Purpose Explanation Legal basis Data processing duration

Similar documents
PRIVACY NOTICE. I. Indication of the data controller

Bank Handlowy w Warszawie S.A. PRIVACY NOTICE

INFORMATION ON THE PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA

Information on the processing of personal data

INFORMATION ON THE PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA

DATA PROCESSING AGREEMENT ( AGREEMENT )

INFORMATION ON THE PROCESSING OF PERSONAL DATA

PayU S.A. Tel , Grunwaldzka Str Poznań Poland

2. FROM WHICH SOURCES THE BANK COLLECTS YOUR PERSONAL DATA?

INFORMATION ON THE PROCESSING OF PERSONAL DATA

5)Confirmation of Reservation a form confirming acceptation of the Reservation Fee.

CUZ [TRUST SERVICE CENTRE] Sigillum Terms and Conditions Date: Status: Actual PWPW S.A. Ver Page 1

Data Privacy Notice of Sumitomo Mitsui Banking Corporation, Brussels Branch ( SMBC )

FINANCIAL SERVICES OPPORTUNITIES INVESTMENT FUND LIMITED Company Registration Number: PRIVACY NOTICE

TERMS AND CONDITIONS

PRIVACY NOTICE LAST UPDATED: SEPT. 2018

Edmond de Rothschild (Suisse) S.A. Personal Data Protection Charter

Privacy Policy and Personal Data

TERMS AND CONDITIONS OF AGREEMENT FOR ACCEPTANCE OF CASH DEPOSITS IN THE BANK NOTE ACCEPTOR (BNA) NETWORK

The EU s General Data Protection Regulation enters into force on 25 May 2018

PAYMENT SERVICES TERMS AND CONDITIONS

CP is licenced and supervised by the Commission de Surveillance du Secteur Financier (hereinafter CSSF ).

PKO BANK POLSKI SA S GENERAL TERMS AND CONDITIONS OF MAINTAINING BANK ACCOUNTS AND PROVIDING SERVICES FOR INDIVIDUAL CLIENTS

privacy notice who is responsible for processing your personal data and who you can contact in this regard reasons for processing your data

We take privacy and security of your information seriously and will only use such personal information as set out in this Privacy Notice.

DATA PROTECTION NOTICE

TERMS AND CONDITIONS

NOTIFICATION INFORMATION TO BE GIVEN 1

Data Privacy Statement

Power of Attorney Application to Appoint an Attorney to Operate an Account(s)

Privacy Policy. This privacy policy shall be valid even if you have reserved your transfers through the other sales partners of Plus Group Kft.

LGIM Liquidity Funds plc Privacy Policy

PAYMENT SERVICES TERMS AND CONDITIONS INDIVIDUALS

Overdraft Facility Agreement. (to be completed by the Bank) READ ONLY. (to be completed by the Customer) (to be completed by the Customer)

INFORMATION in accordance with Personal Data Protection Act no. 18/2018 of Law, 19

AS SEB Pank. Terms and conditions of the Internet Bank for private clients. Content. Valid as of

General agreement terms and conditions 1 (9) governing services with access codes

Terms and Conditions of Straal Payment Gateway Service (valid from )

Terms and Conditions for the stamp preparation service. MójZNACZEK

STANDARD TERMS AND CONDITIONS OF THE AGREEMENT ON INVESTMENT SERVICES

Data protection. VTB Bank (Europe) SE Rüsterstraße 7-9 D Frankfurt am Main Tel: Fax:

1. Personal data processed by NOVO BANCO as the data controller

Anti-Money Laundering, counter Terrorist Financing and sanctions Procedure

INFORMATION ON THE USE OF PERSONAL DATA

RespoTeam, Terms of Service Definitions 1.1 ORDERING ENTITY 1.2 RESPONDENT 1.3 ACCOUNT 1.4 PLATFORM 1.5 PRIVACY POLICY 1.

Uniform text of RESOLUTION No 43/2013 OF THE MANAGEMENT BOARD OF NARODOWY BANK POLSKI. of 5 December 2013

Data Privacy Notice. Who are we and why do we register and use personal data?

***II POSITION OF THE EUROPEAN PARLIAMENT

PERSONAL DATA PROCESSING BY GOLDMAN SACHS FAIR PROCESSING NOTICE FOR REPRESENTATIVES OF CLIENTS AND PROSPECTIVE CLIENTS EFFECTIVE DATE: 25 MAY 2018

DATA PROTECTION NOTICE. The protection of your personal data is important to the BNP Paribas Group 1.

DATA PROTECTION POLICY. AtonLine Limited

Processing the customer s personal data at FINE

Duty to inform for data collection

EMPLOYEE PRIVACY STATEMENT

Decree No. 67/2018 Coll.

General agreement terms and conditions 1 (9) governing services with access codes

Assessment of the impact of activity on the protection of personal data. 1. Subject of the protection of personal data of. Hexpol Compounding s.r.o.

INFORMATION ON PERSONAL DATA PROCESSING in Connection with the General Meeting of ČEZ, a. s.

Citi Canada. Privacy of Personal Information Statement

Regulations on Opening, Holding and Closing Bank Accounts at mbank S.A.

ADMIRAL MARKETS AS PRIVACY POLICY

3. Obligations of the Investment Manager

CENTRAL BANK OF MALTA DIRECTIVE NO 1. in terms of the. CENTRAL BANK OF MALTA ACT (Cap. 204 of the Laws of Malta)

You may also obtain further information at CNPD Comissão Nacional de Proteção de Dados at

Data protection information for customers and interested parties

Banks Sheridan Limited Data Protection Privacy Policy 19 May 2018

Loan Contract no. (Confirmation of a Loan Contract conclusion)

DATA PROTECTION NOTICE

FUNDS MANAGED BY GOLDMAN SACHS ASSET MANAGEMENT - FAIR PROCESSING NOTICE EFFECTIVE DATE: 25 MAY 2018

Man and Machine - Data Protection Policy

Translation from Polish Bank Millennium S.A. MANAGEMENT BOARD S OPERATIONS BYLAWS

Principles of Processing the Personal Data of Clients

Announcement of convening the Annual General Meeting of Shareholders

Data protection information under the EU General Data Protection Regulation in Italy

SECTION 1 IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

Data Privacy is important please read the statement below.

For the purpose of these General Terms and Conditions, the below-specified terms shall have the following meaning:

(Valid as at the date of entry in the national company register (KRS) on 30 November 2017) THE STATUTE

RULES. Krajowy Depozyt Papierów Wartościowych (KDPW) CHAPTER I GENERAL PROVISIONS

DATA PROCESSING ADDENDUM

Finansinspektionen s Regulations

Regulations on Opening, Holding and Closing an Integrated Bank Account at BRE Bank SA

Agreement for Bank Accounts, Electronic Payment Instruments and the Use of Electronic Banking Channels ( Deposit Product Agreement )

Privacy Policy. For the purposes of Data Protection Legislation the data controller is the Company.

Data Protection Notice pursuant to the General Data Protection Regulation (GDPR)

THE BANKING ACT 1) of August 29, A unified text CHAPTER 1 GENERAL PROVISIONS

ACT. of 12 September on electronic payment instruments. (Journal of Laws of 11 October 2002) Chapter 1. General provisions

PRIVACY NOTICE issued by DALE Accounting and Tax Services Ltd

ARTICLES OF ASSOCIATION POWSZECHNA KASA OSZCZĘDNOŚCI BANK POLSKI SPÓŁKA AKCYJNA

Data Protection Privacy Notice for people not directly involved in the accident

Technical Conditions. A. Payment Services. Free NONSTOP infoline ,

1. Card Processor a bank or credit institution which

CBSA PRIVACY POLICY. Canadian Business Strategy Association Page 1

Linemac Toyota s APP Privacy Policy

Terms and Conditions of the Website and Payments. General Rules

Information about Danica Pension s processing of personal data

This Policy also explains how we collect information through the use of cookies and related technologies which are relevant if you visit our Site.

We are the Sanne Group, a listed multinational provider of alternative asset and administration services.

Transcription:

INFORMATION ON PERSONAL DATA PROCESSING IN BANK MILLENNIUM S.A. This document (hereinafter referred to as: the Rules ) describes the rules governing processing of your personal data in Bank Millennium S.A. (hereinafter: the Bank ). From the document you will learn, inter alia, about the purpose of processing your personal data by the Bank and how long the Bank will do it. You will also learn about categories of entities that may have access to your personal data and your rights related to your personal data processing. The scope of information provided herein meets the requirements of EU regulations on protection of personal data i.e. the Regulation (EU) 2016/679 of the European Parliament and of the Council also referred to as the general data protection regulation (hereinafter: Regulation ). Controller, Data Protection Officer 1. The Controller of your personal data is Bank Millennium S.A. having its head office located in Warsaw: address: ul. Stanisława Żaryna 2A, 02-593 Warszawa. telephone: (+48) 801 331 331 or (+48) 22 598 40 40 for persons calling from mobile phones or from abroad, e-mail: kontakt@bankmillennium.pl 2. Bank as data controller shall make its best efforts to meet, to the greatest possible extent, Regulation requirements and thus protect your personal data. 3. Proper processing of personal data in the Bank is subject to supervision of the Data Protection Officer (hereinafter: Officer ): address: Inspektor Ochrony Danych, Bank Millennium S.A., ul. Stanisława Żaryna 2A, 02-593 Warszawa. e-mail: iod@bankmillennium.pl You may contact the Inspector relative to any and all issues related to processing of your personal data as well as in case of any doubts you may have about your rights. Why and how long shall we process your personal data? 4. The Bank guarantees that it shall process your personal data solely for specific, clear and legally justified purposes and shall not process the data any further contrary to the said purpose. The purpose of data processing is a reason why we process your personal data. If the Bank intends to process your personal data for other purposes not indicated below the new purpose shall be notified to you separately. Please find data processing purposes in the table below. Each purpose listed below has been thoroughly assessed by the Bank for compliance with provisions of the Regulation and regulations governing activity of the Bank. The table presented below indicates, each time, the data processing purpose and legal basis of such processing. Your personal data shall be stored for as long as it is necessary to implement indicated purposes. Details of personal data storage periods you shall find at www.bankmillennium.pl/data-protection Purpose Explanation Legal basis Data processing duration Irrespective of relations linking you with the Bank, your personal data shall be processed for the following purposes: Conclusion, due performance, dissolution of agreements or other actions necessary to ensure execution of agreement Any and all activities undertaken to prepare conclusion of agreement, execution of agreement, perform analysis and assessment of credit capacity, consider complaints, dissolve of agreement, archive and perform other legal actions connected with agreement, and actions to conclude agreements with other entities through the bank s intermediation e.g. conclude insurance agreement. b) Until expiry of agreement and after such time, for other lawful agreement e.g. period necessary to secure potential claims i.e. until the end of calendar year, in which the 6-year statute of If no agreement is concluded until application is considered and 3 years thereafter for purpose of potential complaints and claims. Conclusion, due execution, dissolution of agreements or other actions Any and all activities undertaken to prepare conclusion of agreement, execution of agreement, which you are not a party to (you have been established as proxy, you are representative or other person indicated by Until expiry of agreement and thereafter for other lawful agreement e.g. period necessary to secure potential claims i.e.

necessary to execute agreement, which you are not a party to Performance of duties provided for by laws or implementation of projects in public interest Implementation of tasks performer on the basis of consents granted Other goals within the socalled legitimate of a controller the Bank s client etc.), consider complaints, archive and perform other legal actions connected with agreement, and actions to conclude agreements with other entities through the bank s intermediation e.g. conclude insurance agreement. In this case the Bank processes personal data to perform its duties imposed by law or to implement projects conducted in the public interest. In particular, it means the Bank meets its duties connected with banking activities and implementation of agreements and for archiving purposes as well as assessment of credit capacity and credit risk analysis. Moreover, the said duties are provided for, inter alia, the act on counteracting money laundering and financing of terrorism, the act to improve international tax compliance and to implement FATCA, the act on exchange of tax information with other countries, the law on protection of competition and consumers, the act on trading in financial instruments and the rules on ensuring security of safe kept funds. In particular, such tasks might include: 1) marketing activities conducted through electronic channels and by phone, 2) marketing of services and products offered by companies cooperating with the Bank, 3) processing of information constituting banking secret (including for the purpose of credit capacity assessment and analysis of credit risk) after expiry of the liability. Purposes within the so-called legitimate interest are linked with performance of agreement concluded with you and these are: 1) Ensuring safety of persons and assets of the Bank including monitoring of Bank outlets while maintaining personal privacy and dignity, 2) Ensuring transaction security including, in particular, preventing fraud, 3) Adjustment of marketing content of Bank sites to behaviour of persons visiting those sites, 4) Protection against claims and recovery of receivables, 5) Internal administrative, analytical and statistical purposes including analysis of credit portfolio, statistics and internal Bank reporting and reporting within the Bank Group. When assessing whether the said purposes are legitimate we take account of, inter alia, as follows: c) and detailed regulations imposing, upon the Bank duties indicated in explanations or the Regulation art. 6 sec. 1 letter e). a) Legal basis: until the end of calendar year, in which the 6-year statute of If no agreement is concluded until application is considered and 3 years thereafter for purpose of potential complaints and claims. Within the framework of calculations connected with statistical methods to calculate methods and models stipulated in the Banking Law for the period of 12 years from the date of expiry of the liability. In the area of processing information constituting banking secret to assess credit capacity and to analyse credit risk after expiry of liability under agreement concluded with the Bank until the consent is withdrawn. In other cases until such time as the Bank fulfils its obligations provided for in individual laws or until tasks performed in public interest are completed. Until consents granted are withdrawn. Until fulfilment of legitimate interests of the Bank, constituting basis for such processing or for objecting to such processing, not longer than until the end of calendar year in which the 6-year status of In case of dispute or during proceedings, in particular court proceeding, the storage period shall be calculated from the date of completion of the dispute or legally valid and binding conclusion of proceedings.

a) all connections between purposes for which personal data was collected and purposes of intended further processing, b) context within which the personal data was collected including, in particular, relations between data subjects and the administrator, c) nature of personal data, d) potential consequences of intended processing, e) existence of appropriate safeguards. If you are a party to agreement concluded with the Bank, your personal data shall be processed also for the following purposes: Marketing of Bank s products and services This is about marketing of the Bank including, in particular, activities conducted by way of delivery of information by ordinary mail or, in case relevant consent is given also by way of electronic means or by telephone. Marketing activities may be conducted on the basis of profiling which means processing for marketing purposes of information while taking account of Customer features, behaviour or preferences. By using profiling, the Bank can, on the basis of cooperation history, adjust commercial offers to your needs and interests. Until such processing is objected against or until agreement with the Bank expires. Furthermore, if you use the services through electronic banking channels, your personal data shall be processed for the following purposes: Communication or delivery of services via the Bank internet sites and mobile application For this purpose, we shall process your data also to facilitate communication or delivery of services via the bank s internet sites and mobile application. In this area, identifiers such as IP address of your device or geolocation information shall be inter alia processed. Where do we obtain your personal data from? Regulation, - art. 6 sec. 1 letter b) or - art. 6 sec. 1 letter f) Through the period until expiry of the agreement and, thereafter, for other lawful agreement e.g. term needed to secure potential claims i.e. until the end of calendar year in which the 6-year status of Through the period of communication or delivery of services but not later than until effective objection is filed. 5. The Bank shall process your personal data obtained directly from you (e.g. data from forms filled in), and obtained from other sources e.g.: a) Publicly available sources e.g. PESEL register, ID Register, National Court Register (KRS), Central Register of Businesses (Centralna Ewidencja Informacji o Działalności Gospodarczej - CEIDG), REGON, b) Sources of limited access e.g. BIK, BIG. Conditional upon relations linking you with the Bank, your data may be obtained from e.g. a person granting you with power of attorney, company, which recommended you for contact or for carrying out specific actions or from your statutory representative. In each case referred to above, the Bank shall thoroughly verify the legal basis for processing of personal data. What categories of your data shall be processed? 6. Conditional upon relations linking you with the Bank, the Bank may process the following categories of personal data obtained from you or from third persons:

a) Personal data (e.g. name and surname, domicile address), b) Contact data (e.g. telephone number, address for correspondence), c) Identification data (e.g. ID number, PESEL), d) Socio-demographic data (e.g. nationality, form of employment), e) Behavioural data (e.g. data on the way of using services provided by the Bank), f) Communication data (e.g. data on communication conducted to and from you), g) Audio-visual data (e.g. data connected with recording of conversations or image for evidence and security purposes), h) If you are a party to agreement concluded with the Bank: Transaction data (e.g. details of executed transactions), Data on family, legal and property related connections (e.g. in case you file instruction on deposit transfer on death), Financial data (e.g. account balance, source of income, information on assets), Contract data (e.g. details of contracts concluded), i) If you use electronic banking: Technical data (e.g. data on the device on which you use the mobile application), Location data (e.g. location of a place of executing transaction by way of mobile application), Browsing history (e.g. data necessary to maintain proper exchange of information between server and browser while using Millenet). Whom your data may be disclosed to? 7. Access to your personal data within the Bank s organisational structure shall be granted to authorised Bank employees and only to necessary extent. In certain situations your personal data may be disclosed by the Bank to recipients remaining outside of the Bank s structure. However, always, in such circumstance, the Bank shall examine legal basis for personal data disclosure. It is necessary to underscore that data recipient in the meaning of the Regulation is an entity processing your personal data on behalf of the Bank and entity provided with access to such data for its own purposes (e.g. public administration bodies). Conditional upon relations linking you with the Bank, the following entities may be recipients of your personal data: a) Public bodies or entities duly authorized to demand access or obtain personal data on the basis of effective law e.g. the Polish Financial Supervision Authority, Ministry of Finance, General Inspector for Financial Information, National Tax Administration, banking arbitrator, b) Entities entrusted by the Bank with duty to process personal data under concluded agreements e.g. courier service providers, payment card manufacturers, companies providing photo-inspection services, companies producing mass printouts, suppliers of IT and other data processing services processing data on behalf of the Bank, c) Banks and other institutions which can receive personal data in connection with performance of banking services (e.g. banks intermediating in execution of transfers) and under effective regulations e.g. BIK, business information bureaus as well as the Polish Bank Association, d) Conditional upon the scope of services you use entities participating in the processes related to execution of agreements and transactions e.g. KIR,VISA, MasterCard, SWIFT, telecommunication service providers. In case the data is transferred outside of the European Economic Area we apply relevant safeguards in the form of binding corporate rules, e) Insurance firms if you use insurance products, f) Entities providing advisory and control services e.g. auditing firms, g) Entities processing data for purpose of recovery of receivables or court representation e.g. law offices, h) Entities whom you have given consent to grant access to and to process your personal data, i) Entities within the Bank Group or entities from the capital group responsible for performance of contractual and reporting duties. Detailed list of personal data recipients is available at www.bankmillennium.pl/data-protection Exercising rights 8. Detailed information on your rights: a) You have the right to access your personal data including to obtain data copies; b) If you decide that your personal data processed by the Bank is untrue and inaccurate, you have the right to rectify or supplement such data, c) You have the right to demand your personal data to be erased in cases provided for by law, d) You have the right to demand processing of your personal data to be restricted,

e) You have the right to object to processing of your personal data in cases of processing for legitimate purposes of the Bank, f) You also have the right to receive, from the Bank, your personal data in a structured format and to transfer personal data to another controller. In case of transfer of data, in view of other regulations e.g. the Banking Law, your consent or consent of other person or compliance with other conditions provided for in such regulations may be required, g) You have the right not to be subject of decision based solely on automatic processing, including profiling, which triggers, for you, legal effects or have other material impact upon you unless the decision is necessary to execute agreement, is permitted by law or you have granted your clear consent earlier, h) In cases in which data is processed on the basis of consent, you have the right to withdraw your consents relative to individual data processing purposes, at any time. You may withdraw your consent in the Bank Outlet, by phone, in Millenet or in mobile application. Consent withdrawal shall have no impact upon compliance of the processing carried out prior to consent withdrawal with effective laws. 9. In case of conclusion of an agreement or execution of transaction provision of personal data shall be voluntary but necessary to perform or execute thereof. 10. In case you decide that processing of your personal data by the Bank is in breach of the provisions of the Regulation, you have the right to submit complaint with the supervision body. 11. Details regarding your rights connected with data processing you may find at www.bankmillennium.pl/dataprotection Automated decision making 12. In case you are linked with the Bank by an agreement or in case actions are undertaken to conclude an agreement, your personal data processing may be carried out in an automated manner. This might result in automated decision making including making decision based upon profiling. This applies to the following cases: a. Assessment of credit capacity and creditworthiness for purpose of conclusion of an agreement with the Bank where such assessment is performed on the basis of your application with use of data contained therein, data contained in the Bank s internal data bases and external data bases (BIK, BIG, data base maintained by ZBP etc.), and in effect of such profiling decision might be made not to grant the loan, b. Assessment of risk of money laundering and financing of terrorism when such assessment is performed on the basis of data entered into documents presented while submitting instruction or order to execute transaction or at conclusion of agreement, on the basis of pre-defined criteria (economic, geographic, subjective, behavioural). In effect of such assessment you shall be automatically classified to a risk group and classification to unacceptable risk group might result in automatic blockage and decision not to establish relationship.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback