PRIVACY POLICY OF CAPITAL BANK
This policy explains the types of information we may collect and retain when visiting the website or some of the Bank's other web-based services, as well as how that information is used and with whom the data is shared. It also sets out how you can contact us if you have questions or concerns about this information.
Capital Bank AD Skopje, in its capacity as a controller, in accordance with the Law on the Personal Data Protection, informs its customers about the way in which personal data is processed when visiting:
- the Bank's official website
- the electronic banking page
- mobile banking applications on IOS and Android platforms
- the credit application page or when using any of the other services offered by the Bank.
Above all, taking care of customers and their privacy is a priority in Capital Bank.
1. Data types processed by the Bank
The bank can process the following types of personal data:
- Identification data – (name, father's name, gender, ID number, unique identification number, date and place of birth and other demographic data).
- Communication data – (address and e-mail, contact telephone number).
- Data relating to the default status of the customer on his financial obligations, such as terminations of loan and credit agreements, payment orders, claims and resolution decisions and bankruptcy.
- Data obtained from the execution of the customer's contracts with the Bank and the use of the products provided to him.
- Data on the economic, family and property situation - (profession, marital status, earnings and other documentation).
- Data obtained from payment transactions and payment services.
- Data on the creditworthiness and exposure of the customer with the previously obtained consent for MKB statement.
- Data related to the user's identifiers and his transactional behavior provided by devices or applications (provided through log entries) that he uses, such as IP address or other data provided by devices used by the customer such as location identifiers and cookies used by the controller, in combination with specific identifiers, can be used to identify the customer.
The type and number of data collected by the Controller-Bank depends on the type of service and products used by customers.
2. Basis for processing personal data by the Bank
The bank processes personal data in a manner that is consistent with the purpose for which they were collected after the prior free consent given by the customers. The processing is carried out in order to provide you with the requested service or product during the performance of banking and financial services necessary for the realization of contractual obligations with customers, all necessary activities necessary for the operation and administration of institutions responsible for credit and financial services, as well as enabling access to customers to certain information or offers.
3. How do we collect personal data from customers
The bank collects personal data through several different channels, namely:
- through our email address: info@capitalbank.com.mk
- through your use of our website, mobile applications including here the application forms for the products you need;
- by mail;
- from other controllers via the Internet or a private electronic communication connection;
- through video surveillance.
4. Use of "Cookies"
The bank uses technologies that are widespread in the industry to collect information about the use of our website and other faith-based services, known as "cookies".
For example, these technologies tell us which users have clicked on important elements (such as links or graphics) of the website or other web-based services and to recognize the browser the next time you visit our website. The use of these technologies is done exclusively in order to improve the user experience and functionality of the Bank's portal and the Internet Bank site.
By using our website in accordance with the "COOKIES Policy" that the controller publicly and transparently publishes on its website and can be found at the following link, you agree, that is, you accept the provisions of our Privacy Policy. If you do not agree with it, please do not use our website.
5. Sharing information
The bank does not disclose your personal data to third parties without your consent. Personal data may only be disclosed in accordance with the law.
6. Access to personal data
Access to personal data is provided to:
- The authorized employees of the bank in order to fulfill the contractual obligations arising from the agreements signed between the customers and the bank, as well as the fulfillment of the relevant legal obligations by the bank.
- Natural and legal persons, to whom the bank assigns the performance of certain tasks on its behalf, such as companies that provide services for reporting debtors, lawyers, notaries and bailiffs, service providers related to the development and maintenance of IT applications and databases as well as companies that provide web hosting services. In all cases, the persons mentioned above are obliged to maintain confidentiality and ensure the protection of the processing of personal data in accordance with the Law on Personal Data Protection with all its by-laws, additions and amendments.
- Debt collection companies, as well as entities of the financial sector, including domestic or foreign investment companies, in case of transfer (assignment) of claims arising from credit agreements.
- Supervisory, auditing, independent, judicial, public or other authorities and bodies within the framework of their legal tasks, duties and powers (Public Revenue Office, NBRM, FIO, etc.).
- All banks and institutions for financial services (depository banks, correspondent banks, depending on the agreement, etc.).
Access to personal data is allowed only on the basis of law or on the basis of the express consent of the customer.
7. Transfer of personal data
In accordance with the applicable regulations, the data may be transferred to third parties, based on your order/consent when using the bank's products and services. Your information may also be transferred to other countries. (e.g., when using the e-banking service and performing payment transactions abroad), based on the customer's order/consent provided by law, when using the bank's services.
8. Data storage time
The bank keeps the personal data until the end of the purpose for which they were collected, that is, until the fulfillment of all contractual and legal obligations. The bank has a legal obligation to store data arising from the Law on Banks, the Law on Anti-Money Laundering and Terrorist Financing, the Law on Securities, the Law on Personal Data Protection and all other relevant laws related to financial institutions. The time limits defined in these regulations range from two to ten years depending on the relevant legislation.
If, with the expiration of the above-mentioned period, legal proceedings are conducted with the bank or any related company, in direct or indirect relation with the customer, the data storage period is extended until a final court decision.
If the bank processes personal data for statistical purposes after the expiration of the term for their storage, it (permanently) anonymizes them in a way that the customer cannot be identified.
9. Protection of personal data processing
The bank takes all prescribed technical and organizational measures and applies an information security management system to ensure the confidentiality and security of the procedure for processing the customers' personal data, to prevent unauthorized access and their misuse and to protect them from accidental or illegal destruction, loss, alteration, unauthorized disclosure or access and any other form of unlawful processing. Our security procedures are subject to regular controls and reflect the latest technological developments in this area.
10. Customer's rights to protect personal data
According to the Law on Personal Data Protection, the customer has the right to:
• Information and access
The customer has the right to be accurately informed about how his personal data is collected, the purposes for which it is collected, the source of the data, the method of processing and other information about his personal data processed by the bank.
• Correction or addition of personal data
The customer has the right at any time to request the correction of his incorrect personal data, as well as the right to supplement incomplete personal data, by providing an additional statement. This is also an obligation of the Customer.
• Limiting the processing of personal data
The customer has the right to request the restriction of the processing of his personal data, if one of the following conditions is met:
- the accuracy of the personal data is disputed by the subject of the personal data, for a period that allows the controller to check the accuracy of the personal data;
- the processing is illegal and the customer opposes the deletion of personal data, requesting instead the restriction of their use;
- for the purposes of processing, the controller no longer needs the personal data, but the customer requires them to establish, exercise or defend his legal claims;
- the customer objects to the processing, pending verification whether the legitimate interests of the controller prevail over the interests of the customer.
• Deleting customers´ personal data
The customer has the right to request the deletion of his personal data, for which one of the following conditions must be met:
- personal data are no longer needed for the purposes for which they were collected or processed;
- the customer withdraws the consent on which the processing is based and there is no other legal basis for the processing;
- the customer objects to the processing and has no other legal basis for the processing;
- personal data were illegally processed;
- personal data should be deleted in order to comply with an obligation established by law that applies to the controller;
- personal data were collected for the purpose of providing information society services.
The customer can request that the data he submitted to the Controller - the bank be transferred to another controller. Performing the right to portability does not imply deletion of data from the bank's records. The deletion or removal takes place under the conditions established in the previous paragraph.
- · Objection and automated decision-making
The customer, based on a specific situation related to him, has the right to object to the processing of his personal data, necessary for the performance of matters of public interest, or when the processing is necessary for the purposes of the Bank's legitimate interests, including profiling. If the customer's personal data is processed for direct marketing purposes, the customer has the right to object to the processing related to this type of marketing.
The customer has the right not to be subject to a decision based solely on automated processing, including profiling that causes legal consequences for him or similarly affects him.
This right does not apply if the decision:
- is required for concluding or executing an agreement between the customer and the Bank;
- is permitted by law applicable to the bank or
- is based on the express consent of the customer.
The customer has the right to withdraw the consent for the processing of his personal data, without affecting the legality of the processing that was based on consent before it was withdrawn, when the data processing is carried out on the basis of a given consent for processing.
11. How the customer can exercise his rights
To exercise the rights listed above, the customer can:
• to turn to the bank's management by submitting to the bank's archive a form Request for exercise of rights. The form can be downloaded from the following link, or you can download it from the bank's website in the section "Acts in the area of personal data protection",
• to contact the Bank by e-mail at: info@capitalbank.mk,
The bank will respond to the customer within the appropriate legal term according to the submitted request, and at most thirty (30) days after the submission and receipt of the request. This term can be extended for an additional 2 months, if the bank deems it necessary, taking into account the complexity and number of requests submitted by the customer.
The bank will inform the customer about the extension of the deadline, but not more than thirty (30) days from the receipt of the request and will state the reasons for the extension.
If the bank does not take action in relation to the customer's request, it will notify the customer without delay and at the latest within the stipulated period of thirty (30) days from the receipt of the request, of the reasons for not taking action and of the possibility for the customer to submit a request to the Personal Data Protection Agency, as well as the possibility of using legal protection.
The above information is provided by the Controller-Bank free of charge. However, when the requests from the customer are clearly unfounded or excessive, especially with regard to their repetitive nature, the bank may charge an appropriate fee taking into account the volume, complexity and time required to respond or refuse to respond to the request.
Controller Information:
The personal data controller is:
Capital Bank AD Skopje
Headquarters: Central
Street Nikola Kljusev num.1
1000 Skopje, Republic of North Macedonia
Telephone: +389 2 3102 500;
email: info@capitalbank.com.mk
Officer for Personal Data Protection:
Contact: privacy@capitalbank.com.mk
If you have questions regarding the Privacy Policy of Capital Bank AD Skopje when using: the official website of the Bank, the website for electronic banking, mobile banking applications on IOS and Android platforms and when using any of the services offered by the Bank at our website, please contact us at the address provided.