We use the necessary cookies for the operation of our site. We would also like to set additional cookies to help us improve our site. Read more about cookies in our Notification of Cookie Processing.
The JSC CB PrivatBank (hereinafter - “PrivatBank”, “Bank” or “we”) shall be the data controller. PrivatBank is the banking institution registered in Ukraine, the USREOU code is 14360570, located at the address: 01001, Hrushevskoho street, 1D, Kyiv.
In case you have any questions about the processing of your personal data, you can contact us by any channel of communication indicated at our official website – https://privatbank.ua/about/contacts. You can also send us a letter to our registered address or visit the nearest branch.
In the course of providing our services and conducting business activities, we process various categories of personal data. Data may be received in the course of establishing and implementing business relations with the Bank, while making payments and other financial transactions, taking financial monitoring measures, or personal data may be received from other sources.
In particular, the Bank processes the following categories of personal data:
Profile Data of the Customer Who Is an Individual
Profile Data of the Customer Who Is a Legal Entity
Data Obtained in the Course of Providing Services
Data Obtained in the Course of Financial Monitoring Procedures
Data Obtained in the Course of Providing Banking Services
Data Related to the Customer Credit History
Image of the Customer
Voice of the Customer
Data Obtained from Public Sources
Data Collected for Controlling the Security within the Bank
Data Obtained When Operating with Credit Obligations
Data Contained in the Documents
Technical Data from Websites and Mobile Apps
Data Related to Other Legal Relations with the Bank
Data Which the Bank Generates in the Process of Servicing Customers
Sensitive Categories of Personal Data
We usually do not process sensitive categories of personal data, unless you give your consent or in case of having other grounds stipulated by the current legislation, we may process such categories of personal data. Particularly, sensitive data may be processed in the following cases:
In addition, the Bank, due to the provision of services, may obtain the data and documents that might indirectly indicate racial or ethnic origin, political, religious, or ideological convictions, membership in political parties and trade unions, exposure to administrative or criminal punishment, and the data related to health, sex life, biometric or genetic data.
In particular, the Bank may obtain such data from payment purposes, customer agreements, (such as insurance agreement), or documents provided by the customer. The Bank neither collects nor processes such information intentionally.
Before we process personal data, we always determine the relevant purpose and grounds for processing. Personal data is processed lawfully if we process personal data on at least one of the following grounds:
Providing financial and banking services
We process personal data to provide you with the following financial and banking services:
Ground for processing: Conclusion and Execution of a Legal Agreement.
Related actions for the provision of services
Related actions are included and required as part of the provision of services. These related measures are:
Ground for processing: Conclusion and Execution of a Legal Agreement.
Compliance with Legislative Requirements
Pursuant to the current legislation, in the course of the provision of services the Bank is obliged to take various measures which include the following:
Ground for processing: Legislative Requirements.
Protecting the Bank’s Legitimate Interests during the provision of services
Besides, when providing its services, the Bank may process personal data required for the protection of Legitimate Interests, in particular:
Ground for processing: Legitimate Interests.
The major part of the data is processed within PrivatBank and only by authorized employees who were appropriately trained and passed the course on personal data protection, have relevant permits and rights of access, and have legal obligations on non-disclosure of confidential information.
Nevertheless, consider that personal data may be transferred to third parties in compliance with the following:
Legal grounds, security requirements, law enforcement.
In particular, personal data may be transferred to third parties for the reason of:
Changing the data controller.
We shall not sell your personal data to any company or organization, nevertheless, we may transfer your personal data to a legal successor. In such a case, you shall be informed on the matter that your personal data shall be transferred, therefore, it is the subject of another notice on personal data processing.
In case we use the services provided by third parties.
We at times may use the services provided by third parties in order to process personal data. These services may include storage and/or cloud services, research, analytics, cookies, emailing, etc. If any of the services of the third parties are involved in the data processing, we shall sign data processing agreements in which we require any third party to take appropriate technical and organizational measures so that your personal data would be protected.
By your consent.
If you have given your permission, we may transfer personal data to third parties. The terms and conditions for the transfer shall be bound by your consent.
We apply various security measures in order to protect the personal data which we process. We’ve implemented the following organizational and technical measures to restrict access to your personal data:
Your rights in the respect of personal data protection are set out in Article 8 of the Law of Ukraine “On Protection of Personal Data”. Pursuant to Article 8 mentioned hereabove, you have the following rights:
1. to know the sources of collection and location of your personal data, purpose for the processing, location or place of residence (habituation) of the data controller or the data processor or to be able to make an appropriate assignment to the authorized persons to obtain this information, excluding the cases defined by current legislation;
2. to obtain information on the conditions for granting the access to personal data, including information which is related to the third parties to whom this personal data shall be transferred;
3. to have access to your personal data;
4. to receive a response on whether the personal data is being processed, and to receive the content of such a personal data, but no later than thirty calendar days from the day when the relevant request has been made, excluding the cases stipulated by the current legislation;
5. to make a reasonable claim to the personal data controller objecting against the personal data processing;
6. to make a reasonable claim regarding alteration or destruction of the personal data to any data controller or/and data processor, if personal data is being processed illegally or the data is unreliable;
7. to protect your personal data from illegal processing or from an accidental loss, destruction, damage which is related to the intentional concealment, non-provision or an untimely provision of the personal data, and to protect from the provision of an unreliable information or information which dishonors dignity, honor or business reputation of an individual;
8. to file claims regarding the processing of personal data to the Ukrainian Parliament Commissioner for Human Rights or to court;
9. to apply legal remedies in case if the legislation on the protection of personal data is violated;
10. to make precautions in the respect of the limitation for the right to process your personal data in the course of giving your consent thereto;
11. to withdraw your consent to process your personal data;
12. to know how the mechanism for an automatic personal data processing operates;
13. to be protected from an automated decision when it has legal consequences.
If you wish to have access, review, update, correct, or delete your personal data which we store, or if you would like to exercise any other rights defined in Article 8 of the Law of Ukraine “On Protection of Personal Data” No. 2297-VI dated by June 1, 2010, address us using the contact details specified in section 1 herein.
If you are not satisfied with how we process your personal data, you are granted the right to make a claim to the supervisory authority. In Ukraine, the supervisory authority is the Ukrainian Parliament Commissioner for Human Rights. To file your claim, visit the official website of the Ukrainian Parliament Commissioner for Human Rights.
We are exercising your right to deletion of your personal data to the extent, permitted by law. If we have a legal obligation which prevails over your request for the deletion, then we shall comply with the current legislation. Which means, we shall not be able to satisfy your request if your personal data are being processed on the basis of legal agreement or in compliance with the current legislation.
This Notice was developed and posted in accordance with the requirements set out in the legal regulatory acts and regulations of the National Bank of Ukraine on the way banks provide information to their customers in the respect of banking and other financial services.
If any amendments take place in the current legislation of Ukraine or if the Bank makes any significant changes in the respect of personal data processing, then, we shall amend this Notice. You will be informed about all the amendments and changes made by the Bank in the respect of processing your personal data.