Privacy Statement

Privacy Statement

The privacy of your personal data is of paramount importance to us. We protect the security of your information which is why we have adopted policies and implemented processes that guarantee it. Please read the contents of this Notice to understand how and why we process your personal data and what your rights are. We want you to know that your personal data is in safe hands with us.

1. How to request and install a certificate?

The certificates are managed from menu “Security"-tab.“Certificates".

If you want:

  • To install Digital certificate issued by Postbank , choose “ Start digital certificate issuing " and install the certificate in four steps:

1) The system checks the user’s browser and Operating System and automatically recognizes them.
2) Enter the received on the mobile phone One-Time Password for activation of the certificate
3) Confirm the messages for request and installation of the certificate with “Yes".
4) Check for successfully signing with the installed certificate

  • To register Qualified Electronic Signature (QES):

1) Install the Qualified Electronic Signature and the appropriate software on your computer pursuant to the instructions of the Issuer.
2) From menu “Security"- tab."Certificates", select “ Register QES ".
3) Choose the certificate, which you want to register, enter the PIN and press “Register".

The request and the installation of the certificate must be made from the same computer, computer user, and browser.

More information about certificates you can find in section Certificates.

2. I cannot make the certificate request. I receive an error message, what do I need to do?
Look at the Certificates section – your browser is probably not set to work with certificates. This is usually due to problems relating to the security of your system and the browser you use.

In order to tackle the problems, please, meet the requirements detailed in the Certificates section.

3. How can I transfer the certificate to another computer?
The way to transfer a digital certificate to another computer (export) is described in the User Manual -Working with certificates – Storing a certificate on a portable carrier and transferring a certificate from a portable carrier.

As part of your approval in the credit application process, your personal data may be subject to automated processing and automated decision-making. This means that the Bank’s specialised software will automatically process (without human intervention) the data you have provided and analyse them in terms of the criteria specified in the algorithm of the software. As a result, your application will be evaluated with a certain number of points according to which you may receive an automatic approval or automatic denial. When applying automated decision-making, you have the right to express your opinion, to challenge the decision, and to ask for human intervention.

If for any reason you are not satisfied with the Bank's actions in relation to your personal data, we would like you to tell us first in order to understand what the problem is and try to resolve it.

Our Data Protection Officer will look carefully at your complaint and will answer all of your questions. Nevertheless, if you believe that you have not received adequate assistance from the Bank or that there is a violation of your rights, you have the right to complain to a supervisory authority. In the Republic of Bulgaria this authority is the Commission for Personal Data Protection.

As explained above in this Notice, we collect personal data primarily due to legal obligations or for the needs of concluding and executing contracts as well as for servicing you. If you do not provide us with the necessary personal data when this is compulsory for the intended purpose, it would not be possible for you be a client of the Bank, including you may be denied continuing to use the Bank’s products and services if we have already established relations.

We shall regularly update this Notice so that you can be duly informed about how we process your personal data. If we make any amendments which are essential to the purposes and grounds for processing, we will publish a notification on our website www.postbank.bg.

This Notice on the processing of personal data was last updated on 04.07.2019.

We are Postbank, legally named Eurobank Bulgaria AD (hereinafter referred to as “We” and “The Bank”), registered with the Trade Register of the Registry Agency with UIN 000694749. You can contact us at 1766 Sofia, 260 Okolovrasten pat Str., Tel: 0700 18 555; e-mail: klienti@postbank.bg; www.postbank.bg.

Our major priority is to work ethically and responsibly, in order to comply with the legislation, including in the field of personal data protection, and to meet your expectations with regard to processing your personal data. We are constantly improving our internal procedures and workflows. Our employees are trained and obliged to protect the privacy of customers’ personal data.

The Bank has appointed a special employee who is responsible for complying with the legal requirements for personal data processing and for the application of best international practices. This is our data protection officer and you can contact him by e-mail to dpo@postbank.bg or by mail to address 1766 Sofia, 260 Okolovrasten pat Str., Data Protection Department.

The law allows us to process personal data if one or more of the following conditions are present:

  • If we perform a contract to which you are a party or if you have taken action to conclude a contract with us;
  • When we have an obligation stipulated by law;
  • When there is a legitimate interest;
  • When we have your consent.

A legitimate interest is deemed to be the processing of personal data carried out due to economic, commercial or other interest of the Bank or of a third party that is superior to the interest of the person and the processing does not violate their rights. Even if there is such interest, our actions in relation to you will always be fair and transparent and in any case they will be subject to a preliminary assessment of the Bank's or the third-party’s interest and the rights of the individuals.

We use your personal information to process and assess any customer application for a product of the Bank, to maintain your accounts, to develop and improve our services, and to ensure that we comply with the laws that regulate our business.

We have compiled this detailed list to inform you of the purposes for which we use personal data and what our reasons are. Here you will find out which our legitimate interests are.

Why do we process personal data Reason

To know who you are

Law obliges us to identify our customers. This means that we should collect your personal data, including requiring a copy of your ID card and storing it and, if necessary, updating it. Moreover, this allows us to protect our customers from malicious acts of identity theft and fraudulent use of fraudulent documents.

Legal obligation

To assess risks

We have a legitimate interest in assessing the risks when deciding whether the client is suitable for a credit product. We also have legal obligations on how to make responsible crediting. This means that whenever you apply for a credit product, we will use the information you provide or the information we have with us to check it out and assess the risks.

In connection with your risk assessment and your creditworthiness, we take information about you from the registers kept by state authorities, institutions and establishments (National Social Security Institute, National Revenue Agency, Central Credit Register, the National Population Database with the MRDPW, Ministry of Interior, etc.) in the checks we make on the data you provide. In view of the requirements of some these institutions and only if applicable, we do these checks after receiving your consent to them.

Legitimate interest

Legal obligation

Your consent

To conclude a contract and execute it

We process your personal data in order to enter and maintain contractual relations with you, and our legal obligation is to store these data even after their completion.

Processing your information is a must for us to grant a loan and to ensure its repayment, to detect and secure the servicing of your accounts, including the execution of your payments, to keep a history of your transactions and to provide you with statements, to notify you of changes that concern you and help you when problems arise or when you have filed any complaints.

Legal obligation

A contract with you

To prevent money laundering, terrorist financing and fraud

Our legal obligation is to assist in the fight against threats of terrorism and money laundering.

We also have a legitimate interest in preventing damage to the Bank and its clients from malicious actions (for example, Internet frauds, attempts to use forged and / or fake documents, etc.). Personal data may also be processed to protect the legitimate interest of third parties.

Legitimate interest

Legal obligation

To collect receivables

We have a legitimate interest in collecting the Bank’s receivables due under non-performing loans. This means we can initiate legal procedures to do so.

In addition, our recovery action is also an action to ensure the performance of your contract.

Legitimate interest

A contract with you

To improve our services

We want to be confident that we provide our clients with the best possible and highest quality services. That is why we are developing new products, improving our systems, carrying out tests and analysing information which helps us discover new business opportunities. Also, we constantly update the security level of our information systems and processes.

Legitimate interest

To learn first about our products and services (so called direct marketing)

We are constantly expanding our portfolio of products and services, organising promotional campaigns and setting better conditions for customer satisfaction. When we assume you might be interested in our particular offer, we have the legitimate interest in sharing it with you. We do not want to provide you with unnecessary or annoying advertising content which is why we use your personal information to decide what, how and when to offer to you. This is done by profiling.

If you choose not to receive information about our current products and services, we will always provide you with the opportunity to inform us about that. When you inform us that you do not want to receive such information, we will endeavour to comply with your request immediately.

Legitimate interest

To manage our activity and observe the law

We have a legitimate interest in organising and managing our activity as a financial institution in the best possible way as well as complying with the legal requirements of the Bulgarian financial system. This means that we process personal data to ensure the maintenance of the filing system, to report and communicate with the competent government bodies, auditors or other recipients of information to which personal data may be legally disclosed.

In addition, the Bank assigns processing of personal data to third parties called processors. These are companies and individuals who provide us with services. We will always require the necessary safeguards to protect the privacy of your personal data and control the processors.

Legitimate interest

Legal obligation

ЗTo fulfill a purpose for which you have given your consent

In certain cases, when another condition is not applicable and for the fulfilment of a specific purpose, the Bank will need your consent to process your personal data.

If we need your consent, we will require it from you in a clear and open way. You will be able to withdraw your consent and the Bank will cease processing your information for that purpose.

Consent

We believe your personal data is confidential and we value its privacy. Therefore, we pay close attention to processing which is related to disclosing or providing your personal data to third parties. Whenever we disclose your personal data, this is imperative to meet the above goals.

Depending on our relations, we may disclose your personal information to the following categories of recipients:

  • Companies from the financial group the Bank belongs to;
  • Companies and individuals who provide us with services for the implementation and maintenance of information systems, technical services, legal advice, archival, administrative or other similar services which are required directly in the course of your service or for the overall functioning of the Bank;
  • State authorities, institutions and establishments (National Social Security Institute, National Revenue Agency, Central Credit Register, the National Population Database with the MRDPW, Ministry of Interior, etc.) should we need to perform checks in their registers at the time we commence our business relationship, to assess your creditworthiness or for other information needed for signing of contract or its execution

  • Companies that we may assign to collect on our behalf Bank’s receivables on your credit products;
  • Companies that assist us in improving our products and services and that may contact you on our behalf to make you an offer or invite you to participate in a survey;
  • If you use a debit or credit card, we will share information with our partner companies and organisations in order to offer this product;
  • Individuals that we assign to produce, print, collate, deliver (including by SMS or electronically) written correspondence and / or information materials of the Bank;
  • System operators servicing payments;
  • Payment service providers in relation to the Bank’s obligations under Regulation (EU) 2015/847;
  • In case we decide to transfer rights and obligations under a contract we have concluded with you, your personal information will also be provided to the recipient;
  • If our relations stipulate the provision of collateral, personal data will be disclosed to notaries, the Registry Agency and/or other registrar authorities that legally require the entry of the collateral;
  • The National Revenue Agency, concerning the automatic exchange of financial information under Art. 142b, para 1 of the Tax and Social Insurance Procedure Code, which requires the provision of information about clients of the Bank, including actual company owners. The information provided includes name, address, tax number, date and place of birth, account number, account balance, and income earned on the account;
  • Other recipients who have legal powers to demand your personal data of the Bank. Such are the Bulgarian National Bank, ministries, commissions, agencies, judicial authorities, law enforcement authorities and others. In some cases, it is the Bank's legal obligation to initiate the provision of your personal data (for example, in the performance of obligations under the Law on Measures against Money Laundering) or due to a legitimate interest, including the legitimate interest of a third party.

The period for storing your personal data depends on the relations you have with the Bank. When you apply for any of our products or services but you are not approved or you decide to withdraw your application, your personal data will be stored for a limited period of time (1 year).

If you are our client and use the Bank’s products and services, we are legally obliged to store your personal data not only for the period of completion of our contractual relations but for a period of 5 years after their completion. In some cases this period may be extended to 7 years if this is required by a competent state authority. If storing your personal data is necessary for pending procedures in which the Bank is a party (for example, court proceedings, administrative proceedings, handling your complaint against the Bank, etc.), then we will keep them until these proceedings are closed.

If you take advantage of your right to limit data processing, the Bank will store your personal data until you specify otherwise.