Who we are?JSC TBC Bank holds a commercial banking license in compliance with Georgian legislation, serving as a data processor as outlined in this policy. TBC Bank's identification code is 204854595. Its legal address is situated at K. Marjanishvili St. No. 7, Chugureti District, Tbilisi, Georgia. You can find out more about us here.
We, TBC Bank do affirm the following:
Purpose of the DocumentOur primary objective is to acquaint you with the procedures involved in the processing and utilization of your personal information by TBC Bank JSC (the Bank). The notification delineates the guiding principles we adhere to during the processing of your personal data and highlights the legal safeguards in place for your protection. It encompasses the information that the Bank acquires as part of its customer relationship with you, and this data is also utilized for direct marketing purposes, adhering to the regulations of Georgia and GDPR/UK GDPR as applicable.
How is your protection ensured by the law?Your rights are safeguarded under the laws of Georgia and the General Data Protection Regulation (GDPR/UK GDPR). You are entitled to receive information regarding the processing of your personal data, as stipulated by law, within the determined timeframe therein. We will only process your personal data if:
We handle the personal data of minors in compliance with Georgian legislation, considering the best interests of such minors. The table below outlines the objectives of processing your personal data for each particular scenario, referencing the applicable legal grounds:
Personal Data GroupsWe process different types of personal information, which we group as follows:
Security of your data in digital channelsWithin the scope of service provision, the Bank is empowered to observe your actions while utilizing its digital platforms, which encompass mobile and internet banking. The objective of this observation is to study and analyze consumer behavior. When utilizing the Bank's electronic platforms, including TBC Mobile and Internet Bank, your device ID, model, brand, name, OS version, and TBC application version may be accessible to programs such as Google Analytics, Xtremepush.com, WVO Facebook Pixel, and Firebase. While using the Mobile Bank, the Bank is authorized to process information about the phone numbers stored in your mobile device and selected by you, aiming to enhance the service. Moreover, these numbers will be used only with your consent and solely for predetermined purposes.
How do we collect your personal data?We collect your personal information from the following sources:
CookiesOn our website, we track user behavior through "cookies" to facilitate the user's experience and enhance the quality of website functionality. "Cookies" are small files stored on the user's computer, tablet, or mobile device during site visits. They persist on the device and are sent to the website when the same address is accessed again. To find out more about how we use "Cookies", please see our cookies policy which is published on our website.
Your rightsYou have the right to receive information about the collection and processing of your personal data, obliging us to provide comprehensive details upon your request. You can request access to your data as well as the transfer of their copies. In accordance with the law, you also possess the right to request blocking, modification, correction, update, completion, addition, transfer, termination of data processing, erasure, or destruction of your data if they are incomplete, inaccurate, outdated, or if their collection and processing were conducted unlawfully. It is important to note that we operate in compliance with the legislation of Georgia. Consequently, there may be limitations on the deletion of personal data. These limitations may arise from anti-money laundering, tax, commercial banking, consumer protection laws, and/or other legal acts.
Information Obtained from Third PartiesIn accordance with the law and within the legally defined boundaries, we retain the right to request and receive your personal data from third parties. This includes credit information bureaus (comprising both positive and negative information stored in their electronic databases) and electronic data from the State Services Development Agency's database and other administrative bodies.
Who do we share your data with?
Personal information about you may be disclosed as mandated by law or to entities involved in delivering the product or service you have chosen. For instance:
Your information may also be shared with member companies of the Bank Group for the purpose of providing services, creating and developing products, and offering. In the event that we use the services of third parties or other providers as part of our core business, we may need to share your personal data with them to perform specific tasks. Services that we may receive from third parties requiring us to share your data may include, but are not limited to, the following areas:
If you use credit products, throughout the entire credit relationship, we are obligated to share your personal data, including payment information, details of closed and overdue loans, with credit information bureaus to fulfill legal obligations. Subsequently, the credit bureau discloses this information to other entities as per applicable legislation. Your personal data may also be shared if there are any structural changes within the Bank in the future. For instance, if the Bank decides to fully or partially divest its assets or undergo a reorganization. Under the outlined circumstances, data will only be transferred to third parties if all legal requirements are met, and these third parties commit to proper data processing and confidentiality. In the event that you decline to share data with third parties in accordance with the applicable legislation, the provision of services to you may be interrupted.
