Privacy Policy

a. Who is a BT customer?

“BT customer” or “Customer” is any of the below mentioned categories of natural persons:

• residents or non-residents, holders of at least one account opened with the Bank (also called "individual client holding an account" or who fill in the dedicated forms to acquire this quality;
• legal or conventional representatives of individual or legal clients who are account holders, including Clients of the type of authorized natural persons;
• individuals authorized to perform operations on the accounts of BT individual/legal entities account holders;
• the real beneficiaries of the Clients, natural or legal persons, BT individual account holders;
• individuals with rights to submit bank documents, to pick up account statements and/or to make cash deposits on behalf of BT individual/legal entities account holders (also known as "delegates");
• any other individuals who are users of a product/service of the bank, who are neither account holders, nor legal representatives, authorized representatives, delegates or beneficial owners, such as, but not limited to: users of additional cards, users of internet services/mobile banking, users of mobile payment applications offered by the bank, individuals with account manager’s securities records opened with the bank, BT meal tickets users);
• guarantors of any kind of the payment obligations assumed by the individuals/ legal entities account holders;
• persons who request the bank to open a contractual relationship and/or contracting a specific product/service of the bank, even if this request is rejected;
• the legal or conventional successors of the aforementioned.

Full details, in printable form, concerning the processing by BT of customers’ personal data can be found in the General Privacy Notice regarding the processing of personal data belonging to BT Customers.

b. Purposes for which we process personal data of BT customers

Upon case, if you are a BT customer, we shall process your personal data as follows:

• verifying the identity of individuals, in order to prevent money laundering and terrorism financing, as well as to confirm their quality as BT customers;

The identity verification is performed when establishing and during the performance period of a business relationship, when ordering any transaction or when they request certain information or when carrying out operations such as, but not being limited to: information about bank accounts, submission/transmission of any requests/notifications, handing out debit/credit cards, tokens, expressing options, contracting products/services of the bank, accessing some services of the bank already contracted, but also during the telephone calls initiated by the Customers or by the bank.

In the units of the bank, the identity is verified based on the valid identity documents, which must be presented in original, whereas for the online and the telephone calls initiated by the client or by the bank, the verification is performed by requesting to supply and by validation of the information already registered in the records of the bank in relation to that customer.

• applying the know your customer (KYC) rules in order to prevent money laundering and financing of terrorism, including risk-based verification. Applying the KYC rules involves both verification of identity and processing of personal data required by law, both at the moment of becoming a customer (data collection), for the entire time this quality is held (updating the data), as well as thereafter, for the period of time legally established after the moment of ending the quality of customer (data storage and processing for the purposes permitted by law);
  • For details on the processing of personal data for the purpose of KYC please visit the following link: https://www.bancatransilvania.ro//Nota-de-informare-privind-prelucrarea-datelor-cu-caracter-personal-in-scop-KYC.pdf
• assessing the solvency, reducing the credit risk, determining the degree of indebtedness of the Customers interested in personalized offers in relation to the bank's credit products or in contracting these types of products (credit risk analysis);
  • For details on the processing of personal data for the purpose of analyzing a loan request submitted to Banca Transilvania S.A., please visit the following link: https://www.bancatransilvania.ro/Nota-de-informare-privind-prelucrareadatelor-cu-caracter-personal-in-scop-analiza-cerere-credit-BT.pdf  
• the conclusion and performance of contracts between the bank and the Customers, related to products and services offered by BT in its own behalf (such as, but not limited to: debit/credit cards, deposits, credits, internet and mobile banking, SMS Alert);
  • For details regarding the processing of personal data upon the execution and during the performance of a loan agreement (card or non-card) concluded with the Banca Transilvania S.A. please visit the following link: https://www.bancatransilvania.ro//Nota-de-informare-privind-prelucrarea-datelor-cu-caracter-personal-in-contextul-incheierii-executarii-unui-contract-de-credit-BT.pdf
  • For details regarding the processing of personal data within the BT Paymobile application, visit the following link: https://www.bancatransilvania.ro/wallet-bt-pay/politica-de-confidentialitate-ro/
• For details regarding the processing of personal data within the Self Service Livia from BTservice, please access the following link: https://www.bancatransilvania.ro/files/self-service-livia-de-la-bt/nota_informare_prelucrare_date_caracter_personal_serviciu_livia_de_la_bt.pdf
• For details on the processing of personal data within the BT Visual Help service, please access the following link: https://www.bancatransilvania.ro/nota-de-informare-prelucrare-date-cu-caracter-personal-bt-visual-help/
• the conclusion and performance of contracts related to occasional transactions, as well as, but not being limited to: deposits of cash amounts made by Customers at the counters or by using the devices from the bank units, if the amounts are deposited in the bank accounts on which the respective Customers do not have operating rights (they do not have the quality of account holder, authorized, delegated person on those accounts), money transfer services, foreign currency exchanges;
  • For details on the processing of personal data for the purpose of depositing cash please visit the following link: https://www.bancatransilvania.ro//Nota-de-informare-privind-prelucrarea-datelor-cu-caracter-personal-depunere-sume-in-numerar-clienti-ocazionali-BT.pdf
• settlement of transactions;
• establishing the garnishments, recording the amounts garnished to the creditors and providing answers to the enforcement bodies and/or the competent authorities, according to the legal obligations of the bank;
• monitoring of persons security, spaces and/or bank’s assets or the units’ visitor;
  • Details about the video surveillance data processing can be found here: https://www.bancatransilvania.ro/supraveghere-video/
  • Details about the processing of visitors data for access in some BT units can be found here: www.bancatransilvania.ro/monitorizare.pdf
• the preparation and submission of reports to the competent authorities, authorized to receive them in accordance with the legal provisions governing BT’s activity (e.g. payment incident reports to the Office of Payment Incidents within the National Bank of Romania-NBR, declaring the transactions that exceed the amount established by the National Office for Prevention and Control of Money Laundering);
• conducting analyzes and the keeping of records for the Bank’s economic, financial and/or administrative management;
• management within the internal departments of the services and products provided by the bank;
• assessing and monitoring the financial-commercial behavior during the performance of the business relationship with the bank, in order to detect the unusual and suspicious transactions, according to the KYC legal obligations the bank is subject to, in order to prevent money laundering and financing of terrorism; 
• debit collection and recovery of receivables registered by the customers;
• preventing the gaining or regaining of the “Customer” quality, by persons having an inappropriate behavior, which is likely to prevent the performance of a prudent banking activity, according to the legal obligations that the bank has;
• defending the bank’s rights and interests in court, the resolution of disputes, investigations or any other petitions/ complaints/requests in which the bank is involved; 
• performance or risk controls regarding the bank’s processes and procedures, as well as the performance of audit activities or investigations;
• taking measures/providing information or answers to the requests/claims/complaints of any nature addressed to the bank by any person or by legal authorities or institutions, including electronic communication and internet requests.
• proving the requests / agreements / options regarding certain aspects requested / discussed / agreed upon via the phone calls initiated by the Customers or by the bank, by taking notes of the discussed issues and, as the case may be, the audio or video recordings of the phone calls or the video calls;
• informing customers about the products/services held by them at the bank, in order to perform the contracts properly (such as, but not limited to account or card statements, information on the operating schedules of the bank's units, information on the insertion of garnishments on accounts, notifications about the existence of unauthorized debits or about arrears in the payment of installments, information about the approaching of the term of termination of a certain product / service held, information about improvements or new facilities offered in connection with the product / service held);
• sending marketing messages, if the Customers have consented to receive such messages on the documents available in the bank’s units, on its web page or within certain online services;
• collecting the opinions of the Customers regarding the quality of the services / products / employees of BT (assessment of the services’ quality);
• the Customers’ financial education;
• conducting internal analyses (statistics included) both with regard to products/services and the client profile and portfolio, for an ongoing improvement of the products/services, as well as market researches, market analysis, customer satisfaction analysis for the Bank’s products/services/employees;
• archiving of documents both in physical and electronic format and security back-up;
• the performance of registration and secretary services regarding the correspondence addressed to the bank and/or sent by it, as well as for carrying out courier activities; 
• ensuring the security of the IT systems used by BT and of the premises in which the bank operates its activity;
• fraud prevention;
• calculation of the fees to which certain categories of bank employees are entitled to.

