PRIVACY POLICY

This website ( the "website") is operated by BANCA COMERCIALĂ ROMÂNĂ S.A. ("BCR”). BCR may be referred to in this Policy as "we", "us" or "our".

1. Subject of the Privacy Policy:

The role of this Privacy Policy is to inform you about:  

(i) the processing activities carried out by BCR, as Data Controller, with regard to your personal data, and it applies in its activities and in order to achieve the object of the activity;

(ii) security and confidentiality of processing activities of personal data.

BCR processes personal data in accordance with the provisions of Law 677/2001 and, as of May 25, 2018, in accordance with the provisions of the General Data Protection Regulation no. 679/2016.

Our privacy policy may be amended and BCR will publish on this page an updated version of the Policy. You can stay constantly informed about the processing activities carried out by BCR by frequently accessing this website.

BCR's website may include links to other websites managed by other legal entities which are not related to the activity of BCR and for which BCR is not liable. Furthermore, we may include links to other websites operated by companies affiliated to BCR, which apply distinct privacy policies. If you access these websites through our own website, you should read the privacy policies of these websites in order to understand how they collect, use and reveal your information.

Below you can find information about the purposes and legal grounds for which we process your data, depending on your capacity (in this respect please read section 2 below). Furthermore, you can find information about the categories of data we process, processing activities for which we need your consent, categories of recipients and states to which your data can be transferred, duration of the processing, use of cookies, applicable data security rules and details regarding your rights. These sections are the same for all data processing operations, regardless of your capacity.

2. How we process your data depending on your capacity and for what purposes  

Depending on your capacity, BCR will process your data for various purposes and legal grounds, as provided below:

Please read the section regarding the use of cookies available here

A. To fulfill our legal obligations, for the following purposes:

  • to comply with the applicable statutory rules in the banking sector in order to meet the requirements regarding the "know-your-client" process; to prevent money laundering and the financing of terrorism, to report daily the transactions in accordance with the applicable laws; to manage conflicts of interest; to manage the controls carried out by authorities with regard to the relationship with the employees;
  • administrative-financial management purposes;
  • to store/deposit (prior to archiving) and to archive pursuant to the legal provisions the contractual documentation (including ensuring the operations connected to these activities) and/or of documents that contain personal data;
  • internal audit;
  • to ensure security on the premises of BCR and its branches;
  • to fulfill all of BCR's obligations regarding the banking supervision obligation over BCR and the reporting obligation towards the supervisory authorities; to comply with the national and European prudential requirements applicable to credit institutions;
  • to manage data quality;
  • to manage the relations with the public authorities or with other persons who provide a public service (bailiffs, notaries, etc.);
  • to implement technical measures for ensuring the security of personal data (including by making back-up copies).

B. In order to conclude and enforce contracts, for the following purposes:

  • to conclude and execute labor agreements

C. In order to fulfill BCR's legitimate interests in the context of performing its scope of business, for the following purposes:

  • to implement an internal line of reporting non-conformities raised by any person with respect to the offered financial-banking services;
  • to find, exercise and defend certain rights of BCR and/or its branches in courts of law, as well as to gather supporting evidence in this respect;
  • for recruiting and human resources purposes with respect to candidates and BCR employees; for granting benefits to the relevant persons;
  • to carry out mergers and/or acquisitions that involve BCR.

A: In order to fulfill our legal obligations, for the following purposes:

