Last Updated: September 06, 2023.

Privacy Rules delineate the regulations and procedures that UniCredit Bank Serbia a.d. Belgrade applies when collecting, processing, and disclosing user data of the mBiznis mobile banking application (business entities, entrepreneurs) and outlines the means of ensuring privacy and data protection rights in accordance with the law..

By using the mobile banking application for business entities (mBiznis), you consent to the collection and utilization of data in accordance with these Privacy Rules.

In accordance with the Law on Personal Data Protection ("Official Gazette of RS" No. 87/2018) and UniCredit Group standards in the field of personal data protection, we hereby provide you with the following information regarding the processing of your personal data when you, as the data subject (applicable to business entities organized as entrepreneurs), use the mobile banking application for business entities (mBiznis) of UniCredit Bank.

Data Controller for Personal Data

The data controller for personal data is UniCredit Bank Serbia a.d. Belgrade, located at Rajićeva Street No. 27-29, company registration number 17324918 (hereinafter referred to as "the Bank").

Appointed Data Protection Officer (DPO)

In line with the implementation of personal data protection standards as prescribed by the Law on Personal Data Protection and UniCredit Group rules, the Bank has appointed a Data Protection Officer whom you may contact for all inquiries and requests related to the processing of your personal data at the following addresses:

Email: dpo@unicreditgroup.rsAddress: Jurija Gagarina 12, 11070 Novi Beograd

Purpose of Processing and Legal Basis for Processing

The Bank processes personal data based on legal requirements, the execution of contracts concluded with the data subjects, and, in certain cases, with the data subject's consent.

Your personal data are used for the purpose of executing services within the mBiznis application and for enhancing the application's performance. The Bank, in order to provide payment and other services (currency exchange) through the use of the mBiznis application, must have access to the data of the client using the application. According to the Law on Personal Data Protection, these data are considered personal data, and according to banking laws, they are treated as business (banking) secrets. As stated in these Privacy Rules, the data are used for the purpose of executing Bank services (payment and other services) and for improving application performance.

By using the mobile banking application for business entities (mBiznis), you consent to the collection and processing of data in accordance with these Privacy Rules.

Categories of Personal Data Processed

While using the mBiznis application, we will collect contact information from you, which is used for contacting you or identifying you as a user. Personal data falling into this category include, but are not limited to: email address, phone number, and data regarding application usage.

Usage Data

Usage data is automatically collected when using the mobile banking application for business entities (mBiznis).

Usage data may include information such as your device's Internet Protocol address (e.g., IP address), type of internet browser and its version, information about the pages within the mobile banking application (mBiznis) that the user visits, date and time of the visit, time spent on those pages, unique device identifiers, and other diagnostic data.

By accessing and using the mobile banking application for business entities (mBiznis) via a mobile device, we may automatically collect certain data related to you, including but not limited to:

• The type of mobile device you use,
• The unique ID of your mobile device (MAC address), IP address of your mobile device,
• The operating system of your mobile device, the type of mobile internet browser you use on your device,
• Unique device identifiers, other diagnostic data, and the location of the device (only with the user's permission).

We may also collect data that your browser sends when you visit our mobile banking application for business entities (mBiznis).

Use of Personal Data

The Bank may use your personal data as a user of the mobile banking application for business entities (mBiznis) for the following purposes:

• Managing your account: To manage your registration as a user of the mobile banking application for business entities (mBiznis). The data you provide may enable you to access various functionalities available to registered users.
• Execution of contracts you have concluded with the Bank, primarily in the field of payment services-payment transactions as well as currency exchange and other services.
• Contact through communication channels that you have approved for contact with the Bank, such as email, phone calls, SMS, or via push notifications of the mobile application when necessary or reasonable for their implementation.
• Sending news, special offers, and general information about the Bank's products and services, information about the mobile banking application, and other information related to products and services that you have already contracted with the Bank, through the chosen communication channel for delivering such information, exclusively if you have given consent to receive such messages.
• Managing your requests: Review, access, and management of your requests to the Bank.
• Other purposes, e.g., for improving the performance of our mobile banking application (mBiznis).

