- The right to be informed: with respect to the processing activities carried out by BCR in connection with your data;
- The right of access to the data: you may request and receive a confirmation from BCR with respect to the data processing (which data we process and what is the purpose of processing, where and how long we store them, who has access to the data, etc.);
- The right to rectification: of inaccurate data, and supplement the incomplete data; (example: if you change your telephone number or e-mail address, you may contact us for updating this data;
- The right to erasure: you may request erasure of a part or all of the data we have from you;
Important! We will not process your request in all cases (examples: the law imposes on BCR the obligation to keep the data for a certain period; the data is useful for a legitimate interest such as defending a right in court);
- The right to restriction of processing: you may request that we not use your data, except to store it until another request from you is resolved, namely:
- you asked us to rectify the data;
- you objected to the deletion of the data in case of an illegal processing;
- you asked us to provide certain data in order to ensure the defence of a right;
- you objected to the processing of the data – please see the right to object below.
- The right to data portability: you may request that your data be provided in a structured, commonly used and machine-readable format (example: by e-mail). Furthermore, you may ask for your data to be sent to another controller;
- The right to object: you may object to the processing of data carried out pursuant to BCR’s legitimate interest;
Important! We shall always approve the request only in cases where processing is made for direct marketing purposes (example: if you receive e-mails with commercial information from BCR, you may request to unsubscribe). In all the other cases, we will assess our own interests and your particular situation to make a final decision. Therefore, we recommend that you provide an explanation and reason why you object to the processing when you file the request.
- The rights concerning automated decision-making: as a rule, you have the right not to be subjected to an automated decision, if this produces legal effects over you or affects you in a similar way, to a significant extent (example: automated refusal to conclude a contract with you, based on a data processing);
Important! In certain cases, the law allows us to make such decisions in cases where we have your consent or if the decision is made based on the performance of the contract that we have concluded or based on our legitimate interest. In such cases, you will have the right to challenge the decision, to express your opinion and to obtain a verification from a human factor. Furthermore, there are cases where the law sets forth an obligation for us to implement such automated decision – making processes.
- The right to withdraw consent: in cases where we process your data based on your consent;
Important! The withdrawal of your consent will only produce effects for the future. The processing carried out for a different purpose, such as performance of the contract, will not be affected by withdrawal;
- The right to file a complaint: if you are dissatisfied, you may address the National Supervisory Authority for Personal Data Protection or the courts of law at any time.
To the extent you exercise any of the rights indicated above, please provide us with the necessary details so that BCR can identify the exercised right and the requirements for its exercise, as set forth by the law. For example, if a request for objection is filed with respect to certain processing carried out by BCR pursuant to the legitimate interest of the bank, we kindly ask you to also provide information concerning your particular situation so that BCR may carry out the assessment required by the law.
Exercising your rights
For further details regarding the processing activities carried out by BCR, as well as with respect to your rights, you may contact us at any time using the following:
1. Request sent to BCR’s data protection officer at firstname.lastname@example.org – communication channel especially for data protection matters;
2. Request sent by calling * 2227, number with normal tariff from the national fixed and mobile networks or at email@example.com;
4. By post mail, to our headquarters, or in any BCR branch;
5. The Credit Bureau’s portal.
In case you wish to exercise any of your rights according to this policy, please be informed that we are under the obligation to perform your authentication. The authentication procedure serves to verify your identity by BCR by asking you specific questions, in order for us to make sure that information is not requested by or disclosed to unauthorized persons. This is why, after you sent your request, depending on the channel you choose to contact us, the authentication procedure shall be performed as follows:
- If you are in a BCR branch or if you contact us by phone, the authentication shall be performed on the spot by the BCR representative;
- If you contact us by e-mail or post mail, a BCR representative shall contact you by e-mail in order to apply the authentication procedure mentioned above;
- For the requests sent thru the Credit Bureau’s portal, the authentication is performed when creating the user account on the portal, according to the instructions which can be accessed under this link: https://www.birouldecredit.ro/wps/portal/bcro/Home/user-enrollment.