On the Procedure for Protection of Personal Data of PrivatBank Clients
At PrivatBank, we understand the value of privacy and the importance of personal data protection. To help you understand the intricacies of personal data processing, we have prepared this Notification of the procedure for protection of personal data and privacy of PrivatBank clients (hereinafter - “Notification”).
This Notification is created for visitors and users of PrivatBank's websites, web services and applications, as well as for potential, current, and former clients of PrivatBank (hereinafter - “Client” or “you”).
In the Notification, you will find the answers to questions regarding the purpose of processing, composition of personal data, reasons for processing, etc. Here we will also tell you about the data we process.
1. Who owns the personal data?
The owner of the personal data is JSC CB “PRIVATBANK” (hereinafter – “PrivatBank”, “Bank” or “we”), a banking institution registered in Ukraine, EDRPOU code 14360570, address: 1D Hrushevsky St., Kyiv, 01001.
If you have any questions regarding the processing of your personal data, you can send us a letter to the above address or contact us via any communication channel specified on the Bank’s official website: https://privatbank.ua.
You can also send an email to firstname.lastname@example.org regarding your personal data processed by the Bank.
2. What personal data do we process?
While providing our services and conducting business activities, we process various categories of personal data. In this section, you will find detailed information on the data we process.
Identification data and contact details:
- Last name, first name and patronymic (hereinafter - “Full name”);
- Date of birth;
- Passport series and number, date and place of its issuance;
- Place of registration, place of residence (if it differs from the place of registration);
- Copy of the passport;
- Copy of the certificate of taxpayer identification number assignment, place and date of its issuance, as well as the identification number itself;
- Mailing address;
- Telephone number; and
- E-mail address.
- Bank account number;
- Information on payments and transactions;
- Transaction history;
- Credit and other liabilities.
Data necessary for initial financial monitoring and for verification as the Bank’s client:
- Full name;
- Place of residence, stay, or registration;
- Taxpayer’s identification number;
- Place of tax residence;
- Information collected during due diligence check: business relationships and business activities of the Client, cash flows, accuracy of information, information on social media;
- Information obtained from sanction lists;
- Status of a politically exposed person; etc.
Data on education and family:
- Information on education;
- Information on marital status and family members.
Data on professional activities:
- Profession, position;
- Work experience.
Data related to contractual obligations to the Bank:
- Information on the services provided;
- Information on fulfillment of or failure to fulfill the contractual obligations;
- Information on the use of ATMs, SSTs, other service equipment, mobile applications, as well as on branch visits;
- Submitted applications, inquiries, and complaints.
Data related to the use of the Bank's services:
- Information on the products and services used;
- Information on the habits, interests, benefits, satisfaction or dissatisfaction with the services provided.
Data related to participation in contests, raffles, lotteries and promotional offers:
Information related to competitions, raffles, lotteries, and promotional offers, including the announcement of winners and awarding prizes to winners.
Data collected in the course of communication with the Bank:
Letters and e-mails received, telephone conversations (with or without audio recording) conducted in the course of communication with the Bank, as well as information about the devices and technologies used.
Data obtained from public sources:
Information from open public databases.
Data contained in the documents:
Information stored in printed and electronic documents received by the Bank.
Sensitive categories of the personal data:
We may process information on racial or ethnic origin, political and religious beliefs, worldview attitudes, membership in political parties and trade unions, criminal convictions, as well as information relating to health, sexual life, biometric or genetic data, if permitted by law.
We do not normally process sensitive categories of personal data, but if we need such information to provide a particular service we will ask for your consent to the processing of such data.
Technical data of websites and mobile applications (when you use the Bank's websites and applications, we automatically process certain data).
These include information about:
- Browser and device - we collect information about the device (type, model, IP address, MAC address, etc.) and the browser (type, version, language, etc.) that you use;
- Use of our website or mobile application (for personal data processed during the use of Privat24 mobile application, see Paragraph to this Notification) - we collect information about the use of our website or application, including any actions taken by you on a particular website or application;
Data collected for security control within the Bank:
- Information obtained through video recordings made in our premises and on our territory, near the ATMs and SSTs, including videos, time, and place;
- Information obtained from the ATMs and SSTs, including videos, time, and place.
3. What is the purpose and reason for the personal data processing?
Before processing the personal data, we always determine the purpose and reason for the processing. Processing of the personal data is legal if we process personal data for at least one of the following reasons:
- To enter into and perform the contract in order to provide a relevant service (hereinafter - the “legal transaction”);
- To fulfill the Bank’s obligations stipulated by law (hereinafter - the “law”);
- On the basis of your consent (hereinafter - “consent”);
- To pursue the legitimate interests of the Bank or a third party, except when the need to protect the fundamental rights and freedoms of the personal data subject outweighs such interests in connection with the processing of his / her data (hereinafter - “legitimate interests”);
- To protect your vital interests;
- If we have been granted a permit to process data in accordance with the law solely for the exercise of our powers.
Provision of services
Economic and administrative activities
|To identify potential clients and groups of clients, assess and verify them, analyze and predict personal preferences, interests, behavior, and reliability||Legitimate interests|
4. Do we share your data with third parties?
We do not plan to share the personal data with third parties. Most of the data are processed within PrivatBank only by employees having the appropriate access. However, please note that we can share the personal data with third parties in the following cases:
Security, legal grounds, execution of a law.
Your personal data are transferred to third parties in the cases where it is necessary to:
- Comply with official requirements of public authorities and local governments within their competence, court decisions, or relevant laws;
- Protect PrivatBank from complaints by third parties, without prejudice to your rights and freedoms;
With your consent.
With your consent, we may share the personal data with third parties. The terms and time of the data transfer must be set forth in such consent.
Third party services.
From time to time, we may use the services of third parties to process the personal data. Such services may include research, analytics, cookies, e-mails, etc. If we use any third-party data processing services, we conclude relevant data processing agreements in which we require that any third party should take appropriate technical and organizational measures to protect your personal data.
Change of the data ownership.
We do not sell your data to any company or organization but we may transfer your personal data to a successor. In such a case, we will notify you that your personal data will be transferred, and their processing will thus be covered by another notification of the processing of personal data. You will be able to refuse the transfer of your data to a new owner.
5. How do we process your data?
In this section, you will learn how, where, and for how long we store and protect your personal data.
We use a variety of security measures to protect the personal data we process. We have implemented operational and technical measures to restrict access to your data:
- In PrivatBank, personal data are classified as limited access information;
- PrivatBank has implemented a strict policy regulating the processing of the personal data;
- The data we collect are available only to authorized employees;
- The Bank has the Information Security Management System and the Private Information Management System.
- Personal data are stored in the secure data warehouses;
- We use encryption as one of the means of data protection;
- In some cases, we use pseudonymization;
- We use certain types of controlled policies for technical access to databases where the personal data can be stored.
Retaining of your data.
We retain your data for the time necessary to fulfill the purpose of the data processing in accordance with this Notification.
The data are stored in Ukraine and are not transferred abroad.
Please note that certain personal data may be retained even after fulfillment of the purpose of processing specified in the Notification, if this is required by the legislation of Ukraine.
6. What rights do you have regarding your personal data?
If you want to access, view, update, correct, or remove your personal data that we store, or to use any other rights stipulated in Article 8 of the Law of Ukraine “On Personal Data Protection” No. 2297-VI of June 1, 2010, contact us using the contact details listed in the Section 1 hereof.
If you are not satisfied with the way we process your data, you are entitled to file a complaint with the supervisory authority. In Ukraine, such supervisory authority is the Ukrainian Parliament Commissioner for Human Rights. To write a complaint, use the Procedure for filing a petition to the Ukrainian Parliament Commissioner for Human Rights.
How can I remove my personal data?
We exercise your right to remove your personal data to the extent permitted by law. If we have a legal obligation that exceeds your request, we will comply with the law. This means that we will not be able to satisfy your request if we process your personal data on the basis of a legal transaction or a law.
7. What changes can be made to the Notification?
If the current legislation of Ukraine or our procedures for processing of the personal data change significantly, we will make changes to this Notification. You will be informed on all changes related to processing of the personal data by the Bank.
8. List of the data and the purposes of data processing in Privat24
In the process of using Privat24, a Client may be requested to provide the following data or access to a Client's mobile device for the following purposes:
|List of data and accesses||Purposes of obtaining information or accesses|
|Client's location, geolocation, exact location coordinates, approximate location coordinates||To search for the Bank’s branches, ATMs or SSTs, to call and order a taxi, to build a taxi route, to determine the Client’s location, to search for the nearest gas station, to search for Discount Club partner retailers, to search for Bonus Plus partner retailers, to increase the level of security, etc.|
|Access to camera of a Client's mobile device, access to the media library of the mobile device||To create photo documents, to create or save images or photos, to save media and images on a Client's mobile device, to display a Client's photos in Privat24, to add a payment template, to scan a QR code, to configure FacePay24 for making payments using a Client’s image, to ensure video verification of new clients|
|Access to microphone, volume adjustment, and connection settings||For video verification of new clients of the Bank|
|Read-only access to a Client's mobile device status, including mobile device phone number, current mobile device network information, status of all current calls, and list of all accounts registered on a Client's mobile device||To increase the level of security in Privat24, to auto-fill a mobile phone number when logging in to Privat24|
|Contacts saved on a Client's mobile device||To use the list of a Client's contacts for auto-filling of a phone number in the Top up menu (mobile top-up)|
|Client's e-mail address||To display a Client's e-mail address in Privat24 for communication|
|Client's SMS messages||For auto-filling of one-time password (OTP) in Privat24|
|Client's photo|| |
To display a photo: