CyrillicPRIVACY POLICY
Postal Savings Bank j.s.c. Belgrade (hereinafter referred to as: the Bank) shall take into consideration the significance of personal data protection and apply the regulations governing personal data protection.
For the purpose of applying the principles of fair and transparent personal data processing, the Bank, in the capacity of a manager of the abovementioned data, has developed the Privacy Policy in order to provide natural persons (Customers, potential Customers, persons who are in any way related or will be related to the Bank as a manager, guarantors, joint and several debtors, pledgers, proxies, legal representatives, inheritors, employees, potential employees, and other persons whose data may subject to processing) with all relevant information regarding personal data processing at one place.
DATA MANAGER IS:
Postal Savings Bank, joint-stock company, Belgrade
3, Kraljice Marije Street
11000 Belgrade
S.W.I.F.T.: SBPORSBG
TIN: 100002549
Business ID No.: 07004893
Phone: 011 20 20 292
PRINCIPLES OF PERSONAL DATA PROCESSING
The Bank shall process personal data in a lawful, fair and transparent manner. Personal data may be collected for the purpose that is precisely determined, explicit, justified and lawful and may not be processed in the manner that is not in accordance with the purpose determined as such.
Personal data must be appropriate, relevant and restricted to that that is necessary in relation to the purpose of processing, correct, and, if necessary, updated. The Bank shall take all reasonable measures ensuring that all incorrect personal data are deleted or amended without any delay.
Personal data shall be kept in the form that enables identification of persons only within the term that is necessary for fulfilling the purpose of their keeping. Personal data shall be processed in the manner that ensures an adequate personal data protection including protection against unauthorized and illegal processing, as well as accidental loss, destruction or damage, by applying appropriate technical, organizational and personnel measures.
PERSONAL DATA PROCESSING
The Bank shall process personal data for the purpose and in the manner that is necessary and appropriate when performing its business activities.
The Bank shall process the collected personal data for the purpose of providing single banking services and products and performing pre-contractual activities such as: opening and maintaining of bank accounts, deposits, standing orders, making payments, loans, guarantees, letters of credit, acting upon the customers’ objections, etc.
The Bank shall collect personal data primarily from the persons to whom the data refer and from other person only when that is provided for under the contract concluded with the person to whom the data refer, when that is provided for under the law or other regulation provided for in accordance with the law, when it is necessary given the nature of the operation. i.e. when it is necessary in order to realize or protect vital interests of persons to whom the data refer.
Especially sensitive personal data for the Bank are the data on racial or ethnical origin, political opinion, religious or philosophical belief or membership in a trade union, as well as the processing of genetic data, biometric data for the purpose of unique identification of persons, data on the state of health, data on the sexual life and sexual orientation of natural persons. The Bank shall process such data only in cases allowed by the law and in the manner stipulated by the law along with the application of special protection measures.
The Bank shall not process personal data: when the person to whom the data refer has not given or revoked his/her consent for processing and there is not any legal basis for processing without consent of the person to whom the data refer, when the data is false, incomplete, out-of-date, and when it is not based on a trustworthy origin, if the data is unnecessary or inadequate for fulfilling the purpose of processing, if the number and type of the data are disproportionate to the purpose of processing, if the manner of data processing becomes unallowed, after the purpose of processing is fulfilled, when the purpose of processing is not clearly determined or is unallowed, or is carried out for the purpose other than the one for which it is agreed or determined by the Bank’s enactments.
The Bank shall process personal data in the Republic of Serbia. The transfer of data to third countries or international organizations shall be carried out by adhering to appropriate safety measures and in accordance with the Law and the General Regulation.
The Bank shall not make decisions only based on the automated data processing.
PERSON IN CHARGE OF PERSONAL DATA PROTECTION
The Bank has appointed a person for personal data protection that can be contacted regarding the questions and requests in connection with the processing of personal data through e-mail address: dpo@posted.co.rs
RIGHTS OF PERSONS TO WHOM THE DATA REFER
The Bank has an obligation to provide the person to whom the data refer with the information about the personal data it processes, i.e. to provide the requested information free of charge. If the request of a person to whom the data refer is obviously unjustified or unreasonable, and especially if the same request frequently repeats, the Bank may charge certain administrative costs for providing information, i.e. acting upon the request.
The Bank has an obligation to provide an answer to the request submitted by a person to whom the data refer without undue delay, but not later than within the term stipulated by the Law. The Bank may refuse to take any activity regarding the request if a person asks for information about the data kept in public registers or that are publicly available otherwise, if a person obviously abuse his/her right to information, insight and a copy, if the Bank has already informed a person about the requested data and they have not changed in the meantime, when the data is in connection with the AML/CTF, if the provision of information would jeopardize the investigation of a criminal offence or state interest, and if the data processing has been stopped at the request of the person.
Right to insight: The Bank shall enable to a person to whom the data refer, at his/her request, an insight into his/her personal data that it processes by reviewing and reading the data and making notices. The Bank shall issue a copy of the mentioned data to the person at his/her request.
Right to access: The person to whom the data refer has a right to obtain from the Bank information about whether his/her personal data are processed and, if that is the case, a right to request an access to his/her personal data, as well as a right to obtain information about the purpose of processing, category of respective personal data, receiver or category of receivers to whom personal data are or shall be disclosed.
Right to amendment and supplement: The person to whom the data refer has a right to obtain from the Bank, without undue delay, amendments of incorrect personal data referring to him/her. Taking into consideration the purpose of processing, a person to whom the data refer has a right to the supplement of incomplete personal data, as well as a right to the update of personal data.
Right to deletion: A person to whom the data refer has a right to the deletion of the data referring to him/her, without undue delay.
The Bank has an obligation to delete personal data without undue delay if: (1) personal data are not required any longer in relation to the purpose to which they were collected or processed otherwise, (2) a person to whom the data refer revokes his/her consent on which the respective processing has been based, but there is no other legal basis for processing, (3) a person to whom the data refer makes an objection to the processing, but there is no legal basis for the respective processing with superior legal power that may be applied, (4) personal data have been processed unlawfully, or (5) a right to deletion of data has been stipulated by the Law.
Right to limitation of processing: A person to whom the data refer has a right to ask from the Bank to terminate and temporarily stop the processing if the person to whom the data refer denies the accuracy, completness and up-to-datedness of data, as well as a right to designate that data as such until their accuracy, completness and up-to-datedness is determined.
Right to revoke consents: A person whose data are processed has been informed that he/she gives consent voluntarily and that he/she is authorized to revoke it at any moment. After the consent has been revoked by the person to whom the data refer, the Bank shall no longer use his/her data for purposes to which the respective revocation refers. A consent may be revoked in writing. The revocation becomes effective when it is received by the Bank and it shall not affect the processing of data that has been made based on the consent prior to its revocation.
Right to information about processing: The Bank, as the data processing manager, shall provide a person to whom the data refer, at the moment of collecting the data about the relevant person, with the following information: contact details of the Bank, as well as the identity of its representative if he/she is appointed; contact details of the person in charge of personal data protection; purpose and legal basis of processing; information about the existence of legitimate interest if processing is carried out on the legal basis; information about: the receiver, i.e group of receivers of personal data, if any; the fact that it is planning to take personal data out to another country or international organization (nature of the business itself), as well as about the referring to adequate protection measures; the right to file a complaint to the Commissioner for Personal Data Protection; about that that giving of personal data is both legal and contractual obligation, thus the giving of data is a necessary condition for concluding a contract, as well as about that whether a person to whom the data refer has an obligation to give his/her personal data and about the possible consequences if the data are not provided, and about the existence of the automated decision-making.
Right to transmission: A person to whom the data refer has a right to receive from the Bank his/her personal data previously provided to the Bank in a structured, normally used and electronically readable form, and he/she has right to transmit these data to other data manager without any interference from the Bank under the conditions provided for under the Law.
Right to objection:If he/she deems that it is justifiable in relation to the special situation he/she is in, a person to whom the data refer has a right to file an objection to the Bank, at any time, to the processing of his/her personal data that is necessary in order to perform operations in public interest or to execute legally stipulated authorizations of the Bank, i.e. that is necessary in order to realize legitimate interests of the Bank or a third party unless the interests or fundamental rights and freedoms of a person to whom the data refer are overriding these interests, requesting the protection of personal data, and especially if a person to whom the data refer to is an under-age person.
In that case, the Bank shall stop processing the data on the person who filed an objection unless there are legal reasons for processing that override the interests, rights or freedoms of a person to whom the data refer or that are in connection with the filing, fulfilling or defending the legal request.
A person to whom the data refer has a right to file, at any moment, an objection to the processing of his/her personal data that are processed for the purpose of direct advertisement.
If a person to whom the data refer files an objection to their processing for the purpose of direct advertisement, the Bank shall not further process personal data for such purposes.
Right to complaint: If he/she deems that the personal data have been processed contrary to the provisions of the Law, a person to whom the data refer has a right to file a complaint to the Commissioner to the following address:
Commissioner for Information of Public Importance and Personal Data Protection (Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti)
15, Bulevar Kralja Aleksandra Street, 11000 Belgrade
Phone: +381 11 3408 900
Fax: +381 11 3343 379
E-mail: оffice@poverenik.rs
"THE COOKIES" POLICY
The rules and manner of processing personal data by using cookies have been defined by the Policy for Using "Cookies" on the website of the Bank.
TECHNICAL PROTECTION MEASURES
An adequate level of personal data protection is achieved by implementing adequate technical safety measures in the IT system of the Bank, along with the managment and personnel measures, in order to protect their confidentiality, integrity and availability.
In accordance with the nature, scope, circumstances and purpose of processing personal data, the Bank shall lay down appropriate protection measures as well as control of their availability.
An envisaged level of the required safety in the Bank when processing personal data shall be achieved by implementing safety protection measures stipulated in the Policy for ICT System of the Bank.
Depending on the available tools for the protection of personal data and the circumstances under which they are used, priority in the implementation shall have those technical protection measures relating to the process of authentication, access control, encription.
The Bank shall ensure the continuity of its operations and recovery of its activities in case of catastrophes by implementing Operations Continuity Plan and Activities Recovery Plan in case of catastrophes.
PERSONAL DATA PROTECTION
Period within which personal data are to be kept shall be changed in accordance with the legal basis and purpose of processing certain category of personal data. Personal data shall be kept during the period of contractual relationship, i.e. until there is a consent of the person whose data are processed, then within the term the Bank is legally obliged to keep certain personal data, in which case an active processing of these data will not be enabled for other purposes, but only their keeping for legally stipulated purposes.
FOR MORE INFORMATION
Phone: 011 20 20 292
E-mail: dpo@posted.co.rs
www.posted.co.rs