Personal and Bank Data Privacy and Security Policy
JSC ProCredit Bank is a joint-stock company established and operating in compliance with the laws of Georgia (identification number: 204851197) and holding Banking Licence #233 issued by National Bank of Georgia on 13 May 1999, with its registered address at: 21, Al. Kazbegi Avenue, Tbilisi 0160, Georgia (hereinafter referred to as the Bank, “we”, “our”).
In today’s digital epoch, with the Internet being accessible everywhere and for all, the Bank is not only a physical place but also a space that operates more effectively in an online environment, with the help of modern technologies. Having regard to the importance of the technological progress, ProCredit Bank has developed new opportunities for customers, offering them fast and simplified ways of using flexible and safe bank services through myDirect and other channels that brings your bank together in a single digital zone. Along with the new opportunities, the Bank is strongly committed to protecting the security of customer data and bank services.
The Bank offers customers services through a variety of digital/electronic channels. For instance, the Bank can offer services under a single platform such as myDirect but each and any service is subject to the same data privacy terms and conditions, as defined in this document and the General Data Protection Regulation (EU).
What are data and why do we process them?
The term ‘data’ in this document means a person’s bank information, commercial information and personal data.
‘Personal data’ means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in combination with other data.
‘Bank information’ means any information on any payment transaction performed, any account, any transaction performed from the account, and the balance of the account.
‘Commercial information’ means any information relating to the economic activity of a person.
According to the Law, ‘data processing’ means any operation which is performed on personal data, such as collection, recording, capturing on a photo, audio-recording, video-recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, or disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
The Bank makes sure your data are processed fairly and legally, only to the extent necessary to accomplish the relevant legitimate goal.
ProCredit Bank processes data in compliance with the Law of Georgia on Personal Data Protection, the relevant regulations of National Bank of Georgia and the accepted international best practices.
The Bank processes data when data processing is necessary to provide bank services. The Bank can process data in order to ensure the delivery of safe, uninterrupted and effective services to customers, also when data processing is needed for the Bank to discharge its statutory obligations, inter alia, comply with the regulatory requirements and/or when data processing is provided for by law.
Your data are processed only to:
Provide any type of bank services to you;
Provide you with general information on any type of bank services;
Offer you any type of bank services/products (direct marketing);
Analyse your solvency;
Monitor the current credit product;
Provide credit services to/monitor the current credit product of a person financially related to you;
Make sure bank processes are in compliance with the laws;
Conduct a variety of studies/services for the Bank purposes;
Report to the Bank founders;
Conduct bank service assessments;
Take part in a variety of promotional games (relating to VISA, MasterCard and other bank services);
In order for the Bank to discharge its statutory duties;
Protect customers and prevent fraudulent actions;
Combat money laundering and terrorism financing, prevent financial crimes, and identify and avoid any other acts punishable by law;
Safeguard the Bank interests;
Other cases provided for by law.
Your data are processed only on the following ground(s):
Data processing is provided for by law;
Data processing is required for the Bank to discharge its statutory duties;
To safeguard the Bank’s legitimate interests;
To review your application;
In order for the Bank to discharge its statutory duties and contractual obligations.
What type of data do we process and how do we collect them?
Depending on the types of bank services, the data that the Bank processes are divided into two groups: basic and additional.
Basic information includes the data indicated in your ID (e.g., your first name, last name, personal number, etc.), contact details (e.g., residential address, phone number, email address, etc.), a photo, video image/recording, etc.
Also, when providing services through a variety of remote channels:
To provide services by going through a video identification process, video visuals and photos (photo/video recording) are collected;
To provide services, by additional customer agreement, access to the necessary phone functions (such as current location, photo-video camera, microphone, etc.) is required and can be made through the operating system of the relevant device).
The information on the equipment and technologies used by you (such as the IP address and the browser of the customer’s phone or computer, from which the customer accesses the ProCredit Bank websites and applications) that can be collected through the operating system of the relevant device.
Additional information includes financial information, information on your job and activity, income, marital status, information on the services obtained, contractual information and other details that the Bank needs to start and continue providing bank services to you.
- Bank does not process special data such as: any data relating to a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, membership to trade unions, health status, sexual life, criminal record, administrative arrest, any restraining measure used against the person, any plea bargain entered with the person, diversion, being found a victim to a crime or an aggrieved party, also any biometric or genetic data capable of identifying the person by any of the above grounds. Such data can be processed only by your written consent or if such processing serves any legitimate goal strictly defined by law.
The Bank collects data directly from you and the third persons if such third persons are in a contractual relationship with the Bank and the release of information is provided for by law, e.g.: from any credit information bureau(s) – both positive and negative records held in their electronic database; from LEP Public Service Development Agency – your personal data, ID data held in its electronic database
The Bank collects data directly from you during your visit to any branch as well as through the Bank website or remote channels. The data are processed with us when a person seeks services from us, fills out an online application form, signs up for any service, signs a contract, uses our products and services or contacts us through any of the Bank’s remote channels.
How do we process data? Are the data accessible to the third persons?
The Bank uses date strictly for legitimate purposes.
According to the law, the Bank is required to identify/verify a person, establish the person’s identity against a valid ID and based on a reliable source, to the extent of the commencement and/or provision of services, and store such information for a period required by law and the Bank’s regulations. This happens when visiting a branch or receiving digital/electronic services. Video identification is performed by Bank employees. A customer’s identity is established by going through a video identification procedure using a web or mobile application, by a coded transmission channel.
The data held by the Bank concerning you are strictly confidential and must not be disclosed to any third persons other than those indicated below and to the relevant extent:
Government authorities – to discharge its statutory duties, the Bank forwards data to the relevant authorities, e.g., to prevent money laundering and terrorism financing. Further, where so provided by law, the Bank is required to disclose data to outsiders such as National Bank of Georgia, tax/judicial/investigation/enforcement authorities;
Credit Information Bureau – to discharge its statutory duties and provide bank services, the Bank shares your data with the Credit Information Bureau subject to the terms and conditions of a contract with it, the loan contract with you, and in the manner provided by law;
The Bank founders and their controlling entities to discharge reporting and other statutory duties;
Service providers – the Bank holds a contract with persons providing the Bank with a variety of services required for the banking business. Data are disclosed to such persons only to the extent necessary for any particular job/service defined by the contract. Such persons are bound to keep such information confidential.
Such service providers include but are not limited to: Quipu GmbH (a PC transaction processing center and a ProCredit Group member); Visa, MasterCard, IDnow GmbH (a video identity verification software provider), etc.
How do we manage collected data and ensure their confidentiality?
We believe data protection is the duty of each employee. Therefore, every year, our employees undergo trainings in proper data protection and the importance of confidentiality and non-disclosure of customer data. Further, employee access to customer data is restricted to their activity (with the Bank granting access to your data only to the employees who need to know such data because of their activity). And finally, our employees are required to adhere to the Bank’s Code of Conduct that includes data privacy requirements.
Besides, we implement physical, electronic and procedural security measures under the Law of Georgia to protect your non-public data, including the user names and passwords used by the Bank employees to access your data.
When processing the data held at the Bank, the Bank has taken the organizational and technical measures ensuring the protection of information from accidental or illegal destruction, modification, disclosure, generation, any other illegal use and accidental or illegal loss.
In addition to the legal requirement, the Bank adheres to internationally accepted security standards and best practices in processing and, if necessary, exchanging information through a secure communication channel.
ProCredit Bank does not ensure and is not responsible for the protection of the security, confidentiality and contents of and access to the websites, which are not the property of the Bank and which can be accessed using the links available on our website.
A person’s rights under the Law of Georgia on Personal Data Protection
According to the Law, you have the right to request information on the processing of your data, namely, which personal data are being processed, the purpose of data processing, the legal grounds for data processing, the ways in which the data were collected, to whom his/her personal data were released, and the grounds and purpose of the release.
You can request the correction, updating, addition, blocking, erasure and destruction of any information about you if they are incomplete, inaccurate, not updated, or have been illegally collected and processed. You can also request that the processing of your data for direct marketing purposes be ceased.
You have the right to, at any time and without explanation, withdraw his/her consent given and to request that the data processing be stopped and/or the processed data be destroyed except where this cannot be done in the light of the bank services/statutory requirements.
Is the provision of data to the Bank voluntary? How can a person choose and what results may follow?
Please note that it is mandatory to provide data to the Bank to deliver services. Otherwise, the Bank may decline (and discontinue) services.
Data protection recommendations
You can protect your personal data by implementing a few security measures:
To enter our website, enter the Bank’s Internet address (www.procreditbank.ge) in the web browser, and contact the Internet banking system by entering https://online.procreditbank.ge in the URL address field or using the link available on our website. We recommend that you do not use any ways other than those mentioned above to enter the system;
Never disclose your personal data/confidential information to strangers making telephone calls or the third persons; do not keep such data in non-password protected files in the computer, in the Internet or in your mobile device;
Fill out in person any video identification and/or other web-application for bank services;
Use your own devices to receive services;
Use your own contact details (e.g., mobile phone number and email);
When performing bank transactions in the Internet, make sure you are using a secure browser and an updated anti-virus software and never open any email notifications sent from unknown sources;
Before entering the Internet Banking, make sure you are on a secure ProCredit Bank website:
Use our online bank product only in your personal computer and do not use a public Wi-Fi Internet;
Do not leave the computer uncontrolled if you have entered the Internet Banking. After having finished work, leave the software only by clicking the Logout button;
Do not permit the webs browser to save the Internet Banking user name and password for future automatic log-in purposes;
Do not permit the webs browser to save the email user name and password for future automatic log-in purposes;
When using your data, including the data appearing on your plastic card, pay attention to the environment not to make the information accessible to the third persons;
Never entrust your plastic card to any serving personnel to make a payment;
- Always follow any additional action/recommendation specified by the Bank for each particular service;
Install an anti-virus software, an anti-spy software and firewall on your devices and regularly update the software;
Be on the watch when engaging in any online activity and learn how to detect any unusual activity such as soliciting for personal or confidential bank information through phishing notifications sent from a new website address or email;
The Bank would never solicit for such confidential information as your passcode, password, your card PIN, your card PAN, transaction authorization number (TAN), service activation code, strong authentication code;
Disable the autofill function when using the services requiring identification and authorization details (e.g., identification number, phone number, user name, password and similar information).
We value your opinion. Therefore, if you’d like to ask any question to make a comment or suggestion, or if you have received any suspicious security-related notice or information, please call our Contact Center at: *2222 or (32) 220 22 22, from 09:00 till 21:00, or write to us at the email address: email@example.com.