International TransferIf your personal data is transferred internationally, it will be executed in adherence to the regulations set forth by the applicable legislation. Nevertheless, during such transfers, we will exert every effort to ensure that data is transferred securely and with complete confidentiality, fully complying with this Privacy Policy. If you are living in EU/EEA and fall under the definition of a data subject according to the General Data Protection Regulation (GDPR), and if the data is shared outside the European Union and the European Economic Area, the data may be shared under various circumstances, including:
If the applicable legislation lacks appropriate provisions, and/or there is no decision by the European Commission or relevant guarantees, or there are no approved and applicable Binding Corporate Rules of European Commission, the transfer of personal data to a third country or international organization is carried out only in the following cases:
Automated Decision-Making Process (Profiling)Data collected in accordance with the law may undergo processing in an automated decision-making process (profiling). The processing of your data through automated means may be based on your consent, the fulfillment of obligations imposed on us by law, and/or the agreement between us. You possess the right not to be subjected to a decision solely made by automated means, including profiling, that leads to legal or other significant consequences for you, except when the profiling decision:
Processing of Personal Data for Direct Marketing PurposesWe process your personal data for marketing purposes, deeming it necessary to provide you with information about products and offers tailored to your preferences. We process your data to comprehend your preferences and interests, aiming to offer content that aligns with your needs. Your personal data for direct marketing purposes is processed with your explicit consent. You retain the right to contact us at any time and request the termination of data processing for direct marketing purposes. We commit to fulfilling your request within 7 (seven) business days upon receiving such a request. However, it is important to note that you will continue to receive mandatory notices concerning products and services already available to you, including notifications of any changes to such products and/or services.
Retention Period of Your Personal DataWe process and retain your data for the duration mandated by law and to fulfill our obligations.
Withdrawal of ConsentYou have the option to submit a request to withdraw your consent for the processing of personal data, including direct marketing, to the Bank at any time. Consent can only be revoked if the basis for processing your data is your consent. In the event of withdrawing consent, there is a possibility of service interruption, and we may be unable to provide you with an optimal service. If you choose to withdraw your consent for data processing, kindly reach out to us through one of the communication methods specified in this policy.
Privacy Policy ChangesThis document undergoes periodic updates by the Bank. Modifications to the document will be implemented by publishing them on the Bank's website, and it is advisable to regularly review these changes. Personal notification of alterations will only be provided if required by applicable law.
How to Contact UsIf you wish to exercise your rights as granted by legislation and this document, you can visit any branch of the Bank, reach out to us via Internet and/or Mobile Banking, or correspond with us via the email address provided below. For matters concerning personal data, you may also get in touch with the Personal Data Protection Officer - Ani Getiashvili, using the following channels: privacycommittee@tbcbank.com.ge. When reaching out to the Data Protection Officer, please include your contact information. You can also engage with our consultant through the online chat. Feel free to contact us at any time, any day of the week, and any part of the day, using the following phone number: + (995 32) 227 27 27. You can personally visit any of our branches during regular business hours. If you are in the EEA and have questions about your personal data or would like to request to access, update, or delete it, you may contact our representative at: Bird & Bird GDPR Representative Services SRL Avenue Louise 235, 1050 Bruxelles, Belgium EUrepresentative.TBCBank@twobirds.com Main contact person: Vincent Rezuk-Hamachi Bird & Bird GDPR Representative Services UK United Kingdom, London, EC4A 1JP, 12 New Feather Lane UKrepresentative.TBCBank@twobirds.com |
|