Your personal data have been provided to us by Piraeus Bank. Privacy of your personal data is of paramount importance to us. We protect the security of your information by adopting policies and implementing processes to safeguard it.

As a person exercising control over Piraeus Bank, we have a legitimate interest in accessing your information, but at the same time, we are responsible for its safekeeping and confidentiality.


1. Purposes of the processing for which the personal data are intended as well as legal basis for the processing.

By virtue of the forthcoming transformation through the merger of Piraeus Bank, Postbank becomes the successor of Piraeus Bank and all the property and all rights and obligations of Piraeus Bank under the concluded contracts with customers are transferred to Postbank.

We have compiled this comprehensive list to inform you of the purposes for which Postbank uses personal information, the reasons and the legitimate interest for it.



For what purposes do we process personal information

Our grounds

To know who you are

The law obliges us to identify our customers. This means that we must collect your personal information, including requesting a copy of your identity document, storing it and, if necessary, updating it. It also allows us to protect our customers from fraudulent acts of identity theft and fraud by using false documents.

Statutory obligation

To assess the risk

We have a legitimate interest in assessing the risks when deciding whether the customer is eligible for a loan product. There are also our legal obligations on how to credit responsibly. This means that whenever you apply for a credit product, we will use the information you provide or already have with us to verify and evaluate the risks involved.

In connection with the risk assessment and your creditworthiness, in the checks we make on the data you provide, we receive information about you from the National Social Security Institute (NSSI) and the National Population Database at MRDPW. In view of the requirements of these institutions, we do these checks after receiving your consent to this.

Legitimate interest Statutory obligation

Your consent

To continue to execute a contract you have concluded with Piraeus Bank

Your personal data is processed in order to enter into and maintain contractual relationships, and it is our statutory obligation to retain this data after the latter is discontinued. The processing of your information is a prerequisite for us to grant credit and secure its repayment, to open and secure the servicing of your accounts, including making your payments, maintaining a history of your transactions and providing you with statements, notifying you of changes to help you when problems occur or complaints are filed.

Statutory obligation

Contract with you

To prevent money laundering, terrorist financing and fraud

The law obliges us to assist in the fight against the threats of terrorism and money laundering.

We also have a legitimate interest in preventing the Bank and its customers from being harmed by malicious acts (such as cyber fraud, attempts to use forged and/ or false documents, etc.). Personal data may also be processed to protect the legitimate interest of third parties.

Legitimate interest

Statutory obligation

To collect our receivables

We have a legitimate interest in collecting funds owed to the Bank on non-performing loans. This means that we can initiate a lawful procedure through which this can be done.

In addition, our recovery actions are actions to ensure that the contract you have concluded is fulfilled.

Legitimate interest

Contract with you

To improve our services

We want to be sure that we provide our customers with the best possible service and quality services. That's why we develop new products, improve our systems, test and analyze information that helps us discover new business opportunities. Also, we are constantly updating the security level of our information systems and processes.

Legitimate interest

To acquaint you with priority with our products and services (so-called direct marketing)

We are constantly expanding our portfolio of products and services, organizing promotional campaigns and creating better conditions for customer satisfaction. When we assume that you would be interested in a particular offer, we have a legitimate interest in sharing it with you. We do not want to serve you unnecessary or annoying advertising content, so we use the information we have for you to decide how, when, and what to introduce you to. We do this by profiling.

Should you choose not to receive information about our current products and services, we will always give you the opportunity to inform us. When you notify us that you do not wish to receive such information, we will endeavor to satisfy your request immediately.

Legitimate interest

To manage our business and observe the lawWe have a legitimate interest in organizing and managing our business as a financial institution in the best possible way, and also to comply with the requirements established by the regulatory framework for the Bulgarian financial system. This means that we process personal data to ensure that the records system is maintained, to report and communicate with competent public authorities, auditors or other recipients of information to which personal data may be lawfully disclosed. In addition, the Bank assigns the processing of personal data to third parties, which are called processors. These are companies and individuals who provide services to us. We will always require the necessary safeguards to safeguard the privacy of your personal data and control the processors.

Legitimate interest

Statutory obligation

To fulfill the purpose for which you have given your consent

In certain cases where another condition is not applicable to the achievement of a specific purpose, the Bank will need your consent to process your personal data.

If we need your consent, we will require it in a clear and open manner. You will be able to withdraw your consent and the Bank will cease processing your information for that purpose.

Your consent

2. Categories of personal data to be processed

The categories of personal information we process for you depend on the relationship you have with Piraeus Bank. We will process personal information that identifies you, such as: your names, personal identification number, identity document information and a copy thereof, addresses, telephone and e-mail. Also, the information processed may relate to your financial and property status, kinship, profession, education and any other category of personal data you have provided to Piraeus Bank.


3. Categories of recipients of personal data

We believe that your personal information is confidential and we value its privacy. Therefore, we take great care with processing, which is the disclosure or submitting of your personal information to third parties. Whenever we disclose your personal information, it is imperative that this is required for achieving the above goals.

Depending on our relationship, we may disclose your personal information to the following categories of recipients:

  • Companies in the financial group to which Postbank belongs;
  • Companies and persons providing us with services for implementation and maintenance of information systems, technical services, legal advice, archival, administrative or other similar services, which are needed directly in the course of your service or for the overall functioning of the Bank;
  • Government bodies, institutions and authorities whose registers are consulted for entering into a relationship with you, for assessing your creditworthiness, or for the purpose of obtaining other types of information necessary to contract or execute it (NSSI, NRA, CCR, GRAO, Ministry of Interior, etc.);
  • Companies to whom we may charge the collection on our behalf of our receivables for loans you use;
  • Companies that assist us in improving our products and services and who can contact you on our behalf to offer you an offer or invite you to participate in a survey;
  • If you use a debit or credit card, we will share information with the companies and organizations we partner with to offer this product;
  • Persons entrusted with the activities of production, printing, assembly, delivery (including via SMS or electronic means) of written correspondence and / or information materials of the Bank;
  • Payment system operators;
  • Payment service providers in connection with the Bank's obligations under Regulation (EU) 2015/847;
  • In the event that we choose to transfer rights and obligations under the contract with you, your personal information will also be provided to the recipient;
  • If our relationship provides for the establishment of a security, personal data will be disclosed to notaries, the Registry Agency and / or other registry authorities that require the registration of the security by law;
  • The National Revenue Agency (NRA), on the automatic exchange of financial information under Art. 142b, para. 1 of the Tax Procedure Code, which requires the provision of customer information to the Bank, including beneficial owners of companies. The information provided includes names, address, tax number, date and place of birth, account number, account availability, as well as income earned on the account;
  • Other recipients who have legal authority to require the Bank to provide you with your personal data. These are the Bulgarian National Bank, ministries, commissions, agencies, law enforcement agencies, etc. In some cases, it is a statutory obligation of the Bank to initiate the disclosure of your personal data (for example, in the performance of obligations set out in the Anti-Money Laundering Act) or due to legitimate interest, including to a third party.

4. Period for which the personal data will be stored

The storage period of your personal data depends on the relationship you have with Piraeus Bank and Postbank. We have a statutory obligation to store your personal information not only for the duration of our contractual relations, but also for 5 years after their termination. In certain cases, this period may be extended to 7 years at the request of a competent public authority. If storage of your data is required for pending proceedings, to which Piraeus Bank or Postbank is a party (for example, legal, administrative proceedings, in handling your complaint, etc.), we will keep them until these proceedings are completed.

5. Your rights

  • Right of access

You can always ask us if we process your personal data and if we do, be informed of what information we store, why we do it, and how we process it. You are also entitled to a copy of the information.

  • Right of correction

We would like your personal data to be accurate and up-to-date. If any part of your data is inaccurate or out of date, please let us know and we will correct it.

  • Right to delete

You may request the Bank to delete your personal data, but in order for the request to be fulfilled, appropriate legal grounds should apply. We will not delete information about you that we are required to keep legally or have any other reason not to delete. We will have one month to respond to your request. If we refuse to delete the information, we will explain why this is our decision and what are the legal reasons for it.

  • Right to restrict processing

You may, in certain cases, request the Bank not to process your personal data, including to delete it, to protect your legal claims.

  • Right to object

As stated in this Notice, in some cases we process your personal data because of our legitimate interest. You have the right to object to this processing, including when it involves profiling. We will stop processing the data, but only when we are convinced that our interest does not prevail in the particular situation. We remind you that at any time you can easily express your desire not to be the recipient of advertising content. In this case, we will immediately suspend the processing of your data for the purpose of submitting advertising content.

  • Right to portability

You may ask the Bank to put your data in an electronic file and submit it to you or to a third party. The information you may ask us to provide may only be provided to us in connection with a contractual relationship or with your consent and processed in an automated manner (electronically).

  • Right of appeal to a supervisory authority

If for any reason you are dissatisfied with the actions of the Bank with respect to your personal data, we would first like you to inform us so that we can understand the problem and try to resolve it. Our Data Protection Officer will carefully consider your request and answer all your questions. However, if you believe that you have not received adequate assistance from the Bank or that there has been a violation of your rights, you have the right to file a complaint with a supervisory authority. This body in the Republic of Bulgaria is the Commission for Personal Data Protection.

The Bank has appointed a dedicated staff member who is responsible for complying with regulatory requirements when processing personal data and applying best international practices. This is our Data Protection Officer and you can contact him/her via email sent to dpo@postbank.bg or by letter to: Sofia, 1766, 260 Ring Road, Data Protection Department.

A detailed up-to-date version of the notification can be found here