The parent company of the Bank (a legal person possessing a qualifying holding in the Bank) is: Erste Group Bank AG (registered seat: Am Belvedere 1, 1100 Vienna, Austria).
We inform You that in case we process Your personal data that qualifies You as a person identified or identifiable by the Bank (regardless of the purpose, legal title or duration of the processing of processing personal data), You shall be considered a Data Subject under the provisions of the governing data protection legislation, and shall be entitled to the rights set forth in the governing data protection legislations, in particular, in the GDPR and in the Info Act regarding the processing and the protection of personal data (hereinafter together: rights related to the processing of personal data).
This Privacy Notice contains information on the processing of the personal data related to all Data Subjects on the one hand, as well as additionally specific rules regarding the processing of the personal data related to each Data Subjects on the other hand. Certain rules of data processing are also included in the Business Rules of the Bank and the Bank shall also undertake and make all effort to ensure that the Data Subject, prior to the commencement of the processing of personal data, get acquainted with that part of this Privacy Notice that concerns him/her. The Bank publish this Privacy Notice on its website at: https://www.erstebank.hu/hu/adatkezelesi and also make it accessible at its branches. The Bank may prepare an extract of this Privacy Notice regarding the various types of Data Subjects and may make it possible for the Data Subject affected by the processing of its personal data to make a declaration regarding that the preliminary information concerning the processing of personal data has been provided and his /her acknowledgement thereof by way of signing this document or an extract thereof.
This Privacy Notice shall apply to personal data processing activity(ies) carried out by the Bank as of 14 October 2020. The Privacy Notice effective at the time of the personal data processing carried out by the Bank prior to this Privacy Notice shall govern such processing of personal data by the Bank.
The Bank shall be entitled for the unilateral amendment of this Privacy Notice at any time. The amendment shall be applicable to personal data processing performed under the previous Privacy Notice of the Bank in respect of the new parts of the amendment (otherwise processing of such personal data shall be subject to the rules prevailing upon the commencement of the processing of the personal data), whereas personal data processing commenced following the amendment of the Privacy Notice shall be entirely governed by the amended Privacy Notice (which shall be deemed the Privacy Notice in force upon the commencement of the processing of the personal data in respect of these Data Subjects). The Bank shall make accessible all amendments of the Privacy Notice on its website https://www.erstebank.hu/hu/adatkezelesi. If the amendment is driven by legislative changes or by an administrative decision, or if the amendment does not concern issues relating to the processing of personal data (e.g. a change in the data protection officer or any other technical amendment) the change shall also apply to personal data processed prior to such amendment.
The Bank keep records of data incidents and notify the Data Subject and the Hungarian National Authority for Data Protection and Freedom of Information (“NAIH”) of the occurrence of such incidents if required by the GDPR.
We inform the Data Subject that we only issue decision based on automated data processing by using Your personal data in case of online applications for personal loans (the ”automated decision-making”). We do not involve special categories of personal data in the automated decision-making. In the course of such automated decision-making, we check (as per the logic applied in the automated decision-making) Your age, income, regular income, employer, data stored in the Central Credit Information System, credit exposure, repayment behaviour regarding other credit. If the Data Subject satisfies the minimum criteria, we assess the risk involved in entering into a contract with the Data Subject, implement the risk rating of the Data Subject, the result thereof will affect the eligible credit amount or may result in the approval or the rejection of Your application. You shall be entitled not to be subject to a decision based solely on such automated data processing. You shall furthermore be entitled to require a decision adopted by way of human intervention instead of or following the automated decision-making, to express Your position against the automated decision-making and to submit an objection to us against our automated decision-making at any of the contacts specified in Point II. C of this Privacy Notice, whereby we will assess Your submission and notify You thereupon.
The Bank may carry out profiling for direct marketing purposes on the basis of its legitimate interest for direct marketing under point (47) of the Preamble of the GDPR (for the compilation of a target group of recipients to be contacted for marketing purposes).
We inform the Data Subject that we may use Your anonymised personal data (i.e. that may not be linked to the Data Subject) for statistical purposes.
We inform the Data Subjects entering our registered seat, premises and branches and those using our ATMs that a continuous image recording is being applied at our registered seat, premises, branches and ATMs for the protection of human life, physical integrity, personal freedom, business, banking- and securities secrets as well as for personal and property security purposes upon our legitimate interests concerning personal, property and banking security. We process such image recording in accordance with the governing legislative provisions and our relevant policy on physical security.
Having Your consent thereto as set out in Article 6 (1) a) of the GDPR, we process Your personal data provided in the course of using the applications made available by us through an on-line platform, in principle until the withdrawal of Your consent.
We inform the Data Subject that our core activities and intermediation activities (as defined in Section 10 of the Banking Act) are subject to sector specific legislation that shall govern the processing of Your personal data (e.g. the Banking Act, Act CXXXVIII of 2007 on Investment Firms and Commodity Dealers, and on the Regulations Governing their Activities, Act LXXXV of 2009 on the Pursuit of the Business of Payment Services, Act LXXXVIII of 2014 on the Insurance Activity, Act XCVI of 1993 on Voluntary Mutual Insurance Funds).
If we are subject to an obligation to erase personal data, we comply with such erasure obligation by way of factual, final and irreversible destruction / anonymisation and take measures for the full destruction of the documents to be destructed under such erasure obligation. If the irrevocable and final erasure / anonymisation takes place in the course of our regular erasure procedure, we will not send separate information to the Data Subject about the implementation of the erasure, but will inform the Data Subject whether we maintain record of the Data Subject’s personal data or not within the frame of exercising the right to access by the Data Subject. If the Data Subject submits an individual request for erasure, the Bank shall separately inform the Data Subject about the implementation of the irrevocable and final erasure / anonymisation (if the erasure is possible, otherwise about the reasons for refusal / partial implementation of the erasure). If the personal data requested to be erased by the Data Subject is the Data Subject's contact which we exclusively manage in relation to the Data Subject, we shall inform the Data Subject of the future erasure / anonymisation at this contact and the erasure shall be implemented thereupon by the Bank.
The Bank shall process the personal data (including the contact data as well) provided by the Data Subject as a data related to the Data Subject (the check of which shall not be a duty of the Bank), except the case when the Data Subject provides the Bank with a declaration that the concerned personal data is not related to it, whereby the Data Subject shall ensure that the Bank has lawful right to process the personal data not related to it but to another entitled person. The Data Subject shall issue a declaration in these cases that if it provides the Erste Bank Hungary Zrt. with such data that is not related to it, it has already informed the concerned person that it has shared the data relevant to this concerned person with the Bank, and the concerned person has already information – based on the privacy notice of the Erste Bank at the https://www.erstebank.hu/hu/adatkezelesi page - how Erste Bank shall process the data acquired not from the concerned person. If a third party indicates to the Bank in relation to a contact managed by the Bank regarding the Data Subject that the Data Subject is not available at that contact, the Bank shall be entitled to inform thereabout the Data Subject at another contact managed by the Bank and to request that the Data Subject modify its particular contact details, and the Bank may restrict / erase / anonymize the processing of personal data challenged by a third party, even if it provides a service to the Data Subject for the given contact, in order that the Bank shall not process a third party related personal data without authorization.
We may do voice recordings with a Data Subject’s prior express consent which may be managed till the withdrawal of such consent, but till the end of the retention period relevant for the other personal data processed with regard to the Data Subject, the latest (unless otherwise required by this Privacy Notice).