Last update: 15 May 2024
This document mainly gives you information about the types of personal data we collect, the purposes we use the data for, the sources of such data, the parties to whom we may provide them and about your rights relating to the protection of personal data.
We protect personal data as part of our banking secret. Thus, we process the data in a manner ensuring maximum security.
We always process personal data lawfully, fairly and in a transparent manner and we always inform you about such processing in an easily understandable way.
We only collect personal data for specified, explicit and legitimate purposes and process them in a manner that is compatible with those purposes.
Every person who comes into contact with clients' personal data are obliged to keep such confidential.
The controller of your personal data is Raiffeisenbank a.s., seated at: Prague 4, Hvězdova 1716/2b, postcode: 140 78, IČO: 492 40 901, registered in the Commercial Register maintained by the Municipal Court in Prague, file number B 2051.
Should you have any questions regarding personal data, please refer to any of our branch offices or ask us at any of the below contacts.
Unless explicitly stated otherwise, this document applies to existing and former clients as well as prospective clients (i.e. persons with whom we have not established a contractual relationship yet, but maintain contacts with them) or other persons in respect of whom our bank has certain obligations (for example beneficial owners of legal entities and other groups, or parties and persons in respect of whom we acquire data when providing services to our clients, such as parties to realized payment transactions, beneficiaries of concluded letters of credit etc.), or with whom our bank maintains direct contact without having an established contractual relationship with them (such as representatives of legal entities or other users of services provided to legal entities).
In certain cases, our bank also handles personal data of clients as instructed by another party (another controller). For example, these cases include cooperation with other companies of the group of Raiffeisen Bank International (RBI), intermediation of third-party products or services, or cooperation with third parties on loyalty programmes. For detailed information, it is always necessary to contact the particular controller of personal data, unless our bank is entrusted with the provision of such information in a specific case.
We need various personal data about you to be able to provide you with quality banking service. For example, when you apply for a loan with us, in addition to your name we need to know the income of your household in order to know how much we can lend you. The personal data we collect can be grouped as indicated below.
These mainly include name, surname, date and place of birth, birth registration number, domicile domicile or other address, type, copy of proof of identity, citizenship, or corporate identification number and VAT number in the case of entrepreneurs. Also, your signature belongs to this group.
Other identification data may include, for example, information about the IP address of the computer used, signature specimen, number of the account we maintain, or sets of specific authentication data we may agree to use, as well as information relating to the issued means of electronic identification.
If you open your account online or you wish to reactivate RB Key online, we will also process your biometric data derived from the image of your appearance for the purpose of verifying the match of your appearance with the data acquired from photographs on the submitted copies of personal documents.
Telephone number, e-mail address, mailing address or other similar information we need to contact you.
Data required to decide on concluding a contract
These are data that let us evaluate whether you will be able to repay a loan or whether there is a risk of money laundering. These include, among other, the following data:
These data include, for example, the term of a contract, interest rate, maturity, loan amount, status of your receivables from the bank, status of the bank's receivables from you, information about realized payment transactions, information about the use of payment tools, information about realized instructions to buy securities, information about the status of your investment instrument portfolio.
An overview of these data can be obtained from statements or similar lists that are available to you.
These include personal data acquired through our mutual interactions. In particular, these are:
We monitor and record selected communications with you, in particular telephone calls. We always inform you in advance about any recorded communications. We monitor movement of persons using cameras, particularly in premises where services are provided to clients (including ATMs operated by us). Camera recordings are solely made for the purpose of compliance with legal obligations, conclusion and performance of contracts, and protection of our and your legitimate interests, or interests of third parties.
Our banking applications (in particular, Mobile Banking, RB Key and Raiffeisen mobile investing) and tools may contain antimalware/antivirus detection and detection of amended administrator rights (root/jailbreak) to determine if the device, from which you access our applications or tools, is secure or has been affected by a virus risk. These tools collect and then process information about the device security setting (e.g. deactivated screen lock, etc.), information about the integrity of the application and operating system (e.g. modified administrator rights [root/jailbreak]; start in emulator, use of hooking framework, etc.), device information (e.g. device model, anonymous device identifier to check whether the application is run on the same device as originally installed), metadata of potentially harmful applications and setting of notifications. The above-mentioned data are processed in order to prevent fraud, ensure user security, comply with legislation, and conduct analysis for the purposes of improving security and evaluating potential threats.