  • to prevent fraud and to guarantee banking secrecy by analyzing/verifying the authenticity of the identity card provided by you; to perform and improve the banking services provided to you by inserting in BCR's information systems the information contained in the identity card, pursuant to the applicable legal requirements in the field;
  • to comply with the legal norms applicable in the banking sector in order to comply with the know-your-client requirements; to prevent money laundering activities and to combat terrorism financing; daily reporting of transactions in accordance with the applicable legislation; to manage conflicts of interests; to manage the controls of the authorities with respect to client relationship;
  • to meet all of BCR's obligations regarding banking supervision to which BCR and Erste group are subject and with BCR's reporting obligations towards the Erste group or the supervisory authorities;
  • to manage the credit risk and the strategic risk by creating a profile for you;
  • to evaluate eligibility for the purpose of offering certain standard or personalized banking products and services (including at the time of the initial offer/approval), by creating a profile that takes into account indicators for evaluating solvability, the credit risk, determining the degree of indebtedness;
  • administrative-financial management purposes;
  • to store/deposit (prior to archiving) and to archive pursuant to the legal provisions governing contractual documentation (including ensuring the related operations to these activities) and/or documents that contain personal data;
  • internal audit;
  • to ensure security on the premises of BCR and its branches;
  • to fulfill all of BCR's obligations regarding the banking supervision obligation over BCR and the reporting obligation towards the supervisory authorities; to comply with the national and European prudential requirements applicable to credit institutions;
  • to manage data quality;
  • to manage the relations with the public authorities or with other persons who provide a public service (bailiffs, notaries, etc.);
  • to implement technical measures for ensuring the security of personal data (including by making back-up copies).
  • to manage liquidities; to optimize the balance sheet and to establish transfer prices; to manage the portfolio;  

B. In order to conclude and enforce contracts, for the following purposes:

  • to carry out any legal relations resulting from the contracts concluded between BCR and you or the company that you represent;
  • to provide online banking services; to perform the banking transactions in good conditions in order to develop/optimize the banking services offered by BCR;
  • to collect/recover debts (as well as preliminary activities, including due diligence activities);
  • to conclude and/or enforce insurance and reinsurance contracts;
  • to adequately monitor all the obligations undertaken by BCR's contractual partners (natural persons) and/or by the clients towards any of the entities in the BCR Group;
  • to manage data quality, including the transmission and/or transfer of information necessary to assess payment capacity and behavior;
  • to make or process payments through the SWIFT system, insofar as the clients request the use of this system;  
  • to manage the relationship with the Client; to transmit the data to the Credit Bureau throughout the management of the crediting relationship

C. In order to fulfill BCR's legitimate interests in the context of performing its scope of business, for the following purposes:

  • to implement an internal line of reporting non-conformities raised by any person with respect to the financial-banking services offered;
  • to improve the banking services provided by improving the internal flows, policies and procedures;
  • for simple marketing purposes, PR and communication, taking polls regarding the banking services, the activity of BCR, the members of the BCR group and contractual third parties;
  • to handle the complaints received from you regarding the banking services; to create a profile for the purpose of presenting the most appropriate products/services;  
  • to transmit the data to the Credit Bureau and to the Central Credit Register throughout the management of the credit relation that falls under the purview of the Credit Bureau rules; to consult the information registered in your name in the Credit Bureau's database by any participant in the Credit Bureau system for the purposes of providing crediting financial-banking services at your request, respectively in order to offer you such products;
  • to find, exercise and defend certain rights of BCR and/or its branches in court, as well as gather supporting evidence in this respect;
  • to carry out mergers and/or acquisitions in which that involve BCR.;
  • to design, develop, test and use existing or new information systems and IT services (including storing the databases in the country or abroad);

A: In order to fulfill our legal obligations, for the following purposes:

  • to prevent fraud and to guarantee banking secrecy by analyzing/verifying the authenticity of the identity card provided by you; to perform and improve the banking services provided to you by inserting in BCR's information systems the information contained in the identity card, pursuant to the applicable legal requirements in the field;
  • to comply with the legal norms applicable in the banking sector in order to comply with the know-your-client requirements; to prevent money laundering activities and to combat terrorism financing; daily reporting of transactions in accordance with the applicable legislation; to manage conflicts of interests; to manage the controls of the authorities with respect to client relationship;
  • to meet all of BCR's obligations regarding banking supervision to which BCR and Erste group are subject and with BCR's reporting obligations towards the Erste group or the supervisory authorities;
  • to manage the credit risk and the strategic risk by creating a profile for you;
  • to evaluate eligibility for the purpose of offering certain standard or personalized banking products and services (including at the time of the initial offer/approval), by creating a profile that takes into account indicators for evaluating solvability, the credit risk, determining the degree of indebtedness;
  • administrative-financial management purposes;
  • to store/deposit (prior to archiving) and to archive pursuant to the legal provisions governing contractual documentation (including ensuring the related operations to these activities) and/or documents that contain personal data;
  • internal audit;
  • to ensure security on the premises of BCR and its branches;
  • to fulfill all of BCR's obligations regarding the banking supervision obligation over BCR and the reporting obligation towards the supervisory authorities; to comply with the national and European prudential requirements applicable to credit institutions;
  • to manage data quality;
  • to manage the relations with the public authorities or with other persons who provide a public service (bailiffs, notaries, etc.);
  • to implement technical measures for ensuring the security of personal data (including by making back-up copies).
  • to manage liquidities; to optimize the balance sheet and to establish transfer prices; to manage the portfolio;  

B. In order to conclude and enforce contracts, for the following purposes:

  • to carry out any legal relations resulting from the contracts concluded between BCR and you or the company that you represent;
  • to provide online banking services; to perform the banking transactions in good conditions in order to develop/optimize the banking services offered by BCR;
  • to collect/recover debts (as well as preliminary activities, including due diligence activities);
  • to conclude and/or enforce insurance and reinsurance contracts;
  • to adequately monitor all the obligations undertaken by BCR's contractual partners (natural persons) and/or by the clients towards any of the entities in the BCR Group;
  • to manage data quality, including the transmission and/or transfer of information necessary to assess payment capacity and behavior;
  • to make or process payments through the SWIFT system, insofar as the clients request the use of this system;  

C. In order to fulfill BCR's legitimate interests in the context of performing its scope of business, for the following purposes:

  • to implement an internal line of reporting non-conformities raised by any person with respect to the financial-banking services offered;
  • to improve the banking services provided by improving the internal flows, policies and procedures;
  • for simple marketing purposes, PR and communication, taking polls regarding the banking services, the activity of BCR, the members of the BCR group and contractual third parties;
  • to handle the complaints received from you regarding the banking services; to create a profile for the purpose of presenting the most appropriate products/services;  
  • to transmit the data to the Credit Bureau and to the Central Credit Register throughout the management of the credit relation that falls under the purview of the Credit Bureau rules; to consult the information registered in your name in the Credit Bureau's database by any participant in the Credit Bureau system for the purposes of providing crediting financial-banking services at your request, respectively in order to offer you such products;
  • to find, exercise and defend certain rights of BCR and/or its branches in court, as well as gather supporting evidence in this respect;
  • to carry out mergers and/or acquisitions in which that involve BCR;
  • to design, develop, test and use existing or new information systems and IT services (including storing the databases in the country or abroad)

A: In order to fulfill our legal obligations, for the following purposes:

  • to comply with the applicable statutory rules in the banking sector in order to meet the requirements regarding the "know-your-client" process; to prevent money laundering and the financing of terrorism, to report daily the transactions in accordance with the applicable laws; to manage conflicts of interest; to manage the controls carried out by authorities with regard to the relationship with the partners;
  • to meet all of BCR's obligations regarding banking supervision to which BCR and Erste group are subject and with BCR's reporting obligations towards the Erste group or the supervisory authorities;
  • administrative-financial management purposes;
  • to store/deposit (prior to archiving) and to archive pursuant to the legal provisions governing contractual documentation (including ensuring the related operations to these activities) and/or documents that contain personal data;
  • internal audit;
  • to ensure security on the premises of BCR and its branches;
  • to fulfill all of BCR's obligations regarding the banking supervision obligation over BCR and the reporting obligation towards the supervisory authorities; to comply with the national and European prudential requirements applicable to credit institutions;
  • to manage data quality;
  • to manage the relations with the public authorities or with other persons who provide a public service (bailiffs, notaries, etc.);
  • to implement technical measures for ensuring the security of personal data (including by making back-up copies).

B. In order to conclude and enforce contracts, for the following purposes:

  • to carry out any legal relations resulting from the contracts concluded between BCR and you or the company that you represent;
  • to collect/recover debts (as well as preliminary activities, including due diligence activities);
  • to conclude and/or enforce insurance and reinsurance contracts;
  • to adequately monitor all the obligations undertaken by BCR's contractual partners (natural persons) and/or by the clients towards any of the entities in the BCR Group;

C. In order to achieve BCR's legitimate interests in the context of the carrying out its scope of business, for the following purposes:

  • to implement an internal line of reporting non-conformities raised by any person with respect to the financial-banking services offered;
  • to improve the banking services provided by improving the internal flows, policies and procedures;
  • to find, exercise and defend certain rights of BCR and/or its branches in court, as well as gather supporting evidence in this respect;
  • to carry out mergers and/or acquisitions in which that involve BCR;
  • to design, develop, test and use existing or new information systems and IT services (including storing the databases in the country or abroad)
  • to find, exercise and defend certain rights of BCR and/or its branches in court, as well as gather supporting evidence in this respect;
  • to handle the complaints received regarding BCR's services.

A: In order to fulfill our legal obligations, for the following purposes:

  • to comply with the legal norms applicable in the banking sector in order to comply with the know-your-client requirements; to prevent money laundering activities and to combat terrorism financing; to manage conflicts of interests; to manage the controls of the authorities;
  • to meet all of BCR's obligations regarding banking supervision to which BCR and Erste group are subject and with BCR's reporting obligations towards the Erste group or the supervisory authorities;
  • administrative-financial management purposes;
  • to store/deposit (prior to archiving) and to archive pursuant to the legal provisions governing contractual documentation (including ensuring the related operations to these activities) and/or documents that contain personal data;
  • internal audit;
  • to ensure security on the premises of BCR and its branches;
  • to fulfill all of BCR's obligations regarding the banking supervision obligation over BCR and the reporting obligation towards the supervisory authorities; to comply with the national and European prudential requirements applicable to credit institutions;
  • to manage data quality;
  • to implement technical measures for ensuring the security of personal data (including by making back-up copies).

B. In order to conclude and enforce contracts, for the following purposes:

  • to carry out any legal relations resulting from the contracts concluded between BCR and you or the company that you represent;
  • to adequately monitor all the obligations undertaken by BCR's contractual partners (natural persons)

C. In order to fulfill BCR's legitimate interests in the context of performing its scope of business, for the following purposes:

  • to implement an internal line of reporting non-conformities raised by any person with respect to the financial-banking services offered;
  • to find, exercise and defend certain rights of BCR and/or its branches in court, as well as gather supporting evidence in this respect;
  • to carry out mergers and/or acquisitions in which BCR participates
  • to design, develop, test and use existing or new information systems and IT services (including storing the databases in the country or abroad)
  • to handle the complaints received regarding BCR's projects

A: In order to fulfill our legal obligations, for the following purposes:

  • to comply with the legal norms applicable in the banking sector in order to comply with the know-your-client requirements; to prevent money laundering activities and to combat terrorism financing; to manage conflicts of interests; to manage the controls of the authorities;
  • to ensure security on the premises of BCR and its branches;
  • to manage the relations with the public authorities or with other persons who provide a public service (bailiffs, notaries, etc.);
  • archiving purposes;
  • internal audit;
  • to fulfill all of BCR's obligations regarding the banking supervision obligation over BCR and the reporting obligation towards the supervisory authorities; to comply with the national and European prudential requirements applicable to credit institutions;
  • to manage data quality;
  • to implement technical measures for ensuring the security of personal data (including by making back-up copies);
  • to meet all of BCR's obligations regarding banking supervision to which BCR and Erste group are subject and with BCR's reporting obligations towards the Erste group or the supervisory authorities.

B. In order to achieve BCR's legitimate interests in the context of carrying out its scope of business, for the following purposes:

  • to implement an internal line of reporting non-conformities raised by any person regarding you;
  • to improve the banking services provided by improving the internal flows, policies and procedures;
  • for simple marketing purposes, PR and communication, taking polls regarding the banking services, the activity of BCR, the members of the BCR group and contractual third parties;
  • to handle the complaints received from you;
  • to find, exercise and defend certain rights of BCR and/or its branches in court, as well as gather supporting evidence in this respect;
  • to carry out mergers and/or acquisitions in which BCR participates
  • to design, develop, test and use existing or new information systems and IT services (including storing the databases in the country or abroad)

BCR processes the personal data provided directly by you, as well as data generated based on them, such as the client identification code, trading data, information resulting from non-conformities reported by any person. We may collect your personal data when you use our website and in the context of carrying out the contractual relations concluded with you and of providing the services in which you are involved by BCR. 

The refusal to provide personal data may determine the impossibility of BCR to provide the banking services and/or to fulfill the other processing purposes.

There are certain processing purposes for which BCR is required by law to obtain your consent. BCR will obtain this consent by different means, for example, by asking you to sign a privacy notice provided by BCR when you visit a BCR branch or through BCR's website (online). The consent given in this way may be withdrawn at any time, and BCR will respect your preferences. The purposes for which BCR is most likely to need your consent are: for the processing of the personal identification number, including for the transfer of this category of data, in states within EU/EEA and outside EU/EEA, to the extent where consent must be given pursuant to the legal requirements - this processing activity is necessary in order to fulfill BCR's obligations regarding the provision of banking services and ensuring the unique identification of persons in the BCR systems, ensuring banking secrecy; direct marketing, advertising by way of offering/promoting the most suitable products and services of BCR, of the BCR group, of partners and of the Erste group, including the transmission by BCR of commercial communications to this end; accessing your data in the Central Credit Register (CCR), Credit Bureau, National Fiscal Administration Agency, and any other databases made available by public entities pursuant to the law concerning your person, in order to evaluate whether you are eligible for standard or customized products and services.

In order to fulfill the purposes of the processing activities, BCR may disclose certain categories of personal data to the following categories of recipients: data subject and/or his/her legal representatives, BCR representatives, entities of the BCR Group, judicial authorities or other public authorities of any kind, international organizations, providers of services and goods, banking companies, credit bureaus, debt collection or debt recovery agents, insurance and reinsurance companies, professional organizations, market research organizations, other contractual partners and/or processors of BCR.

At the present time, in order to fulfill the aforementioned purposes, BCR may transfer certain categories of personal data outside Romania, in member states within EU/EEA: Austria, Czech Republic, Hungary, Croatia, Belgium, Germany, United Kingdom, as well as outside the EU/EEA to the United States of America. For transfers outside the EU/EEA, BCR's transfers of personal data will be based on the standard contractual clauses adopted at the level of the European Commission or on other guarantees acknowledged by law.

There is a possibility that the aforementioned transfer states may change in the ordinary course of our business. In this case the list of transfer states mentioned above will be updated.

In order to fulfill the aforementioned processing purposes, BCR may process personal data during the provision of the banking services, as well as thereafter, in order to comply with its legal obligations, including, without limitation, the provisions relative to archiving. It is possible that, after the expiration of the archiving periods set forth by law, BCR may order for the data to be rendered anonymous and be deprived of a personal nature, and to continue processing the anonymous data for statistical purposes.

This website uses cookies. More details on cookies and on how they are used can be found here.

Your personal data is very important to BCR and BCR wants to ensure the appropriate security of the data during the processing operations. In this respect, BCR implements technical and organizational measures for protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

  • The right to be informed, respectively the right to receive details regarding the processing activities of BCR, as described herein;
  • The right to access the personal data, respectively the right to obtain confirmation from BCR regarding the processing of personal data, as well as details regarding the processing activities;
  • The right to request rectification, respectively the right to obtain rectification from BCR of personal data if it is inaccurate, as well as completing incomplete data;
  • The right to erasure of data (''right to be forgotten''), subject to certain conditions provided by law - but it is possible that, following a request to delete the data, BCR may render the data anonymous (thus depriving it of a personal nature), and in these conditions to continue processing for statistical purposes;
  • starting May 25, 2018, the right to restrict the processing to the extent that the conditions provided by law are met;
  • starting May 25, 2018, the right to data portability , respectively: (i) the right to receive the personal data in a structured, commonly used and machine-readable format as well as (ii) the right to have the data transmitted by BCR to another controller to the extent that the conditions provided by law are met;
  • the right to object - in what concerns the processing activities for direct marketing purposes, including profiling activities. The right to object may be exercised at any time by submitting a request as indicated below;
  • the right not to be subject to an automatic individual decision , respectively the right not to be subject to a decision based solely on automated processing;
  • the right to address the National Supervisory Authority For Personal Data Processing or the competent courts, in case you consider it necessary.

For further details on the processing activities carried out by BCR, and on the rights that you have in this respect, please send a request (in hard copy/electronic form by email) to dpo@bcr.ro.

You can also contact BCR's Data Protection Officer at: dpo@bcr.ro

If you have any suggestions regarding this Privacy Policy we encourage you to send them to: dpo@bcr.ro