For creating account for testing and subscribe application(s) with our developer portal (hereinafter named „Sandbox”) offered by Raiffeisen Bank SA (hereinafter named „the Bank”), in order for us to be able to contact you and/ or answer your questions and/or for improving the services provided, Raiffeisen Bank SA processes personal data, according to the provisions of the Regulation 2016/279 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also known as „GDPR” (General Data Protection Regulation) and subsequent rules.
Personal data processed by the Bank are part of the following categories of data subjects: the developer – to the extent the developer is a natural person (even after the cessation providing the aforementioned services), legal or conventional representatives of the developer for the purposes mentioned above (generally named hereinafter “Data Subjects”). Such personal data is above mentioned and is processed at the beginning of starting the relationship with the Bank with the occasion of creating the developer’s account or during such relationships (including activity tracking in the sandbox).
For fulfilling the purposes, Raiffeisen Bank SA processes personal data provided directly by the developer as well as data that are generated based on this, respectively, internal identification code - if necessary, for concluding and executing the agreement between the developer and the Bank, respectively for providing the services. To fulfill the above-mentioned purposes, Raiffeisen Bank SA will consider, to the extent necessary, its legitimate interests in the context of carrying out its object of activity (e.g. for providing to the data subjects requested information, for improving the services provided or for complying with the applicable legal obligations).
The refusal to provide personal data may determine the impossibility of providing the aforementioned services and/or of complying with the other processing purposes of the Bank.
The Bank stores the personal data for the duration necessary for the provision of the aforementioned services, as well as afterwards, according to the Bank’s internal policies and the applicable legal obligations. After the expiration of the legal archiving period, the Bank may order the anonymisation of personal data, thus depriving them of their personal character and continue the processing of anonymous data for statistical purposes.
To fulfill the processing purposes the Bank may disclose personal data to the following categories of beneficiaries: the Data Subject, the legal or conventional representatives of the Data Subject, Raiffeisen Bank SA representatives, other natural persons or legal entities that process personal data on behalf of the Bank, entities within Raiffeisen Group, contractual partners of the Raiffeisen Bank SA and of entities within Raiffeisen Group, Raiffeisen Bank SA’s data processors, court authorities, central public authorities, local public authorities, international organizations, suppliers of goods and providers of services, professional organizations.
At this moment, to fulfill the above-mentioned purposes, the Bank may transfer certain categories of personal data outside Romania, in other countries of the EU / EEA, as well as outside the EU/EEA, to the United States of America. In case of transfers outside the EU/EEA, the Bank will ground the personal data transfer on standard contractual terms adopted at the level of the European Commission or other appropriate safeguards.
In the course of carrying out of the Bank’s activity the above-mentioned transfer countries might change. The updated list of countries where personal data is transferred can be found by accessing the Policy on personal data protection and confidentiality, available at https://www.raiffeisen.ro/despre-noi/politica-de-confidentialitate.
Data Subjects have the following rights as concerns the processing of their personal data: the right to be informed, the right of access, the right to rectification, the right to erasure ("right to be forgotten"), the right to restriction of processing, the right to data portability, the right to object, the right not to be subject to an individual decision-making and the right to lodge a complaint with the National Supervisory Authority for Personal Data Processing or to address to the competent courts of law, to the extent the data subject considers this necessary.
After the request to erase the data, the Bank may anonymize such personal data (depriving them of their personal character) and continue the processing for statistical purposes.
For additional details about processing activities carried out by Raiffeisen Bank SA, as well as for exercising your aforementioned rights in this context, please address (by sending a hardcopy/ electronic request) to the Bank’s address, namely 246C Calea Floreasca Street, Sky Tower Building, District 2, Bucharest, 014476, Romania or to the following e-mail address: firstname.lastname@example.org.
You also have the possibility to contact the Data Protection Officer of Raiffeisen Bank SA, at the e-mail address: email@example.com.