Data Protection Policy
OTP Bank Plc., as the leading financial institution in Hungary, is committed to developing, operating and applying such a regulatory, executive and control system which ensures the safekeeping and protection of bank secrets, securities secrets as well as personal data in accordance with the criteria specified in relevant legal acts and its fundamental business interests.
The personal data processed by OTP Bank Plc. include in particular data required for identifying and liaising with customers, data required for the provision of a given service and/or data generated and processed in the course of the provision of the given service (including data related to claim enforcement), conclusions drawn, data derived from data processed by means of analysis, the data of the communication – performed on any communication channel – between OTP Bank Plc. and the data subject, certain data of the individual devices used for accessing the services provided by OTP Bank Plc. by the data subject and – if relevant – publicly accessible data.
OTP Bank Plc. treats all data, facts, information, solutions relating to its customers’ persons, data, financial situation, business activity, management, ownership and business relations, the balance and turnover on customers’ accounts it holds.
The legal framework for the protection of personal data is determined by the EU’s General Data Protection Regulation, the Act on the Right of Informational Self-Determination and on Freedom of Information, the Act on Credit Institutions and Financial Enterprises, the Act on Investment Firms and Commodity Dealers, and on the Regulations Governing their Activities, the Act on the Capital Market, other National legal acts governing the Bank’s activity and the EU’s compulsory legal acts.
When processing personal data, the Bank respects the principles of data protection. Accordingly, it ensures
- that personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject;
- that personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- that personal data processed shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- that personal data processed shall be accurate and, where necessary, kept up to date and it takes every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified;
- that personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- that personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The detailed rules of data processing are contained in OTP Bank Plc.’s General Business Rules, in the business rules relating to certain business services (including ancillary business services) and investment services (including ancillary investment services) of business divisions as well as the related information brochures on data processing, available on the following links:
- General Business Rules and the related General Information Brochure on Data Processing
- business rules of the business divisions and the related information brochures on data processing.
These documents contain details on the following:
- data subjects concerned by the given services of OTP Bank Plc. (customers, potentioal customers and other data subjects concerned);
- data kept in records of data subjects in relation to the given service;
- purpose(s) of data processing;
- legal ground(s) for data processing;
- retention period of data processed;
- cases where personal data is processed using the automated decision-making method and used for profiling by OTP Bank Plc.;
- the recipients of the transfer of the personal data processed and the legal ground for data transfer;
- data processors used during the data processing;
- the rights data subjects are granted, thus, in particular, that – according to Articles 12-21 of the General Data Protection Regulation – the data subject has the right to request from OTP Bank Plc., as data controller, access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability.
Data subjects may
request written information with regard to the processing of their personal
data and may submit their requests and complaints as well at the following
OTP Bank Nyrt., 1051 Budapest, Nádor utca 16.
OTP Bank Nyrt., 1876 Budapest
E-mail address: email@example.com
Phone number: (+36 1/20/30/70) 3 666 666
subjects may submit their written comments in respect of data processing to OTP
Bank Plc.’s data protection officer as well:
1131 Budapest, Babér u. 9.
Further, the data subject may as well submit a complaint at the Hungarian National Authority for Data Protection and Freedom of Information (http://naih.hu/; 1055 Budapest, Falk Miksa utca 9-11.; Postal address: 1363 Budapest, Pf.: 9.; Phone: +36-1-391-1400; Fax: +36-1-391-1410; E-mail: firstname.lastname@example.org).
OTP Bank Plc. treats all data transferred to it over the Internet using the same level of protection as if they were transferred to it using any other channel.