Recipients of Personal Data

The Bank has the right to transmit personal data related to you, as well as other data considered banking secrets, as well as data on obligations under contracts concluded between the Bank and the data subject, their settlement, and adherence to contractual provisions, to:

• Employees and engaged persons in the Bank (who, according to the nature of their work, must have access to such data to fulfill contractual and legal obligations, as well as the legitimate interests of the Bank and third parties), members of the Bank's bodies, and Bank shareholders;
• Members of the UniCredit Group, whose updated list can be found on the following website: https://www.unicreditgroup.eu/consent;
• Competent regulatory authorities and organizations (National Bank of Serbia, Securities Commission, Administration for the Prevention of Money Laundering, tax, judicial, and other bodies, e.g., public bailiffs, external auditor of the Bank, and others, who, due to the nature of their work, must have access to such data, as well as other organizations, e.g., the Forum for the Prevention of Abuses in Credit Transactions at the Serbian Chamber of Commerce);
• Public information systems-e.g., the Unique Register of Accounts of natural or legal persons at the National Bank of Serbia, information systems of the Association of Banks of Serbia (e.g., Credit Bureau), the Business Registers Agency, the Cadastre of Real Estate;

In certain cases, depending on the business relationship and specific third parties with whom the Bank has concluded an agreement regulating the handling of confidential data, and whose up-to-date and complete list can be found on the Bank's website https://www.unicreditbank.rs in the "Personal Data Protection" section. Personal data may be transferred from the Republic of Serbia to other countries or international organizations only in accordance with the rules of applicable regulations.

Retention Period for Personal Data

The Bank will process personal data collected for the purpose of fulfilling rights and obligations from the business relationship for as long as the Bank's business relationship with the data subject exists unless the Bank is obligated to retain the data even after the termination of the business cooperation with the data subject, based on the law (e.g., the Law on Prevention of Money Laundering and Terrorism Financing prescribes the obligation to retain data and documentation related to the client

The Security of Your Personal Data

The security of your personal data is of paramount importance to us. However, please be aware that no method of transmission over the Internet or electronic data storage is entirely secure. The Bank implements a series of technical, personnel, and organizational protective measures to ensure an appropriate level of security in the processing of your data, in accordance with the Law on Personal Data Protection.

The Bank will take all necessary steps to ensure that your data is handled securely and in compliance with applicable legal regulations and these Privacy Rules. The Bank will not transmit your data unless appropriate controls, including data security and a clearly defined purpose for processing, are in place.

To enhance the security of your personal and financial data and prevent potential misuse, the Bank recommends enabling the maximum level of security and protection against access by third parties on the mobile phone where the mobile banking application (mBiznis) is used.

Rights of Data Subjects Regarding Personal Data Processing

Data subjects have the right to access personal data processed by the Bank.

In cases provided for by regulations in the field of personal data protection, data subjects have the right to request corrections, amendments, deletions of data, as well as the right to object to and restrict processing. Data subjects, under the conditions specified by regulations in the field of personal data protection, have the right to data portability, meaning the right to receive the data they have previously provided to the Bank from the Bank for transmission to another data controller, and the right to have their data directly transmitted from the Bank to another data controller, provided it is technically feasible and meets the necessary standards of data security, as assessed by the Bank.

Changes to These Privacy Rules

Updates or changes to these Privacy Rules will be subject to special notifications to the signatories in accordance with defined methods and approved communication channels. We will inform you of all changes by publishing the new Privacy Rules on this page.

The new version of the Privacy Rules will be available to all users within the mobile banking application for business entities (mBiznis) at the same location as the previous version.

We advise you to periodically review these Privacy Rules for any changes. Changes to these Privacy Rules take effect at the time of publication.

Contact Us

If you have any questions regarding these Privacy Rules, you can contact us through the following channels:

• Via email: kontakt@unicreditbank.rs
• By visiting our website: https://www.unicreditbank.rs/rs/pi/kontakt/kontakt.html
• By phone: 011/3 777 888

Our Bank staff are at your disposal at all Bank branches, and you can also contact our Data Protection Officer in writing at the address: Jurija Gagarina 12, 11070 Novi Beograd, or via email:  dpo@unicreditgroup.rs.