GDPR - Bank Spółdzielczy w Szczytnie

GDPR

GDPR

Szczytno, on May 21, 2018 

Information

Regarding the processing of personal data by the Cooperative Bank in Szczytno

The European Parliament published Regulation 2016/679 on personal data protection, known as GDPR, in 2016. It applies in the European Union from May 25, 2018.

Data protection is one of the most important processes carried out by the Cooperative Bank in Szczytno. We continuously inform you about important changes in the law, including the rights of individuals whose data are processed. In fulfilling the informational obligation resulting from the Regulation, we present answers to frequently asked questions related to the new regulations.

PROCESSING OF PERSONAL DATA

1. What is GDPR?
It is an abbreviation for General Data Protection Regulation. GDPR introduces new rights for Clients, among others. One of the obligations of administrators processing personal data is to inform Clients about the processing of their personal data.

2. Why does the Bank process my personal data?
The Bank processes your data to conduct banking operations, for example, to maintain a bank account, to conclude and execute a contract regarding a banking product such as a loan, deposit, savings account, checking account, or to ensure the security of your funds and transactions. We also conduct informational activities about our services and products.

3. Can I access my data?
Yes. You can have full access to your personal data. You can also manage your consents for the processing of personal data, including marketing consents.

4. Who is the administrator of my personal data?
The administrator of your personal data is the Cooperative Bank in Szczytno. The Bank is responsible for processing them safely, in accordance with the agreement and applicable laws. For matters regarding personal data protection, you can contact the Bank at sales outlets, by phone at 89 624 23 09, or with the Data Protection Officer.

5. How can I contact the Data Protection Officer?
You can contact the Data Protection Officer at the Cooperative Bank in Szczytno via email:

Data Protection Officer at the Cooperative Bank in Szczytno:
Leszek Przybysz
Phone number: 89 642-61-40
ul. Łomżyńska 20, 12-100 Szczytno

6. For what purpose does the Bank process my personal data?
Your personal data is processed by the Bank for the following purposes:

  1. to take actions before concluding the agreement and to perform the agreement, including assessing creditworthiness and analyzing credit risk,
  2. for other purposes related to the conducted banking activities, including fulfilling legal obligations imposed on the Bank, pursuing claims arising from conducting business, and for sales and direct marketing,
  3. when necessary to perform a task carried out in the public interest,
  4. for internal administrative purposes of the Bank, including credit portfolio analysis, statistics, and internal reporting at the Bank,
  5. for the purposes specified in the content of the consent granted by you.

7. What types and categories of personal data does the Bank process?
The Bank processes data related to:

  1. the identification and verification of the Client's identity,
  2. transaction data,
  3. data concerning marital status and family situation, including information about dependents and those living in the same household,
  4. financial data or data related to providing banking services,
  5. data concerning the conducted business, professional, or social activities,
  6. audiovisual data (recorded conversations for security purposes or as evidence).

8. Who is the recipient of my data?
Your data may be shared with the following recipients or categories of data recipients:

  1. Credit Information Bureau S.A.,
  2. Polish Bank Association,
  3. Ministry of Finance, including the General Inspector of Financial Information,
  4. Financial Supervision Authority,
  5. Economic Information Bureaus,
  6. banks, credit institutions, and other authorized entities under applicable laws,
  7. entities to which the Bank has entrusted the processing of personal data under data processing agreements (so-called data processors). A full list of entities is available on the Bank's website at www.bsszczytno.pl

9. Will my personal data be transferred to a third country or international organization?
Currently, we do not plan to transfer your personal data outside the European Economic Area.

10. How long will your personal data be stored by the Bank?
Personal data will be stored for the duration of the agreement and after its termination to fulfill the legal obligations imposed on the Bank, including pursuing possible claims, in accordance with applicable laws, and will subsequently be deleted or anonymized.

11. What rights do I have?
In connection with the Bank's processing of personal data, you have the right to:

  1. access to your data content (art. 15 GDPR),
  2. rectification of data (art. 16 GDPR),
  3. erasure of data (art. 17 GDPR),
  4. restriction of data processing (art. 18 GDPR),
  5. data portability (art. 20 GDPR),
  6. to object to data processing (art. 21 GDPR), the right not to be subject to decisions based solely on automated processing, including profiling (art. 22 GDPR).

