Consumer's Rights Protection
What are the main rights entitled to the client as regards the Bank?
03/09/2021
For the purpose of identifying their clientele and providing services and products, Banks collect and process personal data of their customers. The principles of personal data collection and processing are set out by Law no. 9887, dated 10.03.2008.
Personal data is all the information that identifies or makes a natural person identifiable. They are divided into two major categories as follows:
a) Personal Data: including elements with which the identification of a person is performed, directly or indirectly. This includes identity numbers or other special physical, psychological, economic, social, cultural, etc. factors.
b) Sensitive Data: including any information about the natural person, related to his or her racial or ethnic origin, political views, trade union membership, religious or philosophical beliefs, criminal records, as well as data on health and sexual life.
I. The principles based on which personal data are collected and processed are:
- Fair, honest and lawful processing of customers’ personal data;
- Collection for specific, clearly defined, legitimate purpose and processing in accordance with these purposes.
- The data collected must be sufficient, relevant to the processing purpose and not extend beyond this purpose;
- The facts included must be accurate and, where necessary, they must be updated and must ensure that inaccurate and irregular data is deleted or amended;
- They must be stored in such a form that allows the identification of data subjects for a certain period of time, but not longer than necessary for the purpose of which they were collected or further processed.
II. Legal criteria for data processing:
Personal data can be processed only:
- If the personal data subject has provided his/her consent;
- If the processing of personal data is crucial in order to draft and comply with contract terms, where the subject of personal data is party to;
- To protect the Vital Interests of the data subject;
- To fulfil a Legal Obligation of the controller;
- To perform a Legal Duty of public interest or to exercise powers of the controller or a third party to whom the data have been disseminated;
- To pursuit the Legitimate Interests of the controller or a third party to whom the data has been disseminated, except where those interests prevail over the interests of the protection of the fundamental rights and freedoms of the data subject.