between the bank and clients, related to products and services offered by it in its own name (such as, but not limited to: cards, deposits, credits, internet and mobile banking, SMS Alert);
  • For details about the processing of personal data on the occasion of the conclusion and during the carrying out a credit agreement (card or non-card) concluded with the Bank Transylvania S.A. go to the following link: https://www.bancatransilvania.ro//Nota-de-informare-privind-prelucrarea-datelor-cu-caracter-personal-in-contextul-incheierii-executarii-unui-contract-de-credit-BT.pdf
  • For details on the processing of personal data within the BT mobile app Pay, go to the following link: https://www.bancatransilvania.ro/wallet-bt-pay/politica-de-confidentialitate-ro/
• For details on the processing of personal data within the service Livia's Self Service from BT, go to the following link: https://www.bancatransilvania.ro/files/self-service-livia-de-la-bt/nota_informare_prelucrare_date_caracter_personal_serviciu_livia_de_la_bt.pdf
• >For details on the processing of personal data within the   BT Visual Help   service, please access the following link: https://www.bancatransilvania.ro//Nota-de-informare-privind-prelucrarea-datelor-cu-caracter-personal-in-cadrul-BT-VISUAL-HELP.pdf
• the conclusion and performance of contracts relating to occasional transactions, such as but without to be limited to: deposits of cash amounts made by customers at the counters or with the help of bank's devices, if the amounts are deposited in bank accounts on which such Clients do not have operating rights (they do not have the status of account holder, empowered, delegated on those accounts), money transfer services, currency exchanges;
  • For details about the processing of personal data for the purpose of depositing amounts in cash go to the following link: https://www.bancatransilvania.ro//Nota-de-informare-privind-prelucrarea-datelor-cu-caracter-personal-depunere-sume-in-numerar-clienti-ocazionali-BT.pdf
• settlement of transactions;
• the establishment of garnishments, the recording of garnished amounts at the disposal of creditors and the provision of of responses to enforcement bodies and/or authorities competent, according to the legal obligations of the bank;
• monitoring the security of bank persons, premises and/or assets or visitors of its establishments;
  • Details about the video surveillance data processing can be found here: https://www.bancatransilvania.ro/supraveghere-video/
  • Details about the processing of visitor data for access to some BT units se find here www.bancatransilvania.ro/monitorizare.pdf
• making and transmitting reports to the institutions competent to receive them, in compliance with the legal provisions applicable to the bank (such as, but not limited to: reports on payment incidents at the Payment Incidents Central of the NBR, declaring transactions in excess of the amount established by law to the National Office of Prevention and Control of Money Laundering);
• carrying out analyses and keeping economic, financial and/or management records administrative bank;
• administration within the internal departments of the services and products offered by bank;
• evaluating and monitoring the financial-commercial behavior of the Clients during the conducting the business relationship with the bank, in order to detect unusual transactions and suspicious transactions, according to the legal obligations to know the Clientele established in the the bank's task for the prevention of money laundering and terrorist financing; 
• debit collection and recovery of receivables registered by the customers;
• preventing the acquisition or regaining of the quality of Client by persons having a inappropriate behaviour which is likely to impede the pursuit of an activity prudent banking, in accordance with the legal obligations that the bank has;
• the legal protection of the bank's rights and interests, the settlement of disputes, investigations or any other petitions/complaints/requests in which the bank is involved; 
• carrying out risk controls on the bank's procedures and processes, as well as carrying out audit or investigation activities;
• taking action/providing information or responding to requests/referrals/complaints of any kind addressed to the bank by any person and/or by the authorities or institutions, on any channel, including by means of electronic communications and internet services;
• proving requests/agreements/options on certain issues requested/discussed/agreed upon within the telephone calls initiated by the Clients or by the bank, by recording the issues discussed and, where appropriate, the audio recording of the telephone or, where appropriate, audiovideo calls;
• informing the Clients about the products / services held by them at the bank, in the purpose of the proper performance of contracts (such as, but not limited to, statements of account, or card, information on the operating schedules of the bank's units, information on with the insertion of garnishments on accounts, notifications about the existence of unauthorized debits or about arrears on the payment of installments, information about the approaching of the term of termination of the a particular product/service you own, information about improvements or new facilities offered in connection with the product /service held);
• transmission of advertising messages, according to the consent expressed by customers on forms available in the bank's units, on its website or within the services offered online;
• collecting clients' opinion on the quality of BT services / products / employees (evaluation of the quality of services);
• the Customers’ financial education;
• carrying out internal (including statistical) analyses, both with regard to products/services, as well as on the portfolio and profile of Clients, for the improvement and development of of products/services, as well as carrying out studies, market analysis, analysis of opinions Customers regarding the bank's products / services / employees;
• archiving of documents both in physical and electronic format and security back-up;
• providing registry and secretariat services on correspondence addressed to the bank and/or dispatched by it, as well as for carrying out the activities of courier; 
• ensuring the security of the IT systems used by BT and of the physical spaces where the bank carries out its activity;
• fraud prevention;
• calculation of the fees to which certain categories of bank employees are entitled to.

c. Categories of personal data belonging to BT Customers, processed upon case

• identification data: name, surname, pseudonym (if applicable), date and place of birth, personal identification number (CNP) or other similar unique identifier, such as the CUI for authorized natural persons or cif for natural persons carrying out professions liberal (e.g. another unique identifier is allocated by the bank to Clients employed in the category "non-residents" and this is represented by a code consisting of a sequence of figures relating to the year, month, day of birth and identity document number, whole or truncated), the series and number of the national or international identity document/passport, as well as a copy thereof, home address and residence;
• contact details: mailing address (if applicable), telephone, fax number, e-mail address;
• citizenship;
• information about the purpose and the nature of the business relationship;
• financial data (such as, but not limited to, transaction data, including about the amount of the transactions envisaged);
• fiscal data (country of fiscal residence);
• profession, occupation, name of the employer or nature of his own activity (if it is the case),
• information about the important civil service held - if any - and political opinions (solely in the context of obtaining information related to the status of exposed person  public - PEP);
• the capacity, holdings and, where appropriate, the powers of representation held in the context of legal entities;
• information about the family situation (including marital status, number of children, children in maintenance, etc.);
• information on the economic and financial situation (including income data, data about bank transactions and their history, data on the assets owned / located in ownership, as well as data on payment behavior);
• image (contained in identity documents or captured by video surveillance cameras installed in bank units, BT equipment, as well as in records audio and/or video, as appropriate);
• voice, in the conversations and recordings of telephone or audio/video calls (initiated by Customers or the bank);
• age, to verify the eligibility to contract certain products / services / offers of the bank (e.g. credit products, products dedicated to minors, etc.);
• opinions, expressed in the framework of complaints/complaints/conversations, including telephones, in connection with products / services / employees of the bank;
• signature (including within signature samples);
• biometric data (such as, but not limited to, the situation of people not book-knowing or those with visual impairments, whose digital footprint can be processed);
• identifiers, including identifiers allocated by Banca Transilvania or other institutions financial-banking or non-banking, necessary for the provision of such services, but without is limited to: BT Client CODE (CIF BT), transaction identifiers, IBAN codes attached to bank accounts, debit/credit card numbers, card expiration date, contract numbers, codes and type of operating system of mobile phones or other devices used to access mobile banking services/ applications of mobile payment, as well as the IP address of the device used to access these Services. Mobile phone codes, operating system type and IP addresses are processes exclusively to ensure security measures for the transactions carried out through these services, with a view to preventing fraud;
• health data, only if the processing of such data is necessary to prove by customers the difficult situation in which they find themselves or members of their families, in particular with a view to providing facilities or in the context of providing/carrying out insurance products/services intermediated by the bank;
• for credit products: the type of product, the term of granting, the date of granting, the date of granting, the date of maturity, amounts and credits granted, amounts due, account status, closing date account, currency of the credit, frequency of payments, amount paid, monthly rate, name and employer's address, amounts due, outstanding amounts, number of outstanding instalments, date due arrears, the number of days of delay in repaying the loan. This data is processed both in the bank's own records and - as the case may be - in the Office's system credit and/or other records/systems of this type;
• information on fraudulent/potentially fraudulent activity, consisting of data on charges and convictions relating to offences such as fraud, money laundering and the financing of terrorist acts;
• information related to the commission of offences or offences in the field of financial and banking, in the direct relationship with Banca Transilvania S.A., ascertained by decisions final or irrevocable courts, as the case may be, or by administrative acts uncontested;
• information on the location of certain transactions (implicitly, in the case of performing operations on BT equipment belonging to Banca Transilvania);
• data and information related to the products and services offered by the bank or by collaborators of the it, which the data subjects use (such as, but not limited to, the products type of credit, deposit, insurance);
• any other personal data belonging to clients, which are brought to our attention in various contexts by other Clients or by any other persons.

a. Who is/in what situations we process your data as an occasional Customer BT?

“BT walk-in client” is the natural person who orders at the counters or through the BT equipment transactions of the following types:

• deposits of cash amounts in BT accounts that have no quality (including BT Customers who deposit amounts in bank accounts that have no capacity will act in this quality);
• FX exchange;
• Western Union (WU) money transfers;
• payment of utility bills;
• payment of different instalments of insurance premiums;
• cashing dividends or other types of cash amounts;
• cash withdrawals from BT equipment with cards issued by other banking institutions or payment, etc.).

The specific information note on the processing of personal data for the purpose of depositing cash amounts can be found here https://www.bancatransilvania.ro//Politica-privind-prelucrarea-si-protectia-datelor-cu-caracter-personal-versiune-valabila-in-perioada-15-08-2019-30-09-2019.pdf

We process your data as a BT occasional customer whenever you make transactions of the type of those listed above, even if you are also a regular customer of the bank.

b. Purposes for which we process personal data of BT walk-in clients

When you act in relation to BT as an occasional customer, you are processed the data, where applicable, for the following purposes:

• identity verification, in order to prevent money laundering and terrorist financing; In the case of occasional transactions carried out through the bank's units, the identity shall be verified in the case of occasional transactions carried out through the bank's units, the identity shall be verified in the case of the basis of the identity documents within the validity term, which must be presented in the original, and in the case of the use of BT equipment by means of other information about payer in the bank's records;
• knowledge of the clientele for the prevention of money laundering and terrorist financing, including risk-based verification, by the application of know-your-customer measures;
• evaluation and monitoring of financial-commercial behavior in order to detect unusual transactions and suspicious transactions, as required by law of knowledge of the customers established by the bank for the prevention of money laundering and terrorist financing;
• concluding and signing the agreements related to occasional transactions;
• settlement of transactions;
• making and transmitting reports to the institutions competent to receive them, in compliance with the legal provisions applicable to the bank (such as, but not limited to: reports on payment incidents at the Payment Incidents Central of the NBR, declaring transactions in excess of the amount established by law to the National Office of Prevention and Combating of Money Laundering);
• carrying out analyses and keeping economic, financial management records and/or administrative bank;
• administration within the internal departments of the services and products offered by bank;
• the defence of the bank's rights and interests in legal proceedings, dispute resolution, investigations or any other petitions/complaints/requests in which the bank is involved; 
• carrying out risk controls on the bank's procedures and processes, as well as carrying out audit or investigation activities;
• monitoring/security of persons, premises and/or assets of the bank or of the bank visitors of its establishments;
• taking action/providing information or responding to requests/referrals/complaints of any kind addressed to the bank by any person and/or by authorities or institutions, on any channel, including by means of electronic communications and internet services;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• providing registry and secretariat services on correspondence addressed to the bank and/or dispatched by it, as well as for carrying out the activities of courier; 
• ensuring the security of the IT systems used by BT and of the physical spaces where the bank carries out its activity;
• prevention of fraud.

c. Categories of personal data belonging to BT walk-in clients, processed upon case

BT's occasional customers we process, as appropriate, the following categories of data Personal:

• identification data - name, surname, series and number of the national identity document or international/passport, personal identification number (CNP) or another unique element of similar identification, such as cui for authorized natural persons or CIF for persons natural persons carrying out liberal professions (e.g. another unique identifier is allocated by bank to Customers classified in the category of "non-residents" and this is represented by a code consisting of a sequence of digits relating to the year, month, day of birth and number identity document, whole or truncated), home address and - in some cases provided by law - including the copy of the identity document (usually when depositing amounts in cash, currency exchange, money transfer services over a certain amount or that have indications of suspicion);
• details of the amount covered by the transaction and explanations of the nature of the payment (what represents the payment);
• the transaction identifier;
• signature;
• contact details – phone number and/or e-mail address in the case of depositors of amounts in cash that are not BT Customers who wish to provide them to us to be notified in the event of in which the transaction is cancelled);
• image (from within the identity document, if there is a need to withhold its copy or, where appropriate, captured by video surveillance cameras);
• information on the location of certain transactions (implicitly, in the case of performing operations on BT equipment);

a. Who is a natural person connected with the applicant for a loan BT?

They are natural persons connected with the applicant for a loan* (also called "the applicant" or " the debtor ") and formthesame group with it, any of those indicated in the table below:

*The credit applicant is a natural or legal person who submits to BT an application for Lending.
Is considered to be a loan applicant including the spouse/partner of life/co-debtor/guarantor of the principal credit applicant.

• The spouse/life partner of the applicant together with the companies in which the applicant is in control of or manages
• Other close members of the applicant's family together with the companies over which they have control or manage, in so far as they are between them and the applicant for a credit or between the companies they control/manage exists a relationship of:direct or indirect control/dominant influence/dependency Economic
• The legal entities where the loan applicant exercises direct or indirect control through any of the following:
  • Holding at least 50% of the shares/ shares;
    and/or
  • Ability to get a majority of votes in the AGA
    and/or
  • The ability to appoint/dismiss a majority of the members of the governing bodies, administration or supervision
• The legal entities where the loan applicant is a director
• Entities in which the applicant is the director-general or the manager in the case of foundations/associations/public bodies
• Parent companies/subsidiaries of the companies in items 3 and 4;
  Companies under the control of the companies in points 3 and 4.
• Directors and persons exercising direct or indirect control in companies of in points 3, 4 and 6 except for the above,
• The natural and/or legal person who guarantees with his/her assets (including income in the the case of the co-debtor/guarantor) the applicant's credit, if the execution of these guarantees would affect it in such a way that it would put in difficulty its ability to pay

b. The purposes for which we process data belonging to individuals in the group of a debtor BT

If you are such a person, BT processes your data, upon case, for the following main purpose:

• assessment of solvency, reduction of credit risk, determination of the degree of indebtedness of Customers interested in personalized offers in connection with the products of bank's lending or contracting these types of products (risk analysis of credit);

In the context of analyzing the loan application of an applicant, a natural or legal person, the Bank Transilvania S.A. also processes your personal data, if you include in any of the categories of natural persons indicated in the table above (which are part of the debtor's group), as the bank is subject to legal obligations to determine and analysis of its exposure to related customer groups as part of the analysis credit risk.
Also, as a reporting person, the bank will report these exposures and the composition of the debit groups of clients linked to the NBR, Credit Risk Central (only where applicable).
This data of yours are necessary for the bank to be able to proceed to the analysis of the loan request/application, and refusal of the loan applicant (or yours) to provide or be processed may determine the impossibility of the bank to analyze and/or approve the loan.

The personal data belonging to you are transmitted / disclosed, as the case may be, to the Central Credit Risk within the NBR, as well as, in compliance with the principle of need to know, to entities in the BT Financial Group and/or to service providers used by the bank in the framework of the process of analyzing the loan application.

The period of keeping your data in the bank's records is equal to that of the existence of a group(s) of connected customers to which you belong.

Other purposes related to the main purpose indicated above, for which we process your data are, where appropriate, the following:

• identity verification, including for confirming/denying your status of BT client;
• making and transmitting reports to the institutions competent to receive them, in compliance with the legal provisions applicable to the bank (such as, but not limited to: Credit Risk Central within the NBR);
• carrying out analyses and keeping economic, financial management records and/or administrative bank;
• administration within the internal departments of the services and products offered by bank;
• the legal protection of the bank's rights and interests, the settlement of disputes, investigations or any other petitions/complaints/requests in which the bank is involved; 
• carrying out risk controls on the bank's procedures and processes, as well as carrying out audit or investigation activities;
• taking action/providing information or responding to requests/referrals/complaints of any kind addressed to the bank by any person and/or by authorities or institutions, on any channel, including by means of electronic communications and internet services;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• providing registry and secretariat services on correspondence addressed to the bank and/or dispatched by it, as well as for carrying out the activities of courier; 
• ensuring the security of the IT systems used by BT and of the physical spaces where the bank carries out its activity;
• prevention of fraud.

c. Categories of personal data processed to individuals in the group of a debtor BT

• identity detail - name, surname, personal identification number (romanian cod numeric personal CNP/NIN);
• the position, capacity, possessions and, where appropriate, powers of representation held within the legal persons belonging to the debtor's group;
• where applicable, other data in the bank's records or publicly available, which are necessary to achieve the main purpose of credit risk analysis.

a. Who is a signatory/contact person from the contractual partners BT?

• Signatories are, as a rule, legal representatives or other persons appointed by the contractual partners to sign the contracts concluded with the bank (regardless if the counterparties are BT Clients, legal persons, account holders, or service providers, collaborators, suppliers of goods contracted by the bank);
• The contact persons are persons designated by the contractual partner, and communicated to the bank by him in order to keep in touch in order to ensure the smooth running of the the contract, regardless of whether or not their data are mentioned in the Contract.

b. The purposes for which we process the data of the signatories / contact persons from the BT contractual partners

If you are a signatory / contact person from any contractual partner of the bank, we process your data, as appropriate, for:

• the conclusion and proper performance of the contract concluded with the contractual partner (as a rule this is your employer), as well as for other purposes, in close related to the conclusion and performance of the contract, namely:
• making and transmitting reports to the institutions competent to receive them, in compliance with the legal provisions applicable to the bank;
• carrying out analyses and keeping economic, financial management records and/or administrative bank;
• the legal protection of the bank's rights and interests, the settlement of disputes, investigations or any other petitions/complaints/requests in which the bank is involved; 
• carrying out risk controls on the bank's procedures and processes, as well as carrying out audit or investigation activities;
• taking action/providing information or responding to requests/referrals/complaints of any kind addressed to the bank by you or by the authorities or institutions, on any channel, including by means of electronic communications and internet services;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• providing registry and secretariat services on correspondence addressed to the bank and/or dispatched by it, as well as for carrying out the activities of courier; 
• ensuring the security of the IT systems used by BT and of the physical spaces where the bank carries out its activity;
• fraud prevention;

Categories of personal data processed to signatories / contact persons on behalf of contractual partners

As a rule, we process the following categories of personal data concerning you, according to case:

For signatories:

• identity details - name and surname;
• position held within the BT contractual partner;
• signature.

For the contact persons:

• identity details - name and surname;
• contact details - telephone number (work number) and/or e-mail address (work e-mail address);
• position held within the BT contractual partner.

Information note dedicated to signatories and contact persons acting on behalf of BT's contractual partners can be found here: https://www.bancatransilvania.ro//Nota-de-informare-privind-prelucrarea-datelor-cu-caracter-personal-semnatari-persoane-de-contact-pentru-partener-contractual-BT.pdf

a. Who is a BT shareholder/bond or a person whose data we process in connection with with those of our shareholders/obligations?

• BT shareholder - you are a BT shareholder if you own as a person physical or legal shares issued by Banca Transilvania S.A.;
• BT Obligor- you are a BT obligater if you own as a person physical or legal bonds issued by Banca Transilvania S.A.;
• Natural persons whose data we process, as a rule, in relation to with those of BT shareholders / obligations- legal representatives or conventional shareholders/obligations of BT, persons who own in co-ownership shares/bonds with BT shareholders/liabilities, the successors of BT's shareholders/obligations.

b. The purposes for which we process the data of BT shareholders/obligations or other persons in connection with those of BT shareholders/obligations

If you are a shareholder and/or a BT bond or a natural person whose data we process in relationship with those of shareholders / obligations, we will use your data, as the case may be, in the following purposes:

• identity verification, in order to confirm/invalidate the shareholder/bond status of the bank, another capacity in relation to the shareholders/obligations of BT;
• fulfillment of specific legal obligations and activities deriving from the capacity of issuer of BT (e.g. AGA organization, shareholding services, specific communications for investors);
• the establishment of garnishments, the recording of garnished amounts at the disposal of creditors and the provision of of responses to enforcement bodies and/or authorities competent, according to the legal obligations of the bank;
• the establishment and transmission of reports to the institutions competent to receive them, in compliance with the legal provisions applicable to the bank;
• carrying out analyses and keeping economic, financial management records and/or administrative bank;
• administration within the internal departments of the services and products offered by bank;

• the legal protection of the bank's rights and interests, the settlement of disputes, investigations or any other petitions/complaints/requests in which the bank is involved; 
• carrying out risk controls on the bank's procedures and processes, as well as carrying out audit or investigation activities;
• taking action/providing information or responding to requests/referrals/complaints of any kind addressed to the bank by any person, as well as to those addressed by the authorities or institutions in relation to BT shareholders/liabilities, on any channel, including through by means of electronic communications and internet services;
• proving requests/agreements/options on certain issues requested/discussed/agreed upon, including in the framework of telephone calls initiated by you or the bank, by recording the issues discussed and, where appropriate, audio recording of telephone conversations or, as the case may be, audio video;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• providing registry and secretariat services on correspondence addressed to the bank and/or dispatched by it, as well as for carrying out the activities of courier; 
• ensuring the security of the IT systems used by BT and of the physical spaces where the bank carries out its activity;
• prevention of fraud.

c. Categories of personal data processed to shareholders / obligations of BT / other persons in relation to their data

If you are a shareholder and/or a BT bond, another person in relation to them, you will we usually process the following categories of personal data:

• identification data - name, surname, personal identification number or other unique identifier, series and national or international identity document/passport number, postal address and, where applicable, the copy of the identity document (to identify the shareholders in the case of applications for shareholder's certificate or as a binder or history of shares/bonds held in BT);
• citizenship;
• fiscal data (country of fiscal residence);
• information about the economic and financial situation, regarding the assets owned - number BT shares and/or bonds, including the history of holdings of these assets;
• the capacity, holdings and, where appropriate, the powers of representation held in the context of legal entities;
• signature (on the bank’s applications);
• phone number, email address, mailing address, depending on the channel communication selected in the framework of the requests addressed to the bank.

a. Who is a visitor of BT units and/or user/visitor of the equipment BT?

• Is a visitor of the BT units any natural person who visits the bank's units (including its administrative buildings), regardless of whether carries out banking operations or not;
• Is the user / visitor of BT equipment any natural person who uses these equipments or stands in front of them (ATMs, BT Express, BT Express Plus etc), regardless of whether this equipment is placed inside bt units or in other locations, whether the user is a BT Client, BT Occasional Client, or any other third party, whether or not they initiate banking operations through BT equipment,  regardless of whether or not it completes the banking operation initiated through the BT equipment.

b. The purposes for which we process the data of visitors to BT units and/or users/visitors of BT equipment

The bank processes your personal data, as appropriate, for:

• monitoring the security of bank persons, premises and/or assets or visitors of its establishments;
  • Details about the video surveillance data processing can be found here: https://www.bancatransilvania.ro/supraveghere-video/.
  • Details about the processing of visitor data for access to some BT units se find here: www.bancatransilvania.ro/monitorizare.pdf
  • transactions initiated through the BT equipment;

as well as for other related purposes related to the main purposes indicated above, respectively:

• identity verification, as appropriate, if necessary for your identification at the request of the competent authorities or when the bank has a legitimate interest;
• carrying out risk controls on the bank's procedures and processes, as well as carrying out audit or investigation activities;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• ensuring the security of the IT systems used by BT and of the physical spaces where the bank carries out its activity;
• prevention of fraud.

On video surveillance, as well as on the processing of data for access to some units BT, data subjects are also informed by means of pictograms and/or specific information displayed at the entrance to the bank's units and, respectively, to the BT equipment.

c. Categories of personal data processed to visitors of establishments and / or users/visitors of BT equipment

If you visit the bank's units (including its administrative buildings) and/or use or stand in front of the BT equipment we will process you, as appropriate:

• your image, as it is captured by the video surveillance cameras installed;
• any data necessary for the execution of ordered transactions through BT equipment or other related purposes mentioned above (e.g. time spent in units/equipment BT).

At the same time, in order to allow you access to some units where the bank operates, the personnel with security duties will identify you based on your identity documents and will register in special registers, provided for by law, the following data concerning you:

• identification data – name, surname, serial number and number of the national identity document or international/passport.

a. Who is a visitor of the BT websites/social media pages?

Any natural person accessing any of the websites in the BT's portfolio and/or its social media pages.

b. The purposes for which we process the data of visitors to social websites/ pages BT media

Through cookies or other similar technologies we process your data in being a visitor to BT websites for the purposes described in detail in the policies cookies related to each of the websites and briefly within banners and centers of cookie settings.

For the www.bancatransilvania.ro website, the Cookie Policy is also found by accessing the following link: https://www.bancatransilvania.ro/politica-de-utilizare-a-cookie-urilor/

If you enter your data in the BT websites in the context of notifications/requests/complaints, of applications for products/services/campaigns of the bank, of subscription for newsletters in various fields, we process the data entered in these forms, as the case may be,  for:

• taking action/providing information or responding to requests/referrals/complaints of any kind addressed to the bank by any person, as well as to those addressed by the authorities or institutions in relation to BT shareholders/liabilities, on any channel, including through by means of electronic communications and internet services;
• proving requests/agreements/options on certain issues requested/discussed/agreed upon, including in the framework of telephone calls initiated by you or the bank, by recording the issues discussed and, where appropriate, audio recording of telephone or, where appropriate, audiovideo conversations;
• collecting your opinion on the quality of services / products / employees BT (quality of service assessment);
• performance of internal analysis (including statistics);
• carrying out risk controls on the bank's procedures and processes, as well as carrying out audit or investigation activities;
• archiving of documents both in physical and electronic format and security back-up;
• providing registry and secretariat services on correspondence addressed to the bank and/or dispatched by it, as well as for carrying out the activities of courier; 
• ensuring the security of the IT systems used by BT and of the physical spaces where the bank carries out its activity;
• prevention of fraud.

Please note that subscribing or unsubscribing to any email address entered by you in forms / fields of type / with the name "newsletter", available on BT websites to receive information from various areas of interest is managed by through the respective online forms (subscription) and from unsubscribing links respectively from the content of the messages received as a result of subscribing (unsubscribing).

We also inform you that subscribing / unsubscribing to / from "newsletters" for which you choose BT websites do not influence the options regarding the processing of your data for the purpose advertising filled in on the bank forms available in the BT units or website (the online form found at the following link: https://www.bancatransilvania.ro/gdpr/ is available only to Customers BT for expressing marketing choices in the context of the contractual relationship carried out by they with the bank).

c. Categories of personal data processed to visitors BT's social media websites/pages

If you visit a BT website we will collect the following categories of data with personal character:

• data processed through cookies;
• IP Address:
• data about the equipment used to access the website.

Also, in the documents available on websites the bank collects, as appropriate:

• identification data - name, surname, and, in some cases, with the consent of individuals concerned, personal identification number;
• contact details-e-mail address and/or telephone number.

Please note that BT websites may contain links to websites whose policy of the confidentiality/processing of personal data is different from that of BT. Persons who submit personal data to any of these websites must be aware that they are subject to the privacy/processing policy of the the personal data of those websites, which we recommend to be read. BT Policy on the processing and protection of personal data does not apply to information provided on those websites, BT has no control over the processing of data with personal character that the providers of these websites carry out for their own purposes and assumes no liability with regard to these processing operations.

If you use BT's social media pages and insert comments, pictures, opinions and/or likes on our posts, we will usually process:

• your user name on the respective ocial media platform;
• the opinions you insert;
• images you insert.

In some cases it is possible – usually due to your participation in various consursuri/campaigns or your insertion of comments in which we you notice complaints about the activity of BT or questioned about any related issues our activity - to ask you and to provide you with other information that will allow us identifying you and/or the situation referred to you, as well as providing the answer to this. As a rule, it is about:

• details on the situation that you bring to our attention;
• identity details – usually name, surname;
• identifiers: upon case, BT client ID (CIF BT), IBAN;
• contact details: upon case, e-mail address and/or telephone number.

If you provide us with this personal data within the social platform media, we will process them for the purposes mentioned above within this section. For the protection of your data, please do not send us personal data in the the framework of some posts that are public on our social media platforms.

Please note that in situations where you insert images that are character data yours or others' personally or when you tag various other people in the within the bank's social media pages, you express your consent to the use of this data by the bank, respectively you guarantee that you have obtained your consent to whom such data belongs.

Last but not least, we inform you that any personal data that you inserted into the social media pages of BT are also processed by the respective providers social media platforms and they are subject to the provisions of the privacy policies of the those platforms. BT has no control over the processing of personal data on which the providers of these platforms carry out for their own purposes and do not assume any liability for such processing.

a. Who is a BT prospect?

You can be a BT prospect if you have applied in the bank's units, through websites in its portfolio or through BT's contractual partners information about BT products /services, you have initiated their contracting without completing this action or you have signed up for different campaigns organized by the bank.

b. Purposes for processing personal data belonging to BT prospects

If you are a BT prospect, we process your data, upon case, for the following purposes:

• verifying your identity, in order to confirm/infirm your quality of BT customer;
• taking action/providing information or responding to requests/referrals/complaints of any kind addressed to the bank by any person, as well as to those addressed by the authorities or institutions on any channel, including through communications services electronics and the internet;
• proving requests/agreements/options on certain issues requested/discussed/agreed upon, including in the framework of telephone calls initiated by you or the bank, by recording the issues discussed and, where appropriate, audio recording of telephone or, where appropriate, audiovideo conversations;
• collecting your opinion on the quality of services / products / employees BT (quality of service assessment);
• performance of internal analysis (including statistics);
• carrying out risk controls on the bank's procedures and processes, as well as carrying out audit or investigation activities;
• archiving of documents both in physical and electronic format and security back-up;
• providing registry and secretariat services on correspondence addressed to the bank and/or dispatched by it, as well as for carrying out the activities of courier; 
• ensuring the security of the IT systems used by BT;
• fraud prevention;
• calculation of the fees to which certain categories of bank employees are entitled.

c. Categories of personal data belonging to BT prospects, processed upon case

If you are a BT prospect, as the case may be, the bank usually processes the following personal data concerning you:

• identification data - name, surname, first name, and in some cases only with consent you or if we justify a legitimate interest, your personal identification number (PERSONAL IDENTIFICATION NUMBER);
• contact details-e-mail address and/or telephone number.

a. Who is a BT candidate?

You are a candidate for positions available at BT or for internships organised by BT if you have sent us or if we have received your CV to use it for the purpose of recruitment, directly from you or from/through other people, or if you have us made aware in any other way that you are interested in filling certain posts BT/participation in BT internships.

b. Purposes for which we process personal data of BT candidates

The bank processes your personal data, as appropriate, for:

• recruitment for the position(s) or, as the case may be, for the internship you want to occupy / follow it within the bank, as well as for purposes closely related to this activity, such as:
• taking action/providing information or responding to requests/referrals/complaints of any kind addressed to the bank by any person, as well as to those addressed by the authorities or institutions, on any channel, including through communications services electronics and the internet;
• proving requests/agreements/options on certain issues requested/discussed/agreed upon, including in the framework of telephone calls initiated by you or the bank, by recording the issues discussed and, where appropriate, audio recording of telephone or, where appropriate, audiovideo conversations;
• performance of internal analysis (including statistics);
• carrying out risk controls on the bank's procedures and processes, as well as carrying out audit or investigation activities;
• archiving of documents both in physical and electronic format and security back-up;
• providing registry and secretariat services on correspondence addressed to the bank and/or dispatched by it, as well as for carrying out the activities of courier; 
• ensuring the security of the IT systems used by BT;
• prevention of fraud.

If you apply only for a particular job / internship, your data Personal data will be processed by the bank only within the recruitment process for the respective post/internship, which will be deleted at the end of the the respective recruitment process.

If, instead, you choose to be contacted in general for vacancies / internships carried out in BT, we will keep your data and use it for recruitment purposes for a period of 1 year, which may be extended with your consent.

References from previous employers may become relevant in the recruitment process, or from teachers. If the bank will need these, it will contact you to ask you the agreement to obtain these references on your behalf. In case you will not express your consent to this, you will need to get these yourself references, if you want to continue the recruitment process.

c. Categories of personal data belonging to BT candidates

To BT candidates we usually process the following categories of personal data, so as indicated in the CV deposited with / sent to the bank:

• identity details- name, surname;
• age, to verify your eligibility to become an employee or, as the case may be, to participate in certain BT internships;
• contact data: e-mail address, phone number;
• data on studies and professional experience;
• any other relevant data from the CV.

a. Who is/when do we process your personal data as a BT petitioner?

You are such a person if you address any request to BT, on any channel, regardless of whether you are a BT customer, a BT casual customer, or if you belong to any other category by individuals.

b. Purposes for which we process personal of BT petitioners

Depending on the situation and the concrete quality you have in relation to the bank, when we submit a request we process your personal data for the following purposes:

• verifying your identity, including in order to confirm/infirm your quality of BT customer;
• taking action/providing information or responding to requests/referrals/complaints of any kind addressed to the bank by any person, as well as to those addressed by the authorities or institutions, on any channel, including through communications services electronics and the internet;
• proving requests/agreements/options on certain issues requested/discussed/agreed upon in the telephone calls initiated by you, or by the bank, by recording the issues discussed and, where appropriate, the audio recording of the telephone conversations;
• collecting your opinion on the quality of services / products / employees BT (quality of service assessment);
• carrying out risk controls on the bank's procedures and processes, as well as carrying out audit or investigation activities;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• providing registry and secretariat services on correspondence addressed to the bank and/or dispatched by it, as well as for carrying out the activities of courier; 
• ensuring the security of the IT systems used by BT;
• fraud prevention;
• calculation of the fees to which certain categories of bank employees are entitled.

c. Categories of personal data belonging to BT petitioners, processed upon case

To register, acknowledge receipt, analyze, formulate and submit response to any requests / notifications / complaints that you address to us, we process the following categories of data Personal:

• identification data: name, surname and other data in this category that we have provide or personal data that BT is required to process for identifying the BT petitioner to prevent the disclosure of confidential information (including personal data) to recipients who are not entitled to them receptionists;
• contact details – correspondence address, e-mail address, phone number;
• voice, in the conversations and recordings of telephone conversations (initiated by petitioners or bank);
• where appropriate, any other information of which the bank is aware and which is necessary to analyse requests.

a. Who is/when do we process your personal data as a BT third party?

You are included in this category of data subjects if any personal data you have it concerns you is disclosed/transferred to us by BT customers, by BT's occasional customers in the context of their relationship with us or by any other person. Your data is we process in this context as a third party BT, even if you have other direct relationships with we (e.g. a BT loan applicant provides us with the sale-purchase agreement of the the building in which you appear as a seller. In this case, the data in this contract we will process them in your capacity as a third party, even if you are actually a BT customer and we process your data for other purposes, specific to the contractual relationship you have established with the bank).

Thus, by way of example, we process your data in your capacity as BT third parties, if belong to any of the following categories of natural persons:

• members of a BT customer's or BT employee’s family-it is possible that in certain situations the BT Clients may bring to our attention data related to members of their family,especially in the context of formulating and analyzing a credit application or during the performance of a credit agreement;
  Also, BT employees may disclose to us personal data belonging to some of their family members, in different situations relating to their employment (e.g minor children of BT employees, other family members of BT employees);
• non-customer payers: natural persons who are customers of other institutions that offer payment services and order transfers of amounts to accounts Clients opened with BT (interbank transfers ordered by customers of other institutions of payment to BT account holders clients) - it is necessary to process the data of these persons for the provision of payment services and in accordance with our legal obligations;
• beneficiaries of non-customer payments:individuals who are customers of the other institutions offering payment services, to the accounts to which BT Customers order transfers of amounts (interbank transfers ordered to the clients of other institutions of payment by BT Customers)– it is necessary to process the data of this category of persons to provide payment services and in accordance with legal obligations;
• physical documentsreferred to in the details/explanations payment in a payment ordersubmitted /transmitted / received at BT– filling in the related fields explanations / details of a payment is mandatory according to the legal provisions in the field prevention of money laundering and terrorist financing. According to the principle of reduction to minimum of the data, should be inserted in these fields personal data only where absolutely necessary and, respectively, only data which is strictly necessary;
• authorised persons (other than proxies or representatives on the accounts) natural persons nominated to order/initiate operations on behalf of a BT Client – banking or non-banking - through the channels offered by BT (e.g. payment instructions telephone);
• natural persons whose data are mentioned on various documents placed on bank's disposition – if a BT customer, BT occasional customer or any the person with whom the bank interacts deposits various documents with/ sends to the bank, in different situations (e.g. certificates or documents of any type containing data with data with personal character of the signatories or, as the case may be, of other persons mentioned in the content of the documents) the bank will process these data taking into account the need to keep these documents, even if they may not need to process the data into another form than their storage;
• persons in relation to whom the bank receives requests/requests for information from various institutions and/or public authorities, from notaries, lawyers, bailiffs, etc.;
• participants in various social responsibility events or actions organized by the bank, whose data it is necessary to them we process in order to ensure the logistics of the events;
• any other categories of natural persons whose personal data are made available to us by any person with whom we interact or who arrive in our possession in any other way.

b. Purposes for which we process personal data of BT third parties

We process your data as a BT third party according to the purpose for which it is necessary in the relationship our with the person who provided them to us, as well as for the following related purposes:

• performance of the employment relationship with BT employees, where applicable;
• carrying out risk controls on the bank's procedures and processes, as well as carrying out audit or investigation activities;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• providing registry and secretariat services on correspondence addressed to the bank and/or dispatched by it, as well as for carrying out the activities of courier; 
• ensuring the security of the IT systems used by BT;
• prevention of fraud.

c. Categories of personal data belonging to BT third parties, processed upon case

The most common categories of personal data that we process if you are a BT third party, by way of example:

• identity details: - name, surname, personal identification number (romanian cod numeric personal- CNP);
• relationship between you and a BT customer or employee, upon case;
• position held within a legal entity;
• signature;
• any other data made available to us by any person with whom we interact in the framework of our work.

a. Who can be the people who have expressed at BT options regarding data processing for advertising purposes (as the case may be, agreement or refusal)

They are currently considered to be persons who have given their consent to BT in order to be processed personal data for advertising purposes any of the following categories of data subjects:

• BT customers, BT casual customers or any BT third parties who have expressed such consent on the dedicated form of BT used in BT units as of 12.03.2018 and on the BT www.bancatransilvania.ro website (online form within this link: https://www.bancatransilvania.ro/gdpr/ is only available for BT customers) as of May 2018;
• BT customers, BT occasional customers or any third parties who have expressed this consent on forms used in the bank's activity before 12.03.2018 and have not modified /withdrawn this consent in the meantime, nor following the information that the bank has submitted it in May 2018 on this possibility, not on its own initiative.

There are currently persons who have expressed their refusal to have their data processed with character personal for advertising purposes BT customers, BT occasional customers or any BT third parties who have expressed from the outset the refusal to have their data processed for this purpose, as well as persons who, although they initially agreed to have their data processed for advertising purposes, subsequently withdrew that consent.

b. The purposes for which we process the data of individuals who have expressed options at BT on the processing of their data for advertising purposes (as the case may be, agreement or refusal)

If you have given your consent to the processing of your data for advertising purposes, we will process it as follows:

• transmission of advertising messages, in accordance with the given consent (advertising purpose);
• verification of the identity of persons, in order to confirm/invalidate their status of BT client;
• proving requests/agreements/options on issues related to options advertising, by recording the issues discussed and, where appropriate, the audio recording of the telephone conversations (initiated by the bank or by you);
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• providing registry and secretariat services on correspondence addressed to the bank and/or dispatched by it, as well as for carrying out the activities of courier; 
• ensuring the security of the IT systems used by BT;
• prevention of fraud.

If you have expressed your refusal in relation to the processing of personal data for the purpose of advertising we will process your data for all the above purposes, except for the on the transmission of advertising messages.
* BT wants to inform interested persons about the products /services/events offered/organized by the bank, by entities in the BT Financial Group or their partners, meaning that they process the data personal data of these persons, if they have expressed their consent to receive messages Advertising.
The form dedicated to the expression/collection of marketing options used in present by BT, it is accessible in any unit of the bank and on the website of the www.bancatransilvania.ro, or directly to the following link: https://www.bancatransilvania.ro/gdpr/
The online form is available only to BT Customers and can be used by them not only for expression initial marketing options, but also for modifying some options previously expressed, as well as, where appropriate, for the withdrawal of consent for the receipt of advertising messages.

c. Categories of personal data processed to persons who have expressed their expressions at BT's agreement to the processing of their data for advertising purposes, its recipients and the period of their processing

The data processed by BT for sending marketing messages are usually:

• identity data: name, surname;
• contact details: telephone number and/or e-mail or mailing address provided by persons interested in receiving advertising messages or, where appropriate, those declared in the bank's records for the purpose of knowing the customer (the development of the relationship contractual) in the case of BT Customers;
• in the case of BT Customers: other information we learn about customers in the context of who use BT's services/products (e.g. transaction data, age, location, income range, etc.), which we will automatically study (profiling) to create ourselves an opinion about the products/services/events that would suit them (advertising personalized).

Personal data will be processed by the bank for sending advertising messages until the termination of the contractual relationship with BT Customers or, as the case may be, until the time of withdrawal of their consent to receive such messages (the latter option including in the case of any other categories of persons who are not BT Customers).

In some cases, for the transmission of advertising messages, BT will contract providers of services, which will process the personal data of data subjects on behalf of and for BT, only for the transmission of advertising messages established in exact compliance BT instructions and being under the close supervision of the Bank.

Willing people can choose to receive advertising messages from several categories, among the which we list: products and services of BT and its subsidiaries BT, events organised by BT, products/services of the partners, related to products/services of BT or of the BT subsidiaries and events organized by BT partners.

BT subsidiaries whose products/services and events are intended to be promoted within the framework of the the advertising messages sent to persons who have chosen to do so are the following: entities within the Financial Group BT: BT Microfinance IFN SA ("BT Mic"), BT Asset Management S.A.I. S.A., (" "BTAM"), BT Leasing Transilvania IFN S.A. ("BTL"), BT Direct IFN S.A. ("BTD"), BT Capital Partners S.S.I.F. S.A.("BTCP"), other entities that can join the BT Group in the future.

List of current partners of BT and/or BT subsidiaries whose products/services and events are intended to be promoted within the advertising messages sent to people who opted in this is accessible at the link: https://www.bancatransilvania.ro/parteneri.

If you have opted to receive advertising messages about products / services events offered/organized by BT subsidiaries or partners, these entities will process personal data for the purpose of transmitting these messages, under close scrutiny supervision and coordination of the Bank and, where appropriate, with it. For any possible processing of personal data carried out by BT partners / subsidiaries of BT in outside or adjacent to the transmission of advertising messages, such as, for example, for the purpose of the conclusion of contracts related to their products/services that have been promoted, these partners are to act as controllers of personal data Processed.

The consent to be contacted for advertising purposes may be withdrawn or modified at any time by several arrangements, indicated separately on the form dedicated to the expression of the data processing consent personal for advertising purposes.
Withdrawal of consent operates only for future and does not affect the lawfulness of the data processing carried out before the time of this Withdrawals.

Please note that subscribing or unsubscribing to any email address entered by you in forms / fields of type / with the name "newsletter", available on BT websites to receive information from various areas of interest, is managed by through the respective online forms (subscription) and from unsubscribing links respectively from the content of the messages received as a result of subscribing (unsubscribing).
We also inform you that subscribing/unsubscribing to/from "newsletters" that you opt for on BT websites, not influences the options regarding the processing of your data for the purpose of advertising completed on bank forms available in BT's establishments or website.