1. What Data Do We Collect for the Identification/Authentication of NeoBT Users?
In order for you to use Neo BT, according to the provisions applicable in the field of payment services and because we have the legitimate interest to prevent fraud, we need to check your identity and identify you as an authorized user of this service, respectively. This identification is made based on the NeoBT login ID (hereinafter referred to as the “user ID”) and a password. The password required for the first login is the one sent via SMS to the phone number you declared to the bank. We shall send unique codes (SMS-OTP, one time password) to this phone number for each login, as well as for some transactions, along with messages about the transaction.
If you use the mobile version of NeoBT and log into the app with biometric data (e.g. fingerprint, face-ID), please note that BT does not have access to this information, which is stored in the device you are using. BT is only informed whether or not the authentication method has been validated by the device you are using.
2. What Data Do We Collect for the Security of NeoBT?
In order to protect your login data, transaction data and other information available in NeoBT, we have the legitimate interest to collect and use the IP address(es) of the devices you use to log into NeoBT and, if you use the mobile application, also: the device identification (device ID) on which you install the app, the device model, the type and version of their operating system, including their history (e.g. the add/delete date).
Likewise, when launching the NeoBT mobile app, we use a tool that scans the list of apps on the mobile device you are using for the login, in order to check for malware, including apps that enable remote access. If malware is identified, an alert is sent to the bank and, depending on the situation, the transaction will be processed, or you will be contacted to determine the terms of processing.
We process these data to protect the information in NeoBT. If you refuse their processing, you will not be able to use NeoBT.
Optionally, you can also upload a profile photo in NeoBT. If you choose to upload it, we shall process the image for added protection of your data in NeoBT.
3. What Data Do We Process in the Use of NeoBT?
To provide you with the NeoBT service that contracted from BT, and given our legitimate interest or, as the case may be, the consent of the users to send them messages related to this service, we use:
3.1 Data Related to Accounts, Cards and Transactions
When you use different functionalities of NeoBT we shall process data related to: name, banking accounts (of the customer who contracted NeoBT and of the payment beneficiaries), the cards attached to the accounts opened with BT, transaction ordered via the accounts (payments/ collections), as well as information classified as personal data of the customer who has contracted NeoBT, of the NeoBT user who uses this service and/or of other persons (such as payment beneficiaries, persons whose data you enter in the NeoBT fields for specific payments, e.g. prepay card charging, payments of road tax vignettes and utilities), data entered in the fields dedicated to transaction descriptions, in the ones used to add predefined beneficiaries, in the messages sent via the secured messaging of NeoBT.
To provide the Beneficiary Name Display Service (BNDS) for the purpose of fraud prevention in the case of interbank payments initiated from payment/internet banking applications, your personal data are processed as detailed in the Privacy Notice on the Processing of Personal Data within the Beneficiary Name Display Service (BNDS) which you can find at the following address: https://en.bancatransilvania.ro/nota-de-informare-sanb.
For the prevention of fraud in the case of intrabank payments initiated from its own payment/internet banking applications, BT processes - as an independent controller - the same categories of personal data that are also used within the BNDS, but without the involvement of other participating banks and without the involvement of Transfond. The grounds for the processing of your data are BT's legitimate interest to prevent fraud in the case of intra-bank (BT-BT) payments. Your full first name (one or more, as appropriate) and the initial of your surname registered with BT shall be displayed to other BT customers who initiate a payment to your BT account from one of the bank’s applications, whether or not the payment is completed.
If you use the open banking functionality, BT shall also have access to the following information which is, where applicable, personal data belonging to you or to other persons to/from whom you have transferred/received amounts through the accounts with the financial institutions where the accounts you are integrating into Neo BT are opened: balance of the selected non-BT accounts, IBANs of these accounts, transaction history of the selected payment accounts, including the following details: transaction date, transaction amount, transaction details (transaction details and transaction authorization code, person from whom amounts have been collected on that account or person to whom amounts have been transferred from that account, respectively).
3.2 Contact details
If you use the SMS-OTP login method, we shall use your phone number to send you messages about the transactions initiated via NeoBT, including codes based on which you will approve the transactions (if applicable).
We may use your phone number or email address to inform you/request additional information about the transactions you initiate from NeoBT or to prevent fraud attempts (e.g. phishing).
We shall also use the inbox of the secured messaging service to send you different informative messages regarding BT and/or the bank’s products and services (e.g. messages about the amendment of the general terms and conditions, of privacy policies, working hours of the bank’s units or possible malfunctions of the bank’s systems, non-banking working days, etc.) or advertising messages, if you have consented to this via the dedicated form (e.g. via NEO Radar).
If you submit different requests via NeoBT, such as requests for the issue of a card or debt instrument, or if you contract certain BT services available via NeoBT (e.g. SMS Alert, deposits, Mobile Banking, card-free cash withdrawals, etc.) we shall use your phone number in order to inform you when the services are activated, or, as applicable, when the products arrive in the BT unit you have selected to pick them up from.
For the transmission of documents such as bank statements, proofs of payment, CIP queries or vignettes, we shall process the e-mail address entered in the dedicated field. The e-mail address may be your own or that of a third party. BT shall not held liable if you provide incorrect addresses, which may lead to the disclosure of the data contained in such documents to unauthorized persons, nor for the case where the persons to whom you have chosen to send these documents are disturbed by the receipt of the message (they consider they should not have received it).
3.3 Profile Determined Based on the Payment Behavior via NEO Radar
The NEO Radar functionality in NeoBT, analyzes the user’s payment behavior and creates a user profile through exclusively automated means. To created such a profile, the application uses the data related to the transactions carried out in the past 8 months via the BT accounts and cards, such as: the amount, the accounts and/or the cards used for these transactions, the payment beneficiary (for transactions at retailers, including the type, name and venue of the retailer, if such information is available. This information is aggregated, segmented, combined and analyzed. The profile based on the user's payment behavior is created and used for analysis and financial education purposes and - only subject to the user’s consent, for advertising (marketing) purposes, as well, according to the following details:
- for analysis and the user’s financial education
The processing of personal data for profiling purposes based on the payment behavior and for the issuing of alerts/notices based on this profile is justified by the legitimate interest of the bank to notify NeoBT users about aspects related to the transactions carried out through the accounts or about the products/services held with BT and to raise awareness of the use of financial resources.
Examples: If BT notices that there are two payments in the same amount, at the same date and to the same merchant, it will send an alert via NEO Radar about a possible double payment so that the user can investigate the situation; if the user makes a larger payment at a merchant where the user does not usually shop, they may be notified about this; if the user used to make a payment around the same date of the month to a certain payee in the recent months, NEO Radar determines the probability of making a payment to the same payee and notifies the user in this regard. Likewise, users may receive notices about differences between transactions from the previous month and the current month, such as increases or decreases in transaction amounts, etc.
This section of the NEO Radar functionality is enabled by default in NeoBT, but the user can disable it at any time (or re-enable it later if desired).
If you do not want your personal data to be processed for analysis and financial education purposes through NEO Radar, you can deactivate this functionality in the NEO Radar section, by moving/sliding the button in this section to "off", thus expressing your opposition to the creation and use of the profile based on payment behavior for analysis and financial education purposes.
Disabling this section of NEO Radar does not prevent the user from using the remaining functionalities available in NeoBT.
- for advertising (marketing) purposes
If the user agrees/consents, the profile based on the payment behavior shall also be made/used for advertising (marketing) purposes, to send messages in NEO Radar with information about BT services already contracted/used or with customized recommendations about other BT products and services.
This section of the NEO Radar functionality is disabled by default. The user can consent to its activation by moving/sliding the button in this section to "on".
Once this section is activated, it can be deactivated at any time by sliding the button to the "off" position, which is equivalent to the withdrawal of the consent for the creation/use of the profile based on payment behavior for advertising purposes.
Not enabling this section of NEO Radar does not prevent the user from using the remaining functionalities available in NeoBT.
Notices related to both sections of the NEO Radar functionality shall only be received by the user, to use if and how they wish. BT does not make any decisions determined by the profiling based on the payment behavior, nor does it have access to customized alerts, but only to the number and type of alerts a particular user has received in a given period.
3.4 Photo Camera or Geolocation
If you wish to use functionalities of the mobile NeoBT version, which require access to the device camera (e.g. barcode scan for invoice payments) or to the geolocation (e.g. to display the nearest BT ATMs or BT units), you shall be asked whether you want to allow such access or not. If you decline the access you shall not be able to use that functionality.
3.5 Use of Cookies in NeoBT
NeoBT uses cookies as detailed in the NeoBT Cookie Policy. Cookies strictly necessary for the operation of NeoBT can be placed on the user’s device without their consent. Other types of cookies shall only be placed if/when the user has given his/her consent.
3.6. Recording and Viewing Choices about the Processing of Personal Data for Marketing Purposes
In Neo BT you can express your choices about the processing of your personal data for marketing purposes (consent or refusal, as appropriate), and view the marketing choices you have previously made with BT regarding the processing of your data for this purpose. Details about such processing are available in section C(12) of BT’s Privacy Policy.
4.To Whom May We Disclose the Data Resulting from the Use of NeoBT?
- other Customers who have the right and the need to know them
a. Neo BT users (all NeoBT users are BT customers)
If you have granted NeoBT user rights to other people for all or some of the BT accounts, we shall disclose to them - within Neo BT - the banking data (accounts, transactions, account and transaction identifiers, etc.) related to the accounts you have granted them NeoBT user rights.
b. BT customers to whom you order payments from NeoBT
When you order transactions via NeoBT to the accounts of other BT customers, the related data (usually the first and last name, the amount, IBAN of the BT account, payment description) shall be accessible to the beneficiaries of the payment that you have ordered.
- contractual partners (service providers) used in BT's business
NeoBT allows for the purchase of certain goods and services from the bank’s contractual partners. If you use these functionalities, the data required for the purchase/activation of these services are disclosed to these partners who are also BT customers.
Likewise, your data processed in NeoBT can be accessed, on a need-to-know basis and only subject to adequate personal data protection safeguards, by the Bank’s contractual partners that assist us in the provision of the Internet/Mobile Banking service.
The list of recipients above is supplemented by the one in the General Privacy Notice On the Processing and Protection of Personal Data Belonging to BT Customers, section VIII.
Carduri de cumpărături
Carduri în lei
Cardul pentru tineri
