Information on the processing of personal data

Similar documents
INFORMATION ON THE PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA

PRIVACY NOTICE. I. Indication of the data controller

Bank Handlowy w Warszawie S.A. PRIVACY NOTICE

INFORMATION ON THE PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA

INFORMATION ON THE PROCESSING OF PERSONAL DATA

Purpose Explanation Legal basis Data processing duration

Overdraft Facility Agreement. (to be completed by the Bank) READ ONLY. (to be completed by the Customer) (to be completed by the Customer)

2. FROM WHICH SOURCES THE BANK COLLECTS YOUR PERSONAL DATA?

Current Report No. 29/2018 Offer to purchase shares of Amica SA. Legal basis: Article 17 paragraph 1 of the Market Abuse Regulation

PAYMENT SERVICES TERMS AND CONDITIONS

Data Privacy Notice. Who are we and why do we register and use personal data?

Privacy Policy. For the purposes of Data Protection Legislation the data controller is the Company.

Data Privacy Notice of Sumitomo Mitsui Banking Corporation, Brussels Branch ( SMBC )

DATA PROTECTION POLICY. AtonLine Limited

Agreement for Bank Accounts, Electronic Payment Instruments and the Use of Electronic Banking Channels ( Deposit Product Agreement )

Data Protection Information The following data protection information gives an overview of our collection and processing of your data.

Terms and Conditions. Terms of Use for the services of FX City. Definitions

TERMS AND CONDITIONS OF AGREEMENT FOR ACCEPTANCE OF CASH DEPOSITS IN THE BANK NOTE ACCEPTOR (BNA) NETWORK

SILCHESTER INTERNATIONAL INVESTORS DATA PROTECTION POLICY

INFORMATION in accordance with Personal Data Protection Act no. 18/2018 of Law, 19

PAYMENT SERVICES TERMS AND CONDITIONS INDIVIDUALS

Terms and Conditions of Investment Products. effective 03 January 2018

Data protection information under the EU General Data Protection Regulation in Italy

Loan Contract no. (Confirmation of a Loan Contract conclusion)

Data Privacy Statement

ANNEXURE. Privacy Notice

Institutional Investment Advisors Limited

Terms and Conditions for the stamp preparation service. MójZNACZEK

GENERAL TERMS AND CONDITIONS OF SALE OF GOODS

privacy notice who is responsible for processing your personal data and who you can contact in this regard reasons for processing your data

PayU S.A. Tel , Grunwaldzka Str Poznań Poland

LEGAL PRIVACY NOTICE (EFFECTIVE MAY/2018) 12 Demostheni Severi Avenue 5th Floor 1080 Nicosia Cyprus

CUZ [TRUST SERVICE CENTRE] Sigillum Terms and Conditions Date: Status: Actual PWPW S.A. Ver Page 1

ACT. of 12 September on electronic payment instruments. (Journal of Laws of 11 October 2002) Chapter 1. General provisions

Data protection information under the EU General Data Protection Regulation in Germany

ANTI-MONEY LAUNDERING POLICY. (2 nd Edition)

1. Personal data processed by NOVO BANCO as the data controller

Bank Handlowy w Warszawie S.A. Preliminary consolidated financial results for 2017

Bank Handlowy w Warszawie S.A. Capital Group

Duty to inform for data collection

Changes introduced in respective documents are presented in the table below.

PRIVACY NOTICE LAST UPDATED: SEPT. 2018

Principles of Processing the Personal Data of Clients

TERMS AND CONDITIONS

5)Confirmation of Reservation a form confirming acceptation of the Reservation Fee.

Privacy Policy for IFU Investment Fund for Developing Countries

Description of forward transactions of sale of greenhouse gas emission allowances with cash settlement option

This Policy also explains how we collect information through the use of cookies and related technologies which are relevant if you visit our Site.

PKO BANK POLSKI SA S GENERAL TERMS AND CONDITIONS OF MAINTAINING BANK ACCOUNTS AND PROVIDING SERVICES FOR INDIVIDUAL CLIENTS

Appendix no. 12 to ZPZ A/18/2016 REGULATIONS. Bank Accounts, Operations and Services for Corporate Clients of Bank Polska Kasa Opieki S.A.

Split Payment basic information

CRS Self-Certification Form for Partnerships

CP is licenced and supervised by the Commission de Surveillance du Secteur Financier (hereinafter CSSF ).

To the General Shareholders Meeting and the Supervisory Board of Bank Handlowy w Warszawie S.A.

CURRENCY EXCHANGE SERVICE TERMS AND CONDITIONS

THE BANKING ACT 1) of August 29, A unified text CHAPTER 1 GENERAL PROVISIONS

Privacy Statement v 1.1

DATA PROCESSING AGREEMENT ( AGREEMENT )

Anti-Money Laundering and Combating Financing of Terrorism Framework 17 January 2018

To the General Shareholders Meeting and the Supervisory Board of Bank Handlowy w Warszawie S.A.

Citi Canada. Privacy of Personal Information Statement

SECTION 1 IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

The EU s General Data Protection Regulation enters into force on 25 May 2018

Data protection. VTB Bank (Europe) SE Rüsterstraße 7-9 D Frankfurt am Main Tel: Fax:

Privacy Statement for Intermediaries

We are the Sanne Group, a listed multinational provider of alternative asset and administration services.

1. Card Processor a bank or credit institution which

Resolution No. 35/158/14 of the Supervisory Board of KDPW_CCP S.A. dated 5 November 2014 shall be amended as follows:

GENERAL DATA PROTECTION REGULATIONS PRIVACY NOTICE

General Data Protection Regulation (GDPR) Data Protection Notice

Data Privacy is important please read the statement below.

Decree No. 67/2018 Coll.

We protect your data and privacy by taking all relevant measures in accordance with applicable legislation.

ADMIRAL MARKETS AS PRIVACY POLICY

CURRENCY EXCHANGE SERVICE TERMS AND CONDITIONS

I. OPINION ON THE PUBLIC CONSULTATION ON RESPONSIBLE LENDING AND BORROWING IN THE EU

TERMS AND CONDITIONS

Data Protection Notice pursuant to the General Data Protection Regulation (GDPR)

Al. Jerozolimskie 123A; Warszawa, Poland

THE BANKING ACT 1) of 29 August (Legislation in force as of 5 April 2011) CHAPTER 1 GENERAL PROVISIONS

Regulations on Opening, Holding and Closing Bank Accounts at mbank S.A.

Data Protection Privacy Notice for people not directly involved in the accident

Uniform text of RESOLUTION No 43/2013 OF THE MANAGEMENT BOARD OF NARODOWY BANK POLSKI. of 5 December 2013

GENERAL TERMS AND CONDITIONS OF KEEPING

Information about Danica Pension s processing of personal data

ALTERNATIVE TRADING SYSTEM RULES

Translation of document originally issued in Polish

Data protection information for customers and interested parties

Direct Payment General Terms and Conditions of Use

Consolidated financial results for 2Q 2018

INFORMATION ON THE USE OF PERSONAL DATA

LGIM Liquidity Funds plc Privacy Policy

Edmond de Rothschild (Suisse) S.A. Personal Data Protection Charter

DATA PROCESSING AGREEMENT/ADDENDUM

ANNOUNCEMENT OF MANAGEMENT BOARD OF BANK HANDLOWY W WARSZAWIE S.A., WITH ITS REGISTERED OFFICE IN WARSAW, ON CONVENING THE ORIDINARY GENERAL MEETING

ADMIRAL MARKETS UK LTD PRIVACY POLICY

Capital Dynamics Privacy Policy

Transcription:

Information on the processing of personal data

INFORMATION ON THE PROCESSING OF PERSONAL DATA In connection with implementation of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation GDPR ), Bank Handlowy w Warszawie S.A. ( Bank ) would like to inform you of the rules regulating the processing of your personal data and on your rights connected with it. The rules presented below will be applicable starting from 25 May 2018. If you have any questions as to the manner and scope of the processing of your personal data by the Bank as well as your rights, please contact the Bank at ul. Senatorska 16, 00-923 Warsaw, or the personal data inspector by electronic means at daneosobowe@bankhandlowy.pl or in writing at ul. Goleszowska 6, 01 249 Warszawa I. Identification of the controller Your personal data will be administered by Bank Handlowy w Warszawie S.A. with its registered office in Warsaw, ul. Senatorska 16. II. The purposes and the legal basis of the processing of your personal data: The Bank processes your personal data for the following purposes: 1. to initiate, upon your request, actions to conclude an agreement with the Bank or when it is necessary for the performance of an agreement with the Bank (Article 6.1(b) of GDPR), and additionally: i) with regard to credit facility agreements connected with: a) preparation of assessment of credit capacity or analysis of credit risk (pursuant to Article 9 of the Act on consumer credit of 12 May 2011 or Article 70 of the Act Banking Law), b) provision of information to institutions established under Article 105 clause 4 of the Act Banking Law, including to Biuro Informacji Kredytowej S.A. ( BIK ) with its registered office in Warsaw, to the Polish Bank Association with its registered office in Warsaw, as well as to business information bureaus according to the rules prescribed in the Act on providing business information and exchange of business data of 9 April 2010, ii) with regard to agreements for investment services connected with examination of the level of knowledge on investing in the scope of financial instruments and investment experience or your financial standing and investment objectives (according to the rules prescribed in the Act on trading in financial instruments of 29 July 2005 and in executory acts issued on its basis); 2. fulfillment of legal obligations imposed on the Bank in connection with its banking activity, including: i) those resulting from Article 8 et seq. of the Act on Anti-Money Laundering and Combating the Financing of Terrorism of 16 November 2000 of 16 November 2000 or after their effective date Article 33 et seq. of the Act on Anti-Money Laundering and Combating the Financing of Terrorism of 1 March 2018 (the so-called AML Act ), ii) if applicable, connected with monitoring of correspondence and transactions or orders pursuant to Article 16 of Regulation (EU) No. 596/2014 of the European Parliament and of the Council (the so-called MAR Regulation ) or monitoring and recording phone calls and electronic correspondence on the basis of the Act on trading in financial instruments of 29 July 2005, iii) connected with provision of Bank s cash flow liquidity, including fulfillment of obligations resulting from Regulation (EU) No. 575/2013 of the European Parliament and of the Council on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No. 648/2012 (the so-called CRR Regulation ), iv) connected with reporting to public authorities, including supervisory authorities, and other entities to which the Bank is obliged to submit its reports on the basis of the applicable legal provisions, including in connection with fulfillment by the Bank of the identification and reporting obligations resulting from the Act on exchange of tax information with other countries of 9 March 2017 (the so-called CRS Act ) or the Act on performing the Agreement between the Government of the Republic of Poland and the Government of the United States of America to Improve International Tax Compliance and to Implement FATCA of 9 October 2015, 2

v) connected with the processing of complaints and claims relating to the services provided by the Bank pursuant to Article 5 of the Act on processing complaints by entities operating in the financial market and on the Financial Ombudsman of 5 August 2015, as well as other requests and queries addressed to the Bank; 3. what is more, in certain situations it may prove necessary to process your data due to exercise of Bank s legitimate interest (Article 6.1(f) of GDPR), in particular for the following purposes: i) marketing involving Bank s products and services and similar products and services offered by Bank s partners, ii) connected with monitoring and improvement of quality of the products and services provided by the Bank, including monitoring of phone calls and meetings, checking your satisfaction with the provided services, iii) connected with management of risk and Bank s internal control pursuant to Article 9 et seq. of the Banking Act; iv) restructuring or sales of Bank s claims against you and pursuing claims by the Bank, v) if applicable, connected with conducting litigations, as well as proceedings before public authorities and other proceedings, including for the purpose of pursuing and defending against claims, vi) counteracting abuses and use of Bank s operations for criminal purposes, including for the purpose of processing and sharing information related to suspicions or detection of crimes according to the rules prescribed in Article 106d et seq. of the Banking Act, vii) internal reporting within the Bank or the Citigroup capital group, including management reporting, viii) if applicable, maintaining internal record of given and received benefits, conflicts of interest and violations of ethical conduct in a scope necessary for counteracting abuses and use of Bank s operations for criminal purposes, 4. in other cases your personal data will be processed only on the basis of your prior consent and in the scope and for the purpose determined in the wording of such consent. III. The obligation to provide your personal data to the Bank You must provide your personal data to conclude and perform an agreement with the Bank. This condition results from performance of the obligations arising out of the legal provisions mentioned above or is necessary for achievement of the objectives arising out of the Bank s legitimate interest mentioned above. If you fail to provide all required personal data, this will prevent the Bank from concluding the agreement with you and providing services to you. In the scope in which personal data are collected on the basis of a consent, providing personal data is voluntary. IV. Information on the recipients of your personal data In connection with the processing of your personal data for the purposes indicated in point II, your personal data may be disclosed to the following recipients or recipient categories: 1. public authorities and entities performing public duties or acting upon commission of public authorities in the scope and for the purposes resulting from the legal provisions, e.g. to the Polish Financial Supervision Authority (Komisja Nadzoru Finansowego), the General Inspector of Financial Information (Generalny Inspektor Informacji Finansowej); 2. entities associated with the Bank, including within the frames of Citigroup, during performance of their reporting obligations; 3. entities performing duties resulting from the legal provisions, such as Credit Information Bureaus (BIK) and business information bureaus, as well as other banks and institutions in the scope in which such information is necessary in connection with performance of banking activities and acquiring and disposing of claims; 4. entities participating in processes necessary for performance of agreements concluded with you, including Krajowa Izba Rozliczeniowa S.A., Visa, Mastercard, First Data Polska; 5. entities supporting the Bank in its business processes and banking activities, including entities processing personal data for the account of the Bank (the so-called data processors) and Bank s partners; 6. the Polish Bank Association. 3

V. Personal data processing periods Your personal data will be processed for a period necessary for achievement of the objectives indicated in point II, i.e. in the scope of performance of the agreement concluded between you and the Bank, for a period until the end of its performance, and after that period for a period and in a scope required under the legal provisions or for implementation by the Bank of a legitimate interest of the data controller in the scope as prescribed in point II above, and if you give your consent to the data processing after termination or expiry of the agreement, until you withdraw your consent. VI. Profiling and automated decision making Profiling should be understood as any form of the automated processing of personal data which consists in their use for assessment of certain features of an individual, in particular for analysis or forecast of certain features related to effects of work of a given individual, his/her economic standing, health, personal preferences, interests, reliability, conduct, localization or moving. In the scope necessary for conclusion or performance of the agreement with the Bank or performance by the Bank of an obligation resulting from the legal provisions, your personal data may be processed in an automated manner which may involve automated decision-making, including profiling, which may cause legal effects against you or otherwise considerably affect your situation. This type of cases occur in the following situations: 1. conducting assessment of the risk of money laundering and terrorist financing in accordance with the AML Act: i) Your personal data are used in the process Know your customer, which takes place at the stage of establishing relations, but also later, as part of cyclical reviews. Within the frames of profiling, among others, on the basis of circumstances such as the type of client, business relations, transaction history, geographical risk and verification if a client is a person holding an exposed political position within the meaning of the AML Act and if such person has demonstrated a high risk activity before (e.g. transactions previously reported to the General Inspector of Financial Information (GIIF), a level of risk for the particular client is determined or changed. If as a result of such profiling you are qualified as a high risk person, the Bank reserves the right to contact you in order to obtain additional information. Furthermore, as a result of such qualification at the stage of establishing relation, we may refuse to conclude the agreement with you, ii) Your personal data will be profiled for the purpose of identification of possible cases of money laundering or terrorist financing in accordance with the AML Act. Within the frames of such profiling the following data are concerned, among others: data on transactions, nationality, type of client, type of business relations, geographical area as well as prior high risk activity. As a result of such profiling certain conduct is identified as potentially non-compliant with the provisions of the AML Act in terms of money laundering or terrorist financing. Should any justified suspicions of money laundering or terrorist financing be found, the relevant transaction will be reported to competent authorities or the agreement may be terminated. Such a finding may also lead to refusal to conclude another agreement with you in the future, or refusal to extend the current relation by further products offered by the Bank; 2. with regard to credit facility agreements: i) assessment of your credit capacity or analysis of the credit risk. Assessment of your credit capacity and creditworthiness relies on the data provided by you in the application for conclusion of the agreement with the Bank and information obtained from BIK and business information bureaus. The scope of used data covers information on your present liabilities and information on the history of other products and services, including data stored in bases of BIK and business information bureaus. In the process of assessment of your credit capacity and creditworthiness certain statistical models are used, as a result of which your credit capacity and creditworthiness for assumption of liabilities against the Bank is determined. If in this manner lack of or insufficient credit capacity and creditworthiness to assume a given liability is revealed, the Bank will refuse to grant you the credit facility, ii) Your personal data, i.e., among other things, the previous credit history, demographical data, transaction history, as well as the previous assessment of your credit capacity and creditworthiness may be profiled within the frames of the processes of management of the credit risk and Bank s capital in connection with the requirement of the CRR Regulation discussed above. Such profiling will have no effects on you, 4

iii) you may receive an automated decision on reducing your credit if your credit capacity has deteriorated. Deterioration of credit capacity may be identified by the Bank only as a result of assessment of objective information, i.e. on the basis of information on the number, amount and quality of ongoing service of credit facilities and other services, whereby such information is obtained from the base of the Bank Register (MIG-BR), the base of BIK and Bank s systems, iv) in justified cases, i.e. in the case of lack, despite requests, of payment of a due and payable liability resulting from an agreement, the Bank decides in an automated manner to terminate the agreement, v) in justified cases with regard to due and payable claims of the Bank resulting from agreements related to credit, upon ineffective pursuit procedure, the Bank will decide in an automated manner to sell them; 3. furthermore, with regard to performance of a credit card agreement, in accordance with the terms and conditions of the agreement concluded with the Bank: i) the Bank may make an automated decision not to extend the agreement with you. The basic criterion for making such a decision is an ever longer period of at least 24 months in which you do not use your credit card, ii) you may receive an automated decision on refusal to execute a transaction. Such decision will be made as a result of exceeding the granted credit limit or in the case of arrears on the credit card account; 4. in justified cases you may receive an automated decision on refusal to execute a payment transaction in the case of suspicion that it has been initiated by an unauthorized person. Identification of such cases relies on profiling determined according to criteria connected with the features of your transactions, including the transaction amount, the venue where the transaction is initiated, the authentication method; 5. in the case of agreements for investment services in the scope connected with assessment of the level of knowledge and experience and the analysis of the risk profile (in accordance with the Act on trading in financial instruments of 29 July 2005), information derived from the form (among other things, education, investment experience, knowledge on investment products, age, financial standing and investment objectives) will be used for assessment of your knowledge and experience in investing in the financial market, financial standing and investment objectives, i.e. for the purpose of creating your investment profile. What is more, such information will be used for correct assessment of the target market of end clients within the frames of the relevant category of Bank clients. The Bank may refuse to conclude an agreement if it finds lack of sufficient knowledge related to the character of the service covered by the agreement you want to conclude; 6. for marketing purposes referred to in item II.2(a) your personal data (among other things, the previous credit history, demographical data, transaction history, as well as the previous assessment of your credit capacity) may be used for profiling for the purpose of sending you a personalized offer which, if you decide not to take advantage of it, will bring no negative effects for you. VII. Rights of the data subject The Bank would like to ensure you that all persons whose personal data are processed by the Bank enjoy the respective rights resulting from GDPR. In view of the foregoing, you have the following rights: 1. the right to access personal data, including the right to obtain copies of such data; 2. the right to demand correction of personal data if the data are incorrect or incomplete; 3. the right to demand removal of personal data (the so-called right to be forgotten) if: i) the data are no longer necessary for the purposes for which they have been collected or processed, ii) the data subject raises an objection against data processing, iii) the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing, iv) the data are processed in violation of the law, v) the data have to be removed for purpose of fulfillment of an obligation resulting from the legal provisions; 4. the right to demand limitation of the processing of personal data if: i) the data subject questions the correctness of personal data, 5

ii) the processing of data is in violation of the law and the data subject opposes removal of the data, demanding their limitation instead, iii) the controller no longer needs the data for own purposes, but the data subject needs them for determination, defense or pursuit of claims, iv) the data subject raises an objection against data processing, until it is determined if legally justified reasons on the part of the controller are superior to the basis of the opposition; 5. the right of data portability if: i) the processing takes place on the basis of an agreement with the data subject or on the basis of consent expressed by such person, and ii) the processing takes place in an automated manner; 6. the right to oppose the processing of personal data, including profiling if: i) certain reasons arise which are connected with your specific situation, and ii) the processing of data relies on the necessity for purposes resulting from Bank s legitimate interest referred to in point II above; VIII. The right to revoke the consent to process personal data In the scope in which you have given your consent to the processing of personal data, you may revoke it. Revoking the consent does not affect the legality of the data processing carried out on the basis of the consent before it is revoked. IX. The right to file a complaint with a supervisory authority If you find that the processing by the Bank of your personal data violates the provisions of GDPR, you may file a complaint with the relevant supervisory authority. X. Transfer of personal data to entities from beyond the European Economic Area (EEA) or international organizations In cases justified and necessary due to circumstances, the Bank may disclose your personal data to entities having their registered office outside the EEA (USA, Singapore, India, China, Hong Kong, Canada and international organizations (e.g. SWIFT), as well as other entities having their registered office outside the EEA or international organizations to which the transfer is necessary for the purpose of performing the agreement (e.g. execution of your orders connected with the agreement). As a principle, data will be transferred outside the EEA on the basis of standard contractual clauses concluded with the recipient, the content of which has been determined by the European Commission and ensures the highest standards of personal data protection applied in the market. You have the right to obtain copies of such data through the Bank. 6

www.citihandlowy.pl Bank Handlowy w Warszawie S.A. with principal seat in Warsaw at 16 Senatorska Street, 00-923 Warsaw, entered into the register of entrepreneurs of the National Court Register maintained by the District Court for the capital city of Warsaw, 12th Business Division of the National Court Register, under no. KRS 000 000 1538; Tax Identification Number (NIP): 526-030-02-91, share capital amounting to PLN 522,638,400, fully paid-up. 04/2018

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback