Information notice
In accordance with the Law on Data Protection ("Official Gazette of RS" No. 87/2018, hereinafter: Law) and UniCredit Group data protection standards, we are providing you following information related to the processing of personal data related to you (hereinafter: Data Subject) by UniCredit Bank Serbia JSC Belgrade (hereinafter: the Bank):
Data Controller
UniCredit Bank Serbia JSC Belgrade, Rajićeva St. no. 27-29, Company number: 17324918.
Data Protection Officer
Within the implementation of the personal data protection standard imposed by Law and UniCredit Group, the Bank has appointed a Data Protection Officer to whom you may address any questions and requests related to your personal data at:
Email: dpo@unicreditgroup.rs
Mail: Jurija Gagarina 12, 11070 Novi Beograd
Categories of personal data being processed
The Bank processes the following categories of personal data:
- Basic data (for example: first name, last name, address, date of birth, personal identification number, personal document data, etc.)
- Contact data (for example: phone number, e-mail address, etc.)
- Employment and assets data (for example: employment status, occupation, etc.)
- Data related to family status and family members (in case of loan products for individual clients)
- Audio and video recordings (for example: video recording of the Bank's business premises, recordings of conversations via the Bank's Contact Center, etc.)
The categories of data processed by the Bank depend on the type of business relationship.
The Bank processes the personal data it collects from the Data Subject when establishing a business relationship, as well as during business cooperation. Additionally, the Bank processes data collected from third parties (eg the Credit Bureau of the Association of Serbian Banks, Serbian Business Registers Agency and other publicly available sources, the Real Estate Cadastre, etc.).
Purpose and legal basis of processing
The Bank processes personal data for the following purposes and in accordance with the legal bases below:
- in order to conclude a business relationship, at the request of the Data Subject, as well as in order to perform the rights and obligations arising from the business relationship between the Bank and the Data Subject. Bearing the above in mind, in this particular case, the provision of personal data by the Data Subject is necessary in order to enter into a business relationship and/or to exercise the rights and obligations arising from the business relationship between the Bank and the Data Subject. In case of failure to provide the necessary data, the Bank is not able to enter into a business relationship or perform the rights and/or obligations arising from it.
- fulfilling the Bank's legal obligations (in accordance with the Law on Data Protection and other relevant laws governing the bank's operations, such as the Law on the Prevention of Money Laundering and Financing of Terrorism , Law on the Payment Services, etc.). Bearing the above in mind, in this particular case, the provision of personal data by the Data Subject is necessary in order to fulfill the Bank's legal obligations. In case of failure to provide the necessary data, the Bank is unable to enter into a business relationship.
- realization of the legitimate interests of the Bank or third parties, unless these interests are overridden by the interests or fundamental rights and freedoms of the data Subject, who require the protection of personal data, for example in the following cases:
- video surveillance of business premises and the area around them in order to protect the assets of the Bank and its clients
- for the purpose of undertaking activities of early detection and prevention of fraudulent actions and in this sense also exchange of personal data and other relevant information with the members of the Forum for the prevention of abuses in credit affairs of the Chamber of Commerce of Serbia)
- For the purpose of defending the bank's legal interests in a dispute before competent authorities and institutions
In connection with the processing of personal data based on the legitimate interest of the Bank or third parties, the Data Subject has the right to submit an objection at any time if he considers it necessary in relation to his particular situation. In the event of an objection, the Bank will suspend further processing of personal data for the stated purposes, unless there are legal reasons for processing that prevail over the interests, rights and freedoms of the Data Subject or are related to the submission, realization or defense of a legal claim.
- In the case of the consent of the data Subject, in accordance with the scope and for the purpose defined within the consent itself (for example for the purpose of direct marketing). The provision of data for the stated purposes is not necessary in order to enter into a business relationship with the Bank, and the processing of this data is provided only in the case of the consent of the Data Subject, which can be withdrawn at any time. Bearing the above in mind, failure to provide personal data for the stated purposes will not produce any negative consequences for the Data Subject.
The Data Subjects are obliged to submit to the Bank, independently or at the Bank's request, accurate and up-to-date personal data relating to them. In the event that the Data Subjects provide the Bank with inaccurate and out-of-date personal data related to them, there may be risks associated with the disclosure of data about the Data Subjects to third parties.
The Bank can, especially in the case of certain types of products (e.g. in the case of contracting financial services using means of remote communication), make a decision automatically due to the specifics of those products, the way of applying for those products and other characteristics of the product realization process (especially with regard to the decision deadlines). If the person to whom the data refers wants additional information about the logic used during automated decision-making and the main factors that are taken into account during such data processing, he can contact the Controller in the manner defined in the section on the Rights related to personal data processing according to the procedure described in the part of the Way of exercising the rights of Data Subject of this information notice.
Personal Data recipients
The Bank has a right to forward the personal data of the Data Subject, as well as the data on his/her related parties, documents related to Data Subject, as well as other data being considered as Bank secret, the data on obligations per contracts concluded between the Bank and the Data Subject as well as on the manner of their settlement and the abiding to contractual clauses to:
- employed and engaged persons in the Bank (who, in accordance with the nature of the work they perform, must have access to such data in order to fulfill contractual and legal obligations, as well as to realize the legitimate interests of the Bank and third parties), members of the Bank's bodies and shareholders of the Bank;
- To UniCredit Group members whose updated list can be found on the following website https://www.unicreditgroup.eu/consent;
- Competent regulatory authorities and organizations (National Bank of Serbia, Securities Commission, Administration for the Prevention of Money Laundering, tax, judicial and other authorities, e.g. public enforcers, external auditor of the Bank, who due to the nature of the work they perform must have access to such data, as well as other organizations, such as the Forum for the Prevention of Abuses in Credit Businesses at the Serbian Chamber of Commerce);
- Public information systems - e.g. The unique register of accounts of natural or legal persons at the National Bank of Serbia, information systems of the Association of Serbian Banks (eg Credit Bureau), Serbian Business Registers Agency, Real Estate Cadastre;
- in certain cases, depending on the business relationship and to certain third parties with whom the Bank has concluded an Agreement that regulates the handling of confidential data, and whose up-to-date and complete list can be found on the Bank's website https://www.unicreditbank.rs in the segment "Data protection".
Personal data may be transferred from the Republic of Serbia to other countries or international organizations only in accordance with the rules of the current regulation, e.g. if it is determined that another country or international organization provides an adequate level of protection of personal data, the transfer is carried out without the prior approval of the competent authority, and with the conclusion of a contract that regulates handling of confidential data, i.e. personal data. If the transfer is carried out to another country for which the existence of an appropriate level of protection has not been established, it is carried out with the provision of appropriate data protection measures, e.g. through standard contractual clauses drawn up by the Commissioner for Information of Public Importance and Personal Data Protection (hereinafter: Commissioner) in accordance with the Law or the application of legally binding acts drawn up between the authorities of two states, if they exist.
Personal data retention period
The Bank will process personal data collected for the purpose of execution of rights and obligations from the business relationship until the business relationship between the Bank and the Data Subject is valid except in cases when the Bank is obliged to keep the data even after the business relationship with the Data Subject is ended, based on the law (e.g. Law on Prevention of Money Laundering and the Financing of Terrorism which prescribes the obligation to keep the data and documentation in relation to a customer, for at least 10 years from the date of termination of the business relationship, execution of a transaction, and similar), Data Subject consent or legitimate interest (e.g. in case of legal dispute of the Data Subject with the Bank).
The personal data being processed only based on Data Subject consent are being processed in accordance with the purpose they have been collected for, i.e. until the Data Subject withdraws his/her consent.
Data Subject rights related to personal data processing
Data Subject has a right to access the personal data being processed by the Bank.
In cases stipulated by the regulation in the area of personal data protection, the Data Subject has a right to require rectification, update, erasure, i.e. permanent, irreversible anonymization of data, as well as right to object and right to restriction of processing.
Under the conditions set by the regulation in the area of personal data protection, the Data Subject has a right to personal data portability, i.e. right to receive the data he/she previously provided to the Bank for the purpose of transfer to another controller, as well as to ask for transfer of his/her data directly to the other controller by the Bank, in case this is technically feasible and if, in accordance with the Bank’s estimation, the relevant security standard of data transfer is ensured.
The Data Subject has the right to object at any time to the Bank's processing of his / her personal data, which is based on the legitimate interest of the Bank, as well as to the processing of his / her personal data processed for direct marketing purposes, including profiling, to the extent that it is related to direct marketing.
In the case of automated decision-making regarding the request of the Data Subject for certain types of products (especially in the case of contracting financial services using means of remote communication), the Data Subject has the right to, in accordance with the Law, and if by that decision, the products legal consequences for that Data Subject or that decision significantly affects his position, express his position in relation to such a decision (including the right to challenge the decision before an authorized person of the Bank) as well as the right to ensure the participation of a natural person employed at the Bank in making the decision.
Way of exercising the rights of the Data Subject
We hereby inform you that requests for the exercise of rights related to the processing of personal data can be submitted to the following addresses:
Email: dpo@unicreditgroup.rs
Mail: Appointed person for the personal data protection, Jurija Gagarina 12, 11070 Novi Beograd, Republic of Serbia
The Bank has a deadline of 30 days (from the day of receipt) to act upon the request of the Data Subject. The specified deadline can be extended by an additional 60 days, if necessary, taking into account the complexity and number of requests. In case of an extension of the deadline, the Bank will inform the Data Subject about the same within 30 days from the date of receipt of the request.
Submitting a request to exercise rights related to the processing of personal data is free of charge. If the request of the Data Subject is clearly unfounded or excessive, and especially if it is repeated frequently, the Bank has the right to charge the necessary administrative costs of providing the information, i.e. acting on the request, or to refuse to act on the request.
If necessary, the Bank has the right to request additional information necessary to confirm the identity of the person submitting the request.
The right to lodge a complaint with a supervisory authority
The Data Subject has a right to lodge a complaint with a supervisory authority (Commissioner for information of public importance and personal data protection) regarding the personal data processing related to him/her.
Freedom of providing consent and possible consequences in case of not providing the consent for personal data processing
Giving consent to the processing of personal data, when such processing is based on consent, is voluntary. Consent can be withdrawn at any time, in the manner in which it was given (in person at a Bank branch, within the mBanking application or by e-mail to the address dpo@unicreditgroup.rs).
The withdrawal of consent does not affect the admissibility of the processing that was carried out on the basis of consent before the withdrawal, as well as the execution of the contract concluded with the Bank, the management of its prescribed obligations, nor the processing based on the legitimate interest of the Bank or a third party.
| DATA SUBJECT REQUEST TEMPLATE1 | 1MB | Download |
| Third parties with whom the Bank has concluded Data Processing Agreement |
|---|
Advokatska kancelarija Aleksić, Grčkoškolska 1, 21000 Novi Sad, Srbija
|
Advokatska kancelarija Andrić, Knez Mihaila 1-3, 11000 Beograd, Srbija
|
Advokatska kancelarija Karanović, Miroslava Antića 5, 21000 Novi Sad, Srbija
|
Advokatska kancelarija Nebojša Radović, Vase Stajića 28, 21101 Novi Sad, Srbija
|
Advokatska kancelarija Tamara V. Simić, Obilićev venac 8, 11000 Beograd, Srbija
|
Društvo za reviziju BDO d.o.o. Knez Mihailova 10, 11000 Beograd, Srbija
|
Preduzeće za spoljnotrgovinsko poslovanje i unutrašnji promet PIS - Poslovni informacioni sistemi doo, Simina 1, 11000 Beograd, Srbija
|
Javno preduzeće "Pošta Srbija", Takovska 2, 11000 Beograd, Srbija
|
UniCredit Services GmbH, Rothschildplatz 4, 1020 Vienna, Austria
|
Combis - IT usluge, Bulevar Arsenija Carnojevića 52a, Beograd, Srbija
|
iFaber, Via Maurizio Quadrio, 17-20154 Milan, Italy
|
PricewaterhouseCoopers Consulting d.o.o. Omladinskih brigada 88a, 11070 Beograd, Srbija
|
Smart plus research Agencije za istraživanje tržišta, Kralja Milana 23, 11000 Beograd, Srbija
|
UniCredit S.p.A, Piazza Gae Aulenti 3-Tower A, I-20154 Milano, Italy
|
SIA Slovakia s.r.o. Digital Park II, Einsteinova 25, 851 01 Bratislava, Slovak Republic
|
Telekom Srbija a.d. Takovska 2, Beograd, Srbija
|
Ernst & Young Advisory S.p.A. Via Meravigli 14, Milano, Italy
|
MaritzCX GmbH, Borselstrasse 18, 22765 Hamburg, Germany
|
Avramović i partneri o.d. Beograd, Sarajevska 31
|
G4S Secure Solutions d.o.o. Bulevar Peka Dapcevica 32, Beograd, Srbija
|
Halcom a.d. Beogradska 39, Beograd, Srbija
|
NSR S.r.l Via Ortigara, 3-00195 Rome, Italy
|
Algotech d.o.o. Požeška 60, 11030 Beograd, Srbija
|
Omnicom Solutions d.o.o, Ljubostinjska 2, Beograd, Srbija
|
Agitavit Solutions doo, Letališka Cesta 33f, Ljubljana, Slovenia
|
AdoptoTech doo, Ljudevita Posavskog, 34a, Zagreb, Croatia
|
TAS Eastern Europe d.o.o, Beograd, Srbija, Bulevar Mihajla Pupina 115ž
|
Comtrade System Integration d.o.o. Beograd, Savski nasip 7, Srbija
|
Payten d.o.o. Beograd – Novi Beograd, Srbija Bulevar Mihajla Pupina 10b/2
|
Robotic Process Automation d.o.o. Jarun 68, Zagreb, Hrvatska
|
Creditexpress doo Beograd, Gavrila Principa 57, Beograd, Srbija |
X Press, Agencija za usluge reklame i propagande Sviderski Slađana Preduzetnik, Varvarinska 8 Beograd |
Udruženje banaka Srbije, Bulevar kralja Aleksandra 86, Beograd |
SIS Software and Services doo Beograd, Kulina Bana 8/1, Beograd |
M PLUS SERBIA DOO Beograd, Tošin bunar 272, Beograd |
UniCredit Bank Serbia JSC
Rajiceva 27-29, 11000 Belgrade, Serbia
Tel: 011 3777 888 (for calls from Serbia)
or +381 113777 888 (for foreign calls)
E-Mail: kontakt@unicreditbank.rs
S.W.I.F.T address: BACXRSBG
Jurisdiction: The court in Belgrade
Registered at: Business Registers Agency
Under authority and jurisdiction of: National Bank of Serbia
Tax identification number: 100000170
UniCredit Bank Serbia JSC regularly checks and updates the information displayed on its website. Despite being careful in order to ensure the accuracy of this information, changing data in the interval between two checks is possible. Therefore, UniCredit Bank Serbia JSC can change the content of the site at any time without prior notice to the users. The same applies to all other web sites to which access is enabled by linking. Connecting with such web sites you do at your own responsibility. UniCredit Bank Serbia JSC is not responsible for the content of web sites accessed via such links.
UniCredit Bank Serbia JSC doesn’t use its web site to provide advice on investments or any other type of suggestion. The information and / or content on these web sites aren’t proper basis for investment or other decisions. Your decisions in the past are not necessarily a good indicator regarding your decisions in the future. Please contact one of our advisors before making an investment decision. The content and structure of UniCredit Bank Serbia web-sites are protected by copyright. Any reproduction of information or data, especially the use of text, parts of text, pictures or graphics requires the prior approval of UniCredit Bank Serbia JSC.
