INFORMATION ON THE PROCESSING OF PERSONAL DATA

Similar documents
INFORMATION ON THE PROCESSING OF PERSONAL DATA

Bank Handlowy w Warszawie S.A. PRIVACY NOTICE

PRIVACY NOTICE. I. Indication of the data controller

INFORMATION ON THE PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA

Information on the processing of personal data

Purpose Explanation Legal basis Data processing duration

DATA PROTECTION POLICY. AtonLine Limited

2. FROM WHICH SOURCES THE BANK COLLECTS YOUR PERSONAL DATA?

LAMP Services Limited Privacy Notice v1.2 4 th March Controller

Overdraft Facility Agreement. (to be completed by the Bank) READ ONLY. (to be completed by the Customer) (to be completed by the Customer)

Privacy Policy. For the purposes of Data Protection Legislation the data controller is the Company.

privacy notice who is responsible for processing your personal data and who you can contact in this regard reasons for processing your data

Institutional Investment Advisors Limited

Data Protection Privacy Notice for people not directly involved in the accident

Data Privacy Notice of Sumitomo Mitsui Banking Corporation, Brussels Branch ( SMBC )

PRIVACY POLICY FOR CUSTOMER, PROSPECT AND PARTNER REGISTER

Your Data Your Rights

Vanguard Group (Ireland) Limited Vanguard Funds plc Vanguard Investment Series plc Privacy policy. May 2018

PRIVACY NOTICE LAST UPDATED: SEPT. 2018

ADMIRAL MARKETS AS PRIVACY POLICY

Data Privacy Notice. Who are we and why do we register and use personal data?

Privacy Statement v 1.1

ADMIRAL MARKETS UK LTD PRIVACY POLICY

The GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018

Frontál Rödl & Partner Könyvvizsgáló és Adótanácsadó Kft.

PERSONAL DATA PROCESSING BY GOLDMAN SACHS FAIR PROCESSING NOTICE FOR REPRESENTATIVES OF CLIENTS AND PROSPECTIVE CLIENTS EFFECTIVE DATE: 25 MAY 2018

Banks Sheridan Limited Data Protection Privacy Policy 19 May 2018

Privacy Policy Statement

Data protection. VTB Bank (Europe) SE Rüsterstraße 7-9 D Frankfurt am Main Tel: Fax:

Current Report No. 29/2018 Offer to purchase shares of Amica SA. Legal basis: Article 17 paragraph 1 of the Market Abuse Regulation

Privacy Policy and Personal Data

The EU s General Data Protection Regulation enters into force on 25 May 2018

GENERAL TERMS AND CONDITIONS OF SALE OF GOODS

address

ANNEXURE. Privacy Notice

ALTERNATIVE TRADING SYSTEM RULES

Man and Machine - Data Protection Policy

Principles of Processing the Personal Data of Clients

If you are a business partner, we will collect your business contact details. Gender. Marital Status. Criminal History

FUNDS MANAGED BY GOLDMAN SACHS ASSET MANAGEMENT - FAIR PROCESSING NOTICE EFFECTIVE DATE: 25 MAY 2018

Data Protection Information The following data protection information gives an overview of our collection and processing of your data.

INFORMATION ON PERSONAL DATA PROCESSING in Connection with the General Meeting of ČEZ, a. s.

European Union General Data Protection Regulation

GDPR : We protect your data

All Sorts UK Limited Data Protection Policy 17 th May 2018

Loan Contract no. (Confirmation of a Loan Contract conclusion)

PAYMENT SERVICES TERMS AND CONDITIONS

Independent Registered Auditor s Report

TERMS AND CONDITIONS OF AGREEMENT FOR ACCEPTANCE OF CASH DEPOSITS IN THE BANK NOTE ACCEPTOR (BNA) NETWORK

Citi Canada. Privacy of Personal Information Statement

PayU S.A. Tel , Grunwaldzka Str Poznań Poland

Information about Danica Pension s processing of personal data

DEAL BY SEA LTD PRIVACY NOTICE

SILCHESTER INTERNATIONAL INVESTORS DATA PROTECTION POLICY

This Policy also explains how we collect information through the use of cookies and related technologies which are relevant if you visit our Site.

CUZ [TRUST SERVICE CENTRE] Sigillum Terms and Conditions Date: Status: Actual PWPW S.A. Ver Page 1

Duty to inform for data collection

1. Personal data processed by NOVO BANCO as the data controller

Data protection information under the EU General Data Protection Regulation in Italy

EU General Data Protection Regulation vs. Swiss Data Protection Act (in the Private Sector 1 )

TERMS AND CONDITIONS

Data Privacy Statement

ACT. of 12 September on electronic payment instruments. (Journal of Laws of 11 October 2002) Chapter 1. General provisions

We protect your data and privacy by taking all relevant measures in accordance with applicable legislation.

Agreement for Bank Accounts, Electronic Payment Instruments and the Use of Electronic Banking Channels ( Deposit Product Agreement )

Uniform text of RESOLUTION No 43/2013 OF THE MANAGEMENT BOARD OF NARODOWY BANK POLSKI. of 5 December 2013

CP is licenced and supervised by the Commission de Surveillance du Secteur Financier (hereinafter CSSF ).

Privacy Policy for IFU Investment Fund for Developing Countries

Lazard Investment Funds (the Company )

5)Confirmation of Reservation a form confirming acceptation of the Reservation Fee.

Decree No. 67/2018 Coll.

DATA PROCESSING AGREEMENT/ADDENDUM

2. TASK OF DPO IN INTERNATIONAL DATA TRANSFERS

Data Processing Addendum

Changes introduced in respective documents are presented in the table below.

To the General Shareholders Meeting and the Supervisory Board of Bank Handlowy w Warszawie S.A.

DATA PROCESSING ADDENDUM

Capital Dynamics Privacy Policy

Terms and Conditions for the stamp preparation service. MójZNACZEK

Anti-Money Laundering and Combating Financing of Terrorism Framework 17 January 2018

YOUR PERSONAL INFORMATION AND WHAT WE DO WITH IT

WHO IS RESPONSIBLE FOR LOOKING AFTER YOUR PERSONAL DATA?

GROUP PRIVACY POLICY. Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ).

SYSTEM IN THE BANK BGŻ BNP PARIBAS S.A.

LGIM Liquidity Funds plc Privacy Policy

Privacy Statement. Key Definitions. Data Controller. Processing

We are the Sanne Group, a listed multinational provider of alternative asset and administration services.

Terms and Conditions. Terms of Use for the services of FX City. Definitions

PRIVACY NOTICE issued by DALE Accounting and Tax Services Ltd

To the General Shareholders Meeting and the Supervisory Board of Bank Handlowy w Warszawie S.A.

SECTION 1 IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

Member Circular March Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members

CPI PROPERTY GROUP. Group Data Protection Policy. 25 May Summary

Assessment of the impact of activity on the protection of personal data. 1. Subject of the protection of personal data of. Hexpol Compounding s.r.o.

I. OPINION ON THE PUBLIC CONSULTATION ON RESPONSIBLE LENDING AND BORROWING IN THE EU

DATA PROCESSING AGREEMENT ( AGREEMENT )

INFORMATION ABOUT THE PROCESSING OF PERSONAL DATA

Transcription:

INFORMATION ON THE PROCESSING OF PERSONAL DATA

PRIVACY NOTICE In order to be compliant with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the GDPR ), Bank Handlowy w Warszawie S.A. (the Bank ) hereby informs about the rules of processing Your personal data and about your rights related with it. Following rules are applicable from 25 May 2018. If You have any questions regarding manners and scope of processing of Your personal data by the Bank, as well as regarding Your rights, please contact the Bank on the address ul. Senatorska 16, 00-923 Warsaw (Poland), or the data protection officer at the Bank via email (daneosobowe@bankhandlowy.pl) or post (address: ul. Goleszowska 6, 01 249 Warsaw). I. Indication of the data controller The data controller of Your personal data is Bank Handlowy w Warszawie S.A. with its registered office in Warsaw at ul. Senatorska 16. II. Purposes and legal basis for processing of Your personal data: The Bank process Your personal data for following purposes: 1. for purposes of taking steps at Your request aimed at entering into an agreement with the Bank or when such processing is necessary for the performance of the agreement with the Bank (the Article 6.1.b of the GDPR), and additionally: a) in reference to agreements on credit products, for purposes related with: i. evaluation of creditworthiness or credit risk analysis (in accordance with the Article 9 of the Act of 12 May 2011 on consumer credit or the Article 70 of the Polish Banking Law); ii. transfer of information to institutions created on basis of the Article 105.4 of the Polish Banking Law, including Biuro Informacji Kredytowej S.A. (the Polish Bureau of Credit Information, the BIK ) with its registered office in Warsaw, the Polish Bank Association with its registered office in Warsaw, as well as to business information offices in accordance with principles stipulated in the Polish Act of 9 April 2010 on disclosure of business information and exchange of business data; b) in reference to agreements on investment services for purposes related with investigating level of knowledge on investing in scope of financial instruments, as well as investing experience, financial situation and investing targets (in accordance with principles stipulated in the Act of 29 July 2005 on trading in financial instruments and implementing acts issued on basis of such Act); 2. for purposes of being compliant with legal obligations borne by the Bank in relation with conducting banking activities, including: i. purposes resulting from the Polish Act of 16 November 2000 on counteracting money laundering and terrorist financing or after its entry into force - the Polish Act of 1 March 2018 on counteracting money laundering and terrorist financing (so called the AML Act ); ii. if applicable, purposes related with monitoring of correspondence with the Bank and transactions / orders on basis of the Regulation (EU) 596/2014 on market abuse (Market Abuse Regulation, the MAR Regulation ) or monitoring and recording of phone calls and electronic communications with the Bank and transactions / orders on basis of the Polish Act of 29 July 2005 on trading in financial instruments; iii. purposes related with maintaining the Bank s payment liquidity, including providing compliance with obligations resulting from the Regulation (EU) 575/2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No. 648/2012 (Capital Requirements Regulation, the CRR Regulation ); iv. purposes related with reporting to authorities, including supervisory authorities, and to other entities, to which the Bank is obliged to report on basis of applicable laws and regulations, including in relation to the Bank s identification and reporting obligation on basis of the Polish Act of 9 3

March 2017 on exchange of tax information with other countries (the CRS Act ), the Polish Act of 9 October 2015 on the performance of the Agreement between the Government of the Republic of Poland and the Government of the United States of America with respect to an improved fulfilment of international tax obligations and implementation of FATCA (the FATCA Act ); v. purposes related with handling actions and complaints related to services provided by the Bank on basis of the Article 5 of the Act of 5 August 2015 on handling of complaints by financial market organisations and on the Financial Ombudsman, as well as other requests, motions and inquiries addressed to the Bank; 3. Moreover, in certain situations it might be necessary to process Your personal data due to necessity to pursue legitimate interests by the Bank (the Article 6.1.f of the GDPR), in particular but not limited to: a) for purposes of marketing of the Bank s products and services and similar products and services offered by the Bank s partners; b) for purposes related with monitoring and improving quality of products and services provided by the Bank, including monitoring of telephone conversations and meetings with the Bank, surveying Your satisfaction from provided services; c) for purposes related with risk management and internal control of the Bank on basis of the Article 9 and subsequent of the Polish Banking Law; d) for purposes of restructuring and sale of the Bank s receivable debts relevant to You and pursue of claims by the Bank; e) if applicable, for purposes related with litigation, as well as pending state authorities proceedings and other proceedings, including for purposes of pursue and defending against claims; f) for purposes of counteracting abuses and making advantage of the Bank s activity for criminal purposes, including for purposes of processing and sharing information concerning suspicions or detecting offences on principles stipulated in the Article 106d and subsequent of the Polish Banking Law; g) for purposes of internal reporting within the Bank or within Citigroup, including management reporting; h) if applicable, for purposes of keeping internal records of given and received benefits, conflicts of interests and violation of ethics to the extent necessary for counteracting abuses and making advantage of the Bank s activity for criminal purposes; 4. In other cases, Your personal data will be processed only on basis of previously given consent to the extent and for purposes specified in consent s content. III. Obligation to provide personal data to the Bank Providing personal data by You is a condition to enter into and exercise an agreement with the Bank, results from compliance with legal obligations or is necessary to pursue purposes resulting from abovementioned legitimate interests of the Bank. The failure to provide all required personal data by You, will be a hindrance to entering into and providing services by the Bank for You. To the extent, where personal data are being collected on basis of consent, providing personal data is voluntary. IV. Information on recipients of Your personal data With regard to processing of Your personal data for purposes mentioned in p. II, Your personal data might by shared with following recipients or categories of recipients: a) state authorities and entities performing public tasks or acting at the direction of state authorities, to the extent and for purposes, which results from law provisions, e.g. the Polish Financial Supervision Authority (KNF), the Polish General Inspector of Financial Information (GIIF); b) entities affiliated with the Bank, including within Citigroup, during performing reporting obligations; c) entities performing tasks resulting from law provisions, such as BIK or business information offices, as well as other banks and institutions to the extent that this information is necessary in connection with carrying out banking operations and with acquiring and transferring receivable debts; d) entities participating in processes necessary for exercising agreements concluded with You, including Krajowa Izba Rozliczeniowa S.A (KIR), Visa, Mastercard, First Data Polska; 4

e) entities supporting Bank in its business processes and banking operations, including data processors on behalf of the Bank and the Bank s partners; f) the Polish Bank Association. V. Periods of processing personal data Your personal data will be processed for period necessary for realisation of purposes indicated in p. II, i.e. to the extent of exercising agreement concluded between You and the Bank, for period until end of its exercising, and after this time for period and to the extent required by law provisions or for pursuing data controller s legitimate interests by the Bank in scope stipulated in p. II above, and in case where You have given a consent for processing personal data after termination of expiration of the agreement, until withdrawal of such consent. VI. Profiling or automated decision-making Profiling should be understood as any form of automated processing of personal data consisting of its use to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements. To the extent necessary for entering into, or performance of an agreement the Bank or for the Bank s compliance with a legal obligation, Your personal data may be processed by automated means, which may be related with automated decision-making, including profiling, which could produce legal effects concerning You or similarly significantly affects. Such cases shall occur in following situations: 1. Performing money laundering and terrorist financing risk analysis in accordance with the AML Act: a) Your personal data shall be used in Know you Client process, which takes place on stage of establishing relation, and after that, during regular reviews. To the extent of such profiling, i.a. on basis of circumstances, such as client type, business relations type, types of products, transaction history, geographic risk and verification if the client is a politically exposed person (PEP) in the meaning of the AML Act and whether client has previously showed high-risk activity (e.g. previously reported transactions to GIIF), it is determined or amended a level of risk for such client. If You will be classified as high-risk person in result of such profiling, the Bank reserves its right to contact You in order to collect additional information. Moreover, in result of such classification on stage of establishing relations it may come to refusal of entering into an agreement with You; b) Your personal data shall be subject to profiling for purposes of identification of eventual cases of money laundering or terrorist financing in accordance with the AML Act. Different factors are considered within such profiling: i.a. data concerning transaction, citizenship, client type, business relations type, geographic area, as well as previous high-risk activity. In the result of such profiling, behavior, which is potentially incompliant with the AML Act in scope of money laundering or terrorist financing, is identified. Eventual determination of justified suspicion of money laundering of terrorist financing results in notifying such transaction to relevant state authorities or possibility of termination of an agreement. In the result of such determination it may also come to refusal of entering into next contract with You in the future and/or refusal of expanding actual relation for next products, which are offered by the Bank. 2. In reference to agreements of credit character: a) Conducting evaluation of Your creditworthiness and/or credit risk analysis. Evaluation of creditand trustworthiness is conducted on basis of data provided by You in application for concluding an agreement with the Bank and information obtained from BIK and business information offices. The scope of used data covers information regarding Your current liabilities and information regarding service history of other products and services, including data contained in databases of BIK and of business information offices. In process of evaluation of credit- and trustworthiness, there are used statistic models, in result of which Your creditworthiness and credit trustworthiness for entering into obligations with the Bank is indicated. In case, when such process will prove lack of insufficient credit- and trustworthiness to enter into specific obligation, the Bank will refuse to grant You with a credit product; 5

b) Your personal data, i.e. for example relevantly existing to date credit history, demographic data, transactions history, as well as existing to date evaluation of Your credit- and trustworthiness might be profiled within processes of credit risk and the bank s capital management, in accordance with obligation from CRR Regulation, mentioned above. Such profiling will not bring any consequences for You; c) it is possible to make automated decision towards You on lowering of credit limit, in case when Your creditworthiness has deteriorate. Deterioration of creditworthiness might be identified by the Bank only in result of evaluation of objective information, i.e. on basis of information on number, amount and quality of current service of credit products and other services, where these information are obtained from the Bank Register database (MIG-BR), BIK databases and from the Bank s systems; d) in justified cases, i.e. in case of lack, despite call, of payment of due liabilities resulting from an agreement, the Bank in automated means makes a decision to terminate an agreement; e) in justified cases in reference to due liabilities of the Bank resulting from agreements of credit character, after ineffective process of recovery, the Bank in automated means makes a decision on selling such liabilities. 3. Additionally, in scope of exercising an agreement on credit card, in accordance with conditions of the agreement concluded with the Bank: a) it might be issued towards You an automated decision on non-renewing an agreement by the Bank. Basic criteria for making such decision is prolonged period (at least 24 months) of non-using Your credit card; b) it is possible to make towards You an automated decision on refusal of executing a transaction. Such decision shall be made in result of exceeding credit limit granted by the agreement or in case of risen arrears on credit card account. 4. In justified cases, it is possible to make an automated decision towards You on refusal of executing payment transaction in case of suspecting that it has been initiated by an unauthorized person. Identification of such cases takes place on basis of profiling stipulated under criteria related with certain aspects of Your transactions, including transaction amount, place of initializing a transaction, means of authorization. 5. In reference to agreements on investment services to the extent related with investigating level of knowledge and experience, as well as risk profile analysis (in accordance with the Act of 29 July 2005 on trading in financial instruments), information obtained in the form (i.a. education, investing experience, knowledge on financial instruments, age, financial situation and investing targets) will be used for evaluation of Your knowledge and experience in field of investing on financial market, Your financial situation and investing targets, i.e. in order to create Your investing profile. Moreover, such information will be used for correct evaluation of specified target market of end clients within specified category of the bank s clients. The Bank might refuse entering into an agreement in case of determining lack of sufficient knowledge on character of service covered by the agreement, which You intend to conclude. 6. For marketing purposes, referred to in p. II.2.a) above, Your personal data (for example relevant existing to date credit history, demographic data, transaction history, as well as existing to date evaluation of Your creditworthiness) might be used for profiling in order to address to You personalized offer. Not taking advantage of such offer shall not bring any negative consequences for You. VII. Rights of data subjects The Bank wishes to ensure You that all persons, which personal data are being processed by the Bank, are entitled to use its rights resulting from GDPR. With regards to such, You are entitled to following rights: 1. right of access to the personal data, including a right to obtain a copy of such data; 2. right to obtain the rectification (correction) of the personal data in case when such data are inaccurate or incomplete; 3. right to obtain the erasure of the personal data (so called right to be forgotten ) in case when: (i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, (ii) the data subject objects to the processing, (iii) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing, (iv) the personal data have been unlawfully processed, (v) the personal data have to be erased for compliance with a legal obligation; 6

4. right to obtain the restriction of processing of personal data in case, when: (i) the accuracy of the personal data is contested by the data subject; (ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead, (iii) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, defence or exercise of claims, (iv) the data subject has objected to processing of the personal data - pending the verification whether the legitimate grounds of the controller override those of the data subject; 5. right to receive or transmit the personal data in case when: (i) the processing is based on agreement concluded with data subjects or on consent expressed by such person, and (ii) the processing is carried out by automated means; 6. right to object to processing of personal data, including profiling, when (i) grounds relating to Your particular situation arise, (ii) processing of personal data is based on necessity to pursue purposes resulting from legitimate interests of the Bank, referred to in p. II above. VIII. Right to withdraw consent for processing of personal data To the extent, where You have given a consent for processing of personal data, You are entitled to withdraw such consent for processing of personal data. Withdrawal of consent shall not affect the lawfulness of processing conducted based on consent before its withdrawal. IX. Right to lodge a complaint with a supervisory authority In case You find processing of Your personal data by the Bank as infringing the GDPR provisions, You are entitled to lodge a complaint to relevant supervisory authority. X. Transfer of personal data to entities outside European Economic Area (EEA) or to international organisations The Bank in justified and required, given the circumstances, cases might share Your personal data to entities situated outside EEA, i.e. USA, Singapore, India, China, Hong Kong and Canada, and international organisations (e.g. SWIFT), as well as to other entities situated outside EEA, or international organisations, to which the transfer is necessary in order to exercise an agreement (e.g. in order to exercise Your order related with the agreement). In general, the transfer of data outside EEA shall take place on basis of standard data protection clauses concluded with the recipient of data, which content has been adopted by the European Commission and guarantees highest applied on the market standards of protection of personal data. You have a right to obtain a copy of abovementioned standard contractual clauses (or other appropriate safeguards for transfer outside EEA) via the Bank. 7

www.citihandlowy.pl Bank Handlowy w Warszawie S.A. with principal seat in Warsaw at 16 Senatorska Street, 00-923 Warsaw, entered into the register of entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw, 12th Business Division of the National Court Register, under no. KRS 000 000 1538; Tax Identification Number (NIP): 526-030-02-91, share capital amounting to PLN 522,638,400, fully paid-up. 04/2018

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback