How we use your personal information
Our main purpose is to introduce you to how your personal information is processed and used by TBC Bank JSC. The notice explains the principles we follow while processing your personal data and how the law protects you. It covers the data which the Bank obtains when having you as a customer, which is also used for direct marketing purposes in line with the legislation of Georgia and GDPR where applicable.
Our privacy promise
We, TBC Bank promise:
· To keep your data safe and private.
· Not to use your data unlawfully.
· In case you request, to provide you with complete and exhaustive information with respect to the processing of your personal information.
Who we are
JSC "TBC Bank" acting as a data controller is a commercial bank licensed under the Georgian legislation.
Identification number: 204854595
Legal address: Marjanishvili str.№7, Chugureti region, Tbilisi, Georgia.
You can find out more about us here.
How the law protects you
As well as our Privacy Promise, your privacy is protected by the Law of Georgia and GDPR. Pursuant to the law, you are authorized to request of us the information regarding the use of your personal data.
The Bank shall be obliged to supply this information if requested by you.
The Bank has a legal basis for using your data, which also implies the existence of business-related and/or commercial purpose. It is important that the information processing by the Bank does not aim at harming your interests either in this case.
The processing of personal data of a minor is allowed only in accordance with the legislation of Georgia and taking into account the best interests of the minor.
Find below the list of goals and legal basis against which we process your personal data. We are presenting the goals of using your data and our legal basis in each case:
Personal Information Groups
We use various types of personal information and classify them as follows:
The security of your information in Mobile and Internet Banking
To improve the quality of service, TBC Bank is authorized to control the behavior of customers in the bank's digital channels (Mobile and Internet Banking). This monitoring does not include the collection of personal / confidential / commercial data or any other form of processing. The purpose of the monitoring process is not to analyze the identified user behavior, but to study user activity in general.
By using TBC Mobile and Internet Banking your data about Device ID, Device Model, Device Brand, Device Name, OS Version, TBC Application Version will be accessed by following applications: Google analytics, Xtremepush.com, WVO Facebook Pixel and Firebase.
While using Mobile Banking, in order to improve the quality of service, the bank is authorized to process information about phone numbers in your mobile device and selected by you. Furthermore, phone numbers will be used only with your consent and only for a specific purpose.
Sources from which we obtain personal information.
We can collect personal information about you from the sources provided by you and listed below:
You provide us with the data in the following cases:
We employ Cookies and monitor our visitor behaviour on our website to ensure that we provide the best practice to our users while they visit our website and can continuously improve the quality of our service.
Cookies are small computer files that get sent down to your PC, tablet, or mobile phone by websites when you visit them. They stay on your device and get sent back to the website they came from when you go there again.
You can receive the following information:
· Which data are being processed with regard to you;
· What is the purpose of data processing;
· Legal basis for the data processing;
· How the data were processed;
· Who the data was transferred to;
· Data issuance ground and purpose.
You can request a copy of the information processed by us.
Under the law, you are authorized to require adjustment, update, addition, blockage, deletion or destruction of your personal data if it appears to be incomplete, incorrect, out-of-date or if the process of information gathering and processing is carried out illegally. We observe the requirements of the Georgian legislation, which may prevent us from an immediate deletion of your personal data. Such obligations may be stemming from the laws on anti-money laundering, tax, activities of commercial banks consumer rights protection and other.
Information from third parties
We are authorized to request and obtain information from third parties as well, e.g. from TBC Bank Group PLC member companies or Credit Info Bureau, both positive as well as negative information stored in their electronic databases, also from that of LEPL State Service Development Agency. This is carried out pursuant to the Privacy Law of Georgia, based on your prior approval, if necessary.
Who we share your personal information with
We may have to share your personal data in the cases defined by the law of Georgia or with other companies, which are supposed to provide you with the product or service chosen by you, e.g.
· If you have a debit, credit or charge card with us, we will share transaction details with companies which help us provide this service (such as Visa and Mastercard);
· If you apply for insurance through us, we may pass your personal or business details to the insurance company, and onto any reinsurers.
When we use other service providers or other third parties to carry out certain activities in the normal course of business, we may have to share personal data required for a particular task. Service providers support us with activities like:
We may also share your personal information if the corporate structure of the Bank changes in the future:
· We may choose to sell, transfer, or merge parts of our business, or assets.
· If any of the above discussed processes occur, we may share your data with other parties. However, before sharing such information, the mentioned parties shall mandatorily agree to keep your data safe and confidential.
· If our group structure changes, other parties may use your data in the manner and within the frames as specified in this policy and regulated by the Law.
Whenever we share your personal data with third parties, we ensure the necessary safeguards are in place to protect it.
Special Safeguards Under GDPR
This can be done in a number of different ways, for example:
How we use your information to make automated decisions
For making automated decisions, including profiling, we sometimes use the personal data we have, or are allowed to collect from other entities based on the legislation, the contract signed with you or consent given by you. This helps us ensure that our decisions are quick, fair and efficient. These automated decisions can affect the quality of products and services offered by us now or to be offered in the future. If there is no grounds (legislative, contractual, consent) you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal, financial or other significant effect on you.
Here are the types of automated decision we make:
We may decide on the price of some products and services based on the information available to us.
We assign our clients to relevant groups which we call customer segments. We use these groups to study our customers' needs and based on what we learn, make decisions that will be useful and favorable for you. This helps us to design products and services for different customer segments and to manage our relationships with them.
We use your personal information to help decide if your accounts can be used for fraud or money-laundering. We may detect that an account is being used in a wrongful way. If we identify the risk of fraud, we reserve the right to suspend transactions of doubtful accounts for your security or refuse access to them/deny a respective service.
When you open an account with us, we check that the product or service is relevant for you, based on the information available to us. We also check that you or your business meets the conditions needed to open the account.
We use a system to decide whether to approve or not your credit application, whether for a loan or a credit card. This is called credit scoring. It uses past data to predict how you are likely to act while paying back the credit. Credit scoring uses data from three sources:
· Your application form
· Credit reference agencies
· Data available to us.
In purpose to offer and provide banking and related services.
Credit Info Georgia (hereinafter "The Credit Reference Agency")
When you apply for a product or a service, we check your credit data and can contact a Credit Reference Agency. If you are our client, we can use the databases of the Credit reference Agency to facilitate the approval of the credit product you have applied for.
We will share your personal information with the Credit Reference Agency during the period you will be using our services. These data include information about closed and overdue loans. If you are a borrower, we will also share information on how you make payments – fully and in due time or with a delay. The
Credit Reference Agency can share this information with other credit institutions which are interested in your credit status. We will also let the Credit Reference Agency know if you have fully settled your liability. For more information about the Credit Reference Agency, please visit https://ge.creditinfo.com/
We reserve the right to allow law enforcement agencies to access your personal information in cases strictly defined by the law. This is to support their duty to detect, investigate and prevent crime.
If you choose not to share your personal information with us, it may delay or prevent us from meeting our obligations towards you, including performance of services to run your accounts or implementation of relevant procedures.
Personal data processing for direct marketing purposes
We may use your personal information to tell you about relevant products and offers.
We gather your personal information from what you share with us and what we collect from the sources available to us when you use our services.
We study your data to form a view on what you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest
You can ask us to stop sending you marketing messages by contacting us at any time. We respect your wishes and will stop using your data for marketing purposes immediately, but not later within 3 days.
Your security is important to us. Therefore, you will continue to receive statements regarding the changes in the facilities proposed to you and in terms of service.
How long we keep personal data
We keep your personal data throughout the whole term of service provided to you and for 15 years from the completion of the service for the following reasons:
· To respond to any questions and complaints
· To show that we treated you fairly
· To maintain records according to the regulations that apply to us
We may keep your personal information for over 15 years if we cannot delete it for legal or regulatory reasons.
How to withdraw your consent
You can withdraw your consent at any time in case there are no other legislative requirements. Please contact us if you want to do so.
This will only affect the way we use information when our reason for doing so is that we have your consent.
If you withdraw your consent, we may not be able to provide certain products or services to you.
Changes to this Privacy Statement
We may amend this Privacy Statement to remain compliant with any changes in law and/or to reflect how our business processes personal data. This version was created on 10 May 2023.
How to contact us
In the event that you require the exercise of your rights (data correction, update, addition, blocking, deletion, destruction, etc.), you can visit any bank branch, contact us through Internet and/or Mobile Banking or send us an email using the contact information below.The Bank has appointed a Data Protection Officer, who is supported by the Privacy Team in the Bank's Compliance Division and whose role includes acting as a point of contact for individuals in relation to concerns around how their data is processed. You can contact the Bank's Data Protection Officer using the details below indicating your contact details:
Data Protection Officer
You can talk to our Online Consultant, Online Chat
You can call 24 hours a day 7 days a week +(995 32) 227 27 27
You can visit our branch during bank working hours.
If you are in the EEA and have questions about your personal data or would like to request to access, update, or delete it, you may contact our representative at:
Bird & Bird GDPR Representative Services SRL
Avenue Louise 235, 1050 Bruxelles, Belgium
Key Contact: Vincent Rezzouk-Hammachi"