UniCredit Logo
Web
Chat
Back to top

mBanking Privacy policy

Last update: 01.07.2021.

 

In accordance with the Law on Personal Data Protection ("Official Gazette of RS", No. 87/2018) and the standards of the UniCredit Group in the field of personal data protection, and in relation with the processing of your personal data when you as a Data subject use the UniCredit Bank's application for mobile banking (mBanking expert) we hereby are informing you of the following information:

Personal data Controller

The Controller of personal data is UniCredit Bank Srbija a.d. Belgrade, st. Rajićeva br. 27-29, registration number 17324918 (hereinafter: the Bank).

Personal Data Protection Officer (DPO)

Within the implementation of the personal data protection standard imposed by Law on Data Protection and UniCredit Group, the Bank has appointed a Data Protection Officer to whom you may address any questions and requests related to your personal data at:

Email: dpo@unicreditgroup.rs

Mail: Jurija Gagarina 12, 11070 Novi Beograd
 

Purpose of processing and legal basis of processing

The Bank processes personal data based on the law, execution of the contract concluded with the Data Subject and in certain cases on the Data Subject’s consent.

We use your personal data for the purpose of implementing services within the mBanking Expert application (mBanking) as well as to improve the performance of that application. In order to provide payment and other services (currency exchange operations) through the use of the mBanking application, the bank must have access to the data of the client who uses the application. In terms of the Law on Personal Data Protection, these data are considered personal data, and in terms of the Law on Banks, they are considered business (banking) secrets. As stated in these Privacy Policy, the data is used for the purpose of providing the Bank's services (payment and other services) as well as to improve the performance of the application.

By using the mobile banking application (mBanking), you agree to the collection and processing of data in accordance with these Privacy Policy.

Categories of personal data being processed

While using the mBanking application, we will collect contact information from you, which is used for contacting or identifying you as a user. Personal information that belongs to this group includes, but is not limited to: email address, phone number, information about the use of the application, etc.

Application usage data

Usage data is collected automatically when using the mobile banking application (mBanking).

Usage data may include information such as your device's Internet protocol address (eg IP address), browser type and browser version, information about the pages within the mobile banking application (mBanking) that the user is visiting, date and time of visit, retention time on these pages, unique device identifiers and other diagnostic information.

By accessing and using the Mobile Banking Application (mBanking) via a mobile device, we may automatically collect certain information relating to you, including but not limited to:

  • type of mobile device you are using,
  • unique ID of your mobile device (MAC address), IP address of your mobile device,
  • operating system of your mobile device, the type of mobile Internet browser you use on the device,
  • unique device identifiers, other diagnostic data, device location (only with the given user's permission).

We may also collect information sent by your browser when you visit our mobile banking application (mBanking) or when you access the mobile banking application.

How to use personal data

The Bank can use your personal data (as a user of the mBanking application) for:

  • account management: to manage your registration as a user of the mobile banking application (mBanking). The information you provide may allow you to access various functionalities of the application that are available to you as a registered user.
  • execution of contracts you have concluded with the bank, primarily in the field of payment services - payment transactions as well as currency exchange operations and other services.
  • contacting through communication channels that you have approved for contact with the bank such as email, phone calls, SMS, or through push notifications of the mobile application when necessary or reasonable for their usage.
  • forwarding news, special offers and general information about the Bank's products and services, information on the mobile banking application and other information related to the products and services you have already contracted with the Bank, through the selected communication channel for providing such information only if you have given your consent to receive such messages.
  • management of your claims: review, access and management of your claims against the Bank.
  • other purposes: e.g. to improve the performance of our mobile banking application (mBanking).

Recipients of personal data

The Bank has the right to transmit personal data related to you, as well as other data considered banking secrets, as well as data on obligations under contracts concluded between the Bank and the data subject, their settlement, and adherence to contractual provisions, to:

  • Employees and engaged persons in the Bank (who, according to the nature of their work, must have access to such data to fulfill contractual and legal obligations, as well as the legitimate interests of the Bank and third parties), members of the Bank's bodies, and Bank shareholders;
  • Members of the UniCredit Group, whose updated list can be found on the following website: https://www.unicreditgroup.eu/consent;
  • Competent regulatory authorities and organizations (National Bank of Serbia, Securities Commission, Administration for the Prevention of Money Laundering, tax, judicial, and other bodies, e.g., public bailiffs, external auditor of the Bank, and others, who, due to the nature of their work, must have access to such data, as well as other organizations, e.g., the Forum for the Prevention of Abuses in Credit Transactions at the Serbian Chamber of Commerce);
  • Public information systems-e.g., the Unique Register of Accounts of natural or legal persons at the National Bank of Serbia, information systems of the Association of Banks of Serbia (e.g., Credit Bureau), the Business Registers Agency, the Cadastre of Real Estate;

In certain cases, depending on the business relationship and specific third parties with whom the Bank has concluded an agreement regulating the handling of confidential data, and whose up-to-date and complete list can be found on the Bank's website https://www.unicreditbank.rs in the "Personal Data Protection" section. Personal data may be transferred from the Republic of Serbia to other countries or international organizations only in accordance with the rules of applicable regulations.

Personal data retention period

The Bank will process personal data collected for the purpose of execution of rights and obligations from the business relationship until the business relationship between the Bank and the Data Subject is valid except in cases when the Bank is obliged to keep the data even after the business relationship with the Data Subject is ended, based on the law (e.g. Law on Prevention of Money Laundering and the Financing of Terrorism which prescribes the obligation to keep the data and documentation in relation to a customer, for at least 10 years from the date of termination of the business relationship, execution of a transaction, and similar), Data Subject consent or legitimate interest (e.g. in case of legal dispute of the Data Subject with the Bank).

The personal data being processed only based on Data Subject consent are being processed in accordance with the purpose they have been collected for, i.e. until the Data Subject withdraws his/her consent.

Security of your personal information

The security of your data is important to us, but keep in mind that no method of transmission over the Internet or method of electronic transmission and storage of data is absolutely secure. The Bank implements a number of technical, personnel and organizational protection measures in order to ensure an appropriate level of security in the processing of your data, in accordance with the Law on Personal Data Protection.

The Bank will take all necessary steps to ensure that your data is handled safely and in accordance with applicable law and this Privacy Policy and will not transfer your data unless there are appropriate controls, including the security of your data and a clearly defined reason for processing.

In order to increase the security of your personal and financial data as well as to prevent possible misuse, the Bank's recommendation is to enable the maximum level of security and protection from access by others on a mobile phone using the mobile banking application (mBanking).

Privacy of minors

The Bank does not have a regular business need to collect and process data of minors, unless, in accordance with applicable family law regulations, those persons acquire legal capacity before reaching the age of majority and establish a business relationship with the Bank or the same business relationship is established by with their legal guardians in their name and for their account. If we determine that we have collected data from minors without the consent of a parent or legal guardian (and in the event that minors do not have the legal capacity necessary to establish an legal contracted relation with the Bank), those data are removed from our system.

Rights of the Data Subject in connection with the processing of personal data

The data subject has the right to access personal data processed by the Bank.

In cases provided by the regulations in the domain of personal data protection, the data subject has the right to request correction, supplementation, deletion of data, as well as the right to object and limit the processing. The data subject, under the conditions determined by the regulations in the domain of personal data protection, has the right to the portability of personal data, ie the right to receive data previously submitted to the Bank from it for transfer to another controller, as well as the right to they shall be transmitted directly to another controller by the Bank, if this is technically feasible and if, in accordance with the Bank's assessment, the required standard of security of personal data transmission has been provided.

The right to complain to the competent authority

The data subject has the right to submit a complaint to the competent authority (Commissioner for Information of Public Importance and Personal Data Protection) on the processing of personal data relating to him / her to the e-mail address: office@poverenik.rs

Changes to this Privacy Policy

Updates or changes to these Privacy Policy will be subject to special notifications to the signatories in accordance with the defined manner and approved communication channels. We will notify you of any changes by posting the new Privacy Policy on this page.

The new version of the Privacy Policy will be available to all its users within the mobile banking application (mBanking) in the same location as the previous version. Notices of changes to the Privacy Policy will be provided to users in accordance with the authority given for this type of notice.

We encourage you to periodically review these Privacy Policy for any changes. Amendments to this Privacy Policy are effective upon posting.

Contact us

If you have any questions regarding this Privacy Policy, you may contact us:

  • By e-mail: kontakt@unicreditbank.rs
  • By visiting our website: https://www.unicreditbank.rs/rs/pi/kontakt/kontakt.html
  • Telephone number: 011/3 777 888

The Bank's employees are at your disposal in all branches of the Bank and the Personal Data Protection Officer can be contacted in writing at the address: Jurija Gagarina 12, 11070 New Belgrade or via e-mail: dpo@unicreditgroup.rs

For more detailed information on how the Bank processes personal data, please visit link.

Spinning wheel animation

Loading

UniCredit Logo