12. Where can I file a complaint?
If you believe that the processing of your data violates the provisions of GDPR, you have the right to file a complaint with the supervisory authority, the President of the Personal Data Protection Office.

13. Is providing personal data voluntary or mandatory?
Providing your data is voluntary, however, necessary for concluding and executing the agreement.

14. Where does the Bank have my personal data from?
The source of your personal data includes applications and agreements concluded with the Bank, while in the case of obtaining personal data in a manner other than from the individuals whose data are concerned, the source of the data is third parties. In this case, the Bank is obliged to inform those individuals about the source of obtaining their data.

15. Will my personal data be processed in an automated manner?
Your personal data may be processed in an automated manner, including profiling. Profiling will involve possibly offering you better-matched products/services; however, binding decisions will not be automated.

PRINCIPLES FOR HANDLING REQUESTS REGARDING CLIENT RIGHTS IN THE FIELD OF PERSONAL DATA

Individual clients and institutional clients (individuals running a business, individuals running a family farm, civil law partnerships, partnerships, general partnerships) of the Bank are entitled to submit requests regarding the handling of Clients' rights resulting from GDPR, and the Bank is obliged to handle them according to the principles below:

The Client can submit a request to the Bank at any time, starting from May 25 of this year.

  1. The Bank will consider a request submitted by a Bank Client or a person acting on their behalf:
    • within a month from the date of receipt of the request,
    • in the event that the request or the number of requests from the Client is of a complicated nature, the deadline for providing a response may be extended by an additional two months; within a month of receiving the request, the Data Protection Officer will inform the Client in writing about the extension of the deadline, stating the reasons for the delay,
    • in the event of no action being taken regarding the client's request, the Data Protection Officer will immediately - no later than within a month from the date of receipt of the request - inform the Client in writing about the reasons for not taking action and the possibility of filing a complaint with the supervisory authority and seeking legal remedies in court.
  2. The Client can submit a request using a form developed by the Bank. The request form is available on the Bank's website, in the dedicated GDPR tab: bsszczytno.pl or at the Bank's sales outlets. The Client's request should contain address details and the type and details of the request.
  3. The Client can submit the completed request at any Bank sales outlet.
  4. A Bank sales outlet will fulfill the client's request regarding the informational obligation (providing information to the Client), the right to withdraw consent for marketing purposes, and the right to rectification (data update). For other Client rights, the handling of the request is executed by dedicated staff from the Bank's Headquarters.
  5. The time limit for handling the request begins upon the receipt of the Client's request by the Bank.
  6. The Client is entitled to file a complaint in the event of non-compliance with the deadline for providing a response by the Bank. Information on the procedure for filing complaints is available on the Bank's website.
  7. On behalf of the Bank, the Data Protection Officer provides the Client with a response to the submitted request in writing, by registered letter with acknowledgment of receipt.
  8. The Bank does not charge any fees or commissions for the acceptance and consideration of the first request. If the frequency of the Client's requests exceeds one request over three months, the Bank may charge a fee equal to the administrative costs associated with providing the response.
  9. In the event that the Client submits a request as an insured party / insurer / beneficiary in an insurance policy concluded through the Bank with an insurance company cooperating with it (regarding the realization of the rights of the Client whose data have been entrusted to the Bank for processing by the insurance company being their administrator), the Bank informs the insurance company of the submitted request to realize the rights of the Client regarding personal data, sending the insurance company the request within 3 days from the date of submission of the request by the Client. The response to the Client's request is in this case provided directly by the insurance company or by the Bank within the timeframe and in a manner previously agreed with the insurance company.
  10. The relevant supervisory authority for the Bank concerning personal data is currently the President of the Personal Data Protection Office.
  11. If you have any questions regarding the request, please contact a sales outlet employee or the Data Protection Officer at the email address:

 

This is information resulting from GDPR provisions. It does not require any action on your part.

Legal basis:

Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016. EU Official Journal L.2016.119.1 of May 4, 2016, applicable from May 25, 2018 (hereinafter referred to as the Regulation)

Data Protection Officer at the Cooperative Bank in Szczytno:
Leszek Przybysz
Phone number: 89 623-28-21 (ext. 246)
e-mail: