PROTECTION OF YOUR PERSONAL DATA IS OUR PRIORITY
Whether you are a client of Piraeus Bank Bulgaria AD, just interested in the Bank or a visitor to our website, we regard and respect the inviolability of your personality.
Who are we?
PIRAEUS BANK BULGARIA AD is a commercial company, registered in the Commercial Register of the Registry Agency under UIC 831633691, with seat and registered office: 1766 Sofia, Vitosha District, 260 Okolovrasten pat Str. tel.: 0 700 12 002; e-mail: email@example.com and is an administrator of personal data, in accordance with the provisions of the legislation on personal data protection.
How to contact the Personal Data Protection Officer of PIRAEUS BANK BULGARIA AD?
Address: Sofia 1766, 260 Okolovrasten pat Str.
PIRAEUS BANK BULGARIA AD respects the confidentiality of your personal data.
Protecting your personal information throughout the processing of personal data, as well as the security of all business data, is an important issue for us. We process your personal data confidentially, and in accordance with legal regulations at national and European level.
- What personal data do we collect for you?
- What is the purpose of their collection?
- How long do we store the personal data provided?
- Who do we share your personal information with?
- What types of cookies do we use to make your stay on our website better?
- What are your rights regarding the personal data provided?
What are personal data?
Any information and data that can identify an individual, directly or indirectly.
For example, indirect identification is your mobile phone number. Direct identification is achieved when you provide a unique identifier, such as PIN, Identificaton number of a foreigner, customer code, etc.
What personal data does PIRAEUS BANK collect for you?
In order to provide you with effective access to our products/services, PIRAEUS BANK collects the following information about you:
- Personal information that identifies you:
Name, middle name, surname, PIN, Identificaton number of a foreigner, address, date of birth, identity card details, place of birth, nationality, telephone number, email address, current photo, other identifier from another country;
- Transaction data:
Customer number, IBAN, payment orders, bank account receipts, bank account balance, as well as transfer orders to other accounts in the country as well as abroad;
- Economic status data:
Salary/remuneration, payment history, type and value of your real estate and/or other assets, participation and or units or securities held in companies, tax number, credit history, current credit rating, details of the used from you financial services and products of PIRAEUS BANK, overdue payments, non-employment income information.
- Socio-demographic information:
Family status, family ties, related persons.
- Data about your online behavior and preferences:
IP addresses, cookies, GPS coordinates, data about your visits on our website and in the applications you use, as well as about the devices you use to make these visits - that helps us get information on whether you are on our website or using a mobile app.
- Information about your interests and preferences that you share with us:
For example, through the contact form of our website or through the posting portals.
- Audiovisual data
Video images when visiting our office, where video surveillance is installed, photos of ATM security devices, installed in case of suspicion of abuse, records of your phone calls.
- Credit card request details
Occupation, income, education, employer’s data, housing status, name, middle name, surname of the spouse, PIN/ Identificaton number of a foreigner of the spouse, average net monthly income of the spouse, number of children up to 18 years of age, financial obligations, details of the additional contact person.
- Data for applying for a consumer loan
Financial status (earnings, costs), employer's data and employment/work relationship, number of children up to 18 years of age, housing status, name, middle name, surname of the spouse, PIN/Identificaton number of a foreigner of the spouse, spouse's employment, average net monthly income of the spouse, education, current profession, financial obligations.
- Data for applying for a housing loan
Income, taxes and social security due, employer's data, financial status (incomes, costs), number of children, housing status, name, middle name, surname of the spouse, PIN/Identificaton number of a foreigner of the spouse, place of work of the spouse, net monthly income of the spouse, number of children up to 18 years of age, education, current profession, financial obligations, data about the property that serves as collateral.
- Special categories of personal data
Special categories of personal data - a special category of personal data, such as health information, processed in full according to the provisions of EU Regulation 2016/679, in case of application for special products, as well as for insurance activities.
- Data about children (minors)
We only process data abot children when you open a bank account in the name of minors.
What does processing of personal data include?
The processing of personal data includes collecting, storing, destructing, transmitting, correcting, updating, deleting, destroying and any other actions that are performed with your personal data.
For what purposes and on what basis does PIRAEUS BANK collect and process them?
PIRAEUS BANK treats your personal data in compliance with legal obligations, as may be necessary to protect the life and health of the data subject, to whom the data relate.
As a credit institution, PIRAEUS BANK should comply with numerous statutory requirements under the Bulgarian legislation (Law on Credit Institutions, Law on Measures Against Money Laundering, Regilations for Implementation of the Measures Against Money Laundering), as well as European legislation and ratified international instruments such as the Agreement between the Government of the Republic of Bulgaria and the Government of the United States on the Improvement of the International Tax Compliance and the Implementation in the action of FATCA/CRS/DAC2 and others.
PIRAEUS BANK is also subject to supervision, during which personal data may also be processed.
Measures for your security
We process your personal data for the purpose of:
- prevention of fraudulent acts/crimes (e.g. identity theft, computer hacking).
- ensuring IT security.
- in the event of litigation.
We assure you that we process your personal data fully in accordance with applicable European and national privacy laws. We inform you that you may, at any time, object/withdraw your consent to the processing of your personal data for marketing purposes.
PIRAEUS BANK collects your personal data in order to fulfill its contractual obligations under contracts with you for the provision of services - on a contractual basis.
We collect your data so that you can use our products and services, and so that we can inform you of everything related to them. This also applies to our pre-contractual relationships - when submitting your application/request for use of our product, in the process of concluding a contract. We may use your personal information to analyze and evaluate your needs, in order to offer a potentially more appropriate product than the product you are looking for.
In fulfillment of our contractual obligations, we process your personal data when making payment transactions.
We collect your personal data to check for available products and services that we can offer you, as well as to assess whether you meet the specific requirements for a particular product, prior to its offering (for example, consumer credit, home loan, etc.).
For credit risk analysis and behavior (credit rating), collateral valuation.
When granting credit, as a credit institution, we are required to check your creditworthiness. In this way, we assess whether you are able to pay back your credit.
To give you access to our website by showing you content that is relevant, personalized and limited to your criteria.
Statistical and analytical objectives.
PIRAEUS BANK collects personal data and after receiving explicit, clear, free and unambiguous consent from you for processing purposes.
Consent for processing your personal information is provided by visiting our branch, completing forms on our website, in a telephone conversation with an Information Center or through your account in our e-banking system.
The consent you provide can always be withdrawn by visiting one of our branches, or through your account in our e-banking system, or by sending us your request for withdrawal of consent.
- To improve customer relationships - when filling out your inquiry, we receive information about customer satisfaction and the weaknesses of our products/services on which to work, in order to improve the products and services we provide.
- For processing and analyzing personal data for marketing purposes
Your individual needs are important to us and we are trying to provide you with information about the most relevant products and services for you. For this purpose, we use information from our business relationships, as well as from market surveys and filled-in surveys. The main purpose of processing your data in this direction is to create individually oriented products to the needs of each individual customer.
We send personalized messages on emails, by post, phone, via short text messages, or e-banking. We have personalized offers on our website or in our mobile apps. You have the right to withdraw, at any time, your consent to process your data for direct advertising.
PIRAEUS BANK may also processes personal data if it has legal (legitimate) interest, except where such interests are overridden by the interests of the individual to whom the data relate.
How do we handle your personal information?
In order to provide products and services, PIRAEUS BANK processes (collects) the personal data you provide about physical, economic, social and family identity, as well as personal data, relating to the health status in the following ways:
- by filling in your applications, forms and declarations. The forms are provided by officers of PIRAEUS BANK and are filled in at our branches or business centers in case you make a request for services;
- by sending online forms with consent-based declarations to our website or by telephone with a contact center;
- by sending online forms with declarations-consent from your e-banking account;
- when updating data at your request and filling in a form for updating in hard copy or in an electronic environment;
- by processing information about your visits to the PIRAEUS BANK's website, including e-banking;
- by processing information about IP addresses, cookies, operating system and browser type;
- in order to analyze the possibilities for granting bank financing through automated processing of personal data, resulting in an automated decision to use funding;
- for the purpose of sending PIRAEUS BANK proposals for products and services
How long do we store and process your data before destroying them?
Depending on the basis on which we process your personal information, the storage time of personal data is different.
- For the purposes of pre-contractual relationships and surveys in different databases of individuals, who have an interest in products/services, the term is 1 /one/ year from the submission of the product/service request or information,
- When entering into a contract, the basis for the processing of personal data is contractual and the storage term is 6 /six/ years after the date of termination of the contractual relationship, but no earlier than the date of the removal of the legal basis for data processing.
- In case of legitimate interest on behalf of PIRAEUS BANK, the retention period is until the lapse and/or dropping out of interest,
- For direct marketing purposes, the storage period is 1 /one/ year from the date of the consent; For online job applications, submitted through the PIRAEUS BANK website - the term for storing personal data is 6 months from the date of submission of the application on the site.
To whom personal data you provide to us can be submitted?
PIRAEUS BANK is obliged not to submit your personal data without your explicit consent to third parties, except in cases where it is necessary to fulfill contractual and/or pre-contractual obligations.
In order to fulfill commitments on contractual and/or pre-contractual relations with you, PIRAEUS BANK may disclose your personal data to the following persons:
- Providers of hosting services, related to the PIRAEUS BANK website;
- Companies developing and maintaining the PIRAEUS BANK website, companies supporting the business pages of PIRAEUS BANK in the social media and others.;
- Companies providing credit rating services in case of financing.
- Public authorities, including those exercising supervisory functions;
- Banks and financial institutions in the country and abroad, when conducting monetary transactions;
- Courts, prosecution, police, investigation;
- Lawyers and notaries, for example, in the course of insolvency proceedings;
- Third parties - collection companies;
- Contractors of PIRAEUS BANK for the performance of their obligations, such as IT companies, logistics, telecommunication, collection services, printing services, marketing, card providers and others. Persons, to which PIRAEUS BANK assigns valuation of collateral.
- Postbank, legally named „Eurobank Bulgaria” AD.
- Other data controllers, who have taken the necessary technical and organizational measures to protect personal data in and outside the EU/EEA.
PIRAEUS BANK has the right to disclose and pass on your personal data to companies within the PIRAEUS GROUP, located on the territory of the Hellenic Republic, insofar as there is a legitimate interest in the processing of your personal data for internal administrative purposes. This and any other transmission is done with strict confidentiality and security of your personal data.
Are there other cases in which we can share your personal data?
Your personal data is also provided to third parties in the following cases:
- Upon request from the individual, who supplied the data, subject to the protection of personal data;
- Upon request from competent authorities under the current legislation of the Republic of Bulgaria and the European Union.
In all the above cases, the persons to whom we provide your personal data have declared that they provide an adequate level of protection for your personal data, including foreign companies, positioned within the EU and EEA. With regard to companies, located outside the EU and EEA, on a case-by-case basis, the company concerned ensures that it provides an adequate level of protection of personal data, while complying with the requirements of European legislation.
Automated decision making on personal data processing and profiling
For the sake of speed in the provision of services, most often online, we use the technical possibility of automated decision making under Art. 22 of the Regulation. In case your personal data is processed automatically, we will inform you. The processing of personal data, including “profiling”, consisting of any form of automated processing of personal data for the assessment of personal aspects, in particular the analysis or forecasting of various aspects relevant to your economic situation, your health, your personal preferences or your interests, credibility or conduct, is entirely done in accordance with the provisions of the Regulation. In the automated processing of your personal data/profiling, we:
- use appropriate procedures to perform profiling;
- implement appropriate technical and organizational measures by ensuring that the factors that lead to inaccuracies in personal data are corrected and the risk of error is minimized;
- protect personal data in a way that takes into account potential threats to your interests and rights and that does not give rise to discrimination, based on race or ethnic origin, political opinions, religion or belief, membership of trade unions, genetic or health status or sexual orientation, or from which no such measures result.
We inform you that you have the following rights in relation to automated decision making/profiling:
- the right, in any case, of automated processing of the personal data you provide to declare your willingness to include human intervention in view of making a decision;
- express your opinion in view of the automated decision taken;
- get an explanation for the automated decision taken by submitting an application;
- appeal the decision taken by automated processing.
What are your rights with respect to the personal data provided?
Subject to the Bulgarian and European legislation, including EU and Council Regulation (EU) 2016/679 (General Personal Data Protection (GDPR), you can exercise the following rights:
- The right of access to personal data that PIRAEUS BANK processes for you and get a copy thereof;
- The right to request blocking of your personal data or limitation of the processing of personal data, in the cases specified by the law and the Regulation;
- The right of request the destroying, i.e. deletion of your personal data from PIRAEUS BANK, if the conditions are met.
- The right to object to the processing of your personal data for direct marketing purposes, as well as to third parties for this purpose;
- The right, upon request, to withdraw your consent your personal data to be processed for the purposes for which you have given consent, for example, marketing purposes;
- The right to request the portability of your personal data in a structured, machine-readable format that is commonly used;
- The right to make a complaint or request for protection of your rights with a Personal Data Protection Commission, if prerequisites for doing so are available;
You may exercise all rights, at any time, during the processing of your personal data, by sending a written application signed by you to the address of the seat of PIRAEUS BANK AD: Sofia, 260 Okolovrasten pat Str., and by sending e-mail: firstname.lastname@example.org
Do you have an obligation to provide us with your personal data?
In order to provide our products and services, as well as entering into contractual relationships, we collect and process your personal data. We also process them in order to fulfill legal obligations of PIRAEUS BANK and in case the Bank has legal (legitimate) interest.
Should PIRAEUS BANK refuse to provide your personal data voluntarily, PIRAEUS BANK will not be in a position to provide you with its products and services, respectively to conclude a contract/to continue execution of a contract with you.
Last updated: August 2019