c. Categories of personal data belonging to BT Customers, processed upon case 

• identity details: name, surname, alias (if applicable), date and place of birth, national identification number (romanian “cod numeric personal”-CNP) or another unique similar identification element (another unique identification element is allocated by the bank to the Customers who are nonresidents and this is represented by a code consisting of a sequence of figures referring to the year, month, day of birth and the number of the identity document), serial number of the national or international document/passport (ID document), as well as a copy the ID document, domicile and residence address;
• contact details - correspondence address (if applicable), telephone number, fax number, e-mail address;
• citizenship;
• information about the purpose and the nature of the business relationship;
• financial data (such as, without being limited to: transactions, including about the amount of expected transactions);
• fiscal data (country of fiscal residence);
• profession, job, name of employer or nature of the individual activity (if applicable),
• information about the important public position held - if applicable - and the political opinions (exclusively in the context of obtaining information related to the quality of the politically exposed persons- PEP);
• the quality, the social parts/shares and, as the case may be, the powers of attorney held within legal entities;
• information on the family status (including marital status, number of children, number of dependents),
• information on the economic and financial status (including data on income, data on banking transactions and their history, data on owned assets, as well as data on the payment behavior);
• the image (contained in the identity documents or caught by the video surveillance cameras installed in the bank's units, on the BT equipment, as well as in certain audio video recordings, as the case may be);
• the voice, within the calls and recordings of the audio or video calls (initiated by the customers or the bank);
• age, to verify the eligibility to contract certain products/services/offers of the bank (e.g. credit products, products dedicated to under-age individuals, etc.);
• opinions, expressed through notices/complaints or during conversations, including phone, regarding products/services/employees of the bank;
• signature (including within signature samples);
• biometric data (such as, but not limited to the situation of illiterate or visually impaired persons, to whom the fingerprint can be processed);
• identifiers, including identifiers allocated by Banca Transilvania or other financial-banking or non-banking institutions, necessary for the provision of services, such as, but not limited to: BT Client Code (CIF BT), transaction identifiers, IBAN codes attached to bank accounts, debit/credit card numbers, card expiration date, contract numbers, codes and the type of operating system of mobile phones or other devices used for accessing mobile banking services / mobile payment applications, as well as the IP address of the device used to access these services. Mobile phone codes, type of operating system and IP addresses are processed exclusively to ensure security measures for transactions carried out through these services, in order to prevent fraud;
• data regarding the health status, only if the processing of such data is necessary for the customers to prove the difficult situation in which they or the members of their families are, in order to provide facilities or in the context of providing/ performing the insurance products/services brokered by the bank.
• for credit products: the type of product, the granting term, the date of granting, the due date, the amounts and credits granted, the amounts due, the account status, the account closing date, the credit currency, the frequency of payments, the amount paid, the monthly installment, the name and address of the employer, the amounts due, the outstanding amounts, the number of outstanding installments, the due date of arrears, the number of days of delay in repaying the loan. These data are processed both in the bank's own records and - as the case may be - in the credit bureau system and / or other records / systems of this type;
• information regarding fraudulent / potentially fraudulent activity, consisting of data regarding accusations and convictions related to crimes such as fraud, money laundering and financing of terrorist acts;
• information related to crimes and offences committed in the financial-banking sector, in the direct relation with Banca Transilvania S.A., backed by final and irrevocable court decisions, as applicable, or by uncontested administrative deeds;
• information regarding the location of certain transactions (implicitly, in case of operations at the ATMs or POS belonging to the Banca Transilvania);
• data and information related to the products and services offered by the bank or its collaborators, which the data subjects use (such as, but not limited to, credit, deposit, insurance products);
• any other personal data belonging to the Customers, which are made known to the bank in various contexts by other Customers or by any other persons.

a. Who is/in what situations we process your data as an BT walk-in client?

“BT walk-in client” is any of the below mentioned categories of natural persons, who initiate over the conter banking operations or banking operations through BT issue devices:

• cash deposits ordered by walk-in clients to third party accounts opened with BT, when the depositor is neither the account holder, nor has any operating rights on that specific BT account (you act as a BT walk-in client whenever you order such cash deposits even if you are a BT customer as well);
• FX exchange;
• Western Union (WU) money transfers;
• payment of utility bills;
• payment of different instalments of insurance premiums;
• cashing dividends or other types of cash amounts;
• cash withdrawals from BT equipment with cards issued by other banking institutions or payment.

For the privacy notice regarding personal data processing for the purpose of cash deposits, please visit the following link: https://www.bancatransilvania.ro//Nota-de-informare-privind-prelucrarea-datelor-cu-caracter-personal-depunere-sume-in-numerar-clienti-ocazionali-BT.pdf

We process your personal data as a BT walk-in client whenever you make transactions of the type listed above, even if you are also a regular BT Customer of the bank.

b. Purposes for which we process personal data of BT walk-in clients

When you act as BT walk-in client, your data is processed, upon case, for the following purposes:

• to verify your identity in order to prevent money laundering and terrorism financing; For the occasional transactions initiated over the counter in BT units, for your identity to be verified you will have to present your original, valid ID document, and, in the case of banking operations you initiate throughBT equipment your identity shall be verified via other information existing in the bank’s evidence.
• applying the know your customer (KYC) rules in order to prevent money laundering and financing of terrorism, including risk-based verification;
• evaluating and monitoring the financial-commercial behaviour to detect unusual and suspicious transactions, according to the legal KYC obligations in order to prevent money laundering and terrorism financing;
• concluding and signing the agreements related to occasional transactions;
• settlement of transactions;
• the preparation and submission of reports to the competent authorities, authorized to receive them in accordance with the legal provisions governing BT’s activity (such as, but not limited to payment incident reports to the Office of Payment Incidents within the National Bank of Romania - NBR, declaring the transactions that exceed the amount established by the National Office for Prevention and Control of Money Laundering);
• conducting analyses and the keeping of records for the bank’s economic, financial and/or administrative management;
• management within the internal departments of the services and products provided by the bank;
• defending the bank’s rights and interests in court, the resolution of disputes, investigations or any other petitions/ complaints/requests in which the bank is involved; 
• performance or risk controls regarding the bank’s processes and procedures, as well as the performance of audit activities or investigations;
• monitoring of persons security, spaces and/or bank’s assets or the units’ visitor;
• taking measures/providing information or answers to the requests/claims/complaints of any nature addressed to the bank by any person or by legal authorities or institutions, including electronic communication and internet requests;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• the performance of registration and secretary services regarding the correspondence addressed to the bank and/or sent by it, as well as for carrying out courier activities; 
• ensuring the security of the IT systems used by BT and of the premises in which the bank operates its activity;
• prevention of fraud.

c. Categories of personal data belonging to BT walk-in clients, processed upon case

The following categories of personal data belonging to BT walk-in clients may be processed, upon case:

• identification data - name, surname, series and number of the national or international identity document / passport, personal identification number (CNP) or another similar unique identification element, such as a CUI for authorized individuals or CIF for individuals carrying out liberal professions (e.g. another unique identifier is allocated by the bank to Customers classified in the category "non-residents" and this is represented by a code consisting of a sequence of digits related to the year, month, day of birth and id number, whole or truncated), the home address and - in some cases provided by law - including the copy of the identity document (usually for deposits of amounts in cash, currency exchanges, money transfer services above a certain amount or which shows indications of suspicion);
• details regarding the amount of the transaction and explanations on the nature of payment (what does the payment stand for);
• the transaction identifier;
• signature;
• contact details - phone number and/or e-mail address for cash depositors who are not BT customers and who wish to provide these contact data to be notified in case the transaction is cancelled);
• the image (from the identity document, if it is necessary to keep the copy of the ID document, or, as the case may be, caught by the video surveillance cameras);
• information regarding the location of certain transactions (by default, in case of banking operations initiated through BT equipment).

a. Who is an individual connected to a BT loan applicant?

There are individuals in connection to a BT loan applicant* (“the applicant” or “the debtor”) are part of the loan applicant’s/debtor’s group and they are any of the individuals indicated in the below table: They are natural persons connected with the applicant for a loan* (also called the "applicant" or "the debtor") and form the same group as him, any of those indicated in the table below:

*The loan applicant is a natural or legal person who submits a loan application to BT.
It is considered to be a loan applicant including the spouse / life partner / co-debtor / guarantor of the principal credit applicant.

1. The husband/wife/life partner of the loan applicant together with the companies that he/she controls or manages
2. Other close members of the loan applicant's family, together with the legal entities that they control or manage, to the extent that between the members or between the legal entities which are held or managed by these the following relationship exist:direct or indirect control/dominant influence/economic dependency
3. The legal entities where the loan applicant exercises direct or indirect control through any of the following:
   • Owns a minimum of 50% of the holdings shares/social parts; and/or
   • Has the power to get the majority of votes within the GMS and/or
   • Has the power to appoint/revoke the majority of the supervisory and/or management body
4. The legal entities where the loan applicant is a director
5. The legal entities where the loan applicant is the General Manager, respectively a director of foundations /associations/ public bodies
6. Parent companies/subsidiaries of the legal entities mentioned at points 3 and 4; Legal entities under the control of the legal entities mentioned at points 3 and 4.
7. Directors and persons exercising directly or indirectly the control in legal entities mentioned at points 3, 4 and 6, except for the ones previously mentioned
8. The natural and/or legal person who guarantees with his/her goods (including with the income of the co-debtor/guarantor) the loan requested by the loan applicant, if the execution of these guarantees would impair it in such a way as to jeopardize its payment capacity. *The loan applicant is an individual or legal entity applying for a BT loan. Is also considered to be an loan applicant his/her, wife/husband/life partner/co-debtor/guarantor.

b. Purposes for processing personal data belonging to individuals who are connected to a BT loan applicant/debtor

If you are such a person, BT processes your data, upon case, for the following main purpose:

• solvency assessment, credit risk diminishment, determining the indebtedness degree of loan applicants interested in personalized offers related to BT loan products or the commitment of this type of products (credit risk analysis);

In the context of analyzing the loan application of an applicant, natural or legal person, Banca Transilvania S.A. also processes your personal data, if you include yourself in any of the categories of individuals indicated in the table above (which are part of the debtor's group), as the bank is subject to legal obligations to establish and analyze its exposure to the groups of related customers, as part of the credit risk analysis.
Also, as a reporting person, the bank will report these exposures and the composition of the debtor groups of clients related to the NBR, the Credit Risk Central (only where applicable).
These data of yours are necessary for the bank to be able to proceed to the analysis of the loan application/ request, and the refusal of the loan applicant (or yourself) to provide them or to be processed may determine the bank's impossibility to analyze and / or approve the loan.

Your personal data are transmitted/disclosed, upon case, to the Credit Risk Register within the NBR, and, as the case may be, in compliance with the need-to-know principle, to entities from the BT Financial Group and/or to the service providers used by the bank for the process of analyzing the loan applications.

The data retentionwithin the bank's records is equal to that of the existence of a group/groups of connected debtors.

Other related purposes to the main one indicated above, in which we process your data are, as the case may be, the following:

• identity verification, including for validate/invalidate your quality of BT customer;
• the preparation and submission of reports to the competent authorities, authorized to receive them in accordance with the legal provisions governing BT’s activity (such as, but not limited to: The Credit Risk Register within the NBR);
• conducting analyses and the keeping of records for the bank’s economic, financial and/or administrative management;
• management within the internal departments of the services and products provided by the bank;
• defending the bank’s rights and interests in court, the resolution of disputes, investigations or any other petitions/ complaints/requests in which the bank is involved; 
• performance or risk controls regarding the bank’s processes and procedures, as well as the performance of audit activities or investigations;
• taking measures/providing information or answers to the requests/claims/complaints of any nature addressed to the bank by any person or by legal authorities or institutions, including electronic communication and internet requests;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• the performance of registration and secretary services regarding the correspondence addressed to the bank and/or sent by it, as well as for carrying out courier activities; 
• ensuring the security of the IT systems used by BT and of the premises in which the bank operates its activity;
• prevention of fraud.

c. Categories of personal data belonging to an individual connected to a BT loan applicant/debtor, processed upon case

• identity detail - name, surname, personal identification number (romanian cod numeric personal CNP/NIN);
• the quality, the social parts/shares and, as the case may be, the powers of attorney held within legal entities part of the loan applicant’s/debtor’s group;
• as the case may be, other data in the bank's records or publicly available, that need to be processed by the bank for the fulfilment of the main purpose regarding the credit risk analysis.

a. Who is the signatory/contact person acting on behalf of a BT contractual partner?

• The signatories are usually, the legal representatives or other representives of BT’s contractual partner, designated to sign the agreements concluded between the bank and that certain contractual partner (regardless of whether the contractual partner is a BT legal entity account holder or just a service provider, collaborator, supplier of goods contracted by the bank);
• The contact persons are individuals appointed by the contractual partner to communicate with the bank for the proper contractual performance, even if their data are mentioned or not in the contract.

b. Purposes for processing personal data belonging to signatories/contact persons acting on behalf of BT contractual partners

If you are a signatory/contact person of any contractual partner of the bank, we process your personal data, as the case may be, for:

• the conclusion and proper contractual performance of the agreement concluded between BT and that certain contractual partner (usually this is your employer), as well as for other purposes, in close connection with the conclusion and proper performance of the agreement, respectively:
• the preparation and submission of reports to the competent authorities, authorized to receive them in accordance with the legal provisions governing BT’s activity;
• conducting analyses and the keeping of records for the bank’s economic, financial and/or administrative management;
• defending the bank's rights and interests, the resolution of disputes, investigations or any other petitions/complaints/requests in which the bank is involved; 
• performance or risk controls regarding the bank’s processes and procedures, as well as the performance of audit activities or investigations;
• taking measures/providing information or answers to the requests/claims/complaints of any nature addressed to the bank by any person or by legal authorities or institutions, including electronic communication and internet requests;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• the performance of registration and secretary services regarding the correspondence addressed to the bank and/or sent by it, as well as for carrying out courier activities; 
• ensuring the security of the IT systems used by BT and of the premises in which the bank operates its activity;
• fraud prevention;

c. Categories of personal data belonging to signatories/contact persons acting on behalf of BT contractual partners, processed upon case

We usually process the following categories of personal belonging to you, as the case may be:

For signatories:

• identity details - name and surname;
• position held within the BT contractual partner;
• signature.

For the contact persons:

• identity details - name and surname;
• contact details - telephone number (work number) and/or e-mail address (work e-mail address);
• position held within the BT contractual partner.

The privacy notice dedicated to signatories and contact persons acting on behalf of BT's contractual partners can be found here: https://www.bancatransilvania.ro//Nota-de-informare-privind-prelucrarea-datelor-cu-caracter-personal-semnatari-persoane-de-contact-pentru-partener-contractual-BT.pdf

a. Who is a BT shareholder and/or a BT obligor or a person whose data we process in relationship with our shareholder/obligor?

• BT shareholder - you are a BT shareholder if you own shares issued by Banca Transilvania S.A., as a natural person or as a legal entity;
• BT obligatary - you are a BT obligatary if you hold as a natural or legal person bonds issued by Banca Transilvania S.A.;
• Individuals whose data we process, as a rule, in relation to those of BT shareholders/obligors- legal or conventional representatives of BT shareholders/obligors, persons holding jointly shares/bonds, successors of BT shareholders/obligors.

b. Purposes for processing personal data belonging to BT shareholders/BT obligors or to other persons in relation with the BT shareholders/obligors

If you are a BT shareholder and/or a BT obligor or a person whose data we process in relationship to the BT shareholders/obligors, we shall use your data, upon case, as follows:

• to verify your identity in order to confirm or not your quality of shareholder/obligor of the bank, another quality in relationship with the BT shareholders/obligors;
• fulfilling the specific legal obligations and activities that derive from the BT’s issuer quality (e.g. organization of GMS, shareholder services, specific communications for investors);
• establishing the garnishments, recording the amounts garnished to the creditors and providing answers to the enforcement bodies and/or the competent authorities, according to the legal obligations of the bank;
• the preparation and submission of reports to the competent authorities, authorized to receive them in accordance with the legal provisions governing BT’s activity;
• conducting analyses and the keeping of records for the bank’s economic, financial and/or administrative management;
• management within the internal departments of the services and products provided by the bank;
• defending the bank's rights and interests, the resolution of disputes, investigations or any other petitions/complaints/requests in which the bank is involved; 
• performance or risk controls regarding the bank’s processes and procedures, as well as the performance of audit activities or investigations;
• taking measures/providing information or answers to the requests/claims/complaints of any nature addressed to the bank by any person or by legal authorities or institutions, including electronic communication and internet requests;
• proving evidence for the requests/agreements/options regarding certain aspects requested/discussed/agreed, including the telephone calls initiated by you or by the bank, by recording the discussed issues and, as the case may be, the audio recording of the telephone calls, or, audio video recording;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• the performance of registration and secretary services regarding the correspondence addressed to the bank and/or sent by it, as well as for carrying out courier activities; 
• ensuring the security of the IT systems used by BT and of the premises in which the bank operates its activity;
• prevention of fraud.

c. Categories of personal data belonging to BT shareholders/obligors/other persons in connection with the latter, processed upon case

If you act as a BT shareholder and/or obligor, or another related person, we usually process, the following personal data categories:

• identity details – name and surname, personal identification number (romanian cod numeric personal- CNP/ NIN), the series and number of the national or international identity document/passport (ID document), the postal address and, as the case may be, the copy of the ID document (for the identification of the shareholders in order to issue shareholder certificates or records for the shares they hold with BT);
• citizenship;
• fiscal data (country of fiscal residence);
• information about the economic and financial situation, regarding the assets held - number of BT shares and/or bonds, including the history of the ownership of these assets;
• the quality, the social parts/shares and, as the case may be, the powers of attorney held within legal entities;
• signature (on the bank’s applications);
• telephone number, e-mail address, correspondence address, depending on the communication channel selected in the requests addressed to the bank.

a. Who is a visitor of the BT units and/or user/visitor of BT equipment?

• Is an Visitor of BT unit - any individual visiting the bank's units (including its administrative buildings) is a visitor of the BT units, regardless if they perform banking operations or not.
• Is an User/visitor of BT equipment - any individual using or standing in front of a BT equipment (ATMs, BT Express, BT Express Plus, etc.), regardless if these equipments are placed inside the BT units or in other locations, regardless if the user/visitor is a BT customer, BT walkin client or any other third party, regardless any banking operations are initiated or if the banking operations initiated through the BT equipment are finalized or not.

b. Purposes for processing personal data belonging to visitors of BT units and/or users/ visitors of BT equipment

The bank processes your personal data, as appropriate, for:

• monitoring of persons security, spaces and/or bank’s assets or the units’ visitor;
  • Details about the video surveillance data processing can be found here: https://www.bancatransilvania.ro/supraveghere-video/.
  • Details regarding visitors’ data processing for the granted access in BT units, can be found here: www.bancatransilvania.ro/monitorizare.pdf
  • transactions initiated through the BT equipment;

as well as for other related purposes related to the main purposes indicated above, respectively:

• verification of identity, as appropriate, if necessary for your identification at the request of the competent authorities or where the bank has a legitimate interest;
• performance or risk controls regarding the bank’s processes and procedures, as well as the performance of audit activities or investigations;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• ensuring the security of the IT systems used by BT and of the premises in which the bank operates its activity;
• prevention of fraud.

Regarding the video surveillance, as well as the processing of the data for granting access into certain BT units, the data subjects are informed, including by specific icons and/or specific privacy notices displayed at the entrance into the bank units and respectively on BT equipment.

c. Categories of personal data belonging to visitors of BT units and/or to users/visitors of BT equipments, processed upon case

If you visit the bank's units (including its administrative buildings) and/or use/visit the BT equipment, the bank will process, as appropriate:

• your image, as it is captured by the video surveillance cameras installed;
• any data required to perform the banking operations initiated through BT equipment or other related purposes (e.g. time spent in units/at BT equipment).

Also, in order to give you access into certain BT units, the security personnel will need to identify you with your original, valid ID document and will insert in special hardcopy registers, the following data concerning you:

• identity details - name, surname, the series and number of the national or international identity document/passport (ID document).

a. Who is a visitor of the BT websites/social media pages?

It is a visitor of the BT websites/social media pages any individual who accesses any of the BT's portfolio websites/social media pages has this quality;

b. Purposes for processing personal data belonging to visitors of BT websites/social media pages

Through cookies or other similar technologies, the bank processes your data whenever you visit a BT websites for the purposes described in the cookie policies of each of our websites, as well as within the banners and cookies setting centers.

For the website www.bancatransilvania.ro the Cookies policy found at the following link: https://www.bancatransilvania.ro/politica-de-utilizare-a-cookie-urilor/

If, within the BT websites, you enter your data in the form of notifications/requests/complaints, applications for products/services/campaigns of the bank, subscription to newsletters in various fields, we process the data filled in such forms, as the case may be, for:

• taking measures/providing information or answers to the requests/claims/complaints of any nature addressed to the bank by any person or by legal authorities or institutions, including electronic communication and internet requests;
• proving evidence for the requests/agreements/options regarding certain aspects requested/discussed/agreed, including the telephone calls initiated by you or by the bank, by recording the discussed issues and, as the case may be, the audio recording of the telephone calls, or, audio video recording;
• collecting your opinion in regard to the quality of the services/ products/employees of BT (assessment of the services’ quality);
• performance of internal analysis (including statistics);
• performance or risk controls regarding the bank’s processes and procedures, as well as the performance of audit activities or investigations;
• archiving of documents both in physical and electronic format and security back-up;
• the performance of registration and secretary services regarding the correspondence addressed to the bank and/or sent by it, as well as for carrying out courier activities; 
• ensuring the security of the IT systems used by BT and of the premises in which the bank operates its activity;
• prevention of fraud.

Please take into consideration that subscription or unsubscription of any e-mail address entered by you in forms/fields of type/with the name “newsletter”, available on the BT websites to receive informations from various areas of interest is managed by the online forms (subscribing) and from unsuscribing links from the content of the messages received following the subscription (unsubscribe).

We also inform you that subscription/unsubscription to/from “newsletter” for which you choose to opt for BT websites do not influence the options regarding the processing of your data for the marketing purpose, completed on the bank forms available in the units or on the BT website (the online form found at the following link: https://www.bancatransilvania.ro/gdpr/ is available only to BT clients for expressing marketing options in the context of the contractual relationship carried out by them with the bank.

c. Categories of processed personal data for the visitors of BT websites/social media pages

If you are a visitor of BT website the bank will collect the following categories of personal data:data processed through cookies;

• data processed through cookies;
• IP Address:
• data about the equipment used to access the website.

Also, in the documents available on websites the bank collects, as appropriate:

• identity details - name, surname, and, in some cases, only with the consent of the data subjects, the national identification number (CNP);
• contact details-e-mail address and/or telephone number.

Please note that BT's websites may contain links to websites whose privacy/personal data processing policy is different from that of BT. Persons who send personal data to any of these websites must be aware that they fall under the privacy/processing policy of those websites, that we recommend to be read. BT's policy on the processing and protection of personal data does not apply to the information provided on those websites, BT has no control over the processing of personal data that the providers of these websites carry out for their own purposes and assumes no liability for these processing.

If you visit any of BT’s social media pages and insert comments, images, opinions and/or value statements to our posts, we will usually process:

• your user name on the respective ocial media platform;
• the opinions you insert;
• images you insert.

In some cases we might ask you to provide – usually when you participate in different contests/campaigns or when you insert comments through which you complain about BT’s banking activity or you ask about any aspects in regard to our activity - other information to help us identify you and/or the situation you bring to our attention and that permit us to send to you an answer to your request. Generally, we might ask you to provide further information regarding:

• details on the situation that you bring to our attention;
• identity details – usually name, surname;
• identifiers: upon case, BT client ID (CIF BT), IBAN;
• contact details: upon case, e-mail address and/or telephone number.

When you provide such personal data through the social media platform, we will process them for the above mentioned purposes in this section. For the security of your personal data, please do not insert such data in public posts on our social media platforms.

Please bear in mind that whenever you insert images of yourself or belonging to other individuals or when you “tag” other individuals in the bank’s social media pages, you give your consent to the processing of your data by BT and, respectively you guarantee to us that you have obtained the similar consent of the individuals they belong to.

Last but not least, we inform you that any personal data that you insert in BT’s social media pages will also be processed by the providers of the social media platform and thus they will also fall under the provisions of the privacy policy of that respective platform. BT has no control over the way the providers of these platforms process your personal data for their own purposes and we hold no liability for such processing.

a. Who is a BT prospect?

You may be a “BT prospect” if you have requested, in the bank units, through the BT websites or through some contractual partners of BT, information on BT products/services, you have started contracting them without completing this action or you have been registered in various campaigns organized by the bank.

b. Purposes for processing personal data belonging to BT prospects

If you are a BT prospect, we process your data, upon case, for the following purposes:

• verifying your identity, in order to confirm/infirm your quality of BT customer;
• taking measures/providing information or answers to the requests/claims/complaints of any nature addressed to the bank by any person or by legal authorities or institutions, including electronic communication and internet requests;
• proving evidence for the requests/agreements/options regarding certain aspects requested/discussed/agreed, including the telephone calls initiated by you or by the bank, by recording the discussed issues and, as the case may be, the audio recording of the telephone calls, or, audio video recording;
• collecting your opinion in regard to the quality of the services/ products/employees of BT (assessment of the services’ quality);
• performance of internal analysis (including statistics);
• performance or risk controls regarding the bank’s processes and procedures, as well as the performance of audit activities or investigations;
• archiving of documents both in physical and electronic format and security back-up;
• the performance of registration and secretary services regarding the correspondence addressed to the bank and/or sent by it, as well as for carrying out courier activities; 
• ensuring the security of the IT systems used by BT;
• fraud prevention;
• calculation of the fees to which certain categories of bank employees are entitled.

c. Categories of personal data belonging to BT prospects, processed upon case

If you are a BT prospect, as the case may be, the bank usually processes the following personal data concerning you:

• identity details- name, surname, and, in some cases, only with the consent of the data subjects or if the bank justifies with a legitimate interest, the personal identification number (romanian cod numeric personal – CNP);
• contact details-e-mail address and/or telephone number.

a. Who is a BT candidate?

You are a candidate for positions available at BT or for internships organized by BT if you have sent to the bank or if the bank has received your CV to be used for recruiting purposes - directly from you or through/from other natural or legal persons - or if you have have brought to our knowledge, in any other way, that you are interested in obtaining certain positions in BT/ participating in BT internships.

b. Purposes for which we process personal data of BT candidates

The bank processes your personal data, as appropriate, for:

• recruitment for the position/positions or, as the case may be, for the internship you wish to obtain/participate in within the bank, as well as for purposes closely related to this activity, such as:
• taking measures/providing information or answers to the requests/claims/complaints of any nature addressed to the bank by any person or by legal authorities or institutions, including electronic communication and internet requests;
• proving evidence for the requests/agreements/options regarding certain aspects requested/discussed/agreed, including the telephone calls initiated by you or by the bank, by recording the discussed issues and, as the case may be, the audio recording of the telephone calls, or, audio video recording;
• performance of internal analysis (including statistics);
• performance or risk controls regarding the bank’s processes and procedures, as well as the performance of audit activities or investigations;
• archiving of documents both in physical and electronic format and security back-up;
• the performance of registration and secretary services regarding the correspondence addressed to the bank and/or sent by it, as well as for carrying out courier activities; 
• ensuring the security of the IT systems used by BT;
• prevention of fraud.

If you apply for only one of the vacant positions/internships in BT, your personal data shall be processed by the bank only within the recruitment process for the respective position, and shall be erased upon the completion of that respective recruitment process.

If, instead, you choose to be contacted generally for vacancies/internships in BT, the bank will keep your data and use it for recruitment purposes for a period of 1 year, which may be extended with your consent.

References from previous employers or from professors may become relevant during the recruitment process. If the bank needs this kind of personal data, it will contact you to ask for your consent to obtain these references on your behalf. If you do not give your consent in this regard, you will need to obtain these references yourself if you want to continue the recruitment process.

c. Categories of personal data belonging to BT candidates

To those individuals interested in applying for positions available at BT or in attending the internships programs of the bank, the bank usually processes the following categories of personal data, as indicated in the CV submitted to/transmitted to the bank:

• identity details- name, surname;
• the age, to verify your eligibility to become an employee or, where applicable, to participate in certain interships of BT;
• contact data: e-mail address, phone number;
• data on studies and professional experience;
• any other relevant data from the CV.

a. Who is/when do we process your personal data as a BT petitioner?

You are such of person if you address to BT any request, on any channel, whether you are a BT customer, an BT walk-in client or you belong to any other category of individuals.

b. Purposes for which we process personal of BT petitioners

Depending on the situation and the relationship you have with the bank, when submitting a request, the bank processes your personal data for the following purposes:

• verifying your identity, including in order to confirm/infirm your quality of BT customer;
• taking measures/providing information or answers to the requests/claims/complaints of any nature addressed to the bank by any person or by legal authorities or institutions, including electronic communication and internet requests;
• proving the requests/agreements/options regarding certain aspects requested/discussed/agreed upon via the telephone calls initiated by you or by the bank, by taking notes of the discussed issues and, as the case may be, the audio recordings of the telephone calls;
• collecting your opinion in regard to the quality of the services/ products/employees of BT (assessment of the services’ quality);
• performance or risk controls regarding the bank’s processes and procedures, as well as the performance of audit activities or investigations;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• the performance of registration and secretary services regarding the correspondence addressed to the bank and/or sent by it, as well as for carrying out courier activities; 
• ensuring the security of the IT systems used by BT;
• fraud prevention;
• calculation of the fees to which certain categories of bank employees are entitled.

c. Categories of personal data belonging to BT petitioners, processed upon case

In order to register, confirm the receipt, analyze, formulate and send answers to any requests/notifications/complaints you send to the bank, we process the following categories of personal data:

• identity details - name, surname and any other data from this category that BT petitioners make available to the bank or data that BT needs to process to verify the identify of the BT petitioner in order to prevent disclosure of confidential information (including personal data) to persons who are not allowed to receive them;
• contact details – correspondence address, e-mail address, phone number;
• voice, from the phone calls as well as from phone call recordings (initiated bypetitioners or by the bank in connection with the petitions);
• depending on each case, any other information that the bank is aware of and which are necessary for analyzing the requests.

a. Who is/when do we process your personal data as a BT third party?

Usually, you belong to this category of data subjects if different categories of personal data concerning you are brought to the bank’s knowledge by the BT customers or by the walk-in BT clients in the context of their relationship with BT or by any other person. We process your data in this context as a third party, even if you have your own direct relationships with BT (e.g. a BT loan applicant provides us with the contract of purchase and sale of the building in which you are listed as seller. In this case, the data concerning you in this contract will be processed by the bank given your quality of thirdparty individual, even if you are in fact a BT customer and the bank processes your data for other purposes, specific to the contractual relationship you have established with the bank).

Thus, as an example, we will process your data as BT third party, if you belong any of the following categories of individuals:

• members of a BT customer's or BT employee’s family-it is possible that in certain situations the BT Clients may bring to our attention data related to members of their family,especially in the context of formulating and analyzing a credit application or during the performance of a credit agreement;
  Also, BT employees may disclose to us personal data belonging to some of their family members, in different situations relating to their employment (e.g minor children of BT employees, other family members of BT employees);
• non-customer payers: individuals who are clients of other institutions that provide payment services and who order transfers to the customers' accounts opened with BT (interbank transfers ordered by clients of other payment institutions to BT account holders) - it is necessary to process the data of these data subjects to provide the payment services and to fulfill our legal obligations;
• beneficiaries of non-customer payments: individuals who are customers of other payment service institutions, to the accounts of which BT customers order transfers (interbank transfers ordered by BT customers towards customers of other payment service institutions) - it is necessary to process the data of this category of idividuals to provide the payment services and to fulfill our legal obligations;
• individuals mentioned in the payment details/explanations from a payment order submitted/transmitted/received at BT - filling in the fields related to the explanations/details of a payment is mandatory, according to the legal provisions in the field of preventing money laundering and terrorism financing. According to the principle of data minimisation, the customers should insert personal data into these fields only when it is absolutely necessary and respectively only data that are strictly neccesary;
• authorized persons (other than the ones who are usually authorized to initiate transactions on the accounts of the BT individual/legal entities account holders) to initiate on behalf of a BT customer specific operations – banking or non-banking ones-through the channels offered by BT (e.g. telephone payment instructions);
• individuals whose data are mentioned on various documents made available to the bank - if a BT customers or a BT walk-in clients or any other persons that BT interacts with submit/send to the bank different documents, in different situations (e.g. certificates or documents of any kind containing personal data of the signatories or, as the case may be, of other persons mentioned in the records) the bank will process these data, given the need to keep these records, even if it may not need to process them in another form;
• persons in relation to whom BT receives information requests from various institutions and/or public authorities, from notaries, lawyers, bailiffs (judicial executors) etc.;
• persons participating in various events or actions of social responsibility organized by the bank, whose data is necessary to be processed in order to ensure the logistics of the events;
• any other category of individuals whose personal data are made available to us by any person with whom the bank interacts or whose data otherwise enter into the bank’s possession.

b. Purposes for which we process personal data of BT third parties

The bank processes your data as a third parties according to the purpose it needs in our relationship with the person who provided it to the bank, as well as for the following related purposes:

• performance of the employment relationship with BT employees, where applicable;
• performance or risk controls regarding the bank’s processes and procedures, as well as the performance of audit activities or investigations;
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• the performance of registration and secretary services regarding the correspondence addressed to the bank and/or sent by it, as well as for carrying out courier activities; 
• ensuring the security of the IT systems used by BT;
• prevention of fraud.

c. Categories of personal data belonging to BT third parties, processed upon case

The most common categories of personal data that we process if you are a BT third party, by way of example:

• identity details: - name, surname, personal identification number (romanian cod numeric personal- CNP);
• relationship between you and a BT customer or employee, upon case;
• position held within a legal entity;
• signature;
• any other data that is made available to us by any person we interact with in our activity.

a. Who can be an individual who has expressed his/her options regarding the processing of personal data for marketing purposes (as the case may be, consent or refusal)

Currently, any of the following categories of data subjects are individuals who have expressed their consent at BT for the processing of their personal data for marketing purposes:

• BT customers, BT walk-in clients or any third party who have given this consent on the dedicated BT form used in the BT units as of 12.03.2018 and on the BT website www.bancatransilvania.ro (online form is only available to BT customers, to the following link: https://www.bancatransilvania.ro/gdpr/ starting with May 2018;
• BT customers, BT walk-in clients or any third party who have given this consent on the forms used in the bank's activity prior to 12.03.2018 and have not modified/withdrawn this consent meanwhile, neither following the notification sent by the bank in May 2018 on this possibility, nor on their own initiative.

Currently there are individuals who have refused to have their personal data processed for marketing purposes BT Customers, BT walk-in clients or any third party who have refused to have their data processed for this purpose from the start, as well as individuals who have withdrawn such consent that they had previously given.

b. Purposes for processing personal data belonging to individuals who have expressed their marketing options (as the case may be, consent or refusal)

If you have given us your consent to have your personal data processed for marketing purposes, we will process your data as follows:

• transmission of advertising messages, in accordance with the given consent (advertising purpose);
• verifying the identity of the persons, in order to confirm their quality as BT customers;
• proving the requests/agreements/options regarding the advertising options, by recording the discussed issues and, as the case may be, the audio recording of the phone calls (initiated by you or by the bank);
• performance of internal analysis (including statistics);
• archiving of documents both in physical and electronic format and security back-up;
• the performance of registration and secretary services regarding the correspondence addressed to the bank and/or sent by it, as well as for carrying out courier activities; 
• ensuring the security of the IT systems used by BT;
• prevention of fraud.

If you have expressed your refusal regarding the processing of personal data for advertising purposes, we will process your data for all purposes above, except for the transmission of advertising messages.
*BT wants to inform the interested persons about the products/services/events offered/organized by the bank, the entities of the BT Financial Group or their partners, meaning that they process the personal data of these persons, if they have expressed their consent to receive such advertising messages by filling in the specific forms. The document dedicated to expressing/collecting the marketing options currently used by BT, is accessible in any unit of the bank and on the website www.bancatransilvania.ro, or directly at the following link: https://www.bancatransilvania.ro/gdpr/. The online document is only available to BT Customers and can be used by them, including for the modification of the previously expressed options, as well as for withdrawing the previously expressed marketing consent, as the case may be, to withdraw consent for receiving advertising messages.

c. The categories of personal data processed from the persons who have expressed to BT their consent on the processing of their data for advertising purposes, their recipients and the period of their processing

The data processed by BT for sending marketing messages are usually:

• identity data: name, surname;
• contact details: the telephone number and/or the e-mail address or correspondence address provided by the persons interested in receiving advertising messages or, as the case may be, those stated in the bank's records for the KYC purpose (the development of the contractua l relationship) in case of BT Customers;
• for BT Customers: other informations that the Bank finds about customers, in the context in which they use the BT services/BT products (e.g. data about the transactions, age, location, income range, etc.), which the Bank will automatically analyze (profiling) to create an opinion about the products/services/events that would suit BT’s customers (personalized advertising).

The personal data will be processed by the Bank for the transmission of advertising messages until the termination of the contractual relationship with the BT Clients or, as the case may be, until the withdrawal of the agreement to receive such messages (the last version for any other categories of non-BT clients)

In certain cases, in order to send ads via such channels, BT shall contract service providers that will process the personal data of the data subjects on behalf of and for BT, exclusively for the purpose of sending the established ads, strictly observing the instructions from BT and under the Bank’s close supervision.

People willing to receive ads, may opt for ads from several categories, including without limitation: BT products and services, products and services of the BT subsidiaries, events organized by BT, products/services of BT’s partners related to the products/services of BT or of BT’s subsidiaries and events organized by BT’s partners

BT’s subsidiaries the products/services and events of which are promoted within the ads sent to the persons willing to receive such messages are the following entities within the BT Financial Group: BT Microfinanțare IFN SA ( „BT Mic”), BT Asset Management S.A.I. S.A., ( "BTAM"), BT Leasing Transilvania IFN S.A. ("BTL"), BT Direct IFN S.A. ("BTD"), BT Capital Partners S.S.I.F. S.A.("BTCP"), other entities that may join the Group in the future.

The list with the categories of current BT/BT’s subsidiaries current partners, whose products/services and events are intended to be promoted within the advertising messages sent to those who have opted for this feature, is accessible at: https://www.bancatransilvania.ro/parteneri.

If one has consented to receiving ads about the products/services and events offered/organized by BT subsidiaries or partners, such entities shall process personal data with the purpose of sending such messages, under the Bank’s close supervision and coordination, and, as the case may be, together with it. For any other possible personal data processing activities carried out by BT partners/subsidiaries outside or connected to the sending of ads, such as, e.g. for the purpose of concluding certain agreements related to their promoted products/services, these partners are to act as controllers of the processed personal data.

The agreement to be contacted for advertising purposes may be withdrawn or modified at any time in several ways, indicated separately on the form dedicated to the expression of consent to the processing of personal data for advertising purposes.
The withdrawal of consent operates only for the future and does not affect the legality of processing the data made before this withdrawal.

Please take into consideration that subscribing or unsubscribing to any e-mail address entered by you in forms / fields of the type / fields of the type / with the name "newsletter", available on BT websites in order to receive information from various fields of interest, is managed through the respective online forms (subscription) and respectively from unsubscribe links in the content of the messages received following subscription (unsubscribing).
We also inform you that subscribing / unsubscribing to / from "newsletters" for which you opt on BT websites, does not influence the options regarding the processing of your data for advertising purposes completed on the bank forms available in the BT units or website.