Processing of Personal Data of Clients at Raiffeisenbank a.s.
Let us inform you how Raiffeisenbank a.s. (hereinafter also referred to as “we” or “our bank”) processes your personal data in connection with offering, concluding, providing and maintaining banking products and services.
The purpose of this Information Memorandum is to give you information about the particular personal data we collect, how we treat them, what sources we get them from, what purpose we use them for, whom we may provide the data to, where you can obtain information about your personal data we process, or what are your individual rights concerning the protection of personal data.
Thus, please read the contents of this Information Memorandum. We will be pleased to answer any of your questions in any of our branch offices, by mail at Raiffeisenbank a.s., tř. Kosmonautů 1082/29, 779 00 Olomouc, by email at firstname.lastname@example.org, or on our toll-free info line at 800 900 900.
Our bank is subject to various statutory obligations regarding the processing of client personal data that we must comply with, particularly with regard to fulfilment of our contractual obligations, security of banking trades or exercise of official authority. In this regard, we would be unable to provide our banking products and services at all without being given your personal data. Also, we process personal data of clients beyond the framework of our statutory obligations for the purpose of customer care, to verify your credibility and creditworthiness for selected banking services, and to address you with targeted offers of products and services. We need your consent to do this. If you decide to not grant your consent in these cases, our provided products or services may be limited or otherwise adjusted, depending on the scope of data we are entitled to process. Every client is informed about the scope of limitations or adjustments.
Unless explicitly stated otherwise, all of the information contained herein also applies to the processing of personal data of prospective customers, i.e. persons with whom we are in contact but have not established a contractual relationship yet, as well as former clients. The information contained herein also applies, to a reasonable extent, to the processing of personal data of other persons, with regard to whom the bank has certain obligations (such as ultimate owners of legal and other entities or persons, whose data we acquire in the course of providing services to our clients, such as parties to realized payment transactions, beneficiaries of concluded letters of credit and similar), or with whom our bank is in direct contact without being in a contractual relationship with them (such as representatives of legal entities).
As part of processing your personal data we respect top standards of personal data protection and particularly abide by the following principles:
The administrator of your personal data is our bank, i.e. Raiffeisenbank a.s., having its registered office at: Prague 4, Hvězdova 1716/2b, postcode: 140 78, IČ: 492 40 901, a company entered in the Commercial Register maintained by the City Court of Prague, file number B 2051.
This usually concerns situations where you are obliged to disclose certain personal data to us as a condition to let us provide you with our product or service, or where we are entitled to process your personal data acquired otherwise.
(a) By virtue of law, we are entitled to process your personal data without your consent for the following purposes of compliance with our statutory obligations, in particular:
(b) Conclusion or performance of a contract with you
This particularly concerns realization of a banking trade or other performance of a contract between our bank and you. Personal data are required, inter alia, to realize the banking trade without inadequate legal risks, including negotiations on concluding or amending the contract with you.
(c) Protection of rights and interests protected by law, particularly in respect of:
This particularly concerns situations where you voluntarily agree that we process the provided or otherwise acquired personal data. Not granting your consent may be a reason preventing our bank from providing certain products or services or forcing it to reasonably adjust the availability, scope or conditions of provided products and services.
(a) Based on your consent, our bank processes your personal data for the following purposes:
(b) certain methods of information exchange among creditors on matters reflecting the credibility, creditworthiness and payment history of their clients and applicants for offered services. To a certain extent, in these cases, our bank is also entitled to participate in mutual exchange of certain information among creditors without obtaining the client’s consent;
(c) offering of products and services; in particular, this includes distribution of information, offering of products and services of our bank and other parties, including product and service offers targeted at particular clients, all via various channels, such as by mail, electronic means (including electronic mail and messages sent to mobile devices via a telephone number), or by telephone, via a website or ATMs. To a certain extent, in these cases, our bank is also entitled to offer products and services to clients without obtaining their consent; if implied by the law, you will be informed in this regard about your right to express your disagreement with any further offering of products or services. In this regard, your personal data may also be forwarded to third parties for the purpose of distribution of information and offering of products and services of such third parties. More details are provided below in this Information Memorandum.
Our bank processes your personal data to an extent as necessary to meet the above purposes. We particularly process contact and identification data, information reflecting credibility, creditworthiness and payment history, descriptive and other data, and, to a necessary and legitimate extent, also data about other persons. Detailed information about the scope of processed personal data of clients is stated in Annex 1 to this Information Memorandum.
Certain specific categories of personal data and related processing methods:
Birth registration numbers. According to the law, our bank is also obliged to process its client’s birth registration numbers. If assigned, the client’s birth registration number must be acquired and processed by our bank in line with the law for the purpose of banking trades and to allow realization of banking trades without unreasonable legal or factual risks for our bank. If the birth registration number is to be processed for other purposes, it must be done with your consent only.
Copies of documents. With regard to our statutory obligation to duly identify our clients, our bank is also obliged to process certain information about the clients’ identity documents (to the extent of the type, series and number of the identity card, the issuing state or authority, and validity of the document) and thus we also make copies of such identity documents based on your consent.
Communication recordings. Our bank monitors and records selected communications with clients, particularly telephone calls. You are always informed in advance about making any recordings. The contents of such communications are confidential and solely used for the purpose of compliance with statutory obligations, conclusion and performance of contracts, protection of rights and interests protected by law, and, with your consent, for the purpose of customer care.
Camera recordings. Particularly in premises where services are provided to clients (including ATMs operated by our bank), our bank monitors movement of persons. Camera recordings are solely made for the purpose of compliance with statutory obligations, conclusion and performance of contracts, and protection of rights and protected interests of our banks, clients or third parties. Unless the recordings are evaluated as required for the purpose of criminal, administrative or other similar procedures, the bank destroys them; such evaluation takes place without undue delay, however within 30 days from the date when made. In respect of preserved recordings, further evaluations take place on a continuous basis.
The method how our bank processes your personal data includes both manual and automated processing, including algorithmic processing, in our bank’s information systems. Also, automated evaluation of client personal data (profiling) is one of the personal data processing methods used by our bank; this process also results in creation of derived information about the client. This is particularly done for the purpose of compliance with our statutory obligations and for the purpose of protecting the rights and protected interests of our bank, its clients, or third parties. However, to a certain extent, our bank may also use the results of such evaluation to prepare customized products and services, such as when calculating pre-approved limits for loan products.
Your personal data are mainly processed by employees of our bank and, to an extent as required, by third parties. Before any disclosure of your personal data to a third party, we always enter into a written agreement with the third party, containing the same warranties in respect of personal data processing as adhered to by our bank in line with its statutory obligations.
Your personal data are made available particularly to our bank’s employees in connection with performance of their professional duties requiring work with personal data of clients, however only to an extent necessary in the particular case and in compliance with all security measures.
In addition, your personal data are disclosed to third parties participating in the processing of personal data of our bank’s clients, or, such personal data may be made available to them on other grounds in line with the law. Before any disclosure of your personal data to a third party, we always enter into a written agreement with the third party to stipulate the processing of personal data in a way to contain the same warranties in respect of personal data processing as adhered to by our bank in line with its statutory obligations.
As mentioned above, in an effort to ensure prudent conduct, our bank also cooperates with various client information registers or its users or members, with whom it shares personal data of clients, particularly concerning assessment of their credibility and creditworthiness. Thus, our bank cooperates, for example, with authorized users of the Banking Client Information Register (“BCIR”) operated by CBCB – Czech Banking Credit Bureau, a.s., with authorized users of the Non-Banking Client Information Register (“NCIR”) operated by Czech Non-Banking Credit Bureau, z.s.p.o., or with members of SOLUS, z.s.p.o., an association of legal entities. More information can be found in the BCIR Information Memorandum, NCIR Information Memorandum and the Information about SOLUS Association Registers available on our bank’s website.
Your personal data are processed in the territory of the Czech Republic and other states of the European Union where RBI Group entities are seated and which share the same personal data protection standard as the Czech Republic. Neither our bank nor the entities participating in the processing of client personal data disclose personal data of clients to countries outside the European Union.
Our bank processed personal data of clients only for a time necessary with regard to the purpose of processing. From time to time we evaluate existence of the need to process certain personal data required for a particular purpose. Once we detect that the data are no longer required for any of the purposes, for which they have been processed, we destroy the data. However, in respect of certain purposes of personal data processing, we have internally evaluated the usual term of usability of personal data, after expiration of which we most carefully assess the need to process such personal data for the particular purpose. In this regard, it also holds that personal data processed for the purpose of:
In this Information Memorandum we tried to explain why we need your personal data and that for certain purposes we may process them with your consent only. You are not obliged to grant consent to our bank to process your personal data and you are also entitled to revoke your consent. At this point we would like to remind that we are also entitled to process some personal data for certain purposes without your consent. If you revoke your consent, we will discontinue the processing of the relevant personal data for purposes requiring the relevant consent; however, we may be entitled or even obliged to process the same personal data for other purposes.
If you refuse to grant or revoke your consent, we may:
If you wish to revoke your consent with the processing of personal data, please refer to any of our branch offices, send us a letter to Raiffeisenbank a.s., tř. Kosmonautů 1082/29, 779 00 Olomouc, or an email to email@example.com, or call our toll-free info line at 800 900 000.
We acquire personal data of clients particularly from:
If you ask us for information related to the processing of your personal data, we will provide you with all information about the data we process about you without undue delay. For providing this information, we are entitled to claim reasonable compensation of cost incurred in order to provide the information.
If you find out or think that our bank or a third party participating in the processing of data processes your personal data in conflict with the protection of your private life and/or in conflict with the law, in particular if your personal data are inaccurate, you may:
If we find your request legitimate, our bank or the third party participating in the processing of data will remove the defective state free of charge and immediately.
In certain cases, our bank also handles client personal data by authorization of another party (another administrator). For example, these cases include cooperation with other RBI Group companies, agency for third-party products or services, or cooperation with third parties in loyalty programmes. For detailed information, it is always necessary to contact the particular administrator of personal data, unless our bank is authorized to provide information in the particular case.
As part of customer care, our bank develops technologies to let you use modern electronic means of communication and mobile applications to use our banking products and services. In particular, these include services related to the use of the internet, social networks and various mobile applications. However, we also bear in mind the special nature of banking products and services, and thus we observe the protection of client personal data and banking secret when using these means and applications.
Internet banking. Our bank lets you use some of your products or services online via internet banking. Also, internet banking is a service, through which information about the bank’s services and products are available to you, including individual offers. We process all personal data acquired about you in this regard in accordance with the conditions and principles stated in this Information Memorandum.
Mobile applications. For greater availability of our products and services, we offer mobile banking services (so-called Mobile eKonto). Mobile banking is also a service, through which information about the bank’s services and products are available to you, including individual offers. In this regard, we process selected information related to your mobile device used for mobile banking (can be found in the internet banking service in the detail of your mobile device). We process all personal data acquired about you as part of mobile banking in accordance with the conditions and principles stated in this Information Memorandum.
Social networks. Also, you can address us through various social networks. We particularly use these communication channels as marketing tools; our products and services are not provided through social networks at this moment.
This Information Memorandum is valid and effective as of 9 June 2017. The current version of the Information Memorandum is published on our bank’s website and is also available at our branch offices.
Annex 1 – Scope of Processed Personal Data
- socio-demographic data – such as age, gender, marital status, education, number of household members, type of income, nature of employment, the fact whether you are a politically exposed person;
- information about property – such as information about ownership of real property or movables, membership in legal entities (particularly shares in corporations), information about total income or regular household expenses;
- information about executions or insolvency proceedings, if any, fulfilment of obligations towards other creditors, information about insurance against property or life risks, information about business relations.
In the event that you withdraw a submitted application for a product or service, we also process the application withdrawal date along with the data provided before the withdrawal.
- data serving to secure communications;
- geo-location data, such as data about the geographic location, home branch office of the client, place of making a payment order (most often using a payment card) and data identifying the device used to make the payment order;
- records of your preferred communication language, expressed interest in a product or service, your investment strategies, or your specific requirements disclosed to us,
- information about execution proceedings against your receivable from the bank, about insolvency proceedings against you, information about insurance against property or life risks, information about business relations (as opposed to the list under point 3 of this Annex, these include current data acquired in the course of providing our products or services).
As of 24 August 2018, the term RBI Group means the group formed by our bank and the following entities:
According to the Information Memorandum Article named Recipients of Personal Data (point 2.6.3), the following entities are joint controllers with our bank:
No joint controllers are defined as of 24 August 2018.
Legal entities authorized to provide electronic communication services, namely a public communication network and publicly available electronic communication services in the territory of the Czech Republic (this particularly includes mobile operators).
Legal entities authorized to provide supplies of electricity and gas in the territory of the Czech Republic.