These particularly include the client/product numbers we assign, data created by assessing your transaction behaviour or data you provide (such as to evaluate whether the conditions to apply discount on a fee have been met), evaluation of a submitted product or service application, or evaluation required for our decision as to whether we will offer a product or service to you or not.
In a vast majority of cases we do not need your consent to process your personal data. Such cases concern processing imposed by law, processing required to provide you with our services, or processing of personal data necessary to protect the bank's legitimate interests as well as your interests or interest of third parties. Processing not requiring your consent is particularly done for the below purposes.
We always need your consent when we wish to process your personal data for the purpose of marketing activities. This particularly covers offering of products and services (for example by mail, e-mail or telephone), be it our products and services or services of third parties. Subject to your voluntary consent we may evaluate whether we are prepared to provide you with a certain service and whether we can expect you to show interest in such service. We may also acquire personal data in the following manner:
Subject to your consent only, we may transfer your personal data to another member of RBI Group to process them for the purpose of own marketing activities. In any case, we will only transfer personal data to the extent as required for the particular processing. An updated list of RBI Group members that may be recipients of your personal data forms part of this Information Memorandum. If the list is to be updated, you will be notified thereof in advance to be able to consider whether you will maintain or withdraw your consent.
The following members of RBI Group may be recipients of your personal data for marketing purposes:
• Raiffeisen - Leasing s.r.o., IČ: 61467863, registered office: Praha 4 - Nusle, Hvězdova 1716/2b, postcode: 140 78
• Raiffeisen stavební spořitelna a.s., IČ: 49241257, registered office: Praha 3, Koněvova 2747/99
• UNIQA pojišťovna, a.s., IČ: 49240480, registered office: Praha 6, Evropská 136/810, postcode: 160 12
• Raiffeisen investiční společnost a.s., IČ: 29146739, registered office: Hvězdova 1716/2b, Nusle, 140 78 Praha 4
• Raiffeisen Bank International AG, registered office: Am Stadtpark 9, 1030 Vienna, Austria
• Raiffeisenbank (Bulgaria) EAD, registered office: 55 Nikola I. Vaptzarov Blvd., Business Center EXPO 2000 PHAZE III, 1407 Sofia, Bulgaria
• Raiffeisenbank Austria d.d., registered office: Magazinska cesta 69, 10000 Zagreb, Croatia
• Raiffeisen Bank Zrt., registered office: Akadémia utca 6, 1054 Budapest, Hungary
• Raiffeisen Bank S.A., registered office: Calea Floreasca 246C, 014476 Bucharest, Romania
• Tatra banka, a.s., registered office: Hodžovo námestie 3, 81106 Bratislava 1, Slovakia
• UNIQA Österreich Versicherungen AG, registered office: Untere Donaustraße 21, 1029 Vienna, Austria
• UNIQA Insurance Group AG, registered office: Untere Donaustraße 21, 1029 Vienna, Austria
Sometimes we may conclude that we also need your consent in other situations. In such case, we will ask for your consent and we will provide your with all material information in this regard.
Below is a list of rights that you have in connection with the processing of your personal data. Some of the rights also include requests for information or documents. We will provide such information without undue delay, however not later than within one month from delivery of your request. In certain cases the term may be extended, about which fact we will always inform you. If your request cannot be granted, we will inform you about the reasons as well as about your other rights (right to lodge a complaint and right to judicial remedy).
If needed, we may ask you to provide additional information to add details to your request or to confirm your identity.
You can exercise the below rights at any branch office or by using any of the contacts specified above. You can also use the form available for download at https://www.rb.cz/attachments/gdpr/gdpr-zadost.pdf.
If you give us consent to process personal data that we need for marketing or other purposes, you have the right to withdraw such consent.
Once you withdraw the consent, we will discontinue the processing of relevant personal data for the purposes requiring such consent. However, we are entitled to further use the personal data for other purposes (such as purposes implied by law).
If you do not grant or if you withdraw your consent, we may also accordingly adjust the availability, scope or conditions of our products and services.
If you wish to withdraw your consent to the processing of personal data, please refer to any of our branch offices or any of the above contacts.
In cases where your personal data are processed for the purpose of protecting our legitimate interest, you have the right to object to such processing. If you do so, we will no longer process your personal data unless we demonstrate to you compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. You may exercise your right to object the same way as the right to withdraw consent.
You have the right to request confirmation as to whether or not we process your personal data, and, where that is the case, access to the personal data and other specified information. If requested, we will give you a copy of the processed personal data free of charge once in a calendar year, otherwise against payment of the cost associated with processing and providing the copy.
If you are interested in an overview of data about payment transactions and related payments that are available to you based on performance of contracts for the particular services and products in the form of statements, the bank will give you a copy of such statement subject to payment of a fee according to the applicable pricelist of products and services.
You have the right to obtain from us without undue delay the rectification of inaccurate processed personal data concerning you. Also, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Changes of certain personal data need to be demonstrated by evidence (such as changed domicile address or marital status).
You have the right to obtain from us the erasure of personal data concerning you without undue delay where a legal ground applies (such as when the processing is no longer needed or is unlawful).
You have the right to obtain from us restriction of processing of your personal data where a legal ground applies (such as due to inaccuracy of the processed personal data or unlawfulness of the processing, or due to an objection to the processing of personal data based on our legitimate interests).
You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller. This right only applies to personal data provided by you, which are processed in an automated manner based on your consent or a contract between us. For security reasons we are unable to save your data to your data carrier; however, we can deliver the data to you by e-mail, for example.
In some cases (such as in the case of a loan application), the decision as to whether we will enter into a contract with you depends on automated assessment (i.e. the recommendation is given by a machine, not a person directly). We will always inform you about this fact, particularly in a situation where your application has been rejected. Consequently, you have the right to challenge the decision, in particular to ask for review of the decision with the participation of our responsible employee, or to express your opinion on the decision. In doing so, you can use any of the contacts above; if the case concerns a loan application, please mainly use a branch office to exercise this right.
If you believe that the processing of your personal data infringes the applicable legislation, you may refer with a complaint to the Office for Personal Data Protection.
https://www.uoou.cz
Pplk. Sochora 27
170 00 Prague 7
We process your personal data in both manual and automated manner (including algorithmic processing) in our bank's information systems. In the case of automated processing, we may profile your data, for example to assess your ability to repay a loan or to prepare an offer of a suitable product.
We collect personal data of clients particularly from the following sources:
Our cooperation with client information registers
For example, we cooperate with the authorized users of the Banking client information register („BRKI“), Non-banking client information register („NRKI“), or with members of the SOLUS association. The cooperation particularly relates to assessment of credibility and creditworthiness of clients.
Your personal data are made available particularly to employees of our bank in connection with the performance of their professional duties, however only to the necessary extent and in compliance with all security measures.
In addition, your personal data are transferred to third parties - controllers and processors. We conclude written agreements with processors to stipulate the terms and conditions of the processing of personal data to contain the same safeguards we adhere to in line with our legal obligations.
The recipients of personal data particularly include:
Transfers of personal data to foreign countries - save for exceptions, neither our bank nor the entities participating in the processing of personal data of clients forward personal data of clients to countries outside the European Union. An exception applies to realization of certain transactions using payment cards involving the use of the 3D Secure code. In this regard, certain personal data of payment card holders are transferred to the processor, PrJSC Ukrainian Processing Center, registered office: 9 Moskovskiy Ave., Kiev, Ukraine, which complies with the security, technical and organisational safeguards for the processing of personal data. Also, updates of information on issued Mastercard payment cards are transferred via Mastercard Europe SA, registered office: Chaussée de Tervuren 198, 1410 Waterloo, Belgium, to the ABU (Mastercard Automatic Billing Updater) database created and maintained in the US and containing data such as card validity term, available to payment card acquiring providers and participating merchants.
Joint controllers
Our joint controllers currently include:
In some cases, we are only entitled to transfer your personal data subject to your consent. This particularly applies to the following recipients:
Data Protection Officer
Raiffeisenbank has a designated Data Protection Officer. The Data Protection Officer ensures compliance with statutory obligations, in particular informs and advises within Raiffeisenbank, monitors compliance of the processing of personal data with the legislation, communicates with the supervisory authority, and fulfils other given obligations.
If your inquiry or matter cannot be handled via the above contact details, you may also contact the Data Protection Officer at Hvězdova 1716/2b, postcode: 140 78, Prague 4, Attn: Data Protection Officer, e-mail [email protected].
We only process personal data of clients for a time necessary with regard to the purpose of processing. Once we detect that the data are no longer needed, we delete them. We evaluate such need on a continuous basis, particularly after expiration of the (internally determined) term that is usual for the particular personal data to be useful. Below are typical terms of usability of various personal data.