ua
|
en

Protection of personal data

NOTICE OF THE PROCEDURE FOR PROCESSING OF PERSONAL DATA AND THE RIGHTS OF PERSONAL DATA SUBJECTS

 
             Dear employees, clients, potential clients, counterparties and shareholders (participants) of JSC BANK TRUST-CAPITAL (hereinafter referred to as - the Bank), managers (founders / participants / owners) of legal entities, representatives of legal entities and individuals and other natural persons (including natural persons-entrepreneurs) with whom the Bank has a business relationship, in compliance with the requirements of the Law of Ukraine "On Protection of Personal Data", the Bank informs you about the procedure for processing personal data and the rights of personal data subjects.

            The Bank carries out banking activities, including in the field of protection of bank secrecy and personal data, only in accordance with the requirements of the current legislation of Ukraine and takes all necessary measures to comply with the Constitution of Ukraine, the Law of Ukraine "On Banks and Banking", the Law of Ukraine "On protection of personal data ”, other laws and regulations of Ukraine, the Convention on the Protection of Individuals with regard to Automatic Processing of Personal Data and International Treaties of Ukraine. 

            Owner of personal data - JOINT STOCK COMPANY "BANK TRUST CAPITAL", code EDRPOU 26519933, location: Ukraine, 01103, Kyiv, str. Podvisotsky, 7. 

            Basic terms in the field of personal data protection
            According to Article 2 of the Law of Ukraine "On Protection of Personal Data":

  • Database of personal data - the named set of ordered personal data in electronic form and / or in the form of personal data files;
  • Owner of personal data - a natural or legal person who determines the purpose of processing personal data, establishes the composition of this data and procedures for their processing, unless otherwise specified by law;
  • The consent of the data subject is the voluntary will of the individual (provided that he / she is informed) to grant permission to process his / her personal data in accordance with the formulated purpose of their processing, expressed in writing or in a form that allows to make a consent. In the field of e-commerce, the consent of the personal data subject may be given during the registration in the information-telecommunication system of the e-commerce entity by ticking the authorization for processing of his personal data in accordance with the formulated purpose of their processing, provided that such system does not create opportunities for processing of personal data until the moment of marking;
  • Personalization of personal data - the removal of information that allows the person to be identified directly or indirectly;
  • Filing cabinet - any structured personal data available by defined criteria, regardless of whether such data is centralized, decentralized or separated by functional or geographical principles;
  • Processing of personal data - any action or set of actions, such as collection, registration, storage, storage, adaptation, modification, renewal, use and distribution (distribution, sale, transfer), personalization, destruction of personal data, including using information (automated) systems;
  • Recipient - a natural or legal person to whom personal data are provided, including a third party;
  • Personal data - information or a set of information about an individual who is identified or can be specifically identified;
  • Personal Data Controller - a natural or legal person to whom the holder of personal data or the law is entitled to process this data on behalf of the owner;
  • The subject of personal data is an individual whose personal data is processed;
  • Third party - any person, with the exception of the data subject, the owner or manager of personal data, and the Commissioner of the Verkhovna Rada of Ukraine for Human Rights, to whom the transfer or transfer of personal data is carried out. 

            The purpose of processing personal data

            The Bank processes personal data in order to:

  • the Bank's financial and economic activity;
  • offering and / or providing the full range of services to the Bank and / or third parties, including through direct contact with the subject of personal data by means of communication;
  • conclusion, modification, termination of contracts, performance of contracts, as well as for the implementation of actions related to the conclusion, modification, termination and / or execution of contracts, including by direct contact with the subject of personal data by means of communication;
  • ensuring the implementation of labor and related relations (organization of business trips, cultural and training events, security of persons, establishing relations in the workforce, internal banking processes, strengthening corporate relations and internal communications, etc.), relations arising from agreements on performance of works / services, relations in the field of human resources management, including human resources, which are regulated by the Labor Code of Ukraine, the Civil Code of Ukraine, the Law of Ukraine “On Banks and Banking Activities”, the Charter, internal documents of the Bank, as well as the exercise by the Bank of rights and obligations under a collective agreement, organization by the Bank and / or third parties of health care, health and recreation, pension provision or other social protection / providing the data subject and / or his relatives;
  • the Bank's protection of its rights and interests in the implementation of the Bank's relations governed by the Civil Code of Ukraine, the Economic Code of Ukraine, the Laws of Ukraine “On Banks and Banking”, “On Joint Stock Companies”, “On Business Companies”, “On State Registration of Legal Entities and individuals-entrepreneurs and public formations "," On the prevention and counteraction to the legalization (laundering) of proceeds from crime, or the financing of terrorism and the financing of the proliferation of weapons of mass destruction "," About latizhni Systems and Money Transfer in Ukraine "," On Organization of Formation and Circulation of Credit Histories "and so on.

             Grounds for processing personal data

            The processing of personal data is carried out by the Bank with the consent of the subject of personal data, as well as in other cases stipulated by Article 11 of the Law of Ukraine “On Protection of Personal Data”.

 

The grounds for processing personal data in accordance with the law are:

  • consent of the data subject to the processing of his / her personal data;
  • permission to process personal data granted to the holder of personal data in accordance with the law solely for the exercise of his / her authority;
  • concluding and executing a transaction to which the data subject is a party or which is concluded for the benefit of the personal data subject or for the implementation of measures that precede the conclusion of the transaction at the request of the data subject;
  • the protection of the vital interests of the data subject;
  • the need to fulfill the duty of the personal data holder as provided by law;
  • the need to protect the legitimate interests of the holder of the personal data or of the third party to whom the personal data is transmitted, except where the interests of the protection of the fundamental rights and freedoms of the data subject over the processing of his data exceed those interests.

 

            The Bank processes personal data obtained from publicly available sources without the consent of the data subject.

            The application of an individual to the Bank or the use of the services of the Bank indicates the consent of such person to the processing by the Bank of his personal data in connection with such access or use of the services of the Bank.

            The Bank processes personal data before the expiration of the storage period of the information specified by the legislation of Ukraine or the internal documents of the Bank.

            In case the individual withdraws the consent to the processing of personal data without performing the procedures necessary to terminate the contractual or other relations with the Bank, the Bank will continue processing the personal data within the limits and volumes stipulated by the implementation of existing legal relations and the legislation of Ukraine, in particular for the protection of the Bank of its rights and legitimate interests under contracts.

            A person's objection to the processing of personal data necessary for the Bank to fulfill its obligations, including the person's withdrawal of consent to the processing of data, may be grounds for termination of the Bank's fulfillment of the terms of the concluded agreements.

            The procedure for access to personal data is determined by the Bank independently in accordance with the requirements of the Law of Ukraine “On Protection of Personal Data”.

 

Composition and content of personal data processed by the Bank

            Content of personal data processed by the Bank corresponds to information received from individuals or their representatives or third parties, and also includes information that is known / became known to the Bank in connection with the implementation of contractual and other legal relations with such individuals or was obtained from public sources.

            The Bank provides any information about the individual, including but not limited to:

  • surname, name, patronymic, information specified in the passport (or in other identification document), registration number of the taxpayer's registration card (identification number);
  • citizenship, dates and places of birth;
  • place of residence / stay and place of registration of residence, conditions of residence;
  • education, profession;
  • positions and places of work, work experience;
  • financial status, income / charges, deductions;
  • voice and / or photo, video recordings;
  • credit history, as well as any information on the status of the individual's performance of obligations under contracts concluded with the Bank and / or other institutions;
  • telephone / fax numbers, e-mail addresses;
  • administrative or criminal charges and the like.

 

            The Bank collects only personal information (for example, your name, login and password, e-mail address, contact number, date of birth, gender, etc.) that you knowingly and voluntarily provide to you as a subject. personal data for the purpose of using the services provided by the Bank of the Services of the Site, which, as required by law, is the consent of the personal data subject to the processing of their personal data in accordance with the purpose stated in this Policy for their processing.

            When you visit the Site, all logins to the system are recorded. Other user traffic information is not processed or stored.

            The Bank, in accordance with the current legislation of Ukraine, has the right to demand from the client other documents and information containing personal data solely for the purpose of fulfilling the requirements of the current legislation of Ukraine, which regulates relations in the sphere of prevention and counteraction to the legalization (laundering) of proceeds from crime, or terrorist financing and the proliferation of weapons of mass destruction.

            The processing by the Bank of personal data of racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties and trade unions, as well as data relating to health, sex life, biometric or genetic data is not provided.

            The rights of the data subjects
            Pursuant to Article 8 of the Law of Ukraine "On Protection of Personal Data," a data subject is entitled to:

  1. To know about the sources of collection, the location of their personal data, the purpose of their processing, the location or place of residence (stay) of the owner or manager of the personal data, or to give appropriate instructions for receiving this information by authorized persons, except as required by law;
  2. Obtain information about the conditions of access to personal data, including information about third parties to whom his personal data is transferred;
  3. To access their personal data;
  4. Receive no later than thirty calendar days from the date of receipt of the request, except in cases provided for by law, whether his personal data are processed and receive the contents of such personal data;
  5. To make a reasoned request to the holder of personal data with an objection to the processing of their personal data;
  6. To make a reasoned request to change or destroy their personal data by any owner and manager of personal data, if such data is processed illegally or is unreliable;
  7. To protect your personal data from unlawful processing and accidental loss, destruction, damage due to deliberate concealment, failure to provide or delayed disclosure, as well as to protect against the provision of information that is inaccurate or degrading the honor, dignity and goodwill of an individual;
  8. To complain about the processing of personal data to the Commissioner or to court;
  9. Apply remedies in case of violation of the legislation on protection of personal data;
  10. Make reservations about the restriction of the right to process their personal data when giving consent;
  11. Revoke consent to the processing of personal data;
  12. To know the mechanism of automatic processing of personal data;
  13. In defense of an automated solution that has legal consequences for it.

            Persons to whom personal data are transferred

            The content of personal data processed by the Bank corresponds to information received from individuals or their representatives or third parties in the course of processing by the Bank of personal data.

            If there are grounds, the Bank shall have the right to disseminate (transfer) personal data, including:

  • to provide third parties with their functions or to provide services to the Bank, in particular to auditors, insurance companies, appraisers, payment systems, institutions that carry out the identification, authorization and processing of transactions, to other counterparty banks and to other entities, if such functions and services relate to the activity The Bank, the transactions performed by it, the payment and other instruments issued by it, or are necessary for the conclusion and execution of contracts (transactions) by the Bank, provision of relevant services to the Client of the Bank, as well as to partners The Bank;
  • when there are grounds for transferring bank secrecy to third parties in accordance with the legislation of Ukraine or in accordance with the terms of concluded contracts;
  • persons who provide the Bank with quality assurance services, audio recording, photo / video recording, mailing, telephone calls, SMS sending, e-mail sending;
  • to the credit bureaus, in connection with the collection of arrears to the Bank, as well as to persons providing the Bank with debt collection services;
  • persons providing services to the Bank for storing documents, creating and storing their electronic copies (archives, databases);
  • to persons who represent the Bank's interests or provide services or provide other activities of the Bank that are not contrary to the current legislation of Ukraine;
  • in other cases stipulated by the current legislation of Ukraine and the terms and conditions of the agreements concluded by the Bank, and when the dissemination (transfer) of personal data is necessary in view of the functions, powers and obligations of the Bank in the relevant legal relations.

            The transfer of personal data to third parties is carried out by the Bank in these cases without obtaining additional written consent and separate notification of the natural person - the subject of personal data, as well as provided that the party to whom the personal data is transferred has taken measures to ensure the requirements of the Law of Ukraine “On Protection personal data».

            Databases owned by the Bank

            In order to carry out banking activities and to comply with the requirements of the current legislation of Ukraine, the Bank performs processing of personal data of individuals, in particular: employees of the Bank, Customers - individuals, authorized persons of Customers - legal entities, counterparties and other persons. Accordingly, the Bank processes personal data in the following personal data bases:

  • Employee personal database;
  • Customers' personal database;
  • Database of personal information "Contractors".

            To obtain access to personal data, as well as other issues related to the processing of personal data at the Bank, please contact in writing the following address: 01103, Kyiv, str. Podvisotsky, 7

            Legal acts in the field of personal data protection:
Constitution of Ukraine (https://zakon.rada.gov.ua/laws/show/254%D0%BA/96-%D0%B2%D1%80)
Law of Ukraine "On Protection of Personal Data" (https://zakon.rada.gov.ua/laws/show/2297-17)
Law of Ukraine "On Banks and Banking" (https://zakon.rada.gov.ua/laws/show/2121-14)
Additional Protocol to the Convention on the Protection of Individuals with regard to the Automatic Processing of Personal Data concerning Supervisors and Cross-Border Data Flows (https://zakon.rada.gov.ua/laws/show/994_363)

Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (https://zakon.rada.gov.ua/laws/show/994_326)

            Control over the observance of the legislation on protection of personal data within the limits of the powers stipulated by the legislation of Ukraine is carried out by:

            Parliamentary Commissioner for Human Rights,

            Ukraine, 01008, Kyiv, str. Institute, 2/8,

            tel .: (044) 253-75-89; 0800-50-17-20.

            For more information on the application of special legislation in the field of personal data protection, visit the official website of the Ombudsman at: http://www.ombudsman.gov.ua or on the official website of the Ministry of Justice of Ukraine at: www.minjust .gov.ua

 

Notification on the inclusion of personal data in the databases of CLIENTS of JSC BANK TRUST-CAPITAL

Announcement on the inclusion of personal data in the database of the personal data of counterparties of JSC BANK TRUST-CAPITAL