How we use your personal information

Our main purpose is to introduce you to how your personal information is processed and used by TBC Bank JSC. The notice explains the principles we follow while processing your personal data and how the law protects you. It covers the data which the Bank obtains when having you as a customer, which is also used for direct marketing purposes in line with the legislation of Georgia and GDPR where applicable.

 

Our privacy promise

We, TBC Bank promise:

  · To keep your data safe and private.  

  · Not to use your data unlawfully.

  · In case you request, to provide you with complete and exhaustive information with respect to the processing of your personal information.

 

Who we are

JSC "TBC Bank" acting as a data controller is a commercial bank licensed under the Georgian legislation.

Identification number: 204854595

Legal address: Marjanishvili str.№7, Chugureti region, Tbilisi, Georgia.

You can find out more about us here.

 

How the law protects you

As well as our Privacy Promise, your privacy is protected by the Law of Georgia and GDPR.  Pursuant to the law, you are authorized to request of us the information regarding the use of your personal data.

The Bank shall be obliged to supply this information if requested by you.

The Bank has a legal basis for using your data, which also implies the existence of business-related and/or commercial purpose. It is important that the information processing by the Bank does not aim at harming your interests either in this case.  

The processing of personal data of a minor is allowed only in accordance with the legislation of Georgia and taking into account the best interests of the minor.

 Find below the list of goals and legal basis against which we process your personal data. We are presenting the goals of using your data and our legal basis in each case:

Type of personal information

What do we use your personal information for

Our legitimate interests:

Our legal basis:

Contact details, Socio-demographic, Transactional, Locational, Behavioural usage data, Technical, Communications, Locational,

To manage our relationship with you

To update data, to identify the   products and services interesting   for you and to supply you with   relevant information.

 

To develop products and services

 

To define the focus client groups   for the purpose of offering new   products and services.

 

To efficiently fulfill legal   obligations

Your consent.

 

Fulfillment of contractual   obligations

 

Our legitimate interests

 

Our legal obligation

To meet your needs, develop new   ways of cooperation and grow our   business.

To develop and carry out marketing   activities.

To study how our customers use   products and services from us;

To maintain different research for developing products and services.

 

To receive advice or guidance about our products and services

Business improvement, To develop/manage our brands, products and services.

Financial, Contact details, Transactional, Contractual, Communications, Locational, Open Data and Public Records, Documentary data, Special types of data (including bio-metric data)

To deliver our products and services;

To efficiently execute our legal and   contractual obligations

 

To ensure compliance with relevant   regulations

Your consent.

Fulfillment of contractual   obligations

Our legitimate interests

 

Our legal obligation

To make and manage Clients'   payments;

To manage fees and interest due on   client's accounts

To manage and deliver the products   from Treasury and investment   products.

Financial, Contact details, Socio-demographic, Transactional, Contractual, Locational, Open Data and Public Records, Communications, Social relations, Documentary data, Special types of data (including bio-metric data)

To detect, investigate, report and   prevent financial crime;

 

To develop and improve our action    strategies against financial crime; also, to fulfill our legal duties in this   regard.

Our legitimate interests

Our legal obligation

To manage the risks of ours and   those of our clients;

To fulfill relevant laws and   regulations;

To respond to claims and find the   ways of resolution

Financial, Contact details, Socio-demographic, Transactional, Contractual, Locational, Open Data and Public Records, Communications, Social relations, Documentary data, Special types of data (including bio-metric data)

To efficiently and properly run the   business, covering the management   of our financial position, business   opportunities, planning, communications, corporate   governance and audit management.

To ensure compliance with relevant   regulations

 

To efficiently execute our legal and   contractual obligations

Our legitimate interests

 

 

Our legal obligation

Financial, Contact details, Socio-demographic, Transactional, Contractual, Locational, Behavioural usage data, Technical, Open Data and Public Records, Communications, Social relations, Documentary data, Special types of data (including bio-metric data)

To execute contractual rights and   obligations

To meet contractual obligations

 

 

 

 

Fulfillment of contractual   obligations

Our legitimate interests

 

Our legal obligation

 

 

 

Personal Information Groups

We use various types of personal information and classify them as follows:

Type of personal information

Description

Financial

Your financial position, status and history, like payment behaviour, your credit history, credit capacity, financial products you have with TBC Bank, payment arrears and information on your income

Contact details

Where you live and how to contact you.

Socio-demographic

Details on your job or profession; also, information on your nationality, education, social or income grouping.

Transactional

Details on payments to and from your account, such as your bank account number, any deposits, withdrawals and transfers made to or from your account, and when and where these took place. 

Contractual

Details on products and services provided to you by us.

Locational

Details on your location which the Bank may obtain from your mobile phone, the address where you connect your computer to the internet, or a shop where you buy something with your card, etc.

Behavioural, Usage Data

Details on how you use our products and services.

Technical

 

Details on the devices and technology your use.

 

Open Data and Public Records

Details about you that are in public records, such as the Electoral Register, and information about you that is openly lawfully available on the internet

Communications

Details which the Bank obtains about you from letters, e-mails and conversations between the client and the Bank via any means of communication.

Social relations

Details on your family members ( marital status , information about your children ), contact persons.

Documentary data

Details about you recorded in various types of documents and the copies thereof. To such documents belong:

passport, ID card, birth certificate, driving license and other identification documents

Special types of data (including bio-metric data)

The Privacy Law of Georgia and other regulations treat some types of personal data as special. The latter can only be processed only under your consent or in case it serves the purpose strictly defined by the law. To such data belong:

· Genetic and bio-metric data (voice biometrical data, photo biometrical data, behavioral biometric data and etc.)

· Health data

 

· Information on conviction, administrative detention,    preventive measure, plea-bargaining, diversion,   recognition as  aggrieved  or victim of crime   

 

 

The security of your information in Mobile and Internet Banking

To improve the quality of service, TBC Bank is authorized to control the behavior of customers in the bank's digital channels (Mobile and Internet Banking). This monitoring does not include the collection of personal / confidential / commercial data or any other form of processing. The purpose of the monitoring process is not to analyze the identified user behavior, but to study user activity in general.

By using TBC Mobile and Internet Banking your data about Device ID, Device Model, Device Brand, Device Name, OS Version, TBC Application Version will be accessed by following applications: Google analytics,  Xtremepush.com, WVO Facebook Pixel and  Firebase.

While using Mobile Banking, in order to improve the quality of service, the bank is authorized to process information about phone numbers in your mobile device and selected by you. Furthermore, phone numbers will be used only with your consent and only for a specific purpose.

 

Sources from which we obtain personal information.

We can collect personal information about you from the sources provided by you and listed below:

You provide us with the data in the following cases:

  • When you become a customer;
  • When you register for our online services;
  • When you apply for our products and services;
  • During a telephone conversation or your visit at the Branch;
  • When you use our websites, mobile device apps and web chat;
  • When you send letters by mail or e-mail;
  • When you carry out Banking transactions;
  •  When you use Open Banking;
  • When you use banking and related services;
  • We collect data from outside organisations such as public registers, payment or transaction processors, credit agencies, other financial institutions or public authorities.

 

Cookies

We employ Cookies and monitor our visitor behaviour on our website to ensure that we provide the best practice to our users while they visit our website and can continuously improve the quality of our service.

Cookies are small computer files that get sent down to your PC, tablet, or mobile phone by websites when you visit them. They stay on your device and get sent back to the website they came from when you go there again.

To find out more about how we use cookies, please see our cookies policy which is published on our website.

 

Your rights

You can receive the following information:

  ·  Which data are being processed with regard to you;

  ·  What is the purpose of data processing;

  ·  Legal basis for the data processing;

  ·  How the data were processed; 

 ·  Who the data was transferred to; 

 ·  Data issuance ground and purpose.

You can request a copy of the information processed by us.

Under the law, you are authorized to require adjustment, update, addition, blockage, deletion or destruction of your personal data if it appears to be incomplete, incorrect, out-of-date or if the process of information gathering and processing is carried out illegally. We observe the requirements of the Georgian legislation, which may prevent us from an immediate deletion of your personal data. Such obligations may be stemming from the laws on anti-money laundering, tax, activities of commercial banks consumer rights protection and other.

 

Information from third parties

We are authorized to request and obtain information from third parties as well, e.g. from TBC Bank Group PLC member companies or Credit Info Bureau, both positive as well as negative information stored in their electronic databases, also from that of LEPL State Service Development Agency. This is carried out pursuant to the Privacy Law of Georgia, based on your prior approval, if necessary. 

 

Who we share your personal information with

We may have to share your personal data in the cases defined by the law of Georgia or with other companies, which are supposed to provide you with the product or service chosen by you, e.g.

  · If you have a debit, credit or charge card with us, we will share transaction details with companies which help us provide this service (such as Visa and Mastercard);

  · If you apply for insurance through us, we may pass your personal or business details to the      insurance company, and onto any reinsurers.

When we use other service providers or other third parties to carry out certain activities in the normal course of business, we may have to share personal data required for a particular task. Service providers support us with activities like:

  • Designing, developing and maintaining internet-based tools and applications;
  • IT service providers who may provide application or infrastructure (such as cloud) services;
  • Legal, auditing or other special services provided by lawyers, notaries, trustees, company auditors or other professional advisors;
  • Identifying, investigating or preventing fraud or other misconduct by specialised companies;
  • Carrying out banking/financial arrangements (such as trustees, investors and the advisers).

We may also share your personal information if the corporate structure of the Bank changes in the future:

 · We may choose to sell, transfer, or merge parts of our business, or assets.

 · If any of the above discussed processes occur, we may share your data with other parties. However, before sharing such information, the mentioned parties shall mandatorily agree to keep your data safe and confidential.

 · If our group structure changes, other parties may use your data in the manner and within the frames as specified in this policy and regulated by the Law.

Whenever we share your personal data with third parties, we ensure the necessary safeguards are in place to protect it. 

 

Special Safeguards Under GDPR

In case your Personal Data is transferred outside the EU and the EEA, TBC Bank will take all steps to ensure that the data is treated securely and in accordance with this Privacy Policy and we will ensure that it is protected and transferred in a manner consistent with the legal requirements applicable to the Personal Data.

This can be done in a number of different ways, for example:

  • The country to which we send the Personal Data, a territory or one or more specified sectors within that third country, or the international organization is approved both by the European Commission as having an adequate level of protection and by Georgian legislation; or
  •     In the absence of a decision by commission under GDPR we may transfer personal data to a third country or an international organisation only if we provide appropriate safeguards under GDPR. You may request an information on safeguards in place by contacting us using the contact details set out in this Privacy Policy.

 

  • In the absence of an adequacy decision of the Commission, or of appropriate safeguards, including binding corporate rules, a transfer or a set of transfers of personal data to a third country or an international organisation shall take place only on one of the following conditions:

 

  • the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;
  • the transfer is necessary for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request;
  • the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person;
  • the transfer is necessary for important reasons of public interest;
  • the transfer is necessary for the establishment, exercise or defence of legal claims;
  • the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent;

 

How we use your information to make automated decisions

For making automated decisions, including profiling, we sometimes use the personal data we have, or are allowed to collect from other entities based on the legislation, the contract signed with you or consent given by you. This helps us ensure that our decisions are quick, fair and efficient. These automated decisions can affect the quality of products and services offered by us now or to be offered in the future. If there is no grounds (legislative, contractual, consent) you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal, financial or other significant effect on you.

Here are the types of automated decision we make:

  • Pricing

We may decide on the price of some products and services based on the information available to us.

  • Tailoring products and services to customers' needs

We assign our clients to relevant groups which we call customer segments. We use these groups to study our customers' needs and based on what we learn, make decisions that will be useful and favorable for you. This helps us to design products and services for different customer segments and to manage our relationships with them.

  • Detecting fraud

We use your personal information to help decide if your accounts can be used for fraud or money-laundering. We may detect that an account is being used in a wrongful way. If we identify the risk of fraud, we reserve the right to suspend transactions of doubtful accounts for your security or refuse access to them/deny a respective service.

  • Opening accounts

When you open an account with us, we check that the product or service is relevant for you, based on the information available to us. We also check that you or your business meets the conditions needed to open the account.

  • Approving Credit

We use a system to decide whether to approve or not your credit application, whether for a loan or a credit card. This is called credit scoring. It uses past data to predict how you are likely to act while paying back the credit. Credit scoring uses data from three sources:

  · Your application form

  · Credit reference agencies 

 · Data available to us.

  • Other

In purpose to offer and provide banking and related services.

 

Credit Info Georgia (hereinafter "The Credit Reference Agency")

When you apply for a product or a service, we check your credit data and can contact a Credit Reference Agency. If you are our client, we can use the databases of the Credit reference Agency to facilitate the approval of the credit product you have applied for.

We will share your personal information with the Credit Reference Agency during the period you will be using our services. These data include information about closed and overdue loans. If you are a borrower, we will also share information on how you make payments – fully and in due time or with a delay. The

Credit Reference Agency can share this information with other credit institutions which are interested in your credit status.  We will also let the Credit Reference Agency know if you have fully settled your liability.  For more information about the Credit Reference Agency, please visit https://ge.creditinfo.com/

We reserve the right to allow law enforcement agencies to access your personal information in cases strictly defined by the law. This is to support their duty to detect, investigate and prevent crime.

If you choose not to share your personal information with us, it may delay or prevent us from meeting our obligations towards you, including performance of services to run your accounts or implementation of relevant procedures.

 

Personal data processing for direct marketing purposes

We may use your personal information to tell you about relevant products and offers.

We gather your personal information from what you share with us and what we collect from the sources available to us when you use our services.

We study your data to form a view on what you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

We can only use your personal information to send you marketing messages if we have either your consent or a legitimate interest

You can ask us to stop sending you marketing messages by contacting us at any time. We respect your wishes and will stop using your data for marketing purposes immediately, but not later within 3 days.

Your security is important to us. Therefore, you will continue to receive statements regarding the changes in the facilities proposed to you and in terms of service.

 

How long we keep personal data

We keep your personal data throughout the whole term of service provided to you and for 15 years from the completion of the service for the following reasons:

  · To respond to any questions and complaints

  · To show that we treated you fairly

  · To maintain records according to the regulations that apply to us

We may keep your personal information for over 15 years if we cannot delete it for legal or regulatory reasons.

 

How to withdraw your consent

You can withdraw your consent at any time in case there are no other legislative requirements. Please contact us if you want to do so.

This will only affect the way we use information when our reason for doing so is that we have your consent.

If you withdraw your consent, we may not be able to provide certain products or services to you.

 

Changes to this Privacy Statement

We may amend this Privacy Statement to remain compliant with any changes in law and/or to reflect how our business processes personal data. This version was created on 10 May 2023.

 

How to contact us

In the event that you require the exercise of your rights (data correction, update, addition, blocking, deletion, destruction, etc.), you can visit any bank branch, contact us through Internet and/or Mobile Banking or send us an email using the contact information below.The Bank has appointed a Data Protection Officer, who is supported by the Privacy Team in the Bank's Compliance Division and whose role includes acting as a point of contact for individuals in relation to concerns around how their data is processed. You can contact the Bank's Data Protection Officer using the details below indicating your contact details:

Data Protection Officer
JSC TBC BANK
GEORGIA, TBILISI
Email: Compliance@Tbcbank.com.ge

You can talk to our Online Consultant, Online Chat

You can call 24 hours a day 7 days a week +(995 32) 227 27 27

You can visit our branch during bank working hours.

If you are in the EEA and have questions about your personal data or would like to request to access, update, or delete it, you may contact our representative at:

Bird & Bird GDPR Representative Services SRL

Avenue Louise 235, 1050 Bruxelles, Belgium

EUrepresentative.TBCBank@twobirds.com

Key Contact: Vincent Rezzouk-Hammachi"